AWS Cloud Computing: Premade WSU Environments
What is AWS Cloud Computing?
Amazon Web Services (AWS) is the largest cloud computing provider, with an emphasis on Infrastructure-as-a-Service. AWS provides an environment where you can create and manage virtual servers, data processing workflows, containers, and native cloud services such as Virtual Desktop solutions.
Who is the target audience for the AWS Cloud Computing service at WSU?
AWS provides tools that can benefit faculty and staff who have computational workloads, data security or compliance needs, or who require highly scalable solutions. AWS hosts big data management tools, machine learning tool-kits, scalable container services, and more.
Currently, we are targeting IT units within the distributed Business Units at WSU as customers of these pre-made cloud environments. ITS will provide a pre-engineered environment, including VPN tunnels back to the appropriate campus, and then train the distributed IT team in how to manage the environment and consume services long-term.
To support this service offering, ITS hosts weekly cloud office hours to answer questions and to workshop solutions within customers AWS environments.
Who can request a pre-made AWS environment?
Currently, we are limiting requests to Area Technology Officers.
What does this service cost?
All costs for AWS are activity-based and vary based on the services that you elect to run in your environment. All charges will be billed to the purchase-card that you put on file within the account, and ITS does not charge any markup on your AWS costs.
The starting costs for the pre-made AWS environments offered by ITS have a baseline monthly cost of $30/month, which is the cost of the VPN tunnel to the WSU enterprise network. Additionally, there are one-time costs to purchase Yubikey’s for the physical MFA tokens for the root accounts.
How do I request a pre-made AWS environment?
Submit a ticket to the Crimson Service Desk requesting a pre-made AWS environment. Please ensure that the request originates from your areas Area Technology Officer. ITS will start the engagement, and provide you with an initial consultation and timeline, based on the current demand.
Individuals wishing to access WSU resources via VPN who have a Friend ID, including visiting scholars, vendors, and other WSU associates, please continue to use the Cisco SSL/VPN as shown below. All current students, faculty, and staff please use the GlobalProtect tools for Mac or Windows that are available via the links above.
Washington State University offers SSL VPN access for those departments and users that require secure remote user access to specific, restricted university services and data. The SSL VPN service provides authenticated and encrypted access to resources such as the administration of departmental servers, administrative systems and applications, and/or systems that house sensitive information.
The SSL VPN service uses the Cisco AnyConnect client over SSL (Secure Socket Layer). Use of the WSU SSL VPN service requires the installation of the Cisco SSL VPN AnyConnect Mobility client. Users are able to manually download and install the mobility client for desktops and laptops from the following location: SSL VPN Client Download.
(Users of mobile devices, tablets, etc. will need to download AnyConnect Mobility clients from their local app stores, as these are not provided by WSU.)
- SSLVPN
- OS Requirements & Client Download Information
- Installation Instructions
- Remote Desktop Instructions
SSL VPN
Audience
- All sponsored contractors, vendors, guests and any others (including 3rd parties) requiring remote access
Currently Supported Operating Systems
- Windows 7, 8, 8.1, and 10 (32 and 64 bit)
- Mac OS X 10.8, 10.9, 10.10, and 10.11
- Ubuntu 12.04 (LTS), 14.04 (LTS) (64 bit only)
(other linux distributions may work as well but are untested) - RedHat Linux 6 and 7
- And many smartphones or tablets
Scope
The SSL VPN service allows secured communication from remote sites to the WSU campus. The SSL VPN service establishes a split tunnel that will route traffic intended for WSU over a secured link and provide a separate path for all other traffic via the local service provider’s internet connection.
Examples of where the SSL VPN service are required:
- Where secure communications to restricted information at WSU is needed
- At home or traveling and needing access to secure WSU services
- Administrators at WSU who need secure remote communications to their on-campus equipment and services
Examples where the SSL VPN service is not required:
- Applications that are in use by a large number of users
- Applications that have little to no access restrictions
Standards
- The WSU SSL VPN service can only be initiated from networks off the Pullman campus.
- Custom Active Directory attributes are created for SSL VPN users upon registration. Faculty, staff, student or third party individuals are granted access to the SSL VPN service if they have a current active status with WSU. These attributes are systematically reviewed and updated daily.
- Users will authenticate with their WSU NID or FID.
