Skip to main content

Vendor Managed Endpoint

This role is assigned to devices (often workstations) that are managed by IT (Information Technology) teams outside of Ohio State. Devices in this network role must be on the Ohio State network as they require communication with one or more Ohio State managed endpoints, servers, applications, or services.

Network role at a glance:

  • Wi-Fi (Registered4OSU) and wired connectivity options available
  • Public IP addressing
  • Wired connections support DHCP reservations. Dynamic DNS supported on wired and Wi-Fi.
  • Heavily restricted inbound and outbound traffic allowances

Network Role Characteristics

Aliases for this role include

  • vendor managed
  • osu-vendor

Network Traffic Permissions

Outbound traffic is limited to:

  • HTTP/HTTPS web traffic (TCP 80, 443)
  • Explicit rules as needed from specific source addresses to specific destination addresses

Inbound traffic is limited to:

  • Explicit rules as needed to specific destination addresses, restricted to Ohio State source addresses only

How to connect

OTDI Infrastructure Risk Management staff must register a device’s Wi-Fi or wired MAC address, as permissions to register devices for this network role has been limited. OTDI will review each request and perform a risk assessment. If assessment passes, OTDI will register the device(s) on behalf of the requester. If the device is wired, OTDI may create a DHCP reservation for the device as well.

Once registered, connect the device to a wired port on OTDI’s Managed Network Service or choose Registered4OSU from the list of Wi-Fi networks and use the password provided in the device registration receipt sent to the email provided during registration. 

IP (Internet Protocol) Addressing

Devices placed in the vendor managed role are assigned to publicly routable IP address space. All IPv4 addresses are dynamically assigned through DHCP, and IP address reservations are supported on the wired network only. IPv6 addresses are not currently supported for this network role.

After receiving an IP address, the campus DHCP service will dynamically create a DNS A record for the endpoint in the DNS zone vendor.role.it.osu.edu. For example, an endpoint with hostname “device123456” would have a DNS record of device123456.vendor.role.it.osu.edu. In the event the endpoint has no configured hostname, the mac address of the device will be used instead.

Additional Information for IT Teams

Requests for devices to be placed in this role should be submitted via the IT Service Desk. OTDI’s Infrastructure Risk Management team will review the request and, if approved, fulfill the request by completing the following: 

  1. Log in to MyDevices with your administrative account (name.#a)
  2. Choose OSU Vendor for the network role when registering the MAC address of the device