Telecommunications Strategic Plan March 2010

Telecommunications Strategic Plan March 2010 Administrative Computing & Telecommunications Table of Contents Overview ................................
Author: Easter Wheeler
24 downloads 0 Views 1MB Size
Report
Download PDF
Telecommunications Strategic Plan March 2010

Administrative Computing & Telecommunications

Table of Contents Overview ............................................................................................................................... 2 I. Infrastructure ..................................................................................................................... 3 Major Milestones and Investments ............................................................................ 9 II. IP Network ...................................................................................................................... 10 Major Milestones and Investments .......................................................................... 20 III. Key IP Network Services ................................................................................................. 21 Major Milestones and Investments .......................................................................... 26 IV. Voice Services ................................................................................................................ 27 Major Milestones and Investments .......................................................................... 30 V. Licensed Radio Services ................................................................................................... 32 Major Milestones and Investments .......................................................................... 33 VI. ACT Internal Processes ................................................................................................... 34 Major Milestones and Investments .......................................................................... 38

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

1

Overview The main themes of this five-year Telecommunications Strategic Plan for UC San Diego are: Continued expansion of the UCSD campus networks both in size and complexity to support the changing requirements and the anticipated growth in the number of students, faculty and programs. Redesign of the Next Generation Network (NGN) to fully accommodate and integrate research needs. UCSD supports research that relies on some of the most sophisticated network technology in the United States. As part of the continued development of the campus’ cyberinfrastructure, these advanced services will be extended to all required campus locations. Upgrade of key network resources and functions. Improved network reliability, diversity and backup. Continued enhanced security. We will continue to upgrade our network to detect new hosts, especially as we move forward with IPv6 deployment. The ability to scan both internally and externally will become increasingly more important to assess compliance with regulations and evaluate the severity of issues.

Administrative Computing & Telecommunications welcomes questions and comments from the UCSD community and from others interested in information technology. Please send your comments to Eddie Mardon, Director, Telecommunications Planning ([email protected]).

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

2

I. Infrastructure In this section, “infrastructure” refers to the Layer 1 portion of the main campus networks – the copper and fiber cabling within and between buildings. Some of this key infrastructure is upgraded as part of the 6-year Next Generation Network (NGN) replacement cycle for IP edge switches, and these Layer 2 switches are also discussed.

Current Outlook Next Generation Network NGN is the main IP network on campus. It connects more than 200 buildings and includes more than 900 edge switches and 65,000 ports. All of the desktop ports are 1Gbps capable, and while there is still no widespread demand for 10Gbps to the desktop, some research applications require 10Gbps connectivity. Most of these 10Gbps links are presently carried on a specialized and parallel research network, the Research Cyberinfrastructure (RCI) network. There are other research networks on campus such as the Optiputer network, which ACT supports with dedicated dark fiber rather than with Layer 2 or 3 services. ACT connects buildings to the NGN backbone at either 1Gbps or 10Gbps. The number of buildings connected at 10Gbps has increased over the last few years, and 10Gbps is now the default uplink bandwidth for all but the smallest buildings. In-building connections between switches are a mixture of 1Gbps and 10Gbps, with 10Gbps as the standard for most buildings. Under the NGN funding model, every building receives new edge switches on a six-year replacement cycle. Any required cabling and closet upgrades are done at the same time. Under NGN, what is judged to be the best commodity level equipment available at the time is installed, and Cisco 4500, 3750 and 3650 switches are the current standards. Voice services are provided by an Aastra (formerly Ericsson) PBX. Core parts of the Aastra system use IP although the vast majority of the 17,200 voice lines are on a Time Division Multiplexing (TDM) network, which is completely separate from the IP network. A few outlying buildings are served with Aastra VOIP, and in these instances the NGN edge switches provide the IP ports. The campus has an extensive wireless 802.11n network, with approximately 2,500 wireless access points (WAPs) connected to NGN edge switches. Most of the NGN edge switches do not have Power over Ethernet (PoE) ports, so external power injectors typically provide power for the WAPs. All of the copper station cabling within NGN buildings is either Category 5E or Category 6, both of which are designed for 1Gbps. Station cables are terminated in closets known as Building Distribution Frames (BDFs), one per floor in most buildings. The BDFs are stacked and connected by riser conduits to the building’s Main Distribution Frame (MDF, sometimes known as Minimum Point of Entry) in the basement or first floor. There are copper risers between the MDF and each BDF for TDM voice, and fiber risers for the IP network. The copper risers are a mixture of Category 3 and higher (Category 3 is suitable for TDM Voice); the fiber risers are a combination of 8.3 micron single mode and either 62.5 or 50 micron multimode. We recently changed to the 50 micron multimode Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

3

fiber standard, and use 50 micron in all new installations and upgrades. There are a total of approximately 500 BDFs and MDFs in the NGN buildings. Node rooms A node room is a major cabling hub point and contains key IP and TDM backbone equipment. The campus has 14 node rooms, each serving a specific geographic area. Each NGN building (or cluster of buildings if they are small) connects to a node room with outside plant (OSP) cables. There are copper OSP cables for TDM Voice and fiber cables for the IP network and other applications. Until recently, we installed a combination of single mode and multimode fibers to each building, with a higher proportion of single mode. Now we only install single mode fiber to buildings because multimode fiber does not carry high-speed traffic far enough. The number of strands installed varies depending on the size of a building, and we have increased the fiber count over recent years. The largest buildings now get 144 strands. High initial strand counts notwithstanding, several network intensive buildings such as the California Institute for Telecommunications and Information Technology (CalIT2) and the San Diego Supercomputer Center (SDSC) needed to be reinforced with additional fiber cables. ACT installs physically diverse backbone fibers between our node rooms wherever possible. We have good physical diversity throughout the main part of campus, but because of a lack of conduit paths we rely on single pathways to Scripps Institution of Oceanography (SIO) and the east campus. We have excellent physical route diversity to SDSC, which is the campus’ point of presence for the Corporation for Education Network Initiatives in California (CENIC) network. CENIC has two separate and diverse pathways between SDSC and their off-campus network infrastructure. The node rooms have air conditioning, environmental sensors, UPS systems and generator backup. ACT installs air conditioning (or fans) in MDFs or BDFs only when the closet would otherwise overheat. If a campus building has a backup generator, then we use those circuits in the MDFs and BDFs. Most buildings, however, don’t have generators and the majority of our closets don’t have backup power. While NGN is the largest IP network, other notable campus IP networks include the RCI network, the Student Residential network (ResNet) and various networks in remote sites. These auxiliary networks, together with requests for cross campus point-to-point dark fiber, make a significant demand on our fiber plant and impact our staffing resources.

Campus and Technology Changes The number of UCSD students, faculty, research programs and staff continues to increase, along with the buildings to accommodate them. UCSD’s future growth depends on several factors, including the state budget, but some projections can be made from the UCSD Long Range Development plan: http://physicalplanning.ucsd.edu/plans/lrdp.html The Capital Financial Plan for 2008 to 2018 includes more than $2.2 billion in new construction projects (not counting Medical Center facilities): http://capital.ucsd.edu/Program/SD-CapitalFinancialPlanFINAL.pdf

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

4

A map showing the long-term buildout of the campus is provided in the link below. Not all of the buildings will be constructed by 2016, but depending on funding a significant number of new buildings will be built throughout the campus in that timeframe: http://blink.ucsd.edu/_files/ACT-Campus-Buildout-Plan07-05-07.pdf Several areas will see especially significant changes. The east campus will have multiple new buildings for medical research and clinical patient treatment, among other programs: http://blink.ucsd.edu/_files/ACT-echs-dev-plan-080509.pdf The School of Medicine and Campus Center neighborhoods will also see multiple new buildings, and SIO will expand eastwards with new buildings at the top of the mesa. There may be a new bridge over Interstate 5, and there are plans to extend the San Diego trolley to campus, where it will have a station on the east campus and possibly one on the west campus. All new buildings will have significant network requirements, but there is a trend towards high technology buildings that will have a particularly high demand for leading edge services. Some examples are the Telemedicine Building, the Structural and Mechanical Engineering Facility, and the Instructional Technology Building. UCSD will enter into partnerships with other research institutions and lease land to them so that they can build and operate their own buildings – examples include the Sanford Center for Regenerative Medicine and the Venter Institute. UCSD researchers will occupy areas in these buildings, fostering a high degree of interaction between these institutions and the campus and leading to a requirement for close network interconnectivity and integration. 10Gbps to the desktop The demand for 10Gbps to the desktop will increase. Advanced video display walls, each of which may require multiple 10Gbps connections, represent one of the early applications for 10Gbps. Data backup services will also benefit from 10Gbps. How ubiquitous the true requirement for 10Gbps will be and how rapidly it will arrive remain unclear, but ACT believes it will be several years before 10Gbps becomes a commodity for which there is a widespread, demonstrated need. We anticipate that by 2016 up to 10% of the network connections in the research buildings will require 10Gbps (this proportion will be lower in administrative buildings). We will provide 10Gbps desktop ports through NGN, but only where and when required. Upgrading every campus port to 10Gbps is unnecessary and would be prohibitively expensive given today’s technology. As traffic grows, 40Gbps uplinks will be required between some buildings’ MDF and the IP backbone, and also for 40Gbps links between switches within buildings. It may be more cost effective to provision these higher speeds with duplicate and parallel 10Gbps connections rather than 40Gbps ports. Horizontal cabling for 10Gbps presents serious technical and financial challenges, especially for existing buildings. As mentioned above, all existing buildings have either Category 5E or Category 6 cabling schemes. Category 5E will not operate at speeds greater than 1Gbps. Category 6 will work at 10Gbps but only to 50 meters and in line with cabling standards ACT’s cable runs are up to 90 meters long. This means that the majority of desktops requiring 10Gbps will need new cabling. Category 6A unshielded twisted pair cables are on the market, but they are unsuitable for use within existing buildings. They are bulky, require more room in the conduits and closets than is usually Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

