Enhanced VPN Connection for Users in Mainland China

by Cyril Ha

Due to the recent COVID-19 breakout, many foreign students have been forced to return home to continue their study via online learning.  With the huge demand for remote access to the CityU campus network, the Computing Services Centre (CSC) has been working hard to enhance the capacity of the Virtual Private Network (VPN) within a very short time.

Although the enhancement can satisfy most students’ needs, the CSC received feedback from staff / students in Mainland China that they experienced poor performance when accessing CityU’s systems via the VPN Service, which affected their learning.  Even worse, since students needed to take examinations online, the unstable VPN connection from Mainland to CityU had caused problems for them.  To rectify the situation, the CSC has worked with several Cloud providers and carriers to develop a solution that can provide stabler VPN connectivity from Mainland to the university, so that staff and students can conduct e-learning, research, and online examinations smoothly.

Solution Description

A Virtual Private Circuit (VPC) is set up to provide stable network connectivity between the Cloud provider’s Point-of-Present (POP) in Mainland and that in Hong Kong.  And for each Hong Kong / Mainland POP, a Network Address Translation (NAT) Gateway has been set up.  CityU staff / students in Mainland will connect their VPN clients to the NAT Gateway in Mainland (now at Guangdong Province), and their VPN traffic will be forwarded to the NAT Gateway in Hong Kong via the VPC, and subsequently to the VPN Gateway at CityU.

Diagram below illustrates a high-level design of the NAT Gateway, Virtual Private Circuit (VPC) and the CityU VPN Gateway.



Solution Highlights

The dedicated VPN Service is subscription-based and no additional hardware / software is required.  Since staff / students in Mainland are accessing directly to the VPN Gateway at CityU, they can use their EID and password to login the VPN Service.  Security policy can be pushed to the VPN client software running on remote user’s desktop / notebook via the CityU VPN Gateway to enforce access and application control for security compliance.

With the highly elastic nature of cloud technology, the dedicated VPN Service can scale up or down easily based on demands and align with CityU’s seasonal needs.  Furthermore, the Cloud provider can provide real time traffic usage and utilisation reports for monitoring.



Latest Development

A pilot run of the dedicated VPN Service has started in early May 2020 to improve online learning experience for students residing in China as well as staff who frequently travel to Mainland China.  Upon receiving positive feedback from users, the CSC will officially launch this service to all users by end of August 2020.