WGNHS (Wisconsin Geological and Natural History Society) - Customer Profile

This is the contract information for the Wisconsin Geological and Natural History Society (WGNHS).

WGNHS Overview

Part of the Division of Extension at the University of Wisconsin–Madison, WGNHS provides objective scientific information about the geology, mineral resources, and water resources of Wisconsin.

Organizational Information

Location

Primary	3817 Mineral Point Road

Customer Contacts

Purchasing	Peter Schoephoester, peter.schoephoester@wisc.edu

Organizational Information

Dept Code	WGNHS
UDDS	N/A
DoIT #	None, you must bill out via their UDDS number. Directions are in LastPass.

Contract Information

Contract Name	WGNHS
Primary Document Owner
Support Owner	Mike Juszczyk
Type	T&M

Active Directory Information

As of fall 2021 WGNHS is on CAD under the DDS->WGNHS.

Network Information

Subnet(s)	VLANs	Building	Hardware FW	Wireless
144.92.125.0/25	1440-CSSC	3817mp	PANORAMA	Internal Wireless in KeePass
10.128.219.128/25	743-CSSC	3817mp	PANORAMA	NA
192.168.100.0/24	n/a	Mt.Horeb	PFsense 216.246.176.77	WGNHS_MH-Departmental

Hosts at WGNHS (min point office) are split between the 144. and 10. subnets. Ideally we want workstations on 10. and servers on the 144. network, but we have not completed this migration. We do not clearly define a static and a DCHP range - you'll see reservations made throughout the whole DHCP pool on the 144.92 network. The 10.128 network shouldn't have any static reservations or host records. When decommissioning a server with a static IP it is important to remove old firewall rules so the next device with that IP is starting from a clean slate.

VPN access

WGNHS has a manifest group that allows access to RDP on the local subnets. Users log into the Wisc VPN dynamic pool, but if they are part of the group they will be allowed access. The manifest group is at https://manifest.services.wisc.edu/Group/Index/e183e7f6096a42808a5dde33e914fc6b. (uw:org:rads:wgnhs:WGNHS_VPN)

DoIT technicians can access the WGNHS networks via DS internal network (144.92.55.1/24)

Unifi Network Hardware

We have 2 unifi sites MoHo and MinPoint. Both sites devices report to our controller (unifi.wgnhs.wisc.edu).

MoHo Site: 3 Access points. Set to auto-update on 1st of the month.

MinPoint Site: 2 switches - both located in min point server rack. Upgrades for these switches should be completed during quarterly server maintenance windows to avoid downtime.

Site-to-site VPN

We have a site to site wireguard VPN link between a PFsense VM at mineral point and a PFSense hardware firewall at Mount Horeb. Static routes are configured on the MOHO side to route traffic from the MOHO_LAN to select resources on the WGNHS internal network, as well as the campus DC's.
- see attached photo for static routes
Both pfSense machines automatically backup their configuration via netgate. Configs can be recovered with hardware ID's and keys in the keepass.
The MoHo pfsense web interface (192.168.100.1) can be reached from the WGNHS internal network provided the workstation has a static route configured for 192.168.100.1/24 via 144.92.125.8. A route also needs to be added on the MoHo side to enable traffic to the workstation. The IT workstation WGS-CUTBANK is already configured and is the easiest way to access that firewall.
The moho pfsense firewall is also accessible via SSH. Information on connecting and SSH keys are in the keepass.

Mount Horeb LAN

MoHo LAN is DHCP with the pool at 192.168.100.10-200
There is a ToughSwitch POE near the router that powers the 3 access points in the building.
- NOT controlled via unifi. Login to the switch from WGS-CUTBANK at 192.168.100.5. Creds in keepass.
- Check for firmware periodically

Mount Horeb pfSense static routes for wireguard

Static routes for campus DC's and select WGNHS resources. routes

Printer Information

Shared Drive Information

WGNHS data is stored primarily on M-S-STORAGE02. GeoBase is stored on WGS-GISDATA. We utilize a DFS namespace and map network drives from \\ad.wisc.edu\wgnhs. See the GPO for the current drive mapping.

Project Drives

The P: drive is heavily used by WGNHS. By default every user has Read-Only access to all project folders. Each project folder has a corresponding security group that will grant Write permissions to its respective folder. When handling a P: drive folder creation request you will need to create both a new folder, and a new security group, and assign that group modify permissions on the folder.

