Tomorrow (Wednesday, June 15) starting at 10AM we will be moving all of the wired networks that LS IT supports to new network firewalls.
While we expect the downtime to be short, we have scheduled this change window to last until 2PM in case we run into unexpected issues.
During this cutover, wired networks in all of the departments we support will be unavailable, meaning that computers in the buildings supported by LS IT will have no network connectivity.
Additionally, many services hosted by LS IT will be unavailable. This includes the LS VPN service, printing to network printers, access to the CRS Windows and Linux servers, LS IT service desk phone support, some locally-hosted websites and web applications, ability to remotely connect to office computers, etc.
This change will not affect the Eduroam wireless networks or access to campus or cloud services (Banner, KFS, Box, Qualtrics, UC Path, etc.) from outside of the wired departmental networks.
Given this network disruption, you may wish to work remotely during this change window.
We also wish to ask for you help after this change: given the complexity of the change, it is possible—even likely—that there may be issues with some network services after the cutover. If you encounter errors such as not being able to reach a network service (remote computer, website or web application, network printer, etc.) that you could reach previously, please let us know by contacting the LS IT service desk at firstname.lastname@example.org. We have a process in place to quickly triage and address any reported issues. It's most helpful if you can include: 1. details on the resource your were trying to reach such as the web address, IP address, printer/computer name, etc.; 2. details on the device you're connecting from such as "my office computer named LS-20221234" or "my personal laptop at home over the VPN;" and 3. the exact time and date that you attempted to access the network service.
Below, we attempt to answer some likely questions:
What is a network firewall?
A network firewall is a security service that actively monitors network traffic both entering and leaving our networks. The firewall applies a set of rules to determine which traffic should be allowed through and which should be blocked from entering or leaving our networks.
A good analogy is a security guard at a secure building who checks whether each person entering the building is authorized to be there and stops anyone who is not authorized.
Our firewalls block literally tens of thousands of unauthorized attempts to access our networks each day. When you read about vulnerabilities in operating systems, applications, printers, and network services, the most critical of those vulnerabilities can be exploited by any bad actor who can reach a vulnerable device over the internet. Firewalls are a critical line of defense, keeping the devices on our networks safe from unrelenting and unending attacks.
Why is this change happening during business hours?
This is a major technology change that has taken many months of detailed planning and painstaking work by our systems administration team and our partners in IET. With such a complex change involving IT staff from several areas of campus, we were unfortunately not able to schedule it outside of business hours. To minimize disruption, we scheduled this cutover for the week after the end of Spring Quarter and before the start of Summer Session 1.
Why are we replacing our previous network firewalls? What are the benefits of the new network firewalls?
Our previous firewalls are now 7 years old, which is the end of their expected lifecycle. As our firewalls are essential and critical infrastructure for providing network services to our clients, we need to ensure that the hardware and software that comprise the firewalls are robust and fully supported by the vendors.
Additionally, firewall technology has evolved considerably, and we are implementing "next generation" firewalls in this change. Some of the new features we will be using include receiving continuous updates about new threats and dynamically adapting to block those threats, significantly enhanced logging and reporting to understand what's happening across our networks, and aggregation of our data with data from other areas of UC Davis to give us a clearer picture of network security campus-wide.
Finally, we have been able to more than double the total bandwidth available on our firewalls. While our firewalls are not usually the bottleneck in network speeds, there are occasions where we do see the firewalls at full capacity. This bandwidth increase should help to ensure fast network speeds.
Letters and Science IT
Monday - Friday 7:30AM - 6:00PM
2235 Social Sciences & Humanities