Download presentation
Presentation is loading. Please wait.
PublishBeverly Lang Modified over 9 years ago
1
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 0011 Network Engineering & Telecommunications Section Update Jim Van Dyke - Asst. Section Manager December 10, 2001
2
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 0012 Topics Introduction to NETS NETS Web Site Network Coordination & Advisor Board Current wireless deployment NCAR VPN NETS Future Projects
3
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 0013 Introduction to NETS Who are we? http://www.scd.ucar.edu/nets/introucar.edu/nets/intro
4
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 0014 NETS Web Site http://www.scd.ucar.edu/nets http://www.scd.ucar.edu/nets How to submit a NETS work request http://www.scd.ucar.edu/nets/forms/ httpwww.scd.ucar.edu/nets/forms/
5
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 0015 Network Coordination & Advisor Board Helps define priorities NCAB Policies http://www.ucar.edu/ncab/wwwucaredu/ncab/
6
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 0016 Wireless at NCAR NCAR current wireless projects LAN WAN Details of NCAR wireless work at: http://www.scd.ucar.edu/nets/projects/wireless/
7
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 0017 NCAR’s Wireless LAN Covering all the conference rooms now Cover most office space eventually “NETS is the FCC of NCAR” (no rogue wireless devices) Guest authentication via web page VPN access required in the future
8
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 0018 Old Wireless Model Staff-only network inside the firewall provides access to all the same services that staff have access to in their offices Guest/visitor network outside the firewall only in conference rooms and their immediate vicinity Access to each is controlled via regularly changing encryption keys
9
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 0019 New Wireless Model One network only Access via VPN for UCAR staff Guest access via web page registration Reason for requirement = WEP is insecure
10
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00110 NCAR’s Wireless WAN 802.11b link between ML and MFS Backed up by a T-1 link Potential backup links to Jeffco, PS and FL
11
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00111 Futures / other general wireless issues 802.11b standard extensions coming will extend 802.11b speed to 22Mbps IEEE 802.11a operates in the 5-GHz bands data rates up to 54Mbps unlike 802.11b DSSS, 802.11a uses OFDM
12
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00112 NCAR’s security perimeter Who is inside? Most users on UCAR campuses Dial-in users connecting to UCAR dialups Who is outside? Users at UCAR divisions that have elected to remain outside the perimeter Dial-in users connecting to external ISPs Anyone else on the Internet at large
13
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00113
14
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00114 NCAR VPN Solution A conceptual diagram of what we wanted to achieve
15
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00115
16
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00116 NCAR’s VPN client solutions Windows Cisco IPSec client – W9X-WXP and Linux Linux FreeS/WAN option available Macintosh and Solaris No current solution Cisco client solution supposedly coming soon Obtain software via Greg Woods
17
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00117 Cisco VPN solution Cisco IPSec client Establishes IPSec tunnel to Cisco VPN Concentrator 3015 (and closes off all other network access when enabled) We require a group ID and password to establish tunnel (can also use certificates) We then validate the user on their UCAR “gatekeeper password” via RADIUS
18
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00118 Legal issues Cisco VPN client issues From the legal point of view, we have four classes of users: UCAR employees who install the software onsite UCAR employees who download the software to their home systems Remote users within the US Remote users outside the US
19
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00119 Linux VPN solution FreeS/WAN (www.freeswan.org)www.freeswan.org Known to work with Linux and BSD Must recompile the kernel Linux client must comply with CSAC security standards for fully exposed hosts (disabling services or using ipchains to block access; IP firewalling must be enabled in the kernel)
20
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00120 VPN and Wireless Addresses the WEP insecurity issue CSAC will require this soon
21
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00121 NETS Future Projects Voice over IP (VoIP) Routers Upgrade New Connections to FRGP New Building
22
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00122 Conclusion Details and more information on NETS “Projects page” http://www.scd.ucar.edu/nets/projectsscd.ucar.edu/nets/projects Questions?
23
Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 00123 NETS
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.