What is a VPN?
A VPN is a secure connection that can be made between a computer (such as a user's computer at home or on the road) and a protected or private corporate network (such as Lehigh's campus network), using an otherwise insecure public network (such as the Internet). Data that is passed over the public network is encapsulated (wrapped up) and encrypted (translated into a secret code) so that it can't be intercepted or tampered with. Passing data through a network without letting the network actually see the data like this is a process known as tunneling. In effect, the connection works just as if the computer were connected to the protected network by its own private wire with a point-to-point direct connection. Thus the name VPN, which stands for virtual private network.
When a VPN connection is made between a computer and a Lehigh VPN server, that computer essentially functions as if it were actually on-campus, inside the campus firewall that protects the campus network from the Internet, even though physically that's not true. This lets it access services and perform functions that an off-campus computer normally would not be able to do.
Why use a VPN?
Not everyone needs to use a VPN. Even those who do need to use a VPN typically do not need to use it all the time. There are specific things you need to use a VPN for. Here are some examples:
Accessing LAN drives. Getting to the shared network file space on Active Directory from off campus, whether this is your own "home" space (usually referred to at Lehigh as your "H:-drive"), someone else's public LAN space (the "public" folder within someone else's H:-drive), or departmental common space (referred to at Lehigh as the "I:-drive") requires making a VPN connection. (Note that this is just a required first step; the VPN makes it possible to connect to these shared spaces, but it doesn't actually make the connection.)
Remote desktop access. Using a personal computer from off campus to log into your Lehigh office computer that is on campus requires making a VPN connection. (Again, this is necessary, but not sufficient: you also have to have previously set up the on-campus computer to allow remote connections, and you actually have to establish that connection after you have connected via the VPN.)
Accessing "hidden" systems. Some systems, such as the High-Performance Computing (HPC) systems or the Virtual Public Site (VPS), are not directly accessible from off campus. In order to reach them, you need to make a secure connection to a system within the Lehigh firewall first. A VPN connection is generally the easiest way to accomplish this.
Enhanced library research. Lehigh's library services include not only Lehigh-owned resources that are provided by on-campus servers (such as the library catalog, ASA), but also a number of resources that are provided by various external vendors. These vendors use your computer's identity on the campus network (its IP address) to validate that you are allowed access to their resource. By making a VPN connection before accessing library resources, you ensure that your computer looks and functions as if it were on campus, including helping inter-resource references (such as SFX) and other services (like RefWorks) to work smoothly.
Some things that you do not need a VPN for include: general web browsing, whether you are looking at Lehigh web sites like the Lehigh portal or Banner, or external ones like Google, Wikipedia, YouTube, Amazon, or others; checking your Lehigh or external e-mail, whether via webmail or Thunderbird; voice over IP services like Skype; instant messaging; networked services like iTunes; and any other task that does not require access to a protected network resource at Lehigh. Basically, if it isn't one of the specific tasks listed above that you need a VPN for, you don't want to use a VPN, because the extra work required to encapsulate and encrypt your data will slow everything down.
Note: There is one possible exception to the guidelines just stated about when not to use the VPN. If you are travelling with a computer, and you are at a location (such as an airport lounge) that offers unsecured (open) wireless access, then there is a risk that someone on the same wireless network could intercept session information from web sites you might use (such as Facebook) that do not encrypt traffic when you are logged in. In this case, you could gain a degree of security by using the VPN--but only if you use full tunneling (i.e., the "Library Resources" access method; see the VPN access method guide for details). WARNING: If you select the "General Access" access method when using the VPN this way, you are not protecting access to anything except sites at Lehigh itself; Facebook, Google, and other such sites are just as vulnerable as if you weren't using the VPN at all.