network planning task force l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Network Planning Task Force PowerPoint Presentation
Download Presentation
Network Planning Task Force

Loading in 2 Seconds...

play fullscreen
1 / 38

Network Planning Task Force - PowerPoint PPT Presentation


  • 282 Views
  • Uploaded on

Network Planning Task Force. Strategic Discussions. Mary Alice Annecharico / Rod MacNeil, SOM Mark Aseltine* / Mike Lazenka, ISC Robin Beck, ISC Doug Berger / Manuel Pena, Housing & Conference Services Chris Bradie / *Dave Carroll, Business Services Chris Field, GPSA (student)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Network Planning Task Force' - Michelle


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
network planning task force

Network Planning Task Force

Strategic Discussions

active task force members http www upenn edu computing group nptf
Mary Alice Annecharico / Rod MacNeil, SOM

Mark Aseltine* / Mike Lazenka, ISC

Robin Beck, ISC

Doug Berger / Manuel Pena, Housing & Conference Services

Chris Bradie / *Dave Carroll, Business Services

Chris Field, GPSA (student)

Cathy DiBonaventura, School of Design*

Geoff Filinuk, ISC

Bonnie Gibson, Office of Provost

Roy Heinz / John Keane, Library

Robert Helfman, Budget Mgmt. Analysis

John Irwin, GSE

Marilyn Jost, ISC

Carol Katzman, Vet School

Deke Kassabian / Melissa Muth, ISC

James Kaylor / CCEB*

Dan Margolis, SEAS* (student)

Dominic Pasqualino, Audit & Compliance

Kayann McDonnell, Law

Donna Milici, Nursing

Dave Millar, ISC

Michael Palladino, ISC (Chair)

Dominic A. Pasqualino / Audit & Compliance*

David Seidell, Wharton*

Dan Shapiro, Dental

Mary Spada, VPUL

Marilyn Spicer, College Houses*

Steve Stines / Jeff Linso, Div. of Finance

Ira Winston / Helen Anderson, SEAS, SAS, School of Design

Active Task Force Membershttp://www.upenn.edu/computing/group/nptf/

*New FY ‘04

nptf fy 2004 agenda
Summer

9/15

9/29

10/8

11/3

11/17

12/1

12/15

Focus group sessions

Setting the stage

Security discussions (Part I)

Security discussions (Part II)

