3 IT trends to tackle now: before your institution is consumed by security, data, and telecom challenges, take action today.Three fast-moving trends are reshaping the very fundamentals of how information technology happens behind the scenes. First: Data storage now has its own set of fast pathways between repositories near and far. Second: Intrusion detection See IDS and IPS. and prevention systems race to stay ahead of the new threats that flow in over the Internet every day. And third: The convergence of telecommunications technologies is creating the opportunity to dismantle parallel networks and redundant management groups. To put it simply, these shifts have come about because of the success of client-server computing, with its propensity to spin off yet another system for each new application. There are now too many systems, too much data, and too much uncertainty about whether it all ties together and is safe, secure, and well managed. DATA EVERYWHERE Data accumulates everywhere: e-mail, ERP (Enterprise Resource Planning) An integrated information system that serves all departments within an enterprise. Evolving out of the manufacturing industry, ERP implies the use of packaged software rather than proprietary software written by or for one customer. systems, office and departmental applications, the courseware management system, and of course on countless desktops, laptops, and PDAs. Until now, backup was a different proposition for each of these systems and devices; each had its own way to save a copy of its data in case of an emergency. However (except for the systems with the highest institutional profile and sensitivity), the likelihood that most, let alone all, were being backed up was just a hope. Data centers have had to extend their reach to help with the chore of backing up all of those systems. The number of servers under central management and the time needed to roll data from those computers to tape have forced basic changes in how backup occurs. At Pace University (NY), for instance, the need to act was urgent. In the span of a few months, the number of servers grew from 45 to 70, and the data store from 300 gigs to 600. The school's solution was a BrightStor EB storage area network (SAN) from Computer Associates (www.ca.com). (A SAN is a separate network connecting storage devices and servers without regard to differences in server or application operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. ; it can even involve devices at various physical Locations on a network.) Backup time was reduced by nearly 60 percent, with some servers seeing their backup runs cut from 12 hours to five. Case Western Reserve University (OH), using EMC's (www.emc.com) CLARiiON CX600 SAN and associated products In the context of fuels and lubricants, a petroleum or chemical product used as a hydraulic fluid, corrosion preventive, liquid propellant, or specialized product, required for the operation, maintenance, or storage of military equipment. , brought 20 applications and four terabytes of data into a single new storage system, reducing its staffing to run the backups from 16 to three. The success of the SAN approach has encouraged the university to bring other applications into this solution at an aggressive pace. Bucknell University Bucknell University (bŭknĕl`), at Lewisburg, Pa.; coeducational; founded 1846 as the Univ. of Lewisburg. Its present name was adopted in 1886. Bucknell has a college of arts and sciences and a college of engineering. (PA) runs dual systems from Spectralogic (www.spectralogic.com) for disaster recovery purposes. The Spectra 12000 and 20000 shared-tape Library systems divvy up Verb 1. divvy up - give out as one's portion or share portion out, apportion, share, deal hand out, pass out, give out, distribute - give to several people; "The teacher handed out the exams" the processing chores and give the university two points at which it can retrieve data from tape. The distance-bridging capabilities of a SAN are put to good use at Caltech, pooling data from research facilities in three states. Caltech uses three Sun (www.sun.com) StorEdge 2GbFibre Channel Switch-64 products that are powered by QLogic (www.qlogic.com). The system is expected to stream 300 terabytes of data annually from collectors to repositories where they can be analyzed. Each of these systems provides networked storage with built-in redundancies, massive capacity, and the ability to accommodate disparate software server types in one system. STAYING AHEAD OF INTRUDERS In IT today, network intrusion detection and prevention is one of the hottest areas of development. Viruses and worms now target network services through the computers that they infect, causing packet floods and denial-of-service attacks "DoS" redirects here. For other uses, see DOS (disambiguation). A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. , generating spam, and putting affected computers to other uses unsuspected by their owners. Campus networks are rapidly acquiring new hardware-based appliances to combat network intrusions. Their primary purpose is to detect known or suspected malevolent ma·lev·o·lent adj. 1. Having or exhibiting ill will; wishing harm to others; malicious. 