The University of Glasgow, Scotland, UK. A world top 100 university

Phase 4: Network Workstream

The foundation of a data network is embedded within its core and distribution networks and both of these will be upgraded as part of the Network Programme in Phase 4. Upon delivery, our network will:

be a Cisco Software Defined Access (SD-A) network, bringing it right up to date with modern network thinking
have new security features
provide automation possibilities
provide a new set of network tooling such as Infoblox (for DNS management) and Ixia (for network monitoring)

Software Defined-Access (SD-A)

Cisco SD-Access is Cisco’s name for Software Defined Networking. It provides zero-trust security in the workplace and secures access—by all users, all devices, and from all locations—across applications and the network environment.

Software Defined-Access (SD-A) diagram

According to the Cisco website SD-A:

Identifies and verifies all endpoints.

Includes users and IoT devices that connect to your network.

Establishes policy and segmentation.

Helps to ensure least-privilege access based on endpoint and user type.

Continually monitors endpoint behaviour.

Helps ensure compliance, including encrypted traffic.
Quarantines endpoints that exhibit malicious or out-of-compliance behaviour.

Stops threat migration.

Today we hand craft Access Control Lists which are configured on each switch and are coarse grained, hard to manage and inevitably configuration drifts over time. Combined with Cisco’s Identity Services Engine (ISE), we have the ability to classify users into groups and then centrally define network contracts or policies that control what is allowed to communicate with what - like a super powerful firewall enforced on every switch and access point on the network.

The security benefits are especially encouraging, making it very hard for attackers, even once they have a toe-hold in the network, to move laterally This should also pass through to the data centre adding enhanced protections to hosted applications that could only even be accessed by certain user groups.

We are working with Capita's partner Firefly to define this as there is a clear trade-off between a perfectly tailored network contract that is highly specific to an individual’s needs and the inevitable burden of trying to administer it - it’s fair to say we are still very much learning and don’t fully understand this yet!

Proof of Concept (PoC)

We now have a Proof of Concept (PoC) SD-A network in our JWN data centre (see photos below). A comprehensive PoC build document (178 pages) has been produced and the team now have access to the PoC.

Picture of Proof of Concept (PoC) at James Watt North (JWN) Another picture of Proof of Concept (PoC) at James Watt North (JWN)

Network Design Documents

The Network workstream is currently undergoing its design phase and as a result a lot of design documents have been, and will be, produced that will detail the design and operation of the new data network. Combined these currently run to hundreds of pages and is expected to run into a four figure number by the time they are complete. These design documents include:

Proof of Concept (PoC)
SD-A

Concept of operations (CONOPS) – aka use case document.
System requirements document
High level design
Low level design

Supercore service layer design brief
Data centre segmentation design brief
Network security design
Management tooling

Infoblox Low Level Design (for DNS management)
Ixia Low Level Design (for network monitoring)

Network Facts & Figures

Covers 3 Campus’s:

Gilmorehill
Garscube
Crichton

Doubles the amount of distribution nodes around the University

Trebles the amount of internal wi-fi access points across the UofG

(Please note that every individual building is different and some will have a more than 3 x the current number and some will have less)