5

available, and because of crosstalk issues cannot co-exist in a cable tray or conduit with any other types of cables. Category 6A foiled or shielded cables are an improvement in that they are smaller (although a greater diameter than Category 6) and can co-exist with other types of cable. A typical four-cable Category 6 outlet costs about $400 in labor and materials – our studies show a similar Category 6A outlet would cost about $800. Power is also an issue with 10Gbps over copper. It currently takes eight times more electricity to drive a 10Gbps port than a 1Gbps port, and widespread 10Gbps over copper would have a significant impact on our closets, many of which would need to be retrofitted with air conditioning units and additional electrical circuits. Fiber to the desktop is a better and more cost effective technology for 10Gbps; an outlet with four Category 6 cables and one 50 micron fiber cable would cost approximately $480. Another consideration is the cost of the 10Gbps ports in the switches. Historically, copper ports have been less expensive than fiber ports, but ACT anticipates that fiber 10Gbps switch ports and NIC cards will be widely available and affordable. Network designs for edge switches in buildings need to address the emerging requirement for 10Gbps. The challenge is to provide the required number of 10Gbps ports in a cost effective way. As mentioned above, ACT does not anticipate a rapid growth in 10Gbps ports especially in the nonresearch buildings. We believe that the most efficient design in most campus buildings over the next few years will be to provide 10Gbps ports at the MDF for the whole building, rather than have 10Gbps-equipped edge switches in every closet. IP network growth ACT anticipates that the IP network will continue to grow dramatically, not just as new employees and buildings are added but also as new applications connect to the IP network. We expect that the density of WAPs will increase especially in classrooms, radio frequency identification (RFID) will become more common, IP surveillance cameras will be installed, and femtocells will be used to improve cellular coverage. Smart Building technology and environmental sensors may have a significant impact, although it’s still unclear what that might be. Most of these new applications are low bandwidth, but their cumulative effect on traffic and network operations may be significant, and they will certainly require IP ports. Many devices connected to these ports will use Power over Ethernet (PoE). As PoE becomes more widespread, it will become cumbersome and inefficient to provide it through external power injectors, and so the requirement for PoE ports in the edge switches will grow. Some of these new IP devices may require connectivity even if a general power outage occurs in a building. This represents a significant change – if ACT decides to provide a UPS and battery backup in multiple closets campuswide, then the cost will be significant, between $1,000 and $12,000 per closet. Under the present NGN model (NGN2), power backup is installed only for switches in the BDF or MDF if a customer requires it for an application, and the customer is responsible for the costs. This may continue to be the most appropriate model. There is a strong trend to move departmental servers, data storage devices, and computing clusters to co-location centers either on campus (as at SDSC) or at remote sites. ACT anticipates that this will increase traffic and require additional bandwidth between campus buildings and the IP backbone. At the same time, it may reduce the demand for 10Gbps ports within the buildings because a significant number of 10Gbps devices will be concentrated in the co-location centers. Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

6

The NGN IP network presently uses Cisco equipment and management tools. There may, however, be switches from other manufacturers that would provide a more cost-effective way of providing 10Gbps ports within buildings. ACT will evaluate these switches, but only after extensive testing and a total cost of ownership analysis, which considers operational efficiency, network management, training, storehouse and other issues. We expect our TDM network to grow in proportion to employee growth, as it has over the past few years. There are no plans to change the existing Layer 1 topographical model based on node rooms. The node rooms will continue to be hub points for fiber and copper cabling, and key equipment rooms for the IP and TDM networks. The main TDM equipment could be moved from the nodes to the individual buildings, but this would result in less reliable service because each building would then rely on dedicated equipment instead of shared equipment, as in the present model. There may be a slow trend towards greater deployment of VOIP, particularly in new buildings located a long distance from their serving node. Because of the campus’ existing voice infrastructure, VOIP is usually not cost effective in campus buildings and provides few or no benefits over TDM for traditional voice services. ACT’s future voice developments will focus on mobility, which is of much greater interest for voice services.

Looking Ahead to 2016 Support of the projected campus growth requires new node rooms. One will be on the east campus in a new research building near Interstate 5. Other node rooms will depend on where new construction is funded, but one may be required on the upper Mesa in a cluster of buildings near the future Venter Institute Building. There will be a physically diverse fiber ring to the east campus nodes, most likely using conduit in a new bridge over Interstate 5. There will be fiber path redundancy to SIO. Also, there may be a fiber ring to the School of Medicine nodes if a proposed utilities expansion project in that part of the campus takes place. NGN backbone ACT will alleviate two existing bottlenecks, which are due to the lack of conduit. The Node B to the tunnel conduit is full, but we will install a new backbone fiber route between Node B and the tunnel via an alternative pathway. The conduit to the main SIO IP switch at the SIO Library is also full. We will replace one of the existing cables into this building with a 288-strand cable and set up a splice point in the manhole, which will allow us to connect new fiber strands for future and existing buildings. We will continue to install a high count of single mode fiber strands in cables between nodes and buildings. This will reduce the likelihood of future bottlenecks and of having to use WDM for multiple 10Gbps, 40Gbps and 100Gbps uplinks. We will continue to allocate fiber efficiently and recover strands that are not in use. The NGN IP network will be significantly larger, not just because of campus growth but also because of a continuation of the current trend towards a denser IP footprint. There will be more WAPs, an Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

7

increase in the number of networked devices within laboratories, new RFID and surveillance applications, cellular femtocells, and, perhaps most significantly, a large number of IP sensors and other components associated with Smart Building systems. Most IP connections will be 1Gbps. There will be a gradual demand for 10Gbps desktop connections, most notably in the research buildings. ACT will support 10Gbps to the desktop wherever required. Within existing buildings, we will cable 10Gbps locations with OM3 multimode fiber using LC connectors, and we will be staffed and equipped to respond to requests rapidly. In new buildings, we will install one pair of OM3 multimode fibers to outlets in areas that have a reasonable expectation for 10Gbps requirements, in addition to four Category 6 cables. We will install a high count of OM3 multimode strands in the building risers (in addition to single mode strands) so that we will be able to concentrate 10Gbps ports in the MDF. The future standard for inbuilding 40Gbps and 100Gbps links will use multimode fibers and will probably require 8 and 20 strands, respectively. The standard may evolve, but there is a likely future requirement for a high strand count in the risers. Single mode fiber will be required for inter-building 40Gbps and 100Gbps connections, and each circuit will use one pair of single mode fibers because DWDM will be built into the network interface cards and switch ports. ACT will continue to treat our telecommunications closets as key resources with restricted access. In buildings with VOIP connections that require connectivity in a power outage, we will install UPSs and battery backup if there is no building-wide emergency power system we can use. We will install air conditioning or fans in closets only where needed, and the use of fiber rather than copper for 10Gbps should reduce the requirements for power and cooling. We will insist that new buildings meet BICSI building industry standards for closet space and cable trays, and station conduit must be a minimum of 1” diameter. Edge switches NGN edge switches will continue to be high quality and leading edge commodity IP switches; new switches, whether Cisco or other, will be adopted only after extensive testing and a total cost of ownership analysis. Stackable switches will be used for standard closets up to 120 ports, and chassis switches in closets with more ports or special requirements. 10Gbps ports will be provided where required. In most buildings this will be done through a specialized 10Gbps switch in the MDF. ACT may provide 10Gbps ports at the BDFs for buildings with denser 10Gbps requirements. The NGN edge switches will support jumbo frames (at least 48 ports worth in the case of chassis switches). All closets with a requirement for four or more PoE devices such as IP phones, surveillance cameras, sensors and WAPs will have PoE ports in the switch. There will be enough Layer 1 infrastructure in place to support a second CENIC point of presence at UCSD, to be located at the East Campus. This will improve redundancy for ISP and other off-campus connections.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

8

Impact on Resources ACT is in the process of developing the proposal for NGN3, the next phase of the NGN funding model. The following assumptions will be made when planning for NGN3. Adequate and stable funding of the NGN networks will continue. The number of ports on the existing NGN IP network will increase at 5% per year, growing to approximately 92,000 by 2016. New construction will add an additional 12,000 ports by 2016, for a total of 104,000. Many campus servers will be moved to co-location facilities, reducing the requirement for 10Gbps connections in buildings. The demand for 10Gbps to the desktop in buildings will rise slowly, to a total of 6,000 ports (just over 5% of the total) by 2016. The price of a 1Gbps port, adjusted for inflation, will stay relatively constant through 2016. The cost of a fiber 10Gbps port will come down slowly, but in 2016 10Gbps ports will still be several times more expensive than a 1Gbps port is today. When 40Gbps are introduced in commodity level switches, then the cost per port will be 5 to 10 times the cost of a 10Gbps port. This means that installing multiple 10Gbps links will be more cost effective than deploying 40Gbps. The number of ports on the existing NGN TDM network will increase much more slowly, in line with the increase in faculty and staff. Even with a higher density of IP ports, ACT will be able to avoid having to install air conditioning in most of the closets.

Major Milestones and Investments 2010 Obtain approval for the NGN3 funding cycle Invest in tools and training for fiber to the desktop Test and select a standardized NGN MDF switch with multiple 10Gbps ports Start installing 10Gbps to the desktop as part of NGN Install redundant fiber to SIO Fix conduit bottleneck at SIO Library Adopt new cabling standards for future campus buildings 2011 Prepare for second CENIC POP on campus Start the five-year NGN3 funding cycle Install a new node room at East Campus 2012 - 2016 Install route redundancy to East Campus and School of Medicine Install additional nodes where required Alleviate conduit bottleneck from Node B to the tunnel Meet the growing demand for 10Gbps to the desktop Install UPSs and battery backups in closets where required

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

9

II. IP Network Current Outlook UCSD supports research that relies on some of the most sophisticated network technology in the United States, constantly pushing the limits of commercial technical hardware and software to help develop tomorrow’s techniques. This research includes complex networking and data transmission experiments in areas such as engineering and high-energy physics; new technology permitting large data set collection in medical research; novel experiments with synchronized multi-location musical performance across the network; and ad-hoc wireless technology designed for emergency responders. Over the past several years, the NGN2 funding initiative has permitted significant expansion of network services provided to campus, resulting in the robust network described in detail in this section. NGN core campus backbone The UCSD 10 gigabit backbone network offers at least 1 gigabit to every building on campus. Desktop connections have evolved to today’s standard of 10/100/1000 mbps; desktop and server connections are concentrated over a single 1Gbps fiber connection from the building to its serving distribution node. At the distribution node, the L2 virtual local area networks (VLANs) are terminated and data traffic is routed either locally or across one of the two core routers to get to other locations on campus, the Internet, or across UCSD’s wide area network (WAN). These distribution nodes also provide security for NGN users, facilitating the use of access control lists (ACLs), virtual firewalls, NetFlow statistics, and media access control (MAC) address drops. There are 14 such distribution nodes on the campus today. Also, the Research CyberInfrastructure (RCI) router, in addition to providing research network connections, is the distribution node for UCSD devices in the SDSC co-location facility. These, along with the two core routers at nodes M and B, make up the core campus backbone today as shown in the diagram on the next page. The routing is configured so that the primary path for production traffic is via the M-core router, while the link to node B is used as a backup path. The effect is to create predictable routing so that any two resources on the campus network only have a single intermediate hop beyond their serving node. Node B also provides a central point for VLAN extension. VLANs are typically confined to one node, but there are some exceptional cases that require VLANs to be extended across campus. In those cases, the VLANs are connected at layer 2 through the B-core router. The links to B also serve as a primary path for research traffic when there are special user requirements to isolate research bandwidth from the production network.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

10

Campus wireless In 2009, ACT completed the installation of a state-of-the-art 802.11n wireless network with Wi-Fi protected access enterprise (WPA-E) encryption technology in all campus buildings and many public areas. The campus wireless network 802.11n Cisco access points are centrally managed and routed by a set of wireless controllers at nodes M, B, SIO, and ResNet. These controllers connect to the network backbone with dual 10G uplinks in the same manner as the wired nodes. The wireless network provides bandwidth as high as 200 mbps to wireless users, depending on the tuning of their application and their proximity to an access point. The upgrade replaces a 2.4 Ghz coverage scheme that emphasized connectivity more than performance. The biggest constraints on bandwidth in the new network are the density of the AP deployment and inherent limitations in current technology. Campus edge UCSD now has over 40 gigabit of bandwidth off campus. The campus edge consists of two Juniper MX-960 routers (MX-0 and MX-1) that provide multi-10G levels of bandwidth to the Internet via CENIC, as shown below. We provide 30G of capacity to research networks such as Internet 2 and National Lambda Rail (including California secondary education sites), 10G to Digital California (statewide K-12 schools), and 2G to the commodity Internet. These routers have the ability to support many more 10G ports, and have a roadmap for 40G and 100G interfaces in the future. We also expect in the future to support on-demand optical paths from services such as Internet 2’s ION virtual circuit network or specialized CalREN-XD services that emerge from CENIC.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

11

IPv6 IPv6 connectivity is currently established from our high-speed research and education Internet connection (referred to as the HPR network) to a lab in the ACT Data Center. IPv6 is available in a testing mode at this time. In preparation for more widespread campus deployment, an IPv6 address allocation scheme has been developed to optimize the use of UCSD’s /32 address space. Video Video is a relatively low-bandwidth network application that is adequately serviced by the network. Minimal growth in live teleconferencing and distance learning has occurred over the last few years, and this is expected to continue. There has been substantial growth in video-on-demand and podcast technology; improvements in codec efficiency, however, have mitigated the impact of this growth. HD quality video can now be transmitted at rates of 5 mbps – this is expected to improve over time. Security Campus routing infrastructure, both at the campus edge and internal-to-campus, exports NetFlow into a NetFlow collector that looks for anomalies, logs traffic for troubleshooting, and keeps historical information for incident response. This infrastructure allows us to build security technology based on the types of communications and the sources and destinations of these communications on our campus network. The network is also instrumented with limited use of intrusion detection to detect malicious payloads in data communications. In addition to network instrumentation, several active technologies are used to discover assets and detect vulnerable or compromised infrastructure. The campus uses Foundstone Enterprise Scanner for vulnerability management. Campus vulnerability, which was about 13% in 2005, has been decreased to the 2-4% range. NMAP, an open source project that the IT Security team contributes to, is also used to discover services and detect compromised machines. This technology has also been deployed at UC Berkeley. (For more information on network security, see Section III, Key IP Network Services.) Research CyberInfrastructure (RCI) Network In 2008, in a project jointly funded by ACT, CalIT2 and the Department of Medicine, we installed a pilot phase of an RCI network serving Genomics research in SDSC, CalIT2, three School of Medicine Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

12

buildings, two Sun Modular Data Centers located on the School of Medicine campus and two offcampus affiliates (Salk Institute, La Jolla Institute for Allergy and Immunology). This network, shown below, provides 10 gigabit, unshared connectivity directly to the lab for high data throughput needs.

Co-location facility As part of a UC initiative to provide centralized facilities for co-location of computers and centralized storage, the UCSD Co-Lo and Triton Resource have begun operations at SDSC, an effort supported in part by ACT.

Campus and Technology Changes Economic factors Unsurprisingly, the significant UC budget deficit is reducing UCSD’s overall funding and staffing. The American Recovery and Reinvestment Act (ARRA) has increased federal funding for research, however, and UCSD is in a good position to receive a large number of grant awards. These two factors can be expected to increase the overall percentage of NGN funding originating from federal grants, and, correspondingly, increase the level of research demands on the campus network as new staff are hired and new research projects, technologies and collaborations begin. Cloud computing continues to evolve as an economic, ecological and pragmatic option. Data may be sent to the cloud, accessed from the cloud, or processed within the cloud, and UCSD computers may be part of the cloud (which may be regional, national or international in nature). Faculty already use Google Apps heavily, despite campus concerns about security and accessibility of data. See Technology Changes in Section III for more information on how UCSD will manage cloud computing in the future.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

13

Innovative but expensive new research equipment, such as gene sequencers, is more frequently being purchased and shared by a group of researchers with multiple research goals at several locations. Green technology UCSD invests significantly in green technology for the campus and in research and initiatives that minimize energy use and waste. Research at CalIT2 and elsewhere will measure and develop technology to mitigate IT power use. Campus initiatives include the new Research CyberInfrastructure Team’s push to co-locate computers and storage facilities and to share processing cycles through projects such as the UCSD Co-Lo at SDSC and the Triton Resource condo cluster. Researchers are encouraged to remove small server rooms from research buildings and colocate computers in larger facilities to save energy and money. In addition, the central campus provides financial backing for these efforts. ACT sees a ramp-up in the number of federated computing clusters, both on and off campus, being used by UCSD researchers. Such clusters may even be split in pieces over several physical areas, with the network acting as the bus. Our discussions with researchers across campus indicated that they are making plans to align with these new recommendations. Increasingly, equipment will be located where it makes most financial and ecological sense, rather than automatically close to the researcher or laboratory. There is an uptick in the tendency to back machines up over the network to a central facility such as SDSC. However, neither these research labs nor SDSC have an end user support mechanism to address such issues as machine performance tuning and best practices for network use. New research technology Development of groundbreaking research technologies such as gene sequencers, microarray scanners, and wireless environmental data collectors make it possible for researchers to collect data in ways, from locations, and in quantities — many terabytes per week — never before possible. Researchers at UCSD will collect data in numerous ways: from new networks laid under the ocean; from across the world, via small Internet-connected data collection devices; using cell phone networks; using wireless devices both on and off campus; from large new on-campus machines, to name a few. That data will travel over the Internet to campus, then across the campus’ backbone to storage and analysis locations. Analysis is increasingly separated physically from storage and processing facilities. For example, researchers at a computer workstation in, for example, the Bioengineering building may be analyzing data gathered from a sequencer located in Leichtag, stored on a Thumper in the School of Medicine Black Box and processed on a Linux machine located in SDSC. Visualization and the advent of large-screen technologies such as display walls entice many departments to install display and visualization centers. Data and processing for these may occur locally or remotely. Latency guarantees will be important, especially in real-time interactive environments. As discussed in Section I, bandwidth requirements of real-time manipulation will cause some labs, desktops and display walls to require 10Gbps connectivity. Wireless In addition to the wireless data collection devices — which may be mobile as well as wireless, or located in nontraditional locations such as trees or footpaths — UCSD researchers are beginning to make extensive use of wireless both for innovative experiments and in the classroom. Wireless will increasingly be used for video surveillance — for traditional security applications as well as for facial recognition, license plate tallying, and other applications. We are already seeing demand to use Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

14

wireless services for RFID tagging and location tracking for UCSD’s valuable research and medical care equipment, and expect this to increase. A number of UCSD-based experiments will explore ad-hoc wireless networking and specialized wireless devices. Not, in general, making use of UCSD’s wireless network infrastructure but instead setting up and using small, specialty wireless networks for the specific projects they envision. In addition, many researchers expect to take advantage of cell phone networks for experiments and for collecting experimental data. They will perform these activities both on and off campus, but data will ultimately live and be analyzed on campus. There will be a growing inclination to access, manipulate and display data stored on wired servers from wireless workstations, laptops and handheld devices. In the classroom, more and more instructors are taking advantage of “clicker” (audience response system) technology, which at present generally uses infrared (IR) or RF for wireless communications with a base. However, new technology will perform similar functions using cell phone or 802.11 networks. Additionally, new classroom technology for interactive slide presentations is becoming more popular for faculty. This technology relies on wireless delivery of frequently updated, digitally inked slide images to student wireless laptops, and in some cases students respond by transmitting data back to the (wired) server from their (wireless) laptops. Classroom activities will emphasize active learning, including team activities and simulations, most of which we expect to be performed wirelessly using student laptops. Departments are looking to convert most of their testing to computer-based formats, with a goal of embedding media (photos, videos, audio) into exams to test in ways more appropriate to the discipline and to permit more immediate feedback. Teleconferencing and remote audio/video Partly as an outgrowth of budget cuts and partly because of an increasing emphasis on collaboration and multi-university grants, we see more and more researchers conducting teleconferences, mostly using existing technology such as Polycom and Cisco equipment located around the campus. Interestingly, most researchers are not aware of the UC/CENIC teleconferencing service and its availability to campus affiliates. Researchers report challenges in the area of matching technology (that is, finding ways to communicate with whatever equipment may exist for teleconferencing at the remote end). There are few campus or research personnel available for assistance with arranging, scheduling, and logistics for teleconferences. Departments are gradually building out their online learning and distance learning offerings. They are currently using available distance learning classrooms and podcasting-enabled classrooms for many of these offerings, but are looking for ways to expand this. Instructors are embracing document-camera technology, permitting inclusion of live writing into the remote lecture. At the same time, the popularity of course podcasting has grown enormously. Most podcasts are now audio-only, but a growing demand for video podcasting will drive investment in video podcasting technology for the classroom. Compression rates have grown high enough to make this truly practical.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

15

For lectures and other events, there has been a decrease in demand for live streaming of audio and video; most learners seem to prefer podcasts and the ability to access courseware at their convenience. The changing face of research A number of factors in current and upcoming research projects have implications for our data network. UCSD is involved in an increasing number of very large research projects that span multiple universities and institutions, both nationally and worldwide. Resulting data sets (some very large) are being shared with collaborators and, in many cases, the entire world. Other data sets, such as those involving human subjects data, require access restriction and special security measures. Some of these projects involve developing network and power infrastructure, both on and off campus. Often, these projects involve moving large amounts of data quickly across network links. Successful projects may hinge on high or guaranteed bandwidth, quality of service control, and/or low latency. In some cases, normal levels of security or traffic can introduce sufficient delay or interference to derail the intended activity. Dense wavelength division multiplexing (DWDM) technology may be required to accommodate a few projects with particularly large or guaranteed bandwidth needs. Some research grants are made with the expectation that the researcher will be able to guarantee aspects of data transmission rates, data security, or link reliability. UCSD researchers continue to develop and experiment with new computing and networking technologies (such as the ad-hoc wireless projects mentioned above). As these technologies move from experimental to production, they will require support within the campus network. UCSD researchers increasingly rely on collecting data in real time from instruments or performing research surveillance using video cameras located both on and outside of the campus network. Data may come in to campus computers from slow-connected instruments that rely on a persistent data connection, from high-speed-connected instruments with large data flows, or from cell-phoneand satellite-network-connected instruments with connectivity outside the university’s control. Interruptions can vary from troublesome to devastating as data backs up or must be discarded while waiting to be transmitted to storage and processing locations. The many existing and upcoming 24/7 experiments cannot tolerate outages without important data loss, and require careful architectural consideration of redundancy/backup links, disaster response and recovery. Long-term data collection projects require the ability of critical parts of their infrastructure to maintain stable location, addressing, accessibility and behavior over a period of years. Changes to the network may require significant advance notice and re-engineering to accommodate such projects. Departments from the arts to medicine to the sciences are increasingly participating in computation. These nontraditional computation departments may not have a computing support infrastructure sufficient to assist research labs with network engineering and tuning. With varying success, labs rely on graduate students and trial and error to resolve data networking issues. Some projects involve experimenting with the network per se; these projects may require the ability to spin off “danger nets” to insulate the campus from these necessarily lower-security, highly changeable projects.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

16

New buildings are being built to house experimentation, sometimes side by side with administration and clinical activities. Researchers in these buildings will need high-speed access to research networks, while clinical activities must be protected and isolated. New shared facilities such as the stem cell building will need to serve multi-institutional researchers with varying security and network access needs. UCSD researchers may be located in such shared facilities or in non-UCSD research facilities such as the Salk institute, with the need to connect at high speed to UCSD’s research network. IPv6 U.S. government agencies are already required to have IPv6-capable backbones. In the not-toodistant future, grant submission and processing for some types of funding may require IPv6 connectivity. Thus, the availability of IPv6 would make UCSD a more desirable institution in the eyes of granting agencies. IPv6 will be needed for the type of cross-institutional collaborative research that UC San Diego is increasingly involved in. Japanese, Chinese and South Korean institutions, with government mandates and subsidies, are already embracing IPv6, and many U.S. institutions are implementing IPv6, including several UC campuses. There is a small amount of active interest in IPv6 among research departments at the moment. However, several have expressed interest in serving as test locations, either with an eye to understanding and dispatching their hurdles before they impact experiments or because they have international collaborators. In addition, the number of devices that are IP-enabled is expected to increase over time, including ordinary appliances that today are not IP-enabled. Future networking needs, for example, may include assigning an IP address to every door for keyless locks. The vast and precise addressing space of IPv6 will ease the impact of these potential addressing challenges. In the short term, IPv4 addresses will need to be provisioned in parallel for most desktops and servers, but IPv6 addressing may also provide relief for growth in research activities such as clusters, which may not need IPv4 addresses.

Looking Ahead to 2016 Over the next five years, ACT needs to prepare to provide: support for centralized, multi-purpose computing facilities; infrastructure for a massive increase in expectations for wireless service; the ability to flex our network architecture and respond quickly to special needs for bandwidth, quality of service (QoS), latency guarantees, etc., while providing sufficient redundancy; and improved direct support geared towards faculty. Support for centralized, multi-purpose facilities The triple pressures of budget restrictions, UC initiatives, and the effort to save energy will concentrate more, though not all, of campus computing servers and storage systems into a number of larger facilities. We will need to supply these facilities with sufficient bandwidth to make use of them for faculty and students located in campus research buildings and in selected off-campus locations. It will be critical to ensure latency across campus is kept low enough for remotely driven activities such as scientific visualization.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

17

Distribution nodes The backbone distribution nodes will serve the majority of their buildings with 10G links. Where needed to meet the needs described above, multiple 10G links will be placed. Their uplinks to the core will scale in bandwidth as needed using multiple 10G links grouped in aggregated port channels. The technology is likely to remain the existing Catalyst 6500s, using new line cards and/or supervisor modules. New distribution nodes will also be required in three locations. Core nodes The two core nodes at M and B will support an increased number of 10G connections to the distribution nodes, as well as other locations such as the edge and data center. We anticipate upgrading these nodes to higher capacity switching platforms and redeploying them to the distribution or edge locations. Infrastructure for massive increase in wireless expectations Research and instruction will increasingly depend on wireless infrastructure. The infrastructure density must be increased, especially in instructional areas. In addition, we must prepare to keep our wireless infrastructure at the cutting edge of what is possible if we hope to meet the anticipated growing needs. We expect that 802.11n will remain the standard protocol for the foreseeable future, so changes are more likely to focus on power redundancy (since wireless clients typically are able to survive a power outage) and honing strategies for maximizing signal. Campus edge Additional 10G and possibly 40G links to CENIC will be provided commensurate with growth in network demand. The use of dynamic circuits is also likely for some research applications. These requirements will be met with new line cards in the existing Juniper chassis. Edge availability will be improved with the addition of a geographically diverse CENIC point of presence (POP). At that point, one MX will remain at SDSC and the other will move to the new location on the east campus. Architectural flexibility and service guarantees Electronic failures are relatively infrequent, and will continue to be handled with spares except in extremely high-density areas, such as co-location facilities. Power redundancy provides a greater impact and will be more aggressively deployed. The biggest concern is long outages such as a fiber cut. Along with the deployment of diverse fiber routing in exposed areas of the campus, temporary wireless facilities will also be used for temporary connectivity when there is a failure. Different projects have very different network requirements. In addition, some exceptional needs must be filled in short time periods for brief experiments or conferences; others may have a longer lead time but must remain in place. Rather than devising a single network solution for all research buildings — even one with very high bandwidth provisions — ACT will develop a flexible and easily modified architecture for the campus network, allowing us to make changes easily and with minimum additional expense. We will be able to respond quickly to requests for both temporary and more permanent pipes with specific characteristics that may include some mixture of high bandwidth, low latency, QoS control, high or absent security, and shared or restricted use. This requirement has both physical and human demands. To accomplish what research will require, we will need increased high-level staffing for network engineering, and we must provide mentorship and appropriate training to lower-level network engineering staff so that they continue to improve their skills.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

18

Security Current firewall capacity is limited to 5.5Gbps per node with a limitation of 1G per individual data stream. This firewall capacity will be increased to full 10G or multiple 10G capacity at each of the distribution nodes. The existing NetFlow collector infrastructure is reaching its hardware end of life and will need to be replaced. As network traffic increases, the storage behind this infrastructure will need to be increased; as the regulatory landscape changes, more instrumentation and logging will be required. It will be necessary both to expand the NetFlow collection infrastructure and to extend it to areas of campus that currently lack this technology, including the UCSD Medical Center and SDSC. Our firewalling solution is reaching its end of life and will need to be updated to accommodate higher traffic demand. 10G and faster firewalling technologies will need to be investigated and deployed to support sensitive high-speed network activities in parts of campus. It will be necessary to better instrument our network to detect new hosts as they show up on the network, especially as we move forward with IPv6 deployment. The current mechanism of host discovery and vulnerability management will not function in a search space as large as the address space that IPv6 will give us. The vulnerability scanning infrastructure is also reaching its end of life and will need to be replaced and expanded to deal with new regulations. The ability to scan both internally and externally will be more and more important to assess compliance with regulations and understand the severity of issues. IPv6 All network nodes will properly route IPv6 in and out of campus areas. By midway through our fiveyear plan, IPv6 addressing will become part of the standard configuration for all network links along with the current IPv4 addresses. Customer support We have identified four specific areas where additional support offerings would be beneficial: Most frequently, what appear to be network limitations have turned out to be situations best resolved by end-user machine performance tuning and/or data transmission or sharing best practices. Researchers are eager to use cloud technology both on and off campus to maximize the processing and storage available to them, but few campus experts are providing assistance in accessing, securing, and manipulating data in the cloud. Ad-hoc experiments and exceptionally high bandwidth activities are often conducted without prior consultation of ACT experts, including network architects and engineers. This has resulted in unnecessary cable lays, superfluous expenditures and equipment installations, and interference with the campus production network. Faculty are unsure where to turn for assistance with teleconferencing and remote meeting and support needs. Departmental IT staff and graduate students are unaware of the options available campuswide. We believe extended high-level support is needed to provide outreach to inform customers, especially faculty, of ACT’s data communications and consulting services. Faculty need a clear Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

19

channel to obtain assistance with planned activities. ACT should develop and provide best practices guidelines for research; have a plan to direct and respond to help desk queries regarding cloud technology, planned experiments, and teleconferencing; make sure our Help Desk is prepared in particular to assist with teleconferencing needs; and designate high-level engineers and architects to meet regularly with faculty and proactively respond to their instructional and experimental needs.

Impact on Resources ACT is in the process of developing the proposal for NGN3, the next phase of the NGN funding model. This proposal must include appropriate technology to achieve the flexibility necessitated by the changing face of research. It must contain resources to continuously upgrade our wireless network to meet the next iterations of cutting-edge technology. It must also include sufficient human resources in network architecture, network engineering and installation to handle the expected increase in research-related needs over the next five years. In addition, our help desk personnel should be able to assess and appropriately direct the expected requests of researchers, and our outreach personnel must be able to prepare guidelines and proactively contact departments and faculty to assess their needs. Our technical staff will need to meet regularly with researchers, participating as appropriate in colloquia and technical meetings, and provide appropriate documentation targeted to the research community. Necessary training and increased staff in these areas will have budgetary impact.

Major Milestones and Investments 2010 - 2011 Increased 10G density from distribution nodes to buildings IPv6 standardized on network links Temporary wireless solution available for network failure scenarios QoS deployed in concert with network-based voice signaling upgrades Increased staffing for network architecture, network engineering, installation, and help desk Begin supporting customers on key topics noted above 2012 - 2016 Firewall connections upgraded to 10G at distribution nodes Additional distribution nodes deployed at campus growth locations Multi-10G connections to distribution nodes Core nodes replaced with next generation core switches Wireless density doubles Achieve target staffing for network architecture, network engineering, installation, and help desk Comprehensive customer support provided for key topics

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

20

III. Key IP Network Services The services described in this section refer to central systems managed by ACT, including email, authentication, network and data security, and emergency notification systems.

Current Outlook Email Electronic mail at UCSD is currently distributed between centrally managed systems, departmentally managed systems and commercial providers. The decision as to where an individual mailbox resides is often made at the department level, but can also be an individual decision. Approximately 80% of faculty and staff deliver their mail to a Microsoft (MS) Exchange environment (75% hosted centrally by ACT, 25% hosted by departments). Of the remaining 20%, the majority of accounts are hosted on departmentally managed systems (Cyrus, Groupwise, Sendmail, etc). Approximately 5% of faculty and staff are forwarding their mail to off-campus providers (mainly Google’s Gmail). Although the majority of students host their ucsd.edu email on their account provided by Academic Computing & Media Services (ACMS), it is acknowledged that the majority of students maintain a secondary account for personal use. Calendaring Although enterprise calendaring is widely used throughout UCSD, the lack of a centrally provided calendaring solution in the past and the continued lack of any calendaring standards among vendors have led to a very diverse and distributed environment, with very little interaction between systems. Since calendaring servers are not specifically monitored, it is unknown how many calendaring environments exist at UCSD. We do know that the largest environment is the NGN-funded MS Exchange environment. This represents the collaboration of approximately 30 central and departmentally maintained Exchange calendaring servers representing over 25,000 accounts. Many other calendaring environments exist on the campus, including Google Calendar, Oracle Corporate Time, Apple iCal and Groupwise. As no calendaring standards exist, there is very little interaction between these environments. Instant messaging Instant Messaging (IM) is widely used across the campus, but there is no common platform. Commercial providers (AIM, ICQ), along with UCSD-provided solutions (systems managed by departments, ACMS-hosted Jabber) provide individuals and departments with their IM needs. There is no central directory of IM identities/profiles. Social networking Social networking is commonly used across the campus for mixed personal/university business. These commercial services (Facebook, Linked-In, Twitter, MySpace, etc.) provide communication and collaboration between colleagues who are geographically disparate. In some cases, social networking sites are filling the gaps where a central calendaring environment does not exist.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

21

Mobile computing A wide variety of smartphones, pdas, netbooks and laptop computers exist on the campus today. As these devices have improved, the expectations for a desktop-equivalent experience have increased. There are current challenges with encrypted wireless, Wi-Fi saturation and the virtual private network (VPN). Authentication The campus currently maintains four central authentication databases, and provides Shibbolethbased single sign-on (SSO) as a framework for wrapping these authenticators into a common Web interface. Even with this framework, applications that are not using a common authenticator require the end-user to authenticate again. Network applications (email, VPN, Web proxy, wireless) continue to use various authenticators. This causes end users to maintain at least three sets of credentials to conduct university business. There is growing discontent with the confusing nature of authentication at UCSD. Network and data security Campus minimum standards provide guidelines for different types of activities. Specific standards exist for systems that act as kiosks, deal with sensitive data, or for dangerous equipment; these standards inform departments of the minimum level of security that needs to be placed around such infrastructures. Compliance with these standards remains a challenge. The campus has licensed anti-virus and host-based intrusion prevention technology to further facilitate compliance with protection standards and logging requirements. Both of these solutions offer management capabilities and logging capabilities that make managing large deployments simpler for departmental system support staff. Vulnerability scanning conducted by the campus and departments help manage operating system level vulnerabilities. There are two main types of scanning: Port/service scans use port and service fingerprinting techniques to identify open ports, running services, and version numbers on systems. This mechanism looks at UDP and TCP services and can utilize any port scanning technique. The service identification mechanism usually relies on services that respond immediately to a connection or that will respond to a probe string. Service scans can involve a large number of connections and probes to identify the service running on a port. Network vulnerability scans use a vulnerability check database to find vulnerabilities on hosts. The scans ACT conducts for vulnerabilities are generally non-intrusive scans, meaning they passively attempt to determine if a machine is vulnerable rather than attempting to exploit the vulnerability. These scans are used for two main processes – remediation of the top 15 most vulnerable machines and machines with significant vulnerabilities. System administrators of machines in either category are notified and given a period of time to remediate the issue; if it cannot be resolved, the machines are removed from the network. Emergency notification systems ACT currently supports several emergency notification systems at UCSD: Reverse 911 system: This enables the Police Department and the department of Continuity and Emergency Services (CES) to broadcast announcements to the campus or sections of the Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

22

campus via lists of key contact phone numbers. ACT manages the system; each department or group manages the contact lists. SMS (short message service) notification system hosted by MIR3: Enables the Continuity and Emergency Services department to broadcast critical emergency announcements via text messages on cell phones. These text messages are also converted into voicemail messages. This service is funded via NGN and managed by CES. Emergency status phone number: By calling 888-308-8273 (888-308-UCSD), one can hear a recording about UCSD’s status and other important notifications in the event of an emergency. The number goes through a central office located in another state, in case there are disasters which affect call traffic in this area. This number is funded via NGN, and ACT and CES manage the recordings. Emergency phone towers: In the event of a campus emergency, an announcement can be broadcast via a speaker system in key areas of campus such as dorms and residence halls. The phone/voice system utilizes our Aastra* phone switch, and the broadcast mechanism traverses our data network. E911 (Enhanced 911) service: When a 911 call is made from a phone on the campus phone system, the caller’s location is displayed on the responder’s screen. This enables the Police Department or other emergency responders to arrive at the caller’s location in the event the caller is not able to identify the address. ACT maintains the locations for all campus phone numbers. ACT maintains the UCSD Emergency status page on Blink for CES.

Campus Changes Email Email at UCSD is going through a dramatic change. The installation of the NGN-funded MS Exchange environment in 2008 began a shift of mail storage from departmentally managed systems to the centrally managed environment. This has driven down the overall cost of email for UCSD and has the potential to simplify UCSD’s complex mail environment, opening up more options and lowering the overall cost in the future. The maturing of Google Apps for education and Gmail could further impact email at UCSD, especially as features are added that allow Gmail to interact with a locally hosted MS Exchange environment. Calendaring As more services are being centralized, more campus users are gaining access to the MS Exchange calendaring environment. A common calendaring environment will enable the campus to use calendaring in more depth. The emergence of good calendaring clients for the Macintosh and Microsoft’s improvement of the Web client for non-Windows platforms is making this solution viable for more and more departments. Instant messaging As standards begin to emerge in IM technology, interaction between commercial cloud providers (AIM, ICQ, etc.) and hosted solutions will be possible. This will increase the need for some kind of central directory of IM identities.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

