1 / 25

Network Planning Task Force FY'06 - Final Session: Setting the Rates

This document outlines the agenda and schedule for the final session of the Network Planning Task Force for FY'06, including discussions on security priorities, network strategic decisions, and rate setting for FY'07.

drafael
Download Presentation

Network Planning Task Force FY'06 - Final Session: Setting the Rates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. NETWORK PLANNING TASK FORCE FY’06“Final Session – Setting the Rates” 12/5/05

  2. Meeting Schedule – FY 2006 • Summer Planning Sessions (2) • July 18 • August 01 • Fall Focus Groups (2) • September 19 • Fall Meetings (6) • October 03 – Security Priority Setting • October 17 – Network Priority Setting • October 31 – Strategic Security Discussions • November 07 – Network Strategic Discussions • November 21-Final Strategic Discussions/Summary of needed decisions • December 5 – Consensus/Prioritization/Rate Setting

  3. Agenda • FY’07 Security Initiatives • Financial Summary • Network Financial Health • Setting the CSF Rate • Other Proposed Rates

  4. FY’07 Security Initiatives • Architecture • Local firewall support • Edge filtering • Needed decisions • Scan and Block • Monthly scanning

  5. Security Architecture

  6. Local Firewall Support • Recommendations • ISC recommended firewall is NetScreen, from Juniper Networks (http://www.juniper.net/). • Recommend external consultants. (February 2006) • ISC for-fee firewall consulting service. (May 2006) • Streamline ISC intake for this service to coordinate with TSS, Networking and Security. (In progress)

  7. Edge Filtering • Recommendations: • By July 1, 2006, Block NetBios at PennNet edge, other than in a reserved range of addresses. External traffic bound for Netbios services on all other Penn IP addresses would be blocked. NetBios would be remotely available for machines in the subnet and…. • FY’ 08: Encourage replacement of remote access to NetBios services with functional equivalents that don’t use NetBios – e.g. Exchange Server 2003 RPC over HTTP and new file service options. • Planning Assumption: • Requires technical/communications planning and information gathering now. • School/center support. • WINS server information necessary • DHCP ranges • Windows browsing requires configuration • Campus-wide communications would need to begin soon. (ITR)

  8. Scan and Block • Recommendation • Deploy a “scan and block” system to help prevent network access by compromised or vulnerable computers. Authenticated wired and wireless network access, with brief scan of hosts for major vulnerabilities at connection time. Quarantine those with problems found, until they can be patched or repaired. Allow those that “pass” the scan to access the network. Schedule deeper scans once connected. • Solution Options • Preferred Option: Solution from Lockdown Networks • http://www.lockdownnetworks.com/ • Currently working with vendor on key elements, with final go/no-go in mid-December • Second Option: Locally developed solution • Needed if Lockdown cannot fully meet requirements • Large software development project, requiring approximately 1 person-year • Server hardware to handle scanning/logging • Third Option: Shared solution • Exploring options with Cornell in the hope of "sharing a solution"

  9. Scan and Block • Estimated Costs • One-time cost for residential system and public wireless networks is, $300,000 for options one or two. • Approximately $100k ongoing costs to start in FY ’08 and may increase the Central Service Fee. (Conceptual decision needed today.) • Planning Assumptions • To do Scan and Block wireless access points must be upgraded to Cisco 1131 and 1232 models. • Implementation in the residential system (wired and wireless) is scheduled for August 1, 2006. • Deploy Scan and Block for 1-2 campus wireless networks in the Summer (Law). • ISC to fund and upgrade all ISC-managed wireless access points in FY’ 07 and to expand Scan and Block capability to some wireless networks. • ISC to provide one-time funding for major strategic initiatives such as this, as it has in the past with Intrusion-Detection and Central Wireless Authentication. • CSF to support ongoing costs starting FY ’08.

  10. Jul 05 Jan 06 Jan 05 Jul 04 Jul 06 Planned Deployment NetReg, & .1x pilot Solutions Design Scan & Block Evaluations Initial SUG And ITR Talks Purchase & Integrate, or Build Timeline • Goal of deployment in residential buildings for start of Fall 2007. Could be expanded thereafter.

  11. Security Scanning Frequency/Intensity • Background • Two types of scans: • Vulnerability–scan for anywhere from a few, up to practically a limitless number of possible vulnerabilities • Pros: Low false positive rate, when used for a limited set of vulnerabilities Proactive • Cons: High false positive rate for many other vulnerabilities, making interpretation time-consuming • Compromise– scan for signs of hacked machines • Pros: Low rate of false positives, little interpretation required • Cons: Reactive, rather than proactive • Current practice is two compromise scans annually and vulnerability scans on request. • Proposed policy requires monthly scanning of critical hosts. ISC to work with schools/centers on scanning of critical hosts behind firewalls. • Recommendation • Vulnerability scan twice annually and compromise scans monthly. • Cost • $25K annually. (Decision needed today to include in CSF for FY’07.)

