UiBhelp's public knowledge cards

KI 2884 Microsegmentation

Microsegmentation is a security mechanism used to enhance network protection by dividing it into smaller, isolated segments to limit and control traffic between them. This makes it more difficult for security threats to spread and provides better protection for data and systems. By applying specific security rules to each segment, one can effectively minimize the attack surface and increase network security.
What Does Microsegmentation Work Involve?
  • Replacing Network Equipment: We need to replace the network equipment in the building (if it has not been sufficiently updated previously). This means that old equipment must be disconnected, resulting in system downtime.
  • Upgrading Infrastructure: We need to upgrade parts of the infrastructure that will no longer function with the new network. We try our best to map the infrastructure and make good preparations, but mistakes can happen, and we will follow up as quickly as possible afterward.
Effects Typically Experienced in Microsegmented Buildings
  • Non-Centralized Client Machines: Machines that are not centrally managed client machines will drop out of the UiB network. Manual entries with the machine's MAC address, as done previously, will no longer suffice. They must be enrolled in UiB's centralized client service. If your device is centrally managed, you will not notice the upgrade, as the machine will automatically join the new network.
  • Static IP Devices: Devices with static IPs will drop out because they will receive new IPs in the new network. This means that systems connecting via IP will encounter problems as the device's IP changes. Reconfiguration will be required by either UiB or the supplier, based on the system's operational responsibility.
  • Network Downtime: Network downtime will occur during the switch between physical network devices in the buildings. This results in alarms, surveillance systems, or other network-dependent systems dropping out while the network is down. Some devices will automatically reconnect to the network, while others will need reconfiguration by either UiB or the supplier, based on the system's operational responsibility.
Limitations of Microsegmentation for Systems at UiB
  • Peer-to-Peer Connections: Connections between client machines (peer-to-peer) are restricted. This prevents setting up a direct connection between work PCs.
  • Static IP Connections: Static IP connections are limited.
  • Access to UiB Systems: Access to UiB systems is restricted unless you have a centrally managed client via the IT department. This applies to storage, backup, and other internal UiB systems. Access to the Office suite and a few other services is available, but they are relatively few.
FAQ
“Is my machine a centrally managed client machine?”
If you are unsure whether your device is centrally managed, check the information here: https://hjelp.uib.no/tas/public/ssp/content/detail/service?unid=5d87ebde2a434c63b7fd52bca6cf0efa.
If you are still unsure, you can contact BRITA (User Support at the IT department) via https://www.uib.no/brita.
“Is it possible to have a static IP on the new system?”
Primarily, the new IPs are dynamic and will change over time. If there is a need for a static IP, this must be agreed upon and configured with the network group.