<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<meta content="text/html; charset=UTF-8">
<style type="text/css" style="">
<!--
p
{margin-top:0;
margin-bottom:0}
-->
</style>
<div dir="ltr">
<div id="x_divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Hi May,</p>
<p><br>
</p>
<p>I would really recommend asking the IT department why they want to do this. Really do an old style reference style questioning session with them. From working in IT myself, I know that often IT departments and the library don't really communicate with
each other. Find out what their real goal is and why. Maybe you can figure out another solution.</p>
<p><br>
</p>
<p>At my previous institutions, we had one resources that did require students to sign in on and off campus and we adjusted the proxy config file to do that for that particular resource.</p>
<p><br>
</p>
<p>I also want to remind everyone about <b>Eduroam</b>, which will give folks an off campus IP range. It is a great way to test your proxy and troubleshoot access errors.</p>
<p><br>
</p>
<p><a href="https://www.eduroam.us/institutions_list" class="x_OWAAutoLink" id="LPlnk861618">https://www.eduroam.us/institutions_list</a></p>
<p><br>
</p>
<div id="LPBorder_GT_14738002721190.33068686097215205" style="margin-bottom:20px; overflow:auto; width:100%; text-indent:0px">
<table id="LPContainer_14738002721150.2660670814342194" cellspacing="0" style="width:90%; overflow:auto; padding-top:20px; padding-bottom:20px; margin-top:20px; border-top:1px dotted rgb(200,200,200); border-bottom:1px dotted rgb(200,200,200); background-color:rgb(255,255,255)">
<tbody>
<tr valign="top" style="border-spacing:0px">
<td id="x_TextCell_14738002721160.6617001629177726" colspan="2" style="vertical-align:top; padding:0px; display:table-cell">
<div id="LPRemovePreviewContainer_14738002721170.8860591024303115"></div>
<div id="LPTitle_14738002721170.7466185579086311" style="top:0px; color:rgb(0,150,183); font-weight:normal; font-size:21px; font-family:wf_segoe-ui_light,"Segoe UI Light","Segoe WP Light","Segoe UI","Segoe WP",Tahoma,Arial,sans-serif; line-height:21px">
<a id="LPUrlAnchor_14738002721170.4181589432717452" href="https://www.eduroam.us/institutions_list" target="_blank" style="text-decoration:none">eduroam-US Institutions - Global Wi-Fi roaming for academia</a></div>
<div id="LPMetadata_14738002721180.8227638196725848" style="margin:10px 0px 16px; color:rgb(102,102,102); font-weight:normal; font-family:wf_segoe-ui_normal,"Segoe UI","Segoe WP",Tahoma,Arial,sans-serif; font-size:14px; line-height:14px">
www.eduroam.us</div>
<div id="LPDescription_14738002721180.7210141802970733" style="display:block; color:rgb(102,102,102); font-weight:normal; font-family:wf_segoe-ui_normal,"Segoe UI","Segoe WP",Tahoma,Arial,sans-serif; font-size:14px; line-height:20px; max-height:100px; overflow:hidden">
Operator of eduroam in the United States on behalf of Internet2</div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
<br>
<p></p>
<div id="x_Signature">
<meta content="text/html; charset=UTF-8">
<div id="x_divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<p><b><span style="color:rgb(117,123,128)">*************************************************</span></b></p>
<p><span style="color:rgb(117,123,128)"><b>Annie Erdmann, MLIS</b></span></p>
<p><span style="color:rgb(117,123,128)">Head of Electronic Resources and Access Services</span></p>
<p></p>
<div><span style="color:rgb(117,123,128)">Cochrane-Woods Library</span></div>
<div><span style="color:rgb(117,123,128)">Nebraska Wesleyan University</span></div>
<div><span style="color:rgb(117,123,128)"><span style="color:rgb(117,123,128)">eResources@nebrwesleyan.edu </span></span></div>
<div><span style="color:rgb(117,123,128)"><span style="color:rgb(117,123,128)">aerdmann@nebrwesleyan.edu</span></span></div>
<div><span style="color:rgb(117,123,128)">402-465-2404 (direct)</span></div>
<p></p>
<p><br>
</p>
</div>
</div>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Eril-l <eril-l-bounces@lists.eril-l.org> on behalf of Amy Lynn Fry <afry@bgsu.edu><br>
<b>Sent:</b> Tuesday, September 13, 2016 3:10:23 PM<br>
<b>To:</b> Eril-l@lists.eril-l.org<br>
<b>Subject:</b> Re: [Eril-l] Asking patrons to login to electronic resources both on and off campus</font>
<div> </div>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">Also, I don't know if someone's made this point already or not, a really good reason to resist this is that you would not believe how many people just use google to find resources and bypass the library's website. Well, maybe you would.
