Horatio

The Horatio system allows you to connect a portable computer to the UTCS network and access services from the department as well as the Internet. In order to prevent abuse, access is limited to UT faculty, staff, students, and guests. You must have a CS Unix account in order to log in.

Horatio uses a configurable firewall to prevent access to the network until you have supplied a username and valid password; when that is done, the firewall is reconfigured to allow your access. After you log out or leave, the firewall is again reconfigured to prevent access.

How to use Horatio

In order to use Horatio, you must have a portable computer set up to use DHCP (the Dynamic Host Configuration Protocol) to get an IP address and the related information.

The steps involved are:

  1. Connect your computer to the Horatio network. The public horatio ports are in GDC 3.302. It can take up to two minutes after you connect for the network to come alive, so please be patient. Be aware that some DHCP clients will time out in less than two minutes. The public Ethernet ports are clearly labeled by a sign with the Horatio logo and the basic information on using Horatio.
    • Do not attempt to use any other port than one marked as a public Ethernet port.
    • Do not disconnect any other machine. Doing either may result in the loss of your account. The ports are standard RJ-45 Ethernet ports providing both 10 and 100Mbs connections.
  2. Your computer should send a DHCP request, which will be answered by the DHCP server with the necessary address, gateway, name server, and other information needed to configure your network interface.
  3. Start a web browser and open the URL https://horatio.cs.utexas.edu/, if your browser supports SSL encrypted connections (the https: URL protocol). If your browser does not support SSL, use the URL http://horatio.cs.utexas.edu/.
  4. Follow the Log in link and enter your CS Department Unix username and password.

If your username and password are accepted, you are now logged in, and the firewall has been configured to allow you to access the CS Department network and the global Internet.

When you wish to leave, open the URL https://horatio.cs.utexas.edu/, if your browser supports SSL encrypted connections with the https: URL protocol. Otherwise, use the http://horatio.cs.utexas.edu/ URL. Then follow the Log out link. Once you have logged out, disconnect your computer.

How Horatio works

The UTCS network is broken into several Virtual LANs, one of which (the Horatio VLAN) is used for the Horatio ethernet ports in GDC. These VLANs separate traffic that may be using the same physical network hardware into logically distinct virtual networks which cannot exchange traffic without going through an external router (in this case the Horatio firewall).

A diagram of the Horatio schematic

Before you connect a laptop or other mobile machine to one of the ethernet ports, the firewall, horatio.cs.utexas.edu, is configured

  • To protect itself, and
  • To prevent access to the rest of the network.

This machine is also running a DHCP server and a custom HTTP server.

When you connect your laptop to one of the ethernet ports or initialize your wireless ethernet adaptor, your machine sends out a DHCP broadcast requesting an address. The DHCP server running on the firewall responds to this request, giving your machine an address.

When you log in to horatio.cs.utexas.edu via a web browser, the custom web server reconfigures the firewall by adding rules which allow packets from your machine out onto the UTCS network and from outside back to your machine.

Periodically, Horatio attempts to reach all of the machines that have been logged in to it by sending ICMP echo request messages (in other words, pinging them). If it cannot contact your machine, Horatio removes the firewall rules added when you logged in, reconfiguring the firewall to prevent access to the rest of the network.

Horatio is based loosely on SPINACH, at Stanford University.

The parts of Horatio

Hardware

  • The CS Department uses Cisco ethernet switches.
  • The wireless ethernet hardware is Lucent Technologies' WaveLAN (IEEE 802.11).
  • The firewall is an Intel Pentium III machine with two ethernet cards,running Linux.

Software

More information

For information on using the Department's printers from Windows and MacOS while logged in with Horatio, see LPR Printing to CS Printers. Keep in mind that access to departmental printers from a network other than the cs or csres networks is not allowed.