1 / 38

Network Planning Task Force

Network Planning Task Force. Strategic Discussions. Mary Alice Annecharico / Rod MacNeil, SOM Mark Aseltine* / Mike Lazenka, ISC Robin Beck, ISC Doug Berger / Manuel Pena, Housing & Conference Services Chris Bradie / *Dave Carroll, Business Services Chris Field, GPSA (student)

Michelle
Télécharger la présentation

Network Planning Task Force

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Planning Task Force Strategic Discussions

  2. Mary Alice Annecharico / Rod MacNeil, SOM Mark Aseltine* / Mike Lazenka, ISC Robin Beck, ISC Doug Berger / Manuel Pena, Housing & Conference Services Chris Bradie / *Dave Carroll, Business Services Chris Field, GPSA (student) Cathy DiBonaventura, School of Design* Geoff Filinuk, ISC Bonnie Gibson, Office of Provost Roy Heinz / John Keane, Library Robert Helfman, Budget Mgmt. Analysis John Irwin, GSE Marilyn Jost, ISC Carol Katzman, Vet School Deke Kassabian / Melissa Muth, ISC James Kaylor / CCEB* Dan Margolis, SEAS* (student) Dominic Pasqualino, Audit & Compliance Kayann McDonnell, Law Donna Milici, Nursing Dave Millar, ISC Michael Palladino, ISC (Chair) Dominic A. Pasqualino / Audit & Compliance* David Seidell, Wharton* Dan Shapiro, Dental Mary Spada, VPUL Marilyn Spicer, College Houses* Steve Stines / Jeff Linso, Div. of Finance Ira Winston / Helen Anderson, SEAS, SAS, School of Design Active Task Force Membershttp://www.upenn.edu/computing/group/nptf/ *New FY ‘04

  3. Summer 9/15 9/29 10/8 11/3 11/17 12/1 12/15 Focus group sessions Setting the stage Security discussions (Part I) Security discussions (Part II) Operational briefing/baseline activities Strategic discussions Consensus building/preliminary rate setting State of the Union NPTF FY 2004 Agenda

  4. Today’s Objectives • Discuss Telecommunications strategy • Reach consensus on security strategy and plans, identify costs and begin to find funding sources. • Discuss wireless strategy, plans and costs.

  5. Strategic Discussions • Telecommunications • Security • Wireless

  6. Telecommunications Strategy • Short Term • Investigate several options for capturing shrinking telephone revenues. • Do two revenue-sharing contracts (Nextel & AT&T) • Seek lower-cost LD rates. • Extend Verizon contract at same or lower rates for two years (June ’07) to “lock in” low Centrex rates. • Investigate several options for enhancing voice service. • VoIP Centrex • Do VoIP SIP as an app on PennNet (Broadsoft) • Do VoIP SIP as an app on PennNet (open source)

  7. Telecommunications Strategy (Continued) • Mid term (1-3 years) • Do all network readiness work. • NGP (enhanced capacity, reliability, redundancy) • Upgrade electronics • Prepare staff and customers for transition. • Do VoIP pilots in College Houses and elsewhere. • Do softphone pilot of VoIP using campus wireless network (Dartmouth model).

  8. Telecommunications Strategy (Continued) • Long term (5 years) • Full deployment of VoIP with all associated services including: • Unified messaging • “Follow me” features (Presence) • Enhanced ACDs • Video picture phone calls • Softphones

  9. Telecommunications Strategy- Next Steps • Expand VoIP SIP pilot within N&T from 20 to 80 phones. • Expand pilots beyond N&T to ISC and some external customers. • Trial softphones. • Trial VoIP over PennNet wireless network. • Trial advanced features. • Trial open source SIP software. • Expand Broadsoft license to 1000 users for FY ’05.

  10. Security Discussions • Strategy • Progress • Plans • Near-term • Medium-term • Future

  11. Security Strategies • Implement a multi-layered security-in-depth architecture consisting of: • Host security • Security out-of the box • Patch management, anti-virus, strong passwords • Network authentication and authorization • Anti-virus • Firewalls • Intrusion detection • Improved incident response processes

  12. Security Strategies (Continued) • Establish policies that resolve privacy concerns and provide a mandate to justify funding a security in depth architecture. • Provide tools and resources to empower LSPs to implement these policies • Patch management service • Personal and workstation/server firewall and VPN standards • VLAN Support • Antivirus tools for large mail servers • Education and training

  13. ISC Security Progress • ISC, in collaboration with its customers, is developing a multi-year strategy for campus computing security. • Support for VLAN network topology for fee in support of local firewalls. • Support for short-term filtering on edge routers for problematic services. • Virus scanning on POBOX. • Campus-wide and focused, critical host vulnerability scanning and reporting. • Security incident response

  14. Security Plans/Near-term • Implement a PennNet host security policy mandating patch management, anti-virus software and strong desktop/server passwords. • Take proposals to NPC & IT Roundtable for intrusion-detection and campus-wide virus email scanning. • Help leverage virus scanning service for other campus email servers. ($5 per account per year) • Identify vendors/consultants who can assist with implementation of local firewalls on a for-fee basis. • Evaluation to identify standard firewall and VPN software.

