| ELEMENT NAME | DESCRIPTION |
Major Service |
Information Assurance |
Service Name |
Secure Remote Access Service (SRAS) |
Service Description |
The University appreciates that access may be required to the corporate ICT network and services when staff and 3rd parties are working remotely in order to support business needs. However, the mechanism by which this is provided must be securely managed with full auditing in order to meet IT Security standards, protecting sensitive information on the corporate network. Information Services have developed the Secure Remote Access Service (SRAS), which provides users with a multi-layered approach to remote access, from secure web-based connection, to Active Directory (AD) server file sharing, to the ability to remotely access staff University Workstations. |
Service Owner |
ICT Customer Services |
Business Process |
Replacement of Unauditable Remote Access Products Individual University staff and 3rd party users may have in the past used commercially available products such as LogMeIn and GoToMyPC for remote access. SRAS replaces the service provided by such products with a more secure, fully supported and audited system. Information Services have taken action to restrict access to unauditable remote access products from the end of April 2010 onwards. Users are required to cease using such products with University staff being required to uninstall them from their University workstations. Use of these products is contrary to the University Acceptable Use Code of Practice. 2 Factor Authentication SRAS uses 2-factor Authentication (2FA) in order to prove the legitimacy of the University Staff Member or 3rd Party Employee making the remote connection. Two-factor authentication is a security process sometimes referred to as “something you have and something you know”. The process involves a user entering their Username, University AD (network) Password and a One Time Passcode (OTP). The OTP is a 7 digit number which is generated automatically from the 2FA token assigned to them. The combination of the Username, AD password and OTP authenticates the user as genuine during login. Who Can Apply for SRAS Access? University Staff University staff requiring remote access in order to work from a location other than a University campus can apply for SRAS. It should be noted that SRAS involves a cost (as outlined below in the Cost section) which must be authorised by the staff member’s Dean or Director. See the SRAS Application Form and accompanying Advice Notes for further details (see below). 3rd Parties 3rd Party users can apply for access where this is required to support University IT systems. The cost of SRAS in this case must be authorised by the University System Owner’s Dean or Director. See the SRAS 3rd Party Application Form and accompanying Advice Notes for further details. How Do I Apply for SRAS? University Staff Application All staff who request SRAS will be required to complete a SRAS Staff Application Form, which should then be approved by their Dean or Director. After final approval from the Director of ISD, approved applications will be actioned by the ISD Service Desk. Any rejected applications will be returned to the Dean or Director indicating the reason for rejection. Click this link to see a graphical representation of this workflow. 3rd Party Application All 3rd Parties who request SRAS will be required to complete a SRAS 3rd Party Application Form. Authorising signatures are required from the 3rd Party's Manager, the University System Owner, their Dean or Director and final approval from the Director of ISD. Approved or rejected applications are then actioned similarly to Staff, as above. System Owners should be aware of their responsibilities related to applications for 3rd Party SRAS, as outlined in the accompanying Advice Notes. What Policies apply to SRAS use? All SRAS users are expected to abide by the terms of the University Acceptable Use Code of Practice and other policies related to IT use. These can be found on the Information Services and Corporate Planning and Governance websites. www.ulster.ac.uk/isd/itus/docs/ www.ulster.ac.uk/isd/policies/ 3rd Party applicants should also be aware of the ‘Third Party Processing Agreement’ and the University's Data Protection Policy. See SRAS 3rd Party Application Form and accompanying Advice Notes for further details. What is the Minimum Technical Specification for SRAS? In order to use SRAS you must have at least: - Windows XP with Service Pack 3 (or higher – Vista and Windows 7) - Internet Explorer 7 (or higher) Please Note: SRAS may require the installation of an ActiveX control, therefore local administrator rights may temporarily be required on the PC or laptop used for SRAS. Downloadable Forms Staff Application Form 3rd Party Application Form Advice Note 3rd Party Password Reset Facility Users in external organisations may use this facility to change both their Service Specific and Individual Support accounts. University staff must not use this facility to change their staff network password. |
Supporting Materials |
|
How to obtain help |
For further advice, please contact ISD Service Desk on extension 66777 or email servicedesk@ulster.ac.uk |
Cost (where applicable) |
Use of SRAS requires a 2FA token, incurring a cost which ISD will charge
to the User/System Owner’s Department/Faculty. Charges are based on an
initial three year agreement commencing 1st April 2010 and terminating 31st
March 2013. This agreement will be reviewed during 2012 and its continuance
or replacement, with pricing, communicated before the end of that year. As
shown below, there will be an initial device cost and
thereafter an annual maintenance fee payable in the April following device
purchase. Costs are detailed below assuming device purchase in
April 2010. Device 2FA Token - Initial Cost £40 - Maintenance (April 2011) £20 - Maintenance (April 2012) £20 In the case of 3rd Party SRAS Applications, the System Owner will agree with the 3rd Party and Service Desk regards how many 2FA tokens are required. |
Service Metrics (KPI/SLA statement) |
|
Who can avail of the service? |
Staff and Users in external organisations |
Keywords |
|
