Keep Working - Remote Resource and Service Access

Issue/Question

  • How can I access OSU services remotely?

Environment

  • Employee, Student or Associate
  • Remote Access

Explanation

University Information and Technology (UIT) facilitates remote access to campus resources and services in a variety of ways. Determining which access method is best for your particular use case can be challenging especially when you add data sensitivity into the mix. We have created the guide below to help you navigate the best access method for each use case.

Access Methods

Direct

Direct web access as usual with standard web encryption. Many OSU services can be directly accessed from remote locations. Typical use cases include: Canvas, myOSU, and Zoom.

Remote Desktop Gateway (RDGW)

RDGW is an encrypted connection between your remote computer and your computer on campus running the Windows operating system. This is the highest-performance way to access a campus Windows computer. This access method can be used for access to confidential data but only if from an OSU issued device at your remote work location. Remember that VPN is not needed to use RDGW and will result in reduced performance. Typical use cases include: connecting to your campus desktop.

KB article: https://oregonstate.teamdynamix.com/TDClient/1935/Portal/KB/ArticleDet?ID=101648

Virtual Desktop Infrastructure (VDI)

VDI certified for confidential data is available via Citrix at apps.oregonstate.edu for users who need to access Banner or other confidential data sources while working remotely. This is a high quality user experience and the most secure and preferred method of remotely accessing these systems. This can be done via OSU issued, or personal devices. Remember that VPN is not needed to use VDI. Typical use cases include: Banner, Hyland OnBase, and Sunapsis.

KB article: https://oregonstate.teamdynamix.com/TDClient/1935/Portal/KB/ArticleDet?ID=67677

Virtual Private Network (VPN)

VPN is an encrypted connection between your remote device and the OSU network. This access method can be used for access to confidential data but only if from an OSU issued device. The VPN is a critical, high value service that should be used when absolutely necessary, and if you are using VPN to connect to an on campus Microsoft desktop use RDGW instead for a higher quality experience. VPN service connects your workstation to the OSU network using your remote network, and you may see slower responses, particularly if the VPN is in high demand. If you need a higher performance option please consider a Virtual Desktop or Remote Desktop option. Typical use cases include: protecting your network traffic on an unsecure network, access to a scientific device, etc

KB article: https://oregonstate.teamdynamix.com/TDClient/1935/Portal/KB/?CategoryID=6889

Access Devices

OSU Issued Device

OSU managed devices are issued by OSU and optimally supported and configured by Community Network or your distributed IT department. These are certified for access to confidential data both on campus and off campus when using an improved connection method.

Personal Device

This is any computer or device you are doing university work on that was not issued or managed by OSU. These devices are not certified for access to confidential data on or off campus with the sole exception of working with confidential-data-certified VDI.

Data Classification

Unrestricted

This data is intended for general use, and can be found on websites, news releases, and in various publications.

Sensitive

Some data, while not as restrictive as confidential, still are by their very nature or regulation private and must not be openly disclosed. There are typically four types of data that fall into this category:

  • Student data
  • Employee data
  • Confidential Donor Information
  • Privileged Attorney-Client Communications and Minutes from Confidential Meetings

Confidential

Confidential information is the most restrictive classification. Four types of data fall into this category:

  • Personal information that could be used in identity theft or exposure of personal health information
  • Research data that a funding agency or other research partner has identified as highly private
  • Financial, legal and other data of a highly confidential nature
  • Specific technical information detailing how we restrict access, or otherwise secure data

Classification Overview: https://uit.oregonstate.edu/ois/data-management-and-classification-overview

Note: Full-tunnel VPN is not currently available, but will be available again in the near future.

I am a...

I have a…

Access

Data Classification

 Notes

Researcher, Grad Student, or OSU Employee accessing my campus desktop to conduct research or conduct work

OSU Issued Device

VPN, RDGW

Confidential, Sensitive, Unrestricted

I can use or access all data classifications. I should use RDGW if possible. RDGW can provide better performance compared to VPN, but can only connect to my Microsoft desktop on campus.

Personal Device

VPN, RDGW

Sensitive, Unrestricted

I can use or access Unrestricted data and Sensitive data is allowed with my supervisor’s approval.

Traveling faculty member, or OSU Employee who wants to be safe on an unfamiliar network

OSU Issued Device

VPN

Confidential, Sensitive, Unrestricted

I can use or access all data classifications. Using the VPN with full tunnel will ensure all my network activity takes place through the OSU network and not through a potentially unsafe connection.

Personal Device

VPN

Sensitive, Unrestricted

I can use or access Unrestricted data and Sensitive data with my supervisor’s approval. Using the VPN with full tunnel will ensure all my network activity takes place through the OSU network and not through a potentially unsafe connection.

Remote Faculty member, or OSU Employee working on/with a system that contains Confidential data

OSU Issued Device

VPN, RDGW,

VDI

Confidential, Sensitive, Unrestricted

I can use or access all data classifications. I should choose RDGW if I have a Microsoft desktop on campus to reduce VPN/VDI load, otherwise, I can use the method I prefer.

Personal Device

VDI

Confidential, Sensitive, Unrestricted

I can use or access all data classifications. This is the only way I can work with Confidential data from my personal device.

Remote Faculty member, or OSU employee working, or collaborating with others, on documents, course work, etc

OSU Issued Device or Personal Device

Direct

Unrestricted

Most of our applications such as Canvas, Zoom, Office 365, etc do not require any special connection to campus and can be done from an OSU issued device or personal device in any location.

 

For assistance, contact the IS Service Desk.

 

Details

Article ID: 103030
Created
Wed 3/25/20 12:17 PM
Modified
Wed 4/1/20 10:31 AM