Meliora Hall network upgrade project

So, what's the deal?

The University has decided that it's necessary for University IT to be able to identify and track everybody who is currently using the University's wired computer network. They want to be able to know when a user is on the network, what computer they are using, and what they are doing on the Internet.

The way our network is currently configured in Meliora Hall doesn't allow University IT to collect this information. As such, our network must be reconfigured to provide them the necessary access.

What exactly will be changing?

To understand the changes requires a brief overview of how networking works in Meliora.

Computers connect to the Internet using an 'IP Address'...a unique number entered into the computer's network setup that allows the computer to connect to the network. The University is assigned a specific number of 'public' IP addresses that are used to give University computers access to the public Internet.

We (meaning the BCS & CVS contingent in Meliora Hall) are assigned a portion of these public IP addresses. This portion is called a 'subnet'. On this subnet resides our public Internet servers (e-mail, web, wiki, etc.). Also on this subnet is our network firewall, a device that acts as a protective 'gatekeeper'. Hiding behind this firewall, on a *private* network, are all of our desktop and laptop computers.

We are also assigned a range of IP addresses that are only accessible from within the University itself and have no access to the public Internet. This is called the 'intranet'. On our intranet resides our printers and the 'Opus' network storage device.

So to review:

-On the public Internet are our main servers, accessible from anywhere in the world.

-On the UR intranet are our printers and one of our network storage devices.

-On our private network, behind the firewall, are your computers (and one or two servers).

To accommodate the needs of University IT, all of our computers must be moved from the private network to the public Internet. This involves assigning public IP adresses to every computer on our network. But since our community is so large, our current public subnet isn't big enough, so we must also move everything to a new, larger public subnet.

But doesn't having a public IP address make my computer vulnerable to an attack from the Internet?

Normally, having a public IP address gives the rest of the world the ability to 'see' your computer, and if they can see it, they can try to hack it. However, we have set up a new network firewall to deal with this. Though the IP address used by your desktop or laptop will be a public IP address, your computer will reside behind the new network firewall, which will provide you the same types of protection as you had before.

What happens once all of these moves are complete?

Once we've finished moving everybody and everything to the new network, University IT will enable 'Network Registration' (or 'NetReg' for short). When you connect a computer to the network, you will be required to go to a webpage and log into the network using your NetID. Your login info will be remembered by the network, so you will not need to do this every time you connect.

How will this project affect me personally?

Needless to say, this project is *huge*. As such, it will be broken down into phases.

Phase 1 (COMPLETED): Move all of our printers from the old Intranet to the new one.

This will be performed during mid-November, and involves assigning each printer a new IP address. The name of the printer (for example, 'cvs249.cvs.rochester.edu') will not change. Since the printer should have been set up on your computer using its name and *not* its IP address, you shouldn't need to reconfigure anything. When a printer you use gets moved to the new intranet, the only thing you *may* need to do is reboot your computer so it discovers the new IP address.

Phase 2 (IN PROCESS): Move all of our public servers from the old subnet to the new subnet.

This will be performed during December and early January, and involves assigning our servers a new IP address in the new public subnet. It takes time for this type of change to be discovered by the rest of the Internet, so there will be a period of time (perhaps 24-72 hours) when distant users/other servers may have trouble communicating with our servers. As such, the changes to 'important' servers will be made during the holiday/semester break to try and minimize impact. I do not anticipate you needing to reconfigure anything on your computer(s).

Phase 3: Move all of our desktops & laptops from the old private network to the new subnet.

THIS IS SCHEDULED FOR 9AM ON JANUARY 7TH, 2014

This is the most dramatic change...every computer in the department will need to have its network configuration changed. Documentation for making the necessary changes can be found here: DhcpConversion This is happening on January 7th, during the semester break, to try and minimize the impact on users.

It is important to note that with the new network configuration, I have to enter information specific to your computer into the system that controls network access. I have already done numerous network scans to collect the needed information so it could be entered into the system ahead of time. If your computer was not seen during these scans, you won't be able to access the wired network once this change takes place. If this happens to you, contact me and we'll get it sorted out.

Phase 4: Implementation of Network Registration.

Once everybody and everything is moved to the new network, University IT will enable NetReg on our subnet. Date for this happening is yet to be determined. You'll basically come into work one morning, and will have to log into the network to gain access to the Internet.

Phase 5: Modify our wireless network (proposed).

It is important to note that our departmental wireless networks will remain unaffected while all of these changes take place. However, once this project is completed, our regular wifi network (BCSCVS) may be modified to better integrate into the new network configuration so users have more access to departmental resources. The details of this are still being worked out, and there is obviously no ETA for this.

And on a related note:

Phase 6: Sequestration of Windows XP

In April of 2014, Microsoft will cease providing security updates for Windows XP. The fear is that once this happens, a slew of malware will be released for XP to give hackers access to machines. To meet University-wide XP initiatives and try to prevent this from happening to our computers, any computer still running Windows XP next April will be moved from the public Internet to the intranet. You will still have access to printers, other XP machines in the department, and University resources, but not the public Internet.

NetworkProject (last edited 2013-12-18 15:04:13 by WikiAdministrator)

MoinMoin Appliance - Powered by TurnKey Linux