The following provides guidelines for departments to follow when connecting to and using the University of Pittsburgh's Network (PittNet).
University of Pittsburgh policy 10-02-13 establishes the provisions for the installation, maintenance, and operation of the University of Pittsburgh's Network (PittNet).
Network Infrastructure Device: Any device intended to construct, extend, support, or manage a network. These devices include routers, hubs, switches, repeaters, wireless hubs, firewalls, gateways, or any end-user device configured to enable it to perform the function of a network infrastructure device including Proxy servers, network address translation devices, or DHCP servers.
End-User Device: Any device intended for use by one or more individual users on the network. These devices include:
- personal computers and workstations
- network-aware scanners, printers, and similar devices
Workgroup Device: Any device configured to be used by more than one end user for the purpose of sharing files, printers, scanners, or other end-user devices.
Remote Control Software: Software that allows any device to control the keyboard, mouse, and display functions of another device attached to the network. Examples of remote control software include: pcAnywhere, NetOP, Netbus, Carbon Copy, VNC, and similar products.
- Install, configure, manage, and maintain all network infrastructure devices.
- Design and implement PittNet, including extensions and improvements, to serve the needs of the University community following applicable approved planning documents and University policies as established.
- Provide, configure, manage, and maintain all network infrastructure devices enabling connections to all external organizations and entities.
- Install and maintain network cable in accordance with current network and facility standards.
- Provide connectivity to the public commodity Internet and to private research networks.
- CSSD has the sole responsibility for providing the University of Pittsburgh with IPv4 and IPv6 address space and the assignment of addresses to machines.
- CSSD has the sole responsibility for DNS services and name and address resolution for pitt.edu and other University of Pittsburgh registered domains.
University Unit Responsibilities
- Manage workgroup and end-user devices in accordance with applicable University policies and procedures.
- Ensure that workgroup and end-user devices meet appropriate standards for attachment to PittNet wherever applicable. A single device per PittNet port is permitted.
- Submit Data Connectivity Services request forms needed to obtain sufficient CSSD-provided network access points for all workgroup and end-user devices to ensure that one and only one device is attached to any network access point.
- Submit IP address request forms to request a new or changes to an existing IP address and fully qualified domain name (FQDN) from CSSD for each device attached to a PittNet port.
- Ensure that any workgroup or end-user device is operating properly to avoid creation of excessive or malformed network traffic that prevents normal use of PittNet by other users, workgroups, or units.
Network Use Standards
Installation of cabling (including fiber-optic cable) and network access points (ports) is the responsibility of CSSD. University units must not engage in the installation of network cable and/or network infrastructure devices, either on their own or by engaging the services of any third party. All requests for port or cable (including fiber-optic cable) installation must be submitted on a Data Connectivity Services request form.
Network Attachment Points
Each network access point (port) is intended to support one and only one workgroup or end-user device. PittNet ports are RJ-45 10/100/1000 baseT connections. Speed and duplex setting may be set to a fixed speed and duplex or to auto-negotiate as requested by the user.
Network Addresses, (IPv4 and IPv6 Addresses) are the property of the University, not individual units or persons. CSSD has sole responsibility for the assignment of both static and dynamic (DHCP) addresses. User or departmental assignment on address space used on PittNet is not permitted without a special exception being granted by CSSD for a specific application. Any statically-assigned IP address assigned to a workgroup or end-user device that is not in use for sixty (60) days or longer may be reclaimed by CSSD for assignment to another end-user device. This restriction will not apply in those situations where IP addresses are assigned by CSSD dynamically to end-user devices.
In order to ensure network reliability, CSSD provides network support only for the IP version 4 and IP version 6 protocols on PittNet, effective January 3, 2004. Many transport protocols are supported (TCP, UDP, ICMP, IPSec, etc. ) and both unicast and multicast transports are supported. Units must not attach any device that relies only on an unsupported protocol to a network access point.
Remote Access is available to end users via VPN connectivity using the Secure Remote Access service. PittNet is connected to the public Internet and many public services are available without VPN connectivity, but access to private or secure services may only be through VPN connectivity. Units must not configure any modem to support incoming connections other than facsimile connections. This type of connectivity is allowed for use with a device that is granted through the network firewall request process.
Proxy Servers and Similar Devices
CSSD has provided alternatives to access IP restricted services. The installation of any type of device that allows the sharing of a single IP address by multiple devices compromises the operation of the network and must not occur. This includes proxy servers, personal routers, and residential network equipment. It is expected that each end-user device on PittNet will be configured with a single registered IP address from one of University's networks.
Extended Network Connections
CSSD will provide all network connections to extended locations and services. For near off-campus, non-University buildings, including rental and leased space, it is the responsibility of the University unit occupying the space or Property Management to fund the cost of a dark fiber connection to PittNet, including the installation cost and monthly rental costs. For locations outside of a 25 mile radius, CSSD will specify other non-dark fiber carrier transport services. Carrier T1 services do not provide adequate bandwidth to make a useful connection to PittNet. Any requirements for special connections to extended locations must be requested through CSSD by submitting a help request to the Technology Help Desk.
In order to ensure the fair use of network resources by all members of the University community, CSSD must take steps to identify devices that adversely affect PittNet. CSSD will attempt to notify the unit responsible for the offending device to correct the problem. In extreme situations, the network access point to which the offending device is attached may be disconnected until the unit or individual can demonstrate that the problem has been resolved. Upon disconnecting a network port for this reason, CSSD will notify both the individual using the network access point and the Unit Administrator of the unit in which the network access point is located.
CSSD is responsible for the University's connectivity to the Internet and Research Networks (I2, NLR). CSSD reserves the right to selectively block any traffic that does or may have a harmful effect on Internet connectivity or enterprise systems or that represents a security threat to the University network or systems that comprise the University network. This applies to all PittNet traffic including internal, outgoing, and incoming.
Units may wish to use network management tools to manage the workgroup and end-user devices under their control. Units must not use network management tools to discover or attempt to manage network infrastructure devices or workgroup and end-user devices under the control of any other unit. The use of network traffic monitoring and analysis devices by anyone other than designated CSSD staff impedes the network operation and must not occur.