The NOC Customer Portal

What is the NOC Customer Portal?

What is the NOC Customer Portal?

o It’s a set of web applications and tools…

What is the NOC Customer Portal?

o It’s a set of web applications and tools…

o that offer transparency and push “self service” to customers…

What is the NOC Customer Portal?

o It’s a set of web applications and tools…

o that offer transparency and push “self service” to customers…

o in a secure, verified, and granular way.

Is it laziness to push network administration to users?

Is it laziness to push network administration to users?

o A little.

Is it laziness to push network administration to users?

o A little.

o Another word would be “efficient.”

Is it laziness to push network administration to users?

o A little.

o Another word would be “efficient.”

o It’s also more convenient for users.

Is it laziness to push network administration to users?

o A little.

o Another word would be “efficient.”

o It’s also more convenient for users.

o AND it increases security.

Is it laziness to push network administration to users?

o A little.

o Another word would be “efficient.”

o It’s also more convenient for users.

o AND it increases security.

o AND in most cases, the user also gets immediate results.

Is it laziness to push network administration to users?

o A little.

o Another word would be “efficient.”

o It’s also more convenient for users.

o AND it increases security.

o AND in most cases, the user also gets immediate results.

o In other cases, it shortens cycles by removing ambiguity.

Is it laziness to push network administration to users?

o lets the computer do what it’s good at, but people are not

What are some tools on the NOC Customer Portal?

o Email aliasing

o VPN accounts

o DNS

o MAC tracking for stolen devices

o many others!

How about stuff where we need babysitting?

How about stuff where we need babysitting?

o ACLs

How about stuff where we need babysitting?

o ACLs

o Access Control List

How about stuff where we need babysitting?

o ACLs

o Access Control List

o rules that allow/deny access on the network

How about stuff where we need babysitting?

o ACLs

o Access Control List

o rules that allow/deny access on the network

o ACLs are confusing!

An Example

o staff member who works at GSD

o network admin

o authorized to make ACL requests

o wants to open web access to frankgehry.gsd.harvard.edu (128.103.174.100)

The old way:

① emails request to NOC

② NOC receives request

③ NOC evaluates request, may pass off to SOC for approval if host is on their network, probably need to seek clarification from customer

④ eventually, NOC carries out request

⑤ NOC notifies user

Why that stinks:

o slow

o “social engineering”

o guaranteed to spend cycles seeking clarification (ACLs are complicated!)

o multiple staff members needed

o changes go into a black hole

o easy to miscommunicate (ACLs are complicated!)

o no transparency into existing ACLs

The Portal way

o parse all network device configurations into database

o make available via “ACLadmin” on the Portal

o instantiate all business rules and technical logic in that

o let’s take a look…

Why that doesn’t stink:o authenticated

o validated

o no NOC staff time needed until time to evaluate/add

o automatically logged

o easier than vendor GUI

o not immediate, but quicker

o have zone control

o pre-vetting for format & redundancy (complexity control)

o transparency

o vendor neutral (new!)

o let the computer do what it’s good at and humans aren’t

The future

o more of the same

o refresh existing apps for new technology

o APIs for automation (VPN/DHCP now, ACL/DNS to come)