Restricted/Limited Access Network project meeting

Monday, April 29, 2013; 3:00 p.m.; AISB-208

Invited

Phil Benchoff, Jacob Dawson, Marc DeBonis, William Dougherty, Brian Jones, Ron Keller, Jeff Kidd, Philip Kobezak, Greg Kroll, Steve Lee, Randy Marchany, Christine Morrison, Rich Sparrow, Lucas Sullivan

Agenda

  1. Review action items and comments from 20130415 - April 15, 2013 RLAN Project Status Meeting
  2. IPv6 and RLAN. Any further discussion?
  3. Are all the orders written that need to be installed in this initial Pilot Phase? If not discuss who will follow up with departments AND CNS O&P to make sure that happens as soon as possible.
  4. Discuss how the 106 orders need to be processed and coordinated and TESTED (users will have to determine they can do everything they normally do after the RLAN configuration)
  5. Continue whitelisting discussion and procedures
  6. Status of RLAN FAQ
  7. Open Forum

Attended

Phil Benchoff, Jacob Dawson, Marc DeBonis, William Dougherty, Ron Keller, Philip Kobezak, Greg Kroll, Steve Lee, Randy Marchany, Rich Sparrow, Luke Sullivan, Brad Tilley

Meeting Notes

  1. Review action items and comments from 20130415 - April 15, 2013 RLAN Project Status Meeting
    1. Action item: Brian will speak to William about this issue. (regarding overtime pay for installs after 5pm)
      1. ITSO is working with departments on dates for installs.
      2. One suggestion (maybe to avoid overtime pay) is to do the Bursar installs at 7am instead of after 5pm so this does not disrupt the productivity of the office and will allow testing by office personnel right away.
    2. Action item: Greg will check with William and Randy about the desire to talk about (advertise) RLAN at DCSS.
      1. The RLAN was discussed/presented at DCSS by Rich Sparrow.
  2. IPv6 and RLAN. Any further discussion?
    1. There was a long, passionate discussion about deploying IPv6 on the RLAN, some comments from that discussion are included below.
    2. No support for IPv6 from/for FireEye can be expected anytime soon. As previously mentioned FireEye can pass IPv6 traffic through without action but this may be a security risk.
    3. We are working towards an IPv6 capable RLAN but it will not be so on day 1.
    4. We should worry about and test using IPv4 and be sure the network is stable before worrying about IPv6.
    5. Clients should begin "talking" IPv6 as soon as it is enabled.
    6. When to enable IPv6? Ron thought it could be enabled around June 1, 2013. Phil mentioned that it should be enabled slowly, not all at once on the entire RLAN.
  3. Are all the orders written that need to be installed in this initial Pilot Phase? If not discuss who will follow up with departments AND CNS O&P to make sure that happens as soon as possible.
    1. Rich reported that the ITSO is still working with departments to get this done. They are approximately 40% completed.
    2. Action item: Ron will check with Bill Blevins on the 6 connections for the AISB.
  4. Discuss how the 106 orders need to be processed and coordinated and TESTED (users will have to determine they can do everything they normally do after the RLAN configuration)
    1. Bursar + Registrar + Financial Aid
    2. All these departments should be working off existing active switches so no new cabling should be required.
  5. Continue whitelisting discussion and procedures
    1. There are separate meetings going on to streamline and automate this process. Goal is automate as much as possible, the flow of processes from user request, to the ITSO IRON application, to CNS, etc.
  6. Status of RLAN FAQ
    1. Currently resides here http://www.security.vt.edu/rlan.html and is referenced on computing here https://computing.vt.edu/content/rlan-virginia-tech
    2. Plans are to mirror this information on both sites.
  7. Open Forum
    1. Non-business hours support
      1. The RLAN is fully supported during normal business hours only (8am-5pm, M-F). The ITSO will be sure departments are aware of this.
      2. Most likely "work around" for departments that must get something done is to revert to using the normal network on a machine connected this way.
    2. Internet Control Message Protocol (ICMP)
      1. What are the risks if ICMP is allowed on the RLAN?
      2. May be confusing to users that they are able to "ping" and site but are not able to connect to it.
      3. Some malware uses ICMP.
      4. Several team members are of the opinion that if we allow TCP then we should allow ICMP.
      5. Action item: Phil Benchoff, Steve Lee and other will discuss ICMP and test it's use on the RLAN. (See Network Border)
  • No labels