Transcript Agenda

Network Planning Task Force
“Operational Briefing”
11/3/2003
1
Active Task Force Members
http://www.upenn.edu/computing/group/nptf/














Mary Alice Annecharico / Rod MacNeil,
SOM
Mark Aseltine* / Mike Lazenka, ISC
Robin Beck, ISC
Doug Berger / Manuel Pena, Housing &
Conference Services
Chris Bradie / *Dave Carroll, Business
Services
Chris Field, GPSA (student)
Cathy DiBonaventura, School of Design*
Geoff Filinuk, ISC
Bonnie Gibson, Office of Provost
Roy Heinz / John Keane, Library
Robert Helfman, Budget Mgmt. Analysis
John Irwin, GSE
Marilyn Jost, ISC
Carol Katzman, Vet School
11/3/2003
*New FY ‘04















Deke Kassabian / Melissa Muth, ISC
James Kaylor / CCEB*
Dan Margolis, SEAS* (student)
Chris Massicotte, Audit & Compliance
Kayann McDonnell, Law
Donna Milici, Nursing
Dave Millar, ISC
Michael Palladino, ISC (Chair)
Dominic A. Pasqualino / Audit &
Compliance*
David Seidell, Wharton*
Dan Shapiro, Dental
Mary Spada, VPUL
Marilyn Spicer, College Houses*
Steve Stines / Jeff Linso, Div. of Finance
Ira Winston / Helen Anderson, SEAS, SAS,
School of Design
2
NPTF FY 2004 Agenda
Summer
9/15
9/29
10/8
11/3
11/17
12/1
12/15
9/15/2003
Focus group sessions
Setting the stage
Security discussions (Part I)
Security discussions (Part II)
Operational briefing
Strategic discussions
“Voting”/preliminary rate setting
State of the Union
3
Operational Briefing
■
■
■
■
■
■
■
■
Major progress
Telecommunications services
Central service bundle
Internet/Internet II
Connection maintenance
Port rental
Next Generation PennNet
Wireless
11/3/2003
4
Major Progress Last 12 Months
■ Redundancy, Reliability
■ More proactive network management tools and
procedures.
■ Huntsman NAP operational
■ Southern NAP construction underway
■ NGP building redundancy in design stage.
■ Many buildings could still have 1-2 week outage with major
catastrophe
11/3/2003
5
Major Progress (Continued)
■ Network Upgrades/Enhancements
■
■
■
■
11/3/2003
Gig routing core
Fast Ethernet (100 Mbps) to buildings 90% completed
Gig (1000 Mbps) backbones in buildings 50% completed
60% of closet electronics 10/100 Mbps
6
Major Progress (Continued)
■ Services
■ PoBox email service back to high availability with added
functionality of SPAM filtering and virus scanning.
■ Wireless connectivity expanding. Service in 11 schools and
centers, 4 public spaces, and study lounges in 3 College
Houses. Combined service can provide connectivity for 3825
users at one time.
■ Wireless authentication progress made.
■ Cellular program nearly ready to be announced.
■ VoIP pilots underway within N&T.
■ Automatic Speech Recognition System (6-4242) being
refined.
11/3/2003
7
Major Progress (Continued)
■ Operational efficiencies
■ Fiber ring replacing MAN services will lock in lower local loop
costs even as bandwidth demands increase for
Internet/Internet2.
■ Bandwidth management techniques in College Houses
solidified with SLA.
■ Elimination of legacy network infrastructure (PAS)
■ 99% switched ports (3 buildings with coax)
11/3/2003
8
Projected N&T 5-Year Budget
DIRECT CHARGES
TELECOMMUNICATIONS
CENTRAL SERVICE FEES
NETWORK INSTALLATIONS/PROJECTS
ISC MAINTAINED WALLPLATE CONNECTIONS
EMAIL, WEB HOSTING, VIDEO (NON-PVN) ETC.
