DCC Meeting Notes – 5-10-17
Chris Grossi – Announcements
- Dell is taking longer than anticipated updating the Premier Page with the Standard Configurations
- Looking at PXE boot for OSD
- Matlab TAH renewal is in process
- May need to authenticate with Matlab account when using Matlab in public labs
- SAS renewal is in process
- Filemaker 16 has just be released, working on packaging and updating
- Working on obtaining licenses for Scrivener
Stephanie Obboda – Virtru FAQ
- Encrypted Email Solution – Nearly ready to roll out (hopefully in June)
- End to end encryption
- Does not protect against Gmail password hacks
- Virtru detects SSN’s and recommends encryption
- See FAQ at following link
- Training Service Center to determine if Virtru emails are real or phishing to assist University questions
Josh Lamont (Telecommunications) – CISCO Phone Conversion Schedule
- All infrastructure deployed
- 35% of phones are deployed
- 2200/6600
- Call Centers
- IT Service Center
- Financial Aid
- October 2018 Completion Date
- https://ithelp.brown.edu/kb/articles/645-phone-system-upgrade
- Challenges
- Are buildings PoE/UPS ready
- Building verification confirming switch ports and tap IT’s
- Populating 911 info
- What we’ve learned
- General Users
- Single line
- How to change wallpaper/ringtone
- Power Users
- Multiple lines
- Significant difference in multi-line/multi-appearance
- Forwarding of individual lines vs entire phone
- Color phones, high contrast, huge text
- Users shouldn’t move phones without the assistance of Telecom
- Simple reboot of phone generally resolves basic issues
- General Users
- Additional info can be found at brown.edu/go/phones
Pat O’Leary – Network Group
- Network Outage Review
- Network Architecture (Core, Distribution, Access)
- Control Plane versus Data Plane
- High CPU
- Control Plane Policing
- Loop Detection
- DPDU Guard
- Broadcast Packets
- BC Pod was having issues
- Control Plane vs Data Plane
- High CPU
- When CPU gets too high, drops in services occur
- Control Plane Policing (CoPP)
- Issue with Dell NIC cards when machines were going to sleep
- Categorizes and limits traffic destined for the CPU of a router/switch
- “Helps” prevent against DoS attacks
- Is customizable by protocol or access list policy
- Allows the router/switch to continue doing it’s job over heavy loads
- Cisco EEM Scripts
- Embedded Event Manager
- Allows NOC to capture traffic being received by the CPU during taxing periods
- Tells which processes are using the most CPU
- Allows us to have more visibility as to what is happening in the network and take corrective action
- Loop Detection
- Layer 2 networks must be loop free
- Problem for redundant networks
- Spanning Tree is the protocol used to prevent loops putting some points in blocking mode
- BPDU’s are sent every 2 seconds
- Layer 2 networks must be loop free
- BPDU Guard
- Bridge Protocol Data Units are only sent from switches participating in spanning tree
- User ports should never see BPDU’s. If they do, then they are either connected to a spanning tree switch
- When this happens, tap is dialed for 15 minutes
- Storm Control
- Samples frames over the course of one second
- If broadcast rate exceeds 20% of bandwidth, the port is error-disabled for 15 minutes
- NOC receives a trap indicating this and can take corrective action
- Residential halls are now under firewall blocking inbound
Doug Wilkinson – Network Group
- Extending the network?
- Switches and hubs – What will break?
- Dot1x
- Performance
- BPDU guard and MAC address limits
- Wireless routers?
- Potential for interference
- Home router defaults can cause issues
- Has Brown-Guest ever prompted for a password?
- Open Wifi (no password)
- Tried Brown-Guest?
- What doesn’t work?
- Potential for interference
- Switches and hubs – What will break?
- Automated vlan/subnet selection (aka dot1x)
- Why do this?
- Security for networks with elevated access
- Seamless access regardless of wired, wireless, or VPN
- Alignment with Network Security Zones
- Testing
- Using Cloudpath to configure clients
- MAC authentication for devices unable to use “credentials” to login
- Fingerprinting device types as alternative
- Why do this?
BBQ during June DCC Meeting