Safe share. Application, installation and technical guide for ADRN Service Slice v1.0. ADRN Service Slice 1

Similar documents
Safe share. Application, installation and technical guide for PSN Service Slice v1.0

How to Set Up Your SRX550 High Memory Services Gateway

How to Set Up Your SRX300 Services Gateway

How to Set Up Your SRX340 Services Gateway

How to Set Up Your SRX320 Services Gateway

Installing the IPS 4345 and IPS 4360

Route Processor. Route Processor Overview. This chapter describes the route processor (RP) card. The following sections are included:

USB VGA KVM Console Extender w/ Serial & Audio Over Cat5 UTP ft

JUNIPER PRODUCT UPDATE. Jukka Piirainen Stallion Winter Seminar

Introduction. Overview

Cisco MCS 7845-H1 Unified CallManager Appliance

ASA5525-FPWR-K9 Datasheet. Overview. Check its price: Click Here. Quick Specs

How to Set Up Your SRX4100 Services Gateway

M40e and M160 CIP Installation Instructions

Junos WebApp Secure 5.0 Hardware Guide

Product Overview. Switch Descriptions. Front Panel CHAPTER

Product Overview. Cisco ME 6524 Ethernet Switch (ME-C6524GS-8S) CHAPTER

Cisco ASR 1001-X Router Overview

IDENTIFICATION OF VOLATILE AND NON-VOLATILE STORAGE AND SANITIZATION OF SYSTEM COMPONENTS JUNIPER NETWORKS SRX SERIES SERVICES GATEWAY SRX650

Server Remote Control External KVM over IP

Conference Table Connectivity Box for A/V - 4K

Low Profile Hub. User Manual

2014 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo and other marks are trademarks of AT&T Intellectual Property.

Summit Virtual Chassis Design and Installation Guide

Installation Guide. Network Encoder Model TVI C300

ETHERNET SWITCHING PORTFOLIO

Atom C2000 Rackmount Product Options

Installing the ASA 5550

Cisco MCS 7835-H2 Unified Communications Manager Appliance

IDENTIFICATION OF VOLATILE AND NON-VOLATILE STORAGE AND SANITIZATION OF SYSTEM COMPONENTS JUNIPER NETWORKS SRX-SERIES SRX AP(DP)

Cisco 3300 Series Mobility Services Engine

PIX 520. PIX 520 Product Overview CHAPTER

Versatile configuration options

Cisco ASR 1001-X Router Specifications

VMI. Technical Documentation. 600 Industrial Drive, New Bern, N.C (tel / fax /

Overview of the Cisco VG224 Voice Gateway

Product Overview. Switch Model

HDMI and USB over IP Distribution Kit p

SRX 5600 and SRX 5800 Services Gateway Routing Engine Installation Instructions

Cisco ONS CL Shelf Assembly Hardware

Excel Power Distribution

Installation and Configuration Guide

Cisco MCS 7815-I2 Unified CallManager Appliance

VGA-Over-IP Extender x 1200

10 Gigabit Ethernet Copper-to-Fiber Media Converter - Open SFP+ - Managed

Cisco ASR 1000 Series Router Specifications

Quick Installation Guide

Cisco MCS 7815-I1 Unified CallManager Appliance

IOT-GATE-iMX7 Datasheet

Catalyst 2960-X and 2960-XR Switch Hardware Guide

Cisco 3900 Series Router Datasheet

DATA SHEET. Cloud-Managed Mid-Enterprise SD-WAN Router with Gigabit PoE+ Ethernet

Citrix CloudBridge CB User Manual

ASA5508-FTD-K9. ASA 5508-X with Firepower Threat Defense. 8GE. AC. 450 Mbps. 250 Mbps. 1 Gbps. 500 Mbps. 100 Mbps. Unlimited

The specifications for the Cisco 7304 router are listed in Table A-1.

The 3-phase, 5-wire model name is PF LNM. The 3-phase, 4-wire model name is PF LNN.

