NPTF WINTER SESSION - PowerPoint PPT Presentation

1 / 32
About This Presentation
Title:

NPTF WINTER SESSION

Description:

... delays over their network, working with Verizon to insure their network will be ... Reports at http://status.net.isc.upenn.edu. POBOX Exchange Service. 15 ... – PowerPoint PPT presentation

Number of Views:68
Avg rating:3.0/5.0
Slides: 33
Provided by: michaelp5
Category:

less

Transcript and Presenter's Notes

Title: NPTF WINTER SESSION


1
NPTF WINTER SESSION
  • Operational Review 2.18.08

2
NPTF Meetings FY 09
  • February 18-Operational review
  • April 21- Planning discussions
  • June 2- Security strategy session
  • July 21-Strategy discussions
  • August 4- Strategy discussions
  • September 15- Preliminary rates
  • October 6- Strategy discussion
  • November 3- FY10 Rate setting

3
Agenda
  • Next Generation PennNet
  • Public Safety
  • Wireless
  • Email
  • IM
  • PennNet Gateway (Scan and Block)
  • VoIP/Voicemail/ACDs
  • Strong Authentication
  • Central Authorization
  • MAGPI
  • FY 09 Initiatives

4
Next Generation PennNet
  • Deploy gigabit connections to 110 subnets of 110
    for capacity by 06/09
  • To date 57 of these subnets have gigabit Ethernet
    connections.
  • To date 93 buildings have gigabit Ethernet
    connections
  • Deploy dual connection for most subnets for
    redundancy by 06/09
  • To date we are at 45 buildings with dual
    connectivity to separate NAPs, expect 65 to 70 by
    end FY2008
  • Dual gig connections 42
  • Reduce Impact of College Hall Node Room on
    PennNet Operations
  • To date under 25 of PennNet Connections and IP
    addresses in CHNR
  • All closet electronics and BE devices will be
    upgraded by 06/09
  • To date 70 of all installed closet electronics
    are gig capable.
  • BE devices upgraded 17 this FY, 58 Total, expect
    to have 67 of 93 by end FY2008.

5
Gig Connected Buildings (Single Feed)
6
Gig Connected Buildings (Single Feed)
7
Gig Connected Buildings (Dual Feed)
8
Gig Connected Buildings (Dual Feed)
9
Gig Connected Buildings (Dual Feed)
Dual Connected Buildings (100/Gig or 100)
10
Public Safety
  • Security Cameras We provide infrastructure and
    support over 150 PS CCTV cameras around Penns
    campus.  This year we added/upgraded 5 more
    cameras in the Western end of campus.
  • Cameras and E-Phones in progress for three new
    transit stops (located at UPHS-Gates, Rosenthal,
    Schattner) vestibules.
  • Emergency Phones  We upgraded, manage and
    monitor 128 self-reporting garage e-phones and
    will have another 91 Building E-phones upgraded
    in a few weeks.  These new SMART phones
    proactively improve campus security with
    automated monitoring reporting of emergency
    phone status.
  • Elevator phones Targeting upgrades to all
    elevator phones (250 E-Phones). Current PA State
    Elevator Code (Sections 2.27.1.1.4) affects the
    upgrades in buildings more than 4 stories high
    (roughly 50 of these phones). DPS is pursuing a
    code variance.
  • Penn Alert ISC has been working with Public
    Safety on the Penn Alert system, including
    working with cellular companies on SMS delays
    over their network, working with Verizon to
    insure their network will be able to handle the
    20,000 calls in 10 minutes. Campus wide test
    planned for 02/29/2008.
  • We are in progress of testing and expanding the
    fire alarm system. ISC may provide NGP fiber
    infrastructure to diversify the fire alarm core
    infrastructure.

11
Wireless Update
  • ISC operates 930 APs
  • Resnet 449 APs
  • Remaining campus 481 APs
  • All wireless LANs wLANs are set up to have access
    to both AirPennNet (802.1x) and Wireless-PennNet
    (web intercept)
  • Permits gradual user conversion to AirPennNet for
    Schools and Centers
  • BlueSocket AuthN Page reconfigured to notify
    users of changes to Wireless-PennNet
  • Permits download of SecureW2 supplicant
  • Documentation for installing supplicant (for
    Windows machines) and installation instructions
    (for MACs) is posted on Supported Products Page
  • Informs Blue Socket users that Wireless-PennNet
    Service is being retired on June 30, 2008.

