House VPN connects staff remotely

GCN photo by Darwin Weigel

Greg Roney shows off the SecurID card that generates passwords for logging on to the House of Representatives' VPN.

Greg Roney spent four months finishing up his bachelor's degree at Brigham Young University in Provo, Utah, but to the congressmen he worked for, it was as if he never left Washington.

Roney, systems administrator for Reps. Dennis R. Rehberg (R-Mont.) and Zach Wamp (R-Tenn.), kept working through the House of Representatives' virtual private network pilot.

Roney tapped into the office servers through the VPN using a SecurID card from RSA Security Inc. of Bedford, Mass., and VPN Client 3.5 software from Cisco Systems Inc. of San Jose, Calif. He installed the Cisco software on his IBM ThinkPad notebook PC and connected to the Internet through a digital subscriber line or cable modem.

"The pilot was pretty simple," he said. "It was pretty much just plug and play."

Roney, who now also works for Rep. Joseph Knollenberg (R-Mich.), is back in Washington, but he still uses his VPN connection to telecommute. In fact, he thinks so highly of it that he and two other systems administrators have convinced 10 staff members to install high-speed Internet access in their homes so they can tap into the VPN.

More signing on

Since the eight-month pilot ended in December, House members have slowly adopted the remote access capabilities. Reynold Schweickhardt, director of technology for the House Administration Committee, said 36 district offices and 172 staff members use the VPN.

Users can connect two ways. Staff members receive a credit card-sized SecurID card that generates a one-time password to log on to the network through a notebook or desktop PC. The ID card provides a different password for each session.

Many district offices are equipped with a Cisco VPN 3002 hardware client that lets users connect to the Washington servers. The Cisco hardware client lets up to 253 users connect, while a software client admits only one user.

The system came in handy after the October anthrax attacks closed congressional offices. Schweickhardt, who helped direct the pilot, said many members of the administrative staff continued to work by plugging into the House network. The VPN also made purchasing office equipment and other items easier when offices had to relocate.

Roney said he could back up and shut down servers from home using the VPN during the anthrax scare.

Schweickhardt said the biggest problem of the pilot was that some staff members' broadband connections'mostly cable modem hookups'did not support the IP Security protocol, the VPN's underlying encryption protocol.

Roney also found few problems.

"I've experienced more problems with the dial modem pool we used to have than with the VPN," Roney said. "The ease of use is the best measurement of the success of the system. I would walk through the initial configuration with some of my users, and from then on they were on their own. I didn't receive too many calls with problems."

The House is preparing to test two more programs through the VPN, Schweickhardt said. The first will let congressional staff in rural districts link to the VPN through a satellite connection.

The pilot will start with two people, and the total of those using the service may only be 20 or 30, he said.

On the docket: wireless

The program, starting later this month, will cost each office $149 a month per connection. Users will download data from the Web at 400 Kbps and upload at 128 Kbps, Schweickhardt said.

The House also is testing the security of wireless connections for devices running Microsoft's Pocket PC operating system to the House LAN via the VPN using Cisco Aironet 350 series access points and client adapters. There will be up to six access points in each House office building, and users must be within 200 feet of an access point.

"We want to make sure no one can break into the House intranet with a wireless connection," Schweickhardt said. "Ideally, we would like to get to the point where everyone connects wirelessly because the LAN provides higher-speed access."

The House also is considering technology such as Cellular Digital Packet Data wireless connection to the LAN, he said.

"We want to understand the best way to create a walking wireless environment instead of wiring all the hearing rooms," Schweickhardt said.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above