Baruch Computing and Technology Center (BCTC)

VPN Service Description and Instructions (Pal Alto SSL VPN)

Access to administrative and academic support systems from non-University locations is allowed only through secure remote connections that provide for unique user authentication and encrypted communications.

The Baruch College VPN service allows users to access Baruch College network services such as internal web servers, file servers, or desktop computers, from off-campus.

The Cisco VPN Service will remain operational until the end of September 2011.  During this time BCTC will notify and convert users to the new Palo Alto SSL VPN system which is currently operational.  Any questions or concerns, please contact the helpdesk via e-mail at helpdesk@baruch.cuny.edu or phone at 646-312-1010.

Who is eligible to use the VPN service?

  • Baruch College faculty and staff members
  • external vendors/contractors currently engaged in contract work with the college

Process for Obtaining VPN Service

For Baruch College Faculty and Staff -

  1. The user must submit an e-mail to The Baruch College Help Desk (helpdesk@baruch.cuny.edu) answering the following questions:

    1. Is the computer Baruch-issued or your own computer?

    2. What operating system is installed on it?

    3. When was the last time you checked with the Operating System vendor (i.e., Microsoft or Apple) for system updates?

    4. What anti-virus software do you use?

    5. Do you have a current subscription for the anti-virus software?

    6. When was the last time you checked for anti-virus updates (or is it set to do updates automatically)?

    7. Do you plan on accessing Non-Public University Information as defined below?  If yes, please describe the information and your intended use.  

      Non-Public University Information – For the purpose of these IT Security Procedures, the term “Non-Public University Information” means personally identifiable information (such as an individual’s Social Security Number; driver's license number or non-driver identification card number; account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account; personal electronic mail address; Internet identification name or password; and parent’s surname prior to marriage); information in student education records that is protected under the Family Educational Rights and Privacy Act of 1974 (FERPA) and the related regulations set forth in 34 CFR Part 99; other information relating to the administrative, business, and academic activities and operations of the University (including employee evaluations, employee home addresses and telephone numbers, and other employee records that should be treated confidentially); and any other information available in University files and systems that by its nature should be treated confidentially.

  2. The e-mail must be cc’d to the user's department chair or administrative unit director.
  3. The user's department chair or administrative unit director must then confirm via an e-mail to The Baruch College Help Desk (helpdesk@baruch.cuny.edu) that the user is currently employed and should be provided a VPN account.
  4. Once both the e-mail from the user and the department chair or administrative unit director has been received, the request will be processed and the account created. The BCTC will follow up to confirm the account setup and provide information about using the VPN service.

For Vendor/ContractorA department chair or administrative unit director must make the electronic or written request to The Baruch College Help Desk (helpdesk@baruch.cuny.edu), with confirmation that no Non-Public University Information (as explained above) will be accessed over the VPN. The requester must affirm that there is a contractual relationship between the college and the vendor. The BCTC will need an authorization from the contracting entity permitting their representative to use the VPN. The department head must identify in the request a period of time for which the VPN account should be permitted, and acknowledge that an extension will require an additional request. BCTC will also need confirmation from the proposed VPN user that he/she is using a Windows computer or an Apple OS X computer that is fully patched and running current anti-virus and anti spyware software (stating the brand and release/version). The BCTC will send an email to the user confirming the account setup and additional information about using the VPN service.

 

Instructions for Setup of VPN Service

To complete these instructions, you will need:

  • An established connection to your ISP (You must already be connected to the internet through cable modem or DSL)
  • An Active Directory account with VPN permission (permission for VPN access must be requested by department chair or administrative unit director - see above instructions)

  • A computer running that meets the minimum system requirements. See Verifying System Requirements

  • If you do want to access your office computer from home via VPN, you must request this in your initial VPN request e-mail

Installation and configuration instructions

 

Windows XP and Windows 7:  Click Here to download and view the PDF(If you are running the 64 bit of the OS, see notes under FAq's)

Apple Macintosh: Installation notes coming soon

 

Verifying System Requirements

Verify that your computer meets these requirements:

Windows

  • Windows XP or higher Operating System with service pack 2 * (If running 64 bit OS, see note below)
  • Administrator privileges if installing on Windows Operating System

Mac

  • Mac OS X 10.5 or later

 

Pal Alto SSL VPN FAQ's:

1. If you are installing the 64-bit client you must use 64bit Internet Explorer.

2. If using the 64-bit client you must install 64bit java (c:\>java -version).

3. You must disable java's "mixed code verification"

4. You must not use remote desktop when installing for the first time. You must login normally

5. if the installation appears to be stuck on the "cmd" window, close "cmd" under processes in the Task Manager (ctrl-altl-delete) window and it should finish normally.

6. If NetConnect client is seeing the error, "64bit is not allowed in this version, clear Java cache.