Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Computer network wikipedia , lookup
Extensible Authentication Protocol wikipedia , lookup
Distributed firewall wikipedia , lookup
Zero-configuration networking wikipedia , lookup
IEEE 802.11 wikipedia , lookup
Wireless USB wikipedia , lookup
Policies promoting wireless broadband in the United States wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
NETWORK PLANNING TASK FORCE FALL FY 2005 MEETINGS “OPERATIONAL DISCUSSIONS” November 01, 2004 1 MEETING SCHEDULE – FY ‘05 ■ Summer Focus Groups ■ July 19 ■ August 2 ■ August 16 ■ Fall Meetings ■ September 20 ■ October 18 ■ November 01 ■ November 15 ■ November 29 ■ December 6 Operational Briefing (Non-financial) Strategic Discussions (Security) Operational Discussions Strategic Discussions Financial Discussions Consensus/Prioritization/Rate Setting 2 NPTF FALL ’05 MEMBERS ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ Mary Alice Annecharico / Rod MacNeil, SOM Robin Beck, ISC Chris Bradie/Dave Carrol, Business Services Cathy DiBonaventura, School of Design Geoff Filinuk, ISC Bonnie Gibson, Office of Provost Roy Heinz / John Keane/ Grover McKenzie , Library John Irwin, GSE Marilyn Jost, ISC Deke Kassabian / Melissa Muth, ISC Doug Berger/ Manuel Pena, Housing and Conference Services Mike Weaver, Budget Mgmt. Analysis Dominic Pasqualino, OAC ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ Kayann McDonnell, Law Donna Milici, Nursing Dave Millar, ISC Michael Palladino, ISC (Chair) Dan Shapiro, Dental Mary Spada, VPUL Marilyn Spicer, College Houses Steve Stines / Jeff Linso, Div. of Finance Andrew Selden*, PCBI Ira Winston / Helen Anderson, SEAS, SAS, School of Design Mark Aseltine/ Mike Lazenka, ISC Eric Snyder*, Vet School Brian Doherty*/John Yates*, SAS Richard Cardona*, Annenberg Dan Margolis, SEAS(student) David Seidell, Wharton Ryan Nunes, (student) 3 * New Members in FY’05 NPTF FY ’05 Progress to Date ■ ■ ■ ■ ■ ■ ■ ■ Challenged and reaffirmed NPTF process. Refreshed NPTF principles. Updated FY ’05 – ’09 planning assumptions. Prepared 5 year N&T budget. (Summer Submission) Held 3 summer focus groups and many 1-1 meetings with schools/center computing directors to gather customer feedback. Set the Fall Agenda. Operational Briefing Security Briefing 4 Remaining NPTF FY’05 Activities ■ Strategic Discussions (11/15) ■ ■ ■ ■ ■ ■ ■ ■ PennKey PennCommunity On-Line Directory Security Anything we missed? Financial Discussions (11/29) Prioritization/Consensus/Rate Setting (12/6) Benchmarking (Spring ’05) 5 Today’s NPTF Agenda: Operational Briefing ■ ■ ■ ■ ■ ■ ■ Domain Names (MP) MAGPI/Internet2 (MP) College House Services (MP) Wireless (MW) Network Management (DK) Security (DK) Network Operation Center (NOC) Tour (MW) 6 Domain Names ■ ■ ■ 2001 Domain Names Policy states that domain names existing before 2001 are exempt from meeting policy standards. A $300 yearly fee should be charged for those out of compliance. In FY 2003, we reviewed compliance of all 3rd level domain names with 2001 policy to determine fee exempt status. ISC found that: ■ ■ ■ ■ ■ Administrative costs exceed revenue generated by few non-exempt “grandfathered” domain names. These domain names are an intrinsic part of each group’s organization. They were not willing to bring them into compliance to avoid the fee. ISC N&T has decided to declare all non-compliant, pre-existing domain names exempt from the yearly domain name fee. The yearly fee will still be charged for new 3rd level domain names. Domain Name pages: www.upenn.edu/computing/pennnet/domainnames/ 7 MAGPI ■ ■ ■ ■ A multi-state regional GigaPoP (Gigabit Point of Presence) , involving institutions from New Jersey, Pennsylvania and Delaware Penn’s regional connection to Internet2, the research network. Promotes applications for the region's research and education communities through high performance network technology. Offers wide range of services to support research activities, including: ■ Regional, national, and international high speed connectivity ■ Applications development ■ Advanced services (e.g., Multicast, IPv6) ■ Digital video support 8 MAGPI/Internet2 Planning Assumptions ■ ■ ■ ■ ■ ■ ■ Penn needs Internet2 to remain competitive. MAGPI helps lower Penn’s total costs. The central service fee would