Characterizing the use of 10-space within Chemistry and Physics.
See also
CIT's proxy server's listing of proxied services:
- https://transproxy.cit.cornell.edu:9443/Proxied/
- Question: What is the proxy service being used by RedRover/ eduroam, if different? And if different, what services are be proxied?
Used primarily for two reasons:
1. Easy, powerful protection
Easy protection for devices not needing a public IP but benefiting from being on Cornell's network.
- Simpler and more bomb-proof network protection than a firewall.
- Computers still get:
- network access to group file shares.
- patching and updates: OS, apps, anti-virus.
- Network-based anti-virus reporting.
- Printing from RedRover/ eduroam, which is not normally allowed in, is enabled by opening port 9100.
- No VPN required.
On occasion the device may need a public IP temporarily. Such a change requires modifying the DNSDB record.
- This is usually simpler and faster than making changes to CU's ACLs or firewall services.
Use cases in Chemistry
As of Jan. 12, 2016:
- All (100%) of Chemistry and Physics networked printers: 129
- 87 of those are on Research networks.
- Many, many computers hooked up to instrument systems and most servers: 74
- 49 of those are on Research networks.
For context. other numbers:
- Public IPs for all Chemistry and Physics systems: 260*
- Count does not include Physics Grad lab, with 61 public IPs assigned.
- Systems on "zero" space: 22
2. Optimizes use of limited IP space
Affords twice the number of IPs on a network than if 10-space numbers were converted to public IP addresses (and presumably similarly blocked at the network layer via firewall or ACL).
Caution: Ensure CU's proxy server configured with necessary off-campus access
Source info in Chemistry IT
Excel file called "DNSDB 10-space counts 1-12-16" located:
- R:\Chem IT\Infrastructure\Networking