网络资源
菠菜网lol正规平台研究网络
菠菜网lol正规平台 is connected to the 100 gigabit connection to Cenic/Internet2, the research specific network that connects many of the top universities in the country. 所有校园用户 whose traffic is destined for an off campus Internet2 connected university automatically 使用高速通道. Some of the key information is as follows:
科学非军事区
Dozens of other universities and the Department of Energy’s ESNet have been using networks at 100 gigabits for some time and have a model that facilitates fast research 文件传输. The key is to designate a portion of the network to be a 科学非军事区, which has many characteristics that speed up science.
Our extension of the 科学非军事区 is called the 菠菜网lol正规平台 Research Network and it will be distributed around campus to many buildings via two 10 gigabits connections, in order not to overload the single 100 gigabit network to Internet2.
Information about the 科学非军事区 concept: http://fasterdata.es.net/science-dmz/
A 科学非军事区 integrates five key components into a unified whole:
- A network architecture explicitly designed for high-performance applications, where science/research use is distinct from general-purpose use
- The use of dedicated systems for data transfer (DTN)
- Performance measurement and network testing systems that are regularly used to characterize the network and are available for troubleshooting (PerfSonar)
- Security policies and enforcement mechanisms that are tailored for high performance 环境
- Engagement with Network Users focused on creating partnerships, educating and providing 资源/持续的支持
菠菜网lol正规平台研究网络推出
Traffic on this network can’t include data subject to FISMA, FERPA, HIPAA, nor for 一般PHI数据. Basically, the data on the network should only be low-risk research data.
All systems connecting to the research network must connect at 10gigabits.
The network will not have traditional firewall protection; therefore it is imperative that you provide host based protection. A well-implemented set of host-based tools will make your system safer than those systems on campus sitting behind a departmental firewall. However, you have to actively implement and monitor the host.
The ideal type of host for Low Risk Data would be a linux system with:
- Frequent and regular updating/patching per the campus ISO requirements and recommendations
- 一个有效的NetDB条目
- Local host based firewall, like IPTables, blocking ports not needed for transfers.
- Review login credentials quarterly, use Kerberos logins if at all possible
If dealing with Moderate Risk Data, then also implement:
- Test for vulnerabilities quarterly (Qualys scan)
- 两步认证(Duo)
- Centralized logging (University IT LogRythm)
- Malware protection, if appropriate (Sophos for Windows)
- Host base Intrusion Detection (Sophos for Windows, Sophos for Linux)
- 安全的物理环境
- Systems moved to the Research Network may NOT be dual homed to the campus network 和研究网络
- Full Internet, I2 and Campus networks will be available from the new network. Similarly, the new network will be reachable by the campus networks through a router hop. This network will be considered ‘off campus’ to the normal departmental firewall rules.
网络分界点
菠菜网lol正规平台 IT Network Services will install a 10gigabit capable switch in a central closet. Available ports will be marked as will the IP range (and network) to help with NetDB 创造记录. This switch could have both 10gbaseT and fiber ports and could be in the building’s main telecom closet or on an upper floor, depending on where the potential researchers are located within the building. 如果大楼的线路没有 functional at 10gigabit, then a fiber connection may be needed to handle the high speed.
This policy is subject to change and petitions may be made for exceptions.
