subnet managers meeting - colorado state university · pdf file–recent tweaks for...
TRANSCRIPT
Agenda
• Possibility of outsourcing faculty/staff email
– Ed Peyronnin
• VOIP Update – Dave Hoffman
• Campus Cloud Update – Joe Volesky
• Exchange/Outlook Performance – Lance Baatz
• Licensing Updates – Diane Noren
9/19/2012
Agenda (con’t)
• Echo 360 Update – Mike Willard
• RamCT Blackboard – Kevin Nolan
• Middleware Update – Randy Miotke
• Security Update – Steve Lovaas
• Network Operations Center – Greg Redder
9/19/2012
Possible Email/Calendar Outsource
• Email/Calendar Outsource Committee
• A campus-wide committee has begun to explore options for outsourcing faculty and staff email and calendar
– Members: Scott Baily (Chair), Neal Lujan, Robin McGee, Scott Novogoratz, Ed Peyronnin, Chris Seng
– All university mail servers would be shut down (Exchange, lamar, etc.) in the event that the committee decides to migrate to a third party
9/19/2012
Possible Email Outsource (con’t)
• Exploring options such as Google and Microsoft. – Maintain first.last convention
• Option should be free to campus.
• A report is due to the VP IT 1 November
• July 2013 is the earliest that the migration could occur
• More information can be found: http://www.acns.colostate.edu/IAC/EmailOutsourcing
Please send feedback to Scott Baily
9/19/2012
VOIP…CIC…Construction
Funding Methods – CIC: Upgrade building MDFs to dual 1G links
– VOIP: Upgrade all network infrastructure to support VOIP
– Construction Projects: new buildings or remodels/additions
As we move forward: VOIP/NOC is trying to synchronize the three funding sources such that we only go into a building once and completely
“VOIP Certify” it.
9/19/2012
“VOIP Certification” (From the NOC’s perspective)
• Upgraded, server class switch in MDF with dual 1G links to campus core.
• All switches brought up to standards
• Cables color coded, labeled
• Power over Ethernet (PoE) provided
• Documentation, monitoring, inventory
• Network Operations Policy adhered to
9/19/2012
VoIP Progress – Main Campus
Legend
Completed
VoIP Certified: Installing phones
Network Upgrades in progress
Next to start
9/19/2012
VOIP Off Campus Progress
Complete
RIC
Sterling
475 17th St, Denver
University Services Center
Drake Hall
Engines Lab
CVMBS part of Lake & Center Parking Garage
In Process
UCA
555 Howes St
Washington School
Board of Governors - Denver
9/19/2012
• VOIP Phones Installed
– 1200
• Phones Remaining
– 11,000
• Percent Complete
– 10%
• Goal by Year End (Calendar 2012)
– 1800 Phones installed – 14% Complete
9/19/2012
Campus Cloud Update
• Joe Volesky – ACNS
• ACNS VM Hosting service deployed
• http://campuscloud.colostate.edu
• Information on pricing, storage and how to sign up for the service.
• Questions? Send to [email protected]
9/19/2012
Exchange/Outlook Performance
• Lance Baatz – ACNS
• Uptick in some issues with Central Exchange
– Added memory
– Worked with MS Support
– Run Outlook in cache mode vs. online
9/19/2012
RAMtech Licensing
Acrobat Pro Site License –Need FTE counts by end of Month
–Estimated Cost $9.00 per FTE
ChemOffice –Will be contacting Departments for billing
EndNote – Prices will stay the same
–Cost $50.00 per computer
– Endnote X 6.0 coming soon
9/19/2012
Licensing (con’t)
Microsoft Campus Agreement –Will be contacting Departments for billing
Mountain Lion OS –Cost $9.99 per computer
Symantec Anti-virus –2 year contract
– Prices will stay the same
–Cost $3.61 per computer
9/19/2012
Echo 360
• Mike Willard – ACNS
• Quiet Rollout
– 60 captures/day
• Appliance vs. Personal Capture (software)
• RamCT Bb Integration
• Help website:
http://help.echo.colostate.edu
9/19/2012
RamCT Blackboard
• Transition complete
• Few OnLine Plus courses finishing up on OLD RamCT.
• Old RamCT expected to be available through May 2012.
• Mobile app available from Apple App and Google Play Store
9/19/2012
Middleware Update
• More CSU Mobile Apps available
http://apps.colostate.edu/
• Shibboleth Update
9/19/2012
Security
• Pending password policy change
• New firewalls for datacenter
• Safe*Connect NAC expansion
• SSL gateway update
• Juniper firewalls: SSG to SRX
9/19/2012
Pending Password Policy Change
• IAM Committee, InCommon Silver Certification – 15-character minimum
– No complexity requirements
– Dictionary check
– 1-year refresh
– 1-hour lockout after 14 consecutive failures
• Will apply to all eIDs (including students)
• Approved by IAC – Drafting language for IT Security Policy
– Possibly for summer 2013
eurofootballfan
Ppi+p9d0
New Datacenter Firewalls
• Two Juniper SRX 5800s
• Hardware is here
• Waiting for opportunity/space
• Target installation: winter break
Network Access Control Expansion
• Already used in Res Halls
• Expanding to main campus: – Guest wireless
– LSC kiosks
– Some drop-in labs, checkout laptops
• Project kick-off this week, details soon
• Should improve guest, ease client config
• Possible testing in late fall
SSL Gateway
• Usage doubled since Cisco VPN retired (July) – Weekday peak 200+ concurrent
– Tracking any performance complaints – not many
– Recent tweaks for improved performance
SSL Gateway (cont’d)
• Reducing use of custom URLs – Subnet mangers now use regular URL too
• https://secure.colostate.edu
• Upgrading to version 7.2 early October – New version of Network Connect
– Manual installer on ACNS website if needed
Juniper Firewalls
• SSG series nearing End of Life
• Testing SSG-to-SRX VPN tunnel config
• Anticipate no more SSG ordering soon
• SRX uses more command line
NOC (Network Operations Center)
Greg Redder
"Apple makes elegant, easy-to-use devices and solutions and then cripples their usability in environments other than the Living Room,"
Said in regards to Apple’s Bonjour protocol and the petition to
Apple to fix it.
