OIT dual campus logo
**Originally Sent Friday, February 1, 2019**

OIT is excited to launch our new, secure Virtual Private Network (VPN) process! This new process puts Multi-factor Authentication (MFA) in place to protect your credentials and help keep cyber criminals out!

MFA strengthens our login process by adding another layer of security using something you have (a mobile device or landline), something you know (you know your university password, right?), and somewhere you are (on or off campus). MFA protection is the same type as that currently used by many banking institutions.

As faculty, students and staff on the Anschutz Medical Campus and CU Denver, this new VPN is available to you if you currently use VPN or want to start!

What the new VPN process looks like
The new VPN system uses Palo Alto’s Global Protect client (which replaces the current Cisco AnyConnect client) and Duo Security for MFA (registration and mobile app).

To use the new VPN system:

  1. Ensure that you are connected wirelessly, not on the CU trusted network (you cannot connect when docked or on CU Denver or CU Anschutz wireless networks).
  2. Install Duo Mobile on your mobile device, if authenticating via mobile.
  3. Register your Apple, Android or Windows device, or your landline.
  4. Install the new VPN client to replace the current Cisco AnyConnect.

While the new registration process takes a few minutes to complete, it’s fast and easy to connect to the new system once registration is done.

While you do not need to install the Duo mobile app if you don’t want to use your mobile device, you do have to register at least a landline phone number (i.e., your work or home phone) with Duo to use VPN.

Your questions answered
We know you have questions. Here is what you need to know about the most asked questions we’ve had so far.

Q: Do I have to make the switch immediately?
No. OIT will keep the current AnyConnect client active until Friday, March 29. After this date, you must use this new CU Secure process, including the Global Protect VPN client and Duo Security.

Q: Do we have a VPN access portal for each campus? 
Yes, each campus has its own VPN portal. These are dc-vpn.ucdenver.edu and amc-vpn.ucdenver.edu

Q: From where can I connect to my VPN access portal?
You can connect from any remote location that is not on the campuses’ trusted or wired networks. These include guest wireless, your home office, Starbucks, the mountains, the beach, etc. Note that some locations/businesses do not allow VPN use.

Q: Is there a mobile client for all devices? 
Yes. Duo Mobile exists for Android, Apple and Windows devices.

Q: Do I have to use a mobile device to authenticate to Duo?
No. You may also register a landline phone, like your office or home phone, and Duo will call you on that device to authenticate.

Q: Can I register my work or home email to authenticate to Duo?
No. Duo requires a landline phone or mobile device (smart phone or tablet) to perform multifactor authentication.

Q: Is VPN the only service that will get MFA? 
No. VPN is the first of four critical remote access systems where we will be implementing MFA to protect your credentials and CU data. Virtual Desktop (VDI) is in the works, followed by UCD Access (the CU Portal) and Office 365 (including your email). Watch for future communications from OIT for when these projects will move forward.

Haven’t answered your questions or need help installing CU Secure for VPN? Here are your go-to resources.
Here are some resources to help you make the move to CU Secure.

Thank you for being an active participant in keeping our university safe from cyber criminals! Get yourself set up on CU Secure for VPN right away!

Office of Information Technology
University of Colorado Denver | Anschutz Medical Campus
ucdenver.edu/oit | 303-724-4357 (x44357)
New CU Secure for VPN system and process