the challenge of integrating the networks of 3 university museums

1

The Challenge of Integrating the Networks of���

Three University Museums

Jonathan Moffett : Ashmolean

Anjanesh Babu : Ashmolean

Sarah Phibbs : OUMNH

Haas Ezzet : Pitt Rivers

ICTF 2012 5 July 2012

2

Museum 1: Ashmolean

http://www.ashmolean.org

3

Museum 2 : Natural History Museum

http://www.oum.ox.ac.uk

4

Museum 3 : Pitt Rivers Museum

http://www.prm.ox.ac.uk

5

•  Collections Management

•  Academic Research

•  Displays / Exhibitions

•  Education / Outreach

•  University Teaching

•  Events

•  Collections Online

What we do

6

Visitors

•  Visitor Numbers : around 2 million

•  Around 3 million virtual visitors

•  Free to visit

•  300 - 400 staff

•  6.5 FTE ICT Staff

Why Integrate our Networks?

•  Security Considerations

•  Museums Reviews

•  External funding

•  Greater access to collections

8

in house

Ashmolean Natural History Pitt Rivers

The Museum Networks in 2010

Challenges

•  Accommodate the variations

•  Resources

•  F unding (ACE / Renaissance )

•  Maintaining operational continuity

FW 3!FW 2!FW 1!

Solutions: Option 1: Stand alone

FW 3!FW 2!FW 1!

Solutions: Option 2: mix & match

FW 3!FW 2!FW 1!

Solutions: Option 3: match & mix

13

Solutions: Option 4: Working Together

QinQ

QinQ

c o r e

14

Scale of the problem

The Ashmolean

Natural History Museum

Pitt Rivers

1 mile

15

OUCS : The Front Door System

OUMNH

PRM

The Ashmolean Site Default VLAN

Other vlans

Site Default VLAN

Other vlans

Ash-Frodo PRM-Frodo

OUM-Frodo

VLAN Aggregator

QinQ

QinQ

QinQ QinQ

802.1Q Trunks

Site VLANS

16

Firewall Hardware

Core Switch : Cisco 3750-X

FORTIGATE 200B FORTIGATE 200B

FORTIANALYSER 100C

Active Firewall Passive Firewall

Eaton Source Switching Eaton EA 1000VA 2U Eaton EA 1000VA 2U

Mains Power Mains Power

17

Fortinet: Advantage

VDOM 1 VDOM 2 VDOM 3

One Physical Unit

18

Fortinet: did we get this right?

2010 2012

19

Aerohive advantages : wireless

•  Single WPA2 network – multiple vlans

•  Distributed architecture (‘the Hive’)

•  Mesh network

•  Feature rich

•  Cost effective

PPSK

20

Aerohive: Single SSID: Multiple VLans

Ash – MAC filter

OUM – MAC filter

PRM – MAC filter

ASH – user list

OUM– User list

PRM– User list

PRM VLAN

OUM VLAN

Ash VLAN

WPA2 – PSK SSID

21

Getting the tingles

• Wireless Network growing

•  Static devices up

•  Reduction in number of attacks

•  Visibility into usage patterns

•  Simplified management

22

in house

A recap of how we were before ........

Where we are now: Service Layers

? edge

24

Reduce the Chatter

DNS

DHCP

0101010100101101010100101010101011

DNS

DHCP 0101010100101111

Core

25

Push to the Edge <the future>

Push IT Expertise to the edge

26

User-Savvy Tech

•  Not tech savvy users

•  Simpler tools to get things done - e.g. codiqa, online ‘noCode’ app development

•  This is the future we are anticipating

•  Enablers for change

27

Eternally grateful to

•  Alistair James (OUCS Network Operations Manager)

•  Pierre Ramsay (OUCS Network Control)

•  Mark Siddle (Network Operations)

•  Stephen Madeley (Network Operations)

•  Christopher Burchell (Network Operations)

•  Entire OUCS Networks team

•  Oxford University IT Support Staff Group

28

Any Questions ?