Post on 11-May-2015
description
The NOC Customer Portal
What is the NOC Customer Portal?
What is the NOC Customer Portal?
o It’s a set of web applications and tools…
What is the NOC Customer Portal?
o It’s a set of web applications and tools…
o that offer transparency and push “self service” to customers…
What is the NOC Customer Portal?
o It’s a set of web applications and tools…
o that offer transparency and push “self service” to customers…
o in a secure, verified, and granular way.
Is it laziness to push network administration to users?
Is it laziness to push network administration to users?
o A little.
Is it laziness to push network administration to users?
o A little.
o Another word would be “efficient.”
Is it laziness to push network administration to users?
o A little.
o Another word would be “efficient.”
o It’s also more convenient for users.
Is it laziness to push network administration to users?
o A little.
o Another word would be “efficient.”
o It’s also more convenient for users.
o AND it increases security.
Is it laziness to push network administration to users?
o A little.
o Another word would be “efficient.”
o It’s also more convenient for users.
o AND it increases security.
o AND in most cases, the user also gets immediate results.
Is it laziness to push network administration to users?
o A little.
o Another word would be “efficient.”
o It’s also more convenient for users.
o AND it increases security.
o AND in most cases, the user also gets immediate results.
o In other cases, it shortens cycles by removing ambiguity.
Is it laziness to push network administration to users?
o lets the computer do what it’s good at, but people are not
What are some tools on the NOC Customer Portal?
o Email aliasing
o VPN accounts
o DNS
o MAC tracking for stolen devices
o many others!
How about stuff where we need babysitting?
How about stuff where we need babysitting?
o ACLs
How about stuff where we need babysitting?
o ACLs
o Access Control List
How about stuff where we need babysitting?
o ACLs
o Access Control List
o rules that allow/deny access on the network
How about stuff where we need babysitting?
o ACLs
o Access Control List
o rules that allow/deny access on the network
o ACLs are confusing!
An Example
o staff member who works at GSD
o network admin
o authorized to make ACL requests
o wants to open web access to frankgehry.gsd.harvard.edu (128.103.174.100)
The old way:
① emails request to NOC
② NOC receives request
③ NOC evaluates request, may pass off to SOC for approval if host is on their network, probably need to seek clarification from customer
④ eventually, NOC carries out request
⑤ NOC notifies user
Why that stinks:
o slow
o “social engineering”
o guaranteed to spend cycles seeking clarification (ACLs are complicated!)
o multiple staff members needed
o changes go into a black hole
o easy to miscommunicate (ACLs are complicated!)
o no transparency into existing ACLs
The Portal way
o parse all network device configurations into database
o make available via “ACLadmin” on the Portal
o instantiate all business rules and technical logic in that
o let’s take a look…
Why that doesn’t stink:o authenticated
o validated
o no NOC staff time needed until time to evaluate/add
o automatically logged
o easier than vendor GUI
o not immediate, but quicker
o have zone control
o pre-vetting for format & redundancy (complexity control)
o transparency
o vendor neutral (new!)
o let the computer do what it’s good at and humans aren’t
The future
o more of the same
o refresh existing apps for new technology
o APIs for automation (VPN/DHCP now, ACL/DNS to come)