Subnet Managers Meeting

Wednesday, Sept 19, 2012

9/19/2012

Agenda

• Possibility of outsourcing faculty/staff email

– Ed Peyronnin

• VOIP Update – Dave Hoffman

• Campus Cloud Update – Joe Volesky

• Exchange/Outlook Performance – Lance Baatz

• Licensing Updates – Diane Noren

9/19/2012

Agenda (con’t)

• Echo 360 Update – Mike Willard

• RamCT Blackboard – Kevin Nolan

• Middleware Update – Randy Miotke

• Security Update – Steve Lovaas

• Network Operations Center – Greg Redder

9/19/2012

Possible Email/Calendar Outsource

• Email/Calendar Outsource Committee

• A campus-wide committee has begun to explore options for outsourcing faculty and staff email and calendar

– Members: Scott Baily (Chair), Neal Lujan, Robin McGee, Scott Novogoratz, Ed Peyronnin, Chris Seng

– All university mail servers would be shut down (Exchange, lamar, etc.) in the event that the committee decides to migrate to a third party

9/19/2012

Possible Email Outsource (con’t)

• Exploring options such as Google and Microsoft. – Maintain first.last convention

• Option should be free to campus.

• A report is due to the VP IT 1 November

• July 2013 is the earliest that the migration could occur

• More information can be found: http://www.acns.colostate.edu/IAC/EmailOutsourcing

Please send feedback to Scott Baily

9/19/2012

VOIP…CIC…Construction

Funding Methods – CIC: Upgrade building MDFs to dual 1G links

– VOIP: Upgrade all network infrastructure to support VOIP

– Construction Projects: new buildings or remodels/additions

As we move forward: VOIP/NOC is trying to synchronize the three funding sources such that we only go into a building once and completely

“VOIP Certify” it.

9/19/2012

“VOIP Certification” (From the NOC’s perspective)

• Upgraded, server class switch in MDF with dual 1G links to campus core.

• All switches brought up to standards

• Cables color coded, labeled

• Power over Ethernet (PoE) provided

• Documentation, monitoring, inventory

• Network Operations Policy adhered to

9/19/2012

VoIP Progress – Main Campus

Legend

Completed

VoIP Certified: Installing phones

Network Upgrades in progress

Next to start

9/19/2012

VOIP Off Campus Progress

Complete

RIC

Sterling

475 17th St, Denver

University Services Center

Drake Hall

Engines Lab

CVMBS part of Lake & Center Parking Garage

In Process

UCA

555 Howes St

Washington School

Board of Governors - Denver

9/19/2012

• VOIP Phones Installed

– 1200

• Phones Remaining

– 11,000

• Percent Complete

– 10%

• Goal by Year End (Calendar 2012)

– 1800 Phones installed – 14% Complete

9/19/2012

Campus Cloud Update

• Joe Volesky – ACNS

• ACNS VM Hosting service deployed

• http://campuscloud.colostate.edu

• Information on pricing, storage and how to sign up for the service.

• Questions? Send to vmhelp@colostate.edu

9/19/2012

Exchange/Outlook Performance

• Lance Baatz – ACNS

• Uptick in some issues with Central Exchange

– Added memory

– Worked with MS Support

– Run Outlook in cache mode vs. online

9/19/2012

RAMtech Licensing

Acrobat Pro Site License –Need FTE counts by end of Month

–Estimated Cost $9.00 per FTE

ChemOffice –Will be contacting Departments for billing

EndNote – Prices will stay the same

–Cost $50.00 per computer

– Endnote X 6.0 coming soon

9/19/2012

Licensing (con’t)

Microsoft Campus Agreement –Will be contacting Departments for billing

Mountain Lion OS –Cost $9.99 per computer

Symantec Anti-virus –2 year contract

– Prices will stay the same

–Cost $3.61 per computer

9/19/2012

Echo 360

• Mike Willard – ACNS

• Quiet Rollout

– 60 captures/day

• Appliance vs. Personal Capture (software)

• RamCT Bb Integration

• Help website:

http://help.echo.colostate.edu

9/19/2012

RamCT Blackboard

• Transition complete

• Few OnLine Plus courses finishing up on OLD RamCT.

