The Leibniz-Supercomputing Centre (Leibniz Rechenzentrum, LRZ) is the computing center of both Munich Universities of Excellence: Ludwig-Maximilians University and Technical University Munich and is a National Supercomputing Centre. The LRZ operates the Munich Scientific Network (MWN) for all universities and other research institutions in the greater area of Munich. MWN connects more than 130,000 users and more than 300,000 devices.

The structure of LRZ is different compared to many universities as we do provide services for several universities in the Munich area instead of only one university. The big ones, counted in VPN users, are:
Technical University of Munich tum.de TUM

• Ludwig Maximilian University of Munich lmu.de LMU
• HM Hochschule München University Of Applied Sciences Munich hm.edu
• Weihenstephan-Triesdorf University of Applied hswt.de
  and smaller ones.

In this presentation we would like to point out several aspects of eduVPN:

• Migration from another VPN service to eduVPN
• Operating eduVPN
• Upgrading eduVPN to a new major release

Migration from old VPN service to eduVPN

During the migration process we had to decide how to migrate from an existing VPN service with years of operational experience to a new service with hardly any operational experience. The old VPN service had features and requirements, some of them mandatory, some of them optional and a few not convertible to the new service. From end users' view the transition should be as smooth as possible and they should migrate as voluntarily as possible.

Operating eduVPN service

eduVPN has a flexible design to accommodate different use cases. We show what setup we chose for our servers, which operating system and which platform was the most appropriate. There were different authentication methods to choose from, each one with pros and cons.
Deploying, monitoring the VPN services and user management will be explained.

Upgrading eduVPN from version 2 to version 3

EOL announcements of eduVPN version 2 and interesting new features in version 3 of eduVPN, like WireGuard as additional VPN protocol, lead us to migrate the servers as soon as possible. We were facing the choice of the ideal date to switch, what could be done in advance and what had to be made during the migration. The goal was to keep downtime as short as possible. Several measurements had to be taken to mitigate the wave of support requests.

Resume

Switching to eduVPN proved to be the right decision. This VPN service covers the requirements for secure access to internal university resources. End user support did not show any unsolvable problems. The architecture of eduVPN makes it easy to add additional resources. The support of the eduVPN developer team lead to quick and satisfying problem solutions.