April 04, 2025
In my last journal entry, I delved deep into the mirror project I am working on for the CS Systems Group. Unfortunately, we’ve put the project on hold because the System Engineers made significant security changes to our network and firewall rules over the past few weeks, which they are still working on. In the meantime, however, I’ve been very productive with various production tasks and helping the System Engineers with the network redesign as much as possible.
The primary issue with the network infrastructure was fixed last Saturday. We had scheduled downtime from 7 p.m. until 8:30 p.m. to address a problem with the firewall routing table. To elaborate, while there were multiple routes to the firewall, there was only one global VRF route back from the firewall. This meant traffic could go anywhere by taking the firewall VRF, which is antithetical to network security. While attempting to address this issue, we broke the High Availability of our Forticlient gateway between Dragas Hall and the Engineering and Computational Science Building, which prolonged the downtime until midnight. Now, the System Engineers are working on remapping the routing tables for almost every network, which will take a while.
Outside of helping troubleshoot issues with our network infrastructure, I’ve worked hard with my fellow consultants to clean out and inventory various spaces between ECSB and Dragas Hall. Every six months, we are obligated to perform an inventory, which means we must go through all of our current and older infrastructure in the inventory to ensure it is still present. Ideally, this process would be lightened by Property Control, a component of Facilities Management, which would remove and auction old equipment from our inventory so we could make space for other necessary hardware. Unfortunately, Property Control is very uncooperative with us, making removing old equipment from our inventory difficult. Despite this roadblock, we found most of the missing equipment on the inventory list and were allowed to organize our inventory.
My most recent production task was to recreate our Keycloak theme. Keycloak is a self-hosted Oauth Provider that we use to handle user account authentication in the Computer Science department. A new theme was needed because the old theme had not been updated by its maintainer in over two years, and a recent push to Keycloak caused compatibility issues with the theme. To do this, I used a tool called Keycloakify that builds custom-made Keycloak themes into Jar files compatible with Keycloak. Although Keycloakify supports a variety of web frameworks, I chose to use Svelte because it’s the one I am most comfortable with using. After a few rounds of review from a Systems Engineer, the theme was approved for production use and has since replaced the previous theme.
Overall, despite my project being put on hold, I’ve had plenty of opportunities to help develop our production infrastructure despite holding a minor position as an IT Consultant. I hope to continue working on the Mirror project within the coming weeks as we get our network in order. I am very happy with the progress I’ve made at Systems Group so far, and I have a lot of great things to say about my work environment in my final report. The group provides a fantastic environment for bright students in the Computer Science and Cybersecurity majors to gain hands-on experience in the field, and I can’t recommend it enough.