www.monash.edu.au myles fenton january 2008 monash internet service 2008

www.monash.edu.au

Myles FentonJanuary 2008

Monash Internet service 2008

www.monash.edu.au

2

Proxy what?

• Monash has been running an Internet service for staff and student Internet access since the early 1990’s.

• For security, auditing and billing purposes Monash has directed staff and student Internet traffic via a ‘proxy’ server farm.

www.monash.edu.au

3

The current problem…the business drivers

• Monash runs gigabit ethernet to every edge port. Monash has a dual gigabit connection to the Internet.

• The proxy farm has an ever increasing load which is gradually causing performance degradation and this can make the internet appear ‘slow’.

• The proxy farm is on 4 year old hardware which needs refreshing.

www.monash.edu.au

4

The new Internet service for 2008

Solution objective:• to continue to provide fast authenticated internet access

to the Monash community.

The solution:Wire speed Internet authentication and auditing hardware

The Cisco SCE hardware isRedundant, highly available and offers 4Gb/s switching with layer 7 packet inspection at micro second latency

www.monash.edu.au

5

new Internet service for 2008

New Look

Authentication…

2. New web authentication for wired computers:3. New authentication for wireless

1. Current proxy authentication:

www.monash.edu.au

6

new Internet service for 2008

Browser settings

the monash proxy.pac needs

to be removed

http://www.its.monash.edu/staff/internet/access/

www.monash.edu.au

7

new Internet service for 2008

• New access

New IP range for direct internet access

move to public IP’s

www.monash.edu.au

8

new Internet service for 2008

Server subnets 130.194.0.1 – 130.194.31.254 8192 IP addresses

Staff 130.194.32.1 - 130.194.239.254 53248 IP addresses

Commercial 130.194.240.1 - 130.194.247.254 2048 IP addresses

Research 130.194.248.1 - 130.194.255.254 2048 IP addresses

Wireless 118.139.0.1 - 118.139.127.254 32,768 IP addresses

VOIP 118.138.0.1 - 118.138.127.254 32,768 IP addresses

Students 118.138.128.1 - 118.138.255.254 32,768 IP addresses

IP authentication

User authentication

www.monash.edu.au

9

new Internet service for 2008

new Internet authentication exemption:

(previously mandatory proxy exemption “MPA exemption”)

> User AuthIP Auth

NetClass:

www.monash.edu.au

10

new Internet service for 2008

Internet billing:Introduction of “un-quoated” downloads

for Research & Education locations (“on-net”).

www.monash.edu.au

11

new Internet service for 2008

Internet logout…why? • So when the next person users the computer, they are asked to

authenticate and their Internet usage is tracked against their username not yours.

• Internet logout in the staff environment

www.monash.edu.au

12

new Internet service for 2008

• Internet logout in the student computer lab environment is the windows/Novell and Linux/MacOSx session logout.

www.monash.edu.au

13

new Internet service for 2008

• Internet logout in the wireless environment is controlled by disconnecting from the wireless network.

www.monash.edu.au

14

Time frames

Friday January 18 2008• New service available on 130.194.x.y staff and 118.138.x.y student and wireless

networks.• ITS Service desk support start and ITS public web pages available

Monday 25 February 2008 (start of semester)• Some faculties will have done the IP migration for student labs and re-imaged the

computer labs with the logout settings.• Some faculties will have migrated their staff networks.

30 June 2008• Faculties are asked to have migrated their staff and students by mid year. ITS will

be encouraging faculties to migrate as early as possible.• Existing socks and web proxy farm to be switched off and decommissioned.

20 December 2008• Fall back date for decommissioning web and socks proxy service.

www.monash.edu.au

15

Questions?

FAQ located at:

http://www-dev.its.monash.edu.au/staff/internet/access/faq.html

www.monash.edu.au

16

new Internet service for 2008

Improved Control ….• Internet users can be placed into profiles.• Each profile can allow/deny certain applications at pre defined

speeds

www.monash.edu.au

17

new Internet service for 2008

Usage Control…• Student usage could? be shaped with weekly

quota allocations to curb inappropriate use.

Student Traffic Shaping200MB weekly allocation with rollover

0500

100015002000250030003500

1 2 3 4 5 6 7 8 9 10 11 12 13

Week

Meg

abyt

es

Example Usage

No Access

4Kb/s

32Kb/s

Full speed