FY ‘08 NETWORK PLANNING TASK FORCE Fall Agenda Setting and Discussion
NPTF FY ‘08 Members ■ Robin Beck, ISC ■ Michael Palladino, ISC (Chair) ■ Mark Aseltine / Mike Lazenka, ISC ■ Gary Delson/Geoff Filinuk, ISC ■ Dave Millar, ISC ■ Deke Kassabian / Melissa Muth, ISC ■ Chris Bradie /Dave Carrol, Business Services ■ Doug Berger / Manuel Pena, Housing and Conference Services ■ Cathy DiBonaventura/Rick Haverkamp, School of Design ■ Helen Anderson, SEAS ■ Brian Doherty, SAS ■ John Irwin, GSE ■ Ira Winston, SEAS, SAS, Design ■ Deirdre Woods /Dan Alig, Wharton ■ Mary Alice Annecharico /Mike Herzog, SOM ■ Rich Cardona, Annenberg ■ Kayann McDonnell, Law ■ Donna Milici, Nursing ■ Ken McCardle, Vet School ■ Jeff Fahnoe, Dental ■ Grover McKenzie, Library ■ Mary Spada, VPUL ■ Marilyn Spicer, College Houses ■ Joseph Shannon, Div. of Finance ■ Steve Stines /Dominic Pasqualino, OAC ■ Marilyn Jost, FRES ■ Michael Weaver, Budget Mgmt. Analysis 2
Agenda 3 ■ Defining the NPTF process for FY ’08 ■ Topics gathered thus far ■ Additional discussion ■ Setting the Fall agenda
NPTF Meeting Schedule – FY ‘08 4 ■ 1:30-3:00pm in 337A Conference Room, 3 rd floor of 3401 Walnut Street ■ Process ■ Intake and Current Status Review – July 16 ■ Agenda Setting & Discussion - September 17 ■ Strategy Discussions - October 1 ■ Security Strategy Discussions - October 15 ■ Strategy Discussions - October 29 ■ Prioritization - November 5 ■ Rate Setting – November 19
NPTF Process Feedback 5 ■ Too much information is crammed into too short a timeframe. ■ We don’t get enough time to prioritize things in the Fall. ■ We don’t get enough time to discuss financial decisions with our deans before our budgets are due. ■ Is it possible to see the projected budget in September so that we know how much discretionary money there is before we start? ■ Suggestions: ■ Finish Fall process in early November. ■ Hold fewer meetings in the Fall (3-4 total) ■ Hold off-season meetings (2) to discuss strategic items ■ Hold off-season meetings (2) for a closer review of operational items. ■ Do a review of where N&T resources are going for services and R&D. ■ Do a survey to get more formal feedback on current services. ■ “Polish” current services like VoIP before spending more time on new ones.
NPTF Security Feedback ■ Security is the “beast” that ate NPTF ■ Is NPTF the right place to discuss it? ■ Is there other centralized money for it? ■ We need to see a multi-year security strategy ■ What is the budget impact of it centrally (charged by ISC if any) and locally to schools. ■ What is the budget impact of various security policies? 6
FY ‘09 Price Setting 7 ■ We will re-evaluate pricing for: ■ 10 Mbps ($6.03) ■ 100 Mbps ($7.03) ■ 1000 Mbps ($30) ■ vLANs ($2.50) ■ Wireless ($27) ■ VoIP/ Voic / IM ■ Video services ■ Analog voice services ■ Central Service Fee (headcount and IP addresses)
N&T Operational Initiatives for FY ’08 8 ■ Next Generation PennNet ■ Gigabit building/subnet connections (router ports) ■ Single-mode fiber to buildings (new pathway if necessary) ■ Redundant building/subnet connections ■ Customer Service ■ Online, self-service intake for voice and data orders/ Service Order Intake (SOI) ■ Always striving for better communications and feeling the urgency in your requests ■ Wireless ■ Expand 802.1x authentication to all wireless PennNet areas where current web authentication exists for wireless-PennNet. (Dual SSIDs)
Strategic Discussions for FY ’08 9 ■ Communication Names ■ Develop infrastructure necessary to implement Communication Names in order to support longer and more meaningful user names for and other electronic communications. ■ Complete name space clean up ■ Augment PennNames to support Communication Names ■ Develop application to create Communication Names ■ Create web interface to allow authorized users to lookup, add, modify and delete Communication Names ■ Create API to allow authorized applications to lookup, add, modify and delete Communication Names ■ Modify Penn Community to store Communication Names ■ Should we do cost estimates on this project? ■ Wireless ■ Seamless roaming ■ 802.1x only (visitors) ■ Earthlink as wireless overlay. Outsource outside?
