|
Difference between University Network and Corporate Network
|
|
Q) How is a university network environment different from a normal corporate network environment?
A) This is just a generalization, but I think the operational principles differ greatly in the following points. For the sake of organization, I will try to explain it in bullet points.
-
Various systems are mixed together. It cannot be unified.This is a network environment where various versions of Windows, MAC, UNIX, Linux, etc. coexist. In some cases, experimental machines may be connected for research purposes. In a normal company, this would be inefficient in terms of business execution, so there would be a move to standardize devices and OS to some extent, but university PCs are used not for business execution, but for research and learning. Therefore, it is not possible to operate with priority given to efficiency.
-
Bringing your own PC is permitted.
I hear that many companies prohibit bringing in and connecting home PCs to corporate networks for security reasons. However, universities cannot prohibit students and faculty from connecting their own PCs.
-
We have to accept connections not only with students but also with outsiders to some extent.
For example, laptop computers of researchers coming from other universities for joint research will be allowed to connect to the campus network for a certain period of time. It is also possible that a PC that was used for a long time while studying abroad comes back to Japan and is connected to it.
-
There is a mix of diverse policies.
Some machines, like the PC in a teacher's room, are in a fixed location and are used by one person all day long, others like a computer lab, where an unspecified number of people log in on a rotating basis, and others like the office. There are also cases where the usage is similar to that used by companies for business purposes. Additionally, graduate student's PCs travel back and forth between their homes and the graduate student joint laboratory. There is a mix of diverse operational policies.
-
There is a rapid turnover of network users. 
In the case of universities, simply put, every year, fourth-year students graduate and first-year students enter. From a network operations perspective, this means that a quarter of network users are replaced every year. Even in companies, there will be a turnover between new hires and retired employees, but it will probably not be one-fourth every year.
-
Network management is carried out autonomously and independently.
This may be a feature unique to the Tohoku University Faculty of Economics network rather than university networks in general. Our department has a student volunteer organization called the Faculty of Economics Student Email Research Group, which takes care of student email address settings and other network settings on a voluntary basis. So in addition to general management departments like ours, there are organizations that manage the grassroots. Even after hearing various stories about other universities, this kind of approach seems to be extremely rare.
|
|
Requirements for Management Tools in University Network Environments
|
|
Q) What are the requirements for network management tools in such an environment?
A) Roughly speaking, it can be used to "register users who can connect to the network," "understand the current status of network-connected users and connected machines," "detect unauthorized connections," and "detect and deal with abnormal traffic (*)." We are currently using NetSkateKoban to perform these operations.
Q) How exactly does it operate?
In A), I will explain each item separately, including my evaluation of NetSkateKoban.
-
Limiting users who can connect to the network
In the case of a university, users who can connect to the network are students and university personnel, such as students, graduate students, faculty and staff, and administrative staff. For example, if a student wishes to connect their machine to the network, they will apply and register the machine's MAC address and other information with NetSkateKoban. This will create a "ledger" of authorized machines inside NetSkateKoban. If a machine other than those listed in this ledger is connected, it is considered an unauthorized connection.
In the case of universities, as mentioned earlier, a quarter of users in departments change every year. In addition, graduate schools have various study periods, such as April admission and October admission. Professors from other universities often stay temporarily for joint research purposes. This means that updates to the management ledger occur frequently and in large quantities, so if the interface is difficult to use or difficult to understand, network management will be hindered. Updating NetSkateKoban is easy and good. Even beginners can update almost intuitively.
-
Understanding network connected users and connected machines
This management office manages the network related to the Faculty of Economics/Graduate School. In the case of university networks, even if the topology is one, the physical locations are usually distributed. In the case of the Faculty of Economics network, the network is scattered across three locations, including the Faculty of Economics Building B, part of G Building, the 4th and 10th floors of Building I, the 5th floor of Building F, and three lecture buildings. Masu.
In such an environment, it tends to be difficult to "understand the physical location" of the point where a network abnormality occurs, but in the case of NetSkateKoban, I think it is quite convenient to be able to identify the connection location by switch and port. Masu. Currently, we have Koban sensors arranged in a tree shape starting from the main switch at the source, so even if something goes wrong, it's like, oh, there's something wrong with the machine connected to the 4th floor of Building I. It is easy to identify the location.
|
|
Ideal form of Network Management and Future Expectations for NetSkateKoban
|
|
Q) I would like to ask Mr. Ishigaki, what is the ideal form of 100% network management for Mr. Ishigaki?
A) It is difficult to answer when asked about the "ideal form," but for example, if an abnormality occurs somewhere in the network, where is it occurring, what kind of abnormality is it, and how serious is it?I hope you understand. Furthermore, in terms of the "ideal form,'' I would like to be able to understand the situation visually, intuitively, and at the same time as an event occurs, rather than being able to understand it by doing various operations.
Even more ambitiously, it would be ideal to be able to find signs of abnormalities and manage them in advance to nip problems in the bud, rather than dealing with them after they occur. If this could be done perfectly, in theory, all kinds of problems could be dealt with in advance, and there would be zero network problems from the user's perspective. If this happens, the network will be in a state where it can be used with the same level of stability as electricity and water.
Q) Taking that situation as 100 points, what level do you feel NetSkateKoban has reached now?
A) I think we have reached a relatively good point. If the ideal situation is to win a championship in professional baseball, my impression is that "I can see myself entering Class A.'' At the very least, I believe that the vector the product is aiming for is pointing in the ideal direction.
Q)What do you expect from NetSkateKoban in the future?
A)Security and networks are changing rapidly in the world, so I hope they will continue to develop new technologies to keep up with those changes. Networks are now an important educational infrastructure. In order to ensure stable operation of this infrastructure, please continue to provide excellent technology and services. We look forward.
-- Thank you very much for your valuable talk today.
|
