Research Network Zone

Research network zones are available to meet the specialized needs of research that cannot be met by Memorial’s core network configuration. There is currently one research network zone, but more may be added in the future.

Research computing often relies on specialized infrastructure, such as custom-built systems or Internet of Things (IoT) devices. These systems may not conform to standard IT baselines and require tailored network configurations. Research network zones allow these devices to operate effectively without compromising the security of the university’s core network and administrative systems.

While offering more flexibility, Memorial must also protect its IP address space and overall network integrity. Research network zones are completely segmented from the rest of the university network to prevent unauthorized access or lateral movement. Firewall rules, access controls, and monitoring systems are in place to ensure that any vulnerabilities in the research zone do not compromise the broader institutional infrastructure. This balance between openness and protection is essential to supporting research while safeguarding the university.

Eligibility criteria for use of Memorial’s research network zones

  1. Only dedicated research devices requiring an internet connection are eligible for the research network zones (i.e. devices used for the non-administrative, intellectual conduct of research).
  2. Servers and Network-Attached Storage (NAS) devices are not eligible for the research network zones.
  3. Devices must be purchased in accordance with the Computer Standards, Purchasing, any other applicable policies and all related procedures.
  4. Only devices for which the standard device management is not feasible are eligible for the research network zone.
  5. Only devices that require outbound internet access. Inbound access is not permitted.

To request access, complete the Research IT Request and a meeting will be set up to discuss the details.

Terms and conditions of use

  1. Memorial policies and procedures must be followed when using the research network zones.
  2. One or more Administrators will be identified for each device connected to the research network zone. The Office of the CIO staff does not provide device support.
  3. Support, patching, and license management (OS and applications) are the responsibility of the Administrator(s).
  4. Research network zones are shared among multiple researchers and devices. Administrators must ensure their devices do not negatively impact others.
  5. Internal Vulnerability Assessment (IVA) scanning will occur in the research network zones. Administrators must remediate critical and high-risk vulnerabilities within 30 days of notification.
  6. Sensitive or personally identifiable information cannot be stored on devices connected to a research network zone.
  7. University Records (see Information Management policy) cannot be stored on devices connected to a research network zone.
  8. Data backups and security are the responsibility of the Administrator(s). The Office of the CIO does not provide data backups of devices in research network zones.
  9. Planned outages required for maintenance will be communicated to all Administrator(s) that will be impacted.
  10. Unplanned outages may occur beyond the control of the Office of the CIO. Service disruptions will be addressed with the same level of service as any other MUNnet network issue.
  11. Researchers are responsible for ensuring the use of the research zone meets any applicable funding or other requirements and policies.
  12. Devices in a research data zone must not be connected to any Memorial wired or wireless network. If a device is moved back to the University's core network (wired or wireless), it must be formatted and reconfigured to meet Memorial’s management standards.
  13. Access to Microsoft 365 services (e.g., Outlook, Teams, Word Online) is permitted via a web browser only.
  14. Multi-Factor Authentication (MFA) will be configured as per non-managed device standards, which may result in more frequent MFA prompts.
  15. Devices must not include Memorial-owned enterprise software, including operating systems. Operating systems or other software licensed through Memorial cannot be installed on non-Memorial managed devices, as this may violate enterprise licensing agreements and licensing compliance requirements. If a device currently uses an OS licensed through Memorial, it must be replaced with a properly licensed OEM version at the requestor’s expense.
  16. Devices must use local accounts not associated with Memorial credentials (e.g., no Memorial usernames or passwords).
  17. Devices must not be joined to Memorial’s Active Directory or Azure AD.
  18. Vendor or external access must be conducted via screen sharing tools (e.g. Teams).
  19. Any violation of these terms and conditions will result in immediate removal from the research network zone and network.

 Service Description

 

Outbound-only Research Zone

Acceptance of terms and conditions of use

Required

Data classification completed by requestor

Required

Internet - outbound connections

Yes

Internet - inbound connections (unless outbound first)

No

Main network access (e.g. printers, RDP to a workstation on core network, etc.)

No

Internal Vulnerability Assessment (IVA) scanning

Yes

Endpoint Detection and Response

Recommended

Security Monitoring Agent

Recommended

Encryption

Recommended

DDoS Protection

Yes

Vendor access for support

Screen Sharing Tools

Secure physical access to room where devices are located

Recommended

Tethers on devices to prevent theft

Recommended

To request access, complete the Research IT Request and a meeting will be set up to discuss the details.