Two computing science researchers

Network Workstream

The foundation of a data network is embedded within its core and distribution networks and both of these will be upgraded as part of the Network Programme in Phase 4. Upon delivery, our network will:

  • be a Cisco Software Defined Access (SD-A) network, bringing it right up to date with modern network thinking
  • have new security features
  • provide automation possibilities
  • provide a new set of network tooling such as Infoblox (for DNS management) and Ixia (for network montioring)

Software Defined-Access (SD-A)

Cisco SD-Access is Cisco’s name for Software Defined Networking. It provides zero-trust security in the workplace and secures access—by all users, all devices, and from all locations—across applications and the network environment.

 

Software Defined-Access (SD-A) diagram

According to the Cisco website SD-A:

  • Identifies and verifies all endpoints.
    • Includes users and IoT devices that connect to your network.
  • Establishes policy and segmentation.
    • Helps to ensure least-privilege access based on endpoint and user type.
  • Continually monitors endpoint behaviour.
    • Helps ensure compliance, including encrypted traffic.
    • Quarantines endpoints that exhibit malicious or out-of-compliance behaviour.
  • Stops threat migration.

Today we hand craft Access Control Lists which are configured on each switch and are coarse grained, hard to manage and inevitably configuration drifts over time. Combined with Cisco’s Identity Services Engine (ISE), we have the ability to classify users into groups and then centrally define network contracts or policies that control what is allowed to communicate with what - like a super powerful firewall enforced on every switch and access point on the network.

The security benefits are especially encouraging, making it very hard for attackers, even once they have a toe-hold in the network, to move laterally This should also pass through to the data centre adding enhanced protections to hosted applications that could only even be accessed by certain user groups.

We are working with Capita's partner Firefly to define this as there is a clear trade-off between a perfectly tailored network contract that is highly specific to an individual’s needs and the inevitable burden of trying to administer it - it’s fair to say we are still very much learning and don’t fully understand this yet!

Proof of Concept (PoC)

We now have a Proof of Concept (PoC) SD-A network in our JWN data centre (see photos below).​ A comprehensive PoC build document (178 pages) has been produced and the team now have access to the PoC.​

 

  Picture of Proof of Concept (PoC) at James Watt North (JWN)   Another picture of Proof of Concept (PoC) at James Watt North (JWN)

Network Design Documents

The Network workstream is currently undergoing its design phase and as a result a lot of design documents have been, and will be, produced that will detail the design and operation of the new data network. Combined these currently run to hundreds of pages and is expected to run into a four figure number by the time they are complete. These design documents include:

  • Proof of Concept (PoC)
  • SD-A
    • Concept of operations (CONOPS) – aka use case document.
    • System requirements document
    • High level design
    • Low level design
  • Supercore service layer design brief
  • Data centre segmentation design brief
  • Network security design
  • Management tooling
    • Infoblox Low Level Design (for DNS management)
    • Ixia Low Level Design (for network monitoring)

Network Facts & Figures

  1. Covers 3 Campus’s:
    • Gilmorehill
    • Garscube
    • Crichton
  2. Doubles the amount of distribution nodes around the University
  3. Trebles the amount of internal wi-fi access points across the UofG
    • (Please note that every individual building is different and some will have a more than 3 x the current number and some will have less)
  4. Contains hundreds of pages on the design of the new network

Completed Works: Network

Completed Works

User Impact

Where?

When?

Configuration – Janet Bandwidth Upgrade to the Supercore Network

There was no loss of service

Data Centres

2 and 3 April 2023

JANET- Multimode SFP to Singlemode SFP Swap

There was no loss of service

Data Centres

12 April 2023

JANET Service Migration

There was no loss of service

Data Centres

13 April 2023

Ixia Service Go-Live

There was no loss of service

Data Centres

14 April 2023

Configuration - Supercore

There was no loss of service

Data Centres

22 to 27 April 2023

ACI Failover Testing Pt 1 & 2

There was no loss of service

Data Centres

11 and 12 May 2023

Supercore: Fusion installation at Data Centre 1

There was no loss of service

Data Centres

1 and 2 June 2023

Supercore: Re-position, reconfiguration and migration

The relevant affected team had been informed of impact

Data Centres

10 and 12 June 2023

Proof of Concept (PoC) Rework

 No access to PoC for PoC users

Data Centres

 1 June to 16 June 2023

ACI Failover Testing Pt 3

There was no loss of service

Data Centres

 14 June and 16 June 2023

Infoblox Go-Live Preparation

There was no loss of service

Data Centres

 13 April to 26 June 2023

Configuration: Supercore

There was no loss of service

Data Centres

 24 and 25 June 2023

Supercore: Fusion installation and configuration at Data Centre 2

There was no loss of service

 Data Centres 24 and 25 June 2023

Infoblox: Go-Live

Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services remained operational.