MAGPI SERVICES
SUBTOTAL DIRECT CHARGES
$
$
$
$
$
$
$
ALLOCATED COSTS
NEXT GENERATION PENNNET
NETWORK ENGINEERING AND SERVICES (NES)
SUBTOTAL ALLOCATED COSTS
$
$
$
337,000 $
1,054,000 $
1,391,000 $
$
928,000 $
928,000 $
$
465,000 $
465,000 $
-
GENERAL FEE
PENN VIDEO NETWORK
SUBTOTAL GENERAL FEE
$
$
578,000 $
578,000 $
578,000 $
578,000 $
578,000 $
578,000 $
578,000 $
578,000 $
TOTAL INCOME
TOTAL EXPENSE
$
$
22,124,000 $
21,947,000 $
22,186,000 $
22,078,000 $
22,428,000 $
22,368,000 $
Cumulative (Surplus) / Deficit
$
168,000 $
60,000 $
*Includes FY2003 deficit of $345k
11/3/2003
FY'04 Budget
10,200,000
4,680,000
1,200,000
2,625,000
550,000
900,000
20,155,000
FY'05 Budget
$
10,000,000
$
5,040,000
$
1,200,000
$
2,850,000
$
590,000
$
1,000,000
$
20,680,000
FY'06 Budget
$
9,900,000
$
5,430,000
$
1,200,000
$
3,115,000
$
640,000
$
1,100,000
$
21,385,000
-
FY'07 Budget
$
9,800,000
$
5,830,000
$
1,200,000
$
3,295,000
$
690,000
$
1,100,000
$
21,915,000
$
FY'08 Budget
$ 9,700,000
$ 6,250,000
$ 1,200,000
$ 3,480,000
$
750,000
$ 1,100,000
$ 22,480,000
$
$
$
-
578,000
578,000
22,493,000 $ 23,058,000
22,623,000 $ 23,078,000
130,000 $
150,000
9
Projected Telecommunications Revenue
FY2004 (Summer, 2003 Data)
Service
Equipment/lines
Voicemail
Allocation
Installation
Usage (LD/local)
Miscellaneous
Total
11/3/2003
$
$
$
$
$
$
$
Admin
3,760,000
795,000
1,345,000
800,000
1,810,000
163,000
8,673,000
Student
Total
$ 615,000 $ 4,375,000
$ 25,000 $ 820,000
$ 1,345,000
$ 132,000 $ 932,000
$ 720,000 $ 2,530,000
$ 35,000 $ 198,000
$ 1,527,000 $ 10,200,000
10
FY2004 Projected CSF Expenses
(Fall, 2002 Data)
External
CSF BUNDLE OF SERVICES
CAMPUS BACKBONE INFRASTRUCTURE
INTERNET & BANDWIDTH MANAGEMENT
INTERNET2
NOC/NETWORK MANAGEMENT/EXT HOURS
FIBER AND CABLE MANAGEMENT
WWW
INFRASTRUCTURE SOFTWARE SERVICES
R&D
NETNEWS
MAIL RELAY, LISTSERV, DIRECTORY
NETWORK SECURITY INCIDENT RESPONSE
CENTRALIZED WIRELESS AUTHENTICATION
PENN COMMUNITY/SECURITY TOOLS
$
$ 1,000,000
$ 197,568
$
$
$
$
$
$
$
$
$
$ 90,000
Computer
HW & OS
Software
N&T Staff
& Lic/Maint (non-allocated)
$ 878,000 $
$ 100,000 $
$ 50,000 $
$ 78,250 $
$
$
$ 40,000 $
$ 110,000 $
$ 90,000 $
$ 40,000 $
$ 25,000 $
$
$
$ 25,000 $
$
$
DIFFERENTIAL BILLING DEVELOPMENT
$ 1,287,568 $ 1,436,250 $
TOTAL
FY2004 PROJECTED AVG IP ADDRESSES
FY2004 CSF Rate
11/3/2003
99,300
41,500
15,000
8,645
100,000
27,000
11,000
9,000
18,500
4,500
3,750
-
$
$
$
$
$
$
$
$
$
$
$
$
$
338,195 $
505,053
259,673
182,055
388,526
135,334
36,094
20,000
Subtotal
$ 1,482,353
$ 1,401,173
$ 444,623
$ 475,421
$ 235,334
$ 67,000
$ 121,000
$ 99,000
$ 58,500
$ 29,500
$ 36,094
$ 48,750
$ 90,000
50,000 $ 50,000
1,576,735 $ 4,638,748
38,210
10.12
% Total
32.0%
30.2%
9.6%
10.2%
5.1%
1.4%
2.6%
2.1%
1.3%
0.6%
0.8%
1.1%
1.9%
1.1%
100%
11
Internet/Internet2
■
■
■
■
■
Current status/utilization
Strategy
Costs
Bandwidth management
Next steps
11/3/2003
12
External Connectivity
11/3/2003
13
Growth in Internet Bandwidth