2-port KVM Switch with Dual VGA - USB 2.0

Introducing the Cisco 1121 Secure Access Control System Hardware

QUICK START GUIDE 7000 SERIES DEVICES. 3D7010/7020/7030 (Chassis: CHRY-1U-AC) 3D7115/7125, AMP7150 (Chassis: GERY-1U-4C8S-AC)

USB 3.0 to Gigabit Ethernet NIC Network Adapter with 3 Port Hub - White

QUICK START GUIDE 7000 SERIES DEVICES

N3240 Installation and Setup Instructions

Juniper Secure Analytics Quick Start Guide

Cisco MCS 7825-I1 Unified CallManager Appliance

Integrated Ultra320 Smart Array 6i Redundant Array of Independent Disks (RAID) Controller with 64-MB read cache plus 128-MB batterybacked

for Hardware Installation: IG550 Integrated Gateway

Network Video Recorder Quick Operation Guide

Numerics INDEX. cables caution 1-19 cabling

VE883. 4K HDMI Optical Extender (K1, MM) / 10km (K2, SM))

Follow the procedure below for unpacking the carton in which the device is shipped. DW-GTW-AC-E1060 Four anti-slide bumpers for desktop installation

Installing the Cisco MDS 9020 Fabric Switch

Cisco Mobility Services Engine: An Open, Appliance-Based Platform for Delivering Mobility Services

Versatile configuration options

Streamline your digital collaboration

Gigabit Ethernet Switch. Quick Installation Guide MS400834M

Hardware Guide. EPIC Next Generation Firewall. USG6000 Unified Security Gateway V100R001. Give us a call:

Technical Specifications

RMB Peripheral Units Installation Guide

EMC Symmetrix VMAX Cloud Edition

NGFW Security Management Center Appliance. for Forcepoint Next Generation Firewall Hardware Guide. Revision B

Versatile configuration options

INSTALLATION INSTRUCTIONS FOR THE BV10-100/1000

Installing the Cisco AS5400XM Universal Gateway

KE K HDMI Single Display KVM over IP Extender with PoE

AI180I AIswitch Series 180 Integrated Chassis Installation Guide

4 Port DVI VGA Dual Monitor KVM Switch USB with Audio & USB 2.0 Hub

Configuration for Juniper SRX Series 6300-CX

Cisco Series Performance Routing Engine 4

TIM 3V- IE ADVANCED. Function

Cisco MCS 7845-I2 Unified Communications Manager Appliance

4 Port Triple Monitor DVI USB KVM Switch with Audio & USB 2.0 Hub

Barracuda Load Balancer ADC Hardware Features

IT power distribution Power distribution units (PDU) Basic. Versions available:

N3220 Installation and Setup Instructions

NOTE: Use the System Setup program to view microprocessor information. For more information, see "Using the System Setup Program."

Quick Start Guide LES1308A, LES1316A LES1332A, LES1348A. Securely manage data center and network equipment from anywhere in the world.

V C ALIANT OMMUNICATIONS. 4 x Ethernet over T1 (IP over TDM) Data Sheet & Product Brochure U.K. INDIA U.S.A. Valiant Communications (UK) Ltd

HIGH STORAGE MODELS WITH CD-RW DRIVE

Cisco SR 520-T1 Secure Router

Cisco ASR 9001 Router

Transcription:

Application, installation and technical guide for ADRN Service Slice v1.0 ADRN Service Slice 1

1. Introduction This document is provided to the Network and Security technical teams at the Customer Client organisation to assist with the steps required to setup and implement a new Customer Client on the Safe share service. The Safe share service is an overlay security service to facilitate Customer Clients to access or transfer data securely across the Janet network, or other network, between partners. The service utilises multiple layers of security using Juniper Networks SRX devices. To protect the transmitted data, a PKI (Public Key Infrastructure) has been design to create secure IPSec tunnels from the managed access router based on the member s site to the Secure Core network situated in the Jisc secure data centre. The document describes the Safe share implementation steps for Customer Clients following an agreement for connection. This will include pre-staging, security assignment, installation, testing and commissioning. The Customer Client that uses the Safe share service will be required to provide a suitable, secure location for the installation of the Access Router (Juniper Networks SRX) in order to access the ADRN service slice. In order for us to configure the equipment described in this document to enable you to connect to the ADRN service slice we will require you to complete the accompanying questionnaire and send the completed Word document back to Jisc Operations for processing. NB. You may require the assistance of your local technical team in filling out certain aspects of the questionnaire. ADRN Service Slice 2

