1 / 26

NetReg

NetReg. Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information. Unify RDM, Security Contacts and DHCP MAC Registration Applications. Each application manages information about related and overlapping entities

abril
Télécharger la présentation

NetReg

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information.

  2. Unify RDM, Security Contacts and DHCP MAC Registration Applications • Each application manages information about related and overlapping entities • One Stop Shop for Registration for Network access, Security Contacts, and Restricted Data • All three existing applications need enhancements

  3. Existing Application: Restricted Data Management (RDM) Data Owner RDM System name, IP address Type of Data, quantity Security plan, etc. Registers RDM Systems

  4. Existing Application: Security Contacts Primary IT Contact Security Contacts App Contact Role name, Dept Owner, contact information List of Maintainers Email address Add IP Address Entities Creates Role IP Address Entity Address Range CIDR block (subnet) Subdomain

  5. Existing Application: DHCP MAC Registration Individual DHCP Registrant DHCP MAC Registration System Entity MAC address Fixed DHCP? Then IP address Dynamic DNS? Then hostname Registers MAC address. Requests Fixed DHCP, Dynamic DNS IP Address Entity Address Range CIDR block (subnet) Subdomain Hostmaster DHCP Service

  6. New Application: NetReg NetReg Contact Role (CR) name, Dept List of Members Email address Delegated Group(s) Individual DHCP Registrant Registers System, MAC address Primary IT Contact Creates Role Systems: add, edit, remove, bulk upload IP Addr Entity: claim, abandon, transfer Data Owner Registers RDM System System Entity MAC address IP Addr Assignment? RDM type? IP Address Entity IPv4 and IPv6 Address, Range CIDR block (subnet) Subdomain Hostmaster DHCP Service

  7. NetReg Goals • Promote Campus DHCP service • Improve information management • Improve data integrity • 100 % coverage for notifications • Good authorization platform • Required for future services

  8. Promote Campus DHCP service • Role-based Management • Bulk upload of System Entity data • Notes field • Transfer MAC address mechanism • Greater use of DHCP • Future: Option 82 - Location with lease information • Future: IP source guard – requires the use of DHCP

  9. Improved Management • Unified application • Integrate RDM with Security Contacts • Role-based • Allow multiple profiles, multiple Contact Roles, per user

  10. Data Integrity • Automatic checks for changes that effect Authorization or Notification • Expired CalNet UIDs • Contact Roles with no active members • Stale MAC addresses • Network moves • Job changes • Re-organizations • Appropriate follow-through

  11. 100% Coverage • Really is ‘100% Coverage without any overlap’ • Quickly, easily translate an IP address to a responsible party for notification • Responsible party related to organizational structure for security reporting

  12. Authorization • Is this person authorized to create this department’s Contact Role? • Does this IP address entity belong with this Contact Role? • When was this IP address associated with this Contact Role? • Future services require good authorization

  13. Proposals

  14. Contact Roles • Two kinds of Contact Role (CR), Department and Group. • Group CR created by Department CR • Department Contact Role tied to organizational structure for security reports • Dept CR at a node in organizational structure, any level. • Only one Dept CR per node in org structure. • Groups Contact Roles allow for different IT management styles within departments • Group CR has Dept CR parent. • Group CRs cannot create additional Group CRs.

  15. Organizational StructureContact Roles DCR1 DCR2 DCR3 DCR4 DCR5 GCR3A GCR3B GCR5A GCR5B

  16. Contact Roles, con’t. • Member of Dept CR can be member of Group CR, and vice-versa. • Dept CR has read-only access to child Group CR information • Group CR has read-only access to parent Dept CR information? • Dept CR can configure whether it sees notifications to Group CRs, or not

  17. IP Address Entities • CRs claim, abandon, request, transfer IP Address Entities. • IP Address Entities claimed by only one Contact Role (CR) • E.g., CR1 claims CIDR block (subnet), transfers individual addresses to CR2 • Notifications match IP Address by longest prefix match. • CIDR blocks as defined in networks.local.

  18. Actions upon IP Address Entities NetReg Holding Area Network Allocated CIDR blocks Assigned IP addresses Dept CR 1 Unallocated CIDR blocks, unassigned IP addresses Data feed Dept CR 2 Group CR 2A Claim Abandon Request Transfer

  19. IP Address Entities, con’t. • Claim/Abandon by Dept CR only, Requests/Transfers by any CR • Subdomain claims potentially create collisions. • IP Address claimed by Address by one CR and another CR by Subdomain

  20. Relationship of Data Owner to Contact Role? • Does the Data Owner ask the Contact Role to mark a System as having restricted data? • Is the Data Owner a member of the Contact Role? In order to marks System as having sensitive data. • Is the Data owner a different kind of Role with a relationship to the Contact Role?

  21. NetReg Application • CalNet Authenticate • Select Profile, if more than one • NetReg Main Menu

  22. NetReg: Main menu • Manage Contact Roles • Manage IP Address Entities • Manage System Entities

  23. NetReg: Contact Info • Manage Contact Role • View – default • Members, Email address, Dept ID and name, or Parent CR • Members – list, add, remove • Email address – view, edit, send test message • Delegated groups • Add • Remove • Transfer IP Address(es) to/from

  24. NetReg: IP Address Entities • Manage Network information • View – default • Search - • Claim • Request • Transfer • Abandon

  25. NetReg: System Info • Manage Systems • View – Default • View, detail view – DHCP lease, location, ARP cache information • Search • Edit • Name • Notes • MAC address – list, edit, add, remove • RDM type - if >0 then RDM sub-system • IP assignment type – DHCP – dynamic, DHCP – fixed, Static, and appropriate follow-on fields. • Add • Transfer • Remove • Bulk Upload

  26. Other Issues? Feedback to Saskia Etling, saetling@berkeley.edu

More Related