Physics Network Integration - University of Oxford Department

Download Report

Transcript Physics Network Integration - University of Oxford Department

Physics Network Integration
Chris Hunter
Physics network team
• Chris Hunter : Network Manager
• David Newton : Network Support Technician
• Room DWB 663
• Phone 73501
• Email [email protected]
Network Sockets & Concentration
Points
• 16 network concentration
points (NCP’s) in the Denys
Wilkinson Building alone.
• Available Switch ports 2290
Approx. 59.2% active
• Level 2 NCP hub of the Physics
network with 2 x 10Gb fibre
connections going to each of
the Physics buildings.
Edge Switch Upgrades
• 48 x 1Gb/s + 2 x 10Gb/s SFP+ Ports
• Switch stacking up to 8 switches via HDMI
cables at speeds of > 10.2 Gbit/s
• Port Based Authentication, 802.1x and Mac
Address Bypass (MAB)
• Port based Access Control Lists (ACL’s)
Physics Firewall
Firewall Juniper Netscreen ISG 1000
Physics Wireless Network
• Currently 19 x 802.11g 56Mbps wireless
access points in the DWB plus a couple of
802.11n 300Mbps
– Anyone with a Physics network account can
connect.
– Clients connected to the Physics_S wireless
network are part of the 10.7.0.0/16 subnet,
with 802.1x authentication.
– Help on connecting to Physics_S can be
found at http://www2.physics.ox.ac.uk/itservices/categories/wireless
OUCS wireless network
• OWL-VISITOR and OWL-VPN also available, via
the OWL ssid.
• Eduroam now also available, connect using
your Remote Access Account, different from
your SSO or Nexus account
http://www.oucs.ox.ac.uk/network/wireless/services/eduroam/
• Details about both OWL & Eduroam at
http://www.oucs.ox.ac.uk/network/wireless
Access to Physics Services from the untrusted subnet or remotely
• Virtual Private Network (VPN)
– vpn.physics.ox.ac.uk works with Microsoft, Linux and
OSX clients, uses Physics authentication domain help
at http://www2.physics.ox.ac.uk/it-services/categories/vpn
– Best to setup Windows client with Automatic as the VPN type,
the client will then try a number of VPN types, our VPN server
supports PPTP and SSTP, PPTP often gets blocked a the client
end because the required GRE protocol is blocked.
– OSX will work with SSTP although I don’t think we have the
instructions on the web yet.
– Oxford University IT Services have VPN service, does
need specific client installed details at
http://www.oucs.ox.ac.uk/network/vpn/
Network Security
• Connecting unmanaged systems to the Physics
Network
– MAC address registration is needed before gaining any
network connection for laptops on the wired network,
please register at http://www.physics.ox.ac.uk/it/account/
– 172.17.x.x un-trusted subnet
– Is your laptop up to date?
• Anti Virus / spyware
• Fully patched OS
• Be carful when opening emails, look out for phishing emails
• Connecting from outside of Physics
– SMB blocked, no connection to windows files
– MAPI access to Exchange Server blocked
– SMTP blocked
Network Security
• Exchange Server protocols not blocked
– IMAP
– Authenticated SMTP is available using
mail.physics.ox.ac.uk, PHYSICS authentication domain
credentials are needed to use the service
• Other protocols
– web access, some pages within Oxford will require an
Oxford IP address, therefore VPN will be needed from
outside.
– RPC over HTTPS
Network Security
• Sophos Anti Virus Software
– Updates, out of date AV is no use
– Download Sophos for personal laptops running:• Sophos 10.0 for XP, Vista, Windows7 and 8 at
http://www.physics.ox.ac.uk/sophos/
• Linux at http://www.oucs.ox.ac.uk/viruses/linux/
• Sophos v8.0.6 for MAC OSX 10.4/10.5/10.6 at
http://www.physics.ox.ac.uk/sophos/
Network Backbone Connection
• Physics connection presently 1Gbps
• Campus connection to Super Janet currently
at 2 x 10Gbps.
Access to Physics Services from the untrusted subnet or remotely
•
Exchange email web access
• https://mail.physics.ox.ac.uk,
• Outlook Configuration
• If using Outlook 2007 or 2010, then you can use the `autodiscover` feature. Basically, all it
needs to know is your email address (which it will already know if you are logged into the
domain) and it will look up all the other information it needs. Further details can be
found at http://www.physics.ox.ac.uk/it/email/exchange/2010/Outlook.htm
• Webdav via browser or windows network locations
• https://winfe.physics.ox.ac.uk/home/<username> connects to your windows ‘H’ drive.
• (Windows 7) Right click on ‘Computer’ within the file explorer, click ‘Add a network
location’, type the address above into the ‘Internet or network address field’, click next,
authenticate with you Physics credentials, type a name in for the network location, click
finish.
• Sftp + SSH
•
Winscp available on self service
• http://www.physics.ox.ac.uk/it/mswindows/remote.htm
Access to Physics Services from the untrusted subnet or remotely
• Printing from a Windows Laptop not in the
Physics domain.
– http://www.physics.ox.ac.uk/it/mswindows/windowsprinti
ng.htm
• MAC Printing
– http://www.physics.ox.ac.uk/it/mac/macprinting.htm
Access to Physics Services from the untrusted subnet or remotely
• Windows terminal Servers
– A list of servers can be found at
http://www2.physics.ox.ac.uk/it-services/remote-desktopand-terminal-services
– Remote Desktop Client (MS & MAC OSX), possible to
connect to local disks, printers and serial ports (not
possible to connect serial ports in OSX).
– Rdesktop on Linux systems,
• rdesktop <termservqc>, more for people without Windows
desktop
– Windows XP, Vista, Windows 7 and 8 will allow remote
access via terminal services, to connect to your Window
desktop from outside the department connect through
rdp-gateway.physics.ox.ac.uk, details can found on the
address above.
Physics self service
• Under Programs\Physics Self Service
• FAQ’s
http://www.physics.ox.ac.uk/it/mswindows/faq.htm
Questions?