Service Description

The University appreciates that access may be required to the corporate ICT network and services when staff and 3rd parties are working remotely in order to support business needs. However, the mechanism by which this is provided must be securely managed with full auditing in order to meet IT Security standards, protecting sensitive information on the corporate network.

Information Services has therefore taken action to restrict the use of unauditable remote access products such as LogMeIn and GoToMyPC. Use of these products is contrary to the University Acceptable Use Code of Practice.

Information Services has instead developed the Secure Remote Access Service (SRAS), which provides users with a multi-layered approach to remote access, from secure web-based connection, to Active Directory (AD) server file sharing, to the ability to remotely access staff University Workstations.

Business Process

2-Factor Authentication

SRAS uses 2-factor Authentication (2FA) in order to prove the legitimacy of the University Staff Member or 3rd Party Employee making the remote connection. Two-factor authentication is a security process sometimes referred to as "something you have and something you know".

The process involves a user entering their Username, University AD (network) Password and a One Time Passcode (OTP). This OTP is a unique code sent to the user’s registered mobile phone as a text message during each remote access login.

Remote Access for University Staff

University staff requiring remote access in order to work from a location other than a University campus can apply for SRAS.

Staff requests for remote access should be made by completing a SRAS Staff Application Form, which should then be approved by their Dean or Director. After final approval from the Director of ISD, approved applications will be actioned by the ISD Service Desk. Click this link to see a graphical representation of the Staff application process .

See below for the SRAS Application Form and accompanying Application Advice Notes.

Remote Access for 3rd Parties

3rd Party users can apply for access where this is required to support University IT systems.

All 3rd Parties who request SRAS will be required to complete a SRAS 3rd Party Application Form. Authorising signatures are required from the 3rd Party's Manager, the University System Owner, their Dean or Director and final approval from the Director of ISD. Approved or rejected applications are then actioned similarly to Staff, as above. System Owners should be aware of their responsibilities related to applications for 3rd Party SRAS, as outlined in the accompanying Advice Notes. Click this link to see a graphical representation of the 3rd Party application process .

Further details

• SRAS 3rd Party Application Form
• SRAS Application Advice Notes

Policies that apply to SRAS use

All SRAS users are expected to abide by the terms of the University Acceptable Use Code of Practice and other policies related to IT use. These can be found on the Information Services and Corporate Planning and Governance websites.

• ISD Policies

3rd Party applicants should also be aware of:

• Third Party Processing Agreement
• Data Protection Policy.

Minimum Technical Specification for SRAS

In order to use SRAS you must have at least:
- Windows 7 (or higher)
- Internet Explorer 11 (or higher)

Mac OSX (with certain versions of Safari or Firefox)

Please Note: SRAS may require the installation of an ActiveX control, therefore local administrator rights may temporarily be required on the PC or laptop used for SRAS.

Supporting Materials

• Staff SRAS Application Form 
• 3rd Party SRAS Application Form 
• SRAS Application Advice Notes 

How to obtain help

Contact the ISD Service Desk.

Eligibility

Staff and Users in external organisations

Service Owner

ICT Customer Services