Mount Holyoke College
Directories
Login
Calendar
Campus Map
 
 
About | Admission | Academics | Student life | Athletics | Offices | Giving | News & Events
Clapp tower from Miles Smith
Links with Logins
 

Information and Policies >

Network Operations and management

Networking, an overview

Networking is responsible for the design and maintenance of the College network and the system administration of many of the host computers that reside on that network. The network and systems are maintained in a state of high reliability and security. We maintain efficient means for users to interact with these systems. This often requires installation or creation of new software applications. It also involves many aspects of instruction for end users and other staff members within LITS, including application development questions.

Philosophical approach

Network and systems operations is guided by a philosophical orientation that sees the network and its operation as a fundamental part of the College environment, supporting not only the business and academic aspects of the College, but also the co-curricular life of the students, faculty, and staff.

The electronic life of the community is seen as an extension of the physical life and is normally governed by the same principles. In our physical life, there are constraints of our behaviors. So it is in the electronic life. There are sometimes special considerations for the electronic life, and many of these are discussed in our policy and acceptable use documents.

The network is a shared community resource. It is not an infinite resource so unfettered use is not possible. As a shared medium, the behavior of one individual should not adversely affect that of other individuals.

Privacy of electronic behavior is important. Safety, security, and the general operations of a community resource must be balanced with privacy concerns.

Accessing the network

Access to the network may be either a local physical or wireless connection or a connection via the Internet. We no longer provide modem connections.

Off-campus network connections may be restricted for some services. For selected individuals with specific academic or business requirements, we provide a VPN service or remote desktop access software.

Connecting to the network, wired or wireless

Computers attaching to the network should be up-to-date with their operating system patches and should be running some form of anti-virus software with the latest definitions. College owned computers and student registered computers must be running the College-provided anti-virus software.

Anti-spyware software is recommended.

All devices connecting to the network should be registered and a responsible party identified. We do provide some exception for temporary guest access, but the registration for these one-day registrations is not authenticated in any way.

Personally owned computers of Mount Holyoke College faculty/staff/students, running Windows or Macintosh OS on campus, should have McAfee anti-virus software installed with the latest anti-virus definitions. McAfee is also provided for faculty/staff home computers.

Network Access control, registering and removal

  • Registering for wide area network use
    Computers need to be registered in order to obtain off-campus network access. Computers owned by the College and provided to faculty and staff are registered by computing staff.

    A faculty or staff member can register a personally owned computer via an authenticated web form. There is no check to determine if the computer is up-to-date with operating system patches and anti-virus

    Student computer registration requires that the student run an agent to verify that the computer is up-to-date with operating system patches and College-supplied anti-virus software.

    A guest may register for one to seven days. For greater than one-day access an email address is required, but there is no verification of that email address.

    Guests with wireless computers may use a special network called "MHC guest" which provides limited wide-area network capability without authentication (web, ssh, ftp).

    For details of the history of network access controls, see Appendix B.

  • Removal from the network -- quarantining
    The network is a shared resource and a single machine on the network has the capability of disrupting the operation of the network. A computer that is misbehaving on the network may be restricted on the network or removed from the network. Depending on the severity and the impact of the problem, we might:
    • Quarantine the computer to allow only on-campus services.
    • Shut down the port to which the computer is connected.
    • Prevent the MAC address from obtaining an IP number at all. This method is normally used for guest computers for which we do not have contact information.
    We prefer the method of quarantine that allows the student to continue to access on-campus resources. Being restricted from off-campus access is sufficient to have the student get the problem fixed but also allows the student to access on-campus resources for academic work.

Monitoring the network

We use a number of tools and processes to monitor the network, graph its usage on various network devices, and detect nefarious operations. Data are collected from campus switches, routers, and various computers on the network.

  • Within campus traffic
    Network bandwidth (the amount of network traffic) is measured and graphed for many of the various network components. Long term data for the graphs are not maintained since this information is used primarily for troubleshooting and to understand general traffic patterns and usage. (Network statistics are shown here in a new window or tab.)

  • Off campus traffic
    Network traffic is also measured at the campus border and data on overall usage is maintained. Traffic by individual IP number is also maintained by source and destination addresses as well as overall amount. The source and destination data are not considered public but are also not considered to be network content (see "Content" section below).

