You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Current »

Characterizing the use of 10-space within Chemistry and Physics.

See also

CIT's proxy server's listing of proxied services:

  • https://transproxy.cit.cornell.edu:9443/Proxied/
  • This service is running on really old hardware.
  • Question: What is the proxy service being used by RedRover/ eduroam, if different? And if different, what services are be proxied?
    • Answer: 2/23/16, per Oliver's brief phone conversation with LaurieC: Yes, services are redundant. ITSO to consider migrating service to new Fortinet hardware. Nothing scheduled yet, since migrating from ACLs to Managed Firewall is currently a key project they are focusing on.

Used primarily for two reasons:

1. Easy, powerful protection

Easy protection for devices not needing a public IP but benefiting from being on Cornell's network.

  • Simpler and more bomb-proof network protection than a firewall.
  • 10.Space systems are blocked from accessing general internet / web sites. This minimizes risks of malware or data breaches from these systems.
  • Computers still get:
    1. network access to group file shares.
    2. Active Directory and other campus computing management access
    3. Patching and updates: OS, apps, anti-virus.
    4. Network-based anti-virus reporting.
  • Printing from RedRover/ eduroam, which is not normally allowed in, is enabled by opening port 9100.
    • No VPN required.
  • Small Routers on 10 space used to isolate clusters and systems with obsolete OS from other network devices, while allowing network access.

On occasion the device may need a public IP temporarily. Such a change requires modifying the DNSDB record.

  • This is usually simpler and faster than making changes to CU's ACLs or firewall services.

Use cases in Chemistry

As of Jan. 12, 2016:

  • All (100%) of Chemistry and Physics networked printers: 129
    • 87 of those are on Research networks.
  • Many, many computers hooked up to instrument systems and most servers: 74
    • 49 of those are on Research networks.
  • 10 Space routers, allowing access for multiple systems

For context. other numbers:

  • Public IPs for all Chemistry and Physics systems: 260*
    • Count does not include Physics Grad lab, with 61 public IPs assigned.
  • Systems on "zero" space: 22

2. Optimizes use of limited IP space

Affords twice the number of IPs on a network than if 10-space numbers were converted to public IP addresses (and presumably similarly blocked at the network layer via firewall or ACL).

  • Many of our computers are outdated, and will never be able to utilize ipV6.

 

Caution: Ensure CU's proxy server configured with necessary off-campus access

Source info in Chemistry IT

Excel file called "DNSDB 10-space counts 1-12-16" located:

  • R:\Chem IT\Infrastructure\Networking

 

 

  • No labels