Fin. & Admin. Update Presentation

Download Report

Transcript Fin. & Admin. Update Presentation 

Network Engineering &
Telecommunications
Section Update
Jim Van Dyke - Asst. Section Manager
December 10, 2001
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
1
NETS
Topics
Introduction to NETS
NETS Web Site
Network Coordination & Advisor Board
Current wireless deployment
NCAR VPN
NETS Future Projects
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
2
NETS
Introduction to NETS
Who are we?

http://www.scd.ucar.edu/nets/intro
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
3
NETS
NETS Web Site

http://www.scd.ucar.edu/nets
How to submit a NETS work request

http://www.scd.ucar.edu/nets/forms/
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
4
NETS
Network Coordination &
Advisor Board
Helps define priorities
NCAB Policies

http://www.ucar.edu/ncab/
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
5
NETS
Wireless at NCAR
NCAR current wireless projects

LAN

WAN
Details of NCAR wireless work at:

http://www.scd.ucar.edu/nets/projects/wireless/
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
6
NETS
NCAR’s Wireless LAN
Covering all the conference rooms now
Cover most office space eventually
“NETS is the FCC of NCAR” (no rogue
wireless devices)
Guest authentication via web page
VPN access required in the future
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
7
NETS
Old Wireless Model
Staff-only network


inside the firewall
provides access to all the same services that staff
have access to in their offices
Guest/visitor network


outside the firewall
only in conference rooms and their immediate
vicinity
Access to each is controlled via regularly
changing encryption keys
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
8
NETS
New Wireless Model
One network only


Access via VPN for UCAR staff
Guest access via web page registration
Reason for requirement = WEP is insecure
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
9
NETS
NCAR’s Wireless WAN
802.11b link between ML and MFS
Backed up by a T-1 link
Potential backup links to Jeffco, PS and
FL
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
10
NETS
Futures / other general
wireless issues
802.11b standard extensions coming

will extend 802.11b speed to 22Mbps
IEEE 802.11a
operates in the 5-GHz bands
 data rates up to 54Mbps
 unlike 802.11b DSSS, 802.11a uses OFDM

NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
11
NETS
NCAR’s security
perimeter
Who is inside?
Most users on UCAR campuses
 Dial-in users connecting to UCAR dialups

Who is outside?
Users at UCAR divisions that have elected
to remain outside the perimeter
 Dial-in users connecting to external ISPs
 Anyone else on the Internet at large

NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
12
NETS
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
13
NETS
NCAR VPN Solution
A conceptual diagram of what we
wanted to achieve
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
14
NETS
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
15
NETS
NCAR’s VPN client solutions
Windows

Cisco IPSec client – W9X-WXP and Linux
Linux

FreeS/WAN option available
Macintosh and Solaris


No current solution
Cisco client solution supposedly coming soon
Obtain software via Greg Woods
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
16
NETS
Cisco VPN solution
Cisco IPSec client
Establishes IPSec tunnel to Cisco VPN
Concentrator 3015 (and closes off all other
network access when enabled)
 We require a group ID and password to
establish tunnel (can also use certificates)
 We then validate the user on their UCAR
“gatekeeper password” via RADIUS

NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
17
NETS
Legal issues
Cisco VPN client issues

From the legal point of view, we have four
classes of users:
UCAR employees who install the software
onsite
 UCAR employees who download the software
to their home systems
 Remote users within the US
 Remote users outside the US

NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
18
NETS
Linux VPN solution
FreeS/WAN (www.freeswan.org)
Known to work with Linux and BSD
Must recompile the kernel
Linux client must comply with CSAC
security standards for fully exposed
hosts (disabling services or using
ipchains to block access; IP firewalling
must be enabled in the kernel)
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
19
NETS
VPN and Wireless
Addresses the WEP insecurity issue

CSAC will require this soon
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
20
NETS
NETS Future Projects
Voice over IP (VoIP)
Routers Upgrade
New Connections to FRGP
New Building
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
21
NETS
Conclusion
Details and more information on NETS
“Projects page”

http://www.scd.ucar.edu/nets/projects
Questions?
NCAR Scientific Computing Division
Supercomputing • Communications • Data
12/10/2
001
22
NETS