  15. Security Plans/Near-term (Continued) • Improve notification and disconnect/reconnect processes • Develop tools to rapidly associate wallplates with IP addresses. • Improved assignments accuracy and support quick lookups • Reduce the number of unregistered IP addresses • Targeted deployment of PennKey authenticated network access in College Houses, GreekNet, Library and other public spaces. ($100k for wireless) • Research ways of ensuring security of newly connected machines: • Vulnerability scan of machines as they connect to PennNet • Network authorization: Ability to block infected/vulnerable machines based on MAC address

  16. Security Plans/Medium-term • Improved security on Fall Truckload disk images. • Evaluate personal firewalls with goal of sharing information among, and making recommendations for, local support providers. • Patch management • ISC to run opt-in software update service for fee. ($28k year) • In lieu of patch testing, Penn to wait 1-2 days before implementing new patches on ISC run SUS server except in cases where ISC Information Security determines immediate release of patch is critical. • ISC to do more education and training. ($20k year)

  17. Security Plans/Medium-term • Pursue volume discount pricing for patch management software as appropriate based on the recommendations of the patch management evaluation effort. • Additional TSS second-tier support for LSPs. ($15k) • ISC costs to manage port disconnects, reconnects associated with enforcement of patch management policy. ($150-$200k FY ‘05; $100k ongoing) • Similar local costs possible with supporting enforcement of patch management policy.

  18. Security/Medium-term (Continued) • Evaluate and recommend server and workgroup firewalls. • Select standard VPN and firewall software. • Determine if ISC should operate a centrally managed firewall service. • Develop a migration strategy and cost proposals to move towards campus-wide network authentication on both the wired and wireless networks. • After policy is accepted, pilot Intrusion-detection. ($100k)

  19. Security Plans/Long-term • Implement campus-wide authentication (PennKey) on both the wired ($2M) and wireless ($100k) networks. • Evaluate a network design and migration strategy that better balances availability against security, and capable of supporting broader intrusion detection and firewalling.

  20. Wireless Discussions • Strategy • Challenges • Current status • Wireless costs

  21. Strategy • Wireless as an “overlay” technology - not replacement for wired. • Scalable & Secure Solutions • Use Enterprise Class Technologies • Cisco AP350 & Newer 1200 AP • Adjustable Signal Strength • Stability • Monitoring & Statistics • Tri-Band Capabilities • Staged Approach • Standards Based Products • Avoid being locked in to single vendor • Cards that Comply with Wi-Fi Standards

  22. Challenges • Funding • No Central Funding • Slower Roll Out in Some Areas • Should we subsidize public wireless IP addresses? ($50k) • Should we subsidize wireless authentication? ($100k) • Security • Authenticated Access • Data Encryption Lacking • Not able yet to do authorization with wireless authentication. • Support • Challenges supporting mobile users.

  23. Current Status • Authentication Gateway Tests • Testing with New Vendor Going Well • Short Term Plans • Work with Both Vendors (support exiting base) • Deployed New Auth. Device at Vance Hall 11/11 • Upgraded OS on Existing Gateways on 11/13. • Expand Larger Pilot and another wLAN Mid December • Van Pelt PennKey authentication possible for next semester. • Long Term Plans • Resume replacement of MAC Authentication • Hit Target Dates for FY04 • Pursue Strategic Plans • Determining funding model for a full-campus deployment

  24. Current Status Public Wireless

  25. Current Status Private Wireless

  26. Wireless Costs: Access Point Installation (estimated cost)

  27. Wireless Costs: Access Point Ongoing Costs • Assumptions • Maintenance Fees are per AP Device in each wireless LAN • Central service fees are billed per IP address in use on the wireless LAN • Does not include a 10/100Base-T or vLAN port connectivity charge to PennNet • 100Base-T port will be charged at 10Base-T Rate due to 11mb limit

  28. Authentication Hardware Costs *Blue socket numbers are estimated at this time ** Assumes that AP’s are all 802.11b. *802.11g conversion has different affect on these numbers.

  29. Authentication Installation Costs

  30. Wireless Example Installation:7 AP’s wired to 3 Closets

  31. Wireless Example Installation:Authentication for 7 AP’s wired to 3 Closets

  32. Wireless Example Installation:Ongoing Costs 7 APs wLAN *Note that PennNet port charges, or CSF not included.

  33. Wireless Example Installation:19 AP’s wired to 5 Closets

  34. Wireless Example Installation:Authentication for 19 AP’s wired to 5 Closets

  35. Wireless Example Installation:Ongoing Costs 19 AP wLAN *Note that PennNet port charges, or CSF not included.

  36. Wireless LAN’s on Campus Authenticated Access MAC Authentication

  37. MAC Address Authentication MAC Lists Stored Locally on AP’s MAC Lists Stored Locally on AP

  38. User Based Authentication

More Related