Connect communicate collaborate Campus Best Practices Vidar Faltinsen GEANT3 Task Leader UNINETT Toulouse, 22nd November 2011

connect • communicate • collaborate

Campus Best Practices

Vidar Faltinsen

GEANT3 Task Leader

UNINETT

Toulouse, 22nd November 2011


Je suis désolé

Je suis désolé,

mais cette présentation se fera en anglais.

Au moins, c’est mieux que le Norvégien ?

2


Les bonnes nouvelles

33


Agenda

About UNINETT and Norway

Introduction to GÉANT Campus Best Practices

Our Challenge

The Norwegian GigaCampus 2006-2009 Project

Campus Best Practices Results

Lessons Learned

Future Work

4


Norway in a nutshell

~5 mill inhabitants Scattered population

Many mountains and fjords

Shortest distance south to north: 1 752 km

Approx. 3 days by carIf we rotate Norway upside down the North Cape reaches Africa!

Coastline of 25 148 km ~62% of the length of the equator

5


Trondheim

66


About UNINETT

Norwegian NRENLegal entityOwned by the Ministry of Education and ResearchNon-profit organization100 employeesTasks

Operate national research networkAAI services (FEIDE)Top level DNS (.no)Coordinate ICT in HE

– Services– Campus infrastructure– Administrative systems– HPC

7


The UNINETT research network

Nationwide, high capacity (1-10 Gbps), open and resilient network.IPv6 and multicast enabled15 + 5 year IRU agreement on dark fibre and wavelenghtsMore than 70 PoPEstablished hybrid network infrastructure between the four major university cities.

40 universities and university collages> 200 institutions250.000 users

Equipment on NREN level:Juniper, Cisco, (HP)

Equipment at campus level:Cisco, HP, (Alcatel)

8


GÉANT: 2009-2013

9

4 year project

40 European countries

93 million Euro funding from EC

Divided into 45 tasks

Objective

Enable research communities across Europe to transform the way they collaborate

Enhance networks and services

Fight the “digital divide” across Europe

www.geant.net 9


Campus Best Practices- a task within GÉANT

10

Four countries:Norway (UNINETT)

Finland (CSC/Funet)

The Czech Republic (CESNET)

Serbia (AMRES)

3.5 man years per year

Objective

Address key challenges for campus networks

Organise working groups

Provide best practices

Disseminate results across Europe

10


The challenge

11

Thousands of universities across Europe…Same ICT challenges (more or less)

Why repeat the same mistakes?Why fall into the same pitfalls?

Spread your lessons learned!Disseminate your best practices!

Picture courtesy DMSP

11


But should universitiescompete or cooperate?

12

Compete on students

Cooperate on infrastructure

12


Accelerating Change

“We live in a moment of history where

change is so speeded up that we begin to see the present only when it is already disappearing.”

R.D. Laing

13


An example of useful cooperation: eduroam

14

How do we set up eduroam?

Radio planningWireless controller setupSecurityEncryption (802.1X)Radius setupUser database integration (AD/LDAP/other)Certificates (CA)Supporting smart phones / tabletsMonitoringetc, etc

Can we learn from others?

14


The NorwegianGigaCampus 2006 – 2009

15

One HE community – many campuses – common solutions

UNINETT Internet

15

Areas of focus:Physical infrastructureCampus networkingWireless infrastructureNetwork monitoringSecurityReal-time communications

Vision


Stakeholders

The GovernmentShowed responsibilityProvided initial funding

The NRENDedicated campus project teamFacilitatorGot happy customers

The UniversitiesParticipates in working groupsBenefits from results

16


Working methods

Workshops and working groups

Best practice documents

Advise and support

National procurement

processes

GigaCampus field trip

17


Working groups

Provide an arena for people working with similar technical campus challenges

Present and discuss challenges and solutions

Technical updates with campus focus

Discuss best (and worst) practices

Input for Best Practice Documents

18


Best practice documents

How are they produced?Facilitated in working groups (mainly)Active participation from NREN

How are they approved?Rough consensus in working groupsOpen hearing period of 4 weeksApproved by IT director at universities

Iterate withinworking group

NationalBPD

Nationalapproval

WorkinggroupDraft

Initialversion

19


Physical Infrastructure Best Practices (6 documents)

Common requirements for:1. Cabling (fibre and twisted pair)2. Data centers and network rooms3. Power supply (incl. UPS and generators)4. Ventilation and cooling 5. Fire detection and distinction

All major universities have participated in the workThe requirements are coordinated with building owners and will be used in future building projects

20


Recommended resilientcampus network design

2121


Recommendations for campus network monitoring

Deploy a set of tools

Open source works well

Integrate the tools

Use one alarm system

Focus on robustnessThe monitor should always work

SNMPv3 is most secure

v2c is ok with precautions

Notification system

Alarm system

Internalmonitor 1

internalalarms

PrioritiseFilterCorrelate

Personal alarm profiles- function of the time of day- choice of notification channel

Alarm Console

Aggregated alarms

Analysis

Various notification channels(email, SMS, IM, etc)

Pull

Push

}

Keep stateSuppress flapsAdopt hysteresis

} Coarsefilters

Internalmonitor N

Externalmonitor 1

Externalmonitor X

external alarms

22


NAVNetwork Administration Visualized

Network management system developed by UNINETT and NTNU since 1999.

