Presentation is loading. Please wait.

Presentation is loading. Please wait.

FY ‘08 NETWORK PLANNING TASK FORCE Rate Setting 1 11.19.07.

Published byJasper Sanders Modified over 8 years ago

Similar presentations

Presentation on theme: "FY ‘08 NETWORK PLANNING TASK FORCE Rate Setting 1 11.19.07."— Presentation transcript:

1 FY ‘08 NETWORK PLANNING TASK FORCE Rate Setting 1 11.19.07

2 Agenda ■ Wireless authentication options ■ Review of FY ‘09 initiatives ■ CSF monies needed ■ FY ‘09 proposed rates 2

3 Wireless Authentication: Reasons for change  The need for a single, secure, seamless, cost-effective wireless connectivity for Penn community by June 2009.  Current model with Bluesockets have several problems  Poor performance due to overloaded units  Encryption capabilities would degrade performance even further  End of life on the devices with no replacement costs built into the CSF  Extra expense of not only replacing the existing units but doubling the infrastructure to handle higher loads and the growing wireless user base 3

4 4 New Wireless Authentication: Goals  Ensure all PennNet wireless users use 802.1x as primary authentication  Enable users to connect in preferred authentication method (802.1x) from all wireless locations  Must be a flexible  Cost effective  Robust and scalable  Allow download of 802.1x supplicant  Easy access for guest users while still maintaining security  Secured By PennNet Gateway infrastructure

5 5 Wireless Authentication Model 1 (Bluesocket Upgrade & Enhancement)  Design Features  Support 2 SSID (or wireless networks on same AP’s) AirPennNet (802.1X authN) preferred Wireless-PennNet (secondary)  Wireless-PennNet (web authN) Web redirect page (users login with PennKey and password) Roaming to other buildings or wLANs will require new login Permits guest access (assuming valid PennKey and Password)  Hardware Required: Two Bluesocket gateways in each NAP Each wLAN requires dedicated fiber circuit back to central fiber switch.

6 6 Wireless Authentication Model 2 (Wireless-Penn-Guest Web Based Net Reg Model)  Design Features  Support 2 SSID or wireless networks on same AP  AirPennNet (802.1X authN) preferred  Wireless-Penn-Guest (secondary) Must retire existing Bluesocket infrastructure by June 30, 2008 to prevent incurring upgrade costs.  New Wireless-Penn-Guest uses NetReg Redirected web page that enables choice to download the supplicant and configuration to use AirPennNet. Will also have a registration at the bottom for guests and clients that cannot do 802.1x. This network will have limited bandwidth. Week long IP registration/lease Roaming to other buildings or wLANs require new registration ResNet buildings will remain 802.1x only (except for Destination Penn in Summer)  New Hardware Required: NetReg servers-will be designed as “highly available”

7 7 Wireless Authentication Model 2 (Wireless-Penn-Guest: Web Based Net Reg Model)  Main concerns discussed at 11/5 meeting  Lack of data encryption for subset of guests not using 802.1x.  Access for Penn staff members with non-802.1x devices  Guest access with credentials other than PennKey  Ensure use of AirPennNet for compliant devices

8 8 Wireless Authentication Model 2 (Wireless-Penn-Guest: Web Based Net Reg Model)  Data Encryption  NetReg server will have an SSL certification ensuring the registration information is encrypted  Wireless-Penn-Guest will not natively support encryption of data stream.  Users with applications capable of offering encryption will have security of the data stream. Webmail Secure CRT  Registration web page will issue statement warning that the network is unencrypted.

9 9 Wireless Authentication Model 2 (Wireless-Penn-Guest: Web Based Net Reg Model)  Access for Penn staff members with non-802.1x devices (hand held device friendly)  No port limits Allow protocol access to all services Allows for easier administration (no constant updates of the Access Control Lists)  Bandwidth rate limits (1Mb to 2 Mb) shared on each Access Point. Limits will enable handheld devices to access with no impact to performance Performance on laptop devices will be noticeable (incentive to use AirPennNet)

10 10 Wireless Authentication Model 2 (Wireless-Penn-Guest: Web Based Net Reg Model)  Guest access with credentials other than PennKey Can Penn staff assign the credential's “on the fly”? In process of investigating details of proxy registration for guests, To be handled in later phase using levels of assurance concepts being developed for PennKey  Ensure use of AirPennNet for compliant devices Goal of convenient access cannot incent the wrong behavior Wireless networks will be first to use PennNet Gateway Wireless-Penn-Guest will have different access policy Handheld devices should operate fine and are exempt from PennNet Gateway scans Laptop device bandwidth tolerable for guests (like home wireless access) In comparison to AirPennNet, Wireless-Penn-Guest performance will be significantly poorer encouraging those with compliant devices to use AirPennNet.

11 Wireless - Cost Summary Blue Socket Model MaterialsQtyUnit Costs Total Costs Blue Socket GW Devices 10$41,000$ 410,000 Fiber Switches5$20,000$100,000 Subtotal$510,000 LaborQtyTotal Costs Hardware Evaluation & Test $10,000 Hardware Installation $20,000 Subtotal$30,000 Total one-time costs $540,000 Annual operating costs (3 year replacement) $180,000 Net Reg Model MaterialsQtyUnit Costs Total Costs Net Reg. Server2$6000$12,000 LaborQtyTotal Costs Server build2$ 5,000 AP Configurations450$25,000 Bldg. Network Configurations 60$15,000 Subtotal$45,000 Total one-time costs$57,000 Annual operating costs (3 year replacement) $19,000 11

