ICC Home  /  Members  /  Meetings  /  Peer Support  /  Documentation  /  Projects

Minutes of September 11, 2008 ITAC-NI Meeting:

back to ITAC-NI minutes index

    Link to ACTION ITEMS from meeting


    1. Approve prior minutes
    2. ITAC subcommittee chairs will be meeting with the CIO Friday. Does the committee have any questions to relay?
    3. Continued discussion on Minimum Standards for Networking across campus
    4. Future topics for consideration


    This meeting was scheduled in CSE E507 at 1:00 pm on Thursday, September 11th and was made available via videoconference with live-streaming and recording for future playback. Prior announcement was made via the Net-Managers-L list. The meeting was called to order by ITAC-NI chairman, Dan Miller, Network Coordinator of CNS Network Services.

    ATTENDEES: Twelve people attended this meeting locally. There were two attendees via Polycom videoconference but there are no records of how many may have listened into the stream via a web browser using the web interface.

    Nine members were present: Dan Cromer, Erik Deumens, Tim Fitzpatrick, Stephen Kostewicz (via Polycom), Shawn Lander, Steve Lasley, Tom Livoti, Dan Miller, and Handsford (Ty) Tyler.

    Five members were absent: Charles Benjamin, Clint Collins, Craig Gorme, Chris Leopold, as well as the CLAS representative.

    Five visitors were present as well: Stan Anders, Dennis Brown (via Polycom), Todd Hester, John Madey and Dave Pokorney.

    Viewing the recording

    You may view the recording via the web at Currently, you will need to click on the "Top-level folder" link, then the "watch" link next to the "ITAC-NI Meeting_11Sep08_12.45" item. This will likely be moved into the ITAC-NI folder shortly. Cross-platform access may not be available; on the Windows platform you will have to install the Codian codec.

    Audio archive

    An archive of audio from the meeting is available.

    1) Approve prior minutes

    Steve Lasley had noted several typos which he agreed to fix, but no other corrections or additions were offered and the minutes were approved without further comment.

    2) ITAC subcommittee chairs will be meeting with the CIO Friday. Does the committee have any questions to relay?

    Dan Miller asked if any of our committee members wish to provide input for tomorrow's meeting.

    2-1) Will the ITAC Committee begin to meet again?

    2-1-1) ITAC is to be re-formed and reactivated

    Dan Cromer related that Dr. Frazier spoke on that matter at a recent Data Infrastructure meeting. Dan said that his intention is to continue with the various sub-committees and re-form/re-activate the IT Advisory Committee itself.

    2-1-2) There is frustration over lack of communication

    Ty expressed his desire for better communication from administration with IT people across campus. Dave Pokorney mentioned the IT Connections newsletter. Ty responded that this contained an Open Letter to UF OIT Staff, but was not addressed to the larger IT community. While Dave said he believes Dr. Frazier is currently spending his timing setting up the very communications which Ty desires, Ty indicated his frustration over having had no word for such a long time. When Dan Cromer suggested that no news was good news, Ty responded that no news means you will find out what happened after it happens.

    3) Continued discussion on Minimum Standards for Networking across campus

    Dan Miller introduced the topic saying the plan was to go through the list of major networking services and note how things are done in different places across campus.

    3-1) A framework for discussion

    Tom Livoti passed out copies of the new HealthNet Service-Level Objectives which are available via the web from the HealthNet web site. Ty said this was recently developed and was roughly based on CNS's Wall-Plate Services Service Level Objectives document.

    It was decided that the committee would go through the HealthNet SLO document point-by-point and that the group would note differences/similarities between HealthNet and CNS as they went along.

    3-2) Service provided

    3-2-1) Desktop connections

    HealthNet CNS Wall-Plate
    Switched 1000 Mbps with PoE over existing cabling; all new structures utilize Cat6 Switched 10/100 Mbps over Cat5E; PoE where needed for telephone support
    Switches are leased except with new construction Switches are purchased
    Switches are maintained under a 4-year replacement cycle Switches are maintained under a 5-year replacement cycle
    70% port utilization density is the rough average 80% port utilization densities are the goal
    45 minute UPS run-time 30 minute UPS run-time
    VoIP phones are purchased by the user with the 7942G Gigabit model as the standard--other options available VoIP phones are purchased by the user with the 7940G 10/100 model as the standard--other options available

    Extending the local network is not allowed

    HealthNet includes a caveat akin to the CNS Wall-Plate that end-users and local administrators cannot implement their own network infrastructure.

