Protocols, Structures, and Concepts
Basics of the Data Network
- Basis: TCP/IP protocol
- A routed network connecting over 50 locations (see figure)
- A redundant backbone connects major locations (Feldkirchenstraße, Markusplatz, Fischstraße, An der Universität, Weberei) via backbone switches using 10 Gigabit Ethernet.
- Secondary band width: 1, 2, 4, and 10 Gbit/s.
- Office power supply via building switch -> data outlet
- Variants in the tertiary sector: TP, LWL.
- Bandwidth in the tertiary sector: 1 Gbit/s.
- Firewall for the academic network, server network, public computers, and administration.
Concepts for the University of Bamberg's Data Network
A) Network Concept
1. Current cabling status
All existing office spaces at the University of Bamberg are connected to the data network. In Bamberg, coaxial cables often had to be used in the past to wire office spaces due to structural constraints. Some of the university buildings are very old, making it difficult to install new cabling either for historic preservation reasons (the appearance of the rooms) or due to structural limitations (walls several meters thick). As part of a construction project to renovate and restructure the data network, all buildings with coaxial cabling were retrofitted with structured cabling, and all active components were replaced.
As part of the construction project mentioned above, major university campuses were connected via a redundant ring in the primary cabling infrastructure. These campuses form the university’s backbone. Additional locations are connected to the data network via fiber-optic drop cables. Buildings on university-owned property were connected using fiber-optic cables (multimode fibers) as part of separate projects. Since the University of Bamberg’s more than 45 locations are spread throughout the city—in some cases with distances of several kilometers—connecting these locations can, in some cases, incur significant costs.
All subject groups in Bamberg have equal access to data network connections.
2. Concept for Structured Cabling
The basic idea is to create a “structured cabling system” characterized by:
- Workstation connections that are fed in a star configuration from nodes,
- appropriate connections between the nodes,
- comprehensive pre-cabling of all workstations,
- Outlets with identical connections,
- and universally compatible transmission media.
While adhering to distance restrictions, efforts are being made to keep the number of nodes in the buildings as low as possible.
The installation of a structured cabling system at the locations is also intended to ensure that future requirements for cabling infrastructure—which will accompany the expected increases in transmission speeds—can be met.
In the tertiary sector, a distinction is made between standard offices and special-purpose rooms. Standard offices are the regular offices used by university employees. As part of the network upgrade, they will receive either a dual TP connection per workstation or a fiber-optic connection consisting of 2xLWL per workstation. Special-purpose rooms are intended for specific requirements (workshops, terminal rooms). The number of connections here must be planned individually for each special-purpose room.
As part of the project carried out in 2010/2011, multimode fibers (OM3) with SC duplex jacks and Category 7A (Class FA) twisted-pair cables with Category 6A RJ45 jacks (component requirements only, in accordance with EIA/TIA 568) were installed in the tertiary network. Locations not covered by the project have at least OM2 fiber-optic cables or Category 5 twisted-pair cables.
In the secondary network, multimode fiber-optic cable is generally used. In the primary network, suitable fiber-optic cable is used. Depending on the distances to be bridged, either single-mode or multimode fiber-optic cable is used.
3. Services to Be Supported
The University of Bamberg therefore uses an Ethernet cabling system that supports all TCP/IP-based services. Specifically, these include:
- Communication between workstations (file access, print server functions);
- Access to decentralized servers primarily serving as file and backup servers (servers for WAP clusters and PC pools, mostly operated by the data center);
- Access to the data center's central servers (servers for the Web, email, software, software installation, PC fax, files, backup, name servers, DHCP servers, Virtual Campus);
- Access to the university administration's central servers (FLEXNOW flexible exam management system, internal administrative procedures);
- Access to the University Library's central servers (Online Public Access Catalog, CD-ROM server, internal library IT systems);
- Access to the research network (redundant connection: 2x1000 Mbit/s); all Internet protocols, for nationwide collaborations, the virtual university, multimedia applications such as teleconferencing, teleteaching, etc.).
4. Subnet Structuring
The network structure is shown in a diagram from the network management system. The abbreviations used below for the locations can be found there.
a) Network Technologies
- The network technologies used include Fast Ethernet (100 Mbit/s), Gigabit Ethernet (1000 Mbit/s), and 10 Gigabit Ethernet (10000 Mbit/s). The core network comprises the five main locations “An der Universität 5” (UN), Fischstraße 5/7 (FI1), Markusplatz 3 (MA), Feldkirchenstraße 21 (FE), and Weberei 5 (WE5), which are connected in a ring topology. The bandwidth is currently 10 Gbit/s. Distribution switches are connected to the core in a redundant configuration. Connectivity to surrounding buildings and off-campus locations is provided in a star topology from the nearest backbone site, primarily at 1 Gbit/s. In the access layer, end devices are typically connected at a transmission rate of 1 Gbit/s. Gigabit Ethernet is used to connect important servers (Web, email, fax, file servers, etc.). These are connected to the backbone via redundant switches with multiple aggregated Gigabit Ethernet connections. A dedicated server firewall (FWSRV) is located in front of the server subnet.
b) Switches and Routing
- The University of Bamberg consists of over 50 locations. The redundant university backbone ring runs between the major locations at Feldkirchenstr. 21 (FE), “An der Universität 5” (UN), Markusplatz 3 (MA), Fischstraße 5/7 (Fl), Weberei 5 (WE5), and the computer center (RZ). This ring is structured around switches. Based on these devices, the buildings consist of one or more IP subnets. In smaller buildings, network connectivity is provided to the Ethernet segments via appropriate switches, starting from the nearest backbone location (which functions as its own IP subnet). Full routing is implemented between the switches of the core, distribution, and access layers. OSPFv2 for IPv4 and OSPFv3 for IPv6 are used for this purpose in dual-stack operation. The routing information to be transmitted is checked for integrity (MD5 or IPSec authentication).
c) Backbone
- The university backbone, which connects the major locations at Feldkirchenstr. 21 (FE), An der Universität 5 (UN), Markusplatz (MA), Am Kranen 12 (Fl), Weberei 5 (WE5), and the data center (RZ), consists of a redundant ring with 4 Gigabit Ethernet connections.