• Old RamCT expected to be available through May 2012.

• Mobile app available from Apple App and Google Play Store

9/19/2012

Middleware Update

• More CSU Mobile Apps available

http://apps.colostate.edu/

• Shibboleth Update

9/19/2012

Security

• Pending password policy change

• New firewalls for datacenter

• Safe*Connect NAC expansion

• SSL gateway update

• Juniper firewalls: SSG to SRX

9/19/2012

Pending Password Policy Change

• IAM Committee, InCommon Silver Certification – 15-character minimum

– No complexity requirements

– Dictionary check

– 1-year refresh

– 1-hour lockout after 14 consecutive failures

• Will apply to all eIDs (including students)

• Approved by IAC – Drafting language for IT Security Policy

– Possibly for summer 2013

eurofootballfan

Ppi+p9d0

New Datacenter Firewalls

• Two Juniper SRX 5800s

• Hardware is here

• Waiting for opportunity/space

• Target installation: winter break

Network Access Control Expansion

• Already used in Res Halls

• Expanding to main campus: – Guest wireless

– LSC kiosks

– Some drop-in labs, checkout laptops

• Project kick-off this week, details soon

• Should improve guest, ease client config

• Possible testing in late fall

SSL Gateway

• Usage doubled since Cisco VPN retired (July) – Weekday peak 200+ concurrent

– Tracking any performance complaints – not many

– Recent tweaks for improved performance

SSL Gateway (cont’d)

• Reducing use of custom URLs – Subnet mangers now use regular URL too

• https://secure.colostate.edu

• Upgrading to version 7.2 early October – New version of Network Connect

– Manual installer on ACNS website if needed

Juniper Firewalls

• SSG series nearing End of Life

• Testing SSG-to-SRX VPN tunnel config

• Anticipate no more SSG ordering soon

• SRX uses more command line

NOC (Network Operations Center)

Greg Redder

"Apple makes elegant, easy-to-use devices and solutions and then cripples their usability in environments other than the Living Room,"

Said in regards to Apple’s Bonjour protocol and the petition to

Apple to fix it.

--Romeyn Prescott (http://www.networkworld.com/news/2012/080312-bonjour-petition-

261390.html?source=NWWNLE_nlt_daily_pm_2012-08-03)

Agenda

• Traffic Stats

• Wireless update

• Multicast

• Pending core upgrades

• Network Operations Policy and CIC updates

• Miscellaneous

Traffic Stats

• Internet Outages: 0

• Exceeding “2G” from the Internet daily – up from occasionally in the Spring.

• Core routers up: 2 years, 10 weeks

Wireless update

• Additions/upgrades

• csu-net5

• 5Ghz deployments

• Bonjour

Wireless update Additions/upgrades

• Facilities North(department upgrade)

• Ammons higher density support (department funding)

• OT higher density support (department funding)

• Drake Hall (building project)

• LSC Theatre (building project)

• UCA (UTFAB/department funding) – in progress

• Moby (UTFAB/department funding) – to be started after UCA

• Alder higher density support (department funding) – pending delivery

• ERL (building project – under construction)

• Aylesworth 3rd NW (department/UTFAB funding)

Wireless update csu-net5

Slowly being rolled out across campus…starting in Clark.

Wireless update 5Ghz deployments

• As a reminder – both 2.4GHz and 5.0GHz are subject to interference, but 5.0 much less so…for now!

• Newer Access Points-supporting more bandwidth

• Requiring much more dense deployments

• Continued UTFAB funding is up for discussion.

Wireless update Bonjour

• Apple protocol designed for home use. Not an enterprise solution.

• Desperately seeking solutions that will scale for the University.