    HealthNet provides ubiquitous PoE

    Tom Livoti explained that PoE is available on every port on every closet switch. They are currently using PoE-AF but are looking at the proposed Enhanced PoE for the new Biomedical Sciences building in order to power the 802.11n Wireless Access Points (WAPs) that are planned there.

    HealthNet VoIP/PoE/UPS implementation emulates the analog phone system

    Erik Deumens asked about the advantages of PoE. Tom responded that this is needed to power VoIP phones and WAPs; without that, separate electrical runs would have to be made available for such devices. Ty mentioned that one of the advantages of the VoIP phones is that you can simply unplug them at one location and plug them into another and things still work. Universal PoE supports doing that anywhere. Tom added that using a properly-sized UPS in the closet with that makes for a more stable and manageable situation as compared to using individual power bricks for phones. In that fashion, phone service can thus be maintained even during brief power outages.

    Handling unusual power needs

    Dan Miller mentioned that clearly the newer WAPs have driven both HealthNet and CNS to look for more capable PoE solutions. There are other devices out there, however, that have even higher power requirements. Dan asked Tom if they had reserved the right to say no if someone has exceptional needs. Tom replied "absolutely." Ty said that if someone came to them with higher power needs than they can supply then they would work with them to get a power injector. They would not change out the switches simply because a few folks had unusual requirements.

    Tom added that as PoE capacities grow over time we may eventually have to begin looking at air conditioning the ceilings. A fully populated 30 amp box can cause an 8 degree C gain from the current running through the wires. We are way underneath those levels at this time however.

    HealthNet's handling of switch power budgets

    Tom related that they know what the switch can handle and size the UPS to the maximum utilization of the switch. Different VoIP phone models have differing power requirements and they take that into consideration. There really are enough of the PoE devices, however, to cause problems. All their switches have 2800 watt redundant power supplies. Even in the HPNP building, which probably contains their most saturated switches, they have not seen more than 6-7 amps used out of the 20 amps available. That's on a 240 port switch with 80% phone utilization.

    HealthNet's UPS implementation

    Dan Miller asked if they utilized redundant UPS's. Tom responded that they utilize one UPS per switch. The UPS is plugged into emergency power (where available) and they plug the second switch power supply into commercial power. Tom said the power is fairly stable in the HSC area and when it goes out it is usually because someone did something bad rather than because of an act of nature. VetMed tends to get hit by power problems more than the rest of them. Most (not all) of the buildings there now have emergency diesel generators. They try for a 45 minute run-time target on their UPS configurations, but actually get much better than that because it is spec'ed for a fully populated system.

    HealthNet's port utilization densities

    When asked by Tim, Tom replied that they use a lot of the Cisco Catalyst 4500 Series Switches because they have many very high density areas to cover, but they don't fill those chassis with cards, obviously. They average roughly 70% port utilization over 11,600 ports.

    3-2-2) Server connections

    HealthNet CNS Wall-Plate
    Switched 1000 Mbps; custom configurations available for machine room, etc. Switched 100 Mbps; special higher-speed connections available at additional cost

    Locally controlled switches are not allowed

    Tim asked about standards for individuals wanting to run their own switch. Todd Hester said that CNS is not offering that service at this time. The only exception there is for the High Performance Computing (HPC) Cluster. Tom said that HealthNet maintains control of all switches. In high density locations such as machine rooms and the Communicore's Testing Center they dedicate a switch to the room, but it is still managed by HealthNet. Those switches are connected back to the main closet via fiber and are housed in locked cabinets.

    Special exceptions do exist

    There are situations, such as at the Cancer/Genetics building, where private locally managed networks are permitted. They have software, for example, that requires Windows 95 because the vendor doesn't want to go back to the FDA for approval. Those machines are on a private network that goes nowhere. Dan Miller said that this sounded very similar to the CNS exception for the HPC.