12
Wireless Update (continued)
  • New Wireless Network (PennNet Guest)
  • Guest Access to PennNet with a lower barrier to
    entry.
  • Testing in Progress
  • Test NetReg Configuration should be completed in
    Feb 2008
  • Testing Wireless Network in 3401 NT Suites and
    in TSS Feb 2008
  • Pilot 2 Customer Locations in Mid to End March
    2008
  • One location to be selected where we have
    Wireless-PennNet
  • Second Location will be Life Science (Lynch) Lab
  • Anyone interested?
  • First Production Site will be for Destination
    Penn in Mid May 2008
  • Target Full Production Date (Service everywhere
    AirPennNet is located) by 06/30/2008

13
Wireless Update (continued)
  • One Common Wireless LAN (AirPennNet Everywhere)
  • AirSAS to AirPennNet
  • Working with SAS Networking on Inventory of
    Wireless LANs in all SAS buildings.
  • Approximately 240 APs will get converted to
    AirPennNet
  • Target completion by September 1, 2008
  • AirSEAS to AirPennNet
  • Have met informally with SEAS
  • 103 APs across 8 buildings will get converted to
    AirPennNet
  • Target completion by September 1, 2008

14
POBOX Classic and Exchange
  • Pobox Classic Lower cost email services
  • Pobox Exchange Integrated email and calendar
  • Both provide spam and virus filtering
  • Both support hosted domains (user_at_domain.upenn.edu
    )
  • Both support user_at_upenn.edu addressing
  • Both use fully replicated servers and storage
  • Both are monitored around the clock. Reports at
    http//status.net.isc.upenn.edu

15
POBOX Exchange Service
  • Pobox Exchange
  • Integrated email and calendar for Outlook and
    Entourage users, with web access available
  • Launched summer 2007
  • Over 2000 users
  • Details at http//www.upenn.edu/computing/email/e
    xchange/
  • Upcoming Changes
  • Exchange Account Management BlackBerry
    self-service (March 2008)
  • Enable account
  • Delete account
  • Set activation password
  • Send service book
  • Remote wipe

16
POBOX Classic
  • Service born in 1993
  • Other large mail services hosted on POBOX since
    1999
  • Service provided to about 13,000 users today
  • Electronic Mail -
  • POP IMAP (Thunderbird, Outlook, Mac Mail
    supported)
  • Legacy host-based email (Pine, Elm)
  • Unix shell access, mailing lists, personal web
    pages and student group accounts
  • Phasing out by June 2008.
  • Alternative is the for-fee Listserv service,
    which includes more list options, and a web-based
    interface to manage the lists. We have resources
    to help transition people away from services
    being phased out.
  • Next-Gen Pobox Classic - based on Zimbra
    collaboration suite. Rolling out late summer
    2008.

17
NextGen Pobox Classic - Zimbra
  • Email (webmail, POP/IMAP)
  • Calendar ( free/busy sharing w/Exchange)
  • Address book
  • Tasks
  • Integration via browser or Zimbra client
  • Document sharing
  • Instant Messaging
  • PDA support
  • Planned Timeline
  • May 15, 2008 customer pilot
  • July 28, 2008 production service
  • End user cost for Pobox Classic NG at FY08 rates


18
Jabber IM services
  • Pilot began January 2007. Planned Production
    Date July 2008.
  • Over 14,000 accounts. Most still dont know
    they have them.
  • Accounts at no additional charge for ISC email
    and VoIP customers.
  • 12/year if not, starting in FY 09
  • Currently usage average 150 users per day.
  • Facilitates collaboration among co-workers, even
    those offsite
  • Most clients in common use can simultaneously
    connect to AIM and/or Yahoo Messenger as well as
    Penns IM service
  • Group Chats
  • Persistent chat rooms (like SUG, MacNet, PCNet,
    etc)
  • Ad Hoc group chats - great for quick
    communications and troubleshooting sessions

19
Jabber IM Next Steps
  • Formal evaluation team of IM clients will be
    requested of ITR
  • Currently investigating integration with the
    Asterisk voice mail system and with Zimbra
  • Upcoming availability of Kerberos authentication
    for compatible clients (including iChat)
  • Testing and possible piloting of mobile clients
    for Palm, BlackBerry, iPhone, and Windows Mobile