B) Grid Development Plan
1. Implementation Priorities
Since virtually all offices at the University of Bamberg are equipped with data network connections, improvements in quality were urgently needed, but not in quantity.
After the M3, K16, K20/22, and F21 locations were renovated, the next step was to modernize the cabling at additional locations.
For the remaining university buildings, a major construction project to upgrade the data network and replace the telephone system was approved and completed in 2013. As part of this project, all library locations were also upgraded.
As part of the NIP, the active components for the university backbone were procured in 1993. These were gradually replaced through appropriate measures. In the process, the backbone was completely migrated from FDDI first to ATM and then to Gigabit Ethernet.
In a subsequent step, a separate backbone was established for the public PC labs used by students. This ensures that network traffic to and from the PC labs is handled independently of the rest of the university’s network traffic, which offers significant advantages in terms of load (network-based installations!) and security. As part of the construction project in 2010–2011, the backbone was restructured and rebuilt with redundancy. The backbone now consists of 4 Gbit/s connections.
In public areas (such as the library), workstations have been set up where students can connect their own laptops to the data network after logging in, either via wired connections or Wi-Fi.
An expansion of Wi-Fi coverage was implemented as part of the major construction project mentioned above. The access points deployed starting in 2011 support the IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11n standards. End devices can simultaneously receive data from access points in the 5 GHz and 2.4 GHz frequency bands, each with a gross bandwidth of up to 300 Mbit/s. Older solutions support the IEEE 802.11b, IEEE 802.11g, and IEEE 802.11a standards. A solution with redundant central management is used for Wi-Fi. The university participates in DFNRoaming / EDURoam.
New leases intended to relieve space constraints at existing locations must always be connected to the data network as a high priority.
2. Milestones
- Completed in 2012: Replacement of active components in the data network (WAN, LAN, WLAN)
- Completed in 2013: New “Custom-Built” facility with backbone integration
- Completed in 2014: Integration of the telephone system into IdM
- Completed in 2015: Replacement of the telephone system, including telephones
- Completed in 2015/2016: Expansion of Wi-Fi coverage
- Completed in 2018: Replacement of the central Internet firewalls
- Completed 2018–2021: Upgrade of the Internet data transfer rate to 3.5 Gbit/s in two phases
- 2017–2022: Replacement of server network infrastructure funded by a major equipment grant
- 2018–2024: Replacement of Wi-Fi Infrastructure
- 2022–2025: Replacement of the telephone system, including telephones
- 2024: Replacement VPN Server
- 2025–2026: Replacement of distribution switches
- 2025–2026: Replacement of core switches
- 2026: Upgrading the switches for building connectivity
- 2023–2026: Redundant data network connectivity for buildings
3. Steps for Moving Forward
Cabling will be incorporated into construction or renovation projects to the extent possible. Active components not included in construction projects will be incorporated into HBFG initiatives (workstations for researchers and students equipped with the necessary software and network connectivity). Consistent planning is ensured by the IT Service’s coordinating role—and often its leading role—in these proposals.
4. Migration plans for transitioning existing functions to future services
In general, performance improvements and enhancements to existing network services are planned, which are not currently expected to result in any restrictions on existing services.
C) Network Operation and Management Concept
1. Division of Responsibilities Between Central and Decentralized Institutions
The Network Infrastructure Department of IT Services plans, procures, and operates the entire data and telephone network, all the way down to the data outlets in every room on campus. The PC Services Department procures workstation PCs for users and provides basic software, including the necessary client software (web browsers and editors, email, OPAC access, CD-ROM server access, and PC fax), and, together with the Budget Department, is responsible for the procurement—but not for consulting or support—of specialized hardware and software to meet user-specific requirements. The Server Systems and User Administration Department operates the servers and grants access rights upon request. The head of IT Services coordinates requests for large equipment from user groups and aligns them with the IT Services’ policies.
2. Defining name spaces, address spaces, and domains
The Server Systems Department of IT Services operates all of the university's name servers and manages the domain name and associated IP address spaces. It operates a DHCP server, which automates the assignment of individual addresses in standard cases and makes it easier for users to switch between subnets—especially when using portable devices.
3. Access Control Strategies
In general, access to the end devices is only possible with a user ID and password. One-time passwords are used in some cases. The options for anonymous access via the Internet are limited (relay functions on the central servers are disabled).
4. Firewall
A firewall strategy developed by the IT department has been approved and implemented. A separate firewall, with appropriately restrictive settings, is in place between the administrative network and the (rest of the) university network. There are also separate firewalls between the server subnet and the rest of the university network, as well as between the PC subnet and the university network.
5. Billing Policies
Use of the data network is free for members of the university for the purposes of study, teaching, and research. Use for other purposes is not permitted.
6. Rules for Network Use
Network use is governed by the University of Bamberg's Guidelines for the Use of Information Processing Systems.
7. Support services for decentralized systems (file services, archiving services, backups, software distribution)
The IT Service operates central servers and, for user groups with special needs, decentralized servers, which are generally part of WAP projects. The comprehensive network infrastructure allows these servers to be set up within the data center.
For support regarding decentralized workstations, see 1.
The PC Pool Operations Department is responsible for planning and operating workstations for students, unless this is handled by other units in individual cases (such as the Language Lab, the Graduate College, or Business Informatics).