1 / 32

NPTF WINTER SESSION

NPTF WINTER SESSION. Operational Review 2.18.08. NPTF Meetings – FY ’09. February 18-Operational review April 21- Planning discussions June 2- Security strategy session July 21-Strategy discussions August 4- Strategy discussions September 15- Preliminary rates

niles
Download Presentation

NPTF WINTER SESSION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NPTF WINTER SESSION Operational Review 2.18.08

  2. NPTF Meetings – FY ’09 • February 18-Operational review • April 21- Planning discussions • June 2- Security strategy session • July 21-Strategy discussions • August 4- Strategy discussions • September 15- Preliminary rates • October 6- Strategy discussion • November 3- FY’10 Rate setting

  3. Agenda • Next Generation PennNet • Public Safety • Wireless • Email • IM • PennNet Gateway (Scan and Block) • VoIP/Voicemail/ACDs • Strong Authentication • Central Authorization • MAGPI • FY ‘09 Initiatives

  4. Next Generation PennNet • Deploy gigabit connections to 110 subnets of 110 for capacity by 06/09 • To date 57 of these subnets have gigabit Ethernet connections. • To date 93 buildings have gigabit Ethernet connections • Deploy dual connection for most subnets for redundancy by 06/09 • To date we are at 45 buildings with dual connectivity to separate NAPs, expect 65 to 70 by end FY2008 • Dual gig connections 42 • Reduce Impact of College Hall Node Room on PennNet Operations • To date under 25% of PennNet Connections and IP addresses in CHNR • All closet electronics and BE devices will be upgraded by 06/09 • To date 70% of all installed closet electronics are gig capable. • BE devices upgraded 17 this FY, 58 Total, expect to have 67 of 93 by end FY2008.

  5. Gig Connected Buildings (Single Feed)

  6. Gig Connected Buildings (Single Feed)

  7. Gig Connected Buildings (Dual Feed)

  8. Gig Connected Buildings (Dual Feed)

  9. Gig Connected Buildings(Dual Feed) Dual Connected Buildings (100/Gig or 100)

  10. Public Safety • Security Cameras – We provide infrastructure and support over 150 PS CCTV cameras around Penn’s campus.  This year we added/upgraded 5 more cameras in the Western end of campus. • Cameras and E-Phones in progress for three new transit stops (located at UPHS-Gates, Rosenthal, Schattner) vestibules. • Emergency Phones –  We upgraded, manage and monitor 128 self-reporting garage e-phones and will have another 91 Building E-phones upgraded in a few weeks.  These new SMART phones proactively improve campus security with automated monitoring & reporting of emergency phone status. • Elevator phones – Targeting upgrades to all elevator phones (~250 E-Phones). Current PA State Elevator Code (Sections 2.27.1.1.4) affects the upgrades in buildings more than 4 stories high (roughly 50% of these phones). DPS is pursuing a code variance. • Penn Alert – ISC has been working with Public Safety on the Penn Alert system, including working with cellular companies on SMS delays over their network, working with Verizon to insure their network will be able to handle the 20,000 calls in 10 minutes. Campus wide test planned for 02/29/2008. • We are in progress of testing and expanding the fire alarm system. ISC may provide NGP fiber infrastructure to diversify the fire alarm core infrastructure.

  11. Wireless Update • ISC operates 930 AP’s • Resnet 449 AP’s • Remaining campus 481 AP’s • All wireless LANs wLANs are set up to have access to both AirPennNet (802.1x) and Wireless-PennNet (web intercept) • Permits gradual userconversion to AirPennNet for Schools and Centers • BlueSocket AuthN Page reconfigured to notify users of changes to Wireless-PennNet • Permits download of SecureW2 supplicant • Documentation for installing supplicant (for Windows machines) and installation instructions (for MAC’s) is posted on Supported Products Page • Informs Blue Socket users that Wireless-PennNet Service is being retired on June 30, 2008.

