The University operates an institutional-wide network infrastructure and converged network applications and services (including voice and video) to support all of the information access, collaboration and interchange requirements of the University community, both internally and externally. To achieve the effective and efficient management of the network infrastructure and services the following principles apply:

The University provides a network which is designed, operated and managed to:

• be an integrated end-to-end information infrastructure;
• continuously meet the information access and interchange needs of the research, educational and administrative activities of the University;
• extend to all University campuses;
• interconnect with external local, national and international research and education institutions and commodity Internet resources with sufficient capacity to seamlessly support external collaboration and information interchange requirements of the University community;
• include network security at a sufficient level to protect the University’s information sources, electronic resources, intellectual property and network access;
• support network interconnections and network services to non-ANU Entities where such entities are located within a campus boundary of the University.

Relevant Contractural Obligations:

AARNet Access Agreement

AARNet Policy on Allowed Access to AARNet

AARNet Regional Connection Agreements

Procedures:

University Responsibilities

The University is responsible for:

1. designing, operating and managing the end-to-end network (called the Integrated Communications Network – ICN). The ICN is made up of all network devices and passive network infrastructure, and includes the following elements:

1.1 backbone, distribution and edge networking infrastructure;

1.2 local area networks (LAN) for each business area, including virtual LANs for inter-linking locationally diverse business areas;

1.3 wireless LAN’s and wireless WAN’s;

1.4 wide area network (WAN) links to remote campuses, including optical fibre and copper cable links and microwave radio links;

1.5 remote campus area networks;

1.6 support of Authorised User remote access connectivity to business area subnets via VPN tunnels over the Internet;

1.7 network infrastructure and LANs, as required, for non-ANU Entities.

2. maintaining Carrier agreements for whole-of-institution interconnections for voice services and Internet services for local, national and international network interconnection.

3. ensuring compliance with the relevant legislation. In particular, ensuring compliance in the provisioning of WAN radio links and compliance in relation to carriage of third party traffic.

4. ensuring compliance with, and obligations under, the relevant contractual obligations are met;

5. managing all RF spectrum across all campuses, including unlicensed RF spectrum for wireless LAN and RF channel allocations under apparatus licences for RF links and mobile base stations.

6. managing the University’s voice services, including the provision and management of telephone extensions within a closed number plan, voice servers and gateways, and a voice mail service.

7. managing the University’s emergency voice service which maintains a “guaranteed dial tone” for emergency telephones and systems, building management systems, fire monitoring systems, and security telephones and access terminals.

8. maintaining University directory services for messaging and voice services.

9. maintaining secure messaging records (Internet access, e-mails and telephone calls) for the purposes of usage cost recovery, usage management and, as required and within the privacy provisions of the University’s Privacy Policy, making records available for the investigation of alleged abuse, harassment or illegal use.

10. approving and allocating non-ANU Entities with sufficient University IP addresses to establish separate networks within the campus boundary.

11. ensuring that Internet access for non-ANU Entities adheres to the acceptable use policy of any Internet Service Provider (including AARNet Pty Ltd) with respect to membership, sponsorship or non-membership status of the non-ANU Entities.

Notes:

a. Only network devices approved by the University can connect to the ICN (and so, in general, become part of the ICN).

b. All external interconnections to Carriers and ISP’s and all access to Carrier and ISP services are via the ICN, either as a University provided interconnection service or, for non-ANU Entities, via the ICN’s passive network infrastructure.

c. The ICN’s reach at the end-user boundary extends to the network interface of network connecting devices (including on to the desktop for desktop computers and over the air path to laptop computers).

d. The ICN’s boundary for remote access by an Authorised User is at an ICN VPN Concentrator.

e. Where an identifiable research relationship exists between the University and a third party research institution and the relationship is dependent on the interchange of research information and common use of information services by University staff and the non-ANU Entity staff, then a trusted network relationship will be established by the University for the purposes of the research.

f. A non-ANU Entity may request either a network service and\or a voice service from the University, or may provide its own separate network and services.

g. Any network established for specific research activities or networks established by non-ANU Entities will not be connected to the ICN nor interconnected to Carriers and ISP’s unless explicitly approved by the University. Any approved interconnections will be via a boundary network device.

h. Wireless LAN access points (operating in the unlicensed RF spectrum as IEEE 802.11, 802.16 or 802.20 networks) which are not part of the ICN shall not be approved by the University.