23

Social networking Social networking services will continue to fill gaps in other communication protocols (calendaring, IM, email, etc.), but will likely undergo significant change as other communications protocols change and as security/privacy issues become more relevant. Mobile computing The distinction between netbooks and smartphones will be blurred further in the coming years. The iPhone, Palm Pre and Google phones are just the beginning of this process. As these devices become more capable, user expectation will increase to have all services available on mobile devices, regardless of the network that the device is connected to. This represents an enormous development and security challenge, as the campus network border has provided much security to applications and services in the past. Many faculty have indicated that they intend to ramp-up use of mobile computing in the classroom environment in the near future. The possible use of proximity sensors and high-bandwidth services in the classroom will have a significant impact on the wireless network in and around classroom buildings. Authentication The frustration in dealing with multiple authenticators is rapidly growing and will need to be confronted in the very near future. UCSD must consolidate existing authenticators into one authentication database. This will require many ACT teams working together internally and with campus departments. It will certainly require policy changes and clear guidelines for applications and services to use the single authenticator. It may also require a global unique UID for identifying users and linking authentication with authorization databases. Network and data security A critical part of security for campus sensitive assets relies on patch management of applications in addition to the operating system. We are working to enhance our host-based intrusion protection solution to include patch management. Web applications are also a weak point; in the coming years the campus will need to figure out a way to scan for vulnerable custom Web applications and track issues. There are several enterprise products that are progressing in this space, and ACT expects one of them to reach a maturity level that will make sense to purchase. Vulnerability scanning engines will need to be replaced and enhanced to support on and off campus scanning, HIPPA and payment card industry (PCI) requirements. There will be a coming need for this infrastructure to be approved by the PCI Security Standards Council. Data loss prevention (DLP) and detection of sensitive data at rest is also an important area to investigate. We need to know where sensitive assets are and where they are going in order to protect them effectively. DLP integrated with the email infrastructure will allow us to enforce policy that protects these assets in email. System administrators have been clamoring for better tools to get a handle on where sensitive data may live in their environments, so another tool to scan computers will also be needed. Emergency notification systems The campus is currently in the process of deploying a product from AtHoc that ties existing notification systems into one front-end, so that CES or the UCSD Police Department can quickly transmit messages across multiple mediums. Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

24

Technology Changes and Looking Ahead to 2016 Cloud computing The impact of cloud computing will have to be considered in all technology decisions over the fiveyear strategic plan timeframe. Factors to be investigated include: 1) the overall maturity of commercial cloud providers and services; 2) the security of data stored in the commercial clouds; 3) the tools to move services and virtual servers between cloud-based service quickly; 4) and the use and participation in private cloud environments. Policy and best practices will need to be written and published for widespread campus use of these services. Email The NGN-funded email systems (currently Exchange 2007) will be due for a major upgrade. Decisions will have to be made whether to stay with a Microsoft-based system or move to another product. A key to this decision will be whether or not a calendaring standard has been developed and accepted by the vendor community. If a calendaring standard exists, calendaring can be separated from the email decision, thus creating more options. The systems providing edge/core email routing and scanning will need to be evaluated and replaced. Cisco Ironport is currently providing this service. Available services, providers and standards will need to be investigated and tested before replacing these systems. Calendaring The calendaring world is undergoing change right now. Oracle’s Corporate Time will no longer be supported. Updates in MS Exchange are making calendaring more accessible to non-Windows clients. There is also a consortium of large institutions and vendors working together on a calendaring standard. It is possible that standards-based calendaring will emerge over the next couple of years and make it possible for true interaction between calendaring systems. Mobile computing The security boundaries around applications and services will have to be reconsidered, as the use of mobile computing increases and users are flipping between UCSD and commercial networks throughout the day. Many teams will have to be involved with securing applications and services across controlled and uncontrolled networks. Authentication As computing power becomes less expensive, the ability to brute-force attack password databases also becomes easier. Multi-factor authentication (biometric, token-based, etc) will become more important to secure administrative and superuser access. We will also need to watch for emerging standards, which may include third party hardware factors (smartphones) that can be integrated into the environment. Network and data security Attacks are shifting from targeting operating system vulnerabilities to targeting Web browsers and web applications. To deal with this shift, security of applications installed on computers and Web applications is critical to protecting sensitive assets.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

25

Network intrusion detection that examines the content of network traffic will also become necessary to detect application level attacks. This will be a challenge as the campus core network increases in speed. Emergency notification systems The existing phone system has the capability of broadcasting announcements over desk phones via the speakerphone feature. When a phone call is in session during the announcement, it will be dropped to push the broadcast through. Depending on the nature of the emergency, announcements can be broadcast on a “per node” basis to notify certain sections of campus.

Impact on Resources The consolidation of services and use of cloud services should lower overall IT costs for the university, but will likely represent an increased cost for NGN. The centralization costs must be represented in the upcoming NGN3 budget cycle. The complexities of the computing environment that will be created over the next five years will require a significant increase in experienced technology engineers with comprehensive skill sets. As this kind of expertise is difficult to acquire, the university should actively search and hire individuals in advance of project need.

Major Milestones and Investments 2010 - 2011 Expansion of the existing email and calendaring environments Expand the Google Apps pilot Upgrade Exchange system to 2010 version 2011 - 2012 Consolidation of central authenticators to one Deploy a multi-factor authentication system for administrative and superuser access Add IM identity field to campus directories Installation of a security product to scan for vulnerable custom Web apps Build and participate in a private cloud computing environment Expand intrusion detection systems to monitor network traffic 2012 - 2013 Major email system upgrade/replacement Upgrade vulnerability scan engines for a broader scope and to meet changes in HIPAA and PCI requirements Install data loss prevention and detection for email system Build or acquire tools to move applications and servers to/from cloud services Build or acquire tools for securing applications and servers hosted in cloud environments Provide a central calendaring solution (this could be a part of the email environment) 2013 - 2014 Email edge/core routing and security scanning replacement Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

26

IV. Voice Services Current Outlook Voice services on campus and at several off-campus sites are provided by an Aastra MD110 PBX. There are approximately 17,200 campus lines and 1,000 trunk lines. The telephone system has been growing by about 250 lines per year for the last few years. On a typical day there are 45,000 outgoing trunk calls and 75,000 incoming trunk calls. The central switching matrix, the Group Switch, is located at Node M in the Central Utilities Building. Telephones are cabled back to a total of 77 Line Interface Modules (LIMs), located in the node rooms on and off campus. The remote node rooms are connected to Node M by fiber or occasionally by leased T1 lines. The Aastra PBX was installed in 1986, and has been upgraded many times since then. Only a few of the original components remain. The critical Group Switch is one of these original components, and while there have been no problems with it to date, we do not know if there will be future issues with this aging equipment. ACT has several small off-campus sites utilizing Voice Over IP (VOIP) telephones connected to the Aastra PBX via the UCSD network. A major advantage of integrating Aastra’s own VOIP system with our present network is being able to move numbers from one system to the other. Also, most of the features are accessed in the same way, and the look and feel of the phones is very similar. We are piloting an Aastra MX-one system and preparing for testing of the Aastra's Fixed Mobile Convergence (FMC) feature, allowing enterprise users to roam between cellular networks and voiceenabled wireless LANs (WLANs), using dual-mode handsets equipped with 3G and Wi-Fi radios. With the new functionality WLANs deliver, mobile voice is now practical within the enterprise campus. Voice mail continues to be very popular throughout the campus community. We provide voice mail services through an Interactive Intelligence voice mail system, which presently has 10,000 mailboxes and 140 ports. Voice mail usage continues to increase by approximately 200 mailboxes per year. The Telephone User Interface (TUI) was custom built by I3 during the initial installation; I3 has since built a Pulsepoint replacement TUI. Any upgrades to voice mail and/or unified messaging will need to integrate with the custom TUI. Unified messaging is provided to over 1,000 users today and continues to increase along with campus growth. Many campus employees use cell phones. UCSD does not have a contract for exclusive service with any one provider. Departments are free to choose whichever provider and plan is most appropriate. The providers in the San Diego area are Verizon, Cingular, AT&T, Sprint and Nextel. All providers offer a push-to-talk feature that is especially useful for departments with technicians who work around campus.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

27

There are currently several emergency notification systems deployed at UCSD, including a Reverse 911 system, an SMS (short message service) notification system, an Emergency status toll free phone number, Emergency phone towers and the UCSD Emergency status Web page.

Campus and Technology Changes UCSD continues to grow, and some major new buildings will be occupied over the next few years (as described in Section I, Infrastructure). The growth in telephone lines, however, has not matched the growth of the data and wireless networks, and we do not anticipate any capacity problems or resource issues on the voice side. Voice Over IP UCSD is also moving more staff to off-campus buildings. Whenever possible we install a LIM in these buildings so that the customers there can get the same level of service as they would on campus. It is in this type of location where Voice Over IP (VOIP) may become a more cost-effective alternative to a LIM. For several years there has been a sense that VOIP to the desktop is the newest and best way to provide voice services. This “coolness factor” has now worn off, and VOIP is seen as a maturing technology, which in some circumstances is more cost effective than circuit switching. For VOIP to work effectively, the data network must be modern, well engineered, highly reliable and centrally controlled with strong policies. Over the last few years UCSD’s network has been making great strides toward becoming this type of network – one major addition would be Quality of Service (QoS) policies. An increasing number of people are using their cell phones as their primary or only voice instrument. Some PDAs will be built with SIP client voice applications, allowing them to be used as a telephone when using the wireless data network. There are emerging standards of interoperability and handover, IEEE 802.21 and 3GPP. This may be of interest in some technically oriented areas such as Engineering, especially if cell phone capabilities can also be added to the same device, which would automatically connect to the cellular network if there were no 802.11 signals in the area. Currently, we have a flat rate long distance contract with Verizon provided over Primary rate interface (PRI) circuits. VOIP trunking is a method of sending calls over an IP datastream for part or all of its route. Our current Aastra software supports this with very few technical drawbacks. The UCOP initiative for long distance services and extensions to existing contracts will have a bearing on the decisions to implement. A cost benefit analysis usually determines if it should be done or not. Aastra has announced a migration strategy for their MD110 PBX to their MX-ONE platform. The end of new and add-on sales of our existing software, TSW, is 2012 and the end of the active support has been pushed out from 2013 to 2015. The migration to the TSE software will eliminate the group switch, which will be replaced by IP connectivity between the LIMs. Over the next five years, changes in the work environment will center on how and where people perform their tasks and duties. This will lead to increased telecommuting and to an increased mobile work force. To accommodate this type of work force the concept of shared desks, or free seating as Aastra refers to their feature, may be introduced. This will be a culture adjustment for employees.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

28

There is a shift towards ACT providing email service using MS Exchange for other departments across campus (see Section III, Key IP Network Services). This may result in our being able to increase the integration for unified messaging. Cellular carriers continue to improve their wireless technology, moving toward 4G, each with higher transmission speeds. 4G cellular technology is currently being developed with the aim of providing transmission rates up to 20Mbps while accommodating QoS. The 4G applications are expected to include high-performance streaming of multimedia content. The technology is expected to appear sometime in 2010. Femtocell technology is like having a mini cellular tower in your home or small business environment. It connects to the providers’ network via your existing broadband Internet service (such as DSL or cable), and is designed to support multiple 3G capable wireless phones in a home or small business setting. Femtocell is based on licensed spectrum and is carrier-specific. With 3G MicroCell service, users receive improved cellular signal performance for both voice calls and cellular data applications, like picture messaging and surfing the Web for up to four simultaneous users.

