Docstoc

nov01nptf

Document Sample
nov01nptf Powered By Docstoc
					   NETWORK PLANNING
      TASK FORCE


                FALL FY 2005 MEETINGS
          “OPERATIONAL DISCUSSIONS”




                                        1
November 01, 2004
MEETING SCHEDULE – FY „05
■   Summer Focus Groups
    ■ July 19
    ■ August 2
    ■ August 16


■   Fall Meetings
    ■ September 20   Operational Briefing (Non-financial)
    ■ October 18     Strategic Discussions (Security)
    ■ November 01    Operational Discussions
    ■ November 15    Strategic Discussions
    ■ November 29    Financial Discussions
    ■ December 6     Consensus/Prioritization/Rate Setting

                                                             2
NPTF FALL ‟05 MEMBERS
                                             ■   Kayann McDonnell, Law
■   Mary Alice Annecharico / Rod MacNeil,    ■   Donna Milici, Nursing
    SOM
                                             ■   Dave Millar, ISC
■   Robin Beck, ISC
                                             ■   Michael Palladino, ISC (Chair)
■   Chris Bradie/Dave Carrol, Business
    Services                                 ■   Dan Shapiro, Dental
■   Cathy DiBonaventura, School of Design    ■   Mary Spada, VPUL
■   Geoff Filinuk, ISC                       ■   Marilyn Spicer, College Houses
■   Bonnie Gibson, Office of Provost         ■   Steve Stines / Jeff Linso, Div. of Finance
■   Roy Heinz / John Keane/ Grover           ■   Andrew Selden*, PCBI
    McKenzie , Library                       ■   Ira Winston / Helen Anderson, SEAS,
■   John Irwin, GSE                              SAS, School of Design
■   Marilyn Jost, ISC                        ■   Mark Aseltine/ Mike Lazenka, ISC
■   Deke Kassabian / Melissa Muth, ISC       ■   Eric Snyder*, Vet School
■   Doug Berger/ Manuel Pena, Housing and    ■   Brian Doherty*/John Yates*, SAS
    Conference Services                      ■   Richard Cardona*, Annenberg
■   Mike Weaver, Budget Mgmt. Analysis       ■   Dan Margolis, SEAS(student)
■   Dominic Pasqualino, OAC                  ■   David Seidell, Wharton
                                             ■   Ryan Nunes, (student)



                                                                                              3
                                * New Members in FY’05
NPTF FY ‟05 Progress to Date
■   Challenged and reaffirmed NPTF process.
■   Refreshed NPTF principles.
■   Updated FY ’05 – ’09 planning assumptions.
■   Prepared 5 year N&T budget. (Summer Submission)
■   Held 3 summer focus groups and many 1-1
    meetings with schools/center computing directors to
    gather customer feedback.
■   Set the Fall Agenda.
■   Operational Briefing
■   Security Briefing
                                                      4
Remaining NPTF FY‟05
Activities
■   Strategic Discussions (11/15)
    ■   PennKey
    ■   PennCommunity
    ■   On-Line Directory
    ■   Security
    ■   Anything we missed?
■   Financial Discussions (11/29)
■   Prioritization/Consensus/Rate Setting (12/6)
■   Benchmarking (Spring ’05)
                                                   5
Today‟s NPTF Agenda:
Operational Briefing
■   Domain Names (MP)
■   MAGPI/Internet2 (MP)
■   College House Services (MP)
■   Wireless (MW)
■   Network Management (DK)
■   Security (DK)
■   Network Operation Center (NOC) Tour (MW)

                                               6
Domain Names
■   2001 Domain Names Policy states that domain names existing before
    2001 are exempt from meeting policy standards. A $300 yearly fee
    should be charged for those out of compliance.
■   In FY 2003, we reviewed compliance of all 3rd level domain names with
    2001 policy to determine fee exempt status.
■   ISC found that:
    ■   Administrative costs exceed revenue generated by few non-exempt
        “grandfathered” domain names.
    ■   These domain names are an intrinsic part of each group’s organization.
        They were not willing to bring them into compliance to avoid the fee.
■   ISC N&T has decided to declare all non-compliant, pre-existing domain
    names exempt from the yearly domain name fee.
■   The yearly fee will still be charged for new 3rd level domain names.
■   Domain Name pages:
    www.upenn.edu/computing/pennnet/domainnames/


