Title: RASVPN Brown Bag Lunch
1RAS/VPN Brown Bag Lunch Learn Training
- Introduction to Remote Access Service
2Introduction
- Remote Access is part of every private and public
organization. It allows an employee or
consultant access to systems while working away
form their specific office location.
3Agenda
- What is RAS/VPN?
- Why are we migrating to RAS/VPN?
- Who is eligible for RAS/VPN Service?
- When can MTO Employees and MTO Consultants
Migrate? - How Does RAS/VPN Service Work?
- Dial-up
- DSL
- Security
4Overview
- RAS/VPN Migration will address all of the puzzle
pieces. - A comprehensive support model is currently in
development which will address incident and
changes
RAS
PKI
VPN
DSL
Dial
iPASS
310
MPR
Account
5Vocabulary
- Remote Access Service (RAS) is the ability to
access a computer network, applications or
programs from a alternative location outside the
office. - Virtual Private Network (VPN)
- Public Key Infrastructure (PKI) is a structure of
software, people, processes and policies that
employs digital signature and encryption to
establish trust relationships to conduct secure
and confidential communication, transactions and
information exchange. - iPASS Dialer Internet Dial-up Software.
- Digital Subscriber Line (DSL)
- MPR is the primary MTO RAS service provided to
consultants and contractors. - 310 is one of the current MTO RAS services
available today to all MTO OPS Employees. - Account is a username and password assigned to a
specific individual that provides access to a
service.
6What is RAS/VPN Service?
- RAS/VPN Service is access to a network and
associated applications from a location other
than the individuals primary office location. - The RAS/VPN Service provided by Integrated
Network Services to the Government of Ontario
creates a secure encrypted tunnel directly from
the clients workstation to an inbound virtual
private network (VPN) into the MTO Network.
7Why are we Migrating to RAS/VPN?
- The Ministry of Transportation (MTO) is changing
the way OPS and Non-OPS Employees connect to the
MTO Network remotely. - MTO is one of many Clusters integrating their
network services inline wit the Government of
Ontarios Common Infrastructure Strategy. - This strategy is focussed on improving services
to OPS and Non OPS employees while enhancing
security.
8Who is Eligible for RAS/VPN?
- OPS Employees who have MTO issued laptops that
are required to work in a variety of locations
remotely. - OPS Employees who travel frequently and require
access to the MTO network. - OPS Employees who receive authorization for
remote access from their managers. - Non-OPS Employees who work remotely on contracts
for MTO and access MTO applications (CPS, HiCO
MMIS).
9When can MTO Employees and MTO Consultants
Migrate?
- August 13th, 2004 is the Go Live Date for the
MTO Service Desk. Migration to the RAS/VPN
Service will begin August 13 and continue through
until October 8th. - A Pilot of OPS Employees and Non-OPS Employees
will be migrating prior to August 13th to
validate documentation and support processes.
10How Does RAS/VPN Service Work?
- There are two connectivity options for RAS/VPN
Service - Dial-up
- DSL (High Speed)
- Both Connectivity Options will require the VPN
Client Software - The VPN Client Software initiates a VPN tunnel
over the specified connection (dial-up or DSL
public internet connection). This encrypted
tunnel provides the user access into the
Government Network through an authentication
process based on a user name and password
specific to RAS/VPN. The RAS/VPN username and
password utilizes the PKI certificate to
authenticate the user validates that the user is
authorized for access.
11Dial-up RAS/VPN
- The RAS/VPN Service Package provides you with a
dial-up internet connection software (iPASS) and
a secure VPN connection software (Contivity VPN)
that allows you to connect to the Transportation
Cluster Network. - A Dial-up user will need to initiate both the
iPASS Software and the VPN Contivity Software to
achieve the dial-up connection.
12How Do I Connect? (Dial-up)
To Start your connection Click START PROGRAMS
MTO Remote Access Services and select the iPass
Dialer.
13Setting Up a Calling Location
Step 1. From the City drop down menu, select the
closest local city for your dialing area. Step
2. Available local numbers will be displayed in
the Phone Book area. Select the phone number for
your location. Step 3. The selected phone number
will be display in the Connection box.
By default, the iPASS client has been configured
to display all available Ontario-based access
points. To identify available local numbers for
your location, select the nearest local city.
14Setting Up a Long-Distance Calling Location
Step 1 If a local number is not available for
your location, click the Clear button to remove
all location information from the screen. Step
2 Enter Canada in the Country location box. All
available city numbers will be displayed, as well
as an 800 number. Step 3 If no local dialing
number is available, select the 800 phone number
The selected phone number will be display in the
Connection box.
15Connect to iPASS
Step 4 After selecting your location, click
Connect.