increase by 5% ($250k) without MAGPI. MAGPI is soon moving to an OC48 to support the growing subscriber base. Penn will probably need to connect to the National Lamda Rail in the next 1-2 years to support high-end research. The OC48 infrastructure upgrade and other activities would increase the potential for NLR at much lower costs to Penn More info – http://www.magpi.net 9 National Lambda Rail Thought of as the next version of Internet2, The National Lambda Rail is gaining momentum throughout the United States. ■Key Features: ■ ■ ■ ■ Requires fiber optic connections Dense Wave Division Multiplexing, (DWDM) Lambdas in increments of 10 Gigabits per second With the Internet2 project, HOPI, this will establish a global Optical/Packet infrastructure ■Benefits ■ To maintain Penn’s competitive edge for the research community. 10 I2/MAGPI Involvement at Penn ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ Engineering School - remote course delivery as part of Nanotechnology Institute's outreach to 7 community colleges in PA, NJ, DE, and MD and educational outreach to high schools. International Student Interviews (SEAS, SAS Grad Students) Grad Ed's Penn Literacy Network International Programs with pre-service teachers in Dublin. Collaboration Opportunities for Lauder Faculty with France, China, etc. School of Medicine Faculty Participation in COPD Virtual Conference hosted by Prous Science in Barcelona National Teleimmerison Initiative http://www.cis.upenn.edu/teleimmersion National Digital Mammography Archive http://www-306.ibm.com/e-business/doc/content/growingsuccess/univofpa.html Schoenberg Center for Electronic Text and Image http://dewey.library.upenn.edu/sceti/ English Renaissance In Context http://dewey.library.upenn.edu/sceti/furness/eric Wharton West http://www.upenn.edu/pip/?pip=whartonwest The French Project (Lauder and Universite of Grenoble) and EUMAX Project (multi-state, multi-country International Business and Computer Science education) http://www.scienceblog.com/community/older/2001/E/200115536.html Penn Museum of Archeology and Anthropology's Interactive Virtual Museum Education for K12s 11 MAGPI Connected Sites ■ Universities ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ Hospitals ■ ■ ■ ■ CHOP Fox Chase Cancer Center Lehigh Valley Hospital Research Facilities ■ ■ Princeton Thomas Jefferson University Arcadia University Lehigh University Seton Hall University St Francis University Temple University Villanova University Widener University Rutgers University of Delaware Stevens Institute of Technology University of Medicine and Dentistry New Jersey New Jersey Institute of Technology Johnson and Johnson State Networks ■ New Jersey ■ K12 institutions – 32 ■ The Franklin Institute 12 College House Services ■ ■ ■ Focus Groups Wireless New Financial Model 13 College House N&T Service Focus Groups ■ ■ ■ ■ ■ Conducted two focus groups last week regarding data, voice and video services Goal is to get direction for preparing student survey Strong desire for wireless throughout college houses Rejection of PAC codes on phone lines Bandwidth cap not noticed 14 College House Wireless ■ Working on various strategies for wireless networking in the dorms. ■ ■ ■ ■ ■ Cost Effective vs. Performance Coverage Supplemental vs. Replacement for Wired Insourced vs. Outsourced Service. Working on a proposal for College House wireless costs (end of January ’05). Strategy could be expanded to rest of campus. 15 Proposed College House Service & Funding Models ■ We already have a separate network SLA for the College Houses ■ ■ ■ ■ ■ Differential hours of support since “home use” is off hours Differential Internet Bandwidth Special Support for College House Servers We are exploring a new funding model for future services Is it time to have a separate cost model? ■ ■ Wallplate fee Central service fee 16 Wireless ■ ■ ■ Current status Subsidized Wireless IP Addresses Future Plans 17 Wireless – Current Status ■ Locations: 32 Wireless LANs on Campus ■ ■ ■ ■ ■ 14 Public Wireless Locations 16 Private Wireless Locations 197 Managed Access Points Blue Socket Gateways Installed in 4 locations. User Based Authentication for all but three Wireless LANs 18 Wireless LAN’s on Campus 19 Wireless - Subsidized Wireless IP Addresses ■ ■ ■ ■ NPTF voted to allow