Download presentation
Presentation is loading. Please wait.
1
10.30.061 Network Planning Task Force Network Strategy Discussions
2
2 NPTF FY ’07 Members ■ Mary Alice Annecharico/Rod MacNeil, SOM ■ Robin Beck, ISC ■ Dave Carrol, Business Services ■ Cathy DiBonaventura, School of Design ■ Geoff Filinuk, ISC ■ John Keane/ Grover McKenzie, Library ■ Marilyn Jost, ISC ■ Deke Kassabian /Melissa Muth, ISC ■ Manuel Pena, Housing and Conference Services ■ Mike Weaver, Budget Mgmt. Analysis ■ Dominic Pasqualino, OAC ■ James Kaylor, CCEB ■ Helen Anderson, SEAS ■ Kayann McDonnell, Law ■ Donna Milici, Nursing ■ Dave Millar, ISC ■ Michael Palladino, ISC (Chair) ■ Jeff Fahnoe, Dental ■ Mary Spada, VPUL ■ Marilyn Spicer, College Houses ■ Joseph Shannon, Div. of Finance ■ Ira Winston, SEAS, SAS, Design ■ Mark Aseltine/ Mike Lazenka, ISC ■ Ken McCardle, Vet School ■ Brian Doherty, SAS ■ Richard Cardona, Annenberg ■ Deirdre Woods/Bob Zarazowski, Wharton ■ John Irwin, GSE
3
3 Meeting Schedule – FY ‘07 ■ Meetings 1:30-3:00pm, 3401 Walnut Street ■ Fall Meetings / Process ■ Intake and Current Status Review – August 21 ■ Agenda Setting & Focus Group Planning – September 18 ■ Focus Group – October 04 ■ Security Strategy Discussions – October 16 ■ Focus Group – October 17 ■ Network Strategy Discussions – October 30 ■ Network & Security Strategy Discussions – November 6 ■ Focus Group Feedback – November 20 ■ Final Meeting-Prioritization /Rate Setting – December 04
4
4 Today’s Agenda ■ PennNet Building Uplinks (Gigabit connectivity) ■ Network Access Control ■ PennNet Gateway (Scan & Block) ■ VoIP ■ Wireless
5
5 PennNet Building Uplinks: Gigabit & redundant connectivity
6
6 Gig Connectivity & Building Redundancy ■ Goals ■ Gig enabled closet electronics ■ Gig to every building ■ Redundant Gig connectivity ■ Current Status ■ 41 buildings with Gig Ethernet/55 in total in FY ‘07 ■ Evaluating new closet electronics/deploying in January 2007 ■ Approximately 50% of switches 10/100/1000 enabled ■ By the end of FY ’08, most switches will be 10/100/1000Mbps
7
7 Strategic Approach: Next Generation PennNet (NGP) ■ Diversify the PennNet Routing Core ■ Move out of College Hall (Largest Single Point of Failure) ■ Construct 5 Network Aggregation Points (NAPs) ■ Redundant High Speed Connectivity between NAP locations ■ Highly Available Core Network Infrastructure ■ Relocate Campus Building Uplinks to Local NAP ■ Provide High Speed Uplinks to Buildings (where infrastructure can support this now, single-mode fiber/conduit build outs sometimes necessary) ■ Provide Redundancy Uplinks to Campus Buildings ■ Five Connectivity Models ■ Based on Building Criticality (University Business) ■ Number of User Connections ■ Infrastructure Availability
8
8 Diversify PennNet Routing Core ■ Four NAP locations Completed. ■ NAP locations have redundant and diverse 10 gig feeds. ■ NAPs connect local buildings that have fiber and pathway. ■ Some buildings have gigabit Ethernet service ■ Western NAP (Levy) Construction Complete by 12/2006 ■ Relocating one core router from College Hall to Levy NAP ■ Begin connecting some buildings in 01/2007 ■ College Hall node room will house a core router for next two to three years (until all NAP to building feeds are in place) ■ Will reduce catastrophic disaster recovery time from 2 weeks to under 2 hours. ■ Will provide infrastructure foundation for next generation data, voice and video services.