    3-2-3) Core Network Support

    HealthNet CNS Wall-Plate
    HealthNet provides access to the Internet, Florida LambdaRail, National LambdaRail, Internet 2, and the UF and Shands Intranet as a component of its network service. CNS will provide access to the Internet, Florida LambdaRail, National LambdaRail, Internet 2, and the UF Intranet as a component of basic network service.
    1 Gigabit with redundant 1 Gigabit connections to the Campus Core; moving to 10 Gigabit in Fall 2008 The Core Network and campus LANs will evolve as indicated by ongoing traffic engineering studies.
    12,000 ports for UF / 12,000 ports for Shands / The Core Network and campus LANs will evolve as indicated by ongoing traffic engineering studies.

    HealthNet is moving to a 10 Gigabit core

    HealthNet provides dual Gigabit network connectivity to each of their buildings and are moving to a 10 Gigabit core. Then are eventually looking at 10 Gigabit to the building POPs.

    They have two pairs of core routers--one for Shands and one for HealthNet. Chris Stowe of Shands has been working with Chris Griffin of CNS on upgrading the links to campus so they are 10 Gigabit on either side. They want to move away from static routing to some dynamic format. They are looking at BGP, but ran into some issues which they are working through.

    Network services across Shands facilities

    HealthNet and Shands share fiber but not closets. There are some cases where a HealthNet installation supports both UF and Shands personnel, however; one example is the Orthopedics Institute. In other locations, if Shands predominates on a floor then Shands services that floor; if UF predominates, then HealthNet services the floor.

    The Jacksonville connections

    The network in Jacksonville is run completely by Shands. They are connected to HealthNet here via a DS3 line. That connection is made redundant by another DS3 passing through Lake City.

    Dave Pokorney mentioned looking into an FLR connection but Ty said network cost sharing between Shands and HealthNet always makes such decisions complicated. They do have fairly frequent NAT and firewall issues that affect distance education between Jacksonville and here. The Jacksonville network is out of HealthNet's control and apparently out of the control of Shands Gainesville network as well.

    Dan Miller said that the closest comparison that CNS has to HealthNet Gainesville/Jacksonville situation is with the IFAS RECs which involves 200 ports x 15 sites at best.

    3-2-4) Supported Equipment and Infrastructure

    HealthNet CNS Wall-Plate
    Communications equipment rooms and pathways should meet University standards as defined in the University Telecommunications Standards. Communications equipment rooms and pathways should meet University standards as defined in the University Telecommunications Standards.
    Cisco electronics are utilized exclusively. Cisco electronics are utilized.
    Wiring installs are contracted out and paid for by the customer. Wiring installs are contracted out and paid for by the customer along with some other creative funding solutions.

    Looking at Juniper networks

    Ty asked if CNS was looking into Juniper Networks. Dan Miller said that this was primarily on the FLR side. Dave Pokorney said that FLR is a member of The Quilt for bulk-pricing on network implementations. FIU is looking at Juniper and the FLR lab tests Juniper equipment so they can address issues which may arise with participants utilizing that equipment. The University of Miami is another FLR member that utilizes Juniper. FLR works with many of the network vendors and Juniper is just one of those.

    Ty said they went through a major pricing and evaluation process with Juniper when looking at replacing their core boxes. The end result of that was HealthNet decided to stick with Cisco for their core and not go with Juniper.

    Dan Miller said that CNS had looked at Juniper when replacing the Internet POP routers. The equipment was nice but it was quite expensive.

    3-2-5) Network Malfunction Resolution

    HealthNet CNS Wall-Plate
    Troubleshooting, analysis, repair, and problem resolution of malfunctioning networks, and all types of network maintenance, are provided by HealthNet. Troubleshooting, analysis, repair, and problem resolution of malfunctioning networks, and all types of network maintenance, are provided as a BNS.
    Suspected problems must first be reported to local IT support personnel. It is the responsibility of local IT providers to determine if the problem is a local equipment problem or a network related problem. If the problem is determined to be network related, HealthNet should be contacted. Procedures for dealing with network problems are detailed in the section on Problem Resolution Procedures. If the problem is determined NOT to be a result of the wall-plate infrastructure, network services will contact the local support personnel to address the issue.
    HealthNet, in conjunction with Shands, CNS and HSC Security, monitors the network for devices that disrupt the network or are potential security issues. HealthNet will attempt to contact the end user to remedy the problem. In the event that the user cannot be reached, disruptive devices will be disconnected until the end-user can arrange repair of the malfunctioning device. Disruptive network devices will be disconnected until the end-user can arrange repair of the malfunctioning device in accordance with the University IT Security Policy.
    HealthNet will not troubleshoot any network problem where a user or local administrator has deployed active electronics for the purpose of expanding the network connectivity beyond that of the wall plate. These devices will be confiscated once they are identified and located. This event will be reported to the HSC Security Office as a security incident. CNS will not troubleshoot any network problem where a user or local administrator has deployed active electronics for the purpose of expanding the network connectivity beyond that of the wall plate.
      CNS will disable or disconnect any LAN segment that has been altered to expand the network connectivity beyond that of the wall plate.
    Support of desktop computers and other end-user network devices is not provided by HealthNet. This is the responsibility of local support personnel. Support of desktop computers and other end-user network devices is not included in basic network service. This is the responsibility of the end-user, the local support personnel, and the University Help Desk.
    Access Points are handled on a "best effort" basis. Access Points are handled on a "best effort" basis.

