[Eril-l] Asking patrons to login to electronic resources both on and off campus
Ann Erdmann
aerdmann at nebrwesleyan.edu
Tue Sep 13 13:59:10 PDT 2016
Hi May,
I would really recommend asking the IT department why they want to do this. Really do an old style reference style questioning session with them. From working in IT myself, I know that often IT departments and the library don't really communicate with each other. Find out what their real goal is and why. Maybe you can figure out another solution.
At my previous institutions, we had one resources that did require students to sign in on and off campus and we adjusted the proxy config file to do that for that particular resource.
I also want to remind everyone about Eduroam, which will give folks an off campus IP range. It is a great way to test your proxy and troubleshoot access errors.
https://www.eduroam.us/institutions_list
eduroam-US Institutions - Global Wi-Fi roaming for academia<https://www.eduroam.us/institutions_list>
www.eduroam.us
Operator of eduroam in the United States on behalf of Internet2
*************************************************
Annie Erdmann, MLIS
Head of Electronic Resources and Access Services
Cochrane-Woods Library
Nebraska Wesleyan University
eResources at nebrwesleyan.edu
aerdmann at nebrwesleyan.edu
402-465-2404 (direct)
________________________________
From: Eril-l <eril-l-bounces at lists.eril-l.org> on behalf of Amy Lynn Fry <afry at bgsu.edu>
Sent: Tuesday, September 13, 2016 3:10:23 PM
To: Eril-l at lists.eril-l.org
Subject: Re: [Eril-l] Asking patrons to login to electronic resources both on and off campus
Also, I don't know if someone's made this point already or not, a really good reason to resist this is that you would not believe how many people just use google to find resources and bypass the library's website. Well, maybe you would. They're using google to get right to JSTOR, ScienceDirect, and all kinds of other things, or using Google to find articles on topical searches on different vendor platforms, and don't even realize their access is coming from the IP recognition through the library's subscription. So I would be afraid use statistics would go down if vendors didn't recognize on-campus IPs automatically.
Amy Fry
Associate Professor, E-resources Librarian
Jerome Library
Bowling Green, OH 43403
afry at bgsu.edu
email is the best way to reach me
-----Original Message-----
From: Eril-l [mailto:eril-l-bounces at lists.eril-l.org] On Behalf Of Amy Lynn Fry
Sent: Tuesday, September 13, 2016 4:05 PM
To: Eril-l at lists.eril-l.org
Subject: Re: [Eril-l] Asking patrons to login to electronic resources both on and off campus
Our resources used to be set up so that the wireless IP range for our campus required authentication. It was a huge pain and problem. When we were teaching classes with laptops, we ALWAYS had tons of problems with people being able to sign in and it slowed things down horribly.
We also used to have WAM proxy, which did send every proxied link through the proxy server, and it did create a bottleneck and was again a huge issue.
Now we use EZProxy (which only routes people through the proxy server if they're actually at an off-campus IP), we've cleaned up our authentication logic, and wireless IPs do not require logins, and it is so much easier and better.
Amy Fry
Associate Professor, E-resources Librarian Jerome Library Bowling Green, OH 43403 afry at bgsu.edu email is the best way to reach me
-----Original Message-----
From: Eril-l [mailto:eril-l-bounces at lists.eril-l.org] On Behalf Of Theresa Borchert
Sent: Tuesday, September 13, 2016 3:15 PM
To: Eril-l at lists.eril-l.org
Subject: Re: [Eril-l] Asking patrons to login to electronic resources both on and off campus
A number of years ago our IP provider for the dorms kept changing IP's without notifying the library. So we choose to have campus dorms use our proxy IP access which required a login. We send our campus IP range and dorm proxy IP to our vendors. This allows all of our students access and is very convenient with student mobile devices and access. We also set aside a number of computers with static IP's to ExcludeIP in our proxy configuration file so they act like off-campus so they will require a login. This allows our eReserve staff to easily create proxy URLs; our reference staff to 'see' an access issue for a student working off-campus/dorms and for me to check off-campus access issues from my office on campus.
Hmmm.... If login is always required for access, maybe... a big data project could track student usage and analyze data gathered against student class enrollment, major...
Theresa Borchert, Librarian
Concordia College
Moorhead, MN 56562
1-218-299-3235
-----Original Message-----
From: Eril-l [mailto:eril-l-bounces at lists.eril-l.org] On Behalf Of Lynda Howell
Sent: Tuesday, September 13, 2016 1:51 PM
To: Eril-l at lists.eril-l.org
Subject: Re: [Eril-l] Asking patrons to login to electronic resources both on and off campus
In EZProxy, proxying on-campus users and requiring on-campus users to log in are two different things. If you use the AutoLoginIP directive with your full campus IP range in EZProxy and just give the proxy server's IP to the vendor, anyone sitting at any of your campus computers will be routed through EZProxy, but they will never see the login screen. I would check with your IT people to see what it is they're trying to do. Is it an issue of the logistics of keeping IP ranges up to date with vendors? Or is it an issue of preventing unaffiliated users from accessing library resources from campus computers? If it's the former, AutoLoginIP may address their concern with less disruption to your patrons. If it's the latter, it won't.
