1 NETWORK PLANNING TASK FORCE September 20, 2004 FALL FY 2005 MEETINGS “OPERATIONAL BRIEFING”
Published byModified over 3 years ago
Presentation on theme: "1 NETWORK PLANNING TASK FORCE September 20, 2004 FALL FY 2005 MEETINGS “OPERATIONAL BRIEFING”"— Presentation transcript:
1 NETWORK PLANNING TASK FORCE September 20, 2004 FALL FY 2005 MEETINGS “OPERATIONAL BRIEFING”
2 MEETING SCHEDULE – FY ‘05 ■ Summer Focus Groups ■ July 19 ■ August 2 ■ August 16 ■ Fall Meetings ■ September 20 Operational Briefing (Non-financial) ■ October 04 Operational Discussions (Financial) ■ October 18 Strategic Discussions ■ November 01 Strategic Discussions ■ November 15 Strategic Discussions ■ November 29 Strategic Discussions ■ December 6 Consensus/Prioritization/Rate Setting
3 NPTF FALL ’05 MEMBERS ■ Mary Alice Annecharico / Rod MacNeil, SOM ■ Robin Beck, ISC ■ Chris Bradie/Dave Carrol, Business Services ■ Chris Field, GPSA (student) ■ Cathy DiBonaventura, School of Design ■ Geoff Filinuk, ISC ■ Bonnie Gibson, Office of Provost ■ Roy Heinz / John Keane, Library ■ John Irwin, GSE ■ Marilyn Jost, ISC ■ Deke Kassabian / Melissa Muth, ISC ■ Doug Berger/ Manuel Pena, Housing and Conference Services ■ Robert Helfman, Budget Mgmt. Analysis ■ Dominic Pasqualino, OAC ■ Kayann McDonnell, Law ■ Donna Milici, Nursing ■ Dave Millar, ISC ■ Michael Palladino, ISC (Chair) ■ Dan Shapiro, Dental ■ Mary Spada, VPUL ■ Marilyn Spicer, College Houses ■ Steve Stines / Jeff Linso, Div. of Finance ■ James Kaylor, CCEB ■ Ira Winston / Helen Anderson, SEAS, SAS, School of Design ■ Mark Aseltine/ Mike Lazenka, ISC ■ Eric Snyder*, Vet School ■ Brian Doherty*/John Yates*, SAS ■ Richard Cardona*, Annenberg ■ Dan Margolis, SEAS(student) ■ David Seidell, Wharton * New Members
4 NPTF FY ’05 Progress to Date ■ Challenged and reaffirmed NPTF process. ■ Refreshed NPTF principles. ■ Updated FY ’05 – ’09 planning assumptions. ■ Prepared 5 year N&T budget. ■ Held 3 summer focus groups and many 1-1 meetings with schools/center computing directors to gather customer feedback. ■ Set the Fall Agenda.
6 Major Progress Last 12 Months ■ Customer Service ■ Improved web site content for several of our major services, including, wireless, voice and rates pages. ■ Worked with PennTIPs team to offer weekly ticket reports to major customers (some already receive these; the rest will shortly). ■ Developed POBOX customer survey to assist email team in service improvement planning. ■ Promoted wireless service to Penn community through marketing, public relations contacts, and new wireless icon. ■ Presented PennNet maintenance SLA at IT Roundtable ■ Provided total networking costs and IP usage by school/center for multiple years.
7 Major Progress (Continued) ■ Network Infrastructure ■ Southern NAP (MOD 5) fully operational. ■ Gig routing core, beginning to discuss 10Gig. ■ Fast Ethernet (100 Mbps) to buildings 99% complete. ■ Gig (1000 Mbps) backbones in buildings 90% complete. ■ 98% of closet electronics 10/100 Mbps. ■ Netflow data collection pilot successful. ■ Built out of band network. ■ Work with router vendor, Foundry, to correct bugs. ■ Ran 3 month intrusion-detection pilot. ■ Making purchase this week.
8 Major Progress (Continued) ■ Services ■ Cellular programs with ATT Wireless and Nextel. ■ Centralized wireless authentication. (Nearly 100%) ■ Subsidized public wireless IP addresses. ■ Virus scanning for POBOX. ■ Spam filtering for POBOX. ■ Akamai content delivery. ■ Elimination of SSNs (from PennNames, websec and POBOX). ■ High profile video events such as May 2004 commencement and March 2004 Neuroscience conference ■ Video conference interviews with Chinese PhD candidates
9 Major Progress (Continued) ■ Emerging Services ■ Cross-state fiber link from the Pittsburg Supercomputing Center to MAGPI to facilitate access to National Lambda Rail. ■ Desktop video conferencing. ■ Enterprise instant messaging. ■ Current VoIP pilot within N&T integrated email/ voicemail. ■ Integrated email, instant messaging and video conferencing. ■ Enterprise authorization services. ■ Cross-realm (inter-institution) authorization.