                                                                                 7
MAGPI
■   A multi-state regional GigaPoP (Gigabit Point of Presence) ,
    involving institutions from New Jersey, Pennsylvania and
    Delaware
■   Penn’s regional connection to Internet2, the research network.
■   Promotes applications for the region's research and education
    communities through high performance network technology.
■   Offers wide range of services to support research activities,
    including:
    ■ Regional, national, and international high speed connectivity
    ■ Applications development
    ■ Advanced services (e.g., Multicast, IPv6)
    ■ Digital video support



                                                                      8
MAGPI/Internet2 Planning
Assumptions
■   Penn needs Internet2 to remain competitive.
■   MAGPI helps lower Penn’s total costs.
■   The central service fee would increase by 5% ($250k) without
    MAGPI.
■   MAGPI is soon moving to an OC48 to support the growing
    subscriber base.
■   Penn will probably need to connect to the National Lamda Rail in
    the next 1-2 years to support high-end research.
■   The OC48 infrastructure upgrade and other activities would
    increase the potential for NLR at much lower costs to Penn
■   More info – http://www.magpi.net



                                                                       9
National Lambda Rail
Thought of as the next version of Internet2, The
National Lambda Rail is gaining momentum
throughout the United States.
■Key Features:
   ■   Requires fiber optic connections
   ■   Dense Wave Division Multiplexing, (DWDM)
   ■   Lambdas in increments of 10 Gigabits per second
   ■   With the Internet2 project, HOPI, this will establish a global
       Optical/Packet infrastructure
■Benefits
   ■   To maintain Penn’s competitive edge for the research
       community.

                                                                    10
I2/MAGPI Involvement at Penn
■   Engineering School - remote course delivery as part of Nanotechnology Institute's
    outreach to 7 community colleges in PA, NJ, DE, and MD and educational outreach to
    high schools.
■   International Student Interviews (SEAS, SAS Grad Students)
■   Grad Ed's Penn Literacy Network International Programs with pre-service teachers in
    Dublin.
■   Collaboration Opportunities for Lauder Faculty with France, China, etc.
■   School of Medicine Faculty Participation in COPD Virtual Conference hosted by Prous
    Science in Barcelona
■   National Teleimmerison Initiative http://www.cis.upenn.edu/teleimmersion
■   National Digital Mammography Archive
    http://www-306.ibm.com/e-business/doc/content/growingsuccess/univofpa.html
■   Schoenberg Center for Electronic Text and Image http://dewey.library.upenn.edu/sceti/
■   English Renaissance In Context http://dewey.library.upenn.edu/sceti/furness/eric
■   Wharton West http://www.upenn.edu/pip/?pip=whartonwest
■   The French Project (Lauder and Universite of Grenoble) and EUMAX Project (multi-state,
    multi-country International Business and Computer Science education)
    http://www.scienceblog.com/community/older/2001/E/200115536.html
■   Penn Museum of Archeology and Anthropology's Interactive Virtual Museum Education for
    K12s

                                                                                      11
MAGPI Connected Sites
 ■   Universities
     ■   Princeton
     ■   Thomas Jefferson University
     ■   Arcadia University
     ■   Lehigh University
     ■   Seton Hall University
     ■   St Francis University
     ■   Temple University
     ■   Villanova University
     ■   Widener University
     ■   Rutgers
     ■   University of Delaware
     ■   Stevens Institute of Technology
     ■   University of Medicine and Dentistry New Jersey
     ■   New Jersey Institute of Technology
 ■   Hospitals
     ■   CHOP
     ■   Fox Chase Cancer Center
     ■   Lehigh Valley Hospital
 ■   Research Facilities
     ■   Johnson and Johnson
 ■   State Networks
     ■   New Jersey
 ■   K12 institutions – 32
 ■   The Franklin Institute
                                                           12
College House Services
■   Focus Groups
■   Wireless
■   New Financial Model