  12. Wireless Update (continued) • New Wireless Network (PennNet Guest) • Guest Access to PennNet with a lower barrier to entry. • Testing in Progress • Test NetReg Configuration should be completed in Feb 2008 • Testing Wireless Network in 3401 N&T Suites and in TSS Feb 2008 • Pilot 2 Customer Locations in Mid to End March 2008 • One location to be selected where we have Wireless-PennNet • Second Location will be Life Science (Lynch) Lab • Anyone interested? • First Production Site will be for Destination Penn in Mid May 2008 • Target Full Production Date (Service everywhere AirPennNet is located) by 06/30/2008

  13. Wireless Update (continued) • One Common Wireless LAN (AirPennNet Everywhere) • AirSAS to AirPennNet • Working with SAS Networking on Inventory of Wireless LANs in all SAS buildings. • Approximately 240 AP’s will get converted to AirPennNet • Target completion by September 1, 2008 • AirSEAS to AirPennNet • Have met informally with SEAS • 103 AP’s across 8 buildings will get converted to AirPennNet • Target completion by September 1, 2008

  14. POBOX Classic and Exchange • Pobox Classic: Lower cost email services • Pobox Exchange: Integrated email and calendar • Both provide spam and virus filtering • Both support hosted domains (user@domain.upenn.edu) • Both support user@upenn.edu addressing • Both use fully replicated servers and storage • Both are monitored around the clock. Reports at http://status.net.isc.upenn.edu

  15. POBOX Exchange Service • Pobox Exchange • Integrated email and calendar for Outlook and Entourage users, with web access available • Launched summer 2007 • Over 2000 users • Details at http://www.upenn.edu/computing/email/exchange/ • Upcoming Changes • Exchange Account Management: BlackBerry self-service (March 2008) • Enable account • Delete account • Set activation password • Send service book • Remote wipe

  16. POBOX Classic • Service “born” in 1993 • Other large mail services hosted on POBOX since 1999 • Service provided to about 13,000 users today • Electronic Mail - • POP & IMAP (Thunderbird, Outlook, Mac Mail supported) • Legacy host-based email (Pine, Elm) • Unix shell access, mailing lists, personal web pages and student group accounts Phasing out by June 2008. Alternative is the for-fee Listserv service, which includes more list options, and a web-based interface to manage the lists. We have resources to help transition people away from services being phased out. • Next-Gen Pobox Classic - based on Zimbra collaboration suite. Rolling out late summer 2008.

  17. NextGen Pobox Classic - Zimbra • Email (webmail, POP/IMAP) • Calendar (+ free/busy sharing w/Exchange) • Address book • Tasks • Integration via browser or Zimbra client • Document sharing • Instant Messaging • PDA support • Planned Timeline: • May 15, 2008: customer pilot • July 28, 2008: production service • End user cost for Pobox Classic NG at FY’08 rates

  18. Jabber IM services • Pilot began January 2007. Planned Production Date: July 2008. • Over 14,000 accounts. Most still don’t know they have them. • Accounts at no additional charge for ISC email and VoIP customers. • $12/year if not, starting in FY ‘09 • Currently usage average ~150 users per day. • Facilitates collaboration among co-workers, even those offsite • Most clients in common use can simultaneously connect to AIM and/or Yahoo Messenger as well as Penn’s IM service • Group Chats • Persistent “chat rooms” (like SUG, MacNet, PCNet, etc) • Ad Hoc group chats - great for quick communications and troubleshooting sessions

  19. Jabber IM Next Steps • Formal evaluation team of IM clients will be requested of ITR • Currently investigating integration with the Asterisk voice mail system and with Zimbra • Upcoming availability of Kerberos authentication for compatible clients (including iChat) • Testing and possible piloting of mobile clients for Palm, BlackBerry, iPhone, and Windows Mobile

