Addendum A - NPTF Principles
Download
Report
Transcript Addendum A - NPTF Principles
NETWORK PLANNING
TASK FORCE
FALL FY 2005 MEETINGS
“OPERATIONAL DISCUSSIONS”
November 01, 2004
1
MEETING SCHEDULE – FY ‘05
■
Summer Focus Groups
■ July 19
■ August 2
■ August 16
■
Fall Meetings
■ September 20
■ October 18
■ November 01
■ November 15
■ November 29
■ December 6
Operational Briefing (Non-financial)
Strategic Discussions (Security)
Operational Discussions
Strategic Discussions
Financial Discussions
Consensus/Prioritization/Rate Setting
2
NPTF FALL ’05 MEMBERS
■
■
■
■
■
■
■
■
■
■
■
■
■
Mary Alice Annecharico / Rod MacNeil,
SOM
Robin Beck, ISC
Chris Bradie/Dave Carrol, Business
Services
Cathy DiBonaventura, School of Design
Geoff Filinuk, ISC
Bonnie Gibson, Office of Provost
Roy Heinz / John Keane/ Grover
McKenzie , Library
John Irwin, GSE
Marilyn Jost, ISC
Deke Kassabian / Melissa Muth, ISC
Doug Berger/ Manuel Pena, Housing and
Conference Services
Mike Weaver, Budget Mgmt. Analysis
Dominic Pasqualino, OAC
■
■
■
■
■
■
■
■
■
■
■
■
■
■
■
■
■
Kayann McDonnell, Law
Donna Milici, Nursing
Dave Millar, ISC
Michael Palladino, ISC (Chair)
Dan Shapiro, Dental
Mary Spada, VPUL
Marilyn Spicer, College Houses
Steve Stines / Jeff Linso, Div. of Finance
Andrew Selden*, PCBI
Ira Winston / Helen Anderson, SEAS,
SAS, School of Design
Mark Aseltine/ Mike Lazenka, ISC
Eric Snyder*, Vet School
Brian Doherty*/John Yates*, SAS
Richard Cardona*, Annenberg
Dan Margolis, SEAS(student)
David Seidell, Wharton
Ryan Nunes, (student)
3
* New Members in FY’05
NPTF FY ’05 Progress to Date
■
■
■
■
■
■
■
■
Challenged and reaffirmed NPTF process.
Refreshed NPTF principles.
Updated FY ’05 – ’09 planning assumptions.
Prepared 5 year N&T budget. (Summer Submission)
Held 3 summer focus groups and many 1-1
meetings with schools/center computing directors to
gather customer feedback.
Set the Fall Agenda.
Operational Briefing
Security Briefing
4
Remaining NPTF FY’05
Activities
■
Strategic Discussions (11/15)
■
■
■
■
■
■
■
■
PennKey
PennCommunity
On-Line Directory
Security
Anything we missed?
Financial Discussions (11/29)
Prioritization/Consensus/Rate Setting (12/6)
Benchmarking (Spring ’05)
5
Today’s NPTF Agenda:
Operational Briefing
■
■
■
■
■
■
■
Domain Names (MP)
MAGPI/Internet2 (MP)
College House Services (MP)
Wireless (MW)
Network Management (DK)
Security (DK)
Network Operation Center (NOC) Tour (MW)
6
Domain Names
■
■
■
2001 Domain Names Policy states that domain names existing before
2001 are exempt from meeting policy standards. A $300 yearly fee
should be charged for those out of compliance.
In FY 2003, we reviewed compliance of all 3rd level domain names with
2001 policy to determine fee exempt status.
ISC found that:
■
■
■
■
■
Administrative costs exceed revenue generated by few non-exempt
“grandfathered” domain names.
These domain names are an intrinsic part of each group’s organization.
They were not willing to bring them into compliance to avoid the fee.
ISC N&T has decided to declare all non-compliant, pre-existing domain
names exempt from the yearly domain name fee.
The yearly fee will still be charged for new 3rd level domain names.
Domain Name pages:
www.upenn.edu/computing/pennnet/domainnames/
7
MAGPI
■
■
■
■
A multi-state regional GigaPoP (Gigabit Point of Presence) ,
involving institutions from New Jersey, Pennsylvania and
Delaware
Penn’s regional connection to Internet2, the research network.
Promotes applications for the region's research and education
communities through high performance network technology.
Offers wide range of services to support research activities,
including:
■ Regional, national, and international high speed connectivity
■ Applications development
■ Advanced services (e.g., Multicast, IPv6)
■ Digital video support
8
MAGPI/Internet2 Planning
Assumptions
■
■
■
■
■
■
■
Penn needs Internet2 to remain competitive.
MAGPI helps lower Penn’s total costs.
The central service fee would increase by 5% ($250k) without
MAGPI.
MAGPI is soon moving to an OC48 to support the growing
subscriber base.
Penn will probably need to connect to the National Lamda Rail in
the next 1-2 years to support high-end research.
