Skip Navigation
Security

Public IP Addressing

Access Request Steps for New Servers (see below for more detailed information)

Some systems and devices on the Johns Hopkins internal network require external internet visibility. Please allow 2-3 business days for completion of these steps before access is provided for your system.

  1. Submit your request via a Help Desk ticket to the appropriate JH Networking team for your location (click for list of groups)
  2. Work with JH Networking to move your system to a DMZ network (if necessary and available for your location)
  3. Determine the electronic information classification for your system according to the Johns Hopkins Classification policy.
  4. Register the system in the Information Technology @ Johns Hopkins (IT@JH) Configuration Management Database (CMDB)
  5. Perform a vulnerability scan of your system
  6. Remediate any "Critical" or "High" vulnerabilities found during the vulnerability scan
  7. Notify Network Security that your system has been remediated so that it can be rescanned
  8. Request an external DNS name/IP address registration, if desired, after the external IP address has been assigned
  9. Test internet access after you have been notified that it has been granted

1. Submit Request

All new requests for Internet visibility through the JH Internet firewall must be submitted to Cloudrequests@jhmi.edu. Requests must come from an active Johns Hopkins faculty or staff member using a JH provided email account and must include the following information:

  1. Requestor contact full name, phone number and JHED ID
  2. Business need
  3. Physical location of the resource (campus, building, room)
  4. Nature of the application access requested (e.g. web access, secure web connection)
  5. Ports (e.g., port 443) and protocols (e.g., tcp, udp) required in the firewall
  6. Length of time the port(s) will be required to be open
  7. IP address of your JH internal system needing internet visibility
  8. IP address of remote device(s) that will need to access your JH internal system. NOTE: "Any" means all devices on Internet.
  9. Electronic Information classification for your system must be provided

2. Verify 128.220.196 VLAN on Cluster

The Virtualization Team will verify that the 128.220.196.0 subnet is trunked to your cluster, if not present they will submit a request to JHNetworking to have that subnet trunked to your cluster. 

3. Data Classification

Electronic Information classification for your system must be provided - identify whether your system contains Restricted (Confidential or Internal Use Only) or Unrestricted information. For definitions, see http://www.it.johnshopkins.edu/policies/itpolicies.html#Classification
a. Restricted
i. Confidential
ii. Internal Use Only
b. Unrestricted

4. CMDB

Your Internet accessible system must be registered in the Information Technology@Johns Hopkins (IT@JH) Configuration Management Database (CMDB) in order to proceed with your request. Registration information should be sent via email to monitoring@jhmi.edu and must include:

  1. System Name
  2. System Description
  3. What department or group do you support?
  4. System Administrator
  5. System Administrator's Manager Name
  6. Is the system a physical box, a blade server, or a virtual server?
  7. If this is a virtual server, have you been working with someone to have it created? Identify virtual system administrator.
  8. JH Datacenter or building location (provide rack number if it is a physical server in a JH Datacenter)

5. Vulnerability Scan

After JHNIS has verified that your data has been classified and the system has been registered in CMDB, your internal system must be scanned for system vulnerabilities in order to provide or maintain visibility through the JH Internet firewall. JHNIS will run this scan for you, and the scan should take approximately one hour to complete. Some customers prefer that the scan be run while they are available to monitor the system, so you can choose when the scan is to be run.

6. Remediation

The vulnerability scan results must have no vulnerabilities with a severity of "Critical" or "High" in order to process your request. Vulnerabilities that are rated "Critical" or "High" expose risk to the system and the JH network to which it is connected. These vulnerabilities are often easily remediated by applying vendor software patches or configuration changes. This remediation information is typically included in the report that identifies the vulnerabilities, which you can use to remediate your system. IT@JH reserves the right to refuse Internet visibility to any internal JH system should it pose a significant risk to the confidentiality, integrity, or availability of JH systems or networks.

7. Notification

Once any "Critical" or "High" vulnerabilities are remediated, notify Network Security staff so that they can re-scan your system. If these vulnerabilities cannot be remediated, consult with Network Security to determine what options are available for Internet visibility.

8. DNS

If you require an external DNS name/IP address registration for your system, you must send that request via email to hostmaster@jhu.edu after your external IP address has been assigned and provided to you by JH Network and Information Security.

9. Testing

When you are notified that your system has been granted internet visibility, please test external access to make sure all resources and services are available as requested.