Wiring Private Networks
As more and more research groups delve into fields that require special networking provisions (firewall restrictions, address translation, privacy, etc.) we have found that in order to accommodate them, we have had to move beyond our original system of one fairly open network (the blue network) and one secure network (the red network) into a scheme that encompasses a myriad of private networks.
We call these private networks 'sandboxes', and can build them as needed. A typical sandbox may provide security for sensitive servers by restricting access to them from outside the sandbox, while at the same time allowing specific machines inside the sandbox to connect to these servers with no firewall restrictions. We have sandboxes that contain one server, to optimize firewall rules for that machine, and we have sandboxes with dozens of computers, all of which are closely linked to each other.
If you find that current firewall and networking rules and restrictions are inhibiting your ability to do your research on one of our standard networks, you should contact your Point of Contact (PoC) regarding the possibility of having a sandbox built for you. If you intend to administer your own computers, a sandbox is the ideal way for CSLab to provide you with network access, while at the same time giving you a layer of protection from external threats.