Summary
Previously, VPN roles were based on a user's association with MSU (Student, faculty, staff, etc). The new VPN roles have been re-organized to simplified access levels as this focuses on what is being accessed instead.
Body
Question
- What are the access levels for the VPN at MSU?
Answer
Previously, VPN roles were based on a user's association with MSU (Student, faculty, staff, etc). The new VPN roles have been re-organized to simplified access levels as this focuses on what is being accessed instead:
- Access Level: Base
- Use when you want to provide access without directly exposing an application to the Internet
- Basic “Secure Remote Access”
- Works just like any other IP address on Campus
- Available to anyone with a valid NetID
- Obtained by Access Request Form
- Access Level: Moderate
- Use when you want to limit exposure to an application, even within Campus
- Smaller user population
- Available automatically for full-time regular employees
- Access Request Form for overrides of temp-on-call, contractors, etc.
- Access Level: Elevated
- Use when you want to restrict connectivity to privileged services
- E.g. cPanel, SQLadmin, iDRAC, ESXi Remote Console, SSH
- Works just like physical direct console access
- Obtained by Access Request Form
- Must have association with MSU IT
- Intended for System Administrators
- Can include sponsored contractors or part-time employees
- Access Level: Telecom
- Used for specific Avaya systems and services access
- Obtained by submitting the "Telephone Consultation" form and asking for "F5 VPN Telecom" access.
Additional Info
The Access Request Forms are available at https://go.msu.edu/access-requests.