Upload
anjaneshbabu
View
615
Download
2
Embed Size (px)
DESCRIPTION
How the Ashmolean, Pitt Rivers and University Museums, in cooperation with the Computing Services, implemented a joint Firewall and set up cross-museum wireless access, via a Fortigate 200B cluster, Aerohive Access Points and many Gliffy diagrams
Citation preview
1
The Challenge of Integrating the Networks of���
Three University Museums
Jonathan Moffett : Ashmolean
Anjanesh Babu : Ashmolean
Sarah Phibbs : OUMNH
Haas Ezzet : Pitt Rivers
ICTF 2012 5 July 2012
2
Museum 1: Ashmolean
http://www.ashmolean.org
3
Museum 2 : Natural History Museum
http://www.oum.ox.ac.uk
4
Museum 3 : Pitt Rivers Museum
http://www.prm.ox.ac.uk
5
• Collections Management
• Academic Research
• Displays / Exhibitions
• Education / Outreach
• University Teaching
• Events
• Collections Online
What we do
6
Visitors
• Visitor Numbers : around 2 million
• Around 3 million virtual visitors
• Free to visit
• 300 - 400 staff
• 6.5 FTE ICT Staff
Why Integrate our Networks?
• Security Considerations
• Museums Reviews
• External funding
• Greater access to collections
8
in house
Ashmolean Natural History Pitt Rivers
The Museum Networks in 2010
Challenges
• Accommodate the variations
• Resources
• F unding (ACE / Renaissance )
• Maintaining operational continuity
FW 3!FW 2!FW 1!
Solutions: Option 1: Stand alone
FW 3!FW 2!FW 1!
Solutions: Option 2: mix & match
FW 3!FW 2!FW 1!
Solutions: Option 3: match & mix
13
Solutions: Option 4: Working Together
QinQ
QinQ
c o r e
14
Scale of the problem
The Ashmolean
Natural History Museum
Pitt Rivers
1 mile
15
OUCS : The Front Door System
OUMNH
PRM
The Ashmolean Site Default VLAN
Other vlans
Site Default VLAN
Other vlans
Ash-Frodo PRM-Frodo
OUM-Frodo
VLAN Aggregator
QinQ
QinQ
QinQ QinQ
802.1Q Trunks
Site VLANS
16
Firewall Hardware
Core Switch : Cisco 3750-X
FORTIGATE 200B FORTIGATE 200B
FORTIANALYSER 100C
Active Firewall Passive Firewall
Eaton Source Switching Eaton EA 1000VA 2U Eaton EA 1000VA 2U
Mains Power Mains Power
17
Fortinet: Advantage
VDOM 1 VDOM 2 VDOM 3
One Physical Unit
18
Fortinet: did we get this right?
2010 2012
19
Aerohive advantages : wireless
• Single WPA2 network – multiple vlans
• Distributed architecture (‘the Hive’)
• Mesh network
• Feature rich
• Cost effective
PPSK
20
Aerohive: Single SSID: Multiple VLans
Ash – MAC filter
OUM – MAC filter
PRM – MAC filter
ASH – user list
OUM– User list
PRM– User list
PRM VLAN
OUM VLAN
Ash VLAN
WPA2 – PSK SSID
21
Getting the tingles
• Wireless Network growing
• Static devices up
• Reduction in number of attacks
• Visibility into usage patterns
• Simplified management
22
in house
A recap of how we were before ........
Where we are now: Service Layers
? edge
24
Reduce the Chatter
DNS
DHCP
0101010100101101010100101010101011
DNS
DHCP 0101010100101111
Core
25
Push to the Edge <the future>
Push IT Expertise to the edge
26
User-Savvy Tech
• Not tech savvy users
• Simpler tools to get things done - e.g. codiqa, online ‘noCode’ app development
• This is the future we are anticipating
• Enablers for change
27
Eternally grateful to
• Alistair James (OUCS Network Operations Manager)
• Pierre Ramsay (OUCS Network Control)
• Mark Siddle (Network Operations)
• Stephen Madeley (Network Operations)
• Christopher Burchell (Network Operations)
• Entire OUCS Networks team
• Oxford University IT Support Staff Group
28
Any Questions ?