Friday, June 19, 2009

Coming soon: Proxy changes for licensed database access


Proxy changes for licensed database access
The UW Libraries are changing how we manage access to our online, licensed resources from campus computers. These changes have already been implemented for our library computer networks and now it's time to implement them for the rest of campus.

In order to better control access and remain in compliance with our license agreements, beginning on July 1st, all links from our http://library.wisc.edu pages to licensed, e-resource links, will be routed through our proxy server. For computers within the campus IP space, this routing will occur without the need for any user authentication. The only thing you will notice is a URL with an "ezproxy" string embedded in it. Computers outside of the campus IP space route through the proxy as they do now, with a need to authenticate with a valid NetID and password.

Users who have direct links or bookmarks to licensed resources, such as http://www.sciencedirect.com from campus computers will continue to be able to do so in the short term, but eventually as we notify vendors to only accept sessions from our proxy server IP address, they will be denied.

The most reliable way to maintain access to resources is to access them via our library web pages where all appropriate proxying is automatic. We do however realize that some users will wish to use direct links to licensed content. In order to facilitate this, we will be promoting a simple "bookmarklet" that will insert the proxy string into any URL. Users will be able to easily insert the proxy string using this bookmarklet and then create new bookmarks for future use. Information on this "bookmarklet" can be found at: http://www.library.wisc.edu/off-campus/#what-is-it

Why are we making this change?

The main reason we're making this change is because of the increasingly dynamic nature of the campus IP space and the proliferation of VPNs. With our current system if there are changes to the campus IP range (for example, an extension of a campus subnet to Research Park) or creation of VPN ranges, we must communicate it to hundreds of resource vendors. By bringing IP control back to our proxy server, we can make the changes locally (forcing authentication or not) and only require our vendors to allow sessions from the few proxy server IPs.

Why is this so complicated?

The main complicating issue is the way in which we license resources. The vast majority of them are licensed to allow anybody to use them while physically on the UW campus. In addition, any staff, faculty or student may use them from anywhere. So, we use a proxy server to confirm if a user is on campus, and if they are not, we force them to login to ensure they are staff, faculty or students.

Please let us know if you have questions or concerns about any of these changes, or if problems arise with resource access.