Physics Network Integration

Physics Network Integration

Chris Hunter

Physics network team

• Chris Hunter : Network Manager• David Newton : Network Support Technician

• Room DWB 663• Phone 73501• Email [email protected]

Network Sockets & Concentration Points

• 16 network concentration points (NCP’s) in the Denys Wilkinson Building alone.

• Available Switch ports 2290 Approx. 59.2% active

• Level 2 NCP hub of the Physics network with 2 x 10Gb fibre connections going to each of the Physics buildings.

Edge Switch Upgrades

• 48 x 1Gb/s + 2 x 10Gb/s SFP+ Ports• Switch stacking up to 8 switches via HDMI

cables at speeds of > 10.2 Gbit/s• Port Based Authentication, 802.1x and Mac

Address Bypass (MAB)• Port based Access Control Lists (ACL’s)

Physics Firewall

Firewall Juniper Netscreen ISG 1000

Physics Wireless Network• Currently 19 x 802.11g 56Mbps wireless

access points in the DWB plus a couple of 802.11n 300Mbps– Anyone with a Physics network account can

connect.– Clients connected to the Physics_S wireless

network are part of the 10.7.0.0/16 subnet, with 802.1x authentication.

– Help on connecting to Physics_S can be found at http://www2.physics.ox.ac.uk/it-services/categories/wireless

OUCS wireless network

• OWL-VISITOR and OWL-VPN also available, via the OWL ssid.

• Eduroam now also available, connect using your Remote Access Account, different from your SSO or Nexus account http://www.oucs.ox.ac.uk/network/wireless/services/eduroam/

• Details about both OWL & Eduroam at http://www.oucs.ox.ac.uk/network/wireless

Access to Physics Services from the un-trusted subnet or remotely

• Virtual Private Network (VPN)– vpn.physics.ox.ac.uk works with Microsoft, Linux and OSX

clients, uses Physics authentication domain help at http://www2.physics.ox.ac.uk/it-services/categories/vpn

– Best to setup Windows client with Automatic as the VPN type, the client will then try a number of VPN types, our VPN server supports PPTP and SSTP, PPTP often gets blocked a the client end because the required GRE protocol is blocked.

– OSX will work with SSTP although I don’t think we have the instructions on the web yet.

– Oxford University IT Services have VPN service, does need specific client installed details at http://www.oucs.ox.ac.uk/network/vpn/

Network Security• Connecting unmanaged systems to the Physics

Network– MAC address registration is needed before gaining any

network connection for laptops on the wired network, please register at http://www.physics.ox.ac.uk/it/account/

– 172.17.x.x un-trusted subnet– Is your laptop up to date?

• Anti Virus / spyware• Fully patched OS• Be carful when opening emails, look out for phishing emails

• Connecting from outside of Physics– SMB blocked, no connection to windows files– MAPI access to Exchange Server blocked– SMTP blocked

Network Security

• Exchange Server protocols not blocked– IMAP– Authenticated SMTP is available using

mail.physics.ox.ac.uk, PHYSICS authentication domain credentials are needed to use the service

• Other protocols– web access, some pages within Oxford will require an

Oxford IP address, therefore VPN will be needed from outside.

– RPC over HTTPS

Network Security

• Sophos Anti Virus Software– Updates, out of date AV is no use– Download Sophos for personal laptops running:-• Sophos 10.0 for XP, Vista, Windows7 and 8 at

http://www.physics.ox.ac.uk/sophos/• Linux at http://www.oucs.ox.ac.uk/viruses/linux/• Sophos v8.0.6 for MAC OSX 10.4/10.5/10.6 at

http://www.physics.ox.ac.uk/sophos/

Network Backbone Connection

• Physics connection presently 1Gbps• Campus connection to Super Janet currently

at 2 x 10Gbps.

Access to Physics Services from the un-trusted subnet or remotely

• Exchange email web access• https://mail.physics.ox.ac.uk,

• Outlook Configuration• If using Outlook 2007 or 2010, then you can use the `autodiscover` feature. Basically, all it

needs to know is your email address (which it will already know if you are logged into the domain) and it will look up all the other information it needs. Further details can be found at http://www.physics.ox.ac.uk/it/email/exchange/2010/Outlook.htm

• Webdav via browser or windows network locations• https://winfe.physics.ox.ac.uk/home/<username> connects to your windows ‘H’ drive. • (Windows 7) Right click on ‘Computer’ within the file explorer, click ‘Add a network location’,

type the address above into the ‘Internet or network address field’, click next, authenticate with you Physics credentials, type a name in for the network location, click finish.

• Sftp + SSH• Winscp available on self service

• http://www.physics.ox.ac.uk/it/mswindows/remote.htm

Access to Physics Services from the un-trusted subnet or remotely

• Printing from a Windows Laptop not in the Physics domain.– http://www.physics.ox.ac.uk/it/mswindows/windowsprinti

ng.htm

• MAC Printing– http://www.physics.ox.ac.uk/it/mac/macprinting.htm

Access to Physics Services from the un-trusted subnet or remotely

• Windows terminal Servers– A list of servers can be found at

http://www2.physics.ox.ac.uk/it-services/remote-desktop-and-terminal-services

– Remote Desktop Client (MS & MAC OSX), possible to connect to local disks, printers and serial ports (not possible to connect serial ports in OSX).

– Rdesktop on Linux systems, • rdesktop <termservqc>, more for people without Windows desktop

– Windows XP, Vista, Windows 7 and 8 will allow remote access via terminal services, to connect to your Window desktop from outside the department connect through rdp-gateway.physics.ox.ac.uk, details can found on the address above.

Physics self service

• Under Programs\Physics Self Service

• FAQ’s http://www.physics.ox.ac.uk/it/mswindows/faq.htm

Questions?