Wisconsin Geological and Natural History Survey (WGNHS)

Drive Letter	Description	Path
J:	Geobase	\\ad.wisc.edu\wgnhs\Geobase
K:	AdminServices	\\ad.wisc.edu\wgnhs\Admin
L:	Library	\\ad.wisc.edu\wgnhs\Library
O:	Hydro	\\ad.wisc.edu\wgnhs\Hydro
P:	Projects	\\ad.wisc.edu\wgnhs\Projects
Q:	GIS	\\ad.wisc.edu\wgnhs\GIS
R:	Pubs	\\ad.wisc.edu\wgnhs\Publications
S:	Geology	\\ad.wisc.edu\wgnhs\Geology
T:	GISLib	\\ad.wisc.edu\wgnhs\GIS_Library
U:	Everyone	\\ad.wisc.edu\wgnhs\Everyone
V:	DigProd	\\ad.wisc.edu\wgnhs\DigitalProducts
W:	WCR	\\ad.wisc.edu\wgnhs\WCR
X:	Annex	\\ad.wisc.edu\wgnhs\Annex
Z:	Scanner	\\ad.wisc.edu\wgnhs\Scanner
A:	WCR_PDF_IDL_WORKING	\\ad.wisc.edu\wgnhs\WCR_PDF_IDL_Working
Y:	Deep Storage	\\ad.wisc.edu\wgnhs\DeepStorage

Server Infrastructure

[Doc 140338 content is unavailable at this time.]

Server Backups (Synology Active Backup for Business)

Notes

Windows client agents can be pushed via bigfix "DS - Deploy - Synology Active Backup for Business Windows Client 2.7.0 (WGNHS ONLY)"
- Currently we have windows agent backups for WGS-CUTBANK
- ABB agent updates can be initiated from console on GREENLAND
Web interfaces for greenland and iceland are accessible from DS internal network and WGNHS local network.
All vmware VM's and a few windows client backups are backed up with synology backup for business. Backups are taken daily on greenland and replicated daily to iceland via snapshot replication. Snapshots on iceland have an immutability period of 12 days.
ProxMox Backup server datastore uses PBS directory via NFS and is replicated to Iceland daily.
vCenter saves config backups in the vCenterConfig directory and is replicated to Iceland daily.


Server	Role	Hardware	Location	Authentication
greenland.wgnhs.wisc.edu	Primary backup	Synology RS2423+	WGNHS server room	local creds in wgnhs keepass
iceland.wgnhs.wisc.edu	Replication target	Synology RS2423+	Colo (doit datacenter team)	local creds in wgnhs keepass

Whenever VM's are moved, created, removed, etc you should make sure to adjust backup jobs on GREENLAND accordingly. Orphaned VM's in ABB will be removed per retention policy, no need to delete them manually.

Active Backup VM Tasks

BACKUP_ARCHIVE
- This is a backup of the previous veeam server. Schedule is set to "manual" for archival purposes. Being retained in case we need to get into a veeam backup for some reason.
CIRRUS - 90 Days
- daily CIRRUS (MSSQL server) backups retained for 90 days
COPPER - 30 Days
- daily backups of all COPPER vm's. retained 30 days.
FELDSPAR - 30 Days
- Daily backup of FELDSPAR VM's (with exception of M-S-STORAGE02). Retained 30 days
GABBRO - 30 Days
- Daily backup of GABBRO VM's (with exception of CIRRUS). Retained 30 days
STORAGE
- Daily backup of primary storage M-S-STORAGE02.
  - Advanced retention settings:
    - Keep all versions for 1 day
    - Keep latest version of day for 60 days
    - Keep latest version of the week for 52 weeks
    - Keep latest version of the month for 24 months
    - Keep latest version of the year for 5 years

Support Information

Contract Scope	CLIENT MANAGEMENT MANAGED SECURITY LAYER SERVER MANAGEMENT END USER SUPPORT DS OWNED HARDWARE Notes: None
General Support Information	CAMPUS ACTIVE DIRECTORY BOMGAR BUTTON DOIT SHARED DRIVE EAST SUPPORTED (Minority of calls) RESTRICTED USERS (Minority of Users, <10%) Notes: Mike J is primary support. HDL2 group should have admin using OU creds. Pete and Dave at WGNHS both have domain admin as well.
Managed Security Layer	CAMPUS ACTIVE DIRECTORY IBM ENDPOINT MANAGER SECUNIA CSI (No scans scheduled
Primary Support Contact	Mike J for infrastructure GDS Contract Queue for endpoint support
Physical Access	Open M-F 8am to 4:30pm. Building is not alarmed and we do have keys for checkout if needed after hours. Server room is located in back of hallway Rm 118, Pete has keys for server room.
IT Workstation	WGS-CUTBANK is the IT workstation at the Mineral Point office. It is configured to reach the network at Mount Horeb for maintenance purposes.

Department-Specific Software

WGNHS - Standard Software

Other WGNHS Information

Wisconsin Geological and Natural History Survey (WGNHS) Handling Information
[Link for document 140338 is unavailable at this time]
[Link for document 140733 is unavailable at this time]
WGNHS - Backups (Synology)
[Link for document 140397 is unavailable at this time]

Keywords:

doit departmental support wgnhs (wisconsin geological and natural history society)

Doc ID:

140399

Owned by:

Departmental Support in DoIT Departmental Support

Created:

2024-08-13

Updated:

2024-12-18

Sites:

DoIT SEO SIMS-internal, DoITDepartmentalSupport-internal

0 0 Comment Suggest new doc