They're using google to get right to JSTOR, ScienceDirect, and all kinds of other things, or using Google to find articles on topical searches on different vendor platforms, and don't even realize their access is coming from the IP recognition through the
library's subscription. So I would be afraid use statistics would go down if vendors didn't recognize on-campus IPs automatically.<br>
<br>
Amy Fry<br>
Associate Professor, E-resources Librarian<br>
Jerome Library<br>
Bowling Green, OH 43403<br>
afry@bgsu.edu<br>
email is the best way to reach me<br>
<br>
<br>
-----Original Message-----<br>
From: Eril-l [<a href="mailto:eril-l-bounces@lists.eril-l.org">mailto:eril-l-bounces@lists.eril-l.org</a>] On Behalf Of Amy Lynn Fry<br>
Sent: Tuesday, September 13, 2016 4:05 PM<br>
To: Eril-l@lists.eril-l.org<br>
Subject: Re: [Eril-l] Asking patrons to login to electronic resources both on and off campus<br>
<br>
Our resources used to be set up so that the wireless IP range for our campus required authentication. It was a huge pain and problem. When we were teaching classes with laptops, we ALWAYS had tons of problems with people being able to sign in and it slowed
things down horribly. <br>
<br>
We also used to have WAM proxy, which did send every proxied link through the proxy server, and it did create a bottleneck and was again a huge issue.<br>
<br>
Now we use EZProxy (which only routes people through the proxy server if they're actually at an off-campus IP), we've cleaned up our authentication logic, and wireless IPs do not require logins, and it is so much easier and better.<br>
<br>
Amy Fry<br>
Associate Professor, E-resources Librarian Jerome Library Bowling Green, OH 43403 afry@bgsu.edu email is the best way to reach me<br>
<br>
<br>
-----Original Message-----<br>
From: Eril-l [<a href="mailto:eril-l-bounces@lists.eril-l.org">mailto:eril-l-bounces@lists.eril-l.org</a>] On Behalf Of Theresa Borchert<br>
Sent: Tuesday, September 13, 2016 3:15 PM<br>
To: Eril-l@lists.eril-l.org<br>
Subject: Re: [Eril-l] Asking patrons to login to electronic resources both on and off campus<br>
<br>
A number of years ago our IP provider for the dorms kept changing IP's without notifying the library. So we choose to have campus dorms use our proxy IP access which required a login. We send our campus IP range and dorm proxy IP to our vendors. This allows
all of our students access and is very convenient with student mobile devices and access. We also set aside a number of computers with static IP's to ExcludeIP in our proxy configuration file so they act like off-campus so they will require a login. This
allows our eReserve staff to easily create proxy URLs; our reference staff to 'see' an access issue for a student working off-campus/dorms and for me to check off-campus access issues from my office on campus.
<br>
<br>
Hmmm.... If login is always required for access, maybe... a big data project could track student usage and analyze data gathered against student class enrollment, major...
<br>
<br>
Theresa Borchert, Librarian<br>
Concordia College<br>
Moorhead, MN 56562<br>
1-218-299-3235<br>
<br>
-----Original Message-----<br>
From: Eril-l [<a href="mailto:eril-l-bounces@lists.eril-l.org">mailto:eril-l-bounces@lists.eril-l.org</a>] On Behalf Of Lynda Howell<br>
Sent: Tuesday, September 13, 2016 1:51 PM<br>
To: Eril-l@lists.eril-l.org<br>
Subject: Re: [Eril-l] Asking patrons to login to electronic resources both on and off campus<br>
<br>
In EZProxy, proxying on-campus users and requiring on-campus users to log in are two different things. If you use the AutoLoginIP directive with your full campus IP range in EZProxy and just give the proxy server's IP to the vendor, anyone sitting at any of
your campus computers will be routed through EZProxy, but they will never see the login screen. I would check with your IT people to see what it is they're trying to do. Is it an issue of the logistics of keeping IP ranges up to date with vendors? Or is
it an issue of preventing unaffiliated users from accessing library resources from campus computers? If it's the former, AutoLoginIP may address their concern with less disruption to your patrons. If it's the latter, it won't.<br>
<br>
The benefit of AutoLoginIP over actually making people log in is that it's much less of a hassle for patrons. The "drawback" is that anyone on a campus computer can access library resources (if your IT people consider that a problem).<br>
<br>
The drawback to AutoLoginIP over giving vendors your full range is what you and Monica pointed out -- putting all your eggs in one basket. The benefit (and I think it's a big one) is that it makes on-campus users see the same URLs as off-campus users: no more
frustrated instructors who tested all the links before sending out the syllabus, and didn't realize that they wouldn't work from off campus without manually adding the proxy prefix.
