[Eril-l] Asking patrons to login to electronic resources both on and off campus

Ihli, Monica Inez (Monica) mihli1 at utk.edu
Tue Sep 13 10:04:36 PDT 2016 

For the record, University of Tennessee does not require on-campus proxy authentication, as we strive to keep our library as open and accessible as possible. However, as a proxy admin, I can understand some of the arguments in favor of doing so. The biggest advantage I can think of would be to not have to depend on the campus's central IT department to intervene in cases where excessive downloading is coming from the on-campus network. It is far less common than, say, an account getting hacked and used from a foreign IP. But it does happen. In those situations, my only recourse is to pass off the vendor logs and try to convince the central IT authority to treat it as a priority, because I don't have access to the campus network logs. I also don't have the authority to shut off that person's network ID.  

Granted, the scope of impact when a single person's machine IP address gets blocked by a vendor is far less serious than when the proxy server IP gets shut down in this scenario. If the proxy gets blocked, ALL off-campus users are shut down from that resource. At the same time, it makes the library look bad when a vendor repeatedly blocks an IP from our network because we can't act with the same speed as we can when the offender is going through the proxy. 

I think your concerns about what happens when a vendor blocks the proxy are quite valid, but then again we always treat the loss off access for any segment of our patron community as a high priority problem. The technical matters with making sure that server can handle the traffic should be a more straight-forward problem of making sure that the server has adequate resources to handle the load. That is something the admin can take care of.

Monica Ihli, M.S.
ORCID: 0000-0001-6907-6167
Enterprise Systems
Hodges Library, University of Tennessee
United States of America
Office Phone: 1+ 865.974.2885
Email: mihli1 at utk.edu


-----Original Message-----
From: Eril-l [mailto:eril-l-bounces at lists.eril-l.org] On Behalf Of May.Yan
Sent: Tuesday, September 13, 2016 11:56 AM
To: Eril-l at lists.eril-l.org
Subject: [Eril-l] Asking patrons to login to electronic resources both on and off campus

Our library has been approached by university IT security to start requiring patrons to login to all of our electronic resources both on and off campus. I'd like to learn from schools that require login to resources on and off campus how your systems are configured?

Currently we have IP authentication setup with all of our vendors, and patrons are only asked to login to resources when they are off campus where their sessions are routed via our ezproxy servers after being authenticated by our CAS system.

University IT security has proposed that we reduce our IP ranges with vendors and make everyone go through the proxy server for all resources. 
However, I'm very uncomfortable with this option because that one server becomes a bottleneck. What happens when vendor blocks our proxy server due to possible violations investigations? We stand to lose all access to the resource(s) during any investigation period. What happens when there's a hardware problem and we need to make a server swap and the IP changes? It's a scary thought to ask all our vendors to update an IP quickly. I'm hoping there are other (better) options out there?

I'd appreciate any help, and will consolidate responses to share with the group.

Thank you

May

-- 

May Yan | may.yan at ryerson.ca | 416.979.5000.4947 | @mayyan ER Discovery & Access Librarian | Strategic Systems Project Lead

_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org

More information about the Eril-l mailing list