CSL: Trusted and Untrusted Networks

Most computers maintained by the Lab Staff are on a trusted sub-net of the departmental network. If you need to connect your own computer to the network, it must be connected to an untrusted sub-net. Users should never disconnect trusted computers from the network unless so directed by the Lab Staff!

Trusted network

Computers on the trusted network can transparently access such departmental services as NFS (home and project disks), NIS (distributed account and other information), printers, software packages, etc. Acces to this network is limited to machines administered by the Lab Staff, in order to secure sensitive data and maintain the availability of departmental resources. Users should not attempt to connect their personal machines to this network.

Untrusted network

In most cases, computers on the untrusted network are controlled and configured by their owners. Since this could potentially allow improper access to sensitive or personal data, or could cause operational disruptions to the production computer network, these machines are isolated on a separate sub-net, and are not given direct access to many core departmental computer services (see the previous section of this page).

Some services can be accessed via an authentication and access package called SAMBA.

Requesting access to the untrusted sub-net

To connect a computer to the untrusted sub-net, please contact the Lab Staff and provide the following information:

  • Your name.
  • Room number where computer will be connected.
  • Data port number or location in room. The ports are designated by a letter-digit combination, such as B11 or C3.
  • Type of computer and operating system.
  • Whether you need a dynamic or static IP address (see below).
  • Hostname for the computer, if appropriate (for static IP addresses only, see below).
  • Any other information that you think might be appropriate or helpful.

Requests will be processed in an expedient manner, as staff workload permits.

Dynamic vs. static IP addresses

If your computer will be occasionally moved (for example, if you have a laptop computer), and if you don't need to access it remotely by a constant address, then you will probably do better with a dynamic IP address. This is an address automatically allocated by a DHCP server, and that will probably be different any time your computer has not been used here for more than one day. An advantage is that if you use DHCP at other sites (for example, your ISP from home), then you will not have to alter your network setup configurations each time you move your computer.

Note: At this time, we are not supporting long-term leases or vanity names with dynamic addresses.

If you have a computer that will usually remain in your office, and that you will need to access remotely, then you might want to request a static IP address and hostname. This way, your computer will always be accessible by the same address.

 

If you have any questions, please contact the Lab Staff.