BuckeyePass Operational Data Store VPN Information

This page hosts the instructions and information regarding the BuckeyePass two-factor tokens and their use with the university Operational Data Store (ODS). Here you will find information on configuring your VPN client as well as any information or announcements relating to the ODS-VPN and BuckeyePass.

For more information on the BuckeyePass Project at OSU be sure to check out the BuckeyePass Project webpage here on BuckeyeSecure.

ODS-VPN Communication to DNA's

To: Department Network Administrators From: The Office of Information Technology

RE: Implementing ODS VPN

The Office of Information Technology plans on rolling out the final initiative of the Legacy SSN Protection Project, Operational Data Store (ODS) VPN, as of April 4th, 2008. The goal of this project is to encrypt the transmission of network traffic between the ODS server and the user by using the Cisco VPN client or site-to-site VPN. This will impact all current ODS users as well as any future users that will be accessing the new ODS.

You have been identified as the Department Network Administrator for one or more ODS users. The specific impact on your users depends on whether or not your location implements site-to-site VPN. Site-to-Site VPN is recommended if you have a large number of ODS users behind your firewall and you wish to avoid each individual installing and using the client; or if you have a server that is automatically connecting to the ODS. Those users in a site-to-site VPN environment will not be required to install the Cisco VPN client in order to access the ODS, unless they are accessing the ODS from home or other off-campus location.

Users that are not in a site-to-site VPN location will be required to install the Cisco VPN client available on OIT Site License Software and a configuration file that will be emailed to them. If they already have the Cisco client installed, they will only need to download the configuration file. Note that users are able to install the client on their own if they have administrative access to their machines; if they do not have administrative access, you will need to aid them in this process.

Users then proceed with their usual methods of accessing the ODS. User instructions are available via the 8help and BuckeyeSecure websites; these can also be made available to you should you wish to customize them to your specific environment.

As of April 30, 2008, users must connect to the ODS via the VPN (client or site-to-site). An announcement will be sent to each of the ODS users required to use the client on April 4th, 2008. A copy of this announcement is provided below for your reference. Note: Users in a site-to-site environment will not receive this announcement and will rely on your contact with them for further instructions.

It is important that your firewall is configured to allow access to the ODS. Please see below to find out which ports should be opened.

If you are interested in setting up a site-to-site VPN connection, please send your request to 8help at 8help@osu.edu.

Any questions about this project can be directed to Greg Niemeyer at niemeyer.8@osu.edu.

Thank you,

Greg Niemeyer
The SSN Protection Project

The Cisco VPN client is configured to use TCP port 10000. If your firewall controls outbound connections then you will need to insure that TCP port 10000 is open.