12 Wireless – Model Comparison Blue SocketNetreg Auth Type Web-Based captive portal User Experience login each time (unchanged from today)Similar to wired user experience in Resnet but with 1 Week Registration. User can also download 802.1x software Scalability 1 Gateway/400 UsersScales naturally with wireless and wired networks Upgrade Path Large Forklift UpgradeMostly Reconfigurations Hardware Infrastructure heavy- 10 New Gateways Upgrade to existing Netreg servers Availability Limited by gateways, which are points of failure Highly Available (no gateway impact) Rate Limit Capabilities Yes Access requirements Any Device With Web Browser Restrictions Rate Limited BW Costs $180K/year$19K/year 12

13 Review of NPTF Topics ■ Next Generation PennNet ■ Dual gig to subnets ■ IM service ■ No incremental cost increase with email or PennNet Phone. ■ Security ■ System Administrator Awareness ■ LSP, Staff and Faculty training ■ SPIA ■ Central Authorization availability ■ Shibboleth availability for federated identity ■ PennNet Gateway (10,000 users) ■ Planning for database encryption and logging ■ Developing intrusion detection strategy/approach/plan. ■ Wireless authentication ■ $20k ■ 802.1x ■ NetReg for guests ■ $180k ■ Bluesocket ■ 802.1x ■ Local intrusion detection pilots ($25k) ■ The NPTF decided not to add UPSs for closet or building entrance electronics. ■ $540k for closets ■ $90k for building entrance 13 Initiatives with no incremental cost in FY’09 Initiatives with potential FY ‘09 CSF costs Initiatives with potential costs in FY’10 and beyond ■ Mobile device encryption ■ Next Gen. PennKey ■ 2 factor authentication ■ PennKey logging ■ Server Host Intrusion Prevention ■ Evaluation of ■ Fraud detection ■ Application security testing tools ■ Always-on Critical Host Scanning ■ Database encryption and logging ■ Communications Names support

14 Central Service Fee Funding ■ The FY ‘08 funds required to do the CSF bundle of services was $5,183,817. ■ In FY ‘08 ISC implemented a new funding model for the central service fee. ■ Under the new service charge methodology, charges will be based on two measures and phased in over a three year period. ■ In FY’09 53.4% of the required funding will come from weighted headcount and 46.6% from IP addresses. ■ In FY ’10 80% of charges will be based on weighted headcount and 20% based on number of IP addresses. ■ By early December, ISC will calculate the CSF headcount and IP rates. 14

15 Central Service Fee Funding ■ The FY ‘09 funds required to do the CSF bundle of services with no additional services is $5,031,406. ■ The decrease in funds necessary for FY ‘09 is attributed to ■ Operational efficiencies (Internet, I2) ■ The projected increase in 100 and 1000 Mbps ports ■ 100/1000 ports are levied a surcharge that provides revenue to support the likely increased campus backbone activity. ■ Anticipated modest increase in UPHS revenue ■ Additional services for consideration ■ Wireless authentication - $20k or $180k ■ Local intrusion detection pilots - $25k ■ Assuming you decide to fund wireless at $20k and local ID pilots, the funds required for the CSF would be $5,076,406 in FY’09. ■ $107k less than FY ‘08 or a 2% decrease 15

16 16 FY’09 Proposed Rates

17 PennNet Phone FY ‘09 Rates 17 Assumptions 1.Meridian Business Set one-time cost of $368 is depreciated over a 60-month period for this comparison 2.30% allocation is included 3.Waived until end of FY ’09 4.Two new sets offered later this fiscal year at $4 or $8/month

18 18 Next Steps ■ NPTF makes rate recommendations. ■ ISC calculates CSF headcount and IP rates. ■ Rate recommendations presented to Provost and EVP. ■ Final FY ’09 rates established. ■ Rates sent to ABA in December. ■ Rates published in Almanac on December 11 th.

19 NPTF Meetings – FY ’09 ■ February 18-Operational review ■ April 21- Planning discussions ■ June 2- Security strategy session ■ July 21-Strategy discussions ■ August 4- Strategy discussions ■ September 15- Preliminary rates ■ October 6- Strategy discussion ■ November 3- FY’10 Rate setting 19

Download ppt "FY ‘08 NETWORK PLANNING TASK FORCE Rate Setting 1 11.19.07."

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.

Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
1 NETWORK PLANNING TASK FORCE FY’06 “ Final Session – Setting the Rates” 12/5/05.

1 NETWORK PLANNING TASK FORCE FY’06 “ Final Session – Setting the Rates” 12/5/05.
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
1 10/31/05 NETWORK PLANNING TASK FORCE Information Security.

1 10/31/05 NETWORK PLANNING TASK FORCE Information Security.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Wireless networking Roger Treweek Oxford University Computing Services.

Wireless networking Roger Treweek Oxford University Computing Services.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.
1 11/21/05 NETWORK PLANNING TASK FORCE FY’06 Final Strategy Meeting.

1 11/21/05 NETWORK PLANNING TASK FORCE FY’06 Final Strategy Meeting.
NPTF Wireless Discussion. 3/3/20032 Agenda Goals Strategy Current status Future plans Challenges Options.

NPTF Wireless Discussion. 3/3/20032 Agenda Goals Strategy Current status Future plans Challenges Options.
Technology Update TSAG Meeting 11/14/02. Announcements: Spam Open Forum  Monday November 18, 2pm-3pm  OV Presentation Room Campus Operations Center:

Technology Update TSAG Meeting 11/14/02. Announcements: Spam Open Forum  Monday November 18, 2pm-3pm  OV Presentation Room Campus Operations Center:
Network Planning Task Force Special Spring Session.

Network Planning Task Force Special Spring Session.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Similar presentations

Ads by Google