  20. Impulse Point Network Access Control Solution • Impulse Point is a hardware and software package that has the capability to automatically scan computers for security threats such as viruses and worms and quarantine them before they are allowed on the network. This will slow propagation of these security threats and reduce the manual effort required to address them, significantly reducing lost productivity by students and staff, and protecting the operational integrity of Penn’s network. • This will reduce the need for IT staff in the Residential system to manually examine laptops prior to their connecting to the network. • Penn networks will be less vulnerable to performance problems caused by compromised workstations. • Unmanaged workstations will be protected from each other, so internal security threats are contained and therefore lost user productivity reduced. • Users will be able to help themselves secure their own workstations, thereby avoiding compromise and the attendant loss of data and productivity.

  21. Impulse Point Network Access Control Solution • It has the capability to function on both wired and wireless networks and is managed centrally. • Through this web based interface ISC can set acceptable use policies (i.e. rules) that the system will enforce. • Compliance to the policies is ensured through the use of a software application (agent) that must be downloaded and installed on the end users computer prior to being granted network access. • The installed application has the capability to continually assess user compliance with numerous (including custom built) policies. • ISC recommends using the Impulse Point policy key only to ensure the end users computer is protected by: • The most current operating system security patches • Anti-virus software with up-to-date virus signatures • The most current security patches for any installed Supported Computing Product • This mimics some of what CHC does manually today.

  22. Impulse Point Current Status • Pilot has gone well and we will continue to assess technology • Must now decide on deployment strategies • In consultation with CHC next steps are an expanded pilot with CHC at Kings Court English House beginning on 3/10/08 • If the pilot is successful, full deployment on AirPennNet (wireless network) is expected for the College Houses, Sansom Place East and West and the Greek Houses. • Strategy is to use clear communication to multiple audiences in multiple channels to clarify what we are doing and why it is important.

  23. VoIP & Voicemail • We have about 1500 PennNet phones in service. • We continued to work aggressively to solve several issues including: porting numbers, and some feature problems (too many rings before voicemail, remaining consultative transfer calls). • We have slowed the deployment of PennNet phone and our IP-based voicemail, while we evaluate an outsourced alternative from Verizon, called HIPC (Hosted IP Centrex) • The HIPC ISC pilot should be completed in the Spring • We will compare advantages, disadvantages and costs and decide by June 1 if we go 100% with either one or a combination of both. • We anticipate doing 1500 additional phones in FY ‘09 and finishing the conversion to all VoIP by FY ‘12.

  24. Customer Service • N&T reorganized to improve customer service • NCCS (Network Communications and Consulting Services) • New director (Dawn Augustino) • PennNet Ordering and Information Tracking System (POINTS) • Phase 1 will focus on replacing N&T’s back office systems with a next-generation order-intake system. • Phase 2 will provide online shopping cart services to the campus community and is tentatively planned for customer evaluation during 3Q/FY09. • Metrics and SLAs • Define SLA Standards for Telephony Service Orders and Trouble Tickets • Establish and baseline key performance metrics to assist ISC in managing its performance in delivering Telecommunication services

  25. ACDs (IP-based call centers) • Penn has three legacy ACDs and about 200 agents. • ISC purchased an ACD from ININ and is migrating all of the legacy systems to one centrally run (and highly available) IP-based system. • In addition to telephone calls, ACD also routes email, web chat and inbound fax requests to agents.  The service includes reporting services that measure the performance of the Call Center configuration (# of calls, emails, web chats, missed calls) as well as the performance of the Call Center Agents (most calls, fewest calls). • The rollout commenced on January 29th and is expected to be completed by August 15, 2008.  Additional information is available at www.upenn.edu/computing/voice/acd. • Deploying across the campus community to the following schools/centers:  Student Health,VHUP, Facilities, Computer Connection, Student Registration and Financial Services, Dental School, Wharton MBA, Undergraduate Admissions, Office of International Programs, Ben HELPS, Penn Behavioral Health and ProDesk. 

