Fy 08 NETWORK PLANNING TASK FORCE

1
Fy 08 NETWORK PLANNING TASK FORCE

• First Strategy Discussion

10.1.07
2
NPTF Meetings FY 08

• 130-300pm in 337A Conference Room, 3rd floor
  of 3401 Walnut Street
• Process
• Intake and Current Status Review July 16
• Agenda Setting Discussion - September 17
• Strategy Discussions - October 1
• Security Strategy Discussions - October 15
• Strategy Discussions - October 29
• Prioritization - November 5
• FY09 Rate Setting November 19

3
Proposed NPTF Meetings FY 09

• February 18-Operational review
• April 21- Planning discussions
• June 2- Security strategy session
• July 21-Strategy discussions
• August 4- Strategy discussions
• September 15- Preliminary rates/security
• October 6- Strategy discussion
• November 3- FY10 Rate setting

4
Todays Agenda

• Strategy Discussions
• Next Generation PennNet
• UPS for network electronics
• Integrated Communications
• Intrusion-Detection

5
Next Generation PennNet-Gig Connectivity
Building Redundancy

• Goals
• Gig enabled closet electronics
• Gig to every building
• Redundant Gig connectivity
• Current Status
• Approximately 60 of switches 10/100/1000 enabled
• By the end of FY 08, most switches will be
  10/100/1000Mbps
• 62 buildings with Gig Ethernet

6
Strategic Approach NGP

• Diversify the PennNet Routing Core
• Move out of College Hall (Largest Single Point of
  Failure)
• Construct 5 Network Aggregation Points (NAPs)
• Redundant High Speed Connectivity between NAP
  locations
• Highly Available Core Network Infrastructure
• Relocate Campus Building Uplinks to Local NAP
• Provide High Speed Uplinks to Buildings (where
  infrastructure can support this now, single-mode
  fiber/conduit build outs sometimes necessary)
• Provide Redundancy Uplinks to Campus Buildings
• Five Connectivity Models
• Based on Building Criticality (University
  Business)
• Number of User Connections
• Infrastructure Availability

7
Diversify PennNet Routing Core

• Five NAP locations completed and in operation
• NAP locations have redundant and diverse 10 gig
  feeds.
• NAPs connect local buildings that have fiber and
  pathway.
• 62 buildings have gigabit Ethernet service
• College Hall node room will house a core router
  for next two years (until all NAP to building
  feeds are in place)
• Will reduce catastrophic disaster recovery time
  from 2 weeks to under 2 hours.
• Will provide infrastructure foundation for next
  generation data, voice and video services.
• Eastern NAP feasibility study pending
  construction timeline.

8
(No Transcript)
9
Building Connectivity Models 1 2(Dual Feeds to
separate NAPs, each with either diverse or
overlapping pathways)
10
Building Connectivity Model 3 (Each Building has
1 uplink to a separate NAP and one link to each
other.)
11
Building Connectivity Model 4 (Building has 1
uplink to each Building Entrance Router in the
local area.)
12
Building Connectivity Model 5 (Building has 1
uplink to a Building Entrance Router.)
13
Building Connectivity Model 5a (Building has 1
uplink to a Building Entrance Router with dual
feeds.)
14
Gig Connected Buildings (Single Feed)
15
Gig Connected Buildings (Single Feed)
16
Gig Connected Buildings (Dual Feed)
17
Gig Connected Buildings (Dual Feed)
18
Dual Connected Buildings (100/Gig or 100)
19
Upgrade Schedule

• http//www.upenn.edu/computing/pennnet/maintschedu
  le.html

20
Redundancy (UPS)

• As we move towards data, voice and video IP-based
  systems and services that all rely on electrical
  power, how much protection should we do and can
  we afford?
• We have back up generators and UPS in the 5 NAPs.
  So theoretically they should not go down.
• Building power is not 99.999 from
  Peco/Facilities.
• While we do not have solid historical data, we
  began recording data on power outages beginning
  in March 2007.
• Since March 21,2007 the campus has had 52 hours
  of outage due to power loss in 36 buildings. (Not
  including a 64 hour outage to Nursing LIFE)
• Generally, outages are either very short (blip)
  or 1 hours.

21
Redundancy (UPS)

• It costs about 2700 per location to install UPS
  (assuming the UPS has 25 minutes of battery time
  and no other wiring closet work need to be done).
  
• Cost of 1100.00 per 15 minutes additional
  battery time
• Rough ongoing costs would be approximately
  900/yr per location.
• NT manages over 600 wiring closets on campus
• Annual cost would be about 540K

22
Redundancy (UPS)

• Alternatively, we could just do UPS on the
  building routers.
• There are only 100 of these locations.
• Without UPS, a short electrical blink causes them
  to reboot, forcing a 5-10 minute outage.
• This would mean for that duration, there would be
  no services that require the network including
  phones.
• Annual cost 90k
• Are you interested in this? Is it worth spending
  this much to protect against 25 minutes of
  outage?

