Presentation is loading. Please wait.

Presentation is loading. Please wait.

ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland.

Published byOlivia Dawson Modified over 8 years ago

Similar presentations

Presentation on theme: "ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland."— Presentation transcript:

1 ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland

2 2 ESnet Oak Ridge Hub @ ORNL

3 3 Optical Upgrade Phase I

4 4 Optical Upgrade Phase II

5 5 Optical Upgrade Phase III

6 6 ORNL IPv6 Received /44 assignment Continued deployment at DMZs Services – WWW – DNS – Email New projects Visitor wireless pending

7 7 ORNL IPv6 Deployment

8 8 Mobile Device Support Goals Bruce Wilson, wilsonbe@ornl.govwilsonbe@ornl.gov policies relating to mobile devices are in the process of being revised ORNL’s strategy for mobile devices (including phones, tablets, and laptops) supports a broader goal of enabling mobility for unclassified work ensuring: – ORNL workers can conduct most research and business tasks from any place and any device – ORNL takes advantage of mobile device capabilities to enable incremental and major changes to research and business methods, including a high degree of portability, persistent connectivity, location awareness, cameras with substantial image processing capabilities, rapidly-evolving “there’s an app for that” ecosystems, security models that reduce many current threat vectors, and a broad range of available devices.

9 9 Mobile Device Strategy Focus on usability and end-user productivity, while layering security in up front, to ensure that solutions are both user-friendly and secure. Enable secure and user-friendly access to ORNL email, files, applications, and web sites for BYO and ORNL devices by procuring and implementing tools to manage access. To the extent possible, these tools should separate business and personal information and enable secure deletion of ORNL data. Develop and revise ORNL applications to enable use from mobile devices (including BYOD). Make a sufficient variety of ORNL-managed mobile devices available to meet core needs; promote the use of BYOD for cases where government-owned devices are not required. Ensure that research projects are able to use and develop mobile solutions to deliver scientific discoveries and technical breakthroughs. Ensure a robust and secure network infrastructure that enables mobility and connectivity for ORNL staff and visitors. Use technology, policy, and training to help users and managers “do the right thing” to protect ORNL information, select cost-effective options, monitor usage, and be compliant with laws and policies.

10 10 Mobile Device Support Current government owned devices – Blackberry – iPad Employee BYOD – Stipend – Good Evaluating Zen Mobile – More capability – Leverage existing infrastructure

11 11 Wireless David Wantland wantlanddm@ornl.govwantlanddm@ornl.gov Wireless Infrastructure – Cisco wireless controller and mixture of autonomous access points – Tunneled through campus infrastructure – IPS, web proxy Enterprise wireless – ORNL registered devices only – WPA – Future plans with Cisco Identify Services Engine (ISE) Visitor wireless (open) – Non-ORNL devices – Un-validated registration (acceptance page) – Filtered to ORNL, open to Internet – Separate DNS/DHCP servers

12 12 Wireless Radio Infrastructure Physical wireless implementation is a mixture of controller based and autonomous access points. Currently in the process of migrating all autonomous access points to controller based. Approximately 90% of ORNL’s wireless infrastructure is controller based. Access Points are limited to channels 1,6,11 for b/g radios, no restrictions set on channels for A radios. Cisco Clean Air automatically adjusts channels as needed.

13 13 Enterprise Wireless Uses WPA with TKIP for authentication and encryption with using ORNL user ids and passwords for authentication. Only ORNL owned machines are allowed on the WPA network. If non ORNL machines are used then they are blocked once they are detected. Currently this block takes place at the Layer-3 switch that routes the WPA network. Currently working on deploying Cisco Identity Services Engine (ISE) throughout both the wired and wireless networks. The ISE will provide machine specific access control lists that will be enforced by the Wireless Controller.

14 14 Visitor Network For all practical purposes the ORNL visitor network is the network for “BYOD”. Both visitors and employees are allowed to use it. However ORNL owned systems are not allowed on the visitor network. Remote access in to ORNL from the visitor network is currently only provided via Citrix. DNS and DHCP services are distinct systems from the ORNL Enterprise DNS and DHCP. The DNS service is a forward only service that resolves hosts to the same IP address that the general internet would.

15 15 Visitor Network and IPv6 Currently developing IPv6 support for visitor wireless. Wireless controller can answer Neighbor Solicitation packets on behalf of hosts for IPv6 to MAC entries that it currently has cached. Wireless controller also provides Router Advertisement throttling to prevent routers that are configured with high rates of advertisements.

16 16 ORNL Wireless

17 17 Questions ?

Download ppt "ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland."

Similar presentations

Network Systems Sales LLC

Network Systems Sales LLC
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.

Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Technology Requirements for Online Testing Online Training Module for the Smarter Balanced Assessment.

Technology Requirements for Online Testing Online Training Module for the Smarter Balanced Assessment.
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewall Configuration Strategies

Firewall Configuration Strategies
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
WAN Technology Overview Lecture 3: Introduction to WAN.

WAN Technology Overview Lecture 3: Introduction to WAN.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Similar presentations

Ads by Google