Growth in Internet Bandwith
600.0
500.0
Mbps
400.0
300.0
200.0
100.0
0.0
11/3/2003
'86
'90
'92
'96
'97
'99
Time
'00
'01
'02
'03
'04
14
Internet Usage October, 2003
11/3/2003
15
Internet2 Usage October 2003
11/3/2003
16
Internet Strategy
■
■
■
■
Have multiple Internet Service Providers with diverse
paths and national backbones. (Currently have 3 ISPs)
Have a presence at 401 N. Broad Street in the Telecom.
Hotel to rapidly switch ISPs, get additional bandwidth
and lower local loop costs. (Currently lease 100 SF)
Have reliable and redundant lines from 401 N. Broad to
main campus. (Currently have links from both YIPES
and PECO Hyperion, migrating to leased fiber ring.)
Have sufficient Internet capacity to meet current and
future needs. (Current infrastructure/ISPs are capable of
over 2000 Mbps.)
11/3/2003
17
Internet Strategy (Continued)
■
■
■
■
Maintain peering links with ISPs. (Currently have 100
Mbps link to DCAnet, talking to both Comcast &
Verizon.)
Continue to provide cost-effective service for Penn.
(Current monthly Internet cost is $3.05 per user/IP
address.)
Continue experimentation with low-cost providers. (This
has been very successful with cost per meg of Internet
service dropping from $750 to $40 per meg per month).
Continue limits for aggregate outbound residential traffic
as well as individual residential IP address outbound
limits. (There are no limits on non-residential usage.)
11/3/2003
18
Internet External Expenses
$1,200,000
$1,000,000
$800,000
$600,000
$400,000
$200,000
$0
11/3/2003
'86
'90
'92
'96
'97
'99
'00
'01
'02
'03
'04
19
Cost Per Mbps Per Month
$800
$700
$600
$500
$400
$300
$200
$100
$0
'97
11/3/2003
'99
'00
'01
'02
'03
'04
20
Internet Bandwidth Management Background
■
■
■
■
A Central Service Fee is assessed for each IP address
used.
Internet costs are part of the Central Service Fee
bundle of services that N&T provides.
Internet costs are distributed equally across Penn’s
38,000 users.
The cost per IP address per month is $3.05 in FY ’04.
11/3/2003
21
Internet Bandwidth Management
(Continued)
■ Internet bandwidth usage and costs increased
exponentially during the late 90’s.
■ Periodic “snapshots” of usage demonstrated that College
House residents had a different profile of usage than
PennNet’s non-residential customers.
■ 24 X 7 rather than 7AM to 8PM
■ Demands for bandwidth greatly exceeding almost all other
users.
■ Residential limits on outbound bandwidth have helped
slow the increase in Internet expenses.
11/3/2003
22
Creation of a Residential PennNet
Service
■
■
■
Differential charging is not yet technically practical.
Charging all users more to accommodate growing
cost due to residential use was not acceptable.
Creation of a custom service level designed for
residential users, with differences but at a price equal
to pre-existing services.
11/3/2003
23
Bandwidth Management - Current
Status
■ Bandwidth management techniques in the College
Houses are being successfully implemented.
