Network Management Responsibilities
A DDD memo dated 10/11/04, stated CNS responsibilities for providing core network services. See -- Deans, Directors, and Department Heads Memoranda At the December ITAC meeting, questions came up regarding "core network services" vs. "local network management". For various components - "whose problem is it?"
This document clarifies some details of the DDD memo. To "operationalize" the division of responsibility between CNS services and Local Unit managed services, CNS proposes the following definitions and actions. Local units that manage their own local networks need access to some standard core network services. Likewise, local units are responsible for solving their own local network problems.
At their February meeting, ITAC-NI again reviewed this document, endorsed it, and recommended that it go forward to ITAC. ITAC-NI also expressed the following concern and recommendation -- Both CNS and local units will need additional funding to fully implement the stated responsibilities -- especially the recurring funding needed to replace network components at regular life-cycle intervals.
Local Network Management Responsibilities
- Work-group Switches -- Local network administrators are responsible for managing their
own work-group switches. Work-group switches are characterized by the fact that workstations and/or servers are attached
directly to them. If shared management exists today, CNS will divest the work-group switch to local unit
management.
- BPOPs managed by Local Units -- CNS will divest from any BPOP that is mainly used as a
work-group switch, and therefore provides only limited service in a smaller building. Such BPOPs will be reviewed
case-by-case. Where appropriate, CNS will give the switch away - to the local unit to manage as their own work-group
switch.
- Wireless APs managed by Local Units -- Local network administrators may install and
manage their own wireless access points. Installation must be coordinated with CNS, and the AP must be registered with
CNS. The locally managed APs must not broadcast any SSID, and they must not use standard NAT/PAT. More
complete technical guidelines can be found at: Requirements for Campus Wireless Networks
- Authentication for Wireless APs managed by Local Units -- local authentication can be
accomplished in 2 ways:
- connect to a Campus Authentication VLAN provided by CNS
- provide an alternative authenticated access that conforms to UF IT Security Policy.
Minimum requirements are: the local administrator must be able to identify an individual from a given IP number and timestamp; and must stop inappropriate behavior when it occurs. See -- Information Technology Security Policy - Management of Network Infrastructure by Local Units -- local units who manage
their own building network must follow UF Telecommunications Standards for physical infrastructure changes which include fiber
cables, copper wiring, racks, wiring pathways, and telecommunications rooms (TRs). See --
UF Telecom
Standards
- Wall-plate Switches -- CNS is willing to manage a unit's work-group switches on a
fee-for-service basis. This service is known as the Wall-plate Program.
See --
UF's Network Services (Wall-Plate) CNS can
provide some critical campus services only via the Wall-plate Program. Such services include: VoIP telephones and OUR
classrooms.
- BPOPs managed by CNS -- CNS will continue to manage, repair, and replace many BPOPs.
Such BPOPs are characterized by the fact that they extend the core network to a building, and aggregate multiple
work-group switches, services, and/or units in a building. If a local host is connected to a CNS managed BPOP, CNS will
continue to provide the port, but will begin charging for the port at standard wall-plate rates.
- Wireless APs managed by CNS -- CNS will continue to provide wireless services in outdoor
and public spaces via the campus standard SSID = "ufw". Such spaces are mostly covered now. CNS has limited funding to
expand outdoor wireless access. As now, cost sharing remains an option. For example,
if the local unit pays for the AP and wiring, CNS will install the AP for a Time & Materials charge. CNS
will provide on going support at no charge. However, the local unit remains responsible for future
upgrades and lifecycle replacement.
- Redeployment of Wireless APs managed by CNS -- if a CNS managed wireless AP is
connected to a locally managed work-group switch, then responsibilities conflict. Possible solutions are:
- where available, CNS will relocate the AP to a CNS managed switch;
- where agreeable, CNS can manage the AP and the local unit can manage the switch
- CNS will remove the AP.
- VLAN Trunking -- CNS will allow VLAN trunking at the demark point whether that be
core-to-BPOP, or BPOP-to-work-group switch. Such trunks will be manually defined and will not use the CNS VTP
domains.
- Campus Authentication VLAN -- CNS uses VLANs to authenticate wireless access via GatorLink
ID and password. CNS will provide an authentication VLAN for use by local network administrators, either by trunk or
by dedicated connection.
- On-call Support -- CNS provides 24x7 on-call support for core network services at no
charge. CNS also provides the same 24x7 support for wall-plate services - such support is bundled into the monthly port
fee, at no additional charge.
- Time and Materials Charge for Troubleshooting -- CNS will support locally managed
networks on a time available basis -- during normal business hours -- for $100/person-hour -- with a 1 hour minimum
charge. If the problem turns out to be in the core network, there will be no charge. Otherwise, all time and materials
will be charged.
- Problem Isolation -- If a problem occurs that impacts core network services beyond any
locally managed network switch, then the connection to the switch that is causing the problem may be shut down. When the
local network administrator corrects the problem, service will be restored.