Contains hundreds of pages on the design of the new network

Completed Works: Network

Completed Works	User Impact	Where?	When?
Configuration – Janet Bandwidth Upgrade to the Supercore Network	There was no loss of service	Data Centres	2 and 3 April 2023
JANET- Multimode SFP to Singlemode SFP Swap	There was no loss of service	Data Centres	12 April 2023
JANET Service Migration	There was no loss of service	Data Centres	13 April 2023
Ixia Service Go-Live	There was no loss of service	Data Centres	14 April 2023
Configuration - Supercore	There was no loss of service	Data Centres	22 to 27 April 2023
ACI Failover Testing Pt 1 & 2	There was no loss of service	Data Centres	11 and 12 May 2023
Supercore: Fusion installation at Data Centre 1	There was no loss of service	Data Centres	1 and 2 June 2023
Supercore: Re-position, reconfiguration and migration	The relevant affected team had been informed of impact	Data Centres	10 and 12 June 2023
Proof of Concept (PoC) Rework	No access to PoC for PoC users	Data Centres	1 June to 16 June 2023
ACI Failover Testing Pt 3	There was no loss of service	Data Centres	14 June and 16 June 2023
Infoblox Go-Live Preparation	There was no loss of service	Data Centres	13 April to 26 June 2023
Configuration: Supercore	There was no loss of service	Data Centres	24 and 25 June 2023
Supercore: Fusion installation and configuration at Data Centre 2	There was no loss of service	Data Centres	24 and 25 June 2023
Infoblox: Go-Live	Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services remained operational.	Gilmorehill, Garscube and Remote Access	15 and 16 July 2023
Infoblox: Microsoft migration and testing	Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services remained operational.	Gilmorehill, Garscube and Remote Access	15 and 16 July 2023
DNS Server: Installation	Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services remained operational.	Gilmorehill, Garscube and Remote Access	19 July 2023
Infoblox: DHCP migration and user acceptance testing	Access to all systems was at-risk and short intermittent interruptions were encountered. This included access to UofG systems from any location and access to anything from UofG. Guest Wi-fi services will remain operational.	Gilmorehill, Garscube and Remote Access	29, 30 and 31 July 2023
Crichton Campus Upgrade	Varied level of impact (This was communicated to all at Crichton Campus by Stephen Patterson)	Crichton Campus, Dumfries	15 May 2023 to 18 Sep 2023
Firewall Pt. 1	There was no loss of service	Data Centres	21 Aug 2023 to 8 Sep 2023
Standardisation of network interfaces Pt. 1	There was no loss of service	Data Centres	24 Oct 2023 to 25 Oct 2023
Installation of central networking core (SDA)	There was no loss of service	Data Centres	23 Oct 2023 to 30 Oct 2023; from 09:00 to 17:00
Installation of nodes at JWN and Library	There was no loss of service	JWN & Library	23 Oct 2023 to 28 Oct 2023; from 09:00 to 17:00 2 Nov 2023; from 09:00 to 17:00
Davidson Building: Installation of Distribution Switch	Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.	Davidson Building	18 Dec 2023; from 17:00 to 21:00
James Watt South (JWS): Installation of Distribution Switch	Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.	James Watt South (JWS)	19 Dec 2023; from 17:00 to 00:00
Southeast Corner of Gilbert Scott Building: Installation of Distribution Switch	Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.	Southeast Corner of Gilbert Scott Building	8 February 2024 from 18.00 to 23:00
Sir James Black Building: Installation of Distribution Switch	Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.	Sir James Black Building	9 February 2024; from 18:00 to 23:00
BT Exchange in Gilbert Scott Building: Installation of Distribution Switch	Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.	BT Exchange area of Gilbert Scott Building	10 and 11 February 2024: from 18:00 to 23:00
Joseph Black Building: Installation of Distribution Switch	Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.	Joseph Black Building	11 and 12 February 2024; from 18:00 to 23:00
Rankine Building: Installation of Distribution Switch	Partial outages affected network services. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access was affected intermittently to the following services: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access.	Rankine Building	13 February 2024; from 18:00 to 23:00
Scotgrid Connectivity: Reconfiguration	There was a complete loss of network connectivity to and from Scotgrid services, including access from inside the network, during the timeframe stated.	Remote	23 March 2024 to 24 March 2024; from 09.00 to 18:00 each day
Standardisation of network interfaces Pt. 2	There was no loss of service	Data Centres	25 March 2024 to 26 March 2024; from 18:00 to 22:00 each day
Scotgrid: Troubleshooting	Intermittent connectivity was experienced to Scotgrid services for the 4 hour window of works.	Remote	25 April 2024; from 08:00 to 12:00
Proof of Concept (PoC): Firepower Replacement	Only the PoC was be affected. There was no other loss of service	Remote	15 May 2024; from 09:00 to 17:00
Commission External Firewall	There was no loss of service	Remote	29 April 2024 to 5 July 2024; from 09:00 to 17:00 (daily)
Commission Internal Firewall	There was no loss of service	Remote	29 April 2024 to 5 July 2024; from 09:00 to 17:00 (daily)
Build SDA (and all associated components)	There was no loss of service	Remote	29 April 2024 to 5 July 2024; from 09:00 to 17:00 (daily)
Commission Service Layer firewall	There was no loss of service	Remote	29 April 2024 to 5 July 2024; from 09:00 to 17:00 (daily)