The OC48 infrastructure upgrade and other activities would
increase the potential for NLR at much lower costs to Penn
More info – http://www.magpi.net
9
National Lambda Rail
Thought of as the next version of Internet2, The
National Lambda Rail is gaining momentum
throughout the United States.
■Key Features:
■
■
■
■
Requires fiber optic connections
Dense Wave Division Multiplexing, (DWDM)
Lambdas in increments of 10 Gigabits per second
With the Internet2 project, HOPI, this will establish a global
Optical/Packet infrastructure
■Benefits
■
To maintain Penn’s competitive edge for the research
community.
10
I2/MAGPI Involvement at Penn
■
■
■
■
■
■
■
■
■
■
■
■
Engineering School - remote course delivery as part of Nanotechnology Institute's
outreach to 7 community colleges in PA, NJ, DE, and MD and educational outreach to
high schools.
International Student Interviews (SEAS, SAS Grad Students)
Grad Ed's Penn Literacy Network International Programs with pre-service teachers in
Dublin.
Collaboration Opportunities for Lauder Faculty with France, China, etc.
School of Medicine Faculty Participation in COPD Virtual Conference hosted by Prous
Science in Barcelona
National Teleimmerison Initiative http://www.cis.upenn.edu/teleimmersion
National Digital Mammography Archive
http://www-306.ibm.com/e-business/doc/content/growingsuccess/univofpa.html
Schoenberg Center for Electronic Text and Image http://dewey.library.upenn.edu/sceti/
English Renaissance In Context http://dewey.library.upenn.edu/sceti/furness/eric
Wharton West http://www.upenn.edu/pip/?pip=whartonwest
The French Project (Lauder and Universite of Grenoble) and EUMAX Project (multi-state,
multi-country International Business and Computer Science education)
http://www.scienceblog.com/community/older/2001/E/200115536.html
Penn Museum of Archeology and Anthropology's Interactive Virtual Museum Education for
K12s
11
MAGPI Connected Sites
■
Universities
■
■
■
■
■
■
■
■
■
■
■
■
■
■
■
Hospitals
■
■
■
■
CHOP
Fox Chase Cancer Center
Lehigh Valley Hospital
Research Facilities
■
■
Princeton
Thomas Jefferson University
Arcadia University
Lehigh University
Seton Hall University
St Francis University
Temple University
Villanova University
Widener University
Rutgers
University of Delaware
Stevens Institute of Technology
University of Medicine and Dentistry New Jersey
New Jersey Institute of Technology
Johnson and Johnson
State Networks
■
New Jersey
■
K12 institutions – 32
■
The Franklin Institute
12
College House Services
■
■
■
Focus Groups
Wireless
New Financial Model
13
College House N&T Service
Focus Groups
■
■
■
■
■
Conducted two focus groups last week
regarding data, voice and video services
Goal is to get direction for preparing student
survey
Strong desire for wireless throughout college
houses
Rejection of PAC codes on phone lines
Bandwidth cap not noticed
14
College House Wireless
■
Working on various strategies for wireless
networking in the dorms.
■
■
■
■
■
Cost Effective vs. Performance Coverage
Supplemental vs. Replacement for Wired
Insourced vs. Outsourced Service.
Working on a proposal for College House
wireless costs (end of January ’05).
Strategy could be expanded to rest of
campus.
15
Proposed College House
Service & Funding Models
■
We already have a separate network SLA for the
College Houses
■
■
■
■
■
Differential hours of support since “home use” is off hours
Differential Internet Bandwidth
Special Support for College House Servers
We are exploring a new funding model for future
services
Is it time to have a separate cost model?
■
■
Wallplate fee
Central service fee
16
Wireless
■
■
■
Current status
Subsidized Wireless IP Addresses
Future Plans
17
Wireless – Current Status
■
Locations: 32 Wireless LANs on Campus
■
■
■
■
■
14 Public Wireless Locations
16 Private Wireless Locations
197 Managed Access Points
Blue Socket Gateways Installed in 4
locations.
