STRATEGY SESSION AUGUST 11, 2008

UNIFIED COMMUNICATIONSWIRELESS

PROPOSED WIRELESS GUEST IP FUNDING MODEL

NETWORK PLANNING TASK FORCE

1

NPTF Meeting dates

February 18-Operational review (Completed) April 21- Security strategy session (Completed) July 21-Updates & planning discussions (Completed) August 11- Strategy discussions September 15- Security strategy discussion October 6- Strategy discussions/preliminary rates

(ADDED) October 20- Strategy discussion November 3- FY’10 Finalize rate setting

2

NPTF Fall Meeting Topics

September 15 (Dave Millar) Security Strategy Discussion

October 6 (Deke, Mark, Mike) Intrusion detection

Perimeter (Next Generation Arbor) Local ID

NGP update-buildings with dual feed and single-mode fiber NGP discussion-buildings planned for dual feed and single-mode

fiber Preliminary rates

October 20 (Jim Choate) Strong Authentication Central authorization Secure file transfer

November 3 (Mike) Finalize rate setting

3

Unified Communications Updatebringing many modes of communications together

4

AgendaAgenda

OverviewUpdate on EmailUpdate on IMUpdate on Voice over IP

5

Communicating TodayCommunicating Today

We accept artificial barriers in our communication. Oddly, we think of it as natural. Faxes are sent between two people, each with a

fax machine. Telephone calls are made between two people

using telephones. Email is sent from one person on a computer to

another.We even spend time communicating about

communicating Calling each other to arrange to send a fax Sending email to set up a conference call Instant messaging to set up a phone call, etc.

6

Unified CommunicationsUnified Communications

Unified Communications is the idea that the dividing lines may fade and even disappear.

By bringing together many forms of communication, we can communicate naturally and efficiently

Unified communications allows us to Send email to another person’s fax machine Have phone calls using PDAs or laptop computers Move a conversation seamlessly from Instant

Messaging to a phone call to a video conference on personal computers or high function handhelds

7

Many communications mediaMany communications media

Email Phone

Vid Conf& Other

Fax

IM

8

Communications UnifiedCommunications Unified

Email Voice

Vid

Con

f&

Oth

er

Fax

IM

Presence

Communications tools linked to each other, and influenced by “Presence”.

9

Update on Email and IMUpdate on Email and IM

ExchangeZimbraJabber

10

ExchangeExchange

In production since July 2007 10 servers comprising the Exchange

service Site replicated in Levy and Nichols

campus data centers2,759 users, with over 480 using

handheld devicesDefault user quota size is 250 MB (about

700 users have purchased higher disk quotas)

11

Exchange Service FeaturesExchange Service Features

Email, Calendar and Tasks in a unified interface through Outlook, Entourage and Outlook Web Access (Webmail)

POP and IMAP access for Penn’s supported mail clients

Flexible addressing (user@domain.upenn.edu, user@upenn.edu)

Mobile device support for Blackberry and ActiveSync

250 MB base quota, with upgrades available to 1.75 GB

Account Management for LSP access to account creation, quota changes, Blackberry provisioning, account status query, etc.

12

ZimbraZimbra

A Replacement for the Pobox Classic service Modern, open standards-based collaboration

suite Rolled out end of July 2008 8 servers comprising the Zimbra service Site replicated in Levy and ModV campus

NAPsSoon 15,000 customers, many handheld

devicesDefault user quota size is 250 MB

13

Zimbra Service FeaturesZimbra Service Features

Email, Calendar, Tasks and more in a unified web interface

POP and IMAP access for Penn’s supported mail clients

Calendar access via web, and through Mozilla and Apple tools

Flexible addressing (user@domain.upenn.edu, user@upenn.edu)

Mobile device support for major handhelds250 MB base quota, with upgrades available to 1.75

GBLow price point of PoboxZimbra and Exchange will share calendar

“free/busy” time by end of CY2008.

14

Update on Instant MessagingUpdate on Instant Messaging

Penn operated IM service with local addressingBased on open standard xmpp/jabber protocolIdentity assurance using PennKeyData path and data storage protection and policyClients for MacOS and Windows. All can connect

to both campus Jabber servers and commodity services like AIM and Yahoo Messenger

Pilot service ran for over a yearIn production as of July 2008

15

Update on Voice over IPUpdate on Voice over IP

VoIP overviewVerizon HIPC evaluationCurrent PennNet Phone DeploymentsRecent developments with PennNet PhoneFuture PennNet Phone development plans

16

VoIP OverviewVoIP Overview

VoIP in worldwide communications Major player in Long Distance / IXC service Retail services like Vonage SIP trunking services to enterprises

Enterprise VoIP options Cisco Call Manager Avaya and other vendor solutions IP Centrex (such as Verizon HIPC) Open source VoIP

17

Verizon Hosted IP CentrexVerizon Hosted IP Centrex

“Hosted” (not “managed”) service in Verizon Network

Uses feature-rich Broadworks softwareLocal phone provisioning and configuration

management handled by enterpriseBack-end handled by VerizonVerizon has only small deployments to datePenn had a very mixed experience in a 90 day

trial Many good features Others did not work as advertised or at all Long delays to get phones into service Some unexplained outages Not a “full outsourced” solution. Penn would still

have significant costs and responsibilities Over a year of joint development necessary before we

could roll it out widely on campus. Decision made to stay with PennNet Phone only for

now.

18

PennNet Phone TodayPennNet Phone Today

Production-grade, enterprise VoIP Services Redundant servers, gateways and PRIs 24x365 monitoring and management Single-line features, email/voicemail

integration911 support equal to traditional systemLocation information able to be updated via

webRoughly 1,500 VoIP phones in full productionMore than 80 LSPs involved today

19

PennNet Phone TopologyPennNet Phone Topology20

Features and Issues Web PagesFeatures and Issues Web Pages

Current Features:www.upenn.edu/computing/voice/voip/features/

Known Issues:www.upenn.edu/computing/voice/voip/lsp/

known_issues.html

Planned Features:www.upenn.edu/computing/voice/voip/features/

planned_features.html

21

Recent Fixes and Coming Recent Fixes and Coming Feature Feature ReleasesReleases

Recently fixed a long-standing Consultative Call Transfer problem

Currently in test/pilot Call Hunting Forward on ring-no-answer Forward on busy

Planned Feature Release Bridged Line Appearance with Busy Indicator Find me/Follow me Set Ring Delay before voicemail Direct transfer to voice mailbox

22

VoicemailVoicemail

PennNet Phone uses the popular voicemail service from Digium

Asterisk is an open source project. Penn has contributed code to the project to implement many features important to our users

A very basic version is in use today with PennNet Phone (about 1500 users)

A more feature rich version is available to pilot users (about 150 users)

An advanced version is in internal testing, with a very large set of Octel features.

Full unified messaging has been developed. When you listen to your new voicemail through your e-mail client, your message waiting indicator will turn off!

23

Telephony at Penn Going Telephony at Penn Going ForwardForward

Centrex remains the primary telephony service to thousands of campus customers today

PennNet Phone is the direction forward for flexibility, application integration and ultimately for cost management

The transition will take place over several years

24

VoIP Handsets, Today and VoIP Handsets, Today and TomorrowTomorrow

Cisco 7940 and 7960 phones today

Polycom 320, 550, 650 and 4000 coming

Cisco 7940

Polycom 320

Polycom 550 and 650 Polycom 4000

25

26

ISC Telecommunications (PennNet Phone)

Phone (Roadmap)27

Next generation PennNet phone program resumes November 2008 ISC recommends to upgrade existing Cisco phones with Polycom

phones Larger rollout planned for January 2009 Lunch-time learning sessions planned for LSP(s); moving forward

quarterly sessions offered to communicate feature updates

ISC Telecommunications (PennNet Phone)

28

http://www.upenn.edu/computing/voice/

29

Polycom Features

Feature Description

Speed Dial Support an increased list of frequently dialed numbers

Ring Tones Ring tone per telephone number; and ability to turn ring tone off (silent ring) per telephone number

Drop One leg of 3-way Call

Ability to drop the third leg of a conference call

Clear Call History

Ability to erase call history on phone without power cycling set

Manage contacts on a phone

Save a number by name; and then search by name. Local contacts database specific to the phone

DND, Hold and Redial buttons on set

Ease of use

Better Display Higher resolution, back-lighting, etc.

ISC Telecommunications (PennNet Phone)

ISC Telecommunications Support30

Traditional Telephone and Voice Mail Service e-mail service-requests@isc.upenn.edu or call (215) 746-

6000

PennNet Phone and Voice Mail Service (Consult your Local Support Provider)

http://www.upenn.edu/computing/voice/lsp/index.html ISC Provider Desk

http://www.upenn.edu/computing/prodesk/

Wireless Update

Current Status Wireless-PennNet Retirement on 06/30. Saved $180k/year.

o AirPennNet-Guest Network Operational July 1, 2008 Still designing and planning subnet IP ranges to provide

scalability and management NOC will work with LSP’s to set IP ranges for AirPennNet and

AirPennNet-Guest Networkso Consolidation of all Wireless Networks AirPennNet expansion (SAS and SEAS buildings)

SAS work is complete for both AirPennNet and AirPennNet-Guest; AirSAS SSID retirement week of 08/18/2008

SEAS has AirPennNet configured but still need to add AirPennNet-Guest (by end of August)

o Total AP Count in Production: about 1300o Recent Wireless Expansion Projects (Vet, NEB &

Dental) VET – AirPennNet-Guest has been added to NBC as of

08/04/2008 Dental Wireless covers 100% of their complex (space planned

for renovations) Nursing at 50% with 90+% intended coverage once renovations

are completed within their construction schedule.

31

Wireless Update

Short Term Strategy Enhance AirPennNet website to provide more information about the

service Coverage maps, FAQ, Technical information

Normal/standard operating mode in FY2009 Continue with wireless expansion per customer demand Make no major changes or hardware upgrades to the current wireless

infrastructureo Project to Evaluate Next Generation WLAN

Testing new controller-based architecture, 802.11n, and capabilities for real time applications over wireless.

RFP drafted and submitted to 3 vendors (Cisco, Meru, Aruba) Review Responses in Early Fall Evaluations ending by end fall. Vendor selection by 01/2009 Small Pilot (entire building) by 3Q FY2009 Purchase by end FY2009 for FY2010 deployment

o Design of Campus User Rapid/Self Service to Enable Guest Access

Early stages of discussion Targeting end of FY2009 Pilot

32

Next Generation 802.11 Wireless

802.11b – first deployed at Penn in 2000-2001 11 Mb/sec data rate, 2.4 GHz spectrum

802.11a – first deployed at Penn in 2004-2005 54 Mb/sec data rate, alternate radio spectrum

802.11g – first deployed at Penn in 2004-2005 54 Mb/sec data rate, 2.4 GHz spectrum “backwards compatible” with 802.11b

802.11n to be deployed at Penn in 2009 Higher data rates

over 100 Mb/sec possible in 2.4 GHz over 300 Mb/sec possible in 5 GHz

Much improved multi path handling

33

Wireless Authentication Evolution

Timeline Wireless Security

2000 MAC address offline registration. No security measures – didn’t scale, long delays and turn around.

2002 Bluesocket Gateway - https redirect page for authentication. Login secure, but all other data vulnerable, single point of failure.

2005 802.1X AirPennNet authentication using EAP authentication with WEP.

2008 AirPennNet additionally supports WPA Enterprise authentication. Added AirPennNet-Guest for legacy & guest use.

Future WPA2 – full 802.11i standard. Full session strong encryption. Greatly reduced vulnerability to a range of attacks (authentication , foraging, replay, key collision, weak keys, packet foraging, brute-force/dictionary attacks)

34

New Wireless Architectures

Possible controller based solution: Streamline management – installations,

configurations, radio & power management Cell based architectures may help with client

roaming decisions (less dropped connections) Secure fast roaming (roaming from one AP to

another is handled per building and not autonomously)

May also help with real time application performance

35

Proposed Wireless Guest IP Funding Model

Goal : To enable proper IP ranges for AirPennNet and AirPennNet-Guest, and to ensure use of AirPennNet as primary wireless network

Key Concepts: AirPennNet is strongly recommended as primary wireless network

for Penn faculty, staff, and students (security, speed, and availability)

AirPennNet-Guest was designed for visitors and for devices incapable of supporting 802.1x. (network has restrictions and is less secure)

Policy: Previous Wireless-PennNet policies allowed for some centrally subsidized IP addresses for public areas. AirPennNet-Guest allows for visitors to roam to all areas of campus. Two ranges of IP addresses for AirPennNet & AirPennNet-Guest make it difficult to manage the IP ranges (i.e. costs) to a minimum.

Propose that 10% of IP range for AirPennNet networks be subsidized for IP range in AirPennNet-Guest networks. Schools or centers will pay for IP costs greater than 10% of AirPennNet IP range.

36

Proposed Wireless Guest IP Funding Model

Cost impact to CSF FY’09 4041 IP’s assigned for Wireless-PennNet in

FY’08. 10% cost of those IP’s equals 404 * $4.29  * 12 =

$20,798 per year. Costs would be absorbed by ISC in FY’09

Potential cost impact to CSF FY’10 8000 IP’s assigned for AirPennNet projected 10% cost of those IP’s equals 800 * $1.67  * 12 =

$16,032 per year. This cost could be added to the CSF for FY’10.

37