Restricted/Limited Access Network project meeting

Monday, September 23, 2013; 3:00 p.m.; AISB-208

Invited

Phil Benchoff, Jacob Dawson, Marc DeBonis, Brian Jones, Ron Keller, Philip Kobezak, Greg Kroll, Steve Lee, Randy Marchany, Rich Sparrow, Lucas Sullivan, Brad Tilley

Agenda

  1. ITSO access to CNS Engineering Change Order process
  2. Whitelisting issues
  3. The MOU between CNS and ITSO
  4. Documentation and support requirements
  5. Who will be the next set of departments included in RLAN Phase 2?
  6. What are the plans for getting all hardware/software in the RLAN IPv6 capable?
  7. What needs to be budgeted to support this next Phase? In CNS? In ITSO?
  8. Open Forum

Attended

Jacob Dawson, Brian Jones, Ron Keller, Philip Kobezak, Greg Kroll, Steve Lee, Randy Marchany, Rich Sparrow, Lucas Sullivan, Brad Tilley

Meeting Notes

  1. ITSO access to CNS Engineering Change Order process
    1. Access is already in place. Phillip needs to be trained on its use. Action item: Ron volunteered to show Phillip how to use the CNS engineering change order system and be sure he understands how the system flows.
    2. Steve mentioned that CNS may want to create an ITSO group for use with the change order system, that way other authorized users from the ITSO can access the system.
  2. Whitelisting issues
    1. There are no outstanding whitelist issues.
    2. Action item: Include the ITSO sys log server in the whitelist.
    3. A VBI machine, used as a mirror for Linux distributions and therefore needed for any Linux machine on the RLAN so it can get patches and updates, also needs to be included in the whitelist. Action item: Include VBI Linux mirror machine in the whitelist.
    4. Brian would like to see us seeking another solution to accomplish what we are doing with a whitelist.
    5. Ron asked whether we will be able to maintain a whitelist as the number of users on the RLAN grows. Will it be manageable?
    6. CNS has a test ASA if the ITSO wants to use it.
    7. Since most places use blacklists there are very few products or vendors that deal with whitelists.
  3. The MOU between CNS and ITSO
    1. This has been started with help from Christine Morrison.
    2. Action item: Brian will review the current MOU and contact the ITSO when ready to discuss.
  4. Documentation and support requirements
    1. Some documentation is completed and some is waiting to see what is needed and how user's are using the RLAN.
    2. Brian commented that our processes and procedures need to be documented for audit purposes.
    3. Nick from the ITSO is working on "how to's".
    4. Because of the intended purpose of the RLAN (users handling PII) support needs to be a priority.
  5. Who will be the next set of departments included in RLAN Phase 2?
    1. Originally the Controller and HR offices were supposed to be in the pilot group, however, their impending move to North End Center meant they were not included with the pilot users. They will be included in phase 2. In addition, both of these departments are trying to come up with funds to pay for the RLAN ports.
    2. Two other departments interested in getting on the RLAN are Internal Audit and Shiffert.
    3. The ITSO will talk to departments and promote the RLAN.
    4. One thing to remember is that other departments will be looking to pilot users (e.g., Melinda West) for recommendations and their experience on the RLAN so it is in our best interest to make the pilot users happy so they have a positive assessment of the RLAN.
  6. What are the plans for getting all hardware/software in the RLAN IPv6 capable?
    1. The only piece of hardware that is not IPv6 compliant is the FireEye.
    2. Randy said that FireEye is sending IPv6 compliant hardware to VT this fall for evaluation.
  7. What needs to be budgeted to support this next Phase? In CNS? In ITSO?
    1. There was discussion of Multiprotocol Label Switching (MPLS) and whether it is used on the RLAN. The network engineers present said that MPLS is only in the "core". Also, as long as the ASA's are in place than MPLS cannot get through to RLAN.
    2. $50,000 for cards for Gigamon to support Multiprotocol Label Switching (MPLS).
    3. Network Address Translation (NAT) costs? Currently one-to-one NAT. For overload uses many-to-one NAT
    4. Cost to scale (expand) the RLAN?
    5. Virtual private network (VPN) costs? Current license for 1000 concurrent users.
  8. Open Forum
    1. None
  • No labels