20
Impulse Point Network Access Control Solution
  • Impulse Point is a hardware and software package
    that has the capability to automatically scan
    computers for security threats such as viruses
    and worms and quarantine them before they are
    allowed on the network. This will slow
    propagation of these security threats and reduce
    the manual effort required to address them,
    significantly reducing lost productivity by
    students and staff, and protecting the
    operational integrity of Penns network.
  • This will reduce the need for IT staff in the
    Residential system to manually examine laptops
    prior to their connecting to the network.
  • Penn networks will be less vulnerable to
    performance problems caused by compromised
    workstations.
  • Unmanaged workstations will be protected from
    each other, so internal security threats are
    contained and therefore lost user productivity
    reduced.
  • Users will be able to help themselves secure
    their own workstations, thereby avoiding
    compromise and the attendant loss of data and
    productivity.

21
Impulse Point Network Access Control Solution
  • It has the capability to function on both wired
    and wireless networks and is managed centrally.
  • Through this web based interface ISC can set
    acceptable use policies (i.e. rules) that the
    system will enforce.
  • Compliance to the policies is ensured through the
    use of a software application (agent) that must
    be downloaded and installed on the end users
    computer prior to being granted network access.
  • The installed application has the capability to
    continually assess user compliance with numerous
    (including custom built) policies.
  • ISC recommends using the Impulse Point policy key
    only to ensure the end users computer is
    protected by
  • The most current operating system security
    patches
  • Anti-virus software with up-to-date virus
    signatures
  • The most current security patches for any
    installed Supported Computing Product
  • This mimics some of what CHC does manually today.

22
Impulse Point Current Status
  • Pilot has gone well and we will continue to
    assess technology
  • Must now decide on deployment strategies
  • In consultation with CHC next steps are an
    expanded pilot with CHC at Kings Court English
    House beginning on 3/10/08
  • If the pilot is successful, full deployment on
    AirPennNet (wireless network) is expected for the
    College Houses, Sansom Place East and West and
    the Greek Houses.
  • Strategy is to use clear communication to
    multiple audiences in multiple channels to
    clarify what we are doing and why it is
    important.

23
VoIP Voicemail
  • We have about 1500 PennNet phones in service.
  • We continued to work aggressively to solve
    several issues including porting numbers, and
    some feature problems (too many rings before
    voicemail, remaining consultative transfer
    calls).
  • We have slowed the deployment of PennNet phone
    and our IP-based voicemail, while we evaluate an
    outsourced alternative from Verizon, called HIPC
    (Hosted IP Centrex)
  • The HIPC ISC pilot should be completed in the
    Spring
  • We will compare advantages, disadvantages and
    costs and decide by June 1 if we go 100 with
    either one or a combination of both.
  • We anticipate doing 1500 additional phones in FY
    09 and finishing the conversion to all VoIP by
    FY 12.

24
Customer Service
  • NT reorganized to improve customer service
  • NCCS (Network Communications and Consulting
    Services)
  • New director (Dawn Augustino)
  • PennNet Ordering and Information Tracking System
    (POINTS)
  • Phase 1 will focus on replacing NTs back office
    systems with a next-generation order-intake
    system.
  • Phase 2 will provide online shopping cart
    services to the campus community and is
    tentatively planned for customer evaluation
    during 3Q/FY09.
  • Metrics and SLAs
  • Define SLA Standards for Telephony Service Orders
    and Trouble Tickets
  • Establish and baseline key performance metrics to
    assist ISC in managing its performance in
    delivering Telecommunication services

25
ACDs (IP-based call centers)
  • Penn has three legacy ACDs and about 200 agents.
  • ISC purchased an ACD from ININ and is migrating
    all of the legacy systems to one centrally run
    (and highly available) IP-based system.
  • In addition to telephone calls, ACD also routes
    email, web chat and inbound fax requests to
    agents.  The service includes reporting services
    that measure the performance of the Call Center
    configuration ( of calls, emails, web chats,
    missed calls) as well as the performance of the
    Call Center Agents (most calls, fewest calls).
  • The rollout commenced on January 29th and is
    expected to be completed by August 15, 2008.
     Additional information is available at
    www.upenn.edu/computing/voice/acd.
  • Deploying across the campus community to the
    following schools/centers  Student Health,VHUP,
    Facilities, Computer Connection, Student
    Registration and Financial Services, Dental
    School, Wharton MBA, Undergraduate Admissions,
    Office of International Programs, Ben HELPS, Penn
    Behavioral Health and ProDesk. 

