Network Workstream
The foundation of a data network is embedded within its core and distribution networks and both of these will be upgraded as part of the Network Programme in Phase 4. Upon delivery, our network will:
- be a Cisco Software Defined Access (SD-A) network, bringing it right up to date with modern network thinking
- have new security features
- provide automation possibilities
- provide a new set of network tooling such as Infoblox (for DNS management) and Ixia (for network montioring)
Software Defined-Access (SD-A)
Cisco SD-Access is Cisco’s name for Software Defined Networking. It provides zero-trust security in the workplace and secures access—by all users, all devices, and from all locations—across applications and the network environment.
According to the Cisco website SD-A:
- Identifies and verifies all endpoints.
- Includes users and IoT devices that connect to your network.
- Establishes policy and segmentation.
- Helps to ensure least-privilege access based on endpoint and user type.
- Continually monitors endpoint behaviour.
- Helps ensure compliance, including encrypted traffic.
- Quarantines endpoints that exhibit malicious or out-of-compliance behaviour.
- Stops threat migration.
Today we hand craft Access Control Lists which are configured on each switch and are coarse grained, hard to manage and inevitably configuration drifts over time. Combined with Cisco’s Identity Services Engine (ISE), we have the ability to classify users into groups and then centrally define network contracts or policies that control what is allowed to communicate with what - like a super powerful firewall enforced on every switch and access point on the network.
The security benefits are especially encouraging, making it very hard for attackers, even once they have a toe-hold in the network, to move laterally This should also pass through to the data centre adding enhanced protections to hosted applications that could only even be accessed by certain user groups.
We are working with Capita's partner Firefly to define this as there is a clear trade-off between a perfectly tailored network contract that is highly specific to an individual’s needs and the inevitable burden of trying to administer it - it’s fair to say we are still very much learning and don’t fully understand this yet!
Proof of Concept (PoC)
We now have a Proof of Concept (PoC) SD-A network in our JWN data centre (see photos below). A comprehensive PoC build document (178 pages) has been produced and the team now have access to the PoC.
Network Design Documents
The Network workstream is currently undergoing its design phase and as a result a lot of design documents have been, and will be, produced that will detail the design and operation of the new data network. Combined these currently run to hundreds of pages and is expected to run into a four figure number by the time they are complete. These design documents include:
- Proof of Concept (PoC)
- SD-A
- Concept of operations (CONOPS) – aka use case document.
- System requirements document
- High level design
- Low level design
- Supercore service layer design brief
- Data centre segmentation design brief
- Network security design
- Management tooling
- Infoblox Low Level Design (for DNS management)
- Ixia Low Level Design (for network monitoring)
Network Facts & Figures
- Covers 3 Campus’s:
- Gilmorehill
- Garscube
- Crichton
- Doubles the amount of distribution nodes around the University
- Trebles the amount of internal wi-fi access points across the UofG
- (Please note that every individual building is different and some will have a more than 3 x the current number and some will have less)
- Contains hundreds of pages on the design of the new network
Planned Works for 2023-24
|
Planned Work |
User Impact |
Where? |
When? |
|
Security |
Varied levels of impact dependent on differing tasks |
Data Centres |
Q1/Q2 2024 |
|
SD-A |
Varied levels of impact dependent on differing tasks |
Data Centres |
Q1/Q2 2024 |
NB - Information is subject to change
Completed Works: Network
|
Completed Works |
User Impact |
Where? |
When? |
|
Configuration – Janet Bandwidth Upgrade to the Supercore Network |
There was no loss of service |
Data Centres |
2 and 3 April 2023 |
|
JANET- Multimode SFP to Singlemode SFP Swap |
There was no loss of service |
Data Centres |
12 April 2023 |
|
JANET Service Migration |
There was no loss of service |
Data Centres |
13 April 2023 |
|
Ixia Service Go-Live |
There was no loss of service |
Data Centres |
14 April 2023 |
|
Configuration - Supercore |
There was no loss of service |
Data Centres |
22 to 27 April 2023 |
|
ACI Failover Testing Pt 1 & 2 |
There was no loss of service |
Data Centres |
11 and 12 May 2023 |
|
Supercore: Fusion installation at Data Centre 1 |
There was no loss of service |
Data Centres |
1 and 2 June 2023 |
|
