<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Hi John,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
It's good to hear from you, how are you?</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Things have been very busy for us working on the https://unidesk.uwa.edu.au solution.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I've created the ucc.asn.au domain. I was waiting for you to give me one or two pheme accounts that I can have access provisioned.</div>
<div id="appendonsend"></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
I see 2 subdomains under uwa.edu.au delegated to ucc.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
ucc.guild.uwa.edu.au and ucc.gu.uwa.edu.au, I have created these as subdomains in the account however it is unlikely from the discussion I've had these will be able to be maintained as delegated subdomains.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
I've attached the zone files I have for these zones, if you can check these for accuracy. I'll have the records added to the parent zone and delegation removed.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
I will confirm a date with you before proceeding.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Moving forward any records under uwa.edu.au are part of the corporate brand and an approval process will be required to have names allocated in the uwa.edu.au domain.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
I can see additional domains registered in the 130.95.13.0/24 address space.<span></span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>didcoe.id.au <br>
</span>
<div>shmookey.net <span style="background: var(--white);"> </span></div>
<div>unisfa.asn.au <br>
</div>
<div> <br>
</div>
<div>Are these required moving forward?</div>
<div><br>
</div>
<div>From out discussions we talked about <span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important">130.95.13.0/26 being route to the perimeter firewall.</span></div>
<div><span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important"><br>
</span></div>
<div><span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important">Is this the desired outcome for UCC?</span></div>
<div><span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important"><br>
</span></div>
<div><span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important">I've attached a network scan for the <span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important"><span> </span>130.95.13.0/24
network. Are we in a position to alter the firewall rules from anything about <span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important">130.95.13.32/26 now?</span></span></span></div>
<div><span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important"><span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important"><span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important"><br>
</span></span></span></div>
<div><span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important"><span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important"><span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important">Thanks</span></span></span></div>
<div><span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important"><span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important"><span style="caret-color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); display: inline !important">Paul</span></span></span></div>
<span></span><br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> John Hodge <tpg@ucc.asn.au><br>
<b>Sent:</b> Thursday, 9 April 2020 8:27 AM<br>
<b>To:</b> Paul Fisher <paul.fisher@uwa.edu.au><br>
<b>Cc:</b> Geoff Costello <geoff.costello@uwa.edu.au>; tech@ucc.asn.au <tech@ucc.asn.au>; wheel@ucc.asn.au <wheel@ucc.asn.au><br>
<b>Subject:</b> Clarification of requirements and plan of action</font>
<div> </div>
</div>
<div>Paul,
<p>I haven't seen an update from our discussion several weeks ago, so I thought I'd put to paper some notes and queries about the move towards Cloudflare proxying.</p>
<p>My understanding is that UWA has decided (in response to one of the steps in the ANU data breach) that websites hosted on 130.95.0.0/16 (UWA's IP range) should not be open to the general internet, and instead should be protected by a reverse proxy (in this
case, Cloudflare). To this end, DNS is being pointed at Cloudflare (I assume because the DNS service comes with the web proxy service?) and eventually ports 443 and 80 inbound will be closed at the border firewall (with an exception for the Cloudflare proxies).<br>
</p>
<p>Queries:</p>
<ul>
<li>What is the progress on getting access to the Cloudflare dashboard? We would like to start on migration of services before ports 443 and 80 start being blocked.</li><li>Are there any other ports (apart from 80/443) that will be blocked at the border?<br>
</li><li>Is there any progress towards treating 130.95.13.0/24 as "outside" in the core firewall (and thus side-stepping the need to place UCC services behind Cloudflare)?</li></ul>
<p><br>
</p>
<p>Examples of services that cannot work with the Cloudflare setup (running both HTTP and non-HTTP on the same hostname):</p>
<ul>
<li>GitLab (source control server): This runs both a web server (for viewing source code, and managing permissions) and a SSH server (used for uploading code in a secure manner). Neither of these services support DNS "SRV" records (which would permit different
IP addresses for HTTP/HTTPS and other services).<br>
</li><li>"Big Blue Button" (Video conferencing system): This sends its video streams over UDP to a collection of high ports (audio is sent over websockets). This system has been used to great effect by the clubs impacted by the COVID-19 Cameron Hall shutdown, to
host their normal events in a virtual space.</li><li>We currently have `secure.ucc.asn.au` that "hosts" a whole range of encrypted services (IMAP, POP3, webmail, VPN).</li></ul>
<p><br>
</p>
<pre class="x_moz-signature" cols="72">--
John Hodge [TPG]
UCC Wheel Member</pre>
</div>
</body>
</html>