Enterprise Architecture and Infrastructure Progress Report for Committee on Technology and Architecture March 2012 Mark Day Dept. of Radiology & Biomedical Imaging Tu Luu Dell Healthcare Consulting March 20, 2012

Priority Projects MPLS / UCSF “One Network” DNS / DHCP Enterprise backups - Crash Plan pilot to be presented at a future meeting SECTION HEADING

Brief Acronym Glossary MPLS – Multiprotocol label switching – the underlying technology used to label and segregate logical networks on shared physical equipment VRF – Virtual Routing and Forwarding – the separate network instances PE – Provider Edge (PE router) CE – Customer Edge (CE router) QoS – Quality of Service – tagging of network traffic to allow different classes to be treated according to different business rules 3

MPLS - Goals Highly redundant enterprise MPLS core shared between Campus and Medical Center Capability to provision multiple segregated networks on shared equipment. Communication between segregated networks enforced by security policy End-to-End QoS Unified support for Multicast Ability to provision layer two between any two points on the network (borderless data center) 4

MPLS Benefits Simplified and consolidated routing and security infrastructure with ability to delegate separate control Leverage MAN upgrade projects from both Campus and Medical center Ability to logically group devices of similar use regardless of physical location Reduce operational expenses through shared infrastructure and simplified management High availability and capability to achieve sub- second convergence in the core Ability to meet Medical Center’s need for resiliency, and campus research community’s need for speed 5

6 Separate Distribution and Access Infrastructure

7 Shared Distribution But Separate Access

8 Shared Distribution and Access

9 Security Layer at Inter-VRF Routing

Project Status Meetings held regularly between MCIT and ITS network staff, vendors, and interested observers Medical Center proposal is to use heterogeneous Cisco ASR 9000 class routers for all PE Devices Campus would like to re-use Cisco Catalyst 6500 class routers due to budgetary constraints Cisco’s recommendation is to build MPLS core with ASR equipment, but also state 6500 product line has necessary features 10

Equipment Comparison Case for ASR 9000 everywhere –Equipment designed for aggregation services –IOS XR software streamlines common service provider operations compared to IOS –Single software version and configuration to be used everywhere –Higher throughput – support 100 Gbps ports Case for Catalyst 6500 –Upgrades necessary for MPLS project modest compared to replacement of routers –Configuration is different, but not expected to change much in core –Equipment is from same vendor and contains necessary feature set –Additional speed of ASR not immediately needed 11

Immediate Next Steps Cisco to re-evaluate design and present options for re-purposing 6500s Better define requirements to help in evaluation of 6500 vs. ASR 9000 for PE routers at some locations Medical Center and Campus to explore ‘creative’ options to make homogeneous ASR 9000 design more affordable –Repurpose Catalyst 6500s in MC? –OE funding available for a consolidated network? –Additional pricing relief from Cisco? Evaluate best way to use 6500s in design –As a PE router –Only as CE routers (fewer PEs?) 12

Future Items Flesh out PE/CE design Define details of security model Agree on connection of MPLS core to internet Agree on schedule Decide on shared distribution / shared access layers Governance aspect – threshold for defining additional VRFs Define shared management responsibilities and structure … 13

15 MPLS Network