■ Upper limits on aggregate outbound usage (255Mbps)
■ Maximum outbound bandwidth limits per IP address (400Kbps
with a 400 KB burst)
■ The limits on residential Internet traffic plays a major
role in controlling costs.
11/3/2003
24
Bandwidth Management – Next Steps
■ Improve our ability to identify traffic patterns, heavily
used applications, most demanding users and quick
Information Security incident response.
■ Use this information to help in the evaluation of
service.
■ To business and research/education users
■ To residential users
11/3/2003
25
FY2004 Projected CSF Expenses
(Fall, 2002 Data)
External
CSF BUNDLE OF SERVICES
CAMPUS BACKBONE INFRASTRUCTURE
INTERNET & BANDWIDTH MANAGEMENT
INTERNET2
NOC/NETWORK MANAGEMENT/EXT HOURS
FIBER AND CABLE MANAGEMENT
WWW
INFRASTRUCTURE SOFTWARE SERVICES
R&D
NETNEWS
MAIL RELAY, LISTSERV, DIRECTORY
NETWORK SECURITY INCIDENT RESPONSE
CENTRALIZED WIRELESS AUTHENTICATION
PENN COMMUNITY/SECURITY TOOLS
$
$ 1,000,000
$ 197,568
$
$
$
$
$
$
$
$
$
$ 90,000
Computer
HW & OS
Software
N&T Staff
& Lic/Maint (non-allocated)
$ 878,000 $
$ 100,000 $
$ 50,000 $
$ 78,250 $
$
$
$ 40,000 $
$ 110,000 $
$ 90,000 $
$ 40,000 $
$ 25,000 $
$
$
$ 25,000 $
$
$
DIFFERENTIAL BILLING DEVELOPMENT
$ 1,287,568 $ 1,436,250 $
TOTAL
FY2004 PROJECTED AVG IP ADDRESSES
FY2004 CSF Rate
11/3/2003
99,300
41,500
15,000
8,645
100,000
27,000
11,000
9,000
18,500
4,500
3,750
-
$
$
$
$
$
$
$
$
$
$
$
$
$
338,195 $
505,053
259,673
182,055
388,526
135,334
36,094
20,000
Subtotal
$ 1,482,353
$ 1,401,173
$ 444,623
$ 475,421
$ 235,334
$ 67,000
$ 121,000
$ 99,000
$ 58,500
$ 29,500
$ 36,094
$ 48,750
$ 90,000
50,000 $ 50,000
1,576,735 $ 4,638,748
38,210
10.12
% Total
32.0%
30.2%
9.6%
10.2%
5.1%
1.4%
2.6%
2.1%
1.3%
0.6%
0.8%
1.1%
1.9%
1.1%
100%
26
FY2004 Connection Maintenance
Expense Breakdown (10baseT)
Elements
Costs (Annual)
Staff
(NOC, Net Management, second
shift, OT, beeper pay, overhead)
$633,000
$343,000 (54.2% overhead)
$976,000
Hardware/Software/Tools/
Maintenance Contracts
$259,000
TOTAL
$1,235,000
Number Ports
32,878 ÷ 12 month
Monthly Rate
$3.13 per port
11/3/2003
27
FY2004 Port Rental Expense
Breakdown (10baseT)
Elements
Costs (Annual)
Staff including overhead
$155,000
Equipment
$1,000,000
TOTAL
$1,155,000
Number Ports
32,878 ÷ 12 month
Monthly Rate
$2.93 per port
11/3/2003
28
Next Generation PennNet (NGP)
■
■
■
■
Goals
Current status
Strategy
Future plans
11/3/2003
29
NGP Infrastructure Goals
■
■
■
■
■
Distribute routing core across campus to minimize single
point of catastrophic network failure.
Build redundant network links between the Network
Aggregation Points (NAPs) and to critical buildings.
Upgrade 20 year-old multi-mode fiber and install singlemode fiber to prepare for multi-Gigabit network speeds.
Build Next Generation PennNet infrastructure to prepare
for future technologies and convergence.