    Help Desk situation at HSC

    Dan Miller asked about the Help Desk situation at HSC. Ty said that over the years the number of calls coming in where somebody could actually do something over the phone had dwindled to almost none. Consequently, the two individuals who were answering those phones and not deployed in the field were laid-off. A third person who did laptop setups was also laid-off. There is going to be some more reorganization going on regarding telephone help and Ty believes it will eventually morph into an all-in-one service desk where individuals would call to assistance on all sorts of issues from scheduling AV equipment for pickup to a professor having problems with a presentation.

    They will accept work orders for things like printer installs, while supporting more immediate service for incidents causing "down-time".

    HealthNet uses the Shands Help Desk

    HealthNet uses the Shands Help Desk, however. There is a 24/7 phone line to call when network downtime occurs. During the day the technician on call will come and at night they will page the technician. The frontline support for network problems is thus separate from that of other IT problems. Health expects that the location provider out in the department is doing appropriate troubleshooting to eliminate the network.

    Problem Resolution Procedures

    HealthNet requires that users contact local IT support for assistance in determining if they have a network problem. Those personnel would then contact the Shands Help Desk if a network issue was involved. They have two status levels for problems: "Routine" and "Work Stoppage". IT personnel may use the "Work Stoppage" code word if the problem is deemed urgent. The Shands Help Desk utilizes the Remedy system to handle it trouble tickets.

    3-2-6) Network Performance Monitoring

    HealthNet CNS Wall-Plate
    All HealthNet managed network devices are monitored for availability and performance. All CNS-managed network devices will be monitored for availability.
      All switch ports on building-point-of-presence switches (BPOPs) will be monitored for utilization and error statistics.
      All statistical network data will be archived.
      All data will be available to CNS and local personnel via a web-based system currently under development.

    HealthNet's monitoring systems

    Dan Miller asked if HealthNet's monitoring system generated 24/7 alerts and Tom replied that they do. For most things HealthNet uses CiscoWorks and finds it works well. They also use Statseeker for looking at port utilization. The 24/7/365 operations staff monitor the alerts and make the decision on whether to page a network engineer. This would happen, for example, if a closet went down.

    Access Points handled as "best effort"

    Access Points are handled on a "best effort" basis by both HealthNet and CNS. Shands, however, handles those differently because they are using them for things like infusion pumps; those have a very high density with 100% uptime.

    3-2-7) Network Upgrades

    HealthNet CNS Wall-Plate
    HealthNet provides for periodic upgrades to network electronics with a rotating, nominally four year, replacement cycle. Should a customer have any requirements not provided by the current installation, they should contact HealthNet for a solution. Performance enhancements to congested networks will be provided when analysis shows that the current subscription level is not providing adequate network services.
    HealthNet provides for sufficient bandwidth to perform all reasonably anticipated functions, and provides for custom solutions where necessary. If a unit requests upgrades due to increased requirements (bandwidth, density, or to support special needs), a proposal will be provided for the unit’s consideration.
    HealthNet is continuously planning and preparing for upgrades to maintain network performance at the highest level as equipment is replaced on a rolling basis. Periodic upgrades may be applied to keep the network updated.
    Physical infrastructure is upgraded or replaced as areas are renovated, or as necessary to provide for the service that is required in a particular area. Any renovations must include in the budget provisions for network infrastructure and associated electronics, if required. HealthNet should be contacted early in the planning process to provide guidance to the architect/engineer team and to review electric and telecommunications plans. Malfunctioning equipment will be immediately replaced or upgraded as appropriate.

