Network

From Wiki CEINGE

(Difference between revisions)
Jump to: navigation, search
Revision as of 23:47, 16 June 2007 (edit)
Gianluca (Talk | contribs)

← Previous diff		 Revision as of 00:18, 17 June 2007 (edit) (undo)
Gianluca (Talk | contribs)

Next diff →
Line 12: Line 12:
*'''Peripheral network''': 12 network nodes are distributed homogeneously in the building and provides ethernet connection to the clients; each network node can be configured to offer different virtual LAN, allowing client grouping and low level isolation between groups of computers, for security and network manageability. *'''Peripheral network''': 12 network nodes are distributed homogeneously in the building and provides ethernet connection to the clients; each network node can be configured to offer different virtual LAN, allowing client grouping and low level isolation between groups of computers, for security and network manageability.
*'''External connectivity''': it is realized by a connection hosted by the close Faculty of Medicine, to the central network of the University of Naples Federico II, that allow direct access to the research network (GARR) through a fiber uplink at 1Gbit/s. *'''External connectivity''': it is realized by a connection hosted by the close Faculty of Medicine, to the central network of the University of Naples Federico II, that allow direct access to the research network (GARR) through a fiber uplink at 1Gbit/s.
-*'''Client connectivity''': the [[Hardware#Clients|desktop clients]] need to be equipped with a fast ethernet card and properly configured by the system administrator according to the assigned VLAN. The IP configuration is managed by the system administrator and can be required by using the online [http://web.ceinge.unina.it/ceinge/admin/req_ip.php?action=new&displaymode=display&viewtype=form&language= Helpdesk form].+*'''Client connectivity''': the [[Hardware#Clients|desktop clients]] need to be equipped with a fast ethernet card and properly configured by the system administrator according to the assigned VLAN. The IP configuration is managed by the system administrator and can be required by using the online [http://web.ceinge.unina.it/ceinge/admin/req_ip.php?action=new&displaymode=display&viewtype=form&language= form].
*'''[[Wireless|Wireless network]]''': All the main areas are covered by wireless connection and allow access to the internet at 54Mbit/s according to the 802.11g standard. See in detail how to [[Wireless|configure]] it. *'''[[Wireless|Wireless network]]''': All the main areas are covered by wireless connection and allow access to the internet at 54Mbit/s according to the 802.11g standard. See in detail how to [[Wireless|configure]] it.
Line 26: Line 26:
== Base network services == == Base network services ==
-;DNS: a local DNS service is available to resolve all the ceinge network addresses belonging to the ceinge domain (ceinge.unina.it). It acts as a master DNS, propagating its information to the internet through the unina DNS servers. The service is reachable at the following addresses:+;DNS: A local DNS service is available to resolve all the ceinge network addresses belonging to the ceinge domain (ceinge.unina.it). It acts as a master DNS, propagating its information to the internet through the unina DNS servers. The service is reachable at the following addresses:
*DNS server1: 143.225.151.32 *DNS server1: 143.225.151.32
*DNS server2: 143.225.151.25 *DNS server2: 143.225.151.25
-;DHCP: most of the clients obtain the ip configuration dynamically by a dedicated static dhcp server working on all the networks configured in all the institute areas; it responds to the ip requests of the clients if its physical MAC address is registered; to request an IP address please follow [http://web.ceinge.unina.it/ceinge/admin/req_ip.php?action=new&displaymode=display&viewtype=form&language= this link].+;DHCP: Most of the clients obtain the ip configuration dynamically by a dedicated static dhcp server working on all the networks configured in all the institute areas; it responds to the ip requests of the clients if its physical MAC address is registered; to request an IP address please use the online [http://web.ceinge.unina.it/ceinge/admin/req_ip.php?action=new&displaymode=display&viewtype=form&language= form].
-;NAT:text+;NAT: The clients very often doesn't require to be on the public internet; so, they often work by using private addresses translated by the NAT server to a unique public ip address. This way, less number of limited public ip addresses are occupied and more security is achieved thanks to the isolation between networks.
-;VPN:text+;VPN: A service of Virtual Private Network is configurable to allow people to join the ceinge network from outside the internet and allowing to use the internal services as local.
-;LDAP : Il servizio centralizzato di gestione utenti per l'autenticazione e' stato realizzato per mezzo del sistema LDAP ed e’ stata garantita la sua integrazione con il database degli utenti ed e' utilizzato da vari server, in modo da permettere all'utente di accedere a tutti i servizi per mezzo di un singolo account personale.+;RADIUS: It responds to the access requests to use network services, such as wireless; this way, it provides controlled access to the network services and allow monitoring of malicious connection attempts.
- +;LDAP: It is a directory service, used to manage user accounts centrally. It is used by all other IT services to guarantee authentication of the users and management of group of people.
== Monitoring and management network services == == Monitoring and management network services ==

