Infrastructure
From Interlock Rochester Wiki
(Difference between revisions)
Ben Woodruff (Talk | contribs) (→Subnets) |
(→Production) |
||
| (31 intermediate revisions not shown) | |||
| Line 5: | Line 5: | ||
! Sub-group !! Lead !! Members | ! Sub-group !! Lead !! Members | ||
|- | |- | ||
| - | | Power || | + | | Power || [[User:JustBill|JustBill]] |
|- | |- | ||
| - | | Environment || | + | | Environment || [[User:JustBill|JustBill]] |
|- | |- | ||
| [[Hackerspace_Security_System|Security]] || [[User:Antitree|Mark Manning]] | | [[Hackerspace_Security_System|Security]] || [[User:Antitree|Mark Manning]] | ||
|- | |- | ||
| - | | Inter-hackerspace Communication || [[User:Antitree|Mark Manning | + | | Inter-hackerspace Communication || [[User:Antitree|Mark Manning]] |
|- | |- | ||
| - | | [[Network Infrastructure Group|Network]] || [[User: | + | | [[Network Infrastructure Group|Network]] || [[Team Effort]] || [[User:Carl |Carl]], [[User:JustBill|JustBill]], [[User:Antitree|Mark Manning]] |
|- | |- | ||
| + | | Virtualization || [[User:JustBill|JustBill]] || [[User:Carl |Carl]] | ||
|} | |} | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
=Power= | =Power= | ||
| Line 26: | Line 22: | ||
=Environmental= | =Environmental= | ||
| - | + | We have a central room that is supplied with heat and direct access to A/C controlled environment. To keep air flow active a standard box fan will be installed in the drop ceiling as air flow is the biggest issue in our server room. | |
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
==Recycling== | ==Recycling== | ||
| Line 39: | Line 30: | ||
=Network= | =Network= | ||
| - | |||
| - | + | See [[networking wish list]] | |
| + | The network infrastructure group will create and maintain the [[network acceptable use policy]]. The policy will be approved by the board of directors and then signed by every member who wants access to any of the following networks. The mentality is to use the keep it simple methodology since all work is done by volunteers. As we do not have staff, we can not always know who may manage our environment next. | ||
| - | + | The network is broken down into 3 smaller networks: | |
| - | * | + | * <span style="color: green">Production</span> |
| + | * <span style="color: brown">Development</span> | ||
| + | * <span style="color: red"> Warzone</span> | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
== Subnets == | == Subnets == | ||
| Line 62: | Line 46: | ||
! if !! VLAN !! Network/Mask !! Name !! Description | ! if !! VLAN !! Network/Mask !! Name !! Description | ||
|- | |- | ||
| - | |||
|- | |- | ||
| - | | OPT100 || 100 || | + | | OPT100 || 100 || 172.16.100.0/24 || Production || Core Equipment management (routers, [[Network Switch Configuration|switches]], etc) |
|- | |- | ||
| - | | | + | | OPT200 || 200 || '''172.16.200.0/24''' || '''Development''' || '''This is where all other traffic lands''' |
|- | |- | ||
| - | |||
| - | |||
| - | |||
|- | |- | ||
| - | | | + | | OPT1000 || 1000 || '''192.168.1.0/24''' || '''Warzone''' || '''A place where invasive network attacks ''will'' occur. May also have VPN links to other hackerspaces (both in the US and abroad).''' Currently routed through it's own router, which is the 192.168.1.x network. Physical isolation will be maintained. |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
|} | |} | ||
| + | |||
| + | See [[Network Switch Configuration]] for more details. Project, and Warzone may have undocumented subnets / VLANs beneath them. | ||
| + | |||
| + | Last updated: --[[User:JustBill | JustBill]] 13:10, 15 March 2012 (EST) | ||
== Internet == | == Internet == | ||
| - | We | + | We use NYSYS for our internet connection. The contract has been signed and services are in place. |
==<span style="color: green">Production</span>== | ==<span style="color: green">Production</span>== | ||
| Line 89: | Line 67: | ||
=== Change Control === | === Change Control === | ||
| - | The infrastructure group will need to determine a method to log changes to the network. A consensus must be reached within the group before any change can be done on the production network. Change management will ''loosely'' follow [http://en.wikipedia.org/wiki/Change_Management_%28ITSM%29 ITIL Recommendations]. | + | The infrastructure group will need to determine a method to log changes to the network. A consensus must be reached within the group before any change can be done on the production network. Change management will ''loosely'' follow [http://en.wikipedia.org/wiki/Change_Management_%28ITSM%29 ITIL Recommendations]. The current methodology is use the netadmin email to log all changes. |
| + | |||
| + | |||
| + | === Crappy Viso === | ||
| + | Soon to come | ||
| + | |||
| + | == Planning == | ||
| + | (not necessarily implemented) | ||
=== Access === | === Access === | ||
| Line 124: | Line 109: | ||
** RIS or Ghost | ** RIS or Ghost | ||
| - | ==<span style="color: | + | |
| - | * | + | ==<span style="color: brown">Development</span>== |
| - | ** | + | * No expectation of reliability |
| - | * | + | * Open access to equipment / no change management |
| - | + | * No probing / pen testing (unless you have permission) | |
| - | * | + | * Can be used to setup non-critical projects that do not require the stability of the production network |
| - | * | + | * Dynamic |
| + | * If you need a private network below for your testing you can supply your own firewall and create your own network. | ||
| + | * If you need remote access to your above network, send an email to netadmin@interlockroc.org and your request will be handled as soon as possible by a team member. | ||
==<span style="color: red">[[Warzone]]</span>== | ==<span style="color: red">[[Warzone]]</span>== | ||
| - | |||
* No expectation of reliability | * No expectation of reliability | ||
* Relatively open access to equipment / no change management | * Relatively open access to equipment / no change management | ||
| Line 154: | Line 140: | ||
*Screen | *Screen | ||
*Sources: DVD, computers | *Sources: DVD, computers | ||
| + | |||
| + | [[category:cleanup]] | ||
Latest revision as of 15:55, 15 March 2012
Contents |
Interlock Rochester Infrastructure
| Sub-group | Lead | Members |
|---|---|---|
| Power | JustBill | |
| Environment | JustBill | |
| Security | Mark Manning | |
| Inter-hackerspace Communication | Mark Manning | |
| Network | Team Effort | Carl, JustBill, Mark Manning |
| Virtualization | JustBill | Carl |
Power
Overhead cord reels are a solution, but they must not remain plugged in at their source when not in use in order to comply with fire code. Cable trays are not a good solution for power. (They are a pain in the ass.)
