Virtual Private Network (VPN) - What Are the Access Levels for the VPN at MSU?

Question

• What are the access levels for the VPN at MSU?

Answer

Previously, VPN roles were based on a user's association with MSU (Student, faculty, staff, etc). The new VPN roles have been re-organized to simplified access levels as this focuses on what is being accessed instead:

• Access Level: Base
  • Use when you want to provide access without directly exposing an application to the Internet
    • Basic “Secure Remote Access”
  • Works just like any other IP address on Campus
  • Available to anyone with a valid NetID
  • Obtained by Access Request Form
• Access Level: Moderate
  • Use when you want to limit exposure to an application, even within Campus
  • Smaller user population
  • Available automatically for full-time regular employees
    • Access Request Form for overrides of temp-on-call, contractors, etc.
• Access Level: Elevated
  • Use when you want to restrict connectivity to privileged services
    • E.g. cPanel, SQLadmin, iDRAC, ESXi Remote Console, SSH
  • Works just like physical direct console access
  • Obtained by Access Request Form
    • Must have association with MSU IT
    • Intended for System Administrators
      • Can include sponsored contractors or part-time employees
• Access Level: Telecom
  • Used for specific Avaya systems and services access
  • Obtained by submitting the "Telephone Consultation" form and asking for "F5 VPN Telecom" access.

Additional Info

The Access Request Forms are available at https://go.msu.edu/access-requests.