connect • communicate • collaborate
Campus Best Practices
Vidar Faltinsen
GEANT3 Task Leader
UNINETT
Toulouse, 22nd November 2011
connect • communicate • collaborate
Je suis désolé
Je suis désolé,
mais cette présentation se fera en anglais.
Au moins, c’est mieux que le Norvégien ?
2
connect • communicate • collaborate
Les bonnes nouvelles
33
connect • communicate • collaborate
Agenda
About UNINETT and Norway
Introduction to GÉANT Campus Best Practices
Our Challenge
The Norwegian GigaCampus 2006-2009 Project
Campus Best Practices Results
Lessons Learned
Future Work
4
connect • communicate • collaborate
Norway in a nutshell
~5 mill inhabitants Scattered population
Many mountains and fjords
Shortest distance south to north: 1 752 km
Approx. 3 days by carIf we rotate Norway upside down the North Cape reaches Africa!
Coastline of 25 148 km ~62% of the length of the equator
5
connect • communicate • collaborate
Trondheim
66
connect • communicate • collaborate
About UNINETT
Norwegian NRENLegal entityOwned by the Ministry of Education and ResearchNon-profit organization100 employeesTasks
Operate national research networkAAI services (FEIDE)Top level DNS (.no)Coordinate ICT in HE
– Services– Campus infrastructure– Administrative systems– HPC
7
connect • communicate • collaborate
The UNINETT research network
Nationwide, high capacity (1-10 Gbps), open and resilient network.IPv6 and multicast enabled15 + 5 year IRU agreement on dark fibre and wavelenghtsMore than 70 PoPEstablished hybrid network infrastructure between the four major university cities.
40 universities and university collages> 200 institutions250.000 users
Equipment on NREN level:Juniper, Cisco, (HP)
Equipment at campus level:Cisco, HP, (Alcatel)
8
connect • communicate • collaborate
GÉANT: 2009-2013
9
4 year project
40 European countries
93 million Euro funding from EC
Divided into 45 tasks
Objective
Enable research communities across Europe to transform the way they collaborate
Enhance networks and services
Fight the “digital divide” across Europe
www.geant.net 9
connect • communicate • collaborate
Campus Best Practices- a task within GÉANT
10
Four countries:Norway (UNINETT)
Finland (CSC/Funet)
The Czech Republic (CESNET)
Serbia (AMRES)
3.5 man years per year
Objective
Address key challenges for campus networks
Organise working groups
Provide best practices
Disseminate results across Europe
10
connect • communicate • collaborate
The challenge
11
Thousands of universities across Europe…Same ICT challenges (more or less)
Why repeat the same mistakes?Why fall into the same pitfalls?
Spread your lessons learned!Disseminate your best practices!
Picture courtesy DMSP
11
connect • communicate • collaborate
But should universitiescompete or cooperate?
12
Compete on students
Cooperate on infrastructure
12
connect • communicate • collaborate
Accelerating Change
“We live in a moment of history where
change is so speeded up that we begin to see the present only when it is already disappearing.”
R.D. Laing
13
connect • communicate • collaborate
An example of useful cooperation: eduroam
14
How do we set up eduroam?
Radio planningWireless controller setupSecurityEncryption (802.1X)Radius setupUser database integration (AD/LDAP/other)Certificates (CA)Supporting smart phones / tabletsMonitoringetc, etc
Can we learn from others?
14
connect • communicate • collaborate
The NorwegianGigaCampus 2006 – 2009
15
One HE community – many campuses – common solutions
UNINETT Internet
15
Areas of focus:Physical infrastructureCampus networkingWireless infrastructureNetwork monitoringSecurityReal-time communications
Vision
connect • communicate • collaborate
Stakeholders
The GovernmentShowed responsibilityProvided initial funding
The NRENDedicated campus project teamFacilitatorGot happy customers
The UniversitiesParticipates in working groupsBenefits from results
16
connect • communicate • collaborate
Working methods
Workshops and working groups
Best practice documents
Advise and support
National procurement
processes
GigaCampus field trip
17
connect • communicate • collaborate
Working groups
Provide an arena for people working with similar technical campus challenges
Present and discuss challenges and solutions
Technical updates with campus focus
Discuss best (and worst) practices
Input for Best Practice Documents
18
connect • communicate • collaborate
Best practice documents
How are they produced?Facilitated in working groups (mainly)Active participation from NREN
How are they approved?Rough consensus in working groupsOpen hearing period of 4 weeksApproved by IT director at universities
Iterate withinworking group
NationalBPD
Nationalapproval
WorkinggroupDraft
Initialversion
19
connect • communicate • collaborate
Physical Infrastructure Best Practices (6 documents)
Common requirements for:1. Cabling (fibre and twisted pair)2. Data centers and network rooms3. Power supply (incl. UPS and generators)4. Ventilation and cooling 5. Fire detection and distinction
All major universities have participated in the workThe requirements are coordinated with building owners and will be used in future building projects
20
connect • communicate • collaborate
Recommended resilientcampus network design
2121
connect • communicate • collaborate
Recommendations for campus network monitoring
Deploy a set of tools
Open source works well
Integrate the tools
Use one alarm system
Focus on robustnessThe monitor should always work
SNMPv3 is most secure
v2c is ok with precautions
Notification system
Alarm system
Internalmonitor 1
internalalarms
PrioritiseFilterCorrelate
Personal alarm profiles- function of the time of day- choice of notification channel
Alarm Console
Aggregated alarms
Analysis
Various notification channels(email, SMS, IM, etc)
Pull
Push
}
Keep stateSuppress flapsAdopt hysteresis
} Coarsefilters
Internalmonitor N
Externalmonitor 1
Externalmonitor X
external alarms
22
connect • communicate • collaborate
NAVNetwork Administration Visualized
Network management system developed by UNINETT and NTNU since 1999.