23
Integrated Communications (IC)

• IC involves integrating several communications
  applications toward improved productivity for
  staff, faculty and students
• PennNet Phone and Voicemail
• Instant messaging
• Desktop video
• Linking these applications together, and to
  University information (online directory,
  calendars, etc) puts more control in the hands of
  our user community
• It also allows user communication preferences to
  be taken into account.

24
PennNet Phone

• Goals
• To convert 25,000 analog voice customers to
  Integrated Communications (VoIP, Voicemail, etc.)
  over the converged IP network with added
  functionality and lower costs in 5 years or less.
• Status
• We currently have about 1400 PennNet Phone users.
• Redundant servers and gateways
• Full service monitoring 24x7
• New feature releases about twice a year
• New phone equipment being rolled out by early
  2008.

25
PennNet Phone

• Issues
• We have had some long-term problems with the PRIs
  from Verizon and the Cisco gateways that have
  caused known problems with transferring some
  calls, some caller ID, etc.
• Next steps
• We believe we have the PRI problems resolved.
• We tested the new gateway code yesterday.
• The new code release comes out in late October.
• If all goes well, we could have improved call
  transfers in production in November.

26
Instant Messaging

• Goals
• Users at Penn report that they are using Instant
  Messaging (AIM, Yahoo Messenger, Skype and Google
  Talk) today for business purposes.
• Our goal was to provide them with an alternative
  that
• Provides improved privacy and security
• Is able to make use of Penn identity information
• Can be integrated with other Penn communications
  elements

27
Instant Messaging

• Status
• The same open standard, open source technology
  used by Google Talk, "jabber" (based on the XMPP
  protocol family) is being deployed and used in a
  pilot mode at Penn today
• It provides controlled data path (need not leave
  campus when two on campus users chat)
• It provides identity assurance (uses Penn's
  authentication system, and Penn's naming scheme)
• It has so far proven to be low cost to operate
  and highly reliable.
• Next steps
• Pilot to a larger audience over the next 3-4
  months
• Full rollout at no cost to current PennNet phone
  and email customers by end of FY08.

28
Voice mail

• Goals
• Roll out version 1.0 of new voicemail in early
  2008 (possible late January).
• Key reasons for change
• Todays Octel Voicemail system is old and
  expensive to support (vendor EOL/EOS)
• It does not have good disaster recovery
  capabilities
• In a failure, we could be out for at least 12
  hours
• Message recovery would be incomplete.
• The new system can recover rapidly with very
  complete data
• The new system is designed for the new PennNet
  Phone service to be used throughout Penn in the
  next few years
• A migration by all users to the new voice mail
  system now brings us back to "one voice mail
  community"

29
Voice mail Differences

• There will be differences in features and
  functionality
• In some cases, the new voice mail system will be
  less feature rich
• But it will allow PennNet Phone users some very
  advanced online access to messages and features
• Web access to settings
• Both telephone and email access to messages

30
Voice mail Timing

• New voicemail is in production use now for 1400
  PennNet Phone users
• New voicemail is in pilot now for 100 campus
  users of traditional phones
• For most traditional phone users, rollout is
  being targeted for early 2008 (possibly late
  January)
• For advanced voicemail applications, migration
  will take place in late spring or early summer
  CY2008
• eg., Menus, Transfer Mailboxes, Listen-only
  mailboxes

31
Desktop Video

• Goals
• Easy, low cost desktop video conferencing for
  when audio or IM is insufficient
• Status
• No work being done towards a Penn service. But
  desktop client tools are maturing.
• Issues
• Maturity, complexity, cost
• Next steps
• Wait a little longer

32
Intrusion Detection (Perimeter PennNet Core)

• We deployed Arbor Networks peakflow in 2005
• A network management tool that provides some ID
  functionality for PennNet perimeter and core.
• We use it for a wide range of analysis, including
  attack signatures, but also traffic
  characterization and ISP peering analysis.
• We are able to share info across institutions so
  that we can recognize an attack before it reaches
  Penn.
• Upgrades are mostly software which is covered by
  our current contract.

33
Intrusion Detection(Local level/subnet)

• Host-based intrusion detection is available today
  for every major operating system
• ISC is committed to having a strategy for local
  intrusion detection systems, as well as
  recommendations and product offerings before
  network-based IDS becomes required in any
  security policy.
• It is likely that this would be in FY09.
• We are currently looking at a few products
• Tipping point (meeting with them tomorrow)
• Arbor - Peakflow x
• Snort-widely deployed open source IDS
• Bro-open source IDS developed at LBNL by Dr. Vern
  Paxson, a noted TCP/IP researcher.
• A local IDS could be deployed alongside, and
  access mirrored traffic from, a building
  entrance device.