Phase 4: Network Workstream
The foundation of a data network is embedded within its core and distribution networks and both of these will be upgraded as part of the Network Programme in Phase 4. Upon delivery, our network will:
- be a Cisco Software Defined Access (SD-A) network, bringing it right up to date with modern network thinking
- have new security features
- provide automation possibilities
- provide a new set of network tooling such as Infoblox (for DNS management) and Ixia (for network montioring)
Software Defined-Access (SD-A)
Cisco SD-Access is Cisco’s name for Software Defined Networking. It provides zero-trust security in the workplace and secures access—by all users, all devices, and from all locations—across applications and the network environment.
According to the Cisco website SD-A:
- Identifies and verifies all endpoints.
- Includes users and IoT devices that connect to your network.
- Establishes policy and segmentation.
- Helps to ensure least-privilege access based on endpoint and user type.
- Continually monitors endpoint behaviour.
- Helps ensure compliance, including encrypted traffic.
- Quarantines endpoints that exhibit malicious or out-of-compliance behaviour.
- Stops threat migration.
Today we hand craft Access Control Lists which are configured on each switch and are coarse grained, hard to manage and inevitably configuration drifts over time. Combined with Cisco’s Identity Services Engine (ISE), we have the ability to classify users into groups and then centrally define network contracts or policies that control what is allowed to communicate with what - like a super powerful firewall enforced on every switch and access point on the network.
The security benefits are especially encouraging, making it very hard for attackers, even once they have a toe-hold in the network, to move laterally This should also pass through to the data centre adding enhanced protections to hosted applications that could only even be accessed by certain user groups.
We are working with Capita's partner Firefly to define this as there is a clear trade-off between a perfectly tailored network contract that is highly specific to an individual’s needs and the inevitable burden of trying to administer it - it’s fair to say we are still very much learning and don’t fully understand this yet!
Proof of Concept (PoC)
We now have a Proof of Concept (PoC) SD-A network in our JWN data centre (see photos below). A comprehensive PoC build document (178 pages) has been produced and the team now have access to the PoC.
Network Design Documents
The Network workstream is currently undergoing its design phase and as a result a lot of design documents have been, and will be, produced that will detail the design and operation of the new data network. Combined these currently run to hundreds of pages and is expected to run into a four figure number by the time they are complete. These design documents include:
- Proof of Concept (PoC)
- SD-A
- Concept of operations (CONOPS) – aka use case document.
- System requirements document
- High level design
- Low level design
- Supercore service layer design brief
- Data centre segmentation design brief
- Network security design
- Management tooling
- Infoblox Low Level Design (for DNS management)
- Ixia Low Level Design (for network monitoring)
Network Facts & Figures
- Covers 3 Campus’s:
- Gilmorehill
- Garscube
- Crichton
- Doubles the amount of distribution nodes around the University
- Trebles the amount of internal wi-fi access points across the UofG
- (Please note that every individual building is different and some will have a more than 3 x the current number and some will have less)
- Contains hundreds of pages on the design of the new network
Completed Works: Network
Completed Works |
User Impact |
Where? |
When? |
Configuration – Janet Bandwidth Upgrade to the Supercore Network |
There was no loss of service |
Data Centres |
2 and 3 April 2023 |
JANET- Multimode SFP to Singlemode SFP Swap |
There was no loss of service |
Data Centres |
12 April 2023 |
JANET Service Migration |
There was no loss of service |
Data Centres |
13 April 2023 |
Ixia Service Go-Live |
There was no loss of service |
Data Centres |
14 April 2023 |
Configuration - Supercore |
There was no loss of service |
Data Centres |
22 to 27 April 2023 |
ACI Failover Testing Pt 1 & 2 |
There was no loss of service |
Data Centres |
11 and 12 May 2023 |
Supercore: Fusion installation at Data Centre 1 |
There was no loss of service |
Data Centres |
1 and 2 June 2023 |
Supercore: Re-position, reconfiguration and migration |
The relevant affected team had been informed of impact |
Data Centres |
10 and 12 June 2023 |
Proof of Concept (PoC) Rework |
No access to PoC for PoC users |
Data Centres |
1 June to 16 June 2023 |
ACI Failover Testing Pt 3 |
There was no loss of service |
Data Centres |
14 June and 16 June 2023 |
Infoblox Go-Live Preparation |
There was no loss of service |
Data Centres |
13 April to 26 June 2023 |
Configuration: Supercore |
There was no loss of service |
Data Centres |
24 and 25 June 2023 |
Supercore: Fusion installation and configuration at Data Centre 2 |
There was no loss of service |
Data Centres | 24 and 25 June 2023 |
Infoblox: Go-Live |
Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services remained operational. |
Gilmorehill, Garscube and Remote Access | 15 and 16 July 2023 |
Infoblox: Microsoft migration and testing |
Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services remained operational. |
