Jump down to PittNet - Network Usage Standards: Frequently Asked Questions
University of Pittsburgh policy 10-02-13 establishes the provisions for the installation, maintenance, and operation of the University of Pittsburgh's Network (PittNet).
Network Infrastructure Device: Any device intended to construct, extend, support, or manage a network. These devices include routers, hubs, switches, repeaters, wireless hubs, firewalls, gateways, or any end user device configured to enable it to perform the function of a network infrastructure device including Proxy servers, network address translation devices, or DHCP servers.
End-User Device: Any device intended for use by one or more individual users on the network. These devices include:
Workgroup Device: Any device configured to be used by more than one end user for the purpose of sharing files, printers, scanners, or other end user devices.
Remote Control Software: Software that allows any device to control the keyboard, mouse and display functions of another device attached to the network. Examples of remote control software include pcAnywhere, NetOP, Netbus, Carbon Copy, VNC, and similar products.
Installation of cabling (including fiber-optic cable) and network access points (ports) is the responsibility of CSSD. University units must not engage in the installation of network cable and/or network infrastructure devices either on their own or by engaging the services of any third party. All requests for port or cable (including fiber-optic cable) installation must be submitted on a Network Attachment Request (Form 0023).
Each network access point (port) is intended to support one and only one workgroup or end-user device. Cascading ("daisy-chaining") workgroup and/or end user devices to a single network access point, or the attachment of any network infrastructure device to a network access point, compromises the network and cannot exist.
Network Addresses, (IP Addresses) are the property of the University, not individual units or persons. Any statically-assigned IP Address assigned to a workgroup or end user device that is not in use for sixty (60) days or longer may be reclaimed by CSSD for assignment to another end user device. This restriction will not apply in those situations where IP addresses are assigned by CSSD dynamically to end user devices.
In order to ensure network reliability, CSSD provides network support only for the TCP/IP protocol on PittNet effective January 3, 2004. Units must not attach any device that relies only on an unsupported protocol to a network access point.
Remote Access services are available to end users via the University's dialup modem pools at each campus and through its preferred Internet Service Provider (ISP) vendor agreements. Units must not configure any modem to support incoming connections other than facsimile connections. Units must not configure any device to control another device or to be controlled through the use of remote control software.
CSSD has provided alternatives to access IP restricted services. The installation of any type of device that allows the sharing of a single IP address by multiple devices compromises the operation of the network and must not occur. This includes proxy servers, personal routers, and residential network equipment. It is expected that each end-user device on PittNet will be configured with a single registered IP address from one of University's networks.
CSSD will provide all network connections to external locations and services. This includes all connections via ISDN, DSL, Frame Relay, T1, etc. Any requirements for special connections to external locations must be requested through CSSD.
In order to ensure the fair use of network resources by all members of the University community, CSSD must take steps to identify devices that adversely affect PittNet. CSSD will attempt to notify the unit responsible for the offending device to correct the problem. In extreme situations, the network access point to which the offending device is attached may be disconnected until the unit or individual can demonstrate that the problem has been resolved. Upon disconnecting a network port for this reason, CSSD will notify both the individual using the network access point and the Unit Administrator of the unit in which the network access point is located.
Units may wish to use network management tools to manage the workgroup and end user devices under their control. Units must not use network management tools to discover or attempt to manage network infrastructure devices or workgroup and end user devices under the control of any other unit. The use of network traffic monitoring and analysis devices by anyone other than designated CSSD staff impedes the network operation and must not occur.
Policy 10-02-05 Computer Access and Use Policy 10-02-13 - University Network Procedure 10-02-13 - University Network Form 0023 - Network Attachment Request Student Code of Conduct
Installation of cabling (including fiber-optic cable) and network access points (ports) is the responsibility of Computing Services and Systems Development (CSSD). University units are prohibited from engaging in the installation of network cable and/or network infrastructure devices either on their own or by engaging in the services of any third party. All requests for port or cable (including Fiber-optic cable) installation must be submitted on a Network Attachment Request (Form 0023)
Can I install network cable to connect computers owned by my department/school?
Users are permitted to install network drop cables to connect a single device to a network access point (port). Users are not permitted to install cable to connect two or more devices to a single port. Users are not permitted to extend network cables from one location to another through walls, between floors, or from one building to another.
Can my department contract with an outside company to install network cable?
In order to ensure compliance with applicable building codes, wiring standards, and to ensure that wiring is compatible with current network designs, all network cable must be installed by CSSD.
Each network access point (port) is intended to support one and only one workgroup or end-user device. Cascading ("daisy-chaining") workgroup and/or end user devices to a single network access point, or the attachment of any network infrastructure device to a network access point, compromises the network and cannot exist.
Can I use Farallon EtherWave or similar devices such as inexpensive network hubs to connect several computers to my port?
The use of Farallon and other devices is not permitted because cascading or daisy chaining computers, printers, and other devices to the network results in several problems including:
Can I connect a router, switch, hub, or wireless access point to my network port?
Because these devices at their most basic level are used to connect multiple computers and other devices to a single network port, individuals or units cannot use them. There is also a greater risk that these devices can cause network performance problems if they are misconfigured. Limitations in wireless technology create an even greater risk of causing network problems even if they are properly configured. Devices from two different vendors may interfere with each other and cause widespread network disruptions.
It is important to note that configuring individual computer workstations to act as network infrastructure devices is also not permitted on PittNet because they can cause network performance problems in the same manner as a dedicated hardware router.
Remote Access services are available to end users via the University's dialup modem pools at each campus and through its preferred Internet Service Provider (ISP) vendor agreement. Units must not configure any modem to support incoming connections other than facsimile connections. Units must not configure any device to control another device or to be controlled through the use of remote control software.
