Prospective clients of the SUNAC service should submit a HelpSU request to have the SUNAC service enabled on their network. You will need to provide the following information: your network's addresses or firewall zones and your departmental workgroup in Workgroup Manager (if none exists, one will be created for you). The following are examples of the information to include in the HelpSU ticket:
Please enable SUNAC for networks 18.104.22.168/24 and 172.24.20.0/24, using the Workgroup Manager workgroup "workgroup-our-staff"
Please enable SUNAC for firewall zone "Network Services," using the Workgroup Manager workgroup "workgroup-our-staff"
An engineer will contact you to further discuss your request and start the planning process. Once all details and requirements have been confirmed, your SUNAC instance will be created.
Building and testing activities
The University IT Firewall team is responsible for:
- Enabling SUNAC on the requested networks and corresponding firewall rules
- Creating workgroups in Workgroup Manager if there are no existing groups that can be used
- Installing and configuring any standard Stanford network infrastructure components
- Confirming that SUNAC architecture is in accordance with Stanford Information Security Guidelines
- Performing Disaster Recovery for SUNAC
Ongoing support and maintenance activities
The University IT Firewall team will:
- Respond to firewall monitoring alerts and client-reported problems. During non-business hours, support will be provided when either the hardware or infrastructure software is unavailable, or the ability to use these resources is severely degraded across the campus.
- Troubleshoot and resolve system-related problems
- Monitor vendor resources for any required operating system patches or upgrades
- Monitor vendor resources for any required hardware upgrades
- Troubleshoot and resolve SUNAC infrastructure-related issues
- Clients should submit a HelpSU request to enable SUNAC on their networks
- For any non-impacting or non-urgent SUNAC requests, please submit those via the appropriate Firewall Rule Request page.
The SUNAC architecture and operational processes have been reviewed and approved by the Information Security Office. Security policy is put forth by the University. The systems administration team will adhere to all security policies documented in the Stanford Administrative Guide.
Basic operational health of the firewalls is monitored via HOWIS and ping scripts. Frequencies and thresholds of monitoring checks are set according to industry best practices.
Based on the standard configuration setup, clients will not receive system-level alerts. System-level alerts are routed directly to systems administrators so that appropriate action can be taken. Based on the type and severity of the alert, time of day, and the potential impact to end-users, the client-designated technical contact may be called.
Each firewall has a client documentation page so that Firewall Owners and Rule Approvers can confirm that their rule set is accurate and that the appropriate firewall rules have been SUNAC enabled. Rules that are enabled for SUNAC will have an (I) at the end of them. Most clients can find their department's documentation online.