                          13
College House N&T Service
Focus Groups
■   Conducted two focus groups last week
    regarding data, voice and video services
■   Goal is to get direction for preparing student
    survey
■   Strong desire for wireless throughout college
    houses
■   Rejection of PAC codes on phone lines
■   Bandwidth cap not noticed
                                                     14
College House Wireless
■   Working on various strategies for wireless
    networking in the dorms.
    ■   Cost Effective vs. Performance Coverage
    ■   Supplemental vs. Replacement for Wired
    ■   Insourced vs. Outsourced Service.
■   Working on a proposal for College House
    wireless costs (end of January ’05).
■   Strategy could be expanded to rest of
    campus.

                                                  15
Proposed College House
Service & Funding Models
■   We already have a separate network SLA for the
    College Houses
    ■   Differential hours of support since “home use” is off hours
    ■   Differential Internet Bandwidth
    ■   Special Support for College House Servers
■   We are exploring a new funding model for future
    services
■   Is it time to have a separate cost model?
    ■   Wallplate fee
    ■   Central service fee

                                                                      16
Wireless
■   Current status
■   Subsidized Wireless IP Addresses
■   Future Plans




                                       17
Wireless – Current Status
■   Locations: 32 Wireless LANs on Campus
    ■   14 Public Wireless Locations
    ■   16 Private Wireless Locations
■   197 Managed Access Points
■   Blue Socket Gateways Installed in 4
    locations.
■   User Based Authentication for all but three
    Wireless LANs

                                                  18
Wireless LAN‟s on Campus




                           19
Wireless - Subsidized Wireless
IP Addresses
■   NPTF voted to allow up to 400 IP addresses
    for public wireless locations if FY2005
■   14 Public Wireless Locations are being
    monitored for usage statistics
■   Private Wireless LANs can get some
    subsidies (10% for large LANs, up to 20% for
    small LANs)
■   Defining Public vs. Private Wireless LANs

                                               20
  Wireless Ranges
                                                                     # of Ip
            Building                       DHCP range               Addresses        Domain (new)            # of APs
U-S quare (1 AP in GRT CRC)          128.91.24.33- 128.91.24.62        30       wireless-pennnet.upenn.edu      3
SFR-VPUL                            128.91.134.12- 128.91.134.21       10          wlan.vpul.upenn.edu          1
Museum Library                       128.91.27.11- 128.91.27.62        52       wireless-pennnet.upenn.edu      1
M EY                                 128.91.28.11- 128.91.28.62        52         wlan.design.upenn.edu         1
M EL                                128.91.59.150- 128.91.59.210       9            wlan.ora.upenn.edu          3
LUW                                  128.91.58.76- 128.91.58.126       51       wireless-pennnet.upenn.edu      1
LCT-3601-Locust                      128.91.59.11- 128.91.59.20        10          wlan.vpul.upenn.edu          1
JS N-Biomed Lib                      128.91.27.76- 128.91.27.126       51       wireless-pennnet.upenn.edu      3
HRN                                 165.123.93.11- 165.123.93.107      97       wireless-pennnet.upenn.edu      5
Houston-Hall                         128.91.25.51- 128.91.25.100       50       wireless-pennnet.upenn.edu      4
HNW (Harnwell)                       128.91.24.95- 128.91.24.126       32       wireless-pennnet.upenn.edu      1
HIL                                 128.91.24.191- 128.91.24.254       64       wireless-pennnet.upenn.edu      4
Furness-wireless - 1 AP is on 4th                                      52
floor conference room outside
library area                        128.91.26.139- 128.91.26.190                wireless-pennnet.upenn.edu      6
College-green-wireless              128.91.25.161- 128.91.25.235       75       wireless-pennnet.upenn.edu      3
Castor-wireless                      128.91.26.75- 128.91.26.94        20          wlan.ssw.upenn.edu           1
Bookstore-wireless                   128.91.26.11- 128.91.26.50        40       wireless-pennnet.upenn.edu      1
3401- Wireless                      165.123.94.21- 165.123.94.80       60         wlan.isc-net.upenn.edu        5
                                                                       10       wireless-pennnet.upenn.edu
EIS                                                                    5          wlan.admin.upenn.edu          8

