Harvard's network operations center (NOC) is a set of web applications and tools that offer transparency and push "self service" to customers in a secure, verified, and granular way.
3. What is the NOC Customer Portal?
o It’s a set of web applications and tools…
4. What is the NOC Customer Portal?
o It’s a set of web applications and tools…
o that offer transparency and push “self service” to customers…
5. What is the NOC Customer Portal?
o It’s a set of web applications and tools…
o that offer transparency and push “self service” to customers…
o in a secure, verified, and granular way.
7. Is it laziness to push network
administration to users?
o A little.
8. Is it laziness to push network
administration to users?
o A little.
o Another word would be “efficient.”
9. Is it laziness to push network
administration to users?
o A little.
o Another word would be “efficient.”
o It’s also more convenient for users.
10. Is it laziness to push network
administration to users?
o A little.
o Another word would be “efficient.”
o It’s also more convenient for users.
o AND it increases security.
11. Is it laziness to push network
administration to users?
o A little.
o Another word would be “efficient.”
o It’s also more convenient for users.
o AND it increases security.
o AND in most cases, the user also gets immediate results.
12. Is it laziness to push network
administration to users?
o A little.
o Another word would be “efficient.”
o It’s also more convenient for users.
o AND it increases security.
o AND in most cases, the user also gets immediate results.
o In other cases, it shortens cycles by removing ambiguity.
13. Is it laziness to push network
administration to users?
o lets the computer do what it’s good at, but people are not
14. What are some tools on the NOC
Customer Portal?
o Email aliasing
o VPN accounts
o DNS
o MAC tracking for stolen devices
o many others!
17. How about stuff where we need
babysitting?
o ACLs
o Access Control List
18. How about stuff where we need
babysitting?
o ACLs
o Access Control List
o rules that allow/deny access on the network
19. How about stuff where we need
babysitting?
o ACLs
o Access Control List
o rules that allow/deny access on the network
o ACLs are confusing!
20. An Example
o staff member who works at GSD
o network admin
o authorized to make ACL requests
o wants to open web access to frankgehry.gsd.harvard.edu
(128.103.174.100)
21. The old way:
① emails request to NOC
② NOC receives request
③ NOC evaluates request, may pass off to SOC for approval if
host is on their network, probably need to seek clarification
from customer
④ eventually, NOC carries out request
⑤ NOC notifies user
22. Why that stinks:
o slow
o “social engineering”
o guaranteed to spend cycles seeking clarification (ACLs are
complicated!)
o multiple staff members needed
o changes go into a black hole
o easy to miscommunicate (ACLs are complicated!)
o no transparency into existing ACLs
23. The Portal way
o parse all network device configurations into database
o make available via “ACLadmin” on the Portal
o instantiate all business rules and technical logic in that
o let’s take a look…
24. Why that doesn’t stink:
o authenticated
o validated
o no NOC staff time needed until time to evaluate/add
o automatically logged
o easier than vendor GUI
o not immediate, but quicker
o have zone control
o pre-vetting for format & redundancy (complexity control)
o transparency
o vendor neutral (new!)
o let the computer do what it’s good at and humans aren’t
25. The future
o more of the same
o refresh existing apps for new technology
o APIs for automation (VPN/DHCP now, ACL/DNS to come)
Editor's Notes
How increase security? Email vs web app.
How increase security? Email vs web app.
How increase security? Email vs web app.
How increase security? Email vs web app.
How increase security? Email vs web app.
How increase security? Email vs web app.
How increase security? Email vs web app.
How increase security? Email vs web app.
What’s an ACL?
What’s an ACL?
What’s an ACL?
What’s an ACL?
What’s an ACL?
Explain what DNS is
[login as SRH w/o creds; enter into custdb; try again]