Why can't I set up my modem to allow me to dial in to my own office computer from home or another remote location?
Most dialup software, including dialup software that is part of operating system such as Microsoft Windows or Apple MacOS, offers very little in terms of user authentication capabilities. It is generally easy to circumvent the simple password schemes that these programs use. Therefore, any computer equipped with a modem that is configured to accept incoming remote connections (other than facsimile transmissions) becomes a security risk for all PittNet users. User authentication services provided by the University, through its dialup modem pool, and by Internet Service Providers, ensure a much higher degree of network security.
Can my department install its own authenticated communications server?
Units are not permitted to install communications servers. Misconfigured communications servers can cause significant disruptions to one or more network subnets by acting as network routers. These servers do not use the University's centralized user authentication services, therefore, they pose a risk to network security. The servers may allow unauthorized access to PittNet if unaffiliated users are granted access to the communications server.
Why can't I use pcAnywhere, CarbonCopy, VNC, or similar remote control software to access my desktop computer from a remote location, even if that location is elsewhere on PittNet?
Remote control software packages such as these pose an even greater risk to computer security than remote dialup software if an unauthorized user gains access to the workstation. In this case, the result is the same as the unauthorized user sitting directly at the computer screen having access to all of your e-mail, data files, program and operating system settings, in addition to complete access to any servers or other network services that are accessible from your computer at that time.
As a departmental server administrator, does this guideline prevent me from using remote server administration tools?
The use of secure server administration tools such as Windows Terminal Services, Novell RConsole, and similar tools is permitted by authorized departmental server administrators for use in managing equipment maintained by the department. Attempts to manage devices not under the control of the unit in question are, of course, not permitted under University policy.
Can I continue to access files or printing services on my University computer through Windows shares, AFS-mounted devices, or similar file access schemes?
Yes, users may use Windows shares, AFS services, etc., to access files stored on a computer attached to PittNet from remote locations provided that this access is accomplished through direct network connection, University dialup modem pool, or commercial ISP remote access services (these include dialup modem pools or broadband DSL and cable modem services). Accessing files through a modem configured to accept incoming connections on a computer attached to PittNet is not permitted.
CSSD has provided alternatives to access IP restricted services. The installation of any type of device that allows the sharing of a single IP address by multiple devices compromises the operation of the network and must not occur. This includes proxy servers, personal routers, and residential network equipment. It is expected that each end-user device on PittNet will be configured with a single registered IP address from one of University's networks.
Can my department set up a proxy server to allow access to restricted resources or other remote access services?
Units are not permitted to use proxy servers for these reasons:
Can my department set up a proxy server to allow access to restricted resources or other remote access services?
Because proxy servers can be configured to use network address translation (NAT) in which the IP address assigned to any one end-user device cannot be determined through normal audit procedures, there is no means by which to track network abuse or troubleshoot network problems. It is expected that each end-user device connected to PittNet will be configured with a single IP address assigned from one of the University's networks.
CSSD will provide all network connections to external locations and services. This includes all connections via ISDN, DSL, Frame Relay, T1, etc. Special connections to external locations must be requested through CSSD.
Can my department obtain an external Internet connection from a third party vendor?
External Internet connections must be managed by CSSD because each external connection creates a new route through which University traffic can travel to reach the Internet. This can be a problem because multiple routes must be carefully managed to ensure they do not interfere with the University's general Internet commodity routes, vBNS, Abilene, or student Internet access routes. For example, network traffic traveling from a computer attached to PittNet could leave the University's network through one Internet connection, but return through another, if the network routes are not configured correctly. This results in extraordinary difficulty in determining the cause of network-related problems reported by University users and could significantly delay the resolution. In addition, incorrectly configured routes can also cause problems for commercial ISPs because it appears as though the University's network exists in multiple locations.
In order to ensure the fair use of network resources by all members of the University community, CSSD must take steps to identify devices that adversely affect PittNet. CSSD will attempt to notify the unit responsible for the offending device to correct the problem. In extreme situations, the network access point (to which the offending device is attached) may be disconnected until the unit or individual can demonstrate that the problem has been resolved.
Units may wish to use network management tools to manage the workgroup and end-user devices under their control. Units must not use network management tools to discover or attempt to manage network infrastructure devices or workgroup and end-user devices under the control of any other unit. The use of network traffic monitoring and analysis devices by anyone other than designated CSSD staff impedes the network operation and must not occur.
Under what circumstances will CSSD disconnect my network port?
As stated in the standards above, CSSD will only disconnect a network port when a device attached to that port generates network traffic in a manner that adversely affects the usability of the network by others. These situations can include, for example, a situation in which two devices are configured with the same IP address, a device has a faulty network card, or a similar problem occurs. In these situations, CSSD staff will first attempt to reach a departmental support staff member to correct the problem. CSSD will disconnect the port if the problem cannot be solved expediently by any other means.
Can I use network management software tools to manage devices used within my department?
Unit staff can use network management software tools for the purpose of managing their own devices, but not to attempt to manage any devices for which they are not responsible. This includes network equipment maintained by CSSD for the benefit of the University. Units are not permitted to discover all devices on the University's network because this generally severely impacts PittNet functionality. Unit staff using network management tools must exercise extreme caution to avoid unintentionally attempting to discover devices on the entire network or on large segments of the network.
Can my department install network probes and/or traffic monitoring and analysis devices to troubleshoot network performance problems?
Units are not permitted to use these devices because, when not operated by experienced network engineers, these devices tend to impede PittNet operations. Units experiencing network performance problems should request CSSD assistance in diagnosing the cause by contacting the Technology Help Desk. CSSD will assist units in identifying the cause of network performance problems and will make recommendations for correcting them as appropriate.