Hosted EZproxy FAQ

Do we have to make changes to our firewall to accommodate Hosted EZproxy?

Depending on the authentication method you use (e.g. LDAP/Active Directory), you may need to open your institution’s firewall to your Hosted EZproxy server.

How does authentication work with Hosted EZproxy? 

Though EZproxy is not an authentication method in itself, it can work in sync with your institution’s local authentication system. See Authenticate Users for more information.

Can Hosted EZproxy support multiple authentication methods on one server?

Yes.

Can Hosted EZproxy allow access to different resources for separate groups of users?

Yes, though currently, EZproxy cannot allow separate Groups access to discrete resources on a single platform (e.g. EBSCO). See Groups for more information.

Does Hosted EZproxy allow use of Proxy by Port?

No. All Hosted EZproxy instances are configured to use OCLC’s recommended configuration of Proxy by Hostname.

If a user changes his/her password in our local authentication system, will that impact Hosted EZproxy?

Hosted EZproxy connects with your local authentication system in real time, so any password updates are effective immediately. If Hosted EZproxy does not connect directly with your authentication system and instead you provide us with a file of usernames and passwords, any password updates will not take effect until we receive an updated file.

Is there an estimated cost if, after a few years, we decide to change our authentication method?

Depending on the complexity of the request, there may be additional charges on top of your annual subscription.

We use CAS authentication. What changes do I need to make to CAS to accommodate Hosted EZproxy?

Your CAS server must permit access from Hosted EZproxy services, which are https://SITENAME.idm.oclc.org and https://login.SITENAME.idm.oclc.org. Once access is provided, we will need your login URL, service validate URL, and user credentials for testing. For more information, see Central Authentication Service.

Will our Hosted EZproxy server be assigned a permanent, static IP address we can share with our e-resource vendors?

Yes.

How can Hosted EZproxy be implemented?

Please allow 5 weeks for implementation from return of your completed questionnaire and order form. This time could potentially vary depending on your site’s complexity and overall order volume.

How do I modify EZproxy configuration files (config.txt and user.txt) in the Hosted environment?

Configuration file management is included as part of the Hosted EZproxy service. You will not have direct access to the server to edit configuration files. After implementation, you will either request changes by contacting OCLC Support, or we can set up self-service SFTP access for you to upload updated configuration files (see next FAQ).

I have a lot of experience modifying EZproxy configuration files. Will I have a way I can continue to do so in the Hosted environment?

Upon request, we can set up self-service SFTP access to your Hosted EZproxy server so that you can upload updated configuration files. If you choose this option, you are responsible for all basic changes to your configuration files.

If I am using text file authentication, how often can I upload a new file of usernames and passwords?

You can do this as often as you like. Our server automatically sweeps the upload area every 15 minutes and deploys any new files to your Hosted EZproxy site. Each new file completely overwrites the former file.

Can I get a free trial of Hosted EZproxy?

No, but after initial implementation you have 3 weeks to test your site. If you decide not to subscribe to the service at this point, you would not need to pay the annual subscription, but you would still be charged the implementation fee.

Will I be able to use a site name on our institution’s domain for our Hosted EZproxy server?

Yes, but you will be responsible for purchasing and renewing a wildcard SSL certificate for your institution’s domain to be installed on your Hosted EZproxy server. You will also be responsible for any necessary DNS changes upon cutover to Hosted EZproxy. Should you choose this option, OCLC will provide you with more details.

Will we have access to the admin interface of our Hosted EZproxy site?

Yes, upon request.

The Hosted EZproxy Terms and Conditions prohibit “excessive” use of bandwidth on OCLC’s network. What is considered “excessive”?

We don’t use a precise number to define “excessive.” Network bandwidth is managed across our server environments. We consider an institution’s consumption “excessive” if it affects other institutions. We don’t anticipate bandwidth problems from normal usage, even from the largest institutions.

How does problem reporting work? Would patrons be able to report problems directly to OCLC, or would they report those to local administrators and then we'd troubleshoot and/or forward them to OCLC?

We prefer that patrons continue to contact local administrators, who then contact OCLC Support as needed.

Let's say we start with the hosted service, and then later decide to host it locally. Would we be able to get a discount on the software? Would we have to rewrite all of our links?

No, you would not receive a discount in this scenario. If you were to decide to move from hosting to local deployment, we would give you all the configuration files from the hosted server necessary to configure and run your local server. The DNS name of your locally deployed proxy server will most likely be different then the hosted server, so you would need to update links in your catalog, website, LibGuides, etc., accordingly.

What is the turnaround time for configuration changes we submit?

For basic changes, our goal is 48 hour turnaround, but this can vary depending on the quantity and complexity of the changes.

During implementation, can we run our current proxy server in parallel with Hosted EZproxy?

Yes, you can run both systems in parallel as you set up the new server. You would then register the IP address of your Hosted EZproxy server with your e-resource vendors and cut over to the new service when configuration is complete.

Does OCLC supply the SSL wildcard certificate for our Hosted EZproxy server?

OCLC supplies the SSL certificate for the OCLC-supplied domain name (https://SITENAME.idm.oclc.org). If you are using a custom domain name, you are responsible for providing that SSL wildcard certificate.

What kinds of reporting and usage statistics are available for the Hosted EZproxy service?

We make available your HEZP site’s daily log files as well as monthly summary usage reports. Information on how to access these files will be sent to you at the end of implementation.

Will my local on-campus users have to log in via EZproxy?

If you provide us with a range of IP addresses for your on-campus community, we can configure your Hosted EZproxy server not to ask users coming from those IP address to authenticate. You can also force all users to authenticate, whether on- or off-campus, if you wish.