Network virtualization is a truly evolutionary step in the delivery of services, empowering departments in a new way to think about security, networks, and access to services. The key highlights of Virtual Networks are as follows.
- Security is integral to provisioning networks.
- A single high-performance virtual firewall can control campus-wide access for a department or faculty.
- Departments can centralize security policies.
- Virtual Networks are visible and managed in the Transmogrifier.
The following new functionalities are available, or soon to be available:
Campus-Wide Multicast
Campus-wide multicast is available in the context of Virtual Networks. Multicast can be enabled within all subnets of a Virtual Network.
Identity-Based Wireless
Connect to the UBC wireless network and be placed on a subnet in a Virtual Network behind your department’s firewall. This will appear as your own departmental wireless network. This functionality is based on CWL roles. For example, entering credentials “anne.math” will connect to a subnet in a Virtual Network in the Math department. Departments are in control of the delegation of CWL roles to their faculty, staff, and students.
Identity-Based VPN
Connect to UBC SSL VPN service and be placed on a subnet in a Virtual Network behind your department’s firewall. This appears as if you had your own departmental SSL VPN Server. Access is based on CWL roles and departments are in control of delegation of CWL roles to their faculty, staff, and students.
Virtual Devices
Subscribe to UBC IT’s new VMware-based Virtual Devices service. A Virtual Device can be on your department’s network, behind your departmental firewall, on the Virtual Network of your choice.
Empowers Departments and Faculties
Just as the Transmogrifier empowered departments, Virtual Networks also empower departments. Departments have full configuration authority over virtual firewall configuration. A department can have one identity-based wireless network and virtual SSL VPN server in case the department has to control which individuals need to access certain resources via identity-based networking roles. However, this should only be done if there are no other security controls, such as application or server authentication. Linux, Windows, Solaris virtual devices can be provisioned on the department’s Virtual Network behind the department’s virtual firewall.
UBC IT is in the background providing expert assistance when you need it. Virtual networks and virtual firewalls are visible in the Transmogrifier. A companion project during this time has been to upgrade the core of the UBC data networks.