2. High Level Implementation Process The following process highlights the steps and dependencies required to complete the implementation process to connect a customer client to the Safe share service. Customer Client actions are in Blue, Jisc actions in Orange. Stage Step Description Dependency Time Allowance Customer Requirements Complete the requirements form in this document to ensure the correct service is implemented applicable to the member N/A N/A Application to join the Safe share service Application check and confirmation Agreement signature and installation date selection Jisc will perform legal entity checks, service slice eligibility and technical information requirements Complete and sign the service agreement document and provide preferred installation dates All information is correctly filled out Application check and confirmations passing 1 week 1 week (during the 6 week initial configuration) Confirmation of installation date Jisc will contact the applicant to confirm the choice of installation date Chosen date/s being available 1 week (during the 6 week initial configuration) Pre-Configure Member Access Router (Junos) with: Preinstallation Pre-Stage A Pre-Shared Key Management IPSec VPN that connects back to the Core Nodes Customer / Client allocated IP addresses Dynamic routing configuration (BGP/OSPF) Default Safe share system/management. configuration Security Stanza Configuration Customer Client Information Required IPAM 6 weeks from the application checks and confirmations being passed Arrange and conduct survey if required If the Jisc engineers determine a survey is required we will arrange a suitable date with you N/A During the 6 week initial configuration Reminder 1 week before the confirmed installation date Jisc will contact you to remind you Installation date selection N/A ADRN Service Slice 3

Stage Step Description Dependency Time Allowance Physical location/s Customer to escort installation engineer to location Access to locations Initial Connectivity Validation Validate the successful connection of the management IPSec VPN Liaise with the Member for any collaborated troubleshooting Pre-Stage Management Integration Integrate the new Member Access Router into Junos Space for centralised management Initial Connectivity Validation Certificate Setup Generate two CSRs (Certificate Signing Request) on the Member Access Router Access to Member Access router configuration Certificate Signing Sign both CSRs per CPE with the applicable Subordinate/Intermediate CA with CA Server on SVC-A. CA-Server Installation Certificate Implementation on SAR Production VPN Setup Install the new signed certificates on the Member Access Router Install the Member Access Router Junos configuration to support the new x.509 Certificate- Based Production IPSec VPNs for connectivity Access to Member Access router configuration 1 day Production IPSec VPN Connectivity Validation Confirm Certificate-Based IPSec VPN production connectivity from the Core Nodes to the Member Access Router. The production service is up after this stage but not officially online or live Access to the Safe share Management Network and Configurations Testing ORT (Operational Readiness Testing) to confirm all elements of the connectivity is working correctly UAT (User Acceptance Testing) in collaboration with the Member (UAT) for any Member bespoke testing as well as general traffic flow testing Management Connectivity Specific Test Plan of the Member Go Live Service confirmed as working Successful testing Post Installation Follow up Jisc will contact the applicant to follow up installation Successful installation 1 week after installation Invoicing Initial invoice raised and sent to applicant Successful installation Within 30 days of installation ADRN Service Slice 4

Stage Step Description Dependency Time Allowance BAU Support Recurrent invoicing Ongoing support as per agreement including space and Infrastructure management Annually on 1 st August N/A N/A ADRN Service Slice 5