Gilmorehill, Garscube and Remote Access | 15 and 16 July 2023 |
DNS Server: Installation |
Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services remained operational. |
Gilmorehill, Garscube and Remote Access | 19 July 2023 |
Infoblox: DHCP migration and user acceptance testing |
Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services will remain operational. |
Gilmorehill, Garscube and Remote Access |
29, 30 and 31 July 2023 |
Crichton Campus Upgrade |
Varied level of impact (This was communicated to all at Crichton Campus by Stephen Patterson) |
Crichton Campus, Dumfries |
15 May 2023 to 18 Sep 2023 |
Firewall Pt. 1 |
There was no loss of service |
Data Centres |
21 Aug 2023 to 8 Sep 2023 |
Standardisation of network interfaces Pt. 1 |
There was no loss of service |
Data Centres |
24 Oct 2023 to 25 Oct 2023 |
Installation of central networking core (SDA) |
There was no loss of service |
Data Centres |
23 Oct 2023 to 30 Oct 2023; from 09:00 to 17:00 |
Installation of nodes at JWN and Library |
There was no loss of service |
JWN & Library |
23 Oct 2023 to 28 Oct 2023; from 09:00 to 17:00 2 Nov 2023; from 09:00 to 17:00 |
Davidson Building: Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
Davidson Building |
18 Dec 2023; from 17:00 to 21:00 |
James Watt South (JWS): Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
James Watt South (JWS) |
19 Dec 2023; from 17:00 to 00:00 |
Southeast Corner of Gilbert Scott Building: Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
Southeast Corner of Gilbert Scott Building |
8 February 2024 from 18.00 to 23:00 |
Sir James Black Building: Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
Sir James Black Building |
9 February 2024; from 18:00 to 23:00 |
BT Exchange in Gilbert Scott Building: Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
BT Exchange area of Gilbert Scott Building |
10 and 11 February 2024: from 18:00 to 23:00 |
Joseph Black Building: Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
Joseph Black Building |
11 and 12 February 2024; from 18:00 to 23:00 |
Rankine Building: Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
Rankine Building |
13 February 2024; from 18:00 to 23:00 |
Scotgrid Connectivity: Reconfiguration |
There was a complete loss of network connectivity to and from Scotgrid services, including access from inside the network, during the timeframe stated. |
Remote |
23 March 2024 to 24 March 2024; from 09.00 to 18:00 each day |
Standardisation of network interfaces Pt. 2 |
There was no loss of service | Data Centres | 25 March 2024 to 26 March 2024; from 18:00 to 22:00 each day |
Scotgrid: Troubleshooting |
Intermittent connectivity was experienced to Scotgrid services for the 4 hour window of works. | Remote | 25 April 2024; from 08:00 to 12:00 |
Proof of Concept (PoC): Firepower Replacement |
Only the PoC was be affected. There was no other loss of service | Remote | 15 May 2024; from 09:00 to 17:00 |
Commission External Firewall |
There was no loss of service | Remote | 29 April 2024 to 5 July 2024; from 09:00 to 17:00 (daily) |
Commission Internal Firewall | There was no loss of service | Remote | 29 April 2024 to 5 July 2024; from 09:00 to 17:00 (daily) |
Build SDA (and all associated components) | There was no loss of service | Remote | 29 April 2024 to 5 July 2024; from 09:00 to 17:00 (daily) |
Commission Service Layer firewall | There was no loss of service | Remote | 29 April 2024 to 5 July 2024; from 09:00 to 17:00 (daily) |
Firewall: IOT Testing and Migration |
During the period of works, all users of wirelessly connected internet devices (UGRERUM part of network) were down for a 15-minute period during the window of downtime. This meant these devices were unavailable during this period. The systems became available after the 15-minute period has passed. NB:
|
Online |
Window of works: 23 July 2024; from 20:00 to 00:00 Window of downtime: 23 July 2024; from 20:30 to 20:45 |
Firewall: Azure Testing and Migration |
During the period of works, access to certain Azure was down for a 15-minute period during the downtime window. This meant Azure access was unavailable during this period. Azure became available after the 15-minute period had passed. NB:
|
Online |
Window of works: 24 July 2024; from 20:00 to 00:00 Window of downtime:
|
Firewall: External Testing |
During the period of works, all access to internet bound services was down for 2 x 15-minute period during the cutover window. This meant access to internet bound services (JANET) was unavailable during this period. The services became available after the 15-minute period has passed. |
Online (remotely and on-campuses) |
Window of works: 25 July 2024; from 22:00 to 02:00 Downtime windows:
|
Firewall: External Migration |
During the period of works, all access to internet bound services was down for a 15-minute period during the cutover window. This meant access to internet bound services (JANET) were unavailable during this period. Services became available after the 15-minute period had passed. |
Online (remotely and on-campuses) |
Window of works: 24 Aug 2024; from 21:30 to 03:00 Downtime windows:
|
Garscube Distribution: Wolfson Wohl TCRC (TCRC), Sir Michael Stoker (SMS) & McCall Building |
Each building chad partial outages in network services during their respective window of planned works. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access to the following services were affected intermittently: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.