  12. FY ’06 – ’11 Network Financial Health

  13. FY ’07 Revenue Sources

  14. FY ’06 Current Central Service Fee Rate

  15. FY ’07 Projected Central Service Fee Rate

  16. Proposed New Rates (FY ’07) • 10Mbps • 100Mbps • Wireless • Installations • Monthly Support Fees • Voice including VoIP • Video

  17. FY’07 Proposed Rates

  18. Wireless Proposal FY ’07 • ISC to capitalize access point hardware, using a 3-year depreciation schedule. • Deploy next generation of wireless technology. • ISC to replace all existing APs under ISC support by the end of FY ’07. Law to be completed in July 2006. • Costs for hardware depreciation, hardware/software support, staff, etc. will be $27/month per AP. • It is currently $27/month without hardware depreciation. • More public wireless IP addresses in schools and centers will be subsidized.

  19. Estimated Wireless One-time Costs • Site survey/plan 2 Techs 2hrs • Equipment config and activation 1hr • vLAN config and testing 1hr • Final survey (2 Techs) 1hr • Documentation & Net Mgmt 1 hr • Total ($55/Hr) 6 hrs = $330 • Wiring (If necessary) $400 • Enclosure (If necessary) $ 60 • TOTAL $790 * Building Architecture and Coverage Complexity will affect labor and material costs.

  20. FY ‘07 Wireless Support Costs (Monthly Fee Per Access Point) • Cost Breakdown • Hardware depreciation $13 • Hardware/software maintenance $ 5 • Staff costs per AP $ 9 • Subtotal $27 • Port charge per AP $6.03 • TOTAL $33.03

  21. Next Steps • NPTF makes rate recommendations. • Rate recommendations presented to Provost and EVP. • Final FY ’06 rates established. • Rates sent to ABA in late December. • Rates published in Almanac on December 20th.

  22. Appendix A - Budget Assumptions for FY ‘07 • Security concerns continue to be a high priority as various intrusions, compromises, viruses, worms, etc. have reduced Penn’s productivity levels. • The work of the Network Funding Committee evaluating alternative billing metrics in lieu of IP addresses for the central service fee will not have an impact on the FY ’07 budget process. • Bandwidth management techniques combined with a good Internet strategy have eased the pressure on developing tiered network connectivity options based on usage. However, this will continue to be explored and evaluated as the need arises. • Separate SLAs for College Houses and Greeknet for maintenance and bandwidth exist. • 5 year phase-out of allocated monies ($2.317M) to occur from FY2003-07. • Telecommunications surplus, operating efficiencies and increased rates to offset allocated cost phase out.

  23. Budget Assumptions for FY ’07 (Continued) • The FY2006 budget assumed Next Generation PennNet project funding at $700k/year. Funding source is Telecommunications surplus. Funding for NGP is budgeted at $700k from FY ’07 – ’11. • No rate increases for existing Telecommunications services in FY ’07. Some Video service rate increase in ’07. VoIP pilot rates are at: www.net.isc.upenn.edu/rates • For FY ‘07 College House students will continue to be billed indirectly as part of housing fees for baseline PennNet and Penn Video Network services and Wireless. • Building entrance and router equipment are on a four-year replacement cycle. • Closet electronics and network servers are on a three-year replacement cycle. ResNet moves to a 4-year replacement cycle due to complete wireless connectivity in all College Houses and Sansom Place. • Penn will continue to operate MAGPI, the Internet2 gigaPop with primary purpose to help lower Penn’s Internet costs and position for Penn’s likely need in the future for the National Lambda Rail (Internet3).

  24. Budget Assumptions for FY ’07 (Continued) • The growth rate in IP addresses from the schools/centers is projected to increase by 1000 per year from FY ’06 -’11 with 1200 new in FY ’07. • ISC managed wallplates projected to level off from FY’06 –’11. ResNet wall plates to decrease by 2100 in FY ’07. Wireless Access support revenue to replace wired as wireless gets more ubiquitous from FY ’06 –’11. • The CSF subsidized approximately 900 wired, public lab connections that have computers attached in FY ’06. Subsidy will continue in FY ’07. • The CSF subsidized approximately 1100 wireless public IP connections in FY’06. Subsidy will continue in FY ’07. • The NPTF decided to do school-based IP wireless subsidies for FY ’06. Subsidies to be expanded in FY ’07.

  25. Budget Assumptions for FY ’07 (Continued) • To retain and recruit appropriate N&T IT staff, 3% compensation has been budgeted from FY ‘06 –‘11. • In FY2007 N&T’s overhead rate is 51.5% to cover costs of benefits, rent, training, computers, telephones, etc. • The NOC will not be physically staffed (7x24x365) through FY ‘10. It will continue to operate from 6 AM – 11 PM, M-F with the rest of the week covered by technical staff on beepers. • N&T total expense budget increases from $22.0M in FY ’02 to only $24.3M in FY ’11. (1.1%/year)

More Related