Operational briefing/baseline activities

Strategic discussions

Consensus building/preliminary rate setting

State of the Union

NPTF FY 2004 Agenda
today s objectives
Today’s Objectives
  • Discuss Telecommunications strategy
  • Reach consensus on security strategy and plans, identify costs and begin to find funding sources.
  • Discuss wireless strategy, plans and costs.
strategic discussions
Strategic Discussions
  • Telecommunications
  • Security
  • Wireless
telecommunications strategy
Telecommunications Strategy
  • Short Term
    • Investigate several options for capturing shrinking telephone revenues.
      • Do two revenue-sharing contracts (Nextel & AT&T)
      • Seek lower-cost LD rates.
    • Extend Verizon contract at same or lower rates for two years (June ’07) to “lock in” low Centrex rates.
    • Investigate several options for enhancing voice service.
      • VoIP Centrex
      • Do VoIP SIP as an app on PennNet (Broadsoft)
      • Do VoIP SIP as an app on PennNet (open source)
telecommunications strategy continued
Telecommunications Strategy (Continued)
  • Mid term (1-3 years)
    • Do all network readiness work.
      • NGP (enhanced capacity, reliability, redundancy)
      • Upgrade electronics
    • Prepare staff and customers for transition.
    • Do VoIP pilots in College Houses and elsewhere.
    • Do softphone pilot of VoIP using campus wireless network (Dartmouth model).
telecommunications strategy continued8
Telecommunications Strategy (Continued)
  • Long term (5 years)
    • Full deployment of VoIP with all associated services including:
      • Unified messaging
      • “Follow me” features (Presence)
      • Enhanced ACDs
      • Video picture phone calls
      • Softphones
telecommunications strategy next steps
Telecommunications Strategy- Next Steps
  • Expand VoIP SIP pilot within N&T from 20 to 80 phones.
  • Expand pilots beyond N&T to ISC and some external customers.
    • Trial softphones.
    • Trial VoIP over PennNet wireless network.
    • Trial advanced features.
    • Trial open source SIP software.
    • Expand Broadsoft license to 1000 users for FY ’05.
security discussions
Security Discussions
  • Strategy
  • Progress
  • Plans
    • Near-term
    • Medium-term
    • Future
security strategies
Security Strategies
  • Implement a multi-layered security-in-depth architecture consisting of:
    • Host security
      • Security out-of the box
      • Patch management, anti-virus, strong passwords
    • Network authentication and authorization
    • Anti-virus
    • Firewalls
    • Intrusion detection
    • Improved incident response processes
security strategies continued
Security Strategies (Continued)
  • Establish policies that resolve privacy concerns and provide a mandate to justify funding a security in depth architecture.
  • Provide tools and resources to empower LSPs to implement these policies
    • Patch management service
    • Personal and workstation/server firewall and VPN standards
    • VLAN Support
    • Antivirus tools for large mail servers
    • Education and training
isc security progress
ISC Security Progress
  • ISC, in collaboration with its customers, is developing a multi-year strategy for campus computing security.
  • Support for VLAN network topology for fee in support of local firewalls.
  • Support for short-term filtering on edge routers for problematic services.
  • Virus scanning on POBOX.
  • Campus-wide and focused, critical host vulnerability scanning and reporting.
  • Security incident response
security plans near term
Security Plans/Near-term
  • Implement a PennNet host security policy mandating patch management, anti-virus software and strong desktop/server passwords.
  • Take proposals to NPC & IT Roundtable for intrusion-detection and campus-wide virus email scanning.
  • Help leverage virus scanning service for other campus email servers. ($5 per account per year)
  • Identify vendors/consultants who can assist with implementation of local firewalls on a for-fee basis.
  • Evaluation to identify standard firewall and VPN software.
security plans near term continued
Security Plans/Near-term (Continued)
  • Improve notification and disconnect/reconnect processes
    • Develop tools to rapidly associate wallplates with IP addresses.
    • Improved assignments accuracy and support quick lookups
    • Reduce the number of unregistered IP addresses
    • Targeted deployment of PennKey authenticated network access in College Houses, GreekNet, Library and other public spaces. ($100k for wireless)
    • Research ways of ensuring security of newly connected machines:
      • Vulnerability scan of machines as they connect to PennNet
      • Network authorization: Ability to block infected/vulnerable machines based on MAC address
security plans medium term
Security Plans/Medium-term
  • Improved security on Fall Truckload disk images.
  • Evaluate personal firewalls with goal of sharing information among, and making recommendations for, local support providers.
  • Patch management
    • ISC to run opt-in software update service for fee. ($28k year)
    • In lieu of patch testing, Penn to wait 1-2 days before implementing new patches on ISC run SUS server except in cases where ISC Information Security determines immediate release of patch is critical.
    • ISC to do more education and training. ($20k year)
security plans medium term17
Security Plans/Medium-term
  • Pursue volume discount pricing for patch management software as appropriate based on the recommendations of the patch management evaluation effort.
  • Additional TSS second-tier support for LSPs. ($15k)
  • ISC costs to manage port disconnects, reconnects associated with enforcement of patch management policy. ($150-$200k FY ‘05; $100k ongoing)
  • Similar local costs possible with supporting enforcement of patch management policy.
security medium term continued
Security/Medium-term (Continued)
  • Evaluate and recommend server and workgroup firewalls.
  • Select standard VPN and firewall software.
  • Determine if ISC should operate a centrally managed firewall service.
  • Develop a migration strategy and cost proposals to move towards campus-wide network authentication on both the wired and wireless networks.
  • After policy is accepted, pilot Intrusion-detection. ($100k)
security plans long term
Security Plans/Long-term
  • Implement campus-wide authentication (PennKey) on both the wired ($2M) and wireless ($100k) networks.
  • Evaluate a network design and migration strategy that better balances availability against security, and capable of supporting broader intrusion detection and firewalling.
wireless discussions
Wireless Discussions
  • Strategy
  • Challenges
  • Current status
  • Wireless costs
strategy
Strategy
  • Wireless as an “overlay” technology - not replacement for wired.
  • Scalable & Secure Solutions
  • Use Enterprise Class Technologies
    • Cisco AP350 & Newer 1200 AP
      • Adjustable Signal Strength
      • Stability
      • Monitoring & Statistics
      • Tri-Band Capabilities
  • Staged Approach
  • Standards Based Products
    • Avoid being locked in to single vendor
    • Cards that Comply with Wi-Fi Standards
challenges
Challenges
  • Funding
    • No Central Funding
      • Slower Roll Out in Some Areas
      • Should we subsidize public wireless IP addresses? ($50k)
      • Should we subsidize wireless authentication? ($100k)
  • Security
    • Authenticated Access
    • Data Encryption Lacking
    • Not able yet to do authorization with wireless authentication.
  • Support
    • Challenges supporting mobile users.
current status
Current Status
  • Authentication Gateway Tests
    • Testing with New Vendor Going Well
  • Short Term Plans
    • Work with Both Vendors (support exiting base)
    • Deployed New Auth. Device at Vance Hall 11/11
    • Upgraded OS on Existing Gateways on 11/13.
    • Expand Larger Pilot and another wLAN Mid December
    • Van Pelt PennKey authentication possible for next semester.
  • Long Term Plans
    • Resume replacement of MAC Authentication
      • Hit Target Dates for FY04
    • Pursue Strategic Plans
      • Determining funding model for a full-campus deployment
wireless costs access point ongoing costs
Wireless Costs: Access Point Ongoing Costs
  • Assumptions
  • Maintenance Fees are per AP Device in each wireless LAN
  • Central service fees are billed per IP address in use on the wireless LAN
  • Does not include a 10/100Base-T or vLAN port connectivity charge to PennNet
  • 100Base-T port will be charged at 10Base-T Rate due to 11mb limit
authentication hardware costs
Authentication Hardware Costs

*Blue socket numbers are estimated at this time

** Assumes that AP’s are all 802.11b. *802.11g conversion has different affect on these numbers.

wireless example installation ongoing costs 7 aps wlan
Wireless Example Installation:Ongoing Costs 7 APs wLAN

*Note that PennNet port charges, or CSF not included.

wireless example installation ongoing costs 19 ap wlan
Wireless Example Installation:Ongoing Costs 19 AP wLAN

*Note that PennNet port charges, or CSF not included.

wireless lan s on campus
Wireless LAN’s on Campus

Authenticated Access

MAC Authentication

mac address authentication
MAC Address Authentication

MAC Lists Stored Locally on AP’s

MAC Lists Stored Locally on AP