STRATEGY SESSION AUGUST 11, 2008
UNIFIED COMMUNICATIONSWIRELESS
PROPOSED WIRELESS GUEST IP FUNDING MODEL
NETWORK PLANNING TASK FORCE
1
NPTF Meeting dates
February 18-Operational review (Completed) April 21- Security strategy session (Completed) July 21-Updates & planning discussions (Completed) August 11- Strategy discussions September 15- Security strategy discussion October 6- Strategy discussions/preliminary rates
(ADDED) October 20- Strategy discussion November 3- FY’10 Finalize rate setting
2
NPTF Fall Meeting Topics
September 15 (Dave Millar) Security Strategy Discussion
October 6 (Deke, Mark, Mike) Intrusion detection
Perimeter (Next Generation Arbor) Local ID
NGP update-buildings with dual feed and single-mode fiber NGP discussion-buildings planned for dual feed and single-mode
fiber Preliminary rates
October 20 (Jim Choate) Strong Authentication Central authorization Secure file transfer
November 3 (Mike) Finalize rate setting
3
Unified Communications Updatebringing many modes of communications together
4
AgendaAgenda
OverviewUpdate on EmailUpdate on IMUpdate on Voice over IP
5
Communicating TodayCommunicating Today
We accept artificial barriers in our communication. Oddly, we think of it as natural. Faxes are sent between two people, each with a
fax machine. Telephone calls are made between two people
using telephones. Email is sent from one person on a computer to
another.We even spend time communicating about
communicating Calling each other to arrange to send a fax Sending email to set up a conference call Instant messaging to set up a phone call, etc.
6
Unified CommunicationsUnified Communications
Unified Communications is the idea that the dividing lines may fade and even disappear.
By bringing together many forms of communication, we can communicate naturally and efficiently
Unified communications allows us to Send email to another person’s fax machine Have phone calls using PDAs or laptop computers Move a conversation seamlessly from Instant
Messaging to a phone call to a video conference on personal computers or high function handhelds
7
Many communications mediaMany communications media
Email Phone
Vid Conf& Other
Fax
IM
8
Communications UnifiedCommunications Unified
Email Voice
Vid
Con
f&
Oth
er
Fax
IM
Presence
Communications tools linked to each other, and influenced by “Presence”.
9
Update on Email and IMUpdate on Email and IM
ExchangeZimbraJabber
10
ExchangeExchange
In production since July 2007 10 servers comprising the Exchange
service Site replicated in Levy and Nichols
campus data centers2,759 users, with over 480 using
handheld devicesDefault user quota size is 250 MB (about
700 users have purchased higher disk quotas)
11
Exchange Service FeaturesExchange Service Features
Email, Calendar and Tasks in a unified interface through Outlook, Entourage and Outlook Web Access (Webmail)
POP and IMAP access for Penn’s supported mail clients
Flexible addressing ([email protected], [email protected])
Mobile device support for Blackberry and ActiveSync
250 MB base quota, with upgrades available to 1.75 GB
Account Management for LSP access to account creation, quota changes, Blackberry provisioning, account status query, etc.
12
ZimbraZimbra
A Replacement for the Pobox Classic service Modern, open standards-based collaboration
suite Rolled out end of July 2008 8 servers comprising the Zimbra service Site replicated in Levy and ModV campus
NAPsSoon 15,000 customers, many handheld
devicesDefault user quota size is 250 MB
13
Zimbra Service FeaturesZimbra Service Features
Email, Calendar, Tasks and more in a unified web interface
POP and IMAP access for Penn’s supported mail clients
Calendar access via web, and through Mozilla and Apple tools
Flexible addressing ([email protected], [email protected])
Mobile device support for major handhelds250 MB base quota, with upgrades available to 1.75
GBLow price point of PoboxZimbra and Exchange will share calendar
“free/busy” time by end of CY2008.