- WSU reserves the right to remove users from the SSL VPN users group. Users who have been removed and later determine they need access may request through Coug Tech that they be given access again.
Security Notes
- Active SSL VPN connections must never be left unattended.
- Always disconnect an active SSL VPN connection when finished with a session.
- Connections that remain idle (no interaction) for 30 minutes, will be automatically disconnected.
Login again to reconnect. - WSU recommends the use of local host firewalls for enhanced security.
- Computers should have the latest service packs, critical updates, and security patches before connecting to the SSL VPN.
- Anti-virus software must be enabled with up-to-date virus definitions installed.
Procedures to Connect
- Make sure your system satisfies the SSL VPN operating system and browser requirements
- Complete the Mandatory one time self-registration
- Connect to the WSU SSL VPN Service
- Follow prompts for one time client installation
SSL VPN Client Download for pre-installation on appropriate systems.
Policy
The WSU SSL VPN service will provide users secure and encrypted access to restricted WSU resources when connected to the internet from outside of the wsu.edu domain. SSL VPN is intended to provide authenticated/encrypted access to restricted resources. Users who access WSU resources via the SSL VPN are subject to the same policies as users within the wsu.edu domain.
Compliance
All parties as delineated under Audience are required to comply with this policy.Note that all network activity while connected to the traditional or SSL VPN is subject to the University’s normal acceptable use policies.
Individuals who discover or strongly suspect the violation of this policy must promptly notify the IT Security Office at
509-335-HELP(4357) (8:00am – 5:00pm) or abuse@wsu.edu.
OS Requirements & Client Download Information
SSL VPN Client Download & Set-up
| Operating System | Link |
|---|---|
| Windows 64 bit: | Windows SSL VPN Client |
| Windows Set-up Instructions | |
| AnyConnect for Windows Mobile 6.5 | |
| Linux: | Linux 32 Bit SSL VPN Client |
| Linux 64 Bit SSL VPN Client | |
| Linux Set-up Instructions | |
| Mac OS X: | Mac OS X SSL VPN Client |
| Mac OS X Set-up Instructions | |
| iPhone | iPhone Client & Set-up Instructions |
Mobile Requirements
| Device | OS |
|---|---|
| iPad Air | 7.0 or later |
| iPad 2 | 6.0 or later |
| iPad (3rd generation) | 6.0 or later |
| iPad (4th generation) | 6.0 or later |
| iPad mini | 6.0 or later |
| iPad mini (with Retina display) | 7.0 or later |
| iPhone 3GS | 6.0 - 6.1.6 |
| iPhone 4 | 6.0 - 7.1.2 |
| iPhone 4S | 6.0 or later |
| iPhone 5 | 6.0 or later |
| iPhone 5C | 7.0 or later |
| iPhone 5S | 7.0 or later |
| iPhone 6 | 8.0 or later |
| iPhone 6 Plus | 8.0 or later |
| iPod Touch (4th generation) | 6.0 - 6.16 |
| iPod Touch (5th generation) | 6.0 or later |
| ATT Tilt 3.57.502.2 WWE Note: TouchFLO must be disabled. | Windows Mobile 6.1 Professional |
| Axim X51v with ROM: A03 (23092007 | Windows Mobile 6.0 Classic |
| HTC Touch Pro | Windows Mobile 6.1 Professional |
| HTC Touch | Windows Mobile 6.0 |
| HTC Imagio | Windows Mobile 6.5 |
| HTC Tilt 2 | |
| HTC TyTN | Windows Mobile 5.0 |
| iPAQ 2790 | Windows Mobile 5.0 PocketPC |
| Palm Treo 700wx: | Windows Mobile 5.0+AKU2 PDA Phone |
| Sprint TREO 700WX-1.15-SPNT | |
| Palm Treo 750: | Windows Mobile 6.0 Professional |
| AT&T TREO750-2.27-RWE | |
| AT&T TREO 750-2.25-ATT | |
| T-Mobile TREO750-2.27-RWE | |
| Palm Treo 800-Sprint Treo 800w-1.03-SPNT | Windows Mobile 6.1 Professional |
| Palm Treo Pro: | Windows Mobile 6.1 Professional |
| AT&T T850UNA-1.01-NAE | |
| Sprint T850EWW-1.03-SPT | |
| T-Mobile T850UNA-1.01-NAE | |
| Samsung | Windows Mobile 6.1 Professional |
| Epix SGH-i907 | |
| Omnia SCH-i910 | |
| Saga SCH-i770 | |
| Samsung Omnia Pro 4 | Windows Mobile 6.5 |
| Sprint Touch with ROM: 3.03.651.4 | Windows Mobile 6.1 Professional |
