Restricted/Limited Access Network project meeting

Monday August 27, 2012; 3:00 p.m.; AISB-208

Invited

Phil Benchoff, Jacob Dawson, Marc DeBonis, William Dougherty, Brian Jones, Ron Keller, Philip Kobezak, Greg Kroll, Steve Lee, Randy Marchany, Rich Sparrow

Agenda

1. Review action items from 20120813 - August 13, 2012 RLAN Project Status Meeting
2. Status updates
3. Project Management Documentation
   1. Still need estimates of hours worked on this project and any other budget items from:
      1. Randy Marchany, Jacob Dawson, Phil Benchoff
   2. Security Initial Review form
4. Open forum

Attended

Phil Benchoff, Jacob Dawson, William Dougherty, Brian Jones, Ron Keller, Philip Kobezak, Greg Kroll, Steve Lee, Rich Sparrow

Meeting Notes

1. Review action items from 20120813 - August 13, 2012 RLAN Project Status Meeting
   1. Action item: Steve Lee will investigate whether this [3 VLANs on new UC phones] is possible or not.
      1. Steve reported that 3 VLANs are not possible. If using the voice line than only 1 other VLAN is possible. After some discussion William announced that RLAN users will have to use the wall jack for RLAN access and if they want to use the phone data connection for general Internet (insecure) access it will be an extra $10/month/user. One issue with this may be an adequate number of ports on the switch.
   2. Action item: User access to RLAN must be approved by ITSO so when that number begins to grow ITSO will alert CNS to purchase more [VPN] licenses.
      1. The VPN licenses are concurrent use, so 1000 should be adequate.
      2. Phil suggested the possibility of an RLAN user that wanted to access the general Internet could use a VPN connection that is controlled by the secure RLAN virtual machine to gain access. This would be at the expense of more VPN licenses. New Action item: William requested that Steve determine the costs to grow VPN licenses.
   3. Action item: Ron needs the building name and number of RLAN users in that building before they can begin using the RLAN.
      1. New Action item: Rich will get Ron the number of users that need access to RLAN in which buildings and what applications they need access to.
      2. The RLAN firewall is going to be high maintenance because of all the sites users need to get to.
   4. Action item: Marc needs access to the Management Network [for the future to be called "RLAN Admin Network"] for his desktop solution to work. Phil mentioned that in the worse case they could "poke a hole in the firewall" for him.
      1. There was some discussion of what exactly Marc needs access to. Those present thought it is most likely access to the RLAN itself. New Action item: Greg will alert Marc to let Ron and Steve know what access he needs.
   5. Action item: 4Help should be invited to these meetings when the network is closer to working/production.
      1. 4Help should be invited to demo's in the near future of what we have so far.
2. Status updates
   1. The most recent NAS upgrade has a "zoned" feature that allows controlling access to files on the NAS depending on how you are connected. There is a possibility of using this to restrict file access on the RLAN. This needs further analysis and testing.
   2. VSAN option needs further investigation and testing.
   3. Add to next meetings agenda to discuss RLAN border elements network design.
3. Project Management Documentation
   1. For project budget estimate Greg has estimates of hours from everyone but Randy.
   2. Greg is working on project management documentation with William and Randy.
4. Open forum
   1. An issue that needs discussion is how to redirect users to an informative webpage if they try to access prohibited places like facebook from the RLAN. Currently the attempt/connection will just timeout without an explanation.