70 likes | 188 Views
Network Services Update. Bruce Campbell Director, Network Services Information Systems and Technology January 14,2011. Network Management. IST responsible for campus network management as of January 1, 2011 Monitoring Repair/replacement of failed equipment Expansion
E N D
Network Services Update Bruce Campbell Director, Network Services Information Systems and Technology January 14,2011
Network Management • IST responsible for campus network management as of January 1, 2011 • Monitoring • Repair/replacement of failed equipment • Expansion • Evolution of services in consultation with stakeholders • Time and materials charges for network cabling • IST funds incremental expansion of network, and is responsible for seeking funding for major campus network upgrades as needed. • Network equipment for new buildings and major renovations charged to building/renovation project.
Firewalls • The University’s networks are generally open and not firewalled. • Several firewall deployments do exist: • Juniper SRX firewalls for point of sale devices in SLC and SCH • Juniper SRX firewall cluster for IST machine room • Sonicwall in Civil Engineering • Juniper Netscreen in Computer Science
Firewall Support • IST supports the Juniper SRX product • Civil Engineering : proposing replacing Sonicwall with small SRX or ACLs on router • Computer Science : preparing to deploy used SRX 650’s coming out of service from wireless NAT (larger units being deployed for wireless NAT)
Firewalls • Consult with IST IT Security group • Firewalls are needed in some cases for PCI compliance, or as recommended by auditor. • Provide a layer of security. • Little apparent correlation between compromised systems and firewalls (or lack thereof) – difficult to measure effectiveness. (hard to say what didn’t get broken into) • Many compromises are related to phishing, malware – difficult to address. • Can add complexity and cost, and impact service (ease of use). • Consult with IST IT Security group !
Campus VPN Service • Campus project, lead by Trevor Grove of CSCF, to select a VPN solution for faculty, grad students and staff. • To provide simplified/secure access to some applications, from off campus, as needed. • Looked at Cisco, Juniper, Microsoft and open source. • Cisco ASA 5540 chosen. • Procurement of redundant pair in progress, IST to begin implementation within a month. • Expecting 100-500 users.
IP Addresses • We are running out of subnets ! • The University has 65,536 public IP address available (129.97.0.0/16) • This is generally broken into 256 subnets of 256 addresses each (with exceptions) • Only 14 such subnets left (5%) • We expect to be out of subnets by the end of 2011, as each new building will require several subnets. • A major campus effort is needed to optimize use of the campus IP address space. Discussions have started at CTSC and CNAG. • Technical effort is not difficult, but it can be time consuming. • Involves changing IP addresses on computers, working with end users.