Strategic Discussions for FY ’08 (Contd.) 10 ■ Integrated Communications ■ VoIP ■ Softphones ■ IM ■ VoIP redundancy & scheduled down-time ■ Video Strategy ■ Digital video ■ Desktop teleconferencing ■ File sharing and archiving/Flexible method for sharing data ■ How broadly and on what time line should PennNet Gateway (scan and block) be deployed once it is fully ready? Or as desktop/laptop operating systems with automated security updates become common, does PennNet Gateway become a lower priority? ■ What should the timing be for a single campus-wide network access control for both wired and wireless networks? ■ Can we enhance perimeter intrusion detection? ■ UPS on all network electronics ■ Cell phone coverage in buildings
FY ‘08 Security Goals 11 ■ Compliance: Roll out the Security and Privacy Impact Assessment (SPIA) process, in conjunction with Penn’s Privacy Office to better manage University- wide IT security and privacy risk to 8-12 schools & centers. ■ Prevention: Establish Penn LSP security training & certification (computer based training and testing) and conduct security technology training for 3 – 5 topics. New employee online security and privacy awareness training. ■ Identity Management ■ Security Assessment: Engage with Oracle Corporation to review database security and identity management infrastructure to ensure timely and secure access to Penn enterprise IT resources ■ Develop a plan for next generation PennKey. ■ Implement Shibboleth for federated identity. ■ Build and deploy a central authorization system to minimize the risk of exposing sensitive data and/or violation of policy or law
FY ‘08 Security Goals (Continued) ■ Select a recommended product for stored data encryption ■ Should we do centralized key escrow? ■ Limit SSN availability through Data Warehouse ■ Develop strategy documents: ■ Develop logging best practices in conjunction with HARTS team ■ Beyond passwords, next steps for authentication ■ Personal device security ■ Subnet level intrusion detection ■ Pennnet Gateway: Help prevent compromised systems from spreading malware on the network and avoid increased support needs for incidence response ■ Pilot deployment for College Houses, Sansom Place and GreekNet wireless areas and possibly two other schools and centers. 12
Possible FY ‘09 Security Goals 13 ■ Year three of four-year SPIA rollout. ■ Identity Management ■ Extend Authorization system’s group management capability to include privilege management. ■ Online provisioning for Penn administrative applications. ■ Implement first phase of Next Generation PennKey ■ Implement security event logging ■ Logging policy (protecting against brute force attacks) ■ Pilot Critical Host Vulnerability Management agent and Compliance Reporting. ■ PennNet Gateway: full roll out to residential system ■ Review campus A/V strategy vs. Host-Based Intrusion Prevention. Compare Symantec with alternatives. ■ Campus-wide all staff (then faculty) security and privacy awareness online training.
Additional Discussion 14 ■ What have we missed that is critical to be done in FY ‘08 or planned for now to do in FY’09 and beyond? ■ What can we eliminate? ■ Bluesocket wireless authentication. ■ Can we move 100% to 802.1x by Fall ’08? ■ Netnews
IT Roundtable Topics 15 ■ Benchmarking with peers ■ Trailing Edge ■ Leading Edge ■ Data Center/ Facilities Management ■ Research Computing ■ ■ Content Management