This is a message primarily focused on those who are working from off-site, and who are accessing internal university systems that are not publicly available. Those services include Banner, Argos, on-premises network shares, and a number of other administrative systems. Basically, anything that you can’t access off-campus without the VPN or VDI.
There is some confusion about what these tools are, and which tool is best for which situation. We wanted to clarify some of these issues.
Virtual Private Network (VPN)
What is a VPN?
A VPN is a service that creates a secure, encrypted connection over a public network like the Internet. People use them for accessing resources they are not otherwise able to access from their regular network connection, or to limit who is able to see their network traffic.
There are two types of VPNs - those marketed towards individuals, and those targeted towards companies and organizations.
For the most part, the ones marketed towards individuals are advertised to consumers as a way to hide their traffic from their Internet Service Provider (ISP) such as their home ISP, their cell service provider, or even when on public WiFi. This doesn’t prevent the VPN provider from having access to that traffic though (so it is a matter of who do you trust more - your ISP or your VPN provider)
The ones targeted towards businesses and organizations like New Paltz are the focus of this article. The New Paltz VPN service is one method used by some to get access while off-site or on a wireless network on-campus to services that are not publicly accessible. Our VPN is meant to ensure that authorized individuals are able to access the services and systems that they need - based on the access controls set for the user or a group they are in. For example, our VPN will allow a user authorized to access Argos to do so while off-campus.
How is the New Paltz VPN handle network traffic?
As of Fall 2025, New Paltz currently uses Palo Alto’s Global Protect system. As of January 5th, 2026, it will be our sole VPN service, since we will be shutting down our legacy Cisco Secure VPN service.
When a device is connected to the New Paltz VPN, any traffic that is destined for a New Paltz hosted system or services is routed through an encrypted VPN tunnel and is then treated as if that device is on-campus. Any traffic that is destined for a non-New Paltz service (with a few exceptions like some other SUNY traffic) still goes out through your regular ISP – the same as if you were not using the VPN.
Virtual Desktop Infrastructure (VDI)
What is VDI?
VDI gives people access to a virtual desktop in our private cloud environment. This can be to give people access to applications that they may not have on their personal computers, or it may (like the VPN) be used to gain access to services that are not publicly accessible off-campus or on wireless networks on-campus.
How is the New Paltz VDI service set up?
The New Paltz VDI service is set up with a number of different images - each providing different applications/services. Some are only accessible by certain groups (for example, only those with access to Banner or Argos will see some of these images, while others will only be accessible to students or faculty/staff in certain majors or departments.
Which one should I use?
The answer depends on a number of things:
-
What is your role at the university?
-
What are you trying to do?
-
Are you trying to access an application that you do not have on your computer? Then the VDI is the appropriate tool for this.
-
Are you trying to access a web site or service that is publicly accessible without the VPN or VDI? If so - you probably don’t need either of these tools.
-
Are you trying to access things from a university issued device, or a personal device?
-
In general, we recommend the VDI for personal device access.
-
If you are a faculty/staff member regularly working from home and do not have a university issued laptop, you should talk to your department about that. If you do have a laptop and are working from home, we recommend that you bring your laptop with you and use the same device when at home or at work - using the VPN.
-
Which is easier/simpler?
-
The VDI is easier and simpler to use. Less to troubleshoot, less configuration, and no software needs to be installed (you can access it via a web browser - you don’t need the installed Omnissa installed version).
-
We are not able to provide technical support for people’s personal devices with the VPN and there are far less technical issues involved in using the VDI as no extra software is needed (just a web browser for VDI).
What about privacy/security concerns?
-
The VPN requires installation of the Palo Alto Global Protect software on any device using it. The application does collect information on the connecting device such as operating system info, whether or not anti-malware software is installed, and more. This can be used (for example) to prevent out-of-date operating systems from connecting to the VPN, but some may have privacy concerns about this telemetry on your personal devices.
-
The VDI does not require any software to be installed. It has an installed version, but can also be accessed via a web browser.