16First Time Connection to iPASS
If this is your first time connecting, you will
be prompted for a username and password. Step 5
Enter your MTO RAS Username and Password in the
fields provided
Your computer will now dial into iPASS. You will
see the connection dialogue box.
17iPASS Dial-up Connectivity
- Once the iPASS internet connection is
established, the Contivity VPN client will be
automatically launched. You must enter your VPN
password within 3 minutes of connecting to the
iPASS service or your connection will be lost.
18Connecting to VPN Contivity
Step 6 If this is your first time launching the
VPN client, you must specify the location of your
VPN PKI certificate. Left click on the TOOL icon
to the right of the Certificate section. Select
OPEN and then search for the path of where your
.epf file is stored. Step 7 In the Password
section enter the password for your Go-PKI (WIN)
certificate. This password is case sensitive. If
prompted, select YES to save this information in
your connection session and then click Connect.
19Contivity (continued)
Step 8 You will see a small dialog box as your
logon information is validated. Once connected,
the VPN client will display Corporate Banner
text. Click OK to complete your connection to
the VPN client.
The Contivity VPN icon will appears in your
taskbar. Use this icon by double clicking on the
icon to disconnect or to monitor your connection.
20Disconnecting the Dial-up RAS
The iPASS dial-up internet connection and the
Contivity VPN connection interact automatically
with each other. When you terminate your VPN
connection, the iPASS internet connection will
automatically close.
Step 9 Right clicking the Contivity VPN Client
icon brings up a box that allows you to select
the status window or to disconnect. Step 10
When you choose to disconnect, a dialog box will
appear asking you to confirm your choice. Select
YES to disconnect from the Transportation Cluster
Network.
21DSL RAS/VPN
- The RAS/VPN Service Package also provides an
option for DSL internet connection software
(Access Manager) and a secure VPN connection
software (Contivity VPN) that allows you to
connect to the Transportation Cluster Network. - Access Manager Software will not apply if the DSL
internet connection is supplied by a router
configuration.
Note DSL Option requires manager approval.
22Configuring Contivity VPN Client
Step 1 To Start the VPN client from the Start
Menu Click START PROGRAMS MTO Remote Access
Services and select the VPN Remote Access Client.
23Configuring Contivity VPN Client
Step 2 Left click on the TOOL icon to the right
of the Certificate section. Select OPEN and then
search for the path of where your .epf file is
stored. OR In the Certificate section, enter the
path of where your .epf file (this is your
certificate) is stored Step 3 In the Password
section enter the password for your Go-PKI (WIN)
certificate. This password is case sensitive.
24Connecting to Contivity VPN Client
Step 4 You will see a small dialog box as your
logon takes place and then the Security Banner
will appear and you will click OK
25Connecting to Contivity (continued)
Step 5 Another dialog box appears, telling you
how to disconnect. You may want to check off the
option so this message doesn't reappear. Click
OK.
The Contivity VPN icon now appears in your
taskbar, which is normally located in the lower
right hand corner of the desktop. Use this icon
to disconnect or to monitor your connection. When
network traffic is flowing, the white parts of
the icon turn green!
26Disconnecting Contivity
Step 6 Right clicking the Contivity VPN Client
icon brings up a box that allows you to select
the status window or to disconnect. Why would you
disconnect? It is good practice to disconnect if
you are shutting down or rebooting your system,
otherwise you could get in a "dirty disconnect"
situation upon reconnecting to the VPN. If that
happens you will get a message about exceeding
your maximum allowed connections (1) and it may
take ten minutes to clear itself.
Step 7 When you choose to disconnect you get a
small yes/no dialog box to confirm your choice.
Click Yes
27RAS/VPN Security Awareness
- Some important security tips when utilizing the
RAS/VPN Service - Safe keep your RAS/VPN username and password. Do
not store this information where others can
easily locate it. - Disconnect the RAS/VPN Service whenever you are
going to be away from your computer/laptop for an
extended period of time.
28Summary
- By now, we should understand
- What is RAS/VPN Service?
- Why MTO is migrating to RAS/VPN Service?
- When the OPS and Non-OPS users will be migrating
to the new RAS/VPN Service? - Who is eligible for this RAS/VPN Service?
- How to achieve a dial-up connection using iPASS
and Contivity? - How to disconnect a dial-up connection?
- How to achieve a connect with Contivity when
utilizing a DSL connection? - How to disconnect Contivity?
- Security Tips when using RAS/VPN
29Where to Get More Information
- MTO Service Desk
- RAS/VPN Project Office
- Contact Gulé.Sheikh_at_mto.gov.on.ca
- Quick Reference Brochure
- RAS/VPN Installation Guide
- RAS/VPN User Guide
- Security Tip Sheet