Physics Network Integration - University of Oxford Department

Physics Network Integration
Chris Hunter
Physics network team
• Chris Hunter : Network Manager
• David Newton : Network Support Technician
• Room DWB 663
• Phone 73501
• Email [email protected]
Network Sockets & Concentration
• 16 network concentration
points (NCP’s) in the Denys
Wilkinson Building alone.
• Available Switch ports 2290
Approx. 59.2% active
• Level 2 NCP hub of the Physics
network with 2 x 10Gb fibre
connections going to each of
the Physics buildings.
Edge Switch Upgrades
• 48 x 1Gb/s + 2 x 10Gb/s SFP+ Ports
• Switch stacking up to 8 switches via HDMI
cables at speeds of > 10.2 Gbit/s
• Port Based Authentication, 802.1x and Mac
Address Bypass (MAB)
• Port based Access Control Lists (ACL’s)
Physics Firewall
Firewall Juniper Netscreen ISG 1000
Physics Wireless Network
• Currently 19 x 802.11g 56Mbps wireless
access points in the DWB plus a couple of
802.11n 300Mbps
– Anyone with a Physics network account can
– Clients connected to the Physics_S wireless
network are part of the subnet,
with 802.1x authentication.
– Help on connecting to Physics_S can be
found at
OUCS wireless network
• OWL-VISITOR and OWL-VPN also available, via
the OWL ssid.
• Eduroam now also available, connect using
your Remote Access Account, different from
your SSO or Nexus account
• Details about both OWL & Eduroam at
Access to Physics Services from the untrusted subnet or remotely
• Virtual Private Network (VPN)
– works with Microsoft, Linux and
OSX clients, uses Physics authentication domain help
– Best to setup Windows client with Automatic as the VPN type,
the client will then try a number of VPN types, our VPN server
supports PPTP and SSTP, PPTP often gets blocked a the client
end because the required GRE protocol is blocked.
– OSX will work with SSTP although I don’t think we have the
instructions on the web yet.
– Oxford University IT Services have VPN service, does
need specific client installed details at
Network Security
• Connecting unmanaged systems to the Physics
– MAC address registration is needed before gaining any
network connection for laptops on the wired network,
please register at
– 172.17.x.x un-trusted subnet
– Is your laptop up to date?
• Anti Virus / spyware
• Fully patched OS
• Be carful when opening emails, look out for phishing emails
• Connecting from outside of Physics
– SMB blocked, no connection to windows files
– MAPI access to Exchange Server blocked
– SMTP blocked
Network Security
• Exchange Server protocols not blocked
– Authenticated SMTP is available using, PHYSICS authentication domain
credentials are needed to use the service
• Other protocols
– web access, some pages within Oxford will require an
Oxford IP address, therefore VPN will be needed from
– RPC over HTTPS
Network Security
• Sophos Anti Virus Software
– Updates, out of date AV is no use
– Download Sophos for personal laptops running:• Sophos 10.0 for XP, Vista, Windows7 and 8 at
• Linux at
• Sophos v8.0.6 for MAC OSX 10.4/10.5/10.6 at
Network Backbone Connection
• Physics connection presently 1Gbps
• Campus connection to Super Janet currently
at 2 x 10Gbps.
Access to Physics Services from the untrusted subnet or remotely
Exchange email web access
• Outlook Configuration
• If using Outlook 2007 or 2010, then you can use the `autodiscover` feature. Basically, all it
needs to know is your email address (which it will already know if you are logged into the
domain) and it will look up all the other information it needs. Further details can be
found at
• Webdav via browser or windows network locations
•<username> connects to your windows ‘H’ drive.
• (Windows 7) Right click on ‘Computer’ within the file explorer, click ‘Add a network
location’, type the address above into the ‘Internet or network address field’, click next,
authenticate with you Physics credentials, type a name in for the network location, click
• Sftp + SSH
Winscp available on self service
Access to Physics Services from the untrusted subnet or remotely
• Printing from a Windows Laptop not in the
Physics domain.
• MAC Printing
Access to Physics Services from the untrusted subnet or remotely
• Windows terminal Servers
– A list of servers can be found at
– Remote Desktop Client (MS & MAC OSX), possible to
connect to local disks, printers and serial ports (not
possible to connect serial ports in OSX).
– Rdesktop on Linux systems,
• rdesktop <termservqc>, more for people without Windows
– Windows XP, Vista, Windows 7 and 8 will allow remote
access via terminal services, to connect to your Window
desktop from outside the department connect through, details can found on the
address above.
Physics self service
• Under Programs\Physics Self Service
• FAQ’s

similar documents