Key featuresInventory information with topology
topology autodetectedL3, L2, per vlan
Status monitor with alarm system sms and email alarms
Client machine tracking IPv4 and IPv6based on ARP and bridge table data
Client machine detentionStatistics and graphing
Free software – GPLv2Debian packageVirtual appliance
http://metanav.uninett.no
http://metanav.uninett.no/
connect • communicate • collaborate
Recommended ICT securityarchitecture in Higer Education
2424
connect • communicate • collaborate
Recommended security policy
Security is:
80 % attitudes, knowledge, regulative measures
20 % technology
“Good IT security starts and ends with individuals,
not with firewalls, antivirus or IDS systems.
One rotten apple can destroy a whole box in no time,
and an apple with the crumbling decay rapidly”
Helge Skrivervik, myMAYDAY.com
Best practice recommendation is based on ISO 27002
Reduced to manageable level: from 100 -> 25 pages
25
connect • communicate • collaborate
Back to the European scene…
26
connect • communicate • collaborate
European support
EARNEST report on campus issues in 2008
52 recommendations – still relevant
“Strengthen
the collaboration
between National Research and Education Networking organisations and institutions
to improve the deployment of key services: …..co-ordinate working groups, …..”
27
connect • communicate • collaborate
EARNEST Report on Campus IssuesOn infrastructure and services
Set aggressive replacement policies for equipment with a maximum life expectancy of five years.
Adopt institution-wide specifications for networking infrastructure, including elements controlled by departments or faculties.
Ensure seamless end-to-end connectivity where a particular quality of service is required.
Provide support and training for performance optimisation, especially to the research community.
28
connect • communicate • collaborate
EARNEST Report on Campus Issues On Security
Adopt security measures that are appropriate for the purpose and do not hinder the effective use of the network.
Establish an institution-wide security team with a high degree of independence.
29
connect • communicate • collaborate
Campus Best PracticesWorking groups
30
Working groups in all countriesNREN facilitatesLocal languageJoint culture
Six areas of focus:Physical infrastructureCampus networking
IPv6, ligthpathsWireless infrastructureNetwork monitoringSecurityReal-time communications
30
connect • communicate • collaborate
Best Practice DocumentsPublished in English
Campus Best Practice documents:
http://www.terena.org/campus-bp/
(under Activities at terena.org)
(or google “Campus Best Practice”)
Currently 34 documents are translated to English and available
Announcements of new documents:
31
connect • communicate • collaborate
Dissemination
32
Organizing workshops at the
European level
Network monitoring
Real-time communications
IPv6
More to come
Present papers at conferences
European conferences
(TERENA, EUNIS, IEEE)
National conferences Our poster
32
connect • communicate • collaborate
Lessons learned [1]
Community building takes time
Establish an inner core of contributors
but allow hang-arounds (open membership)
Challenging for the working group leader to enforce progress (volunteering)
Key experts are usually very busy and have no time to write…
33
connect • communicate • collaborate
Lessons learned [2]
Initially the NREN should pick best practice topics.
Current challenges !
Prepare draft documents in advance
Gives best discussions
Do not write textbooks
The meeting grounds are highly valuable
informal talks
discussions on related topics.
34
connect • communicate • collaborate
Further work in Norway
Gigacampus 2006-2009
Customer survey => 90% wanted continuation
=> permanent campus activity
In addition a new initiative: eCampus 2011-2015
coherent nation-wide campus infrastructure
support the lecturer
Initial focus area:
– lecture recording
– large-scale use of videoconferencing
– mobile solutions
35
connect • communicate • collaborate
Further work in GÉANT
Continue to create Best Practice DocumentsExamples:
– 802.1X in wired networks (supporting Information Security)– Multicasting on campus (supporting more distributed lectures)– The legal aspects of wireless networks– IPv6 security in the local network– Network Security Monitoring and Behavior Analysis
Organise more European level workshopsNetwork Monitoring in Brno in April 2012
Organise training courses
Meeting with other NRENsShare experiencesHow to organise a campus program
36
connect • communicate • collaborate
Follow the Campus Best Practice 6 step Staircase
3737
Workshops to share experiences1
Working groups discuss best practices2
Make own national best practices3
Common national procurements4
Active counselling on campus5
Assist implementations on campus6
connect • communicate • collaborate
More information / Contact
GEANT3 NA3 Task 4: Campus Best Practiceshttp://www.geant.net/About_GEANT/Campus_Best_Practice/
http://www.terena.org/campus-bp/
Subscribe to announcements:
Please contact me
38
Des questions?
Top Related