Supercore: Re-position, reconfiguration and migration |
The relevant affected team had been informed of impact |
Data Centres |
10 and 12 June 2023 |
|
Proof of Concept (PoC) Rework |
No access to PoC for PoC users |
Data Centres |
1 June to 16 June 2023 |
|
ACI Failover Testing Pt 3 |
There was no loss of service |
Data Centres |
14 June and 16 June 2023 |
|
Infoblox Go-Live Preparation |
There was no loss of service |
Data Centres |
13 April to 26 June 2023 |
|
Configuration: Supercore |
There was no loss of service |
Data Centres |
24 and 25 June 2023 |
|
Supercore: Fusion installation and configuration at Data Centre 2 |
There was no loss of service |
Data Centres | 24 and 25 June 2023 |
|
Infoblox: Go-Live |
Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services remained operational. |
Gilmorehill, Garscube and Remote Access | 15 and 16 July 2023 |
| Infoblox: Microsoft migration and testing |
Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services remained operational. |
Gilmorehill, Garscube and Remote Access | 15 and 16 July 2023 |
| DNS Server: Installation |
Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services remained operational. |
Gilmorehill, Garscube and Remote Access | 19 July 2023 |
| Infoblox: DHCP migration and user acceptance testing |
Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services will remain operational. |
Gilmorehill, Garscube and Remote Access |
29, 30 and 31 July 2023 |
| Crichton Campus Upgrade |
Varied level of impact (This was communicated to all at Crichton Campus by Stephen Patterson) |
Crichton Campus, Dumfries |
15 May 2023 to 18 Sep 2023 |
| Firewall Pt. 1 |
There was no loss of service |
Data Centres |
21 Aug 2023 to 8 Sep 2023 |
| Standardisation of network interfaces Pt. 1 |
There was no loss of service |
Data Centres |
24 Oct 2023 to 25 Oct 2023 |
| Installation of central networking core (SDA) |
There was no loss of service |
Data Centres |
23 Oct 2023 to 30 Oct 2023; from 09:00 to 17:00 |
| Installation of nodes at JWN and Library |
There was no loss of service |
JWN & Library |
23 Oct 2023 to 28 Oct 2023; from 09:00 to 17:00 2 Nov 2023; from 09:00 to 17:00 |
| Davidson Building: Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
Davidson Building |
18 Dec 2023; from 17:00 to 21:00 |
| James Watt South (JWS): Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
James Watt South (JWS) |
19 Dec 2023; from 17:00 to 00:00 |
| Southeast Corner of Gilbert Scott Building: Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
Southeast Corner of Gilbert Scott Building |
8 February 2024 from 18.00 to 23:00 |
| Sir James Black Building: Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
Sir James Black Building |
9 February 2024; from 18:00 to 23:00 |
| BT Exchange in Gilbert Scott Building: Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
BT Exchange area of Gilbert Scott Building |
10 and 11 February 2024: from 18:00 to 23:00 |
| Joseph Black Building: Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
Joseph Black Building |
11 and 12 February 2024; from 18:00 to 23:00 |
| Rankine Building: Installation of Distribution Switch |
Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. |
Rankine Building |
13 February 2024; from 18:00 to 23:00 |
| Scotgrid Connectivity: Reconfiguration |
There was a complete loss of network connectivity to and from Scotgrid services, including access from inside the network, during the timeframe stated. |
Remote |
23 March 2024 to 24 March 2024; from 09.00 to 18:00 each day |
|
Standardisation of network interfaces Pt. 2 |
There was no loss of service | Data Centres | 25 March 2024 to 26 March 2024; from 18:00 to 22:00 each day |
Distribution Node Buildings
The Network Programme (NP) will be replacing existing, long-standing network distribution switches as well as increasing the number of these important network hubs in the following buildings:
- James Watt North (JWN)
- South-East Main Building (SE Corner of Gilbert Scott)
- Davidson Building
- Sir James Black Building
- Library (x2)
- James Watt South (JWS)
- Sir Alexander Stone Building
- BT Exchange (BTEx)
- Kelvin Building
- Joseph Black Building (x2)
- Advanced Research Centre (ARC) (x2)
- James McCune Smith (x2)
- Saughfield
- Rankine Building
- Sir Michael Stoker Building (CVR) - Garscube
- Wolfson Wohl Cancer Research Centre (TRC) - Garscube
SD-A Pilot Buildings
The Network Programme (NP) will be testing a more secure, automated, and user-centric approach to network management in the following pilot buildings in 2024:
- James Watt North (JWN) – Full
- Library – Partial
- James McCune Smith – Partial
- Pearce Lodge – Full
- Reading Room - Full
NB - Full conveys that all the current edge connections will be considered for migration to SDA for that building, whereas partial means a few ports will be considered, possibly one switch in a building