Frequently Asked Questions about Network Registration

[Nov 23, 2009 14:09] Web access to Microsoft Live@edu accounts now works.

A list of frequently asked questions to help you with network registration problems.

Answers to your questions

1. What is NetReg?
NetReg is the name of ITC's new mandatory network registration system which will be deployed for all DHCP networks by summer 2006. The current registration system, implemented in the fall of 2003, is mandatory in the residence areas and is being slowly rolled out in the rest of the University. The new system contains added features and functionality to help users and LSPs manage their network devices. The new system has replaced and combines the previous, voluntary wired network registration system, the current wireless registration system, and the mandatory system in the residence areas.

2. Why is ITC mandating network registration?
The purpose of the system is to associate each network device (computer, printer, PDA, etc.) with a specific user so that security-related problems can be resolved more quickly than they are now. Without such a system, it is very difficult and time-consuming for ITC to identify and contact the user of a device that is causing network problems. When the mandatory system is in place, ITC will be able to contact the user and the Group Administrator (if applicable) quickly and work with him or her to fix the problem; or, if necessary, disconnect the device from the University network until the problem is resolved.

3. Do all devices need to be registered?
No. Devices with static IP addresses (e.g., servers and printers) will not be required to register. However, owners of those devices may choose to register them to gain the same benefits. Any device that gets its IP address via one of ITC's DHCP servers must be registered to gain access to the network.

4. What about devices on the HSCS secure clinical network?
Devices on the secure clinical network do not need to register with ITC's registration system since those devices get their IP addresses from HSCS. Likewise, devices with a connection to the SCSN (Secure Clinical Subnet) via ITC's VLAN (Virtual LAN (Local Area Network)) do not need to register.

5. How will users be affected?
Once mandatory registration is implemented in your area, users of unregistered devices will have very limited network access. They will only be able to access ITCWeb and the NetReg server (so they can register). They will not be able to use email, SecureCRT, Home Directory, Corporate Time, Oracle, etc. or be able to access the commercial Internet. Once a device is registered, users of that device will have full access to the network.

6. How will the system help Local Support Partners?
ITC has developed a number of tools to facilitate registration, including a way to import registration data for equipment in LSPs' departments. Users and Group Administrators can also enter additional information into the system to help with asset management. Since all devices will be registered to an individual, the person registered to an offending device will be quickly identified and notified of the problem. This should result in more timely problem resolution, meaning shorter downtimes and shorter periods of degraded network performance for users in the department.

7. How do you register devices?
Devices can be registered in one of several ways. Departments should decide which method works best for them:

  • Import device registrations from the current optional system or your own inventory to the new mandatory system.
  • Use the auto registration function, which allows the system to harvest physical/hardware addresses automatically and prompt you to complete the registration process.
  • Manually enter the physical/hardware addresses of individual devices. (How to determine the physical/hardware address)

8. What are some of the features of the new registration system?
New features include:

  • Single Registration System - The new system will combine the wired, wireless, and residence areas registration systems into one. Users will no longer have to go to separate websites to register their wired and wireless devices for use on the network.
  • Group Administrator - Group Administrators, who must be approved by their department, have the ability to define group members and machines that are owned or administered by the department. They also have the ability to add and remove members; browse, search and edit information associated with all devices in the group; add group-owned devices via bulk update or individually; and export group information to a text file. A Group Administrator can administer multiple groups, and there can be multiple Group Administrators for any one group.
In many cases, it is preferable for a department to use the Group Administration feature rather than having the LSP register each departmental device in his or her own name. If all devices are registered to an LSP who changes departments, the LSP must reassign the devices to someone else. If the LSP leaves the University, the devices will become unregistered when the LSP's computing ID is dropped from the Whois database. On the other hand, if an LSP is designated as a Group Administrator and that LSP leaves the department, it is only necessary to assign a new Group Administrator to take responsibility for that group of devices.

ITC recommends that there be at least two Group Administrators for each group so that more than one person is notified in the event of a security issue with a particular machine. This allows for backup coverage in the event that one of the Group Administrators is out sick or on vacation. A mailing list should be set up for Group Administrator notifications.

  • Reporting - New fields (asset number, serial number, and a "notes" field) provide departments and Group Administrators with the ability to track devices they administer. This information can be used by the department for inventory and asset management. The Group Administrator can download group data to a text file which can then be imported into a database, spreadsheet, or word processor, etc. for various purposes.
  • Mobility - Once a device has been registered, it can be used anywhere on the University network.
  • Guest Registrations - Guests of the University can have their devices registered for use on the network in multiple ways.

9. Do personally-owned devices need to be registered?
Yes, if they need to access the University network.

10. What happens when a person with registered devices leaves the University?
The new system uses information from Human Resources and the Registrar's Office and deletes all instances of the person's computing ID. Devices registered to an individual will be purged from the registration system. Devices registered to a group will remain in the group, but the user association information will be stripped.

11. What about wireless devices?
Wireless devices must be registered as well. All data in the current wireless registration system will be imported to the new system before it goes into production. Users of wireless devices will be instructed to review the information in the new network registration system and assign devices to their groups as applicable. Once the new system is in place, those who had been using the "Cavalier" wireless network without registering their devices in the current wireless registration system will have to register their devices in the new system in order to use the wireless network.

12. How will University guests be handled?
Guest registration can be accomplished in one of two ways:

  1. Faculty, staff and students can register their guest's device via the online registration system.
  2. Group administrators can generate a PIN that is then used by the guest to access the registration system and complete the automatic registration information.

Guest registrations are available for 7, 30, or 130 days and will expire after the elapsed number of days starting from the registration date or the PIN creation date if a PIN was used to register the machine. Optionally, the Group Administrator or the U.Va.-affiliated person who created the guest registration may delete it before the expiration date. Departments needing to generate large numbers of PINs at once (for conferences, institutes, etc.) should carefully consider the best method for distributing PINs and identifying PIN owners.

13. What is the time frame for rollout?
ITC Dynamics, ITC Carruthers, Architecture, the Fine Arts Library, and the Health Sciences Library have piloted the system and are requiring mandatory registration of devices on the network. All residence halls and administrative offices on residence hall subnets are in the system. The pilot will be extended to include the Aurbach Medical Research Building at Fontaine, the Law School and other areas within the College of Arts and Sciences. Departments will be notified in advance of the rollout in their area so they can identify groups and Group Administrators, assign users to groups, determine the method for registering users, and educate users. As of September 2005, it is planned that all of U.Va.'s dynamic address networks will work with the mandatory registration system by June 2006.

14. What does "Remove User Status" mean?
"Remove User Status" will disassociate a user from a MAC owned by an established registration group. The MAC will persist within the group, but have no assigned userid.

15. What if a user has an older network configuration with a DNS entry?
We have had several users that had an older network configuration which included U.Va. DNS entries. After removing the DNS entries and changing it to "Get DNS from DHCP server" the quick tip is to disable and re-enable the network card after the change. No logoff or reboot is necessary. Internet Explorer will now take the user straight to the network registration Web page and let the user register. This saves a lot of time not waiting for the reboot or logging on. It also works after the registration. A full login is needed if login scripts need to run.

"Frequently Asked Questions" adapted from the Local Support Partner News, Volume 1, Issue 4, March 2005. Updated April 25, 2006.

Contact for Network Registration at U.Va.:
consult@virginia.edu

© 2009 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology and Communication (ITC) website is provided as a public service with the understanding that ITC makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.