10 Major Progress (Continued) ■ Operational efficiencies ■ Fiber ring replaced MAN services from Yipes and PECO. Keeps local loop costs level as bandwidth demands increase for Internet/Internet2. ■ Bandwidth management techniques in College Houses (solidified with SLAs) continue to be effective. ■ Lowered voice systems expenses by $100k. ■ Dropped several full-time and part-time contractors. ■ Insourcing some job functions as we collapse voice, data and video operations and prepare for converged services. ■ Lower Internet, LD rates with Qwest. ■ Developed SALT application to identify the wallplate location of activity attributed to an IP address. ■ Beginning discussions to extend fiber ring and telecom hotel contracts.
11 Telecommunications Strategy ■ Short Term ■ Investigate several options for capturing shrinking telephone revenues. ■ Doing two revenue-sharing contracts (Nextel & AT&T) ■ Received lower-cost LD rates through RFP ■ Extend Verizon contract at same or lower rates for three years (November ’07) ■ Do not invest heavily in aging voice infrastructure. ■ Investigate several options for enhancing voice service. ■ VoIP SIP as an application on PennNet (Broadsoft) ■ VoIP SIP as an application on PennNet (open source) ■ VoIP Centrex ■ Other outsourced voice service providers ■ As part of their pilots, evaluate all aspects of the new service, technical, financial, facilities preparedness, administrative, support, security, etc.
12 Telecommunications Strategy (Continued) ■ Mid term (1-3 years) ■ Complete all network readiness work. ■ NGP (enhanced capacity, reliability, redundancy) ■ Upgrade electronics ■ Prepare staff and customers for transition. ■ Offer VoIP pilots in College Houses and elsewhere. ■ Offer softphone pilot of VoIP in College Houses for FY ‘06
13 Telecommunications Strategy (Continued) ■ Long term (5-7 years) ■ Campus-wide deployment of VoIP with all associated services including: ■ Unified messaging ■ “Follow me” features (Presence) ■ Enhanced ACDs ■ Video picture phone calls ■ Softphones
14 Internet Strategy ■ Multiple Internet Service Providers with diverse paths and national backbones. (2 ISPs Qwest and Cogent) ■ Presence at 401 N. Broad Street in the Telecom Hotel to rapidly switch ISPs, obtain additional bandwidth and lower local loop costs. (100 SF) ■ Reliable and redundant fiber ring from 401 N. Broad to main campus. (Five-year lease of fiber ring using DWDM technology.) ■ Sufficient Internet capacity to meet current and future needs. (Infrastructure/ISPs are capable of 2000 Mbps.)
16 Internet Strategy (Continued) ■ Maintain peering links with ISPs. (Direct links to DCAnet and Comcast; talking with Verizon.) ■ Continue to provide cost-effective service for Penn Community. ■ Continue experimentation with low-cost providers.
17 Bandwidth Management Current Status ■ Bandwidth management techniques in the College Houses are successful. ■ Upper limits on aggregate outbound usage (255Mbps) ■ Maximum outbound bandwidth limits per IP address (400Kbps with a 400 KB burst) ■ The limits on residential Internet traffic play a major role in controlling costs.
18 Bandwidth Management – Next Steps ■ Improve our ability to identify traffic patterns, heavily used applications, most demanding users and quick Information Security incident response. ■ Use this information to help in the evaluation of service. ■ To business and research/education users ■ To residential users
21 Next Generation PennNet (NGP) ■ Goals ■ Current status ■ Strategy ■ Future plans
22 NAP Area Map Area 5 Area 4 Area 1 Area 3 Area 2 VAGELOSNAP VAGELOS NAP Huntsman Hall NAP Nichols House NAP MOD 5 NAP NAP be Determined NAP Site to be Determined
23 NGP Goals ■ Distribute routing core across campus to minimize single point of catastrophic network failure. ■ Build redundant network links between the Network Aggregation Points (NAPs) and critical buildings. ■ Upgrade 20 year-old multi-mode fiber and install single-mode fiber to prepare for multi-Gigabit network speeds. ■ Build Next Generation PennNet infrastructure to prepare for future technologies and convergence. ■ Provide “cutting-edge” network connectivity to support Penn’s research, academic and administrative needs.
24 NGP Current Status ■ Vagelos, Huntsman and MOD5 NAPs fully operational. ■ Strategic conduit installed by partnering with non-NGP construction projects. (Locust Walk, Spruce Street, Levine, Hillel, Huntsman, Vet Building, Life Sciences etc.) ■ Distributed and redundant routers, servers and systems in Vagelos, Huntsman, MOD5, College Hall and 3401 Walnut. ■ Redundant connectivity for 3401 Walnut, FB, VPL, College Hall, Facilities/OCC at Left Bank and Public Safety at 4040 Chestnut to insure business continuity.