                                                                                                                        21
     Wireless Ranges
                                                              # of Ip
            Building                DHCP range               Addresses              Domain (new)                  # of APs
HNT-Wireless                  128.91.92.61- 128.91.93.254        275             wlan.wharton.upenn.edu              25
SDH-Wireless                                                      75
     -SDH(22)
     -VAN(6)
     -SCC(2)
     -LFR(1)
     -MCN(1)
        -CPN(2)              128.91.80.254- 128.91.81.72                       wlan.wharton.upenn.edu                34
                                                                  51
LSW (Kelly Writer’s House)    128.91.58.140- 128.91.58.190                  wlan.lsw.greeknet.group.upenn.edu         1
GEB                           128.91.27.145- 128.91.27.195        51               wlan.gse.upenn.edu                 8
EVN                            128.91.61.30- 128.91.61.55         26              wlan.dental.upenn.edu         7 (1AP in lib)
HRS-Wireless                 165.123.95.11- 165.123.95.107        97           wireless-pennnet.upenn.edu             2
PIN                           128.91.26.203 128.91.26.214         12               wlan.vpul.upenn.edu                2
GYM                           128.91.138.11- 128.91.138.50        20               Wlan.dria.upenn.edu                2
Law-Wireless                 130.91.208.61-130.91.209.174        370               wlan.law.upenn.edu                37
                                                             150 – DHCP

VPL Wireless                 128.91.128.40- 128.91.128.254    65 - Static      wireless-pennnet.upenn.edu            21
                                                                                                                                 22
Wireless – Future Plans
■   Improvement on user authentication – 802.1x
■   Improving efficiency of wLAN installation
■   Using New Wireless Tools
    ■   Air Magnet Laptop Analyzer - troubleshooting
    ■   Air Magnet Surveyor – survey and updating AP’s
■   Evaluating New Tools
    ■   Centralized wireless management tools
        ■ Cisco Works Wireless LAN Solution Engine (WLSE)

        ■ Airwave Management Platform

        ■ Air Magnet Enterprise


                                                            23
Network Management Tools




                           24
25
26
27
28
29
30
Network Management: PUMA




                           31
32
33
34
35
Security
■   Wired Authentication
■   Intrusion Detection
■   VPNs




                           36
Security – Wired Authentication
■   Pilot underway in ISC since June
■   Plan to expand pilot externally in December
■   Pilots will require client (web intercept
    unavailable) until Q1CY2005




                                                  37
Intrusion Detection
■   A new tool, Arbor Peakflow, allows us to collect and
    analyze network "flow" info from Penn routers.
■   This helps us to see lists of
    ■   top talkers,
    ■   traffic by protocol (web vs email vs p2p vs voice vs video,
        etc),
    ■   traffic by destination service provider (Cogent vs Qwest vs
        Abilene/Internet2),
    ■   and much more.




                                                                  38
Intrusion Detection
■   Peakflow also allows us to identify denial of service
    (DoS, DDoS) attacks in progress, including sources
    and protocols, and possible filtering options.
■   In this role, the Arbor Peakflow tools act as a very
    sophisticated distributed IDS, helping us to do
    targeting filtering during major network-based
    attacks.
■   No dedicated IDS systems needed to be put inline
    into the network. Netflow data from the routers is
    used.



                                                        39
Security - VPNs
■   Beginning investigation of generic solution
■   Goal: allow specific ports to be used that are
    otherwise blocked by ISPs (e.g. for Windows
    file sharing and MS Exchange)
■   Expect to have proof-of-concept in March
■   Targeting deployment for Fall 2005



                                                     40

				
DOCUMENT INFO