To continue to provide secure, “cutting-edge” network
connectivity to support Penn’s research, academic and
administrative needs.
11/3/2003
30
NGP Current Status
■
■
■
■
■
Vagelos and Huntsman NAPs and associated singlemode fiber links completed.
Strategic conduit installed partnering with Facilities.
(Locust Walk, Spruce Street, Levine, Hillel,
Huntsman, etc.)
Distributed and redundant routers, servers and
systems in Vagelos, Huntsman, College Hall and
3401 Walnut.
Southern NAP construction underway.
Western and Northern NAPs site selections in
progress.
11/3/2003
31
NGP Current Status (Continued)
■
■
■
■
Redundant connectivity (dual fiber and pathway
feeds) for 3401 Walnut, FB, VPL, Vagelos and
Huntsman.
Most Area 1 buildings linked to Vagelos NAP.
Some area 2 buildings linked to Huntsman NAP.
Catastrophic failure reduced from 2 weeks to 1-2
days for these buildings.
11/3/2003
32
Next Generation PennNet
Current Status/Plan
Symbol Legend
Penn Building (typ.)
Building Recover Time
Building Connectivity
NAP Connectivity
NAP5
NORTHERN
TIER
2 Week Recovery
2 Day Recovery
2 Hour Revovery
NAP-CH
COLLEGE HALL
NODE ROOM
NAP4
WESTERN
TIER
NAP2
CENTRAL TIER
HUNTSMAN
3401
FB
NAP1
EASTERN TIER
VAGELOS
VPL
Proposed
Construction Phases
Completed
FY’04
FY’05
FY’06
11/3/2003
NAP3
SOUTHERN TIER
MOD5
33
NGP Future Plans
■ Plan FY2004
■ Southern NAP fully
operational (Jan. ’04)
■ Northern NAP site selected.
(March ’04)
■ Western NAP under
construction (June ’04)
■ Southern NAP building
redundancy links underway.
11/3/2003
■ Plan FY2005
■ Western and Northern NAPs
fully operational.
■ Most NAP to NAP links
completed.
■ Western and Northern
building redundancy links
underway.
■ Potential funding issues if
NGP funds (Telecom
surplus) shrink or if there
is not enough existing
fiber.
34
Wireless
■
■
■
■
■
■
■
Brief Overview
Goals
Strategic Objectives
Current Research
Short – Long Term Strategy
Challenges
Wireless Network Topologies
11/3/2003
35
Wireless Terminology
■
■
■
■
■
wLAN: Wireless Local Area Network
AP (Access Point): Point of Entry from Wireless to
a Wired Network
Authentication Gateway: Point of entry from
unsecured network into PennNet.
Association: an 802.11 mapping of a wireless
device to an AP.
Coverage Area: Radio frequency range of an AP or
group of AP’s, which comprises the wireless
network.
11/3/2003
36
Overview of Wireless PennNet
■ Wireless Networks at Penn are based on 802.11b standard,
which is 11mb shared access to the network.
■ Bandwidth per user depends on several factors:
■
■
■
■
Number of devices associated with a single AP
Number of devices transmitting or receiving data
Distance of device from AP
Interference
■
■
■
■
Other APs
Other Devices using same frequency
Interface cards and antennas
Physical position of the device relative to the AP
■ Each wLAN offers seamless roaming from one area of a
building to another.
■ Wireless service provides convenience rather than high
performance.
11/3/2003
37
Goals
■
■
■
■
To meet the wireless needs of the Penn
community for schools and centers and public
spaces.
To have a common authentication approach
across campus (strong security).
To have seamless roaming from one wLAN to
another.
To determine a sustainable funding model for
one-time and all ongoing operational
expenses.