  • Content
    In general, network traffic monitoring is content neutral. In normal operations, we do not look for specific network payloads. In the course of an investigation of health/safety issues, misconduct, illegal activity, or system/network problems, some network traffic content may be observed by specific system managers or, if appropriate, provided in cooperation with Public Safety and law enforcement. These procedures parallel those regarding file information found in the document, Conditions of account.

  • Computer system monitoring
    At the computer system level network traffic is monitored for password attacks or other nefarious processes, such as spamming. As above, this monitoring is also content neutral in normal operations.

  • In depth monitoring
    More in depth monitoring may occur in the event of an investigation relating to system operations, College business/academic issues, health and safety concerns, misconduct, or criminal activities.

    Further information on privacy and security of data and information can be found in the computer and network access policy documents.

Internet traffic bandwidth control

We consider network traffic outside of the Five College area to be Internet traffic. There are direct costs for bandwidth (megabits/second) each month for our Commodity Internet and our Internet2 connections.

Over the years, the amount of bandwidth required by the campus community has dramatically increased. (See Appendix A for details.)

A large portion of the bandwidth is consumed by students and usage drops dramatically during vacations. This is not surprising since students make up the bulk of our users. We have learned that the student network traffic can overwhelm the available bandwidth, adversely affecting the College academic and business uses of the network.

We have employed three methods of bandwidth control:

  • Bandwidth shaping — basic rate limiting
    The amount of total traffic for the range of IP numbers assigned to students is capped at a percentage of the total bandwidth.
  • Rate limiting — bandwidth shaping by IP
    Individual IP numbers in the student range are restricted to a maximum number of megabits per second.

Using these methods, we have avoided the expensive purchase of a bandwidth shaping appliance. See Appendix C for historical details.

The Internet, the Mount Holyoke community, and the world


  • The College is perceived by the world electronically to an ever increasing degree.
    • The web presence on the network needs to not only be appealing, but it must also be responsive. That requires adequate bandwidth.
    • The extent to which a campus is "wired" and the amount of bandwidth it provides has become a significant factor for the various organizations that publish college rankings.

  • Type of network traffic by content
    • Curricular
    • Co-curricular
    • Business
    • College "presence" (primarily web)
    Since we do not monitor by content, it is not possible to completely differentiate these kinds of traffic. Within a short period of time, individuals might engage in both co-curricular and curricular or business activities.

    While it would be technically feasible for us to extract traffic statistics to specific off-campus sites such as weather.com or cnn.com, the effort involved and the lack of benefit for such data precludes our doing so.

  • At one time, the network was seen as serving the educational and business needs of the College. While these are still critical services, the members of the College community, especially students, view the co-curricular aspects of the network as having paramount importance to their life at the College

Determining when more network bandwidth is required

REVISE SECTION

There are two primary methods of determining when more network bandwidth is needed.
  1. Wait until the network slows down sufficiently to be noticed.
  2. Watch the bandwidth graphs routinely and watch the capacity and trends.
The first method is unpleasant. Not only is one's own work hindered by network responsiveness, but one has to field complaints of many frustrated individuals while solutions to the problem are developed. Unfortunately, this method can occur when novel and unexpected network uses come into being, as they did in 2000 with the rapid increase in music sharing.

The second method is clearly preferable.

When an increased level bandwidth is predicted, rather than increase bandwidth, it is possible to decrease the bandwidth requirements by managing the existing bandwidth.

We have accomplished this by various forms of bandwidth shaping and rate limiting as described above.

Bandwidth use is monitored and graphed and these graphs are routinely checked to evaluate trends and usage in relation to overall capacity of the off-campus link to the Internet. Industry trends or trends based on anecdotal evidence are also considered, such as the increase in purchasing movies and TV shows that began to become popular in 2007.

It is very desireable to avoid discovering the need for more bandwidth by experiencing severe network degredation. This occurred throughout the Five College area in 2000 with the rapid growth in music sharing.

When graphs show the amount of traffic for a significant portion of the day is at or approaching the maximum amount of bandwidth

Back
Copyright © 1969 Mount Holyoke College • 50 College Street • South Hadley, Massachusetts 01075.
To contact the College, call 413-538-2000.
This page maintained by the Department of Networking. Last modified on February 3, 2011.