3. Technical information The information in this section is intended to help your technical team choose a suitable physical location for your Safe share equipment and to assist with any support issues in the future. 4.1 Supplied Safe share Equipment One or more pieces of following equipment (depending on your requirements) will need to be housed in a suitable environment with appropriate security. It must be connected to your Internet connection and your LAN. High Bandwidth and High Port Density requirements Juniper SRX 550, Juniper SRX 210 & Opengear ACM5022-FE (all three units must be housed together) Low Bandwidth and Low Port Density requirements Juniper SRX 210 only 4.2 Safe share Equipment Environmental Requirements Juniper SRX 550 Juniper SRX 210 Opengear ACM5002-FE Device Type Security Appliance Security Appliance Access Appliance Height (Rack Units): 2U 1U Less than 1U/Shelf preferred Width: 44.4 cm 28.2 cm 10.2 cm Depth: 46.2 cm 18 cm 8.8 cm Height: 8.8 cm 4.4 cm 2.8 cm Weight: 9.96 kg 3.2 kg 0.34 kg Power Device: Internal power supply Internal power supply Internal power supply Installed: Qty2 (incl. 1 redundant) Qty1 Integrated Voltage Required: AC 100/240 V ( 50/60 Hz ) AC 100/240 V ( 50/60 Hz ) AC 100/240 V ( 50/60 Hz ) Power Provided: 60 Watt 645 Watt 12V DC Power Adapter The SRX access routers can be connected to existing power connectivity using either the standard type G UK three pin plugs/sockets or can be adapted to fit into power strips utilising C13 appliance couplers. ADRN Service Slice 6

However, the Open gear terminal server only supports a standard UK plug and therefore will need a standard UK three pin socket to power the device. 4.3 SRX550 Services Gateway Front Panel Figure 1 - Juniper Networks SRX550 Front Panel Number Component 1 Front panel LEDs 2 Serial Console Port 3 USB Console Port 4 Aux Port 5 2 x Mini-PIM slots numbered 1 and 2 6 6 x GPIM slots numbered 3 through 8 7 Mounting brackets 8 4 x SFP Ethernet ports (port 0/6-0/9) 9 6 x Fixed/Integrated Gigabit Ethernet ports (port 0/0 0/5) 10 RESET CONFIG Button 11 Power button 12 USB 0 and USB 1 13 ESD Outlet ADRN Service Slice 7

4.4 SRX550 Services Gateway Back Panel Figure 2 - SRX550 Rear Panel Number Component 1 Two power supply slots 2 ACE slot 3 Grounding point 4 Storage slot 5 ESD Outlet 6 Air filter cover ADRN Service Slice 8

4.5 SRX210 Services Gateway Front Panel Figure 3 - Juniper Networks SRX210 Front Panel Number Component 1 Mini-PIM slot 2 Power button 3 LEDs: Status, Alarm, Power, 3G ExpressCard, Mini-PIM, HA 4 Reset Config button 5 Universal Serial Bus (USB) ports 6 Console port 7 Gigabit Ethernet ports and Fast Ethernet ports ADRN Service Slice 9

4.6 SRX210 Services Gateway Back Panel Figure 4 - Juniper Networks SRX210 Back Panel Number Component 1 Power supply point 2 Cable tie holder 3 Grounding point 4 Lock 5 ExpressCard slot ADRN Service Slice 10

3.2 Opengear ACM5002-FE Front Panel Figure 1 - Opengear ACM5002-FE Terminal Server 2 x RS-232 RJ45 serial (Cisco Straight pinout), single external power supply, 1 x 10/100 Ethernet, 1 x USB 2.0 ports, 4GB internal flash storage, 4 x TTL DIO terminals. ADRN Service Slice 11

Safe share 4. Connection Guide 4.7 High Bandwidth Connection Guide Figure 6 High Bandwidth Access Router Connectivity Requirements ADRN Service Slice 12

4.8 OOB Connections The High bandwidth access router will be connected to a remote terminal service device that will be connected to the OOB router (SRX210). The following connections as displayed in Figure 6 above are required for this connection: An Ethernet cable from port fe-0/0/7 on the Safe share OOB router (SRX210) to the Ethernet LAN port on the Opengear device. An Ethernet cable from the Serial 1 port on the Opengear device to the Console port on the SRX550. An access connection from the Juniper SRX 210. NB. External Connection may be Janet or another internet connection ADRN Service Slice 13

4.9 Low Bandwidth Connection Guide Please Note: This is a library image, therefore T1/E1 Mini-PIM module shown above will not be present in your router. Figure 7 High Bandwidth Access Router Connectivity Requirements NB. External Connection may be Janet or another internet connection ADRN Service Slice 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback