FY ‘08 NETWORK PLANNING TASK FORCE

Fall Agenda Setting and Discussion09.17.07

NPTF FY ‘08 Members

■ Robin Beck, ISC■ Michael Palladino, ISC (Chair)■ Mark Aseltine / Mike Lazenka,

ISC■ Gary Delson/Geoff Filinuk, ISC■ Dave Millar, ISC■ Deke Kassabian / Melissa Muth,

ISC■ Chris Bradie /Dave Carrol,

Business Services■ Doug Berger / Manuel Pena,

Housing and Conference Services■ Cathy DiBonaventura/Rick

Haverkamp, School of Design■ Helen Anderson, SEAS■ Brian Doherty, SAS■ John Irwin, GSE■ Ira Winston, SEAS, SAS, Design

■ Deirdre Woods /Dan Alig, Wharton

■ Mary Alice Annecharico /Mike Herzog, SOM

■ Rich Cardona, Annenberg■ Kayann McDonnell, Law■ Donna Milici, Nursing■ Ken McCardle, Vet School■ Jeff Fahnoe, Dental■ Grover McKenzie, Library■ Mary Spada, VPUL■ Marilyn Spicer, College Houses■ Joseph Shannon, Div. of

Finance■ Steve Stines /Dominic

Pasqualino, OAC■ Marilyn Jost, FRES■ Michael Weaver, Budget Mgmt.

Analysis

2

Agenda3

■ Defining the NPTF process for FY ’08■ Topics gathered thus far■ Additional discussion■ Setting the Fall agenda

NPTF Meeting Schedule – FY ‘08

4

■ 1:30-3:00pm in 337A Conference Room, 3rd floor of 3401 Walnut Street

■ Process ■ Intake and Current Status Review – July 16■ Agenda Setting & Discussion - September 17■ Strategy Discussions - October 1■ Security Strategy Discussions - October 15 ■ Strategy Discussions - October 29 ■ Prioritization - November 5 ■ Rate Setting – November 19

NPTF Process Feedback5

■ Too much information is crammed into too short a timeframe. ■ We don’t get enough time to prioritize things in the Fall.■ We don’t get enough time to discuss financial decisions with our

deans before our budgets are due.■ Is it possible to see the projected budget in September so that

we know how much discretionary money there is before we start?

■ Suggestions:■ Finish Fall process in early November.■ Hold fewer meetings in the Fall (3-4 total)■ Hold off-season meetings (2) to discuss strategic items■ Hold off-season meetings (2) for a closer review of operational

items.■ Do a review of where N&T resources are going for services and R&D.

■ Do a survey to get more formal feedback on current services.

■ “Polish” current services like VoIP before spending more time on new ones.

NPTF Security Feedback

■ Security is the “beast” that ate NPTF■ Is NPTF the right place to discuss it?■ Is there other centralized money for it?

■ We need to see a multi-year security strategy■ What is the budget impact of it centrally (charged

by ISC if any) and locally to schools.■ What is the budget impact of various security

policies?

6

FY ‘09 Price Setting7

■ We will re-evaluate pricing for:■ 10 Mbps ($6.03)■ 100 Mbps ($7.03)■ 1000 Mbps ($30)■ vLANs ($2.50)■ Wireless ($27)■ VoIP/ Voicemail/ IM■ Video services■ Analog voice services■ Central Service Fee (headcount and IP addresses)

N&T Operational Initiatives for FY ’08

8

■ Next Generation PennNet■ Gigabit building/subnet connections (router ports)■ Single-mode fiber to buildings (new pathway if

necessary)■ Redundant building/subnet connections

■ Customer Service■ Online, self-service intake for voice and data orders/

Service Order Intake (SOI)■ Always striving for better communications and

feeling the urgency in your requests■ Wireless■ Expand 802.1x authentication to all wireless

PennNet areas where current web authentication exists for wireless-PennNet. (Dual SSIDs)

Strategic Discussions for FY ’08

9

■ Communication Names■ Develop infrastructure necessary to implement

Communication Names in order to support longer and more meaningful user names for email and other electronic communications.

■ Complete name space clean up■ Augment PennNames to support Communication Names■ Develop application to create Communication Names■ Create web interface to allow authorized users to lookup,

add, modify and delete Communication Names■ Create API to allow authorized applications to lookup, add,

modify and delete Communication Names■ Modify Penn Community to store Communication Names■ Should we do cost estimates on this project?

■ Wireless■ Seamless roaming■ 802.1x only (visitors)■ Earthlink as wireless overlay. Outsource outside?

Strategic Discussions for FY ’08 (Contd.)

10

■ Integrated Communications■ VoIP■ Softphones■ IM■ VoIP redundancy & scheduled down-time

■ Video Strategy■ Digital video■ Desktop teleconferencing

■ File sharing and archiving/Flexible method for sharing data■ How broadly and on what time line should PennNet Gateway

(scan and block) be deployed once it is fully ready? Or as desktop/laptop operating systems with automated security updates become common, does PennNet Gateway become a lower priority?

■ What should the timing be for a single campus-wide network access control for both wired and wireless networks?

■ Can we enhance perimeter intrusion detection?■ UPS on all network electronics■ Cell phone coverage in buildings

FY ‘08 Security Goals11

■ Compliance: Roll out the Security and Privacy Impact Assessment (SPIA) process, in conjunction with Penn’s Privacy Office to better manage University-wide IT security and privacy risk to 8-12 schools & centers.

■ Prevention: Establish Penn LSP security training & certification (computer based training and testing) and conduct security technology training for 3 – 5 topics. New employee online security and privacy awareness training.

■ Identity Management■ Security Assessment: Engage with Oracle Corporation to review

database security and identity management infrastructure to ensure timely and secure access to Penn enterprise IT resources

■ Develop a plan for next generation PennKey.■ Implement Shibboleth for federated identity.■ Build and deploy a central authorization system to minimize the

risk of exposing sensitive data and/or violation of policy or law 

FY ‘08 Security Goals (Continued)

■ Select a recommended product for stored data encryption■ Should we do centralized key escrow?

■ Limit SSN availability through Data Warehouse

■ Develop strategy documents: ■ Develop logging best practices in conjunction with HARTS team■ Beyond passwords, next steps for authentication ■ Personal device security■ Subnet level intrusion detection

■ Pennnet Gateway: Help prevent compromised systems from spreading malware on the network and avoid increased support needs for incidence response■ Pilot deployment for College Houses, Sansom Place and

GreekNet wireless areas and possibly two other schools and centers.

12

Possible FY ‘09 Security Goals

13

■ Year three of four-year SPIA rollout.■ Identity Management

■ Extend Authorization system’s group management capability to include privilege management.

■ Online provisioning for Penn administrative applications.■ Implement first phase of Next Generation PennKey■ Implement security event logging■ Logging policy (protecting against brute force attacks)

■ Pilot Critical Host Vulnerability Management agent and Compliance Reporting.

■ PennNet Gateway: full roll out to residential system ■ Review campus A/V strategy vs. Host-Based Intrusion

Prevention. Compare Symantec with alternatives.■ Campus-wide all staff (then faculty) security and privacy

awareness online training.

Additional Discussion14

■ What have we missed that is critical to be done in FY ‘08 or planned for now to do in FY’09 and beyond?

■ What can we eliminate?■ Bluesocket wireless authentication. ■Can we move 100% to 802.1x by Fall ’08?

■Netnews

IT Roundtable Topics15

■ Benchmarking with peers■ Trailing Edge■ Leading Edge

■ Data Center/ Facilities Management■ Research Computing■ Email■ Content Management