Key featuresInventory information with topology

topology autodetectedL3, L2, per vlan

Status monitor with alarm system sms and email alarms

Client machine tracking IPv4 and IPv6based on ARP and bridge table data

Client machine detentionStatistics and graphing

Free software – GPLv2Debian packageVirtual appliance

http://metanav.uninett.no

http://metanav.uninett.no/


Recommended ICT securityarchitecture in Higer Education

2424


Recommended security policy

Security is:

80 % attitudes, knowledge, regulative measures

20 % technology

“Good IT security starts and ends with individuals,

not with firewalls, antivirus or IDS systems.

One rotten apple can destroy a whole box in no time,

and an apple with the crumbling decay rapidly”

Helge Skrivervik, myMAYDAY.com

Best practice recommendation is based on ISO 27002

Reduced to manageable level: from 100 -> 25 pages

25


Back to the European scene…

26


European support

EARNEST report on campus issues in 2008

52 recommendations – still relevant

“Strengthen

the collaboration

between National Research and Education Networking organisations and institutions

to improve the deployment of key services: …..co-ordinate working groups, …..”

27


EARNEST Report on Campus IssuesOn infrastructure and services

Set aggressive replacement policies for equipment with a maximum life expectancy of five years.

Adopt institution-wide specifications for networking infrastructure, including elements controlled by departments or faculties.

Ensure seamless end-to-end connectivity where a particular quality of service is required.

Provide support and training for performance optimisation, especially to the research community.

28


EARNEST Report on Campus Issues On Security

Adopt security measures that are appropriate for the purpose and do not hinder the effective use of the network.

Establish an institution-wide security team with a high degree of independence.

29


Campus Best PracticesWorking groups

30

Working groups in all countriesNREN facilitatesLocal languageJoint culture

Six areas of focus:Physical infrastructureCampus networking

IPv6, ligthpathsWireless infrastructureNetwork monitoringSecurityReal-time communications

30


Best Practice DocumentsPublished in English

Campus Best Practice documents:

http://www.terena.org/campus-bp/

(under Activities at terena.org)

(or google “Campus Best Practice”)

Currently 34 documents are translated to English and available

Announcements of new documents:

[email protected]

31


Dissemination

32

Organizing workshops at the

European level

Network monitoring

Real-time communications

IPv6

More to come

Present papers at conferences

European conferences

(TERENA, EUNIS, IEEE)

National conferences Our poster

32


Lessons learned [1]

Community building takes time

Establish an inner core of contributors

but allow hang-arounds (open membership)

Challenging for the working group leader to enforce progress (volunteering)

Key experts are usually very busy and have no time to write…

33


Lessons learned [2]

Initially the NREN should pick best practice topics.

Current challenges !

Prepare draft documents in advance

Gives best discussions

Do not write textbooks

The meeting grounds are highly valuable

informal talks

discussions on related topics.

34


Further work in Norway

Gigacampus 2006-2009

Customer survey => 90% wanted continuation

=> permanent campus activity

In addition a new initiative: eCampus 2011-2015

coherent nation-wide campus infrastructure

support the lecturer

Initial focus area:

– lecture recording

– large-scale use of videoconferencing

– mobile solutions

35


Further work in GÉANT

Continue to create Best Practice DocumentsExamples:

– 802.1X in wired networks (supporting Information Security)– Multicasting on campus (supporting more distributed lectures)– The legal aspects of wireless networks– IPv6 security in the local network– Network Security Monitoring and Behavior Analysis

Organise more European level workshopsNetwork Monitoring in Brno in April 2012

Organise training courses

Meeting with other NRENsShare experiencesHow to organise a campus program

36


Follow the Campus Best Practice 6 step Staircase

3737

Workshops to share experiences1

Working groups discuss best practices2

Make own national best practices3

Common national procurements4

Active counselling on campus5

Assist implementations on campus6


More information / Contact

GEANT3 NA3 Task 4: Campus Best Practiceshttp://www.geant.net/About_GEANT/Campus_Best_Practice/

http://www.terena.org/campus-bp/

[email protected]

Subscribe to announcements:

[email protected]

Please contact me

[email protected]

38

Des questions?