11/3/2003
38
Strategic Objectives
■ Using Enterprise Class Technologies
■ Designed to serve large organizations
■ Long-term customer support included
■ Provides more robust set of features, including:
■
■
■
■
Adjustable Signal Strength
Stability
Monitoring & Statistics
Tri-Band Capabilities
■ Aiming to Provide Scalable & Secure Solutions
■ Staged Approach to Deployment
■ Working with Standards-Based Products
■ Avoid being locked into relationship with single vendor
■ Cards that comply with wireless standards
11/3/2003
39
Current Research
■ Authentication Gateway Tests
■ Testing with New Vendor Going Well
■ Short Term Plans
■
■
■
■
■
Work with Both Vendors (support exiting base)
Local Testing Ends 10/27
Pilot Deployment (Small Area) early November
Expand to Larger Pilot Mid December
Resume replacement of MAC Authentication
■ Hit Target Dates for FY04
11/3/2003
40
Short – Medium Term Strategy
■ Security
■ Continue to Pursue Authentication Gateway Testing
■ Maintain Vendor Relationships for Current Install Base
■ Test Another Vendor’s Product
■ Explore Vendor’s Product Road Map with LT Strategy
■ Network Management
■ Work on Better Network Monitoring and Reporting
■ Resume Replacement of MAC Authentication
■ Staged Approach
■ Begin Test and Research high-speed wireless
11/3/2003
41
Long Term Strategy
■ Security
■ Authenticated & Authorized Access Control (802.1X)
■ Extensible authentication methods
■ Secure, encrypted channel (802.11i)
■ Successor to Wired Equivalent Privacy
■ VPN Gateways & Clients
■ Wireless Authentication Gateway could be VPN Gateway for
wireless clients
■ May require VPN software on client
11/3/2003
42
Long Term Strategy (continued)
■ Network Management
■ SMNP v3
■ Secure means of managing the network
■ Automated Reporting
■ Usage Statistics
■ Quality of Service (802.11e)
■ Support for delay-sensitive applications
■ Wireless Voice over IP
11/3/2003
43
Challenges
■ Funding
■ No Central Funding
■ Slower Roll Out in Some Areas
■ IP Address/CSF fee issue for public spaces
■ Security
■ Authenticated Access (Still being worked out)
■ Data Encryption Lacking
■ Authorization
■ Support
■ Central and Local Support
■ Not a static situation in a wLAN environment
11/3/2003
44
Current Status Public Wireless
Location
Funding
Indoor/Outdoor
Components
Capacity
Auth
Public/Private
U Square
Facilities
Outdoor
2 AP
50 users
PennKey
Public
Perelman
VPUL
Indoor & Outdoor
4 AP
100 users
PennKey
Public
Hill House
ISC/CHC
Indoor
4 AP
100 users
PennKey
Public
Harnwell
ISC/CHC
Indoor
1 AP
25 users
PennKey
Public
Hamilton
CHC
Indoor
5 AP
125 users
PennKey
Public
Grad Ctr.
VPUL
Indoor
1 AP
25 users
PennKey
Public
3401 Walnut
ISC N&T
Indoor
5 AP
125 users
PennKey
Public
Sansom West
ISC
Indoor
3 AP
75 Users
PennKey
Public
VAN, SDH, HNT
Wharton
Indoor & Outdoor
57 AP
1425 users
MAC
Public
Van Pelt
Library
Indoor
19 AP
475 users
MAC
Public
Bio Pond
SAS
Outdoor
1 AP
25 users
MAC
Public
Bio Med Library
Library
Indoor
3 AP
75 users
MAC
Public
11/3/2003
45
Current Status Private Wireless
Location
Funding
Indoor/Outdoor
Components
Capacity
Auth
Public/Private
Law School
Law
Indoor & Outdoor
34 AP
850 users
MAC
School Only
Dental
Dental
Indoor
5 AP
125 users
MAC
School Only
Furness
Design
Indoor
2 AP 2 Bridges
50 users
MAC
School Only
4200 Pine
VPUL
Indoor
2 AP
50 users
MAC
Department Only
Colonial Penn
VPUL
Indoor
2 AP
50 users
MAC
Department Only
Meyerson
Design
Indoor
1 AP
25 users
MAC
School Only
Fels Center
SAS
Indoor
1 AP
25 users
MAC
School Only
DRL
SAS
Indoor
1 AP
25 users
MAC
School Only
11/3/2003
46