An introduction to GigaCampus May 27th 2009 Vidar.Faltinsen@uninett.no

An introduction to GigaCampus May 27th 2009 Vidar.Faltinsen@uninett.no GigaCampus 2006 - 2009 Provide and coordinate top international level campus IT infrastructures 2 UNINETT Internet One R&E community – many campuses – common solutions GigaCampus – seven areas of focus 3 The GigaCampus work flow 4 UNINETT engineering task force UFS best practice documents GigaCampus in the field Touring the country with routers and core switches on the lorry Participants from UNINETT and from major universities and university collages Collaboration with local IT staff on site Network design and implementation Wireless networking Focus on the physical infrastructure Focus on security 5 Collective framework agreements Vendors Not one contract with one vendor on a given tendor area That will never satisfy all universities… 6 A certain variaty is necessary GigaCampus but not total freedom… GigaCampus narrows down the university / vendor scope and negotiates a set of agreements Leaving some choice Maintaining leading market prices Universities Tendor areas so far • Network equipment • Servers and workstations • Software • ADSL • Storage • Printers • POTS • Mobile telephony Physical infrastructure 7 Physical infrastructure white papers Common requirements for: 1. Cabling (fibre and twisted pair) 2. Data centers and network rooms 3. Power supply (incl. UPS and generators) 4. Ventilation and cooling 5. Fire detection and extinction Framside Bakside Bakside Bakside Framside Styring av luftstrømmer: Kald tilluft, alt.: Framside EL-for Elfordeling: - Normalkraft OBS! Ved fri strømning kan det installeres plater Framside 8 Areal for utvidelser Motto: build green – reuse heat All major universities have participated in the work The requirements are coordinated with building owners and will be used in future building projects Existing campus infrastructure is inspected by GigaCampus. Reports/improvement lists with estimated costs are produced. https://gigacampus.wiki.uninett.no/ufs (UFS102-104,107-108) Think lifetime when investing Building Data centers/network rooms, guideways for cable run optimize wiring closet placing 60 years ? 9 Cabling Fibre, twisted pair Single mode Cat6A – 10gig ready 10 – 15 years Network equipment Routers, switches, base stations, etc 3 – 5 years The campus network 10 Focus on reliable, redundant campus networks 11 2006 2009 Campus network white papers Produced so far: Campus network design Switch configuration Cisco, HP and Alcatel howto’s (UFS114) (UFS105) (UFS109-111) 12 We are working on: Howto on BGP campus config Howto on multicast campus config IPv6 migration guide line And more… https://gigacampus.wiki.uninett.no/ufs New procurement in 2009 70 requirement items for network equipment specified in the areas of: Routing Layer 2 switching Multicast Security Fault tolerance Device administration 13 For details: See our wiki – UNINETT country page https://ow.feide.no/internalcampus:req_spec_netw_equip Mobility 14 GigaCampus ”pushes” eduroam 15 IEEE 802.1X implementation guidelines (UFS112) is provided by the GigaCampus mobility working group 28 universities / collages have eduroam 16 …and with the aid of GigaCampus the last 9 is on its way Topics covered in wireless best practice Wireless controller setup / design / config RADIUS and user DB setup Radio planning Installation of base stations with PoE IEEE 802.1X setup (TKIP / AES) 17 Person-to-person 18 Audio visual infrastructure Functional description of AV equipment in lecture rooms and meeting rooms Construction requirements Placement of the presentation equipment Sound system AV control system Remote lecturing Video conferencing 19 Procurement process ongoing Video conferencing Challenge to get it more frequently used Interopability still challenging Offer a national MCU Desktop conferencing 20 Migration to SIP telephony 21 Security 22 Focus on security policies and IRTs GigaCampus security team Security policies are needed GigaCampus has prepared an R&E template based on ISO 27002 standard Workshops on site with university leadership Goal: they develop their own policy – local ownership is essential! 19 universities/colleges visited so far Incident Response Team courses Focus on organizing local IRTs Material from TF-CSIRT TRANSITs 23 universities/collages have joined so far Frequent security meetings with IRTs of the major universities Best practice security white papers Recommended IT security architecture Best practice packet filtering 23 Vulnerability and virus information to the whole community IT security architecture 24 The security focus areas ahead 1. 2. 3. 4. Establish security policies Risk and Vulnerability assessments Perform security audits Contingency and disaster recovery planning 25 Service management & end to end quality 26 31 campuses are now managed by the GigaCampus tool boxes The tool boxes are servers containing a number of management tools: NAV: Proactive network management nfsen: Netflow traffic analysis Hobbit: Service monitoring tftp server, syslog server, radius server 27 The tool boxes are placed on campus and used by the local IT staff. Management, tool enhancements, software upgrades, etc, is done by UNINETT. Free training in tool usage is given. nfsen http://metanav.uninett.no 29 measurement beacons in operation 28 • Throughput • Packet delay and loss • Multicast connectivity • IPv6 flows • Session intensity • Available capacity • Traffic behaviour 29 Questions? 30