[email protected]: News & Resources

By and for Technology-minded folks at Brown

DCC Meeting Notes – 5-10-17

without comments

Chris Grossi – Announcements

  • Dell is taking longer than anticipated updating the Premier Page with the Standard Configurations
  • Looking at PXE boot for OSD
  • Matlab TAH renewal is in process
    • May need to authenticate with Matlab account when using Matlab in public labs
  • SAS renewal is in process
  • Filemaker 16 has just be released, working on packaging and updating
  • Working on obtaining licenses for Scrivener

Stephanie Obboda – Virtru FAQ

  • Encrypted Email Solution – Nearly ready to roll out (hopefully in June)
    • End to end encryption
    • Does not protect against Gmail password hacks
    • Virtru detects SSN’s and recommends encryption
    • See FAQ at following link
    • Training Service Center to determine if Virtru emails are real or phishing to assist University questions

Josh Lamont (Telecommunications) – CISCO Phone Conversion Schedule

  • All infrastructure deployed
  • 35% of phones are deployed
  • 2200/6600
  • Call Centers
    • IT Service Center
    • Financial Aid
  • October 2018 Completion Date
  • https://ithelp.brown.edu/kb/articles/645-phone-system-upgrade
  • Challenges
    • Are buildings PoE/UPS ready
    • Building verification confirming switch ports and tap IT’s
    • Populating 911 info
  • What we’ve learned
    • General Users
      • Single line
      • How to change wallpaper/ringtone
    • Power Users
      • Multiple lines
      • Significant difference in multi-line/multi-appearance
      • Forwarding of individual lines vs entire phone
      • Color phones, high contrast, huge text
    • Users shouldn’t move phones without the assistance of Telecom
    • Simple reboot of phone generally resolves basic issues
  • Additional info can be found at brown.edu/go/phones

Pat O’Leary – Network Group

  • Network Outage Review
    • Network Architecture (Core, Distribution, Access)
    • Control Plane versus Data Plane
    • High CPU
    • Control Plane Policing
    • Loop Detection
    • DPDU Guard
    • Broadcast Packets
  • BC Pod was having issues
    • Control Plane vs Data Plane
    • High CPU
      • When CPU gets too high, drops in services occur
    • Control Plane Policing (CoPP)
      • Issue with Dell NIC cards when machines were going to sleep
      • Categorizes and limits traffic destined for the CPU of a router/switch
      • “Helps” prevent against DoS attacks
      • Is customizable by protocol or access list policy
      • Allows the router/switch to continue doing it’s job over heavy loads
    • Cisco EEM Scripts
      • Embedded Event Manager
      • Allows NOC to capture traffic being received by the CPU during taxing periods
      • Tells which processes are using the most CPU
      • Allows us to have more visibility as to what is happening in the network and take corrective action
    • Loop Detection
      • Layer 2 networks must be loop free
        • Problem for redundant networks
        • Spanning Tree is the protocol used to prevent loops putting some points in blocking mode
        • BPDU’s are sent every 2 seconds
    • BPDU Guard
      • Bridge Protocol Data Units are only sent from switches participating in spanning tree
      • User ports should never see BPDU’s. If they do, then they are either connected to a  spanning tree switch
      • When this happens, tap is dialed for 15 minutes
    • Storm Control
      • Samples frames over the course of one second
      • If broadcast rate exceeds 20% of bandwidth, the port is error-disabled for 15 minutes
      • NOC receives a trap indicating this and can take corrective action
    • Residential halls are now under firewall blocking inbound

Doug Wilkinson – Network Group

  • Extending the network?
    • Switches and hubs – What will break?
      • Dot1x
      • Performance
      • BPDU guard and MAC address limits
    • Wireless routers?
      • Potential for interference
        • Home router defaults can cause issues
        • Has Brown-Guest ever prompted for a password?
      • Open Wifi (no password)
      • Tried Brown-Guest?
        • What doesn’t work?
  • Automated vlan/subnet selection (aka dot1x)
    • Why do this?
      • Security for networks with elevated access
      • Seamless access regardless of wired, wireless, or VPN
      • Alignment with Network Security Zones
    • Testing
      • Using Cloudpath to configure clients
      • MAC authentication for devices unable to use “credentials” to login
      • Fingerprinting device types as alternative

BBQ during June DCC Meeting

Written by [email protected]

May 10th, 2017 at 1:03 pm

Posted in Uncategorized