Concept and Functionality

Network virtualization is a truly evolutionary step in the delivery of services, empowering departments in a new way to think about security, networks, and access to services. The key highlights of Virtual Networks are as follows.

  1. Security is integral to provisioning networks.
  2. A single high performance virtual firewall can control campus-wide access for a department or faculty.
  3. Departments can centralize security policies.
  4. Virtual Networks are visible and managed in the Transmogrifier.
  5. A completely optional service.

 

The following new functionalities are available, or soon to be available:

Campus-Wide Multicast
Campus-wide multicast is available in the context of Virtual Networks. Multicast can be enabled within all subnets of a Virtual Network and between Virtual Networks. UBC campus-wide multicast channels will be available for subscriptions. External multicast broadcasts can be received from external research network sites.

Identity-Based Wireless
Connect to the UBC wireless network and be placed on a subnet in a Virtual Network behind your department’s firewall. This then appears as your own departmental wireless network. This functionality is based on CWL roles. For example, enter credentials anne@math.ubc.ca to be connected to a subnet in a Virtual Network in the Math department. Departments are in control of the delegation of CWL roles to their faculty, staff, and students.

Identity-Based VPN
Connect to the new (soon to be released) UBC SSL VPN service and be placed on a subnet in a Virtual Network behind your department’s firewall. This appears as if you had your own departmental SSL VPN Server. Access is based on CWL roles and departments are in control of delegation of CWL roles to their faculty, staff, and students.

Virtual Devices
Subscribe to UBC IT’s new VMware-based Virtual Devices service. A Virtual Device can be on your department’s network, behind your departmental firewall, on the Virtual Network of your choice. UBC IT’s new VMware-based Virtual Server Service can provision a virtual server for your department - Red Hat Linux, Windows Server, or Solaris. The virtual server appears in the Transmogrifier in your department’s Virtual Network. The underlying SAN data storage of the Virtual Server Service is automatically replicated to multiple sites (for disaster recovery (DR)). Provisioning of a server will be very fast, within minutes, and easy to request through web-page.

Empowers Departments and Faculties

Just as the Transmogrifier empowered departments, so Virtual Networks empowers departments. Departments have full configuration authority over virtual firewall configuration. Departments have their own virtual wireless network and virtual SSL VPN server. Departments control which individuals have which identity-based networking roles. Linux, Windows, Solaris virtual devices can be provisioned on the department’s Virtual Network behind the department’s virtual firewall.

UBC IT is in the background providing expert assistance if and when you need it. Virtual networks, virtual firewalls, virtual devices are all visible in the Transmogrifier. A companion project during this time has been to upgrade the core of the UBC data networks. A description of the new UBC data network architecture and explanation of Virtual Networks is contained in this attached set of slides.

Concept and Functionality Presentation PDF 1.02 MB

This was presented by Dennis O’Reilly, Senior Network Architect in UBC IT, on February 5th, 2009, to the UBC Systems and Network Administrators Group. Also here is a video recording of the presentation. There were about 110 people at the presentation. Unfortunately, the Q&A period was not recorded. The recording is in two sections, each about 27 minutes long.