    Renovations must pay for equipment

    Dan Miller asked how it would be handled if a previously little used area all-of-a-sudden became filled with users and they requested ports in excess of current capacity requiring another chassis. Tom and Ty said that if more electronics are required for a renovation then the renovation is required to fund it.

    3-2-8) Network Enabling Applications

    HealthNet CNS Wall-Plate
    HealthNet, in cooperation with CNS and Shands, includes the provision of essential network services such as Domain Name Service (DNS), Dynamic Host Configuration Protocol (DHCP), Network Time Protocol (NTP), Trivial File Transfer Protocol (TFTP) and Gatorlink authenticated network access. Basic network service includes the provision of essential network services such as Domain Name Service (DNS), Dynamic Host Configuration Protocol (DHCP), Network Time Protocol (NTP), Trivial File Transfer Protocol (TFTP) and Gatorlink authenticated network access.

    HealthNet moving to Bluecat for DHCP

    HealthNet is moving to BlueCat for DHCP. That will allow them to have more control over how IP numbers are distributed with the new zones which Avi Baumstein is creating. Shands is doing a version of this themselves. The Bluecat Proteus devices will be redundantly configured.

    All DHCP at HSC is provided by HealthNet

    Dan Miller asked whether they allow local units to handle their own DHCP. Tom said that they did not though they do have a couple legacy examples of that. Tom believes DHCP needs to be centrally handled.

    All DNS at HSC is provided by HealthNet

    Dan asked the same question about DNS and Tom replied that they support dynamic DNS and handle all the DNS as well; they do not allow local admins to run DNS.

    3-2-9) Security Services

    HealthNet CNS Wall-Plate
    Security will be monitored and enforced in accordance with the HSC Security Program for the Information and Computing Environment (SPICE). Details of these policies are located at the SPICE website. Security will be monitored and enforced in accordance with the UF IT security policies and procedures.

    Both HealthNet and CNS hand security off to their respective security groups.

    3-2-10) Network Address Space Management

    HealthNet CNS Wall-Plate
    HealthNet contracts with Shands Information Services for network address space management. Customers should contact HealthNet with IP needs. CNS will allocate supported protocol address space as needed.
    For customers operating machine rooms or data centers, maskable blocks of IP addresses can be assigned for ease of management.  

    HealthNet IP allocation policies

    Dan Miller asked if HealthNet has any guidelines on when they will grant new subnets or VLANS for various units and departments. The concept behind the zones they are developing is to provide the rules for VLAN assignment. HealthNet is moving to greater use of private IP space; since that is essentially free they try to accommodate what people need. In server rooms they try to provide maskable blocks of address space.

    HealthNet handling of address space ranges

    Dan Miller asked if they try to divide up the various end-user groups into their own address space ranges and their own subnet. Tom replied that this is mostly done geographically.

    3-2-11) Client Remote Access VPNs

    HealthNet CNS Wall-Plate
    CNS offers a remote access VPN solution to all University Faculty, staff, and students with active Gatorlink accounts. CNS offers a remote access VPN solution to all University Faculty, staff, and students with active Gatorlink accounts.
    VPN allows Gatorlink users to remotely access most campus services via a general UF assigned IP address. VPN allows Gatorlink users to remotely access most campus services via a general UF assigned IP address.

    HealthNet utilizes CNS for their VPN implementation.

    3-2-12) Wireless Services

    HealthNet CNS Wall-Plate
    HealthNet provides wireless networking services throughout the HSC. Higher density is provided where required, such as in classrooms. Should additional wireless connectivity be required, customers should contact HealthNet, and wireless access points will be installed at no charge. Customers are prohibited from deploying their own wireless access points. Private access points will be confiscated once identified and located. Wireless services under BNS provide a wireless signal for simple connectivity and does not provide for high-density wireless usage.
    Cisco Network Access Control (NAC) is used to control admission to the wireless network. Two wireless networks are provided.  
    The network “hnet-public” is for use by unmanaged devices, including student laptops and visitor laptops, and a valid GatorLink ID is required for access. As of Fall, 2008, devices will be scanned for compliance with HSC security policy prior to admission to the network. Non compliant devices are admitted to the network, and users are informed how to remediate their deficiencies. Beginning January, 2009, non-compliant devices will be excluded from the network and directed to a webpage that provides guidance on remediation. Traffic is not encrypted on “hnet-public.”  
    The network “hnet-secure” is for use by devices managed by HSC IT providers. These devices must be registered by the appropriate HSC IT Provider. Contact your IT provider for access to this network. “hnet-secure” uses an 802.1x supplicant; all traffic is encrypted. All Faculty and Staff should use “hnet-secure.”  