<br>
<br>
Lynda.<br>
<br>
------------------------------<br>
Lynda Howell<br>
Dana Medical Library<br>
University of Vermont<br>
lynda.howell@uvm.edu<br>
(802) 656-8863<br>
<br>
<br>
<br>
> -----Original Message-----<br>
> From: Eril-l [<a href="mailto:eril-l-bounces@lists.eril-l.org">mailto:eril-l-bounces@lists.eril-l.org</a>] On Behalf Of
<br>
> Ihli, Monica Inez (Monica)<br>
> Sent: Tuesday, September 13, 2016 1:05 PM<br>
> To: May.Yan <may.yan@ryerson.ca>; Eril-l@lists.eril-l.org<br>
> Subject: Re: [Eril-l] Asking patrons to login to electronic resources <br>
> both on and off campus<br>
> <br>
> For the record, University of Tennessee does not require on-campus <br>
> proxy authentication, as we strive to keep our library as open and <br>
> accessible as possible. However, as a proxy admin, I can understand <br>
> some of the arguments in favor of doing so. The biggest advantage I <br>
> can think of would be to not have to depend on the campus's central IT <br>
> department to intervene in cases where excessive downloading is coming from the on-campus network.<br>
> It is far less common than, say, an account getting hacked and used <br>
> from a foreign IP. But it does happen. In those situations, my only <br>
> recourse is to pass off the vendor logs and try to convince the <br>
> central IT authority to treat it as a priority, because I don't have <br>
> access to the campus network logs. I also don't have the authority to shut off that person's network ID.<br>
> <br>
> Granted, the scope of impact when a single person's machine IP address <br>
> gets blocked by a vendor is far less serious than when the proxy <br>
> server IP gets shut down in this scenario. If the proxy gets blocked, <br>
> ALL off-campus users are shut down from that resource. At the same <br>
> time, it makes the library look bad when a vendor repeatedly blocks an <br>
> IP from our network because we can't act with the same speed as we can <br>
> when the offender is going through the proxy.<br>
> <br>
> I think your concerns about what happens when a vendor blocks the <br>
> proxy are quite valid, but then again we always treat the loss off <br>
> access for any segment of our patron community as a high priority <br>
> problem. The technical matters with making sure that server can handle <br>
> the traffic should be a more straight-forward problem of making sure <br>
> that the server has adequate resources to handle the load. That is something the admin can take care of.<br>
> <br>
> Monica Ihli, M.S.<br>
> ORCID: 0000-0001-6907-6167<br>
> Enterprise Systems<br>
> Hodges Library, University of Tennessee United States of America <br>
> Office Phone: 1+ 865.974.2885<br>
> Email: mihli1@utk.edu<br>
> <br>
> <br>
> -----Original Message-----<br>
> From: Eril-l [<a href="mailto:eril-l-bounces@lists.eril-l.org">mailto:eril-l-bounces@lists.eril-l.org</a>] On Behalf Of
<br>
> May.Yan<br>
> Sent: Tuesday, September 13, 2016 11:56 AM<br>
> To: Eril-l@lists.eril-l.org<br>
> Subject: [Eril-l] Asking patrons to login to electronic resources both <br>
> on and off campus<br>
> <br>
> Our library has been approached by university IT security to start <br>
> requiring patrons to login to all of our electronic resources both on <br>
> and off campus. I'd like to learn from schools that require login to <br>
> resources on and off campus how your systems are configured?<br>
> <br>
> Currently we have IP authentication setup with all of our vendors, and <br>
> patrons are only asked to login to resources when they are off campus <br>
> where their sessions are routed via our ezproxy servers after being <br>
> authenticated by our CAS system.<br>
> <br>
> University IT security has proposed that we reduce our IP ranges with <br>
> vendors and make everyone go through the proxy server for all resources.<br>
> However, I'm very uncomfortable with this option because that one <br>
> server becomes a bottleneck. What happens when vendor blocks our proxy <br>
> server due to possible violations investigations? We stand to lose all <br>
> access to the<br>
> resource(s) during any investigation period. What happens when there's <br>
> a hardware problem and we need to make a server swap and the IP changes?<br>
> It's a scary thought to ask all our vendors to update an IP quickly. <br>
> I'm hoping there are other (better) options out there?<br>
> <br>
> I'd appreciate any help, and will consolidate responses to share with <br>
> the group.<br>
> <br>
> Thank you<br>
> <br>
> May<br>
> <br>
> --<br>
> <br>
> May Yan | may.yan@ryerson.ca | 416.979.5000.4947 | @mayyan ER <br>
> Discovery & Access Librarian | Strategic Systems Project Lead<br>
> <br>
> _______________________________________________<br>
> Eril-l mailing list<br>
> Eril-l@lists.eril-l.org<br>
> <a href="http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org">http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org</a><br>
> _______________________________________________<br>
> Eril-l mailing list<br>
> Eril-l@lists.eril-l.org<br>
> <a href="http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org">http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org</a><br>
_______________________________________________<br>
Eril-l mailing list<br>
Eril-l@lists.eril-l.org<br>
<a href="http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org">http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org</a><br>
_______________________________________________<br>
Eril-l mailing list<br>
Eril-l@lists.eril-l.org<br>
<a href="http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org">http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org</a><br>
_______________________________________________<br>
Eril-l mailing list<br>
Eril-l@lists.eril-l.org<br>
<a href="http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org">http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org</a><br>
_______________________________________________<br>
Eril-l mailing list<br>
Eril-l@lists.eril-l.org<br>
<a href="http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org">http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org</a><br>
</div>
</span></font>
</body>
</html>