This information is directed at those UNE staff members who have, as a job function, the role of managing and supporting network connected devices in academic and administrative areas.
As most people will have heard me say, many times, the new network will implement contemporary best practice for security and, from the end-users perspective, is role-based. That means that devices connected to the network will be authenticated to the network with an assigned role. Eg desktop computers will have a client role, servers (central and departmental) will have a server role, MFDs have an MFD role, etc. [In the main I’m talking about core-UNE devices; non-core entities like ABRI, Services UNE, UNE Partnerships, will be dealt with differently].
In most cases it will be extremely obvious which role a device will fall into. But, as we come closer to moving to this long-awaited new network, you need to think about network connected devices that you might currently think of as being “client” but, from a security perspective, are really “server”. You need to identify devices that wait for incoming connections from external users and serve data (whether it be web pages, files or database requests).
If such a service is running on a desktop machine then you need to think of it as a server and ensure that UNE’s server policy is being applied. If a device is a “server” then it can’t also be a “client” — different security policies will apply. Where possible, consider moving services to a central servers (whether web server or file server or whatever).
I don’t need to know which devices are “servers” just yet – I just need you to think about it and identify them in your minds.
Also, for your information, “client” devices in your department will operate on different subnets to those “servers” in your department. To ensure a smooth transition on the new network, you should ensure – right now – that whenever a client device refers to a server, it does so by hostname (eg exchange.une.edu.au) rather than by IP address (eg 126.96.36.199).