 Gilmorehill, Garscube and Remote Access 15 and 16 July 2023
Infoblox: Microsoft migration and testing

Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services remained operational.

 Gilmorehill, Garscube and Remote Access 15 and 16 July 2023
DNS Server: Installation

Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services remained operational.

 Gilmorehill, Garscube and Remote Access 19 July 2023
Infoblox: DHCP migration and user acceptance testing

Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services will remain operational.

 Gilmorehill, Garscube and Remote Access

29, 30 and 31 July 2023
Crichton Campus Upgrade

Varied level of impact (This was communicated to all at Crichton Campus by Stephen Patterson)

 Crichton Campus, Dumfries

15 May 2023 to 18 Sep 2023
Firewall Pt. 1

There was no loss of service

 Data Centres

21 Aug 2023 to 8 Sep 2023
Standardisation of network interfaces Pt. 1

There was no loss of service

 Data Centres

24 Oct 2023 to 25 Oct 2023
Installation of central networking core (SDA)

There was no loss of service

 Data Centres

23 Oct 2023 to 30 Oct 2023; from 09:00 to 17:00
Installation of nodes at JWN and Library

There was no loss of service

 JWN & Library

23 Oct 2023 to 28 Oct 2023; from 09:00 to 17:00

2 Nov 2023; from 09:00 to 17:00
Davidson Building: Installation of Distribution Switch

Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.

 Davidson Building

18 Dec 2023; from 17:00 to 21:00
James Watt South (JWS): Installation of Distribution Switch

Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.

 James Watt South (JWS) 

19 Dec 2023; from 17:00 to 00:00 
Southeast Corner of Gilbert Scott Building: Installation of Distribution Switch

Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.

 Southeast Corner of Gilbert Scott Building 

8 February 2024 from 18.00 to 23:00

 
Sir James Black Building: Installation of Distribution Switch

Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.

 Sir James Black Building

9 February 2024; from 18:00 to 23:00
BT Exchange in Gilbert Scott Building: Installation of Distribution Switch

Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.

 BT Exchange area of Gilbert Scott Building

10 and 11 February 2024: from 18:00 to 23:00
Joseph Black Building: Installation of Distribution Switch

Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.

 Joseph Black Building

11 and 12 February 2024; from 18:00 to 23:00
Rankine Building: Installation of Distribution Switch

Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.

 Rankine Building

13 February 2024; from 18:00 to 23:00
Scotgrid Connectivity: Reconfiguration

There was a complete loss of network connectivity to and from Scotgrid services, including access from inside the network, during the timeframe stated.

 Remote

23 March 2024 to 24 March 2024; from 09.00 to 18:00 each day 

Standardisation of network interfaces Pt. 2

 There was no loss of service Data Centres 25 March 2024 to 26 March 2024; from 18:00 to 22:00 each day

Scotgrid: Troubleshooting

 Intermittent connectivity was experienced to Scotgrid services for the 4 hour window of works. Remote 25 April 2024; from 08:00 to 12:00

Proof of Concept (PoC): Firepower Replacement

 Only the PoC was be affected. There was no other loss of service Remote 15 May 2024; from 09:00 to 17:00

Commission External Firewall

 There was no loss of service Remote 29 April 2024 to 5 July 2024; from 09:00 to 17:00 (daily)
Commission Internal Firewall There was no loss of service Remote 29 April 2024 to 5 July 2024; from 09:00 to 17:00 (daily)
Build SDA (and all associated components) There was no loss of service Remote 29 April 2024 to 5 July 2024; from 09:00 to 17:00 (daily)
Commission Service Layer firewall There was no loss of service Remote 29 April 2024 to 5 July 2024; from 09:00 to 17:00 (daily)
Firewall: IOT Testing and Migration

During the period of works, all users of wirelessly connected internet devices (UGRERUM part of network) were down for a 15-minute period during the window of downtime. This meant these devices were unavailable during this period. The systems became available after the 15-minute period has passed.

NB:

  • Hard wired kit was not affected
 Online 

Window of works:

23 July 2024; from 20:00 to 00:00

Window of downtime:

23 July 2024; from 20:30 to 20:45
Firewall: Azure Testing and Migration

During the period of works, access to certain Azure was down for a 15-minute period during the downtime window.

This meant Azure access was unavailable during this period.

Azure became available after the 15-minute period had passed.