Multicast

• Support

-careful config to avoid problems

• WDS

Multicast Support

• Multicast is a dangerous beast!

– Impact on bandwidth

• Buildings that undergo the VOIP certification and hence the Network Operations Policy standardization are configured to support multicast.

• Other networks…not so much!

Multicast WDS

Network related items to keep in mind:

• A gig connected server can swamp the LAN – building backbones are usually 1G. Throttle down the server (see following reference slides).

• Improper configuration, or on a non-supported network, may likely result in DoS of bandwidth for LAN members.

Multicast WDS

• Follow multicast best practices for multicast addresses:

239.82.your_subnet.x

(This won’t make it work any better but it sure will help us to track it when it doesn’t!)

• Going between buildings should work if both buildings have been VOIP certified – otherwise probably not or probably not well!

Multicast WDS

To throttle your multicast bandwidth usage:

• From the WDS MMC, open the Server Properties page. Go to the Network Settings Tab. Select the Custom network profile.

• In the registry, browse to HKLM\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSMC\Protocol and set the TpMaxBandwidth setting to something less than 100. It's the percentage of available bandwidth that the server uses.

Multicast WDS

• Reference link: http://allcomputers.us/windows_7/deploying-images-with-windows-deployment-services-(part-2)---adding-and-configuring-wds.aspx

Pending core upgrades

• NSF Grant – Upgrade core (backbone) to 40G and upgrade core

router processor/chassis/cards

– Add an additional 10G link to FRGP to dedicate primarily to research

– Create a research LAN infrastructure

– Dynamic Network System (DYNES) I2

Network Operations Policy and CIC update

• Code version standardization

• New switch access tools/notes

• Building update

• UPS

Net Operations Policy and CIC update Code version standardization

• Production code – – Used in E7, MDF switches

– Hopefully only upgraded once per year: Target of 5 9’s (<5.256 min downtime/yr)

• Candidate code – – Used in MDFs to address critical bugs

– Candidate for Production code

Network Operations Policy and CIC update New switch access tools/notes

• Read menus look different than write menus. – NOC is providing a list of useful show commands to

address this.

• Cut-n-paste doesn’t work when you telnet to switches. – NOC is researching workaround.

• New tool for network monitoring made available: Smokeping

Network Operations Policy and CIC update Building update

Buildings completed this Summer:

• South/West campus core

• Eddy (VOIP and CIC funding)

• Guggenheim (VOIP and CIC funding)

• Johnson (VOIP and CIC funding)

• Chemistry (VOIP, CIC and department funding)

• Drake Hall (Construction Project)

• Industrial Sciences Lab (VOIP funding)

• 555 S. Howes (VOIP, CIC and department funding)

• UCA (VOIP, CIC and department funding)

• Weber (CIC and department funding)

• Clark C (VOIP, CIC and department funding)

• Visual Arts (VOIP, CIC and department funding)

• Engr2

Network Operations Policy and CIC update Building update

Pending (this Fall)

• Moby (VOIP, CIC, and department funding)

– Academic and Training Center, McGraw, Indoor Practice Field

• Computer Science (VOIP)

• Student Services & Centennial Hall (VOIP, CIC funding)

• Education (VOIP, CIC and department funding)

• Forestry (VOIP, CIC and department funding)

• Wagar (VOIP, CIC and department funding)

• Natural Resources (VOIP, CIC and department funding)

• Microbiology (VOIP, CIC)

• Pathology (VOIP, CIC)

• Washington School (CIC, Construction project)

UPS

• Campus model funds UPS in MDF with 20 minute runtime. – Risk management

– Life/safety

Miscellaneous

• HP Switch special pricing good through 10/31.

• HP4000s no longer supported – – long since EOL

– fan tray failures

– run out of memory.

Basically, if they fail, NOC will recommend replacement with something made this millennium.

Next Subnet Managers Meeting:

Wednesday, November 28, 2012

10 AM – Noon

LSC 203 - 205

9/19/2012