You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

We've all encountered issues reaching sites across the network.  Are there things we can do within UT System to ameliorate issues?

What are the big problems?

  1. Network security restrictions (ex: firewalls, router ACLs)
  2. Network bandwidth availability (potentially getting to QoS)
  3. Lack of UT System coordinated guidance on network needs by application
  4. Lack of inter-institutional contacts to troubleshoot problems
  5. Network errors in configuration (client, edge network -- rarely distribution/core/border) -- ex: duplex settings and port errors
  6. Lack of technical expertise for vendors, application owners, end users, and sometimes network staff
  7. Lack of vendor documentation on network use (ex: TCP/IP ports and protocols utilized/required, bandwidth requirements)
  8. Collision of policy domains and resources (ex: VPN required to connect to service)
  9. Lack of application change control and notices (see #4,6,7 -- service upgraded without testing and consulting with networking)
  10. Differing goals/priorities/requirements between those involved (ex: applications owners v. UT System Network v. Campus Network v. Campus ISO v. End Users)

Potential solutions?

  1. Secured wiki site of UT System sanctioned applications and their network profiles/desires
  2. Network contact list of each institution (how to start a debugging process)
  3. Network review board for UT System sanctioned applications (new applications and changes must pass the review board which can ensure implementable systems that are not exclusive). Non-reviewed applications can of course be used (most will not be reviewed) but they won't have the same level of attention to ensure they work.

  4. UT System level network assistance to review applications and their network requirements ?[networking:likely some FTE need]

  5. Email lists for notification and discussions regarding sanctioned applications
  6. Scheduled windows for changes to sanctioned applications
  7. Create templates for popular security devices to support sanctioned applications (ex: Cisco/Juniper firewall configuration stanzas)

  8. Develop security monitoring system. [networking:Custom code. Deploy servers to all institutions and application locations reporting back to a central server.  Have the server and nodes probe the defined ports and escalate changing conditions (such as nmap).  Provide a console for all institutions to monitor and log these changes. Should institution X change port 8922 required by sanctioned applications that would be escalated to ensure that was intentional and alert all parties -- including application owners.] (ex: Multicast beacon, Internet weather-maps)

  9. Training and appropriate tools to assist in troubleshooting (ex: NDT, iperf, nmap)
  • No labels

Confluence Documentation | Web Privacy Policy | Web Accessibility