Download presentation
Presentation is loading. Please wait.
Published byHillary Richards Modified over 9 years ago
1
Internet Access Service Case Study 2012 Presenter: Peter Kurtz, Manager Network & Communication Services Information & Communication Technology Services
2
Overview Drivers for Change Project Governance Change Management Internet Quota Recommendation The ITO Implementation Internet Routing Solution Network Design New IAS Features GU Developed Enhancements How did we know it worked? What’s Next ?
3
Drivers for Change Old Netcheck system hardware & software EOL Netcheck system could not scale o Student Nos expected to increase 35,000 to 40,000 by 2013-14 o Internet usage expected to increase by 50% over next 5 years o Major insourced IT services expected to move to the cloud Internet Client experience could be improved o Staff and students have to manually login/off using web interface o Students can only top up their usage at the Library Cashier o Student and Staff can only obtain basic usage details Call Accounting & Directory System EOL
4
Project Org Structure Governed by a project board with the IT Director as chair »Members included: AD Infrastructure, Client Rep (IT Fac), Service Desk Rep, Project Manager, Service Manager, AD Identity and Authentication »Project Board met once per month and required Project Team was responsible for implementation »Members included: Proj Mgr, BA, CM, Service Mgr, Tech Lead, Net Eng, SW Eng, Billing Administrator »Weekly Meetings Evaluation Group »Members included: Proj Mgr, Service Mgr, AD Security, Senior Finance Officer, Tech Ref Grp Chair, Client Ref Grp Chair, Client Rep Research Technical Ref Group – 10 members, formed as required Client Ref Group – 12 members, formed as required
5
Change Management Draft CM & Marketing Plan was developed Feedback mechanisms from clients: o Student surveys o Staff focus workshops, and meetings etc Important issues were identified from feedback: o Quota model could be improved o Wireless configuration needs to may easier o Faster Access and Log in process o Single Sign On Marketing and Info Sharing Activities o Service name change competition o Posters in library and student labs o Student market days – Lollipop o Staff focus workshops, and meetings etc
6
Internet Quota Options Existing quota based on enrolled subjects o Under-Grad/Post 0.5/0.75 GB for 40 credit points o 10-20% of students will go over quota o Usage fits within AARNet usage allowance Monthly Student Quota – 1.2GB o Double existing avg quota o 5-15% of students will go over quota o Best case usage will fit in AARNet usage allowance o Worst case 10TB over @ $2 = extra $20K pa Unlimited Quota o 0% of students will go over quota o Best case usage will fit in AARNet usage allowance o Worst case could cost up to $250K extra for 1 st yr
7
Quota Recommendation Monthly Quota (1.2GB), instead of quota based on credit points o No student cohort will be worse off than credit point system o Easy to provision, easy to support, No complex quota calculation o No rollover monthly model that mirrors home ISPs o Heavy internet users contribute by purchasing additional quota o Self supporting (including VC’s current contribution) financially viable model Service Limiting o Changed from blocked to shaped (64Kbps) Adopt AARNet off Peak Access for Staff and Students o From 9pm to 7am weekdays students and staff all Internet traffic will be free Reduce No User Types o Easier to support and easier for students to understand
8
ITO - Top Customer Requirements 1.Seamless Internet access using multiple access methods (802.1X / Web) over different OS (Windows, Mac and Linux) 2.Automate quota threshold notifications for client groups 3.Provide a unified billing package for voice/data services 4.Self Help portal to provide online quota purchases 5.Display real time usage details online and via email 6.Shape access where Internet quota has been exceeded 7.Provide voice and data billing reports to users and supervisors
9
ITO - Top Tech & Support Requirements 1.Handle and process Internet traffic at speeds of 10G+ 2.Support AARnet's Internet charging model (on-net, off-net and off-peak) 3.Inspect & identify Internet traffic down to the protocol level – multicast & IPv6 4.IAS solution can be deployed behind a load-balancing solution (F5 BigIP LTM) 5.Open Standards - APIs and MIBs for integration with GU NMS 1.Be available 24hrs a day, 7 days a week 2.Account for Internet traffic in the event of a disruption 3.Support regular updates of the underlying operating systems 4.Vendor support resources within Australia 5.Well established troubleshooting, escalation & problem resolution
10
The ITO Invitation to Offer (GU009/10) provision of Internet Access Service Issued in Oct 2010, 50 companies interested in ITO Short listed 3 Respondents Thorough evaluation process Negotiations entered into with one integrator for supplying Cisco hardware and Obsidian’s Billing System GITCv5 contract signed with Dimension Data in 4 th August 2011
11
Why Cisco / Obsidian? TCO Very Competitive: Capital & Maintenance support Important if Griffith heads down open Internet access path Cisco SCE proven 10GB capability in the University environment Integrated Data and Voice Billing System Seamless Login for all devices OS clients were not required for all devices – Windows, Mac etc Self service functionality all available from existing front end Completely web front end for management and report generation Australian company for software Develop value adds such as iPhone application Accept code enhancement / changes from customers
12
Implementation Plan Mammoth scope – divided in to manageable phases Phase1 – Replacement Critical features for start of Semester »New SCE »New plan for students – Shaped & Free hours »Self service portal (usage, top sites visited etc.) SNMP+.1x auto login Phase 2 – Differentiators »Integration with printing account for quota top up »Credit card top up capability »Additional management reports & Alerts »Enable JAWS capability Phase 3 – Value Adds »Real time staff usage monitoring (no urls) for Managers »App for iphone, anroid and blackberry »Public WIFI
13
IAS System Design Network Design redundant SCEs, 1 x 10G, 1 x 1G, NAT Wireless
14
Internet Access Methods Wireless Login using Radius Accounting packet -> Jet Active Directory Login using SNMP Trap packets -> Jet Captive Portal Web Login -> Jet
15
Service Control Engine 10G Capable Throughput Rate limit users and protocols Detailed Usage reports Current Bug with IPv6
16
SCE Performance Test With AARNet’s help we were able to push Griffith Internet Link to over 7Gbps
17
GU System Enhancements AD (SNMP) Griffith uses SNMP Authentication traps from AD to facilitate an automated network level internet access system log-in when a user authenticated to AD DHCP Logout Microsoft SNMP traps are not able to accurately determine when a user is no longer authenticated through AD. To overcome this Griffith uses Syslog notification form its Infoblox DHCP appliances to A custom services API interface to log out a user from the internet access system when their DHCP lease expires. SOE log-out executable To further ensure a user has the correct session when logging in Griffith runs a small 13Kb native windows application that does a JSON call the the API server requesting the current user to IP address mapping form the Cisco Subscriber Manager. If the local IP/user mapping does not match the the user is logged out from the Internet Access System and a captured portal log-in page is then used to authenticate the user.