The benefit of AutoLoginIP over actually making people log in is that it's much less of a hassle for patrons. The "drawback" is that anyone on a campus computer can access library resources (if your IT people consider that a problem).
The drawback to AutoLoginIP over giving vendors your full range is what you and Monica pointed out -- putting all your eggs in one basket. The benefit (and I think it's a big one) is that it makes on-campus users see the same URLs as off-campus users: no more frustrated instructors who tested all the links before sending out the syllabus, and didn't realize that they wouldn't work from off campus without manually adding the proxy prefix.
Lynda.
------------------------------
Lynda Howell
Dana Medical Library
University of Vermont
lynda.howell at uvm.edu
(802) 656-8863
> -----Original Message-----
> From: Eril-l [mailto:eril-l-bounces at lists.eril-l.org] On Behalf Of
> Ihli, Monica Inez (Monica)
> Sent: Tuesday, September 13, 2016 1:05 PM
> To: May.Yan <may.yan at ryerson.ca>; Eril-l at lists.eril-l.org
> Subject: Re: [Eril-l] Asking patrons to login to electronic resources
> both on and off campus
>
> For the record, University of Tennessee does not require on-campus
> proxy authentication, as we strive to keep our library as open and
> accessible as possible. However, as a proxy admin, I can understand
> some of the arguments in favor of doing so. The biggest advantage I
> can think of would be to not have to depend on the campus's central IT
> department to intervene in cases where excessive downloading is coming from the on-campus network.
> It is far less common than, say, an account getting hacked and used
> from a foreign IP. But it does happen. In those situations, my only
> recourse is to pass off the vendor logs and try to convince the
> central IT authority to treat it as a priority, because I don't have
> access to the campus network logs. I also don't have the authority to shut off that person's network ID.
>
> Granted, the scope of impact when a single person's machine IP address
> gets blocked by a vendor is far less serious than when the proxy
> server IP gets shut down in this scenario. If the proxy gets blocked,
> ALL off-campus users are shut down from that resource. At the same
> time, it makes the library look bad when a vendor repeatedly blocks an
> IP from our network because we can't act with the same speed as we can
> when the offender is going through the proxy.
>
> I think your concerns about what happens when a vendor blocks the
> proxy are quite valid, but then again we always treat the loss off
> access for any segment of our patron community as a high priority
> problem. The technical matters with making sure that server can handle
> the traffic should be a more straight-forward problem of making sure
> that the server has adequate resources to handle the load. That is something the admin can take care of.
>
> Monica Ihli, M.S.
> ORCID: 0000-0001-6907-6167
> Enterprise Systems
> Hodges Library, University of Tennessee United States of America
> Office Phone: 1+ 865.974.2885
> Email: mihli1 at utk.edu
>
>
> -----Original Message-----
> From: Eril-l [mailto:eril-l-bounces at lists.eril-l.org] On Behalf Of
> May.Yan
> Sent: Tuesday, September 13, 2016 11:56 AM
> To: Eril-l at lists.eril-l.org
> Subject: [Eril-l] Asking patrons to login to electronic resources both
> on and off campus
>
> Our library has been approached by university IT security to start
> requiring patrons to login to all of our electronic resources both on
> and off campus. I'd like to learn from schools that require login to
> resources on and off campus how your systems are configured?
>
> Currently we have IP authentication setup with all of our vendors, and
> patrons are only asked to login to resources when they are off campus
> where their sessions are routed via our ezproxy servers after being
> authenticated by our CAS system.
>
> University IT security has proposed that we reduce our IP ranges with
> vendors and make everyone go through the proxy server for all resources.
> However, I'm very uncomfortable with this option because that one
> server becomes a bottleneck. What happens when vendor blocks our proxy
> server due to possible violations investigations? We stand to lose all
> access to the
> resource(s) during any investigation period. What happens when there's
> a hardware problem and we need to make a server swap and the IP changes?
> It's a scary thought to ask all our vendors to update an IP quickly.
> I'm hoping there are other (better) options out there?
>
> I'd appreciate any help, and will consolidate responses to share with
> the group.
>
> Thank you
>
> May
>
> --
>
> May Yan | may.yan at ryerson.ca | 416.979.5000.4947 | @mayyan ER
> Discovery & Access Librarian | Strategic Systems Project Lead
>
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20160913/0bf61d5e/attachment-0001.html>
More information about the Eril-l
mailing list