Planning activities
Prospective clients of the SUNAC service should submit a general SUNAC request. An engineer will contact you to further discuss your request and start the planning process. Once all details and requirements have been confirmed, your SUNAC instance will be created.
Building and testing activities
The University IT Firewall team is responsible for:
- Enabling SUNAC on the requested networks and corresponding firewall rules
- Creating workgroups in Workgroup Manager if there are no existing groups that can be used
- Installing and configuring any standard Stanford network infrastructure components
- Confirming that SUNAC architecture is in accordance with Stanford Information Security Guidelines
- Performing Disaster Recovery for SUNAC
Ongoing support and maintenance activities
The University IT Firewall team will:
- Respond to firewall monitoring alerts and client-reported problems. During non-business hours, support will be provided when either the hardware or infrastructure software is unavailable, or the ability to use these resources is severely degraded across the campus.
- Troubleshoot and resolve system-related problems
- Monitor vendor resources for any required operating system patches or upgrades
- Monitor vendor resources for any required hardware upgrades
- Troubleshoot and resolve SUNAC infrastructure-related issues
- Clients should submit Firewall Service Requests to add workgroups and apply those workgroups to existing firewall policies or create new policies to include workgroup restrictions.
- For help requesting service, General SUNAC service requests may be submitted.
- A Firewall Ticket should be submitted for any impacted SUNAC service.
Security activities
The SUNAC architecture and operational processes have been reviewed and approved by the Information Security Office. Security policy is put forth by the University. The systems administration team will adhere to all security policies documented in the Stanford Administrative Guide.
Monitoring activities
Basic operational health of the firewalls is monitored via HOWIS and ping scripts. Frequencies and thresholds of monitoring checks are set according to industry best practices.
Based on the standard configuration setup, clients will not receive system-level alerts. System-level alerts are routed directly to systems administrators so that appropriate action can be taken. Based on the type and severity of the alert, time of day, and the potential impact to end-users, the client-designated technical contact may be called.
Documentation activities
Each firewall has a client documentation page so that Firewall Owners and Rule Approvers can confirm that their rule set is accurate and that the appropriate firewall rules have been SUNAC enabled. Rules that are enabled for SUNAC will have an (I) at the end of them. Most clients can find their department's documentation online.