--Romeyn Prescott (http://www.networkworld.com/news/2012/080312-bonjour-petition-
261390.html?source=NWWNLE_nlt_daily_pm_2012-08-03)
Agenda
• Traffic Stats
• Wireless update
• Multicast
• Pending core upgrades
• Network Operations Policy and CIC updates
• Miscellaneous
Traffic Stats
• Internet Outages: 0
• Exceeding “2G” from the Internet daily – up from occasionally in the Spring.
• Core routers up: 2 years, 10 weeks
Wireless update Additions/upgrades
• Facilities North(department upgrade)
• Ammons higher density support (department funding)
• OT higher density support (department funding)
• Drake Hall (building project)
• LSC Theatre (building project)
• UCA (UTFAB/department funding) – in progress
• Moby (UTFAB/department funding) – to be started after UCA
• Alder higher density support (department funding) – pending delivery
• ERL (building project – under construction)
• Aylesworth 3rd NW (department/UTFAB funding)
Wireless update 5Ghz deployments
• As a reminder – both 2.4GHz and 5.0GHz are subject to interference, but 5.0 much less so…for now!
• Newer Access Points-supporting more bandwidth
• Requiring much more dense deployments
• Continued UTFAB funding is up for discussion.
Wireless update Bonjour
• Apple protocol designed for home use. Not an enterprise solution.
• Desperately seeking solutions that will scale for the University.
Multicast Support
• Multicast is a dangerous beast!
– Impact on bandwidth
• Buildings that undergo the VOIP certification and hence the Network Operations Policy standardization are configured to support multicast.
• Other networks…not so much!
Multicast WDS
Network related items to keep in mind:
• A gig connected server can swamp the LAN – building backbones are usually 1G. Throttle down the server (see following reference slides).
• Improper configuration, or on a non-supported network, may likely result in DoS of bandwidth for LAN members.
Multicast WDS
• Follow multicast best practices for multicast addresses:
239.82.your_subnet.x
(This won’t make it work any better but it sure will help us to track it when it doesn’t!)
• Going between buildings should work if both buildings have been VOIP certified – otherwise probably not or probably not well!
Multicast WDS
To throttle your multicast bandwidth usage:
• From the WDS MMC, open the Server Properties page. Go to the Network Settings Tab. Select the Custom network profile.
• In the registry, browse to HKLM\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSMC\Protocol and set the TpMaxBandwidth setting to something less than 100. It's the percentage of available bandwidth that the server uses.
Multicast WDS
• Reference link: http://allcomputers.us/windows_7/deploying-images-with-windows-deployment-services-(part-2)---adding-and-configuring-wds.aspx
Pending core upgrades
• NSF Grant – Upgrade core (backbone) to 40G and upgrade core
router processor/chassis/cards
– Add an additional 10G link to FRGP to dedicate primarily to research
– Create a research LAN infrastructure
– Dynamic Network System (DYNES) I2
Network Operations Policy and CIC update
• Code version standardization
• New switch access tools/notes
• Building update
• UPS
Net Operations Policy and CIC update Code version standardization
• Production code – – Used in E7, MDF switches
– Hopefully only upgraded once per year: Target of 5 9’s (<5.256 min downtime/yr)
• Candidate code – – Used in MDFs to address critical bugs
– Candidate for Production code
Network Operations Policy and CIC update New switch access tools/notes
• Read menus look different than write menus. – NOC is providing a list of useful show commands to
address this.
• Cut-n-paste doesn’t work when you telnet to switches. – NOC is researching workaround.
• New tool for network monitoring made available: Smokeping
Network Operations Policy and CIC update Building update
Buildings completed this Summer:
• South/West campus core
• Eddy (VOIP and CIC funding)
• Guggenheim (VOIP and CIC funding)
• Johnson (VOIP and CIC funding)
• Chemistry (VOIP, CIC and department funding)
• Drake Hall (Construction Project)
• Industrial Sciences Lab (VOIP funding)
• 555 S. Howes (VOIP, CIC and department funding)
• UCA (VOIP, CIC and department funding)
• Weber (CIC and department funding)
• Clark C (VOIP, CIC and department funding)
• Visual Arts (VOIP, CIC and department funding)
• Engr2
Network Operations Policy and CIC update Building update
Pending (this Fall)
• Moby (VOIP, CIC, and department funding)
– Academic and Training Center, McGraw, Indoor Practice Field
• Computer Science (VOIP)
• Student Services & Centennial Hall (VOIP, CIC funding)
• Education (VOIP, CIC and department funding)
• Forestry (VOIP, CIC and department funding)
• Wagar (VOIP, CIC and department funding)
• Natural Resources (VOIP, CIC and department funding)
• Microbiology (VOIP, CIC)
• Pathology (VOIP, CIC)
• Washington School (CIC, Construction project)
Miscellaneous
• HP Switch special pricing good through 10/31.
• HP4000s no longer supported – – long since EOL
– fan tray failures
– run out of memory.
Basically, if they fail, NOC will recommend replacement with something made this millennium.