25 NGP Current Status (Continued) ■ Northern NAP site selected. Design completed and construction to begin in November. ■ Searching for a Western NAP location ■ All Area 1 buildings linked to Vagelos NAP. ■ Catastrophic failure reduced from 2 weeks to 2 days for Area 1 buildings. ■ Working on redundancy plans for Huntsman and MOD5 buildings. ■ Ultimately all campus buildings will have redundancy
27 NGP Future Plans ■ Build single-mode fiber links connecting MOD5, Huntsman, Vagelos and Northern NAPs. (May ’05) ■ Build and begin operating Northern NAP. (May ’05) ■ Locate, design and construct Western NAP. (May ’05) ■ Design/build fiber links to connect all buildings to NAPs. (FY ’06 depending on resources) ■ Design/implement redundancy to all campus buildings. (FY ’06 depending on resources) ■ Install single-mode fiber to all buildings. (FY ’10 or as needed, depends on resources)
28 Security Strategies Current Status ■ Implement a multi-layered security-in-depth architecture consisting of: ■ Host security ■ Security out-of the box - Done ■ Patch management, anti-virus, strong passwords - Done ■ Network authentication and authorization – Bluesocket wireless authentication and authorization done ■ Anti-virus - Ongoing ■ Firewalls - Open ■ Intrusion detection – 3 month pilot. Purchase pending. ■ Improved incident response processes - Ongoing
29 Security Strategies Current Status ■ Provide tools and resources to empower LSPs to implement these policies ■ Patch management service - Campus SUS Service implemented, Patch Management Training 10/2003, Patch Management Eval Group, SUG Panel Discussion ■ Personal and workstation/server firewall and VPN standards – Partially done: Extensive support, documentation and communications provided for Windows firewall. ■ VLAN Support - 2/2004 SUG session on VLAN service ■ Antivirus tools for large mail servers – In Progress ■ Education and training Patch Management Training 10/2003, IIS Training 6/2004, Suggestions/Topics for 2004?
30 Security Strategies Current Status ■ Support for VLAN network topology for fee in support of local firewalls. – 2/2004 SUG session on VLAN service ■ Support for short-term filtering on edge routers for problematic services. – Consulted “NPC Lite” for one instance of filtering and for a Fall, 2004 contingency plan. Added rate limiting to our tool set: less of a blunt tool than blocking a port outright. ■ Virus scanning on POBOX. – Done. What is applicability to other campus mail servers? ■ Campus-wide and focused, critical host vulnerability scanning and reporting. – During August-September, focus has been on Resnet/Greeknet. Broader, campus-wide scans starting this week.
31 Security Plans/Near-term ■ Implement a PennNet host security policy mandating patch management, anti-virus software and strong desktop/server passwords. - Done ■ Take proposals to NPC & IT Roundtable for intrusion-detection and campus-wide virus email scanning. - Open ■ Help leverage virus scanning service for other campus email servers. ($5 per account per year) - Open ■ Identify vendors/consultants who can assist with implementation of local firewalls on a for-fee basis - No interest expressed yet.
32 Security Plans/Near-term (Continued) ■ Improve notification and disconnect/reconnect processes ■ Develop tools to rapidly associate wallplates with IP addresses. – Done ■ Improved assignments accuracy and support quick lookups – Partially Done – quick lookups. ■ Reduce the number of unregistered IP addresses – Found 450. Notifications in progress. ■ Targeted deployment of PennKey authenticated network access in College Houses, GreekNet, Library and other public spaces. – In progress ■ Research ways of ensuring security of newly connected machines: – In progress ■ Vulnerability scan of machines as they connect to PennNet ■ Network authorization: Ability to block infected/vulnerable machines based on MAC address
33 Security Plans/Medium-term ■ Improved security on Fall Truckload disk images – Done ■ Pursue volume discount pricing for patch management software as appropriate based on the recommendations of the patch management evaluation effort – 2003 Eval Team – Open ■ Evaluate and recommend model server and workgroup firewall policies. – Planned for this year. ■ Recommend standard VPN and firewall software. – Planned for this year. ■ Determine if ISC should operate a centrally managed firewall service. – Open. ■ Develop a migration strategy and cost proposals to move towards campus-wide network authentication on both the wired and wireless networks. –In progress. ■ After policy is accepted, pilot Intrusion-detection. – In progress.
34 Security Plans/Long-term ■ Implement campus-wide authentication (PennKey) on both the wired and wireless networks. ■ Evaluate a network design and migration strategy that better balances availability against security, and capable of supporting broader intrusion detection and firewalling.
Your consent to our cookies if you continue to use this website.