Firewall: IOT Testing and Migration	During the period of works, all users of wirelessly connected internet devices (UGRERUM part of network) were down for a 15-minute period during the window of downtime. This meant these devices were unavailable during this period. The systems became available after the 15-minute period has passed. NB: Hard wired kit was not affected	Online	Window of works: 23 July 2024; from 20:00 to 00:00 Window of downtime: 23 July 2024; from 20:30 to 20:45
Firewall: Azure Testing and Migration	During the period of works, access to certain Azure was down for a 15-minute period during the downtime window. This meant Azure access was unavailable during this period. Azure became available after the 15-minute period had passed. NB: Microsoft 365 was not affected	Online	Window of works: 24 July 2024; from 20:00 to 00:00 Window of downtime: 20:30 to 20:45
Firewall: External Testing	During the period of works, all access to internet bound services was down for 2 x 15-minute period during the cutover window. This meant access to internet bound services (JANET) was unavailable during this period. The services became available after the 15-minute period has passed.	Online (remotely and on-campuses)	Window of works: 25 July 2024; from 22:00 to 02:00 Downtime windows: 22:30 to 22:45 01:30 to 01:45
Firewall: External Migration	During the period of works, all access to internet bound services was down for a 15-minute period during the cutover window. This meant access to internet bound services (JANET) were unavailable during this period. Services became available after the 15-minute period had passed.	Online (remotely and on-campuses)	Window of works: 24 Aug 2024; from 21:30 to 03:00 Downtime windows: 22:30 to 22:45
Garscube Distribution: Wolfson Wohl TCRC (TCRC), Sir Michael Stoker (SMS) & McCall Building	Each building chad partial outages in network services during their respective window of planned works. This included intranet and internet access, wired and wireless connections, guest access, and telephony networks. Users access to the following services were affected intermittently: network shares, file storage, internal applications, internet, Janet services, telephony, and any wireless and guest access. Approx. outage details during each window of works: TCRC: 19 outages x 2 mins per outage = 38 mins SMS: 12 outages x 2 mins per outage = 24 mins McCall: 29 outages x 2 mins per outage = 58 mins	Wolfson Wohl TCRC (TCRC), Sir Michael Stoker (SMS) & McCall Building	TCRC: 30 August 2024; from 18:00 to 02:00 SMS: 31 August 2024; from 08:00 to 23:00 McCall: 01 September 2024; from 08:00 to 23:00
Library: Pilot SD Migration	There was no loss of service planned	Remote	23 and 24 September 2024; from 09:00 to 17:00
JMS: Pilot SD Migration	There was no loss of service planned	Remote	25 and 26 September 2024; from 09:00 to 17:00
JWN: Pilot SD Migration	There was no loss of service planned	Remote	27 and 30 September 2024; from 09:00 to 17:00
McMillan Reading Room: Pilot SD Migration	There was no network access, during the timeframe stated. This affected UofG network-based applications. Therefore, the McMillan Reading Room was closed during the period of works	McMillan Reading Room	1 and 2 October 2024; from 17:00 to 20:00 each day
Pearce Lodge: Pilot SD Migration	There was no network access, during the timeframe stated. This affected UofG network-based applications NB: Due to IP address changes, users were expected to test their access on Monday 7th and report any issues. Capita were be available at Pearce Lodge on the 7th to address any concerns.	Pearce Lodge	5 and 6 October 2024; from 08:00 to 18:00 each day
Mazumdar-Shaw Advanced Research Centre (ARC): Distribution Switch Reconfiguration	Intermittent loss of connectivity during migration which is expected to last for 30-60 seconds. We are unable to specify exactly when this 1 minute of disruption will occur during the timeframe outlined.	Remote	20 October 2024; from 01:00 to 04:00
Upgrade: Firewall Management Center and Appliances (cont'd)	There will be brief periods of internet disruption. UofG users should expect to experience up to 4 short interruptions, each lasting about 2 minutes, affecting access to services like MyGlasgow and email.	Data Centres	25 October 2024 from 22:00 to 26 October 2024 01:00; (3 hrs)

Distribution Node Buildings

The Network Programme (NP) will be replacing existing, long-standing network distribution switches as well as increasing the number of these important network hubs in the following buildings:

James Watt North (JWN)
South-East Main Building (SE Corner of Gilbert Scott)
Davidson Building
Sir James Black Building
Library (x2)
James Watt South (JWS)
Sir Alexander Stone Building
BT Exchange (BTEx)
Kelvin Building
Joseph Black Building (x2)
Advanced Research Centre (ARC) (x2)
James McCune Smith (x2)
Saughfield
Rankine Building
Sir Michael Stoker Building (CVR) - Garscube
Wolfson Wohl Cancer Research Centre (TRC) - Garscube

SD-A Pilot Buildings

The Network Programme (NP) will be testing a more secure, automated, and user-centric approach to network management in the following pilot buildings in 2024:

James Watt North (JWN) – Full
Library – Partial
James McCune Smith – Partial
Pearce Lodge – Full
Reading Room - Full

NB - Full conveys that all the current edge connections will be considered for migration to SDA for that building, whereas partial means a few ports will be considered, possibly one switch in a building

We use cookies

Necessary cookies

Analytics cookies

Clarity

Network Programme