Network Services Update

Bruce CampbellDirector, Network Services

Information Systems and TechnologyJanuary 14,2011

Network Management

• IST responsible for campus network management as of January 1, 2011– Monitoring– Repair/replacement of failed equipment– Expansion– Evolution of services in consultation with stakeholders

• Time and materials charges for network cabling• IST funds incremental expansion of network, and is

responsible for seeking funding for major campus network upgrades as needed.

• Network equipment for new buildings and major renovations charged to building/renovation project.

Firewalls

• The University’s networks are generally open and not firewalled.

• Several firewall deployments do exist:– Juniper SRX firewalls for point of sale devices in

SLC and SCH– Juniper SRX firewall cluster for IST machine room– Sonicwall in Civil Engineering– Juniper Netscreen in Computer Science

Firewall Support

• IST supports the Juniper SRX product• Civil Engineering : proposing replacing

Sonicwall with small SRX or ACLs on router• Computer Science : preparing to deploy used

SRX 650’s coming out of service from wireless NAT (larger units being deployed for wireless NAT)

Firewalls

• Consult with IST IT Security group• Firewalls are needed in some cases for PCI compliance, or as

recommended by auditor.• Provide a layer of security.• Little apparent correlation between compromised systems and

firewalls (or lack thereof) – difficult to measure effectiveness. (hard to say what didn’t get broken into)

• Many compromises are related to phishing, malware – difficult to address.

• Can add complexity and cost, and impact service (ease of use).• Consult with IST IT Security group !

Campus VPN Service

• Campus project, lead by Trevor Grove of CSCF, to select a VPN solution for faculty, grad students and staff.

• To provide simplified/secure access to some applications, from off campus, as needed.

• Looked at Cisco, Juniper, Microsoft and open source.• Cisco ASA 5540 chosen.• Procurement of redundant pair in progress, IST to

begin implementation within a month.• Expecting 100-500 users.

IP Addresses• We are running out of subnets !• The University has 65,536 public IP address available (129.97.0.0/16)• This is generally broken into 256 subnets of 256 addresses each (with

exceptions)• Only 14 such subnets left (5%)• We expect to be out of subnets by the end of 2011, as each new

building will require several subnets.• A major campus effort is needed to optimize use of the campus IP

address space. Discussions have started at CTSC and CNAG.• Technical effort is not difficult, but it can be time consuming.• Involves changing IP addresses on computers, working with end

users.