  26. Strong Authentication • Project Goal • Publish a specific set of recommendations for improvements to PennKey and for strengthening Penn web authentication to protect University assets and individuals’ private data • Key concerns with Authentication • Increase in password theft from keystroke loggers • Increased likelihood of password cracking • Mobile computing with unsecured access points • Levels of assurance

  27. Strong Authentication • Initiatives • Establish a central authentication log to identify and remediate damage in the event of a compromise. • Strengthen PennKey passwords to increase their resistance to brute force cracking. • Update Penn’s web authentication infrastructure to better defend against modern identity theft attacks while retaining interoperability with Penn’s Kerberos infrastructure. • Supplement reusable PennKey passwords with 2-factor technology to protect sensitive systems against password theft • Enable a framework of multiple levels of assurance to define the sensitivity of a given system and the confidence level required for access to be provided. • Status • Requirements for each of the above initiatives have been defined • Recommendations for building solutions that meet these requirements are being researched and formed • Project organization and timelines are being developed • Definition & Planning phasegate target February 2008. 

  28. Central Authorization • Currently a missing link in Penn’s identity management strategy • PennKey authentication, tells us who you are • There is no comprehensive means to control and distribute access privileges across the university. • Objectives • Build a central authorization system that could be utilized by applications across the University • Utilize Penn Community data and school/center created lists to facilitate authorization decisions • Allow Schools and Centers to build and reuse authorization information across applications • Provide sophisticated group management capabilities, such as subgroups and composite groups, to support access management needs.

  29. Central Authorization • Benefits • Facilitate consistent application of University business rules • Streamline maintenance of authorization data • Leverage Penn Community data for accurate, up to date authorization decisions • Support the creation of new groups • Status • Solution will be based on Internet2 Grouper • Discussions with Grouper community on enhancements • Definition & Planning target 2/08 • Pilot target 5/08 • General Availability FY09

  30. MAGPI • The Penn community saved $300k in FY ‘08 by ISC’s operation of the Internet GigaPoP, MAGPI. • MAGPI has several lines of business including: Internet, Internet2, colocation, applications and teleconferences. • We may soon be offering “wavelengths” in 1 Gbps, 2.5 Gbps, and 10 Gbps from MAGPI to any Internet2 connected site in the U.S. and select sites in Europe and Asia. • NLR connectivity could be available if MAGPI members are interested. Currently National Oceanic and Atmospheric Administration (NOAA) has requested access.

  31. MAGPI Projects • Penn Museum and Digital Corinth – Working on Phase II of an existing NEH grant co-authored by MAGPI and David Romano, Ph.D. to combine digital collections at Penn and the American School of Classical Studies in Athens. The focus is on the ancient city of Corinth where students, educators, and researchers will interact with the synchronized data. • Princeton University, ESnet, NOAA – MAGPI will provide a 10 Gigabit per second static wavelength with access to Department of Energy and National Oceanic and Atmospheric Administration (NOAA) collaborators. • Penn School of Medicine/UPHS – MAGPI co-sponsored an event with Mary Alice Annecharico that demonstrated the value of high performance connectivity in support of the Penn Global Health Programs.  MAGPI and Internet2 provide access to 87 national networks around the world. • Wharton/Lauder Institute – MAGPI’s first program was with the Lauder Institute, involving a simulation exercise between Penn students and the University of Grenoble, France.  Current projects involve France, Chile, and Senegal. • Graduate School of Education – MAGPI is a partner on a grant submission involving the Penn Literacy Network and distance education, national and international.

  32. Other FY ‘09 Initiatives • Local Intrusion Detection Pilots • Investigation into IDS functionality in ISC-recommended local firewalls • Investigation into the open source Snort Intrusion Detection and Prevention system. www.snort.org/ • The use of IDS probes deployed locally that work with central IDS systems • Communication Names • Will discuss at the next meeting • What else should we be focusing on?

More Related