netreg net·reg - /'net-rej/ noun a web-based registration application for the management of...
TRANSCRIPT
![Page 1: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/1.jpg)
NetReg
Net·Reg - /'net-rej/ nounA web-based registration application for the management of system, network and contact information.
![Page 2: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/2.jpg)
Unify RDM, Security Contacts and DHCP MAC Registration Applications
• Each application manages information about related and overlapping entities
• One Stop Shop for Registration for Network access, Security Contacts, and Restricted Data
• All three existing applications need enhancements
![Page 3: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/3.jpg)
Existing Application: Restricted Data Management (RDM)
Data OwnerRDM
System name, IP addressType of Data, quantitySecurity plan, etc.
Registers RDM Systems
![Page 4: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/4.jpg)
Creates Role
Existing Application: Security Contacts
Primary IT Contact Security Contacts App
Contact Role name, DeptOwner, contact informationList of MaintainersEmail address Add IP Address Entities
IP Address EntityAddressRangeCIDR block (subnet)Subdomain
![Page 5: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/5.jpg)
Existing Application: DHCP MAC Registration
Individual DHCP Registrant DHCP MAC Registration
System EntityMAC addressFixed DHCP? Then IP addressDynamic DNS? Then hostname
Registers MAC address.
Requests Fixed DHCP, Dynamic DNS
Hostmaster DHCP Service
IP Address EntityAddressRangeCIDR block (subnet)Subdomain
![Page 6: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/6.jpg)
New Application: NetReg
Data Owner
NetRegContact Role (CR) name, DeptList of MembersEmail address Delegated Group(s)
Registers System, MAC address
Hostmaster
DHCP Service
IP Address EntityIPv4 and IPv6Address, RangeCIDR block (subnet)Subdomain
Individual DHCP Registrant
Registers RDMSystem
System EntityMAC addressIP Addr Assignment?RDM type?
Systems: add, edit, remove, bulk upload
IP Addr Entity: claim, abandon, transfer
Primary IT Contact Creates Role
![Page 7: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/7.jpg)
NetReg Goals
• Promote Campus DHCP service• Improve information management• Improve data integrity
• 100 % coverage for notifications• Good authorization platform –Required for future services
![Page 8: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/8.jpg)
Promote Campus DHCP service
• Role-based Management• Bulk upload of System Entity data• Notes field• Transfer MAC address mechanism• Greater use of DHCP – Future: Option 82 - Location with lease
information– Future: IP source guard – requires the use of
DHCP
![Page 9: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/9.jpg)
Improved Management
• Unified application– Integrate RDM with Security Contacts
• Role-based• Allow multiple profiles, multiple Contact
Roles, per user
![Page 10: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/10.jpg)
Data Integrity
• Automatic checks for changes that effect Authorization or Notification – Expired CalNet UIDs– Contact Roles with no active members– Stale MAC addresses– Network moves– Job changes– Re-organizations
• Appropriate follow-through
![Page 11: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/11.jpg)
100% Coverage
• Really is ‘100% Coverage without any overlap’• Quickly, easily translate an IP address to a
responsible party for notification• Responsible party related to organizational
structure for security reporting
![Page 12: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/12.jpg)
Authorization
• Is this person authorized to create this department’s Contact Role?
• Does this IP address entity belong with this Contact Role?
• When was this IP address associated with this Contact Role?
• Future services require good authorization
![Page 13: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/13.jpg)
Proposals
![Page 14: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/14.jpg)
Contact Roles• Two kinds of Contact Role (CR), Department and
Group.– Group CR created by Department CR
• Department Contact Role tied to organizational structure for security reports– Dept CR at a node in organizational structure, any level.– Only one Dept CR per node in org structure.
• Groups Contact Roles allow for different IT management styles within departments– Group CR has Dept CR parent.
• Group CRs cannot create additional Group CRs.
![Page 15: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/15.jpg)
Organizational StructureContact Roles
DCR1
DCR5
GCR5A
DCR2
GCR5B
DCR3
GCR3A GCR3B
DCR4
![Page 16: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/16.jpg)
Contact Roles, con’t.
• Member of Dept CR can be member of Group CR, and vice-versa.
• Dept CR has read-only access to child Group CR information
• Group CR has read-only access to parent Dept CR information?
• Dept CR can configure whether it sees notifications to Group CRs, or not
![Page 17: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/17.jpg)
IP Address Entities
• CRs claim, abandon, request, transfer IP Address Entities.
• IP Address Entities claimed by only one Contact Role (CR)– E.g., CR1 claims CIDR block (subnet), transfers
individual addresses to CR2• Notifications match IP Address by longest
prefix match.• CIDR blocks as defined in networks.local.
![Page 18: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/18.jpg)
Unallocated CIDR blocks, unassigned IP addresses
Actions upon IP Address Entities
Network
NetReg
Allocated CIDR blocksAssigned IP addresses
Dept CR 1
Dept CR 2 Group CR 2A Claim
Abandon
Request
Data feed
Transfer
Holding Area
![Page 19: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/19.jpg)
IP Address Entities, con’t.
• Claim/Abandon by Dept CR only, Requests/Transfers by any CR
• Subdomain claims potentially create collisions.– IP Address claimed by Address by one CR and
another CR by Subdomain
![Page 20: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/20.jpg)
Relationship of Data Owner to Contact Role?
• Does the Data Owner ask the Contact Role to mark a System as having restricted data?
• Is the Data Owner a member of the Contact Role? In order to marks System as having sensitive data.
• Is the Data owner a different kind of Role with a relationship to the Contact Role?
![Page 21: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/21.jpg)
NetReg Application
1. CalNet Authenticate2. Select Profile, if more than one3. NetReg Main Menu
![Page 22: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/22.jpg)
NetReg: Main menu
• Manage Contact Roles• Manage IP Address Entities• Manage System Entities
![Page 23: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/23.jpg)
NetReg: Contact Info
• Manage Contact Role– View – default• Members, Email address, Dept ID and name, or Parent
CR
– Members – list, add, remove– Email address – view, edit, send test message– Delegated groups• Add• Remove• Transfer IP Address(es) to/from
![Page 24: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/24.jpg)
NetReg: IP Address Entities
• Manage Network information– View – default– Search - – Claim– Request– Transfer– Abandon
![Page 25: NetReg Net·Reg - /'net-rej/ noun A web-based registration application for the management of system, network and contact information](https://reader038.vdocuments.net/reader038/viewer/2022110321/56649cf95503460f949ca313/html5/thumbnails/25.jpg)
NetReg: System Info• Manage Systems
– View – Default• View, detail view – DHCP lease, location, ARP cache information
– Search– Edit
• Name• Notes• MAC address – list, edit, add, remove• RDM type - if >0 then RDM sub-system• IP assignment type – DHCP – dynamic, DHCP – fixed, Static, and appropriate
follow-on fields.
– Add– Transfer– Remove– Bulk Upload