up to 400 IP addresses for public wireless locations if FY2005 14 Public Wireless Locations are being monitored for usage statistics Private Wireless LANs can get some subsidies (10% for large LANs, up to 20% for small LANs) Defining Public vs. Private Wireless LANs 20 Wireless Ranges Building DHCP range U-S quare (1 AP in GRT CRC) SFR-VPUL Museum Library M EY M EL LUW 128.91.24.33- 128.91.24.62 128.91.134.12- 128.91.134.21 128.91.27.11- 128.91.27.62 128.91.28.11- 128.91.28.62 128.91.59.150- 128.91.59.210 128.91.58.76- 128.91.58.126 LCT-3601-Locust JS N-Biomed Lib HRN Houston-Hall HNW (Harnwell) HIL Furness-wireless - 1 AP is on 4th 128.91.59.11- 128.91.59.20 128.91.27.76- 128.91.27.126 165.123.93.11- 165.123.93.107 128.91.25.51- 128.91.25.100 128.91.24.95- 128.91.24.126 128.91.24.191- 128.91.24.254 floor conference room outside library area College-green-wireless Castor-wireless Bookstore-wireless 3401- Wireless EIS 128.91.26.139- 128.91.26.190 128.91.25.161- 128.91.25.235 128.91.26.75- 128.91.26.94 128.91.26.11- 128.91.26.50 165.123.94.21- 165.123.94.80 # of Ip Addresses 30 10 52 52 9 51 10 51 97 50 32 64 52 75 20 40 60 10 5 Domain (new) # of APs wireless-pennnet.upenn.edu wlan.vpul.upenn.edu wireless-pennnet.upenn.edu wlan.design.upenn.edu wlan.ora.upenn.edu wireless-pennnet.upenn.edu 3 1 1 1 3 1 wlan.vpul.upenn.edu wireless-pennnet.upenn.edu wireless-pennnet.upenn.edu wireless-pennnet.upenn.edu wireless-pennnet.upenn.edu wireless-pennnet.upenn.edu 1 3 5 4 1 4 wireless-pennnet.upenn.edu wireless-pennnet.upenn.edu wlan.ssw.upenn.edu wireless-pennnet.upenn.edu wlan.isc-net.upenn.edu wireless-pennnet.upenn.edu wlan.admin.upenn.edu 6 3 1 1 5 8 21 Wireless Ranges Building HNT-Wireless DHCP range # of Ip Addresses Domain (new) # of APs 128.91.92.61- 128.91.93.254 275 wlan.wharton.upenn.edu 25 wlan.wharton.upenn.edu 34 wlan.lsw.greeknet.group.upenn.edu wlan.gse.upenn.edu wlan.dental.upenn.edu wireless-pennnet.upenn.edu wlan.vpul.upenn.edu Wlan.dria.upenn.edu wlan.law.upenn.edu 1 8 7 (1AP in lib) 2 2 2 37 wireless-pennnet.upenn.edu 21 SDH-Wireless -SDH(22) -VAN(6) -SCC(2) -LFR(1) -MCN(1) -CPN(2) 75 128.91.80.254- 128.91.81.72 51 LSW (Kelly Writer’s House) GEB EVN HRS-Wireless PIN GYM Law-Wireless 128.91.58.140- 128.91.58.190 128.91.27.145- 128.91.27.195 128.91.61.30- 128.91.61.55 165.123.95.11- 165.123.95.107 128.91.26.203 128.91.26.214 128.91.138.11- 128.91.138.50 130.91.208.61-130.91.209.174 VPL Wireless 128.91.128.40- 128.91.128.254 51 26 97 12 20 370 150 – DHCP 65 - Static 22 Wireless – Future Plans ■ ■ ■ Improvement on user authentication – 802.1x Improving efficiency of wLAN installation Using New Wireless Tools ■ ■ ■ Air Magnet Laptop Analyzer - troubleshooting Air Magnet Surveyor – survey and updating AP’s Evaluating New Tools ■ Centralized wireless management tools ■ Cisco Works Wireless LAN Solution Engine (WLSE) ■ Airwave Management Platform ■ Air Magnet Enterprise 23 Network Management Tools 24 25 26 27 28 29 30 Network Management: PUMA 31 32 33 34 35 Security ■ ■ ■ Wired Authentication Intrusion Detection VPNs 36 Security – Wired Authentication ■ ■ ■ Pilot underway in ISC since June Plan to expand pilot externally in December Pilots will require client (web intercept unavailable) until Q1CY2005 37 Intrusion Detection ■ ■ A new tool, Arbor Peakflow, allows us to collect and analyze network "flow" info from Penn routers. This helps us to see lists of ■ ■ ■ ■ top talkers, traffic by protocol (web vs email vs p2p vs voice vs video, etc), traffic by destination service provider (Cogent vs Qwest vs Abilene/Internet2), and much more. 38 Intrusion Detection ■ ■ ■ Peakflow also allows us to identify denial of service (DoS, DDoS) attacks in progress, including sources and protocols, and possible filtering options. In this role, the Arbor Peakflow tools act as a very sophisticated distributed IDS, helping us to do targeting filtering during major network-based attacks. No dedicated IDS systems needed to be put inline into the network. Netflow data from the routers is used. 39 Security - VPNs ■ ■ ■ ■ Beginning investigation of generic solution Goal: allow specific ports to be used that are otherwise blocked by ISPs (e.g. for Windows file sharing and MS Exchange) Expect to have proof-of-concept in March Targeting deployment for Fall 2005 40