26
Strong Authentication
  • Project Goal
  • Publish a specific set of recommendations for
    improvements to PennKey and for strengthening
    Penn web authentication to protect University
    assets and individuals private data
  • Key concerns with Authentication
  • Increase in password theft from keystroke loggers
  • Increased likelihood of password cracking
  • Mobile computing with unsecured access points
  • Levels of assurance

27
Strong Authentication
  • Initiatives
  • Establish a central authentication log to
    identify and remediate damage in the event of a
    compromise.
  • Strengthen PennKey passwords to increase their
    resistance to brute force cracking.
  • Update Penns web authentication infrastructure
    to better defend against modern identity theft
    attacks while retaining interoperability with
    Penns Kerberos infrastructure.
  • Supplement reusable PennKey passwords with
    2-factor technology to protect sensitive systems
    against password theft
  • Enable a framework of multiple levels of
    assurance to define the sensitivity of a given
    system and the confidence level required for
    access to be provided.
  • Status
  • Requirements for each of the above initiatives
    have been defined
  • Recommendations for building solutions that meet
    these requirements are being researched and
    formed
  • Project organization and timelines are being
    developed
  • Definition Planning phasegate target February
    2008. 

28
Central Authorization
  • Currently a missing link in Penns identity
    management strategy
  • PennKey authentication, tells us who you are
  • There is no comprehensive means to control and
    distribute access privileges across the
    university.
  • Objectives
  • Build a central authorization system that could
    be utilized by applications across the University
  • Utilize Penn Community data and school/center
    created lists to facilitate authorization
    decisions
  • Allow Schools and Centers to build and reuse
    authorization information across applications
  • Provide sophisticated group management
    capabilities, such as subgroups and composite
    groups, to support access management needs.

29
Central Authorization
  • Benefits
  • Facilitate consistent application of University
    business rules
  • Streamline maintenance of authorization data
  • Leverage Penn Community data for accurate, up to
    date authorization decisions
  • Support the creation of new groups
  • Status
  • Solution will be based on Internet2 Grouper
  • Discussions with Grouper community on
    enhancements
  • Definition Planning target 2/08
  • Pilot target 5/08
  • General Availability FY09

30
MAGPI
  • The Penn community saved 300k in FY 08 by ISCs
    operation of the Internet GigaPoP, MAGPI.
  • MAGPI has several lines of business including
    Internet, Internet2, colocation, applications and
    teleconferences.
  • We may soon be offering wavelengths in 1 Gbps,
    2.5 Gbps, and 10 Gbps from MAGPI to any Internet2
    connected site in the U.S. and select sites in
    Europe and Asia.
  • NLR connectivity could be available if MAGPI
    members are interested. Currently National
    Oceanic and Atmospheric Administration (NOAA) has
    requested access.

31
MAGPI Projects
  • Penn Museum and Digital Corinth Working on
    Phase II of an existing NEH grant co-authored by
    MAGPI and David Romano, Ph.D. to combine digital
    collections at Penn and the American School of
    Classical Studies in Athens. The focus is on the
    ancient city of Corinth where students,
    educators, and researchers will interact with the
    synchronized data.
  • Princeton University, ESnet, NOAA MAGPI will
    provide a 10 Gigabit per second static wavelength
    with access to Department of Energy and National
    Oceanic and Atmospheric Administration (NOAA)
    collaborators.
  • Penn School of Medicine/UPHS MAGPI co-sponsored
    an event with Mary Alice Annecharico that
    demonstrated the value of high performance
    connectivity in support of the Penn Global Health
    Programs.  MAGPI and Internet2 provide access to
    87 national networks around the world.
  • Wharton/Lauder Institute MAGPIs first program
    was with the Lauder Institute, involving a
    simulation exercise between Penn students and the
    University of Grenoble, France.  Current projects
    involve France, Chile, and Senegal.
  • Graduate School of Education MAGPI is a partner
    on a grant submission involving the Penn Literacy
    Network and distance education, national and
    international.

32
Other FY 09 Initiatives
  • Local Intrusion Detection Pilots
  • Investigation into IDS functionality in
    ISC-recommended local firewalls
  • Investigation into the open source Snort
    Intrusion Detection and Prevention system.
    www.snort.org/
  • The use of IDS probes deployed locally that work
    with central IDS systems
  • Communication Names
  • Will discuss at the next meeting
  • What else should we be focusing on?
Write a Comment
User Comments (0)
About PowerShow.com