1 / 21

Network Planning Task Force

Network Planning Task Force. Network Strategy Discussions. Mary Alice Annecharico/Rod MacNeil, SOM Robin Beck, ISC Dave Carrol, Business Services Cathy DiBonaventura, School of Design Geoff Filinuk, ISC John Keane/ Grover McKenzie, Library Marilyn Jost, ISC

ethan
Download Presentation

Network Planning Task Force

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Network Planning Task Force Network Strategy Discussions

  2. Mary Alice Annecharico/Rod MacNeil, SOM Robin Beck, ISC Dave Carrol, Business Services Cathy DiBonaventura, School of Design Geoff Filinuk, ISC John Keane/ Grover McKenzie, Library Marilyn Jost, ISC Deke Kassabian /Melissa Muth, ISC Manuel Pena, Housing and Conference Services Mike Weaver, Budget Mgmt. Analysis Dominic Pasqualino, OAC James Kaylor, CCEB Helen Anderson, SEAS Kayann McDonnell, Law Donna Milici, Nursing Dave Millar, ISC Michael Palladino, ISC (Chair) Jeff Fahnoe, Dental Mary Spada, VPUL Marilyn Spicer, College Houses Joseph Shannon, Div. of Finance Ira Winston, SEAS, SAS, Design Mark Aseltine/ Mike Lazenka, ISC Ken McCardle, Vet School Brian Doherty, SAS Richard Cardona, Annenberg Deirdre Woods/Bob Zarazowski, Wharton John Irwin, GSE NPTF FY ’07 Members

  3. Meeting Schedule – FY ‘07 • Meetings 1:30-3:00pm, 3401 Walnut Street • Fall Meetings / Process • Intake and Current Status Review – August 21 • Agenda Setting & Focus Group Planning – September 18 • Focus Group – October 04 • Security Strategy Discussions – October 16 • Focus Group – October 17 • Network Strategy Discussions – October 30 • Network & Security Strategy Discussions – November 6 • Focus Group Feedback – November 20 • Final Meeting-Prioritization /Rate Setting – December 04

  4. Today’s Agenda • PennNet Building Uplinks (Gigabit connectivity) • Network Access Control • PennNet Gateway (Scan & Block) • VoIP • Wireless

  5. PennNet Building Uplinks: Gigabit & redundant connectivity

  6. Gig Connectivity & Building Redundancy • Goals • Gig enabled closet electronics • Gig to every building • Redundant Gig connectivity • Current Status • 41 buildings with Gig Ethernet/55 in total in FY ‘07 • Evaluating new closet electronics/deploying in January 2007 • Approximately 50% of switches 10/100/1000 enabled • By the end of FY ’08, most switches will be 10/100/1000Mbps

  7. Strategic Approach: Next Generation PennNet (NGP) • Diversify the PennNet Routing Core • Move out of College Hall (Largest Single Point of Failure) • Construct 5 Network Aggregation Points (NAPs) • Redundant High Speed Connectivity between NAP locations • Highly Available Core Network Infrastructure • Relocate Campus Building Uplinks to Local NAP • Provide High Speed Uplinks to Buildings (where infrastructure can support this now, single-mode fiber/conduit build outs sometimes necessary) • Provide Redundancy Uplinks to Campus Buildings • Five Connectivity Models • Based on Building Criticality (University Business) • Number of User Connections • Infrastructure Availability

  8. Diversify PennNet Routing Core • Four NAP locations Completed. • NAP locations have redundant and diverse 10 gig feeds. • NAPs connect local buildings that have fiber and pathway. • Some buildings have gigabit Ethernet service • Western NAP (Levy) Construction Complete by 12/2006 • Relocating one core router from College Hall to Levy NAP • Begin connecting some buildings in 01/2007 • College Hall node room will house a core router for next two to three years (until all NAP to building feeds are in place) • Will reduce catastrophic disaster recovery time from 2 weeks to under 2 hours. • Will provide infrastructure foundation for next generation data, voice and video services.

  9. Building Connectivity Models 1 & 2(Dual Feeds to separate NAPs, each with either diverse or overlapping pathways)

  10. Building Connectivity Model 3 (Each Building has 1 uplink to a separate NAP and one link to each other.)

  11. Building ConnectivityModel 4 (Building has 1 uplink to each Building Entrance Router in the local area.)

  12. Building Connectivity Model 5 (Building has 1 uplink to a Building Entrance Router.)

  13. Building Connectivity Model 5a (Building has 1 uplink to a Building Entrance Router with dual feeds.)

  14. Gig Connected Buildings (Single Feed)

  15. Gig Connected Buildings (Dual Feed)

  16. Dual Connected Buildings (100/Gig)

  17. Network Access Control • Goal • Campus-wide, uniform network access control for wireless and wired network connections • Current Status: • New switch hardware and new software on existing switches should allow 802.1X rollout for wired ports by Summer 2007 • College House and Sansom Place wireless already using 802.1X network login • Rest of wireless APs using web intercept (captive portal) • Discussion Points • Should we move to enable AirPennNet (802.1X) on all current wireless-pennnet APs? If so, on what time frame? • Can we eventually transition to all 802.1X, removing the need to maintain dedicated web intercept hardware? When?

  18. Scan and Block • Goal • Full campus wide S&B at all user locations (servers and printers probably out of scope) • Preventing access by compromised or highly vulnerable computers should lower the total cost of ownership for IT delivery. • Advantages • PennNet Gateway will significantly reduce lost productivity by students and staff, and protect the operational integrity of Penn’s network in the following ways. • Unmanaged workstations will be protected from each other, so internal security threats are contained and therefore lost user productivity reduced. • IT staff in the schools and centers no longer will need to manually examine laptops prior to their connecting to the network. • Penn networks will be less vulnerable to performance problems caused by compromised workstations. • Users will be able to help themselves secure their own workstations, thereby avoiding compromise and the attendant loss of data and productivity.

  19. Scan and Block (continued) • Challenges • Some common desktop and laptop computing environments are built on the assumption that the network is immediately available for startup scripts, filesystem mounts, domain policy enforcement, etc • Best functionality when users install optional agent software, but that carries it’s own set of challenges (cooperation, distribution, updates) • Scan and Block is still young technology • Even when S&B technology is working perfectly, ISC and campus IT partners need to find the right balance in scanning for vulnerabilities versus quick login

  20. PennNet Gateway (a Scan & Block implementation) • Strategy • Build on network authentication, adding vulnerability scanning • Scale up pilot deployments now • Large-scale, production deployment: Fall 2007 • Cover public wireless areas • Provide in schools, centers and residential areas upon request • Current Status • ISC internal pilot: 27 users since April • Medicine, Nursing and Vet have expressed interest • Web interface needs Penn branding; December ETA • Pilot plans to be discussed with College House Computing • N&T, TSS & Info Security formalizing process issues (updating, testing, communications and rollout for new scans) • Next Steps • Expand pilot to interested schools and centers • After web interface branded, make available for residential pilots • Discussion Points • Should we eventually implement Scan & Block on all wired and wireless ports? • Costs for full implementation TBD. Scan & Block early adopters are funded by Central Service Fee

More Related