Frequently Asked Questions about GlobalProtect VPN
What’s Happening?
As part of BCIT’s ongoing technical infrastructure refresh, both myVPN (used by students and employees) and AccessAnywhere (used by employees) are being replaced with GlobalProtect VPN.
VPN is an acronym for ‘Virtual Private Network’. A VPN is a means of extending a private network – in this case, BCIT’s on-campus network – across a public network – the internet, using various internet service providers – to the user’s local network – home internet access, phone tethering, public coffee shop wifi, etc. Using a VPN provides a user with better security and authentication when accessing resources on the private network.
GlobalProtect VPN is a Virtual Private Network (VPN) solution from Palo Alto networks. This new VPN is replacing the existing myVPN and AccessAnywhere VPNs to become the single primary VPN solution at BCIT.
Yes, BCIT requires Multi-Factor Authentication (MFA) when connecting to the GlobalProtect VPN. Similarly to the normal BCIT login process.
MFA is now enforced at BCIT – MFA helps protect your account and BCIT’s network by adding an extra layer of security. Even if your password is compromised, unauthorized users won’t be able to access the VPN without your multi-factor authentication.
To learn more about MFA at BCIT, please refer to the articles for Faculty & Staff and Students.
The primary difference between GlobalProtect VPN, myVPN, and AccessAnywhere is with GlobalProtect and the addition of Multi-factor Authentication (MFA) integration and a updated ‘login’ process; bringing the VPN login inline with the rest of the BCIT login experience. This process is similar to the other systems logged into by students, faculty, and staff.
For contractors and staff who use Access Anywhere for specialty support or management this ‘new’ login process will be the largest change due to how Access Anywhere currently authenticates users. For more information on what this means for contractors please see the “Contractor and Speciality Access” portion of this article.
Reference Login Process:
Standard BCIT Login Page:
Staff MFA Prompt (similar to Student MFA):
What does this mean for me?
When GlobalProtect becomes available myVPN and Access Anywhere will no longer be usable, meaning Faculty, Staff, Students and Contractors will need to uninstall myVPN and remove the Access anywhere configuration – and begin using GlobalProtect. Instructions on this process will be made available closer to release.
For BCIT Managed devices, myVPN will be automatically uninstalled and GlobalProtect VPN will be installed.
For Bring Your Own Devices (BYOD/Personal), users will need to manually uninstall myVPN and install GlobalProtect VPN.
For Faculty, Staff, Students and Contractors GlobalProtect will require Multi-factor authentication (MFA). This will function identically to the existing MFA process already in place for Students and Faculty/Staff.
Supported Operating Systems and availability
GlobalProtect, like myVPN, will be a downloadable application and instructions for its installation and use for students will be added here in the Knowledge Base. For faculty and staff, it will also be made available either via the Company Portal for Windows or Self Service Application for MacOS.
At BCIT, GlobalProtect will only be compatible with Windows or macOS devices. Devices running on Android, iOS, ChromeOS, and Linux will not be compatible, even with the versions of GlobalProtect that are available for those operating systems.
Similarly to myVPN, GlobalProtect VPN will use “split-tunneling” which means that when you connect to common places in the internet such as google, or other websites (Non-BCIT), you will be using your own internet connection. The split occurs when you connect to BCIT web resources and network resources such as shared network drives, printers, or other BCIT systems, GlobalProtect VPN funnels that connection through the established VPN tunnel to BCIT to allow connectivity to BCIT’s internal network.
The switch from myVPN and AccessAnywhere to GlobalProtect VPN will be a phased rollout starting prior to Fall term start.
Students
The switch from myVPN to GlobalProtect VPN for students is expected to happen prior to the Fall term start.
Faculty, staff, and contractors
The switch from myVPN and AccessAnywhere to GlobalProtect for BCIT faculty, staff, and contractors is expected to begin prior to Fall term start. Announcements will be posted in the BCIT Intranet in advance of the change.
For contractors and BCIT staff who support systems that previously required special access through Access Anywhere (AA) – the largest change will be the addition of multi-factor authentication during the VPN logon process.
Currently, when logging into a AA there is no prompt for MFA.
With GlobalProtect (GP) when connecting to GP users will be be prompted for MFA. For some specialty support users they will receive two MFA prompts.
When using their normal account to login into GlobalProtect. (Soon to be Microsoft Authenticatior)
When using their specialty account to log into a secure server resource. (DUO MFA)
Contractors will be enrolled in MFA and provided instructions on how to set it up during their account creation and on boarding process.
