The University of Paderborn provides the operation of a university network with connected services via the ZIM and continuously expands it according to the needs of the university members.

Overall, the ZIM is responsible for the following areas and services in network operations:

• Active and passive network infrastructure

• Wireless LAN

• External Internet connection

• Connection of external facilities

• Backbone

• Network services like Domain Name Service (DNS), Network Time Protocol (NTP), Dynamic Host Configuration Protocol (DHCP)

• Freely accessible wired network connections ("green boxes")

• Virtual Private Network (VPN)

• Network security
   

Active and passive network infrastructure

The ZIM plans and realizes the deployment, expansion and replacement of the passive and active network infrastructure. This is based on the computer equipment and the usage profile of the respective users. The passive infrastructure includes the external cable network and the necessary internal cabling including junction boxes. The services are usually provided by commissioning specialist companies. In this case, the ZIM takes over the approval of the passive network. Components of the active network infrastructure are technical devices such as routers or switches. The network technologies Wi-Fi and Ethernet with a data rate of 10 Mbps to 10 Gbps are used. The Internet Protocol (IP) versions 4 and 6 (IPv4 and IPv6) are used.
 

External Internet connection

The Internet connection of the University of Paderborn forms the basis for the entire data communication of the university, both to the scientific network XWiN of DFN as well as to other research networks and commercial networks, national and international.

Connection of external institutions

Affiliated institutes of the University of Paderborn are connected to the data network of the University of Paderborn via a direct link and embedded in it like normal buildings.
 

Backbone

The backbone of the University of Paderborn is the high-speed data network that connects the individual buildings and floor distribution points. This is the "carrier network" in which the data is transported between the facilities (ZIM, faculties, institutes etc.).
 

Network security

In order to achieve adequate network security, several coordinated security measures must generally be used. The protection against unwanted access to the university network from the "outside world", but also the regulation of data traffic with the "outside world" is implemented on the central firewall. To protect individual subnets within the university, the ZIM provides firewalls based on filter rules on the routers.

For a wireless connection with the university network, the University of Paderborn offers campus-wide Wi-Fi. The networks "eduroam" and "webauth" are available at wireless network connections. Because of the higher security and simplicity the ZIM recommends the use of "eduroam". Members of other universities can access the "eduroam" network if their home institution participates in the DFNRoaming-eduroam initiative. Research guests, project partners or lecturers can apply for a Uni-Account for guests and thus use the Wi-Fi. Visitors (e.g. course participants, conference guests etc.) can obtain conference access to the "webauth" network via their organizer.

Besides laptops, other mobile devices such as tablets or smartphones can also be integrated into the Wi-Fi. The owners themselves are responsible for the security of end devices in the Wi-Fi. Like any other IT service of the University of Paderborn, the Wi-Fi may only be used for university purposes.

VPN (Virtual Private Network) is needed if you want to use your computer from home to access services that are only accessible within the university network. VPN guarantees secure access to the university network from other networks (dial-up via other providers, external company or university networks). VPN makes it possible to transfer data over an encrypted connection (tap-proof tunnel). This connection is established between a VPN server at the university and a VPN client on your computer on the Internet. By connecting to the VPN server, your computer becomes part of the university network.

DNS

The zim manages the domain namespaces uni-paderborn.de and upb.de as well as the IP address ranges 131.234.0.0/16 (IPv4) and 2001:0638:0502::/48 (IPv6). The assignment of the domain namespace to the IP address ranges and vice versa is realised with the Anycast DNS 131.234.200.200 2001:638:502:c000:a::200.

Areas of the University of Paderborn (e.g. faculties, departments, institutes, central institutions) can receive their own subdomain of the form nn.uni-paderborn.de/nn.upb.de. Furthermore, ZIM can apply for domains under the top-level domains DE, EU, INFO, BIZ, NAME, COM, NET, MUSEUM, COOP, ORG, CAT, MOBI as well as under the ENUM domain "*.9.4.e164.arpa" at DFN-Verein for inter-university or international research projects.
 

DHCP

DHCP is a service that connects notebooks, desktop PCs and servers to the network quickly and conveniently. This service is automatic and usually does not require any further configuration by the users of the university network.

If your notebook has problems to get an IP address and thus no internet connection can be established, please contact the user support.

The Network Time Protocol NTP is a protocol for the adjustment of system clocks on computers and other network-compatible devices.

At the University of Paderborn, time.uni-paderborn.de can be used for this purpose, which is DNS round-robin between two NTP servers operated by the ZIM, which obtain their time from the public NTP servers of the Physikalisch-Technische Bundesanstalt in Braunschweig. In addition, a radio clock (DCF77 time signal) is connected, which is of essential importance for network operation, if the external connection fails.

What is DFNRoaming or Eduroam and what is it good for?

DFN is the abbreviation for "Verein zur Förderung eines Deutschen Forschungsnetzes e. V.", roaming is the mutual provision of one's own infrastructure for "customers" of other providers. The aim of DFNRoaming is to offer scientists and students at another scientific institution uncomplicated access to resources of their home institution and to the worldwide Internet.

To this end, roaming between the infrastructures of the participating institutions was organized under the coordination of DFN-Verein. Scientists or students can now very easily use the WLAN infrastructure available at the host institution: When the connection is established, the home institution is asked via the Internet whether it has the appropriate authorizations. This means that only one authorisation is required at the home university and not an additional authorisation at the host university or research institution. The prerequisite is, of course, that both the own and the external institution participate in DFNRoaming.

At which universities or research institutions DFNRoaming is possible and which locations are available there is explained on the DFN web pages at https://www.dfn.de/dienstleistungen/dfnroaming/. In addition, there is the Europe-wide Eduroam (Education Roaming).
 

