Framework provisions for administering the Universität Hamburg communication network
dated 19 March 2001: adopted by the Senate Committee for Data Processing with 7:0:2 (yes:no:abstention)
1. Preamble
The communication network is required for a functioning cooperative system of IT services; it creates a complex infrastructure of dissemination media and coordinated hardware and software components. As a result of this fundamental significance and complexity, the supervision of this communication network and thus the responsibility for its operation lies with the University (under the aegis of the Regional Computing Center [RRZ]). The size of the network as a whole, its subnetworks, and various locations across the city make it reasonable for departments or other institutions to take on the administration of their computer subnetworks where the required skills and staff resources are available. In such cases, planning and operation of the subnetwork must be consistently agreed between the departments and the RRZ network group, and the boundaries of each area of responsibility must be defined.
2. Determination of boundaries between the RRZ and the departments
2.1 Communication interface
Different types of communication systems have grown together. Previously, they were organized and operated exclusively by the RRZ from the data socket of the user’s workstation across all network segments to the backbone or core network and the various external connections. This often happened in close collaboration with the departments who take on the construction, expansion, and maintenance of their network segments themselves despite being connected to the university-wide core network that remained the responsibility of the RRZ. Clear and binding agreements between the RRZ and the other institutions must be drawn up—compliance with which is ensured by appropriately qualified staff. Therefore, a working group was established by the Senate Committee for Data Processing (SenA-DV) to allow for the seamless operation of the communication network, made up of one RRZ representative and the department or institution to whom network responsibilities could be delegated. This working group creates regulations for cooperative and seamless collaboration between individual partners to provide the greatest availability possible for the communication network. Details of network operation and plans for expansion and modification of the computer network should be agreed in the working group. In particular, the groups should discuss all aspects of security in communication networks, follow technological developments, and draw up recommendations. The working group will meet regularly to exchange information; additional meetings may be called on the request of a member. The Senate Committee for Data Processing makes recommendations in case of conflict.
2.2 Determining network boundaries
Hardware interfaces that mark the boundaries of responsibilities of a department or institution are usually set at the output of a router or similar electronic device, by which the subnetwork of a department is connected to the University network.
The RRZ is responsible for parts of the administration[1] connected via dedicated VPN components. The working group named in 2.1 is responsible for network situations that are not clearly allocated.
If members of other departments or other institutions of the University are housed in the subnet of a department, as far as network administration is concerned, in agreement with the RRZ, they will generally be supervised by the host department.
3. Use of devices, equipment, and support materials for network operation
Procurement of network components should aim for uniformity of hardware. This allows for components that become available due to expansion or modification of the network to be easily utilized in other areas of the University; simultaneously, such standardization is also a prerequisite for concluding cost-effective maintenance contracts and keeping replacement systems available at a central location.
Expensive measurement devices for network operation should be able to be used by all network administrators, to avoid unnecessary multiple purchases. Similarly, all network administrator groups must jointly use existing software for network documentation.
4. IP address management
In consultation with the RRZ, departments that administer their own subnetworks can operate their own domain servers and DHCP servers; where necessary, they may also administer the IP addresses reserved for the department in the University’s address pool themselves. The information in Point 5 should be observed to safeguard the security of server operation.
5. Prerequisites for delegation of responsibility for networks to departments
Responsibility for network administration will only be delegated to departments or institutions when a service group is available with sufficient technical knowledge and staff capacity to carry out the required operational, planning, and expansion work in the network. Maintaining continuity requires staff who are employed on a permanent basis.
Operation of the network and the rectification of disruptions requires that hotlines be established in all areas of responsibility (telephone and/or email) and that staff are informed of the correct person to contact in case of service disruption.
6. Consolidation of academic and administration networks
Administrative networks cannot be run separately from the general University network structure due to the interplay between academic and administrative tasks as well as financial considerations. In addition, access to public networks are increasingly important for university administrations, as it is otherwise impossible for them to fulfill their duties. This required openness is difficult to reconcile with the available information and communication network security and the goals of data protection. For this purpose, the University will develop a security plan that considers these concerns as well as the requirements of the academic areas.