Looking Ahead to 2016 Aastra’s MD110 will continue to evolve over the next three to five years, especially in the mobile arena, with cell phone to Wi-Fi becoming more prevalent. Upgrade of the PBX to MX-ONE TSE prior to 2015 MX-ONE TSE will be a significant hardware and software upgrade, but it will give us a technologically advanced voice network that will meet campus needs for the next seven to 10 years. There will be better and easier ways for users to program their own features. We should consider providing a Web interface so our customers can change their call diversions, set up speed dial buttons, access their calling records, etc. Voice Over IP We need to proactively follow developments in the VOIP market, and identify the point when it will allow us to provide the services the campus needs, and save money. It is highly unlikely that within the next five years VOIP will advance to the stage where it could replace the Aastra PBX, but there will be buildings on and off campus where it will be appropriate. SIP endpoints will be operable with the MX-ONE platform and replace the H323 instruments that are highly proprietary in their version of the H323 standards. At this time SIP endpoints are approximately twice the cost of digital instruments. Wireless voice Wireless voice is an interesting area for the coming years, and may be an area in which to focus our resources. We should investigate and test wireless voice services and how they can be integrated into our voice and data network to assess the impact of FMC on the 802.11network. Aastra’s current mobility product is good; the dual mode concept (which requires TSE software) needs to be tested. There may come a time when all campus users are given a wireless phone rather than a desk phone, although that point is likely more than 5 years away. Those phones will probably use a combination of 802.11 and 802.21 and advanced cellular technology 3GPP, and be administered and managed through a campus operated interface. Supporting a large number of users in this environment Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

29

presents challenges, but it is an interesting area and we expect to see a lot of development over the next few years. With the degree of uncertainty regarding the best options for future voice services, it is important to have a good understanding of what our customers want. We should set up focus groups, meet with key personnel and involve campus departments in the trials that we carry out. The cross-training of technical staff, so that the data network engineers are more familiar with the voice services and vice versa, will be important for future VOIP installations. Emergency notification systems UCSD will need to consider the following enhancements to existing emergency notification systems. The Aastra Broadcast feature, which permits the existing phone system, has the capability of broadcasting announcements over desk phones via the speakerphone feature. There is a new California Building Code where multi-story buildings must have an “Area of Refuge” or “Area of Rescue Assistance” system to provide for handicapped persons to safely exit the building without elevator access. Establishing contract agreements (SLAs) with all of the major cellular carriers is planned so additional capacity can be deployed quickly, when necessary. AT&T, Sprint/Nextel and Verizon provide a temporary service that increases network capacity to support major public events, protracted emergencies and incidents. Improved cellular coverage Plans for voice services include encouraging public cellular providers to improve their coverage on and around the campus, especially regarding levels of service on the 3G and future 4G data networks. WLAN upgrades The establishment of granular WLAN QoS policies, tunable to a broad range of applications (notably voice and video), end-device capabilities, and other characteristics will be needed. To support an eventual migration to IP Multimedia Systems, several features will be implemented on the WLAN, including Session Initiation Protocol (SIP) based VOIP signaling and other SIP-enabled applications and services. The ability to add WLAN capacity in cost-effective increments, and planning tools that help anticipate and proactively address problems with enterprise WLAN congestion, radio frequency (RF) coverage, and infrastructure resiliency will be needed.

Major Milestones and Investments 2010 - 2011 Replace old telephony hardware with new hardware when possible (i.e., replace TSU, TRU MPU boards with TMU-12 boards). Establish service contracts with cellular providers to improve coverage during emergencies and major disasters.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

30

Monitor the proliferation of Femtocell technology on campus (especially in the residence halls) to ensure maximum coverage/performance is achieved without causing interference with the existing wireless network.

2011 - 2012 Install quality of service standards on the voice network. 2013 Upgrade to TSE software platform. Ongoing Monitor “FMC deployment and application delivery.” Experts feel the industry will mature enough by 2011-2013 with an integrated, multimedia infrastructure in place that supports multiple end devices and access technologies. Providers will begin creatively mixing and matching once disparate services — voice, audio conferencing, video conferencing, text-based instant messaging, e-mail, games, SIP-enabled conferencing and collaboration, broadcast video and audio — to serve an array of new applications and end-user needs.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

31

V. Licensed Radio Services This section is intended as a guide and planning tool, addressing evolving standards and regulations, analyzing the affect on licensed wireless communication systems, and developing a strategy that ensures uninterrupted communications and optimizes spectrum usage for UCSD.

Current Outlook Today, UCSD operates an 800 MHz analog two-way trunked radio system. Installed in the mid-1990s as part of a UCOP systemwide initiative, this system is increasingly difficult to maintain, and reliable spare equipment is hard to find. Analog technology is being replaced with digital technology, which is more reliable and robust but extremely expensive to purchase and maintain. In addition, a new digital system would not provide interoperability between the UCSD Police and local public safety organizations. Emergency service organizations (Police/Fire/EMT) depend on system reliability and interoperability when responding to emergencies. During a major emergency or disaster, the predominance of UCSD Police Department radio communications will be with local public safety organizations. The easiest way to obtain seamless communications across multiple public safety organizations is for these organizations to share/use the same trunked radio system. For these reasons, a decision was made to phase out the 800MHz system and to move the campus’ 800MHz users to alternative networks. The end of life for the 800MHz system is December 31, 2010 and it will be decommissioned on that date. Regional communications system In July 2009, the UCSD Police Department joined the San Diego - Imperial County Regional Communications System (RCS). The San Diego County Sheriff’s Department's Wireless Services Division oversees the operation and maintenance of the RCS, which provides public safety voice and data communications to more than 200 local, state and federal agencies in San Diego and Imperial counties. The RCS system is for public safety agencies. Other campus departments are transitioning their radios to a newly installed trunked 400MHz Radio System, or will rely on cellular phones with pushto-talk technology that provides benefits similar to trunked radio systems. Currently, there are trunked 400MHz antennas on the roof Tioga Hall. Coverage tests indicate that the antennas provide adequate inside and outside coverage on the east and west side of the campus, and also SIO. There are some dead spots in various basements and parking structures on campus, but these are either not significant or else can be addressed with BiDirectional Antennas (BDAs). There is a separate 400MHz system operated by the Price Center with antennas on the roof of that building. Both 400MHz systems have talk channels that allow their users to communicate directly with the campus Police Department in an emergency.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

32

Campus and Technology Changes Campus departments will continue migrating off the 800MHz trunked radio system to the newly deployed trunked 400MHz system. The 400MHz system is a more cost-effective alternative that will facilitate interdepartmental communications on campus. UCSD acquired a 1610AM radio channel. The channel will operate at 10watts or less and will be in service as of January 2010, with a coverage area primarily targeted for general campus. No commercial use is permitted, as the primary use of this channel is to provide recorded messages to the campus community.

Major Milestones and Investments 1610AM radio channel in service date is January 2010. Replace 800MHz trunked radio system with 400MHz system. Target completion date is December 2010. UCSD research projects could utilize existing 800MHz frequencies after December 2010. Eliminate billing rates for 800MHz as users decide to discontinue the service, and use the new 400MHZ system or cellular phones with push-to-talk capabilities. If necessary, adjust our rates to cover ongoing operational costs until the system is decommissioned in December 2010. Assist with identifying management responsibilities of the new 400MHz system, to include general administration, system expansion, maintenance and upgrades.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

33

VI. ACT Internal Processes Internal processes refer to those procedures and processes currently implemented, or which need to be implemented, by ACT in order to continue to provide the sophisticated, cutting edge network that the UCSD community expects. Our constituents view the campus network and the services that run on those networks as a ubiquitous utility that is reliable, navigable, and available around the clock. Meeting those expectations requires a concert of behind-the-scenes efforts by ACT teams. Actions need to occur in sequence, often through automated jobs, and groups rely on the proper function of that automation to ensure customer access to telecommunications services such as phone and data ports, business applications, and electronic mail. We examined seven major process areas: Project management Cross-team communications Internal communications Software development Service deployment Service requests Provisioning (phone, network, user registration, account activation and deactivation)

Current Outlook ACT internal processes are managed through a variety of software, procedures, and ad hoc communications. Project management is handled using SourceForge Enterprise Edition (SFEE), an integrated suite of Web-based development and collaboration tools. SFEE is also a source code control repository and is used for some cross-team communications. Project documentation resides in a document repository in SFEE, however, some documents reside on shared network drives. ACT staff members participate in SFEE training classes on common SFEE tasks such as source code management, project management, and project participation. Other cross-team and internal communications are handled through meetings and email. Little cross-team communication, as it relates to resource availability and project load, occurs currently. We’re currently working to increase cross-team collaboration during the initial project design phase. Groups conceive of projects and determine which resources they need to see that project to completion. Our project management procedures require cross-team involvement and sign-off procedures to ensure realistic project deliverables and timelines. Application development Application development, for end-user business applications, uses a two- to four-stage development life cycle, ostensibly starting in a sandboxed development environment, moving into a quality assurance environment (QA), open to testers and early adopters, and finally proceeding to a production environment, with a training environment available for end-user testing on a data subset. Software development that does not directly impact end-users, network and system analysis, and support applications does not go through the same software development cycle. Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

