CITES May 17 | Slide 1
Upcoming SlideShare
Loading in...5

CITES May 17 | Slide 1






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • **Thank Chris** For those of you who don’t recognize me, I’m the guy that used to raise his hand at CCSP if the speaker asked “Is anyone from URHnet here?” I moved over to CITES last fall for a change of scenery and to narrow my focus a little, though you can’t tell for the 2 panels and 1 “gotta be there” session today. Middle of an RFP, can’t say much Want to give an update anyway What we’ve done, what we are doing, where we are headed and maybe a new service
  • 6 Internal CITES meetings with representatives from most of the divisions Open ended question asking for input from IT Alliance using the CITES wiki Part of a meeting with the NUTAG group, several very good points of input and suggestions And some unofficial input from several other places
  • Have to leverage an existing authentication store, not another password to remember Have to leverage an existing authorization store, don’t want to re-invent the wheel and I don’t want to hand manage “X gets this domain, Y gets that” IPv6 is coming, our reciprocal offsite DNS secondary, Indiana, has it today, requests have come in, but only a few. BIND views, if you aren’t familiar with the concept, allows different answers to be given based on the source of the question For example, On campus vs Off campus views, for private IP space Dynamic DNS support Mail infrastructure for campus and many others in the CITES Datacenter peak at over 2500 queries/sec, rest of campus regularly hits 1200 queries/sec New Centralized service?
  • If you’ve dealt with an RFP before, you know the drill. If you haven’t, well, this one is a little odd and drawn out because of the nature of what we are trying to do. A couple of months gathering input A month writing the RFP Most of February posted on the Higher Ed Procurement site Actually got it in hand in early March, most of a month scoring the responses (note that Spring Break is in there) Vendors were on site during Finals week, evaluation equipment is here this month BoT if we are over the magic dollar amount, I hope not. July/August/later if forced
  • 1 “resident expert” from CS Had to keep the group small so that we could find a time to meet and make a decision fairly quickly
  • DNS is a utility, just like the power company, no one notices when it works, everyone notices when it breaks. Hopefully, the average user doesn’t even notice we’ve changed something, unless they are a “power user” and notice one of the new features. ITPros should notice an interface change, - we hope to offer some “one time, one record” tools in the portal, which Chris will talking about and - a new service, which I’ve hinted at
  • And, that new service, might be: DHCP! URHnet has ~10500 IPs leased, many other CITES services use DHCP
  • Can’t say much else, the RFP is still out there
  • Chris described what kinds of uses it will have. I’ll describe how we can accomplish it. Some goals: Externally consistent and convenient, providing the right capability to various kinds of users in one place Internally must be rapidly extensible, generalize well to future needs, supportable Performance must scale to meet demands for high-volume network data reporting, network troubleshooting, and other use Maintain a useful historical record for resource and problem analysis and other business functions. We’re building a platform! Not just an application. (We are using model apps to design the platform, but will build to suit!) Three-tiers, each layer suited to do a particular function well Flexibility: We can select the best solutions for specific jobs Wide Integration: We can leverage and improve existing systems Agile: Applications can be insulated from backend changes. Facilitates gentle evolution and migration paths Well-defined: We can support a set of capabilities instead of a “database”.
  • Quality DBA shop for availability and robust operation

CITES May 17 | Slide 1 CITES May 17 | Slide 1 Presentation Transcript

  • Network Tools Available to IT Professionals
    • Corey Betka – DNS Service Manager
    • Chris Skaar – Iris Service Manager
    • Jon Marks – Emerging Network Technologies Services
  • DNS Overview
    • Requirements Gathering/Overview
    • RFP Process/Approximate Timeline
    • Evaluation Group
    • What does this mean to me? Users?
    • New Service?
  • Requirements Gathering
    • CITES Internal
    • Alliance of Information Technology Service Providers (IT Alliance)
    • Network Upgrade Technical Advisory Group (NUTAG)
  • Requirements 1000’ View
    • External Authentication (RADIUS, LDAP)
    • Highly configurable Authorization framework
    • API to develop “glue” to Contact Manager
    • IPv6 support
    • BIND Views
    • Dynamic DNS
    • Capacity, Capacity, Capacity
    • A new centralized service?
  • RFP Process Approximate Timeline
    • 2/6/07 – “on the street”
    • 2/27 – “Opened”
    • 3/5 – 4/10 – RFP Eval group meetings
    • May – Vendors in for demo, Eval equipment in house
    • June – Best and Final Offers, decision made
    • Board of Trustees?
    • July/August – Implementation project begins
  • RFP Evaluation Group
    • CITES
      • Network Engineering & Services
      • Network Design & Maintenance
      • Systems Management
      • Security
    • Unit
      • Computer Science
  • What does this mean to me?
    • Average user
      • No noticeable change
    • ITPro
      • Interface improves
      • “ One host registration” tool in portal
      • New service?
  • DHCP Service
    • CITES has multiple services that can leverage a centralized, managed DHCP service.
    • Once this service is stable and proven reliable, CITES plans to offer DHCP services to networks on an opt-in basis.
    • No, centralized DHCP will not be forced on anyone.
    • Architecture will be highly available, redundant, monitored and managed just like any other critical campus service.
  • DNS Summary
    • We have vendors in the running
    • Integration with Contact Manager (and others) will take time
    • Input during the implementation phase
    • More Information/Updates
      • ITPro Services space on the CITES Wiki
        • If you could change one thing about campus DNS service, what would it be?
    • Now, back to Chris for an update on Iris
  • Iris Upgrades
    • Iris 5.3
      • Port Security now supported on all vendor’s switches
      • New and improved header bar
      • Introduction of persistent cookies
    • Due to the way vendors implement SNMP, there are currently some conditions
      • Cannot display a filtered intrusion event
      • Cisco switches will show ‘shutdown’ until an authorized client starts talking
      • It may take a day or two before port security is enabled on newly installed Foundry switches
      • We are continuing to work with the vendors
    vs. , Foundry and Cisco Iris
  • Reduced Header Size
  • Also New in Iris 5.3
    • Persistent cookie
    • Any change made by a user will re-enable a shutdown port
    • Removed support for Cisco Catalyst 2900 switches
  • Slated for Iris 5.4
    • Changing multiple ports at once
    • IP to MAC mappings
    • Clarifying speed/duplex settings
    • Support for firewalled networks
    • Support for VLAN IDs greater than 1024
  • CITES Web Portal
    • One stop shop for CITES-provided tools
    • Single authentication
    • Web portal layout, not just a collection of links
  • Common CITES Network Tools
    • Status
    • Netflow statistics
    • Iris
    • Security Tickets/IPS Interface
    • DNS/DHCP host registration
  • CITES Web Portal
    • Planning for a beta release in the fall
    • We would like your input
      • [email_address]
  • Support & Feedback
    • For any technical problem reports, please contact the CITES Operations Center
      • 217.244.1000 or [email_address]
    • Feature requests and other feedback:
      • Iris – [email_address]
      • Network Tools – [email_address]
  • System Architecture Applications API Data Store Existing Systems Network Devices External Process Data Harvesters Portal GUI End Users User Apps Data Upload / Query / Administration Local Business Iris Enterprise RDBMS RRD Live Devices
  • Data Store
    • Leverage CITES’ investment in Oracle expertise and dedicated hardware
    • Capacity for large-volume data history, highly concurrent I/O
    • Draw on other technologies for special purpose
    Enterprise RDBMS RRD Live Devices
  • API
    • Reusable logic for multiple applications
    • Integrate data sources for more capability
    • Formal interface with defined functionality
    • Online with multiplatform accessibility
    • [Insert your own application here]
    Data Upload / Query / Administration
  • Applications
    • Modularize inputs and client uses
    • Enter the Portal GUI to
      • Authenticate one time, one place
      • Investigate your network with a useful toolkit of ready-made CITES apps
      • Navigate straight to the details, even in other applications
      • Integrate the most critical information you need from CITES into your custom display
    Data Harvesters Portal GUI User Apps Iris
  • Thank you! So, what do you think?
    • Iris comments, questions, suggestions, (occasionally bug reports): [email_address]
    • Network Tools Cheers, concerns, unpatented ideas, dire needs: [email_address]