Approx. outage details during each window of works:
|
Wolfson Wohl TCRC (TCRC), Sir Michael Stoker (SMS) & McCall Building |
TCRC: 30 August 2024; from 18:00 to 02:00 SMS: 31 August 2024; from 08:00 to 23:00 McCall: 01 September 2024; from 08:00 to 23:00 |
Library: Pilot SD Migration |
There was no loss of service planned |
Remote |
23 and 24 September 2024; from 09:00 to 17:00 |
JMS: Pilot SD Migration |
There was no loss of service planned |
Remote | 25 and 26 September 2024; from 09:00 to 17:00 |
JWN: Pilot SD Migration | There was no loss of service planned | Remote | 27 and 30 September 2024; from 09:00 to 17:00 |
McMillan Reading Room: Pilot SD Migration | There was no network access, during the timeframe stated. This affected UofG network-based applications. Therefore, the McMillan Reading Room was closed during the period of works | McMillan Reading Room | 1 and 2 October 2024; from 17:00 to 20:00 each day |
Pearce Lodge: Pilot SD Migration |
There was no network access, during the timeframe stated. This affected UofG network-based applications NB: Due to IP address changes, users were expected to test their access on Monday 7th and report any issues. Capita were be available at Pearce Lodge on the 7th to address any concerns. |
Pearce Lodge | 5 and 6 October 2024; from 08:00 to 18:00 each day |
Mazumdar-Shaw Advanced Research Centre (ARC): Distribution Switch Reconfiguration |
Intermittent loss of connectivity during migration which is expected to last for 30-60 seconds. We are unable to specify exactly when this 1 minute of disruption will occur during the timeframe outlined. |
Remote | 20 October 2024; from 01:00 to 04:00 |
Upgrade: Firewall Management Center and Appliances (cont'd) |
There will be brief periods of internet disruption. UofG users should expect to experience up to 4 short interruptions, each lasting about 2 minutes, affecting access to services like MyGlasgow and email. |
Data Centres |
25 October 2024 from 22:00 to 26 October 2024 01:00; (3 hrs) |
Distribution Node Buildings
The Network Programme (NP) will be replacing existing, long-standing network distribution switches as well as increasing the number of these important network hubs in the following buildings:
- James Watt North (JWN)
- South-East Main Building (SE Corner of Gilbert Scott)
- Davidson Building
- Sir James Black Building
- Library (x2)
- James Watt South (JWS)
- Sir Alexander Stone Building
- BT Exchange (BTEx)
- Kelvin Building
- Joseph Black Building (x2)
- Advanced Research Centre (ARC) (x2)
- James McCune Smith (x2)
- Saughfield
- Rankine Building
- Sir Michael Stoker Building (CVR) - Garscube
- Wolfson Wohl Cancer Research Centre (TRC) - Garscube
SD-A Pilot Buildings
The Network Programme (NP) will be testing a more secure, automated, and user-centric approach to network management in the following pilot buildings in 2024:
- James Watt North (JWN) – Full
- Library – Partial
- James McCune Smith – Partial
- Pearce Lodge – Full
- Reading Room - Full
NB - Full conveys that all the current edge connections will be considered for migration to SDA for that building, whereas partial means a few ports will be considered, possibly one switch in a building