18
GU System Enhancements Cont’ Radius Caching Daemon GU Wireless network regularly has over 5500 concurrently connected users When users roam need to they re-authenticate to the Wireless LAN controllers These radius requests were heavily overloading the IAS radius service. To overcome the issue Griffith developed a c++ radius caching daemon that sits between the Radiator service and the IAS radius service. The process effective holds radius Alive and Stop request for a period of time. (currently 1 hour) if a new start or alive is intercepted the counter for that sessions in restarted. If no packets arrive to update the session then a log-out is sent to the Internet Access Service. The caching daemon reduced the amount of packets being sent to the IAS radius servers by 80%. The daemon also works around a few bugs in the current Cisco controller code where radius packets are sent in the wrong order. We are working closely with Cisco to resole the issue. “All enhancements written by Dale Blakemore”
19
Internet Usage - My Account Internet Quota usage and charges Detailed Internet usage showing URL history Internet application (protocol) usage report
20
My Account for Students Online Credit Card Purchases Online Credit Transfers Email alert at ‘200MB quota remaining’ Email alerts at ‘No quota remaining’
21
Administrative Reports Top Users report Protocols usage reports Dollar and GB usage by Departments Managers can view staff dollar and MB usage
22
Example Jet Report
23
Griffith App
24
IAS App – net quota Internet Usage, Student Quota top up
25
Open Day - Griffith Public WiFi GU Open Day 12/08/12 Free WiFi for new students WiFi across all campuses From 8am to 3pm First time at Griffith No of unique devices: 349 No connections: 1058 Data downloaded: 6.5 Gb Avg session time: 25 min
26
Where are we now? 2011 Student Enhancements »Faster Access & Increased quotas (from 450M to 1.2G per month) »No longer cut off when you have used up your quota (Rate limiting) »Free off-peak downloads on weekdays »My Internet Account: online self-service Now in 2012 »More free downloads - extended off-peak hrs 5pm-8am + weekends »Immediate quota top ups - Library Lending Counter, any campus »Credit Card top ups »Able to transfer money for quota from copying & printing accounts »Temporary Internet Accounts Access 1-7 days
27
Did it work? New IAS system launched in September 2011 155% Increase in off net in May 2012
28
AARNet Bench Mark Graphs Off Peak Traffic increased by 300% since launching the Internet Access Service in Sept 2011 Griffith is well placed by only using 55% of the AARNet off-net (charged) traffic allowance Griffith is also taking advantage of AARNet’s unmetered traffic service
29
VC’s Report to Council – June 2012 http://www.griffith.edu.au/__data/assets/pdf_file/0011/417557/vc-council-report-june-2012.pdf
30
Student Feedback - IAS Internet Access Quota doesn’t run out Speed is good for downloads Auto log in to the Internet saves time Just click the website, access is great
31
Issues & Lessons Learnt Project delayed because Integrator misplaced the SCE order Project delayed because extra scope added »Separate Internet Access Accounting Solution for QIBT »Some (1000) active directory login usernames did match Griffith S Numbers Project delayed because Obsidian Project Management & buggy code / QA Testing Under specified the number of concurrent users »This caused service outages
32
Internet Content Filtering Implemented in Dec 2010 Combined Webwasher system proxy service Used McAfee Web Gateway – WG5500 Had performance problems
33
Whats next? Commission Public WiFi Service for conferences Jet System performance enhancements »Captive portal speed increase »64bit OS Upgrade for Jet Servers Quota Review – Unlimited Downloads New Project – On-line Phone and Mobile Billing Replace Active Directory Login with Wired Dot1X
34
Service Review - Controlled Access vs Open Access Benefits of Controlled »SCE ability to report and control usage based on a user »Charging for traffic per user puts a value on the traffic and therefore staff/students are more likely not to miss use downloads. »Supervisors can manage staff usage »Research + high downloads are encouraged to be done out of hours before 8am after 5pm. This helps spread the traffic load. »Long term this means AARNet will charge less »QIBT could not have been done with out an accounting system Disadvantages or forecasted cost of Open Access »Current revenue from staff and student top ups is lost »Increased staff usage »Increased student usage »Extra Internet infrastructure – costs over 5 years
35
Investigate impact of Unlimited Quota Current usage is %55 of 124GB quota @ 1.2GB If the student quota opened up expected usage could be 70%-110% AARNet Internet Usage Allowance 124GB
36
Projected Usage Models
37
Questions?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.