• Section Navigation
• Financial Resources
• Forms
• Human Resources
• IT Resources
• Policy & Procedures
• Safety & Training
• Services
• Templates & Tutorials
• Visitor Resources

IT Policies - Networks

 

Purpose

To define the function and use of computer networks within MRI, specifically within the MRI Building, MRL Building and Research Unit A (RUA).

 

Scope

This policy applies to all computer networks (wired and wireless) within the MRI Building, MRL Building and Research Unit A except where noted.

 

Rationale

Computer networks have proven to be crucial to conducting University business and research; from processing payroll for employees to collecting and transmitting data on scientific instruments, almost everyone within MRI relies on computer networks to perform their functions at the University. That this technology has become crucial to our daily work requires that the networks perform as optimally as possible with minimal downtime and in the most secure manner possible. Downtime with computer networks results in lost time on the part of employees and researchers who rely on networks. Security breaches result not only in lost time, but could also result in compromised privacy of data. To this end, the MRI IT Group works to ensure that the computer networks within MRI are of the highest quality and security. To accomplish this requires that only Penn State owned computers may be connected to the wired and "behind the firewall" wireless networks. Simply put, this is the only way to ensure that the security and integrity of the computer networks is maintained. Allowing non-University owned computers on the MRI networks creates an environment not of "if" there is a breach in security, but "when" there is a breach in security. Thus, it is in everyone’s best interest that only Penn State owned computers reside on the MRI networks.

 

MRI recognizes that there are times where non-University owned computers must be networked to enable access to resources. Whether the computer is laptop owned by a student or a visitor to Penn State, there are times where Internet access for non-University owned computers can benefit the University and those within MRI. To provide this access while maintaining the level of security required for our networks, MRI offers the "pennstate" wireless network in the MRI and MRL Buildings. This wireless network works in the same manner as other locations on campus and is even available to visitors through the use of Short Term Access Accounts (STAA). This wireless network resides "outside the firewalls" and therefore does not reduce the level of security of the MRI networks.

 

Policy - Connectivity

Wired Networks

 

Eligibility

Only Penn State owned computers-the primary user of which is a Penn State faculty or staff member or student and holds permanent office space within the MRI Building, MRL Building, and/or Research Unit A-are permitted to connect to the MRI wired networks. All other computers are prohibited from connecting to the MRI wired networks. Proof of purchase may be required to demonstrate ownership of a computer.

Ethernet Cables

High-quality Cat5e patch (RJ45 to RJ45) cables must be used to connect to the MRI wired networks. If a cable is needed, a member of the MRI IT Group will provide a cable for connectivity. Standard length cables are provided free of charge. Custom length cables (either purchased or produced in-house) may incur a charge to the person requesting the cable.

Downstream Hubs/Switches

At times, the number of required network connections exceeds the number of available network jacks in the physical space. In these instances, a downstream hub or switch may be required to provide the additional connections requested. To help ensure trouble free networking, a member of the MRI IT Group will provide the downstream hub or switch. The serial number of the device along with date/time, location and responsible party will be recorded. The device remains the property of MRI and is to be returned to a member of the MRI IT Group when no longer needed.

Wireless Networks

Three wireless networks are provided within the MRI and MRL Buildings under the SSIDs "MRI-wpa," "MRI-guest," and "pennstate."

MRI-wpa

Only Penn State owned computers-the primary user of which is a Penn State faculty or staff member or student and holds permanent office space within the MRI Building, MRL Building, and/or Research Unit A-are permitted to connect to the "MRI-wpa" network provided there is a demonstrated need for wireless network connectivity "behind the firewall." Contact a member of the MRI IT Group for assistance with determining demonstrated needs. All other computers are prohibited from connecting to the "MRI-wpa" wireless network. Proof of purchase may be required to demonstrate ownership of a computer.

MRI-guest

The "MRI-guest" network is only to be used by visitors to the MRI and MRL Buildings who have been issued a Short Term Access Account (STAA) and that need to create a Virtual Private Network (VPN) connection to an entity such as the user's company or university network. This network provides no security!

pennstate

Any computer may connect to the "pennstate" wireless network per the regulations set forth in the "pennstate" wireless network specification. (See References)

 

Policy - IP Address Issuance

Wired Networks

IP addresses will be issued to all qualifying computers once the following information has been received by a member of the MRI IT Group:

* Your name
* Your Penn State AccessAccount Userid (xyz123)
* Your office address or location of the computer
* MAC address of the computer

Static/Dynamic Addressing

While DHCP servers are employed within MRI to issue IP Addresses, the DHCP server only works with reservations. This means that only authorized computers will receive IP Addresses from the DHCP server. Moreover, the computer will receive the same IP Address each time it is connected to the MRI networks.

Wireless Networks

All wireless networks receive dynamically assigned IP addresses after successful authentication.

 

Definitions

MAC Address

Medium Access Control Address of a network adapter in a computer. Sometimes referred to as Physical Address. A valid MAC Address is a 12 character hexadecimal value comprised of the numbers 0-9 and the letters a-f; may be separate in value pairs by either "-" or ":".