Network

From Wiki CEINGE

Revision as of 19:25, 5 June 2007 (edit) Leandra (Talk | contribs) (→Network software) ← Previous diff		Current revision (19:04, 26 June 2007) (edit) (undo) Giovanni (Talk | contribs)
(33 intermediate revisions not shown.)
Line 1:		Line 1:
	[[Image:network.jpg|right|500px|Network organization]]		[[Image:network.jpg|right|500px|Network organization]]
-	La rete interna e’ basata su una tipica architettura a stella ed e’ composta da:
-	*1 nodo centrale, sul quale convergono I servers e I nodi periferici. Il nodo garantisce connessione ridondante a 1 o 2 Gb/s a tutti i server.
-	*12 nodi periferici corrispondenti ad altrettante aree. I nodi garantiscono la connessione delle macchine client alla rete e sono a loro volta connessi in tecnologia ethernet 1Gb/s al nodo centrale.
-	*Connessione in fibra con il nodo della rete di Ateneo. Il nodo e’ situato nella vicina Facolta’ di Medicina e garantisce anche la connessione alla rete della ricerca GARR in link 1Gb/s in fibra.
-	*I client. I client periferici sono collocati nei laboratori e nelle altre aree dell’Istituto e comprendono macchine con sistema operativo Windows, Mac OS o Linux
		+	All the CEINGE areas are provided with wired and wireless internet connectivity, allowing internet access to all laboratories, service areas and offices; the wired connectivity is distributed by using Gbit fibers from one central area of the building to all peripheral areas and can be summarized as follow:
		+	*'''Central network''': One central network node provides connection to the peripheral nodes and connectivity to the internet; it is located in the server room where all the computing servers can connect redundantly to it by using ethernet connectivity up to 2 Gbit/s.
		+	*'''Peripheral network''': the central network is distributed in all the main areas of the institute by other perpheral network devices, mounted in 12 racks providing ethernet connection to the clients; the phisical network is further divided in functional areas, using virtual LANs, allowing client grouping and low level isolation between groups of computers, for security and network manageability.
		+	*'''External connectivity''': the central network is also responsible for the external connectivity to the internet and is based on a connection hosted by the close Faculty of Medicine; from there, a direct connection to the central network of the University of Naples Federico II, allows access to the research network (GARR) through a fiber at 1Gbit/s.
		+	*'''Client connectivity''': finally the [[Hardware#Clients|desktop clients]] can be connected to the network by using wired and wireless connection; in the first case the clients need to be equipped with a fast ethernet card and properly configured by the system administrator according to the assigned VLAN. The IP configuration is managed by the system administrator and can be required by using the online [http://web.ceinge.unina.it/ceinge/admin/req_ip.php?action=new&displaymode=display&viewtype=form&language= form].
		+	*'''[[Wireless|Wireless network]]''': In case of wireless connection, the clients need to be equipped with a wireless interface and to be configured to securely access the network, through authentication. All the main areas are covered and the connection speed to the main network can reach 54Mbit/s according to the 802.11g standard. See in detail how to [[Wireless|configure]] it.
-	== Network software ==
-	Questi sono servizi di base per la funzionalita' della rete	+	== Network services ==
-	;DNS:	+
-	;DHCP:	+
-	;Sistema di autenticazione:Il servizio centralizzato di gestione utenti per l'autenticazione e' stato realizzato per mezzo del sistema LDAP ed e’ stata garantita la sua integrazione con tutti i servizi server, in modo da permettere all'utente di accedere a tutte le facilities per mezzo di un singolo account personale.	+
-	;Servizi di amministrazione di rete e monitoraggio:Sebbene questi servizi non siano direttamente utilizzati dagli utenti, sono tuttavia necessari a garantire il corretto funzionamento di tutto il sistema. Sono compresi in questo punto:	+	Almost all network services work transparently to the user but are needed to guarantee the correct functionality of a complex network architecture, offering different services and reaching appropriate levels of security.
-	:*Amministrazione remota delle macchine	+	Network services can be grouped in different categories as explained in the following sections:
-	:*Controllo di consistenza dei sistemi	+
-	:*Monitoraggio della rete e dei servizi	+
-	:*E’ garantito il controllo continuo di tutte le funzionalita’. Il controllo include:	+
-	:*Funzionalita’ delle apparecchiature di rete	+
-	:*Raggiungibilita’ delle varie aree	+
-	:*Disponibilita’ dei vari servizi	+
-	==Software installato==	+	== Base network services ==
-	Il software elencato di seguito, e’ in massima parte utilizzato per la realizzazione dei servizi elencati, e non e’ direttamente utilizzato dagli utenti, se non nella misura in cui questi utilizzano i vari servizi descritti. Sono attualmente installati e gestiti i seguenti pacchetti:	+	;DNS: A local DNS service is available to resolve all the ceinge network addresses belonging to the ceinge domain (ceinge.unina.it). It acts as a master DNS, propagating its information to the internet through the unina DNS servers.
-	;BigBrother: Big Brother monitors System and Network-delivered services for availability. When problems are detected, the system manager is immediately notified by e-mail, pager, or text messaging.	+	;DHCP: Most of the clients obtain the ip configuration dynamically by a dedicated static dhcp server working on all the networks configured in all the institute areas; it responds to the ip requests of the clients if its physical MAC address is registered; to request an IP address please use the online [http://web.ceinge.unina.it/ceinge/admin/req_ip.php?action=new&displaymode=display&viewtype=form&language= form].
-	;Rsync: Copies files between machines, using different network protocols as transport, such as secure shell (ssh).	+	;NAT: The clients very often doesn't require to be on the public internet; so, they often work by using private addresses translated by the NAT server to a unique public ip address. This way, less number of limited public ip addresses are occupied and more security is achieved thanks to the isolation between networks.
-	;Webmin: Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on. Webmin consists of a simple web server, and a number of CGI programs which directly update system files like /etc/inetd.conf and /etc/passwd. The web server and all CGI programs are written in Perl version 5, and use no non-standard Perl modules.	+	;VPN: A service of Virtual Private Network is configurable to allow people to join the ceinge network from outside the internet and allowing to use the internal services as local.
-	;Red Hat Diskless Environment: Some networks require multiple systems with the same configuration. They also require that these systems be easy to reboot, upgrade, and manage. One solution is to use a diskless environment in which most of the operating system, which can be read-only, is shared from a central server between the clients and the individual clients have their own directories on the central server for the rest of the operating system, which must be read/write. Each time the client boots, it mounts most of the OS from the NFS server as read-only and another directory as read-write. Each client has its own read-write directory so that one client can not affect the others.	+	;RADIUS: It responds to the access requests to use network services, such as wireless; this way, it provides controlled access to the network services and allow monitoring of malicious connection attempts.
-	;Cluster scheduling: PHP system to schedule interactive processes on distributed computing machines; it also provides a web interface to monitor the load distribution.	+	;LDAP: It is a directory service, used to manage user accounts centrally. It is used by all other IT services to guarantee authentication of the users and management of group of people.
-	;Condor: The goal of the Condor® Project is to develop, implement, deploy, and evaluate mechanisms and policies that support High Throughput Computing (HTC) on large collections of distributively owned computing resources.	+
-	;Apache WebServer: It is a secure, efficient and extensible server that provides HTTP services. It provides a wide range of application services, used for researcher activities and delivery of bioinformatics applications.	+	== Monitoring and management network services ==
-	;Automatic IP assignment: This service provides IP addresses for users that have registered their own laptop and want access the network. There are several private networks designed for this purpose, associated to different areas of the institute.	+
-	;Sendmail mailserver: Provide a stable and efficient way to deliver emails for registered users.	+	Remote management is used to access and operate on computers reachable through the network; this kind of service is mostly dedicated to server machines and is based on secure connection using ssh or https protocols to remotely obtain a shell and to operate management via web interfaces. Monitoring is used to continuously check the functionality of the network as well as of the various systems.
-	;ClamAV antivirus: Clam AntiVirus is an anti-virus toolkit for UNIX, designed for e-mail scanning on mail gateways. It provides a flexible and scalable multi-threaded daemon, a command line scanner, and an advanced tool for automatic database updating via Internet.	+
-	;SpamAssassin antispam:	+	{{footer itservices|next=user services}}
-	;Users mailbox management: The management of mailboxes implies the control of the space used by the mail service for each user; this control provides a way to store old mail on the fileserver for each user in his personal home.	+
-	;Webmail: A web interface to access the mail server.	+
-	;Fileserver: A central disk space used by users to	+
-	:*store	+
-	:*share files by network	+
-	:the access is guaranteed using different standard protocols (afp, ftp, windows file sharing).	+
-	;LDAP user management: Provides accounting information; it is used for authentication from all the central services with restricted access.	+
-	;VLS Virtual Linux Station: Provides access to a remote linux desktop; it is useful to run scientific applications that requires a Unix OS as platform.	+

---

Current revision

All the CEINGE areas are provided with wired and wireless internet connectivity, allowing internet access to all laboratories, service areas and offices; the wired connectivity is distributed by using Gbit fibers from one central area of the building to all peripheral areas and can be summarized as follow:

• Central network: One central network node provides connection to the peripheral nodes and connectivity to the internet; it is located in the server room where all the computing servers can connect redundantly to it by using ethernet connectivity up to 2 Gbit/s.
• Peripheral network: the central network is distributed in all the main areas of the institute by other perpheral network devices, mounted in 12 racks providing ethernet connection to the clients; the phisical network is further divided in functional areas, using virtual LANs, allowing client grouping and low level isolation between groups of computers, for security and network manageability.
• External connectivity: the central network is also responsible for the external connectivity to the internet and is based on a connection hosted by the close Faculty of Medicine; from there, a direct connection to the central network of the University of Naples Federico II, allows access to the research network (GARR) through a fiber at 1Gbit/s.
• Client connectivity: finally the desktop clients can be connected to the network by using wired and wireless connection; in the first case the clients need to be equipped with a fast ethernet card and properly configured by the system administrator according to the assigned VLAN. The IP configuration is managed by the system administrator and can be required by using the online form.
• Wireless network: In case of wireless connection, the clients need to be equipped with a wireless interface and to be configured to securely access the network, through authentication. All the main areas are covered and the connection speed to the main network can reach 54Mbit/s according to the 802.11g standard. See in detail how to configure it.

[edit] Network services

Almost all network services work transparently to the user but are needed to guarantee the correct functionality of a complex network architecture, offering different services and reaching appropriate levels of security. Network services can be grouped in different categories as explained in the following sections:

[edit] Base network services

DNS

A local DNS service is available to resolve all the ceinge network addresses belonging to the ceinge domain (ceinge.unina.it). It acts as a master DNS, propagating its information to the internet through the unina DNS servers.

DHCP

Most of the clients obtain the ip configuration dynamically by a dedicated static dhcp server working on all the networks configured in all the institute areas; it responds to the ip requests of the clients if its physical MAC address is registered; to request an IP address please use the online form.

NAT

The clients very often doesn't require to be on the public internet; so, they often work by using private addresses translated by the NAT server to a unique public ip address. This way, less number of limited public ip addresses are occupied and more security is achieved thanks to the isolation between networks.

VPN

A service of Virtual Private Network is configurable to allow people to join the ceinge network from outside the internet and allowing to use the internal services as local.

RADIUS

It responds to the access requests to use network services, such as wireless; this way, it provides controlled access to the network services and allow monitoring of malicious connection attempts.

LDAP

It is a directory service, used to manage user accounts centrally. It is used by all other IT services to guarantee authentication of the users and management of group of people.

[edit] Monitoring and management network services

Remote management is used to access and operate on computers reachable through the network; this kind of service is mostly dedicated to server machines and is based on secure connection using ssh or https protocols to remotely obtain a shell and to operate management via web interfaces. Monitoring is used to continuously check the functionality of the network as well as of the various systems.

---

Main Page: IT Services: Hardware - Software - Network - User services