NB:

  • Microsoft 365 was not affected
 Online 

Window of works:

24 July 2024; from 20:00 to 00:00

Window of downtime:

  • 20:30 to 20:45
Firewall: External Testing

During the period of works, all access to internet bound services was down for 2 x 15-minute period during the cutover window.

This meant access to internet bound services (JANET) was unavailable during this period.

The services became available after the 15-minute period has passed.

 Online (remotely and on-campuses)

Window of works:

25 July 2024; from 22:00 to 02:00

Downtime windows:

  • 22:30 to 22:45
  • 01:30 to 01:45
Firewall: External Migration

During the period of works, all access to internet bound services was down for a 15-minute period during the cutover window.

This meant access to internet bound services (JANET) were unavailable during this period.

Services became available after the 15-minute period had passed.

 Online (remotely and on-campuses) 

Window of works:

24 Aug 2024; from 21:30 to 03:00

Downtime windows:

  • 22:30 to 22:45
 
Garscube Distribution: Wolfson Wohl TCRC (TCRC), Sir Michael Stoker (SMS) & McCall Building

Each building chad partial outages in network services during their respective window of planned works. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access to the following services were affected intermittently: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.

 

Approx. outage details during each window of works:

  • TCRC: 19 outages x 2 mins per outage = 38 mins
  • SMS: 12 outages x 2 mins per outage = 24 mins
  • McCall: 29 outages x 2 mins per outage = 58 mins
 Wolfson Wohl TCRC (TCRC), Sir Michael Stoker (SMS) & McCall Building 

TCRC: 30 August 2024; from 18:00 to 02:00

SMS: 31 August 2024; from 08:00 to 23:00

McCall: 01 September 2024; from 08:00 to 23:00  
Library: Pilot SD Migration

There was no loss of service planned

 Remote

23 and 24 September 2024; from 09:00 to 17:00
JMS: Pilot SD Migration

There was no loss of service planned

 Remote 25 and 26 September 2024; from 09:00 to 17:00
JWN: Pilot SD Migration There was no loss of service planned Remote 27 and 30 September 2024; from 09:00 to 17:00 
McMillan Reading Room: Pilot SD Migration There was no network access, during the timeframe stated. This affected UofG network-based applications. Therefore, the McMillan Reading Room was closed during the period of works  McMillan Reading Room 1 and 2 October 2024; from 17:00 to 20:00 each day
Pearce Lodge: Pilot SD Migration

There was no network access, during the timeframe stated. This affected UofG network-based applications

NB:

Due to IP address changes, users were expected to test their access on Monday 7th and report any issues. Capita were be available at Pearce Lodge on the 7th to address any concerns.

 Pearce Lodge 5 and 6 October 2024; from 08:00 to 18:00 each day
Mazumdar-Shaw Advanced Research Centre (ARC): Distribution Switch Reconfiguration

Intermittent loss of connectivity during migration which is expected to last for 30-60 seconds. We are unable to specify exactly when this 1 minute of disruption will occur during the timeframe outlined.

 Remote 20 October 2024; from 01:00 to 04:00
Upgrade: Firewall Management Center and Appliances (cont'd)

There will be brief periods of internet disruption. UofG users should expect to experience up to 4 short interruptions, each lasting about 2 minutes, affecting access to services like MyGlasgow and email.

 Data Centres

25 October 2024 from 22:00 to 26 October 2024 01:00;

(3 hrs)

 

Distribution Node Buildings

The Network Programme (NP) will be replacing existing, long-standing network distribution switches as well as increasing the number of these important network hubs in the following buildings:

  • James Watt North (JWN)
  • South-East Main Building (SE Corner of Gilbert Scott)
  • Davidson Building
  • Sir James Black Building
  • Library (x2)
  • James Watt South (JWS)
  • Sir Alexander Stone Building
  • BT Exchange (BTEx)
  • Kelvin Building
  • Joseph Black Building (x2)
  • Advanced Research Centre (ARC) (x2)
  • James McCune Smith (x2)
  • Saughfield
  • Rankine Building
  • Sir Michael Stoker Building (CVR) - Garscube
  • Wolfson Wohl Cancer Research Centre (TRC) - Garscube

SD-A Pilot Buildings

The Network Programme (NP) will be testing a more secure, automated, and user-centric approach to network management in the following pilot buildings in 2024:

  • James Watt North (JWN) – Full
  • Library – Partial
  • James McCune Smith – Partial
  • Pearce Lodge – Full
  • Reading Room - Full

NB - Full conveys that all the current edge connections will be considered for migration to SDA for that building, whereas partial means a few ports will be considered, possibly one switch in a building