9
9
10
10 Building Connectivity Models 1 & 2 (Dual Feeds to separate NAPs, each with either diverse or overlapping pathways)
11
11 Building Connectivity Model 3 (Each Building has 1 uplink to a separate NAP and one link to each other.)
12
12 Building Connectivity Model 4 (Building has 1 uplink to each Building Entrance Router in the local area.)
13
13 Building Connectivity Model 5 (Building has 1 uplink to a Building Entrance Router.)
14
14 Building Connectivity Model 5a (Building has 1 uplink to a Building Entrance Router with dual feeds.)
15
15 Gig Connected Buildings (Single Feed) Building Code DescriptionBuilding Classificatio n (Model) Primary NAP (Uplink) Second ary NAP (Uplink) Comments BNHBennett Hall2Vag - GigNoneOptimal 2nd link to ModV DUBDubois2HNT – GigOptimal 2nd link to Levy GEBGraduate Education2HNT - GigNoneOptimal 2nd link to NIC HILHill House2Vag - GigNoneOptimal 2nd link to Levy HOUHouston Hall3CHNR – GigNoneOptimal 2 nd link to Vagelos ICAInstitute of Cont. Art4GRT - gigNonePrimary link goes through SPE router ISTVagelos2Vag – GigNoneOptimal link to HNT KIN/ENGKings Court/English2NIC - GigNoneOptimal 2nd link to Levy LFRLauder Fischer3SDH Router - GigNoneOptimal link to HNT or Vance Router MCAMcNeil Center for Early American 3355 N 34st 3Vag - GigNoneOptimal 2nd link to HIL MEYMeyerson Hall2Vag - GigNoneOptimal 2nd link to HNT MSCMusic Building4Vag - Gig None Optimal 2 nd link to Mey SPESansom Place East2NIC - GigNoneOptimal 2nd link to Levy OVHOld Vet Hosp4Vet Hospital Router - Gig NoneBE Device not a Routing Device QuadQuad Complex3HNT - GigNoneOptimal 1 st link ModV, 2nd link to Levy ROSRosenthal4Vet Hospital Router - Gig NoneBE Device not a Routing Device SPWSansom Place West2NIC - GigNoneOptimal 2nd link to Levy WTMWeightman Hall4Vag - GigNoneOptimal 2nd link to ModV
16
16 Gig Connected Buildings (Dual Feed) Building Code DescriptionBuilding Classification (Model) Primary NAP (Uplink) Secondary NAP (Uplink) Comments BRBBio-Medical Research Building #12Modv - GigHNT - GigOptimal 2nd link to Levy BRCBio-Medical Research Building #22Modv - GigHNT - GigOptimal 2nd link to Levy CHMChemistry Labs2Vag - GigModv - Gig COLCollege Hall1Vag - GigModv - GigOptimal 2nd link to HNT CRBClinical Research Building2Modv - GigHNT - GigOptimal 2nd link to Levy FKB/FBAFranklin Building/ Annex1NIC - GigVag - Gig GYMGimbel Gym2NIC - GigHNT - Gig HNTHuntsman Hall3HNT - GigVance - Gig2nd link goes thru Vance router JSNJohnson Pavilion (Med School)2ModV - GigHNT - GigOptimal 2nd link to Levy MKT3440 Market St3NIC - GigVag - Gig NEBNursing Education Building2ModV - GigHNT - GigOptimal 2nd link to Levy SCCSteinberg Conference Center3Huntsman Router - Gig Vance - GigBoth uplinks go through Wharton Routers SDHSteinberg Hall-Dietrich Hall3Huntsman Router - Gig Vance - GigBoth uplinks go through Wharton Routers VANVance Hall3ModV - GigHuntsman Rtr – Gig Optimal 2nd link to HNT VPLVan Pelt Library1Vag - GigHuntsman Rtr - Gig VRBVeterinary Medicine Teaching & Research Building 3ModV - GigVet Hospital Rtr – Gig modv2.router Gi 3/13 vhp1.router Gi 3/2 WAL3401 Walnut St.1NIC - GigVag - GigDiverse Feeds/Pathway
17
17 Dual Connected Buildings (100/Gig) Building Code DescriptionBuilding Classification (Model) Primary NAP (Uplink) Secondary NAP (Uplink) Comments BLKBlockley Hall2ModV - GigCHNR 100mbpsOptimal 2nd link to Levy BRCBio-Medical Research Building #2 2Modv - GigCHNR 100mbpsOptimal 2nd link to Levy FURFurness Building2Vag - GigCHNR 100mbpsOptimal 2nd link to HNT GRWGraduate Research Wing (Moore School) 2Vag - GigCHNR 100mbpsOptimal 2nd link to ModV VHPVet Hospital3VRB Router - Gig CHNR 100mbpsOptimal 2nd link to Levy WMSWilliams Hall2Vag - GigCHNR 100mbpsOptimal 2nd link to HNT