User Based Authentication for all but three
Wireless LANs
18
Wireless LAN’s on Campus
19
Wireless - Subsidized Wireless
IP Addresses
■
■
■
■
NPTF voted to allow up to 400 IP addresses
for public wireless locations if FY2005
14 Public Wireless Locations are being
monitored for usage statistics
Private Wireless LANs can get some
subsidies (10% for large LANs, up to 20% for
small LANs)
Defining Public vs. Private Wireless LANs
20
Wireless Ranges
Building
DHCP range
U-S quare (1 AP in GRT CRC)
SFR-VPUL
Museum Library
M EY
M EL
LUW
128.91.24.33- 128.91.24.62
128.91.134.12- 128.91.134.21
128.91.27.11- 128.91.27.62
128.91.28.11- 128.91.28.62
128.91.59.150- 128.91.59.210
128.91.58.76- 128.91.58.126
LCT-3601-Locust
JS N-Biomed Lib
HRN
Houston-Hall
HNW (Harnwell)
HIL
Furness-wireless - 1 AP is on 4th
128.91.59.11- 128.91.59.20
128.91.27.76- 128.91.27.126
165.123.93.11- 165.123.93.107
128.91.25.51- 128.91.25.100
128.91.24.95- 128.91.24.126
128.91.24.191- 128.91.24.254
floor conference room outside
library area
College-green-wireless
Castor-wireless
Bookstore-wireless
3401- Wireless
EIS
128.91.26.139- 128.91.26.190
128.91.25.161- 128.91.25.235
128.91.26.75- 128.91.26.94
128.91.26.11- 128.91.26.50
165.123.94.21- 165.123.94.80
# of Ip
Addresses
30
10
52
52
9
51
10
51
97
50
32
64
52
75
20
40
60
10
5
Domain (new)
# of APs
wireless-pennnet.upenn.edu
wlan.vpul.upenn.edu
wireless-pennnet.upenn.edu
wlan.design.upenn.edu
wlan.ora.upenn.edu
wireless-pennnet.upenn.edu
3
1
1
1
3
1
wlan.vpul.upenn.edu
wireless-pennnet.upenn.edu
wireless-pennnet.upenn.edu
wireless-pennnet.upenn.edu
wireless-pennnet.upenn.edu
wireless-pennnet.upenn.edu
1
3
5
4
1
4
wireless-pennnet.upenn.edu
wireless-pennnet.upenn.edu
wlan.ssw.upenn.edu
wireless-pennnet.upenn.edu
wlan.isc-net.upenn.edu
wireless-pennnet.upenn.edu
wlan.admin.upenn.edu
6
3
1
1
5
8
21
Wireless Ranges
Building
HNT-Wireless
DHCP range
# of Ip
Addresses
Domain (new)
# of APs
128.91.92.61- 128.91.93.254
275
wlan.wharton.upenn.edu
25
wlan.wharton.upenn.edu
34
wlan.lsw.greeknet.group.upenn.edu
wlan.gse.upenn.edu
wlan.dental.upenn.edu
wireless-pennnet.upenn.edu
wlan.vpul.upenn.edu
Wlan.dria.upenn.edu
wlan.law.upenn.edu
1
8
7 (1AP in lib)
2
2
2
37
wireless-pennnet.upenn.edu
21
SDH-Wireless
-SDH(22)
-VAN(6)
-SCC(2)
-LFR(1)
-MCN(1)
-CPN(2)
75
128.91.80.254- 128.91.81.72
51
LSW (Kelly Writer’s House)
GEB
EVN
HRS-Wireless
PIN
GYM
Law-Wireless
128.91.58.140- 128.91.58.190
128.91.27.145- 128.91.27.195
128.91.61.30- 128.91.61.55
165.123.95.11- 165.123.95.107
128.91.26.203 128.91.26.214
128.91.138.11- 128.91.138.50
130.91.208.61-130.91.209.174
VPL Wireless
128.91.128.40- 128.91.128.254
51
26
97
12
20
370
150 – DHCP
65 - Static
22
Wireless – Future Plans
■
■
■
Improvement on user authentication – 802.1x
Improving efficiency of wLAN installation
Using New Wireless Tools
■
■
■
Air Magnet Laptop Analyzer - troubleshooting
Air Magnet Surveyor – survey and updating AP’s
Evaluating New Tools
■
Centralized wireless management tools
■ Cisco Works Wireless LAN Solution Engine (WLSE)
■ Airwave Management Platform
■ Air Magnet Enterprise
23
Network Management Tools
24
25
26
27
28
29
30
Network Management: PUMA
31
32
33
34
35
Security
■
■
■
Wired Authentication
Intrusion Detection
VPNs
36
Security – Wired Authentication
■
■
■
Pilot underway in ISC since June
Plan to expand pilot externally in December
Pilots will require client (web intercept
unavailable) until Q1CY2005
37
Intrusion Detection
■
■
A new tool, Arbor Peakflow, allows us to collect and
analyze network "flow" info from Penn routers.
This helps us to see lists of
■
■
■
■
top talkers,
traffic by protocol (web vs email vs p2p vs voice vs video,
etc),
traffic by destination service provider (Cogent vs Qwest vs
Abilene/Internet2),
and much more.
38
Intrusion Detection
■
■
■
Peakflow also allows us to identify denial of service
(DoS, DDoS) attacks in progress, including sources
and protocols, and possible filtering options.
In this role, the Arbor Peakflow tools act as a very
sophisticated distributed IDS, helping us to do
targeting filtering during major network-based
attacks.
No dedicated IDS systems needed to be put inline
into the network. Netflow data from the routers is
used.
39
Security - VPNs
■
■
■
■
Beginning investigation of generic solution
Goal: allow specific ports to be used that are
otherwise blocked by ISPs (e.g. for Windows
file sharing and MS Exchange)
Expect to have proof-of-concept in March
Targeting deployment for Fall 2005
40