Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Network Engineering & Telecommunications Section Update Jim Van Dyke - Asst. Section Manager December 10, 2001
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Topics Introduction to NETS NETS Web Site Network Coordination & Advisor Board Current wireless deployment NCAR VPN NETS Future Projects
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Introduction to NETS Who are we?
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NETS Web Site How to submit a NETS work request httpwww.scd.ucar.edu/nets/forms/
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Network Coordination & Advisor Board Helps define priorities NCAB Policies
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Wireless at NCAR NCAR current wireless projects LAN WAN Details of NCAR wireless work at:
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NCAR’s Wireless LAN Covering all the conference rooms now Cover most office space eventually “NETS is the FCC of NCAR” (no rogue wireless devices) Guest authentication via web page VPN access required in the future
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Old Wireless Model Staff-only network inside the firewall provides access to all the same services that staff have access to in their offices Guest/visitor network outside the firewall only in conference rooms and their immediate vicinity Access to each is controlled via regularly changing encryption keys
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ New Wireless Model One network only Access via VPN for UCAR staff Guest access via web page registration Reason for requirement = WEP is insecure
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NCAR’s Wireless WAN b link between ML and MFS Backed up by a T-1 link Potential backup links to Jeffco, PS and FL
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Futures / other general wireless issues b standard extensions coming will extend b speed to 22Mbps IEEE a operates in the 5-GHz bands data rates up to 54Mbps unlike b DSSS, a uses OFDM
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NCAR’s security perimeter Who is inside? Most users on UCAR campuses Dial-in users connecting to UCAR dialups Who is outside? Users at UCAR divisions that have elected to remain outside the perimeter Dial-in users connecting to external ISPs Anyone else on the Internet at large
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NCAR VPN Solution A conceptual diagram of what we wanted to achieve
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NCAR’s VPN client solutions Windows Cisco IPSec client – W9X-WXP and Linux Linux FreeS/WAN option available Macintosh and Solaris No current solution Cisco client solution supposedly coming soon Obtain software via Greg Woods
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Cisco VPN solution Cisco IPSec client Establishes IPSec tunnel to Cisco VPN Concentrator 3015 (and closes off all other network access when enabled) We require a group ID and password to establish tunnel (can also use certificates) We then validate the user on their UCAR “gatekeeper password” via RADIUS
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Legal issues Cisco VPN client issues From the legal point of view, we have four classes of users: UCAR employees who install the software onsite UCAR employees who download the software to their home systems Remote users within the US Remote users outside the US
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Linux VPN solution FreeS/WAN ( Known to work with Linux and BSD Must recompile the kernel Linux client must comply with CSAC security standards for fully exposed hosts (disabling services or using ipchains to block access; IP firewalling must be enabled in the kernel)
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ VPN and Wireless Addresses the WEP insecurity issue CSAC will require this soon
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NETS Future Projects Voice over IP (VoIP) Routers Upgrade New Connections to FRGP New Building
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Conclusion Details and more information on NETS “Projects page” Questions?
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NETS