User Responsibilities

Heads of Budget Units are responsible for:

1. managing the information security requirements of their areas, including specifying security policies to apply to their area’s subnets and network connecting devices.

2. ensuring network connecting devices meet the ICN’s interface standards and specifications for approved network connectivity and security.

3. ensuring unapproved network devices are not connected to the ICN.

4. providing network edge patching within local communications cabinets for network connecting devices under their control and which meets the ICN’s patching specifications and standards.

5. for Halls and Colleges using the University’s voice service, managing and maintaining separate hospitality systems for student call and Internet access accounting.

Individual Authorised Users are responsible for:

1. ensuring network connecting devices meet the ICN’s interface standards and specifications for approved network connectivity and security.

Non-ANU Entities are responsible for:

1. where a non-ANU Entity operates a separate network from the ICN, then a clear border must exist with the ICN, via a University managed boundary network device. The non-ANU network falls outside the operation, management and support of the University. Any separate wireless LAN network or wireless LAN network extension shall be approved by the University and shall configured so as not to cause radio frequency interference with the University’s wireless LAN service.

2. where a non-ANU Entity interconnects separately to the University’s Internet or voice Carrier interconnections, it shall be required to use the University’s network infrastructure to transit the campus and shall not be permitted to request a Carrier to provide a separate physical interconnection across the campus.

Authorisation

The University responsibilities identified in this Policy are vested with the Division of Information.

Definitions

Authorised user: is a person defined under Rule 6 of the Information Infrastructure and Services Rules, 2006, and includes University staff, students, Visitors with a currently active user account.

Boundary network device: means a network device under the control of the University which provides a suitably secure and isolating inter-network boundary between the ICN and a non-ANU Entity’s private network.

Heads of Budget Units: includes College Conveners, Deans and Directors of Faculties, Schools and Centres, and Directors of Administration and Information Divisions, as defined in the Delegations of Authority Policy.

ICN: means the University’s network infrastructure and includes the following network sites: the Acton campus, MSO, SSO, NARU, Kioloa, University House Melbourne, ANU Medical School remote sites and hospitals, Fenner Hall, ANU Unilodge, ANU Exchange sites, and Hume Library Store.

Network access: means access to the University’s Integrated Communications Network (ICN), which supports the University’s data, voice and video services and applications.

Network connecting devices: include servers, storage devices, desktop computers, laptop computers, printers, scanners, photocopiers, personal computing devices and other computing devices with networking interfaces capable of connecting to the ICN.

Network edge patching: is the intra-communications cabinet allocations of end-user network connecting devices to allocated ports on network devices via patching cables. In particular, local IT support staff undertake the patching of network connecting devices under their control to ICN edge switches.

Network Devices: are active network equipment which are required for the end-to-end operation of the ICN and include core network switchouters, distribution network Ethernet switches and routers, access network Ethernet switches, optical fibre transceivers, copper line drivers, microwave radio point-to-point and point-to-multipoint terminals, wireless access points, network monitoring devices, network security devices, network application servers, network gateways, authentication and access gateways, Carrier gateways, voice servers and voice support application servers.

Non-ANU Entity: is a separate legal entity to the ANU and, for the purposes of this Policy, has a presence within the University boundary. It therefore requires, as a minimum, access to the ICN’s passive network infrastructure and requires and may require either network and\or voice services from the ICN.

Passive network infrastructure:includes backbone optical fibre cables, telephony external cabling plant, distribution and access optical fibre cables, building structured cabling, communications outlets, cable termination systems, backbone network node rooms, communications rooms, communications cabinets and telecommunications poles and towers.

RF spectrum: means radio frequency spectrum, which, for IEEE 802.11 wireless LAN services and any wireless WAN services, the microwave radio frequency spectrum is split into channels and a campus area network requires spectrum planning of these channels to avoid interference.

Subnet: is a contiguous group of IP addresses from the University’s IP Address range assigned to a Head of Budget Unit or non-ANU Entity for local network connections of network connecting devices within their respective area of responsibility.

University community: includes staff, students and visitors of the University and, therefore, are entitled to access to the information infrastructure and services via the ICN.

Visitors: are authorised users who are within the University Community, but who are not ANU staff or students, who have been approved by a Head of Budget Unit to have access to specific information infrastructure and services. This term replaces the term Affiliate.

VPN: virtual private network access is a secure, authenticated Internet access mechanism into the ICN for remote authorised users.

Introduced: 10 December 2004

Review Date: 8 June 2009

Extensive revision 2007, re-released 8 June 2007.