    HealthNet provides two levels of wireless access

    Tom explained that HealthNet provides two levels of wireless access. Their hnet-public access is equivalent to the CNS walk-up authentication. Anyone with a Gatorlink account may access this and the traffic is not encrypted. Devices connecting will be scanned and it problems are found the user will be pointed to resources for resolving those. The other type of access, hnet-secure, uses an 802.1x supplicant and is fully encrypted. Devices connecting here are managed devices and do not get scanned. Departmental IT staff is expected to keep those patched.

    "A" radio usage at HealthNet

    Dan Miller asked if they are installing the "A" radios. Tom replied that they have the capability (Cisco 1252 with "A" radios installed) and plan to make that active in those places which get "N".

    VoIP over Wireless

    HealthNet does VoIP over wireless in certain locations. In some cases it is used to overcome the difficulties of wiring certain locations. For cost reasons they do not want this service to get out-of-hand however and issue the caveat that it will get limited deployment.

    Charge-back for wireless?

    Dan Miller asked and Tom confirmed that there is currently no charge back for high-density wireless. Dan wondered if they ever had issues with folks trying to avoid wired port charges by utilizing wireless. Ty mentioned that this problem is being discussed and solutions are being proposed. Currently wireless is funded out of the port charges. They have looked at ways to charge separately for wireless but none of those solutions are easy; they don't want to have to add more staff so they can charge for wireless.

    CNS deployment of WiSM and LAPs just starting

    Dan Miller said that CNS is heading in the same directions as HealthNet with wireless. They are behind HealthNet in WiSM deployments with lightweight access points (LAPs). They are putting together a project plan to go back and remediate areas with legacy hardware. They have a standard which states they will not support VoIP over wireless in areas that are not LAP capable.

    3-2-13) Voice Services

    HealthNet CNS Wall-Plate
    HealthNet operates a Voice over IP telephone service in the HSC. This service operates on the installed network, and does not require any ports in addition to the port used by the customer’s computer. HealthNet should be contacted with any requests for installation of IP phones. IP Phone handsets should not be purchased prior to consulting with HealthNet. Physical infrastructure as well as network electronics that are provided for Basic Network Services will support IP Telephony communications. Power over Ethernet (PoE) and Voice services provided by this infrastructure are available at an added cost.

    Discussion on these points had been handled earlier in the Desktop connections portion of the "Services provided" section.

    3-2-14) Virtual Private Networks (VPNs) and Private WAN links

    HealthNet CNS Wall-Plate
    HealthNet, in conjunction with Shands, offers WAN connectivity. Organizations interested in having either a private WAN link or in using specialized VPN services can have these services managed by HealthNet. Organizations interested in having either a private WAN link or in using specialized VPN services can have these services managed by CNS. Departments wishing to customize the CNS Gatorlink Remote Access VPN so their users get an IP address in a specific range may do so with the Departmental Remote Access VPN service.

    Site-to-site links

    HealthNet is currently using Cox cable for some of their point-to-point connections. A 10 Mbps uplink is $350/month and a 100Mbps runs about $750/month. They have 3-4 outlying departments which are using this and they have deployed VoIP in those areas as well.

    3-2-15) Video Services

    HealthNet CNS Wall-Plate
    Specialized video services such as multipoint video conferencing are available. In-depth assistance to support basic video conferencing issues such as room setup, design, and renovation are available through the Academic Information Systems and Support Distance Learning Office. Should you need to conduct a video conference, facilities are available through distance learning.  

    Video Services are provided outside either HealthNet or CNS Wall-Plate

    Dan Miller said that this item is not covered in their Wall-Plate SLO as they left that to Video Services. Tom responded that this is what they did, but they included a statement to that effect in their SLO.

    3-2-16) Connectivity for the High Performance Computing (HPS) Research Network

    HealthNet CNS Wall-Plate
    The HPC network is entirely separate from HealthNet. For users who desire connection to the Campus HPC, HealthNet will facilitate the process of determining requirements, obtaining approvals, and installing the required infrastructure.  

    HealthNet providing HPS access at several sites

    HealthNet is providing this for Cancer/Genetics and will likely do this at Biomedical Engineering and at the Pathogen Research Center (though they are going to connect back via the Cancer/Genetics building).

    Research network is isolated

    The key standard there is that the research network is separate from the production network and the two join only at the research router at CNS so appropriate filters may be maintained.

    3-3) HealthNet Organizational Chart

    HealthNet VoIP system admins

    Tim Fitzpatrick had some questions on the HealthNet Organization Chart. He wanted to know if the VoIP system admins listed entailed 2 FTE. Tom responded that this was a single FTE split 0.8/0.2 between those two individuals listed.

    HealthNet phone assistants

    Tim asked what the phone assistants did. Tom responded that they put phones together and deliver them. All the work on the network side is done before they are distributed. Tim said that they have found that the VoIP phones didn't require a separate person for on-going support.

    HealthNet and Shands coordination

    HealthNet coordinates closely with Shands which has their own networking group under Chris Stowe. They have biweekly project planning meetings with the Shands group as well.

    "Tariff" ports

    Tim asked about "tariff" ports at HealthNet. Ty explained that these are ports which are leased rather than being charged on a per-port cost.

    3-3) HealthNet SLO appendices

    Tom mentioned that their SLO also includes information on the history and growth of HealthNet, the HealthNet funding model and how oversight is provided for the HealthNet group.

    3-4) Summary discussion: HealthNet vs. CNS

    Tim Fitzpatrick stated that when the HealthNet and CNS Wall-Plate SLOs are laid out side-by-side (see tables above) the similarities overwhelm the differences. He still feels it would be helpful to have Housing as a third column on that.

    4) Future Topics for Consideration

    4-1) Visit with Chuck Frazier

    Tom and Ty mentioned that they would very much appreciate getting Dr. Frazier to an upcoming meeting. They would like to ask about the direction he will be taking and the goals of his planning processes.

    4-2) Special printer IP range assignment request

    Erik Deumens mentioned that wanted to negotiate a means by which printers within an area would get a special private IP range that would sequester them better from the rest of the network so they couldn't cause problems for the network in general. He believed this might be something generally useful to others as well.

    Several ranges have been assigned for various uses

    Dan Miller mentioned that several ranges had been identified for different usages in the past. The 10.xxx.xxx.xxx space permits Internet access via NAT, the 172.XXX.XXX.XXX allocations were intended to be routed on-campus only and never leave campus, and then the 192.xxx.xxx.xxx which was intended to be local.

    Maskable ranges likely the best solution

    Dan believed he would prefer to handle this by using the 10.XXX.XXX.XXX address space, but they could identify a maskable range and handle that via ACLs. Tom mentioned that this is what they are doing with their zones at HealthNet; there is one zone that does not route past the firewall and all the printers will be on that. They are looking at basing that on MAC address; you then tell the Bluecat the zone you want that MAC address to reside in. That way the device is dynamically configured to the proper VLAN upon bootup. Even if the device is moved it will still be placed in that same VLAN.

    Request for standard or best practice development

    Erik asked that some standard or best practices be developed for doing this under CNS Wall-Plate. Dan Miller said that they could look at that and perhaps get comment from the security group on that as well. Dan imagines they will still require that printers get patched and so-forth because it reduces the vulnerability.

    4-3) Confusion over Domain Name Policy

    Dan Cromer raised an issue for Chris Leopold. Chris had noted a disparity between Web Administration's "Domain Namespace other than ufl.edu" documentation and the CIO's Domain Name Policy. Namely, the former was more lenient in not requiring that non-UF domains be formally approved. It was suggested that Christine Schoaf might be invited to a future meeting to discuss that confusion.

    Action Items

    1. Subscribe Dan Miller, ITAC-NI chair, to all other ITAC committee lists for collaboration purposes (pending from previous meeting).
    2. Update our official membership list.


    Next Meeting

    The next regular meeting is tentatively scheduled for Thursday, October 9th.

last edited 22 October 2008 by Steve Lasley