What do you have to do as a member of the University of Paderborn at another university or research institution participating in DFNRoaming to use the WLAN?

Members of the University of Paderborn, if they want to use the WLAN of another university, which also operates DFNRoaming, have to connect to the corresponding network (most likely SSID eduroam) of the respective university to get access to the WLAN of the hosting institution. Authentication is done using the network certificate created at the University of Paderborn.

Of course you must already have a Uni-Account and access to the network "eduroam" of the University of Paderborn.
 

What do I have to do to use the WLAN of the University of Paderborn as a member of another university or research institution participating in DFNRoaming?

Members of other universities or research institutions must, if they want to use the WLAN of the University of Paderborn, establish a wireless connection to the wireless network "eduroam" of the University of Paderborn and authenticate themselves in the same way as they do at their home institution. If you authenticate with username and password you have to choose the form "username@home institution".

The ZIM operates a network storage on which files can be stored and managed centrally. The service is available for all users and groups of the university. The ZIM takes care of the secure storage of files and directories and regular backups.

The server application Data Backup is designed for the backup of data from employees' computers on the one hand and from servers of departments (e.g. faculties, institutes, chairs, facilities, committees, university groups) of the University of Paderborn on the other hand. The backup of the computers/servers is done via a backup client, the restore by the user via the client.

The ZIM offers a backup service for areas (servers) and an archive service for members of the University of Paderborn.
 

Backup service

The backup service offers the possibility of backing up local computer systems and servers in the institutes both automatically and manually. Prerequisite for this service is the active cooperation with the system administrators in the institutes as well as an adequate and reliably functioning data network in the institutes.
 

Archive service

The archive service enables data to be archived in the long term. Unlike the backup service, data can be deleted from the local computer system after archiving. The data are stored without time restrictions.

The RWTH Aachen University offers a central data backup for the University of Paderborn. The software used is the Tivoli Storage Manager (TSM).

In order to participate in the data backup, a contract with the ZIM must be concluded. In this contract a contact person is named. This contact person must supervise the proper backup. He or she must also agree with the ZIM on changes to the backup (major changes to the backup volume or loss of a client).

The server service Housing of Servers is designed for areas (e.g. faculties, institutes, chairs, facilities, committees, university groups) of the University of Paderborn and includes the housing of servers of these areas in the central server room as well as the provision of the required infrastructure (network, temperature and access control). Optionally the servers can be connected to the uninterruptible power supply (UPS).

The server service Server Hosting (provision of virtual machines) is designed for areas (e.g. faculties, institutes, chairs, facilities, committees, university groups) of the University of Paderborn and includes the provision of servers in the ESX cluster on Debian Linux or Windows 2012, 2012 R2 and 2016 including data backup.

Prerequisites are agreements regarding backup volumes, operating system, processor power, main memory, disk space, availability levels and load balancing.

The server application License Server is designed for departments (e.g. faculties, institutes, chairs, facilities, committees, university groups) of the University of Paderborn and includes the administration of concurrent use licenses for the departments. This enables the departments to provide their licenses centrally. The client on the user's computer then fetches the respective license from the server.
 

The service includes the following:

• Provision of the system platform

• Importing the license file

• Service Monitoring

The University of Paderborn provides an Infrastructure-as-a-Service (IaaS) "Regional Private Cloud" based on OpenStack.

To use the regional cloud you have to apply for the decentralized service "Regional Private Cloud" in the service portal, User Selfcare, Additional Services. In our HelpWiki you will find extensive information about this service.

If you are no longer interested in using this service, you can cancel it. Access to the regional cloud will then no longer be possible.

General information on the topic of "cloudcomputing" can be found on the Internet e.g. at wikipedia.org/wiki/Cloud_computing.

The Tivoli Storage Manager (TSM) is used as software for data backup. The RWTH Aachen University offers a central data backup for the University of Paderborn.

The TSM server works with a database, in which all information about secured objects is stored. Unlike most other available backup products, TSM works on file level. This means that each file is considered as an object and can be addressed individually.

In general, TSM follows the strategy of incremental backups. After a fullbackup only the changes in the file system are transmitted to the TSM server.

For the backup in Aachen three TSM servers are available. The distribution to the servers is based on the workload of the servers and not on the faculty affiliation.

TCPSERVERADDRES b37.rz.rwth-aachen.de mit dem TCPPORT 1537
TCPSERVERADDRES b41.rz.rwth-aachen.de mit dem TCPPORT 1541
TCPSERVERADDRES b42.rz.rwth-aachen.de mit dem TCPPORT 1542

TSM offers the possibility to backup multiple versions of files. A distinction is made between active and inactive versions. The current version of a backed up file is called active version, all other versions of the file are called inactive versions.

The current backup policy is as follows:

• 3 versions of a file are kept.
• 2 versions of a deleted file are kept.
• After 30 days inactive files are deleted.
• After 90 days, the last version of a deleted file is removed from the backup.

Active data is never deleted from the backup server. The ZIM reserves the right to delete this data after prior notification of the user if the last backup of the data stock was more than half a year ago. Notification is made by e-mail to the responsible contact person of the system.

The installation, configuration and operation of the programs required for the backup service on a local computer is the responsibility of the user. If necessary, the user can fall back on the support of the ZIM.

If you have any questions, please send an e-mail to tivoli-admins@lists.upb.de or to zim@upb.de.

The TSM client software is available for the following operating systems:

• AIX
• HP-UX
• Linux
• Mac
• Solaris
• Windows

You can download the latest version from the ftp-server of Karlsruhe University:

ftp://ftp.scc.kit.edu/pub/mirror/service.boulder.ibm.com/storage/tivoli-storage-management/maintenance/client/

The TSM server runs under version 5.5.3.