18
18 Network Access Control ■ Goal ■ Campus-wide, uniform network access control for wireless and wired network connections ■ Current Status: ■ New switch hardware and new software on existing switches should allow 802.1X rollout for wired ports by Summer 2007 ■ College House and Sansom Place wireless already using 802.1X network login ■ Rest of wireless APs using web intercept (captive portal) ■ Discussion Points ■ Should we move to enable AirPennNet (802.1X) on all current wireless-pennnet APs? If so, on what time frame? ■ Can we eventually transition to all 802.1X, removing the need to maintain dedicated web intercept hardware? When?
19
19 Scan and Block ■ Goal ■ Full campus wide S&B at all user locations (servers and printers probably out of scope) ■ Preventing access by compromised or highly vulnerable computers should lower the total cost of ownership for IT delivery. ■ Advantages ■ PennNet Gateway will significantly reduce lost productivity by students and staff, and protect the operational integrity of Penn’s network in the following ways. ■ Unmanaged workstations will be protected from each other, so internal security threats are contained and therefore lost user productivity reduced. ■ IT staff in the schools and centers no longer will need to manually examine laptops prior to their connecting to the network. ■ Penn networks will be less vulnerable to performance problems caused by compromised workstations. ■ Users will be able to help themselves secure their own workstations, thereby avoiding compromise and the attendant loss of data and productivity.
20
20 Scan and Block (continued) ■ Challenges ■ Some common desktop and laptop computing environments are built on the assumption that the network is immediately available for startup scripts, filesystem mounts, domain policy enforcement, etc ■ Best functionality when users install optional agent software, but that carries it’s own set of challenges (cooperation, distribution, updates) ■ Scan and Block is still young technology ■ Even when S&B technology is working perfectly, ISC and campus IT partners need to find the right balance in scanning for vulnerabilities versus quick login
21
21 PennNet Gateway (a Scan & Block implementation) ■ Strategy ■ Build on network authentication, adding vulnerability scanning ■ Scale up pilot deployments now ■ Large-scale, production deployment: Fall 2007 ■ Cover public wireless areas ■ Provide in schools, centers and residential areas upon request ■ Current Status ■ ISC internal pilot: 27 users since April ■ Medicine, Nursing and Vet have expressed interest ■ Web interface needs Penn branding; December ETA ■ Pilot plans to be discussed with College House Computing ■ N&T, TSS & Info Security formalizing process issues (updating, testing, communications and rollout for new scans) ■ Next Steps ■ Expand pilot to interested schools and centers ■ After web interface branded, make available for residential pilots ■ Discussion Points ■ Should we eventually implement Scan & Block on all wired and wireless ports? ■ Costs for full implementation TBD. Scan & Block early adopters are funded by Central Service Fee
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.