Versions Compared

Old Version 4

changes.mady.by.user William C Green

Saved on

compared with

New Version 5

changes.mady.by.user Jason Wang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Network security restrictions (ex: firewalls, router ACLs)
  2. Network bandwidth availability (potentially getting to QOSQoS)
  3. Lack of UT System coordinated guidance on network needs by application
  4. Lack of inter-institutional contacts to troubleshoot problems
  5. Network errors in configuration (client, edge network -- rarely distribution/core/border) -- ex: duplex settings and port errors
  6. Lack of inter-institutional contacts to troubleshoot problemsLack of technical expertise for vendors, application owners, end users, and sometimes network staff
  7. Lack of vendor documentation on network use (ex: TCP/IP ports and protocols utilized/required, bandwidth requirements)
  8. Application exclusive security profile Collision of policy domains and resources (ex: VPN required to connect to utilize service)
  9. Lack of UT System coordinated guidance on network needs by applicationLack of application change control and notices (see #5#4,6,7 -- service upgraded without testing and consulting with networking)
  10. Differing goals/priorities/requirements between those involved (ex: applications owners v. UT System Network v. Campus Network v. Campus ISO v. End Users)

...

  1. Secured wiki site of UT System sanctioned applications and their network profiles/desires
  2. Network contact list of each institution (how to start a debugging process)
  3. Network review board for UT System sanctioned applications (new applications and changes must pass the review board which can ensure implementable systems that are not exclusive).   Non-reviewed applications can of course be used (most will not be reviewed) but they won't have the same level of attention to ensure they work.
  4. Wiki Markup
    UT System level network assistance to review applications and their network requirements ?\[networking:likely some FTE need\]
  5. Email lists for notification and discussions regarding sanctioned applications
  6. Scheduled windows for changes to sanctioned applications
  7. Create templates for popular security devices to support sanctioned applications (ex: Cisco/Juniper firewall configuration stanzas)
  8. Wiki Markup
    Develop security monitoring system.  \[networking:Custom code.  Deploy servers to all institutions and application locations reporting back to a central server.  Have the server and nodes probe the defined ports and escalate changing conditions (such as nmap).  Provide a console for all institutions to monitor and log these changes.  Should institution X change port 8922 required by sanctioned applications that would be escalated to ensure that was intentional and alert all parties \-\- including application owners.\] (ex: Multicast beacon, Internet weather-maps)
  9. Training and appropriate tools to assist in troubleshooting (ex: NDT, iperf, nmap)