14
Update on Instant MessagingUpdate on Instant Messaging
Penn operated IM service with local addressingBased on open standard xmpp/jabber protocolIdentity assurance using PennKeyData path and data storage protection and policyClients for MacOS and Windows. All can connect
to both campus Jabber servers and commodity services like AIM and Yahoo Messenger
Pilot service ran for over a yearIn production as of July 2008
15
Update on Voice over IPUpdate on Voice over IP
VoIP overviewVerizon HIPC evaluationCurrent PennNet Phone DeploymentsRecent developments with PennNet PhoneFuture PennNet Phone development plans
16
VoIP OverviewVoIP Overview
VoIP in worldwide communications Major player in Long Distance / IXC service Retail services like Vonage SIP trunking services to enterprises
Enterprise VoIP options Cisco Call Manager Avaya and other vendor solutions IP Centrex (such as Verizon HIPC) Open source VoIP
17
Verizon Hosted IP CentrexVerizon Hosted IP Centrex
“Hosted” (not “managed”) service in Verizon Network
Uses feature-rich Broadworks softwareLocal phone provisioning and configuration
management handled by enterpriseBack-end handled by VerizonVerizon has only small deployments to datePenn had a very mixed experience in a 90 day
trial Many good features Others did not work as advertised or at all Long delays to get phones into service Some unexplained outages Not a “full outsourced” solution. Penn would still
have significant costs and responsibilities Over a year of joint development necessary before we
could roll it out widely on campus. Decision made to stay with PennNet Phone only for
now.
18
PennNet Phone TodayPennNet Phone Today
Production-grade, enterprise VoIP Services Redundant servers, gateways and PRIs 24x365 monitoring and management Single-line features, email/voicemail
integration911 support equal to traditional systemLocation information able to be updated via
webRoughly 1,500 VoIP phones in full productionMore than 80 LSPs involved today
19
PennNet Phone TopologyPennNet Phone Topology20
Features and Issues Web PagesFeatures and Issues Web Pages
Current Features:www.upenn.edu/computing/voice/voip/features/
Known Issues:www.upenn.edu/computing/voice/voip/lsp/
known_issues.html
Planned Features:www.upenn.edu/computing/voice/voip/features/
planned_features.html
21
Recent Fixes and Coming Recent Fixes and Coming Feature Feature ReleasesReleases
Recently fixed a long-standing Consultative Call Transfer problem
Currently in test/pilot Call Hunting Forward on ring-no-answer Forward on busy
Planned Feature Release Bridged Line Appearance with Busy Indicator Find me/Follow me Set Ring Delay before voicemail Direct transfer to voice mailbox
22
VoicemailVoicemail
PennNet Phone uses the popular voicemail service from Digium
Asterisk is an open source project. Penn has contributed code to the project to implement many features important to our users
A very basic version is in use today with PennNet Phone (about 1500 users)
A more feature rich version is available to pilot users (about 150 users)
An advanced version is in internal testing, with a very large set of Octel features.
Full unified messaging has been developed. When you listen to your new voicemail through your e-mail client, your message waiting indicator will turn off!
23
Telephony at Penn Going Telephony at Penn Going ForwardForward
Centrex remains the primary telephony service to thousands of campus customers today
PennNet Phone is the direction forward for flexibility, application integration and ultimately for cost management
The transition will take place over several years
24
VoIP Handsets, Today and VoIP Handsets, Today and TomorrowTomorrow
Cisco 7940 and 7960 phones today
Polycom 320, 550, 650 and 4000 coming
Cisco 7940
Polycom 320
Polycom 550 and 650 Polycom 4000
25
26
ISC Telecommunications (PennNet Phone)
Phone (Roadmap)27
Next generation PennNet phone program resumes November 2008 ISC recommends to upgrade existing Cisco phones with Polycom
phones Larger rollout planned for January 2009 Lunch-time learning sessions planned for LSP(s); moving forward
quarterly sessions offered to communicate feature updates
ISC Telecommunications (PennNet Phone)
28
http://www.upenn.edu/computing/voice/
29
Polycom Features
Feature Description
Speed Dial Support an increased list of frequently dialed numbers
Ring Tones Ring tone per telephone number; and ability to turn ring tone off (silent ring) per telephone number
Drop One leg of 3-way Call
Ability to drop the third leg of a conference call
Clear Call History
Ability to erase call history on phone without power cycling set
Manage contacts on a phone
Save a number by name; and then search by name. Local contacts database specific to the phone
DND, Hold and Redial buttons on set
Ease of use
Better Display Higher resolution, back-lighting, etc.