| Note: TouchFLO must be disabled. | |
| T-Mobile Wing 4.26.531.1 WWE | Windows Mobile 6.0 Professional |
| Verizon XV6800 with ROM: 1.00.00.H: | Windows Mobile 6.0 P |
| Verizon 2.09.605.8 | |
| Verizon 3.57.605.1 |
Workstation Requirements
| Operating System | Requirement | |
|---|---|---|
| Windows | System Requirements | Pentium class processor or greater 100 MB hard disk space Microsoft Installer, version 3.1 Windows 7, 8, 8.1, and Windows 10 x86 (32-bit) or x64 (64-bit) Internet Explorer 6.0 is no longer supported Cisco will not offer Windows XP and Vista as a supported operating system for present or future AnyConnect releases. AnyConnect is not supported on Windows RT. There are no APIs provided in the operating system to implement this functionality. Cisco has an open request with Microsoft on this topic. |
| Mac OS | OS Requirements | Mac OS X 10.8, 10.9, 10.10 and 10.11 Max OS X Support Notes Mac OS X 10.5, 10.6, and 10.7 are no longer supported by Cisco. AnyConnect requires 50MB of hard disk space. To operate correctly with Mac OS X, AnyConnect requires a minimum display resolution of 1024 by 640 pixels. Mac OS X 10.8 introduces a new feature called Gatekeeper that restricts which applications are allowed to run on the system. You can choose to permit applications downloaded from: Mac App Store Mac App Store and identified developers Anywhere The default setting is Mac App Store and identified developers (signed applications). AnyConnect release 4.1 is a signed application, but it is not signed using an Apple certificate. This means that you must either select the Anywhere setting or use Control-click to bypass the selected setting to install and run AnyConnect from a pre-deploy installation. Users who web deploy or who already have AnyConnect installed are not impacted. For further information see: http://www.apple.com/macosx/mountain-lion/security.html |
| Linux | OS Requirements | x86 instruction set. 64-bit processor. 32 MB RAM. 20 MB hard disk space. Superuser privileges are required for installation. libstdc++ users must have libstdc++.so.6(GLIBCXX_3.4) or higher, but below version 4. Java 5 (1.5) or later. The only version that works for web installation is Sun Java. You must install Sun Java and configure your browser to use that instead of the default package. zlib - to support SSL deflate compression xterm - only required if you're doing initial deployment of AnyConnect via Web launch from ASA clientless portal. gtk 2.0.0. gdk 2.0.0 libpango 1.0 or a compatible build such as package pangox-compat-0.0.2-2.el7.x86_64.rpm or pangox-compat-0.0.2-3.fc20.x86_64.rpm iptables 1.2.7a or later. tun module supplied with kernel 2.4.21, 2.6 |
| Web based installation of the sslvpn client utilizes either ActiveX (with IE) or Oracle Java to download and install the clients. Because of the numerous security issues that Java and ActiveX poses, it is highly recommended that users download the clients from the following web page and manually install them and not have to deal with Java or ActiveX. http://infotech.wsu.edu/NetworkService/VPN/VPN.aspx | ||
Installation Instructions for Windows, WinMobile, iPad, iPhone, OS X Linux, Ubuntu
Remote Desktop Instructions for Win, Mac, Linux, OS X to Win RDP, Win to Linux RDP
OneDrive
- OneDrive – What do you get?
- OneDrive Limitations
- OneDrive – Sharing Your Files and Folders with Others
- Accessing your OneDrive Files and Folders via a Web Browser
- Restore/View previous version of documents in OneDrive
- Add and sync shared folders to OneDrive
- Managing OneDrive Space and Sync Folders
Office 365
- Office 365 Applications – What do you get?
- List of Office 365 Applications Available by Device
- Co-Editing Word, Excel and PowerPoint files between Teammates
- Compatibility Matrix for Office 365 Click-to-Run and Visio/Project Standalone Installations
- Using Office Online via a Web Browser
- Deactivating Office 365 for a Windows PC or Mac