Check out our Managed Proxy Service FAQ.
What is the OpenAthens Managed Proxy Service?
The OpenAthens Managed Proxy is a fully-managed service utilizing infrastructure geographically located close to customers around the world. This proximity ensures a faster and more reliable service for our users.
Our teams have been working hard to extend the initially UK-based infrastructure to many other regions across the globe, including Asia, Oceania and North America. We have built the necessary infrastructure, and automation, offering not only a path to the future through federated authentication but also a top-class managed proxy. We strive to provide our customers with an excellent experience.
What is the difference between a managed proxy and an IP proxy?
Some web-rewriting proxy services offer locally installed versions that can be hosted and configured by the institution, this is what we call an IP proxy. A managed service is the same in principle. However, the benefit is that it is hosted and configured by the proxy provider.
A managed proxy solution reduces administration efforts within the organization and allows for potentially quicker resolutions to problems. An example would be a vendor that updates its site, causing access or functionality issues and effectively breaking via proxy. With a managed proxy, the fix can be applied once globally by the provider, rather than each institution needing to manually fix the issue separately on its own.
What is the difference between federated access and proxied access?
The primary difference is that federated solutions use open standards and common protocols like SAML and OIDC, whereas access via a proxy primarily relies on IP recognition through the rewriting of web-content within the proxy server.
Regarding personalization within a vendor platform (e.g. bookshelves, CPD/CME continual professional/medical development credits, saves searches etc.) federated access achieves this by passing an opaque unique user identifier to the vendor. This eliminates the need to share additional user information. On the other hand, with proxied access, there are no user identifiers, so users need to manually register for and sign in with a personal account on each vendor’s website.
With proxy solutions, users looking for personalization features must share more personal data to third parties. These solutions can be more unstable and difficult to manage. The advantage of a managed proxy like OpenAthens is that we ensure everything runs smoothly for you.
What is a forward proxy?
Proxy services are split into two parts: the web rewriting part; and the IP address part. By utilizing the forward proxy element, an institution can use their own IP address instead of being assigned one from OpenAthens’ pool.
With our managed proxy, we will continue to manage the proxy configuration rules for rewriting vendor sites. However, by using the forward proxy and your own IP address, we can speed up onboarding if vendors already have your IP on file, and significantly improve performance by aligning the communication between the user and the vendor geographically.
Could you detail the migration process for those moving from EZProxy?
There are two options to move to our managed proxy. We can either assign you a proxy IP address from our pool of IP’s or you could utilize our forward proxy to use one of the IP addresses you already own. This would entail setting up a Squid instance within your institution. This is nothing more than a proxy that reduces bandwidth and improves response times by catching and reducing frequently requested websites.
Our migration process is straight-forward, and you will have our support team by your side:
- Complete with your account manager a proxy migration order form
- We assign you a migration specialist who will oversee your transition with full support from our technical team
- We start by enabling the Managed Proxy Service for your institution
- Your institution provides us with a list of the resources on your EZProxy instance for us to analyze e.g. Identify which ones need to be setup and those that already exist within the OpenAthens Managed Proxy Service
- We allocate the relevant proxy resources to your account, so that they appear in your OpenAthens resource catalogue
- If your institution is using an OpenAthens proxy IP address, your institution will need to contact all the vendors to provide them with an additional IP. If using the forward proxy this would not be required as they will already have your IP
- You can test access to the proxy resources using your proxy prefix, or you could test all your resources using Redirector links. This will test both proxied and federated resources and is useful for the next step
- Update any links to resources. E.g., Library portal, discovery service, link resolver, lib-guides etc.
- Once you are happy that everything is working, you can switch off EZProxy
- Welcome to OpenAthens!
What are the expected timeframes? Is there flexibility around the timeframe and migration date?
Turning everything on and allocating the resources will not take too long. However, testing and link updating will take more time, and you can choose whether to test and migrate links in phases or, if you prefer, do it all at once.
The additional consideration around timing is whether you use the forward proxy or not. If you use it, you should not need to contact vendors. If you are using an OpenAthens IP address, you would need to contact all of the vendors.
There is flexibility around the timeframes, and you could agree the preferred one with your implementation specialist. This will be discussed in a kick-off call at the beginning of the migration project.
Is there a flat fee for migration or do you charge per resource?
There is no charge per resource, but there is a set-up fee for a proxy migration to cover the management and implementation of the new proxy solution. This fee already includes an implementation specialist who will work to ensure a smooth transition, Our specialist will oversee your project, agree timelines, set up the new links and liaise with publishers.
Please contact your account manager to find out more information and arrange your migration.
Are the security rules for connections fixed, or can they be adjusted?
Due to it being a managed proxy service, the security settings are the same for all OpenAthens organizations. Misuse monitoring is enabled on the core OpenAthens service but there are no additional settings within the proxy service itself. Misuse detection includes multiple logins from distinct locations.
What is the offering on resource usage reporting? Is it included in the cost?
The subscription to OpenAthens includes access to a reporting tool. OpenAthens records when a user is transferred to a resource, we do not record the number of downloads or access attempts to specific content within a resource. Resource usage statistics can be viewed in the Reports dashboard and are therefore included in the subscription. If you want to consult your usage statistics, you can access them directly from https://reports.openathens.net or through the admin area under Statistics > Reporting.
We have a complicated EZproxy group structure, can we replicate this, and would this be adjustable going forward?
To know if your group structure can be replicated, we would need some information on what your existing structure looks like and what are the groups, for example, for statistics, or restricting access. There are methods to manage both in OpenAthens, such as turning on the restrictive mode within the admin area, so OpenAthens will block the transfer to a resource if it is not in the users’ permission set. You can also map in data from your local directory to a reportable attribute to get stats by group.
Do you offer Microsoft Azure authentication?
The OpenAthens Managed Proxy Service is built into OpenAthens. This complete solution allows it to be treated similarly to federated resources, meaning you can sign in to OpenAthens using Azure and then access both federated and proxied resources via OpenAthens.
What support do you offer and what kind of SLAs are in place?
The proxy is under all the same SLAs as the rest of the service. We have a 92% customer satisfaction rating, and our service desk works between 02:00-22:00 UK time, with teams of specialists present in Singapore and the UK.
How are the proxy resources or stanzas managed?
OpenAthens aims to remove barriers to knowledge and therefore offers a fully managed service. This means that we manage all the proxy configurations (known as stanzas in EZProxy). To make changes, you can request them via our customer support ticketing desk.
What user data would the service store and for how long?
Our managed proxy service does not store any user data as it is not required.
Is there Multi-Factor Authentication in place for Admin access?
Multi-Factor Authentication (MFA) is in place for all OpenAthens administrators. However, administrators do not have access to manage the proxy resource configurations directly.
Does the service have regular security penetration testing?
Yes, the entire OpenAthens service undergoes penetration and remediation testing at least once a year.
Do you have any other questions we have not covered here? Contact our account managers team and they will be happy to help you with any question.