As part of our ongoing capital lifecycling program, NMC is planning major upgrades to various parts of the network infrastructure.
The current firewalls that deliver virtual firewall services to the campus have been in service for over a decade, reliably providing secure service and enabling departments to flexibly manage their own security policies. The firewalls were declared end-of-life by the vendor in 2015 and are no longer supported. In addition, the volume of campus traffic has grown considerably over the years and higher performing hardware is needed to meet demand. There are several firewall pairs supporting the campus and all will be refreshed to newer, higher performance hardware. Clients will experience a significant performance improvement with up to 20 Gbps throughput and IPv6 capability.
Switches and Routers
End-of-life was announced for some of the switches and routers deployed in the campus core. Two switch and router pairs (supporting 62 departments) need to be replaced and will be consolidated into a single pair of newer, higher performing hardware. In addition, these switches will be configured with virtual switching system (VSS) technology which will effectively double the bandwidth capacity of building uplinks, shorten failover time, and increase operational efficiency.
UBCO uses the same hardware models and will be conducting their upgrades independently – planned for Summer 2016.
For more information, please visit the THNE project page.
What to Expect
Before conducting any virtual firewall migrations, the new firewalls are installed and deployed into service. Each virtual firewall can then be migrated individually by transforming the old configuration into a new configuration format that is compatible with the new firewall. The configurations are prepared in advance and are ready to use on the migration day.
NMC will contact each department to arrange a time for the migration. The migration lasts several minutes and will result in dropped connections since new sessions will pass through a new firewall pair. Most applications recover their connections automatically. NFS mounts are sensitive and may require remounting post-migration. We recommend clients checking on their systems and applications post-migration to ensure all is functioning as expected. If any issues are discovered, please contact the ITSC and NMC immediately for immediate resolution.
Switch and Router Upgrades
Two switch/router pairs supporting the department building networks will be upgraded under this lifecycle program. A third pair is already up-to-date and does not require updating at this time.
The new pairs are rack mounted near the existing hardware being replaced and some cabling will be prepared in advance. The final cutover will require an interruption in network services lasting 10-15 minutes while cabling and configurations are cutover to the new equipment. Many services will be affected including local department network segments, VOIP phones, wireless, digital signage, credit card payments, Internet access, keycard access, building management systems, and anything else that depends on network connectivity in the building.
NMC will contact each department to arrange a time for the migration. It is recommended to make any necessary preparations for this outage such as shutting down systems, backing up data, and notifying staff.
The purpose behind these Lifecycle upgrades is to ensure the infrastructure is current in order to provide reliable services to the campus, to keep options open for leveraging new technologies and features, and to provide high bandwidth performance for teaching, learning and administrative activities.
NMC aims for smooth, zero-downtime upgrades. The firewall migration process is complex, however procedures have been extensively tested and the majority of migrations are expected to be seamless. The switch and router upgrades involve physical cabling and introducing new feature configurations. A short downtime is needed as part of the migration process.
All upgrades are estimated to complete by the end of 2016.
|Infrastructure Area||Estimated Time Frame||Status|
|UBC IT Enterprise firewall refresh #1||August 2015||Completed|
|UBC IT Enterprise firewall refresh #2||February 2016||Completed|
|Department Firewall pair refresh and consolidation #1||March to June 2016||Completed|
|Department switch/router pair refresh and consolidation #1||June to November 2016||90% Completed|
|Department firewall refresh #2||June to December 2016||5% Completed|
|UBCO firewall, switch, and router refresh||Summer 2016 (by UBCO)||Completed|
|UBCO load balancer refresh||2017|
If you have any questions about this project, please contact UBC IT Network Management Centre at http://web.it.ubc.ca/forms/network/