Wired network - Gina Cody School of Engineering and Computer Science

The School makes every effort to provide a fair amount of bandwidth to the members of the community, both internally and externally.

• Internal: The network is segregated into subnets and virtual networks (VLANs) for teaching, research labs, and infrastructure to minimize or reduce interference between these networks.
  
• External: The usage of commercial internet usually does not fall within the acamedic use of ENCS network resources. Thus, at full speed download each user is allowed to "borrow" one full 1 full gigabit until the connection is throttled, which usually takes about 2 hours, until another full gigabit becomes available. Exceptions to this rule include all known patch sites, known software/hardware vendors, legitimate software repositories, and otherwise non-profit and academic and research organisations. The exception list is maintained manually. To add a site to the list, contact the Service Desk.
  

Concordia's IT department understands the growing need to run virtual machines (VMs) on research computers, multiple operating systems, and cloud computing. Generally, the preferred way to run VMs on research equipment is behind network address translation (NAT) of the host operating system. In case the VMs need to be first-class citizens on the researcher's network along with other computers, the policy is to assign both virtual MAC and IP addresses.

The researchers then statically configure the MAC address on their VM configuration. Running a lot of VMs on a researcher's subnet this way may result in exhausting the available IP address space, In that case, the researcher would be asked to move to a larger private subnet, on a case-by-case basis.

Some VM vendors have preset organizationally unique identifier (OUI) for their MAC addresses (e.g., VMWare and Xen) and some don't. In this case, a "locally administered" MAC address is used. This is done to ensure uniqueness of the MAC addresses on our network to avoid network conflicts. If the researchers require the VMs with such a setup, the supervising professor or a designated lab admin should open a ticket with the Service Desk requesting to connect a VM.

Since June 2008, all computers in the Gina Cody School of Engineering and Computer Science have client-only network access. This means that they are able to initiate connections to other computers outside their local network, but are not able to accept traffic initiated from machines outside their local network, with the following exceptions:

• Remote Desktop connections tunnelled through tunnel.encs.concordia.ca;
• VNC connections tunnelled through tunnel.encs.concordia.ca;
• SSH connections tunnelled through tunnel.encs.concordia.ca;
• SSH connections originating from any machine within any ENCS network with a Concordia IP address; and
• Connections to a service explicitly authorized on a particular machine pursuant to a request by the full-time faculty member responsible for the network to which the machine is connected.

Authorization to offer network service will generally be granted for a specific machine upon receipt of a proper request to the Service Desk.

How to request permission to offer network service:

To request permission to offer a network service, the responsible faculty member must contact the Service Desk and specify:

• The reason for offering the service
• The service being offered, including the protocol and port number (or numbers)
  
• The computer that will offer the service
• The ENCS username of the person who will administer the computer
• Any desired restrictions on the clientele for the service (e.g., ENCS only or Concordia only)

“Grandfathering”

User-managed computers that have been acting as servers prior to June 18, 2008 have not been automatically blocked, but an administrator will commu