ISC Telecommunications (PennNet Phone)
ISC Telecommunications Support30
Traditional Telephone and Voice Mail Service e-mail [email protected] or call (215) 746-
6000
PennNet Phone and Voice Mail Service (Consult your Local Support Provider)
http://www.upenn.edu/computing/voice/lsp/index.html ISC Provider Desk
http://www.upenn.edu/computing/prodesk/
Wireless Update
Current Status Wireless-PennNet Retirement on 06/30. Saved $180k/year.
o AirPennNet-Guest Network Operational July 1, 2008 Still designing and planning subnet IP ranges to provide
scalability and management NOC will work with LSP’s to set IP ranges for AirPennNet and
AirPennNet-Guest Networkso Consolidation of all Wireless Networks AirPennNet expansion (SAS and SEAS buildings)
SAS work is complete for both AirPennNet and AirPennNet-Guest; AirSAS SSID retirement week of 08/18/2008
SEAS has AirPennNet configured but still need to add AirPennNet-Guest (by end of August)
o Total AP Count in Production: about 1300o Recent Wireless Expansion Projects (Vet, NEB &
Dental) VET – AirPennNet-Guest has been added to NBC as of
08/04/2008 Dental Wireless covers 100% of their complex (space planned
for renovations) Nursing at 50% with 90+% intended coverage once renovations
are completed within their construction schedule.
31
Wireless Update
Short Term Strategy Enhance AirPennNet website to provide more information about the
service Coverage maps, FAQ, Technical information
Normal/standard operating mode in FY2009 Continue with wireless expansion per customer demand Make no major changes or hardware upgrades to the current wireless
infrastructureo Project to Evaluate Next Generation WLAN
Testing new controller-based architecture, 802.11n, and capabilities for real time applications over wireless.
RFP drafted and submitted to 3 vendors (Cisco, Meru, Aruba) Review Responses in Early Fall Evaluations ending by end fall. Vendor selection by 01/2009 Small Pilot (entire building) by 3Q FY2009 Purchase by end FY2009 for FY2010 deployment
o Design of Campus User Rapid/Self Service to Enable Guest Access
Early stages of discussion Targeting end of FY2009 Pilot
32
Next Generation 802.11 Wireless
802.11b – first deployed at Penn in 2000-2001 11 Mb/sec data rate, 2.4 GHz spectrum
802.11a – first deployed at Penn in 2004-2005 54 Mb/sec data rate, alternate radio spectrum
802.11g – first deployed at Penn in 2004-2005 54 Mb/sec data rate, 2.4 GHz spectrum “backwards compatible” with 802.11b
802.11n to be deployed at Penn in 2009 Higher data rates
over 100 Mb/sec possible in 2.4 GHz over 300 Mb/sec possible in 5 GHz
Much improved multi path handling
33
Wireless Authentication Evolution
Timeline Wireless Security
2000 MAC address offline registration. No security measures – didn’t scale, long delays and turn around.
2002 Bluesocket Gateway - https redirect page for authentication. Login secure, but all other data vulnerable, single point of failure.
2005 802.1X AirPennNet authentication using EAP authentication with WEP.
2008 AirPennNet additionally supports WPA Enterprise authentication. Added AirPennNet-Guest for legacy & guest use.
Future WPA2 – full 802.11i standard. Full session strong encryption. Greatly reduced vulnerability to a range of attacks (authentication , foraging, replay, key collision, weak keys, packet foraging, brute-force/dictionary attacks)
34
New Wireless Architectures
Possible controller based solution: Streamline management – installations,
configurations, radio & power management Cell based architectures may help with client
roaming decisions (less dropped connections) Secure fast roaming (roaming from one AP to
another is handled per building and not autonomously)
May also help with real time application performance
35
Proposed Wireless Guest IP Funding Model
Goal : To enable proper IP ranges for AirPennNet and AirPennNet-Guest, and to ensure use of AirPennNet as primary wireless network
Key Concepts: AirPennNet is strongly recommended as primary wireless network
for Penn faculty, staff, and students (security, speed, and availability)
AirPennNet-Guest was designed for visitors and for devices incapable of supporting 802.1x. (network has restrictions and is less secure)
Policy: Previous Wireless-PennNet policies allowed for some centrally subsidized IP addresses for public areas. AirPennNet-Guest allows for visitors to roam to all areas of campus. Two ranges of IP addresses for AirPennNet & AirPennNet-Guest make it difficult to manage the IP ranges (i.e. costs) to a minimum.
Propose that 10% of IP range for AirPennNet networks be subsidized for IP range in AirPennNet-Guest networks. Schools or centers will pay for IP costs greater than 10% of AirPennNet IP range.
36
Proposed Wireless Guest IP Funding Model
Cost impact to CSF FY’09 4041 IP’s assigned for Wireless-PennNet in
FY’08. 10% cost of those IP’s equals 404 * $4.29 * 12 =
$20,798 per year. Costs would be absorbed by ISC in FY’09
Potential cost impact to CSF FY’10 8000 IP’s assigned for AirPennNet projected 10% cost of those IP’s equals 800 * $1.67 * 12 =
$16,032 per year. This cost could be added to the CSF for FY’10.
37