34

A current project is streamlining use and migration across development environments from development sandboxes, development communal space, QA, staging, production and training. For “day-of” software deployments we follow an internal ACT Communications Plan, pre-populated with kickoff steps that need to occur and all the resources necessary for business and technical deployment. This is a standard software development pathway, which provides very clear guidelines for moving through the stages. Communicating with the campus Campus communication procedures vary depending on the topic. Focus groups are one method used to solicit comments and requirements for new network services, such as changes to electronic mail storage or the details of a new network service offering. Similarly, presentations on projects and applications, offered monthly at the systems administrators meeting and annually at Campus LISA and Sharecase, among other venues, allow ACT to reach a targeted audience, engage in dialogue and solicit feedback on proposed or existing services and applications. Document repositories also provide resources on targeted subjects for specific constituents. One example is the SysWiki, a resource and discussion forum for the campus system administration community. General campus announcements are handled through official campus email lists, Blink announcements and Blink alerts. Trouble ticket system The Help Desk uses a project in the Numara FootPrints Trouble Ticket system (FootPrints) to notify ACT staff of problems with our core services. This project is configured to notify all ACT staff when a possible problem has been detected with our services and track all email conversations. Our Help Desk primarily activates this process when phone calls and emails are received from internal and external customers. The creators of the emergency process are expected to provide an owner, symptoms reported/confirmed, troubleshooting steps conducted, customer information, and any other relevant information. The owner and other staff are required to respond to the ticket in a timely manner with a status update of the situation and information on other systems that may or may not be affected. When the problem has been solved, the owner or primary problem solver is responsible for logging into FootPrints and filling out the mandatory fields (Owner, Recurring, Problem type, Infrastructure, Hardware, Network, Application(s), Technical description, Resolution and Resolver) that will then send out a final report to all. Problems and resolutions are reported as needed on the Network Status Page. Future outage notifications are also posted on this page and the Outage Calendar. Internal and external service requests, including provisioning network and telecommunications services, occur via email, the Telecommunications customer service request (CSR) process, and various trouble ticket systems. Many groups, including the Unix and Network Applications Support and the Desktop Support teams, use FootPrints projects for internal request management. Production service changes, additions, or subtractions go through a Change Request and Notification process, alerting ACT staff to upcoming outages or changes that might impact customers. Network service and email service requests also use FootPrints, either via a Web portal or via email. All IT Applications Group teams have at least one FootPrints project to manage internal service requests, including project management services. Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

35

TeleManagement System ACT uses TMS, an internally developed TeleManagement System, to track cable records and work orders for the installation of various telecommunications services. TMS is also a database of installed phone records and telecommunications storeroom inventory that serves as a billing platform for non-NGN services. TMS has a number of modules including Work Orders, Inventory, Directory, and the Install Base, etc. It is a client server application, although we developed a number of Web-based front-end interfaces that link to the system.

Campus and Technology Changes As customers become more familiar with network and telecommunication services, their expectations change. No longer are customers satisfied with requesting network access, data ports, wireless Internet, email addresses, and access credentials on an “as needed” basis, especially if those requests must go to different functional areas. Customers expect to gain access to UCSD’s rich computing resources with minimum delay. Currently, when a staff or faculty member arrive on the UCSD campus, they must wait one to two days before their email and single sign-on (SSO) credentials are provisioned. A department representative enters the person in PPS, later that night or the following night, a campus mail alias and a business systems account are created. If one exists, a system administrator for the department creates an email account or requests an account from the Messaging team, which can take up to one day. If they do not receive a computer until their arrival, they must wait, at least overnight, for their host to be assigned a registered IP address by the Hostmaster group. While unregistered hosts can browse to certain Web resources immediately, most secured campus resources require them to be fully registered before obtaining full access. In contrast, campus students enjoy a self-registration system where they select their own credentials, register their computing devices for campus network access, and have access to online support services and notices. Additionally, customers expect to receive notifications through a variety of medium, preferably on an opt-in basis. The advent of Web 2.0 means customers expect to provide more feedback and integrate their computing environment, either with their social networks or their personal devices. Cloud computing is changing the way the user community expects to access data and services. Users expect their data and email, including sensitive documents such as dissertations, to be available from anywhere on the Internet, from any computer. In addition, users expect to be able to access secure Web-based applications (e.g., TritonLink and At Your Service Online) from any location using Web-based VPN software, if necessary. Current expectations also include easy sharing of large files, video conferencing, and Web-based presentations. The power and relative low cost of personal computing devices means that users are more mobile, more reliant on Web-based services, and less likely to access services only during traditional times.

Looking Ahead to 2016 Campus communication and collaboration ACT needs to coordinate information sources more effectively, using Web resources that our customers use. This may include social media sites, increased use of RSS feeds, increased use of the

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

36

Network Status Page, and a proposed User Portal as a clearinghouse for network-related information and registration. We currently do not provide phone support to campus customers calling outside the extended Campus Operators business hours (7:30am – 5:00pm). Two of the 10 UC campuses utilize an Interactive Voice Recognition (IVR) system during the evening or 24/7. We have evaluated 4 vendors that provide IVR systems, and will make a decision on whether to purchase a system in 2010-2011. We will look into solutions for providing a public facing knowledge base for customers (FootPrints, MyKnowledgebase, PHPkb, Crowdsourcing). Some method of large file sharing and temporary file storage, where those file sizes exceed the capacity of our messaging environment, would help our customers collaborate across universities and the Internet. Service deployments There has been considerable success, primarily with the move to implementing MS Exchange and Ironport, using campus focus groups for requirements gathering, providing introductory and prelaunch presentations, and using the launch day ACT Communications Plan. ACT should consolidate these strategies into a more complete Application and Network Service Deployment Plan. The new plan would accommodate the needs of software release and network service changes and the announcement of those changes. Service requests and provisioning By 2016, ACT should modernize and consolidate its service request systems. We have CSRs, Help Desk trouble tickets, IP address requests, email account requests, SSO credentials, and wireless registration. A User Self-Registration Portal would be an effective way to provision users and meet customer support expectations. Such a system would allow a user to enter key pieces of personal information, and from that point begin the process to activate their office phone, voice mail, email account, business system credentials, and IP registration. Currently under development is a plan to revise sections of the TMS code in order to transition away from Omnis. IP registration should occur using a combination of DHCP and captive portal technology, intercepting all packets, regardless of address or port, until the user opens a browser and tries to access the Internet. At that time the browser is redirected to the User Self-Registration Portal, which will require authentication, display an acceptable use policy, and collect network-related information about the user’s computer and location. Saving custom data on the new application would allow customers to return and update additional information as it becomes available; for example, when they receive a new computing device or change location. Additionally, saved data would allow users to change passwords, forward mail, or search network service and business application knowledge bases. Finally, a self-registration site could allow users to request help and see network status.

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

37

Impact on Resources Future staffing and budget challenges, as well as a telecommuting and mobile work force, will require increased collaboration across ACT groups. Developers will continue to develop software on personal computers but “check-in” code to a central repository for disaster recovery and security. ACT will continue to provide email, network, and business application support to the campus. The UCSD community will rely more heavily on Web-based, cloud computing resources. Staff and faculty who want to use a self-registration portal first need to be entered into PPS, even if it’s with a future appointment date, and receive a valid employee ID.

Major Milestones and Investments Consolidate Outage Calendar and Network Status Page Modify multi-stage application deployment process to accommodate Network Services Fully implement multi-stage application and network services deployment process in 2010 Fully integrate standard project management procedures across all ACT groups Expand TNG to accommodate new roles Develop an Application and Network Service Deployment Plan Create UCSD User Registration and Support Website Investigate and deploy captive portal technology on campus VLANs Investigate and select an integrated host registration and IP management strategy Evaluate and select a public-facing Applications and Network Services Knowledgebase

Telecommunications Strategic Plan — March 2010 Administrative Computing & Telecommunications, UC San Diego

38

Suggest Documents

STRATEGIC PLAN. (Adopted March 2013)

STRATEGIC PLAN. (Adopted March 2013)
Read more
2020 Strategic Plan. March 7, 2016

2020 Strategic Plan. March 7, 2016
Read more
Community Immigrant Strategic Plan. June 2010

Community Immigrant Strategic Plan. June 2010
Read more
Strategic Plan for Future Growth 2010

Strategic Plan for Future Growth 2010
Read more
Telecommunications Master Plan

Telecommunications Master Plan
Read more
Fire Alarm System Plan Review March 2010

Fire Alarm System Plan Review March 2010
Read more
Strategic Plan Outstanding Palliative Care. Strategic Plan

Strategic Plan Outstanding Palliative Care. Strategic Plan
Read more
$ $ STRATEGIC PLAN STRATEGIC PLAN 1 22

$ $ STRATEGIC PLAN STRATEGIC PLAN 1 22
Read more
STRATEGIC PLAN

STRATEGIC PLAN
Read more
STRATEGIC PLAN

STRATEGIC PLAN
Read more
Strategic Plan

Strategic Plan
Read more
Strategic Plan

Strategic Plan
Read more
Strategic Plan

Strategic Plan
Read more
Strategic Plan

Strategic Plan
Read more
Strategic Plan

Strategic Plan
Read more
Strategic Plan

Strategic Plan
Read more
Strategic Plan

Strategic Plan
Read more
STRATEGIC PLAN

STRATEGIC PLAN
Read more
Strategic Plan

Strategic Plan
Read more
Strategic Plan

Strategic Plan
Read more
Strategic Plan

Strategic Plan
Read more
Strategic Plan:

Strategic Plan:
Read more
Strategic Plan

Strategic Plan
Read more
Strategic Plan

Strategic Plan
Read more