1. Base Modul: RWTH VPN

The IT Center operates a central and high-performance VPN server which is, for reasons of availability, designed to be redundant. Authorized to use the VPN service are all users with a username (format: ab123456) who have this feature activated in their identity management. This means that all students and employees of the RWTH Aachen University are authorized users. The usage of the VPN service requires the download and installation of the Cisco VPN client as well as the corresponding access profiles which are available at the website of the IT Center.

By using the client and the corresponding profile, a strongly encrypted tunnel connection with the RWTH network is established. For the duration of the connection, an RWTH network internal IP address is assigned to the user. Thus, the access to internal RWTH ressources from external locations (e.g. during business trips) is possible. Examples include the usage of RWTH University library resources or hardware and software portals. Activation for the RWTH VPN IP range at institute network level is also quite common. This way, the access to institute internal websites is possible for institute employees who are on business trips or working at home.

2. Base+ Modul: Institute VPN

Institutes often need to restrict internal resources and allow access only to a certain group of users. For this purpose, the IT Center provides VPN as an individual service.

This is implemented through a dedicated Cisco VPN router which can be procured via the IT Center by institutes at their own expense. Depending on the expected number of users and usage profiles, devices of different performance and price levels are available. Usually, the selection of the appropriate device is done after a consultation with the IT Center.

The VPN router is configured individually,  based on customer specifications and the outcome of consultation done by the IT Center.
Configurations on the size of the address range, installation of access profiles or additional data package settings for further access restriction in the institute network are some examples of customer based specifications.
The device usually runs in the institute's premises and the installation can be carried out by either the IT Center or the customer. By default, the VPN routers are centrally monitored by the IT Center.

The administration of the VPN service users is carried out by the institute through the Selfservice. The institute designates an authorized contact person whom the IT Center registers as the admin.
The admin receives a link to a portal operated by the IT Center, where they can manage the VPN users. A quick guide on how to manage the users is also provided.

Connecting an entire external network to an institute LAN via VPN tunnel is a special case. This can also be configured with the CISCO VPN router and has been implemented multiple times. However, two VPN routers are required - one on the premises of the RWTH Aachen and the other on the site of the external network.

Rights and Duties

A computer which is connected to a RWTH VPN server can access RWTH internal content in the RWTH Aachen network. Therefore, the computer is subject to all restrictions and the terms and conditions that apply on the RWTH Aachen University network.

Usage

In order to establish a VPN connection, a VPN client software is required. The client sets up the encrypted tunnel which enables it to act as if it is within the local networks of the RWTH Aachen university. Currently, there are two different VPN connection technologies available with different client softwares.