Body
Overview
The following provides guidelines for departments to follow when connecting to and using the University of Pittsburgh's Network (PittNet).
Detail
Scope
University of Pittsburgh policy AO 38 (formerly 10-02-13) establishes the provisions for the installation, maintenance, and operation of the University of Pittsburgh's Network (PittNet).
Definitions
Network Infrastructure Device: Any device intended to construct, extend, support, or manage a network. These devices include routers, hubs, switches, repeaters, wireless hubs, firewalls, gateways, or any end-user device configured to enable it to perform the function of a network infrastructure device including proxy servers, network address translation devices, or DHCP servers.
End-User Device: Any device intended for use by one or more individual users on the network. These devices include:
- Personal computers and workstations
- Network-aware scanners, printers, and similar devices
Workgroup Device: Any device configured to be used by more than one end user for the purpose of sharing files, printers, scanners, or other end-user devices.
Remote Control Software: Software that allows any device to control the keyboard, mouse, and display functions of another device attached to the network. Examples of remote control software include: pcAnywhere, Netop, Netbus, Carbon Copy, VNC, and similar products.
Responsibilities
Pitt Information Technology (Pitt IT) Responsibilities
- Install, configure, manage, and maintain all network infrastructure devices.
- Design and implement PittNet, including extensions and improvements, to serve the needs of the University community following applicable approved planning documents and University policies as established.
- Provide, configure, manage, and maintain all network infrastructure devices enabling connections to all external organizations and entities.
- Install and maintain network cable in accordance with current network and facility standards.
- Provide connectivity to the public commodity internet and to private research networks.
- Pitt IT has the sole responsibility for providing the University of Pittsburgh with IPv4 and IPv6 address space and the assignment of addresses to machines.
- Pitt IT has the sole responsibility for DNS services and name and address resolution for pitt.edu and other University of Pittsburgh registered domains.
University Unit Responsibilities
- Manage workgroup and end-user devices in accordance with applicable University policies and procedures.
- Ensure that workgroup and end-user devices meet appropriate standards for attachment to PittNet wherever applicable. A single device per PittNet port is permitted.
- Submit Voice and Data Services Requests needed to obtain sufficient Pitt IT-provided wired network access points for all workgroup and end-user devices to ensure that one and only one device is attached to any wired network access point.
- Submit IP address request forms to request a new or changes to an existing IP address and fully qualified domain name (FQDN) from Pitt IT for each device attached to a PittNet port.
- Ensure that any workgroup or end-user device is operating properly to avoid creation of excessive or malformed network traffic that prevents normal use of PittNet by other users, workgroups, or units.
Network Use Standards
Cabling
Installation of cabling (including fiber-optic cable) and network access points (ports) is the responsibility of Pitt IT. University units must not engage in the installation of network cable and/or network infrastructure devices, either on their own or by engaging the services of any third party. All requests for port or cable (including fiber-optic cable) installation must be submitted on a Voice and Data Services Request.
Network Attachment Points
Each network access point (port) is intended to support one and only one workgroup or end-user device. PittNet ports are RJ-45 10/100/1000 Base-T connections. Speed and duplex setting may be set to a fixed speed and duplex or to auto-negotiate as requested by the user.
Network Addresses
Network Addresses, (IPv4 and IPv6 Addresses) are the property of the University, not individual units or persons. Pitt IT has sole responsibility for the assignment of both static and dynamic (DHCP) addresses. User or departmental assignment on address space used on PittNet is not permitted without a special exception being granted by Pitt IT for a specific application. Any statically-assigned IP address assigned to a workgroup or end-user device that is not in use for sixty (60) days or longer may be reclaimed by Pitt IT for assignment to another end-user device. This restriction will not apply in those situations where IP addresses are assigned by Pitt IT dynamically to end-user devices.
Network Protocols
In order to ensure network reliability, Pitt IT provides network support only for the IP version 4 and IP version 6 protocols on PittNet. Many transport protocols are supported (TCP, UDP, ICMP, IPSec, etc.) and both unicast and multicast transports are supported. Units must not attach any device that relies only on an unsupported protocol to a network access point.
Remote Access
Remote Access is available to end users via VPN connectivity using the PittNet VPN (GlobalProtect) service. PittNet is connected to the public internet and many public services are available without VPN connectivity, but access to private or secure services may only be through VPN connectivity. Units must not configure any modem to support incoming connections other than facsimile connections. This type of connectivity is allowed for use with a device that is granted through the network firewall request process.
Proxy Servers and Similar Devices
Pitt IT has provided alternatives to access IP restricted services. The installation of any type of device that allows the sharing of a single IP address by multiple devices compromises the operation of the network and must not occur. This includes proxy servers, personal routers, and residential network equipment. It is expected that each end-user device on PittNet will be configured with a single registered IP address from one of University's networks.
Extended Network Connections
Pitt IT will provide all network connections to extended locations and services. For near off-campus, non-University buildings, including rental and leased space, it is the responsibility of the University unit occupying the space or Property Management to fund the cost of a dark fiber connection to PittNet, including the installation cost and monthly rental costs. For locations outside of a 25 mile radius, Pitt IT will specify other non-dark fiber carrier transport services. Carrier T1 services do not provide adequate bandwidth to make a useful connection to PittNet. Any requirements for special connections to extended locations must be requested through Pitt IT by submitting a help request to the Technology Help Desk.
Network Management
In order to ensure the fair use of network resources by all members of the University community, Pitt IT must take steps to identify devices that adversely affect PittNet. Pitt IT will attempt to notify the unit responsible for the offending device to correct the problem. In extreme situations, the network access point to which the offending device is attached may be disconnected until the unit or individual can demonstrate that the problem has been resolved. Upon disconnecting a network port for this reason, Pitt IT will notify both the individual using the network access point and the Unit Administrator of the unit in which the network access point is located.
Pitt IT is responsible for the University's connectivity to the internet and to research networks (I2, NLR). Pitt IT reserves the right to selectively block any traffic that does or may have a harmful effect on internet connectivity or enterprise systems or that represents a security threat to the University network or systems that comprise the University network. This applies to all PittNet traffic including internal, outgoing, and incoming.
Units may wish to use network management tools to manage the workgroup and end-user devices under their control. Units must not use network management tools to discover or attempt to manage network infrastructure devices or workgroup and end-user devices under the control of any other unit. The use of network traffic monitoring and analysis devices by anyone other than designated Pitt IT staff impedes the network operation and must not occur.