Data Network Infrastructure Policy

As with any large public utility, such as basic telephony services or electrical distribution, the University communications infrastructure needs to be centrally planned, managed and maintained. It is only through centrally coordinated information technology strategic planning and implementation that the core technology goals of the institution are met.

An aggregation of separate, discrete, and privately-managed backbone or “backbone-like” data, voice or video networks does not constitute a utilities infrastructure that can meet these institutional goals nor does it provide for the best and most efficient return on the University’s investment in this infrastructure.

To ensure a high-performance, high-availability, production-quality communications infrastructure at UNC-Chapel Hill, ITS must provide a number of components and architectural considerations, as described below.

To ensure reliability, security and efficient use of limited resources, ITS must develop and implement the physical connectivity design: how buildings connect to the campus fiber infrastructure. The design architecture for the physical layer consists of all campus buildings being designated as hubs or spurs, based on the fiber path and proximity to other buildings. All spur buildings connect to a high-speed switch port in an adjacent hub building. All hub buildings connect to high-speed switch ports in Phillips Hall not only for security and high-reliability considerations, but also for high-performance connectivity to ITS production systems and to the Internet.

To ensure compatibility, mobility, bandwidth and security, ITS must design, implement and maintain the campus networking architecture. This higher layer architecture is currently based on high-speed switching technologies, with support for virtual LANs and Layer 3 switching, incremental bandwidth upgrades where appropriate (based on proactive traffic management), and support for meshed topologies to allow for load balancing and alternate paths.

To ensure compatibility and high performance, ITS must maintain campus Internet connectivity. This connectivity is presently based on redundant high speed links to MCNC/NCREN, which requires a single campus entity for coordination and management.

To ensure reliability, ITS must support a 7×24-staffed operations center to provide proactive performance monitoring and to react immediately to any unscheduled outages. This also includes maintaining appropriately configured spares of all network electronic components.

To ensure security, only appropriate ITS personnel will be permitted to monitor traffic over backbone links through network protocol analyzers (sniffers). The design of both the fiber physical connectivity and of the networking architecture do not allow random, unauthorized traffic eavesdropping across the links: all fiber terminations are in locked cabinets, port mirroring is permitted only through the secured network management system, and the nature of network switching eliminates the shared topologies of earlier network systems. In any case, ITS continues to maintain that the emphasis on security needs to be at the host system level.

To ensure reliability, security and high performance, ITS must provide central management of network devices and systems to the wall-plate in all UNC-Chapel Hill locations. Any and all data network electronics must be managed by ITS. This includes any and all 802.11 WiFi wireless access points and switches. Note: On-campus resident students who wish to use networking equipment (i.e. home routers, hubs) should contact ResNET for support before using the device.

In addition to the requirement that only ITS can install and maintain switches and routers on the campus data network, no device with multiple network interfaces (including, but not limited to, VPN gateways, firewalls, and servers) can be connected to the network without advance notice to and consultation with ITS. This advance notice must be submitted in the form of a Help Request ticket (use the category labeled “general topics”). Failure to provide this advance notice will result in said devices being isolated from the network, and unable to communicate on the network. If the connection of said device is of an emergency nature (such as replacing an existing device), the ticket can be marked as Critical and we will receive immediate notification.