Revision as of 00:18, 17 June 2007

Internal network distribution

All the CEINGE areas are provided with wired and wireless internet connectivity, allowing internet access to all laboratories, service areas and offices; the wired connectivity is distributed by using Gbit fibers from one central area of the building to all peripheral areas and can be summarized as follow:

  • Central network;
  • Peripheral network;
  • External connectivity;
  • Client connectivity;
  • Wireless network.


  • Central network: One central network node provides connection to the peripheral nodes and connectivity to the internet; it is located in the server room where all the computing servers can connect redundantly to it by using ethernet connectivity up to 2 Gbit/s.
  • Peripheral network: 12 network nodes are distributed homogeneously in the building and provides ethernet connection to the clients; each network node can be configured to offer different virtual LAN, allowing client grouping and low level isolation between groups of computers, for security and network manageability.
  • External connectivity: it is realized by a connection hosted by the close Faculty of Medicine, to the central network of the University of Naples Federico II, that allow direct access to the research network (GARR) through a fiber uplink at 1Gbit/s.
  • Client connectivity: the desktop clients need to be equipped with a fast ethernet card and properly configured by the system administrator according to the assigned VLAN. The IP configuration is managed by the system administrator and can be required by using the online form.
  • Wireless network: All the main areas are covered by wireless connection and allow access to the internet at 54Mbit/s according to the 802.11g standard. See in detail how to configure it.


Network services

Network organization

Almost all network services work transparently to the user but are needed to guarantee the correct functionality of a complex network architecture, offering different services and reaching appropriate levels of security. Network services can be grouped in different categories as explained in the following sections:

Base network services

DNS
A local DNS service is available to resolve all the ceinge network addresses belonging to the ceinge domain (ceinge.unina.it). It acts as a master DNS, propagating its information to the internet through the unina DNS servers. The service is reachable at the following addresses:
  • DNS server1: 143.225.151.32
  • DNS server2: 143.225.151.25
DHCP
Most of the clients obtain the ip configuration dynamically by a dedicated static dhcp server working on all the networks configured in all the institute areas; it responds to the ip requests of the clients if its physical MAC address is registered; to request an IP address please use the online form.
NAT
The clients very often doesn't require to be on the public internet; so, they often work by using private addresses translated by the NAT server to a unique public ip address. This way, less number of limited public ip addresses are occupied and more security is achieved thanks to the isolation between networks.
VPN
A service of Virtual Private Network is configurable to allow people to join the ceinge network from outside the internet and allowing to use the internal services as local.
RADIUS
It responds to the access requests to use network services, such as wireless; this way, it provides controlled access to the network services and allow monitoring of malicious connection attempts.
LDAP
It is a directory service, used to manage user accounts centrally. It is used by all other IT services to guarantee authentication of the users and management of group of people.

Monitoring and management network services

Amministrazione remota delle macchine
text
Controllo di consistenza dei sistemi
text
Monitoraggio della rete e dei servizi
text
E’ garantito il controllo continuo di tutte le funzionalita’
text
Funzionalita’ delle apparecchiature di rete
text
Raggiungibilita’ delle varie aree
text
Disponibilita’ dei vari servizi
text


Hardware - Software - Network - User services
Retrieved from "http://mediawiki.ceinge.unina.it/index.php/Network"
Personal tools