Environmental
We have a central room that is supplied with heat and direct access to A/C controlled environment. To keep air flow active a standard box fan will be installed in the drop ceiling as air flow is the biggest issue in our server room.
Recycling
We don't want to horde a bunch of stuff that will never get used, but things that are likely to get recycled (especially scraps of raw materials) we should hold on to. This not only potentially benefits the environment, it's in our best interest from a costs perspective as well.
Network
The network infrastructure group will create and maintain the network acceptable use policy. The policy will be approved by the board of directors and then signed by every member who wants access to any of the following networks. The mentality is to use the keep it simple methodology since all work is done by volunteers. As we do not have staff, we can not always know who may manage our environment next.
The network is broken down into 3 smaller networks:
- Production
- Development
- Warzone
Subnets
| if | VLAN | Network/Mask | Name | Description |
|---|---|---|---|---|
| OPT100 | 100 | 172.16.100.0/24 | Production | Core Equipment management (routers, switches, etc) |
| OPT200 | 200 | 172.16.200.0/24 | Development | This is where all other traffic lands |
| OPT1000 | 1000 | 192.168.1.0/24 | Warzone | A place where invasive network attacks will occur. May also have VPN links to other hackerspaces (both in the US and abroad). Currently routed through it's own router, which is the 192.168.1.x network. Physical isolation will be maintained. |
See Network Switch Configuration for more details. Project, and Warzone may have undocumented subnets / VLANs beneath them.
Last updated: -- JustBill 13:10, 15 March 2012 (EST)
Internet
We use NYSYS for our internet connection. The contract has been signed and services are in place.
Production
The production network will be the main segment and will provide network access to Interlock's members. This network will be subdivided into 5 separate subnets, to help manage IP growth, and secure vital systems. The production network will not be used to perform penetration testing or other white hat hacking (port scans, IP sweeps, DoS, etc). The production network must have reliable uptime, as that other members will be dependent on it.
Change Control
The infrastructure group will need to determine a method to log changes to the network. A consensus must be reached within the group before any change can be done on the production network. Change management will loosely follow ITIL Recommendations. The current methodology is use the netadmin email to log all changes.
Crappy Viso
Soon to come
Planning
(not necessarily implemented)
Access
Access to core network equipment and topology will be restricted to those in the infrastructure group.
Services
- RADIUS/LDAP Server
- Central Authentication repository
- Should be linked with Google Apps
- Web Server
- Host the wiki, website, etc
- CoLo Boxes
- Not intended to host production/high bandwidth websites
- Used for offsite backup
- DHCP Server
- IP addresses will only be given out to know and trusted network adapters.
- A device registration system, like RIT's start.rit.edu, would be useful
- DNS Server
- File Server
- Access via SFTP, SMB, or WebDAV possibly
- VPN Server
- Provide VPN access to the network. This needs to be decided as to whether this will be implemented, and the scope of the build.
- Streaming Music Server
- Use a AirPort Extreme AP to play music via AirTunes
- Image Server
- RIS or Ghost
Development
- No expectation of reliability
- Open access to equipment / no change management
- No probing / pen testing (unless you have permission)
- Can be used to setup non-critical projects that do not require the stability of the production network
- Dynamic
- If you need a private network below for your testing you can supply your own firewall and create your own network.
- If you need remote access to your above network, send an email to netadmin@interlockroc.org and your request will be handled as soon as possible by a team member.
Warzone
- No expectation of reliability
- Relatively open access to equipment / no change management
- No expectation of structure, very dynamic depending on project use etc, may use different IP address schemes
- Expect to have equipment probed / pen tested
- ChaosVPN endpoint/node (link to other hackerspaces)
- "Rogue" access points allowed (maybe include DHCP message that states you'd better be sure you want to connect to this network - want to be friendly with our neighbors)
Audio-Visual System
Audio
- Public Address system array across the ceiling
- Two speakers rigged to the top corners of the room
- Surround sound rigged to the top of the room (low priority)
- Inputs to an audio mixer/home receiver
- Sources: Microphone, CD/DVD, computers
Video
- Ceiling mounted projection
- Screen
- Sources: DVD, computers