2. Having an evil or harmful influence: malevolent stars. packets in the data stream, and patterns of network activity indicating an intrusion. The appliance discards suspect packets, blocks certain kinds of traffic, and sends alerts to the system operators. These devices depend on a constant flow of updated "signatures" from the vendor, to be able to detect and respond to the newest kinds of threats. The devices sometimes include features familiar from appliances perhaps already in use, such as firewall and bandwidth shapers. By the same token, firewall devices have gained functionality, making them more dynamically responsive to changing threats. Still, intrusion prevention See IPS and IDS. systems themselves present some formidable management challenges. They need to be sensitive enough to spot and act upon a wide variety of problem cues, and yet should not mistakenly block legitimate traffic, slow the network by processing packets inefficiently, or fail altogether, leaving the network wide open or shut down. The anti-virus providers have had an early lead in this new field of intrusion detection and prevention products. The McAfee (www.nai.com) Entercept and ePolicy Orchestrator or·ches·trate tr.v. or·ches·trat·ed, or·ches·trat·ing, or·ches·trates 1. To compose or arrange (music) for performance by an orchestra. 2. products are widely used server-based protection systems. The University of Colorado University of Colorado may refer to:
Control over Internet bandwidth was a major issue for the University of Wisconsin at Green Bay. The university's networks manager credits Check Point's (www.checkpoint.com) VPN-1, FireWall-1, and FloodGate-1 products for $130,000 in annual cost avoidance Cost avoidance is a management accounting term referring to an expense one has avoided incurring. It is commonly used in the field of energy management to describe the energy costs you avoided due to energy management initiatives. for bandwidth that would be otherwise lost to peer-to-peer applications. The university uses firewalls and virtual LANs (VLANS) to segment its network of 40 Windows NT (Windows New Technology) A 32-bit operating system from Microsoft for Intel x86 CPUs. NT is the core technology in Windows 2000 and Windows XP (see Windows). Available in separate client and server versions, it includes built-in networking and preemptive multitasking. servers, and hide university workstations from intruders. The ability to prevent intrusions has allowed the university to reduce by about two-thirds the staff time spent investigating network problems. Automating the administration of usage policy for residence halls was Baylor University's (TX) goal in adopting a suite of tools from Enterasys (www.enterasys.com). The university uses Enterasys Matrix E1 switches and NetSight Atlas Policy Manager 1.4 to accomplish user authentication See authentication. , security management, and bandwidth control Ports known to be used for attacks are filtered; protocols not supported by the university are blocked from the residence halls. The network manager at South Birmingham College South Birmingham College is an establishment of further education in Birmingham, England providing full-time and part-time courses for young students following their period of compulsory education (after age 16) and for adults. It was previously known as Hall Green College. (UK) uses the Sniffer Technologies product from Network Associates (www.nai.com) to improve his view of activity on his network. The college's biggest network problem was degradation of overall performance due to undetected causes. In fact, the network itself was rarely found to be running slow, and pinpointing the workstation or application server at fault via the sniffer has been an effective aid to diagnosis and troubleshooting. CONVERGED TELECOM INFRASTRUCTURE Voice over IP (VoIP) has heralded a new generation of digital communications Transmitting text, voice and video in binary form. See communications. able to use what was once thought of exclusively as the campus data network. That vision now expands to video, including cable television and videoconferencing A real time video session between two or more users or between two or more locations. Although the first videoconferencing was done with traditional analog TV and satellites, inhouse room systems became popular in the early 1980s after Compression Labs pioneered digitized video systems . But these are not just other IP services to turn Loose on the same network. Voice, in particular, is very sensitive to network quality. Networks are not ready for converged services unless they are in optima op·ti·ma n. A plural of optimum. [ condition. Traffic analyses examining bandwidth usage, availability, and Latency are an essential first step in determining whether the existing infrastructure is ready. The fusion of IP networks and voice applications also exposes some key gaps to be bridged in standards of reliability. The telecom world has striven for "the five nines" (99.999%) in availability, a mark data networks have not matched. Management processes, staff skills, and specific technologies all figure in the higher standard and need to be assured when an IT staff moves into the realm of voice services. At Howard University Howard University, at Washington, D.C.; coeducational; with federal support. It was founded in 1867 by Gen. Oliver O. Howard of the Freedmen's Bureau, to provide education for newly emancipated slaves. A normal and preparatory department was opened the same year. (DC), Siemens' (www.siemens.com) HiPath products were featured in a $10.4 million overhaul of the residential network. The new network gives both dorm and off-campus students a telephone Line with voicemail, access to a cable television connection, and 100-megabit-per-second network access. What Siemens terms "second-generation IP" includes strong central management of the whole suite of IP-delivered services and the ability to integrate functions to provide benefits such as one-click conferencing and collaboration. Widener University Widener University is a private, coeducational university located in Chester, Pennsylvania. Its main campus sits on 108 acres (.44 km²), just 14 miles south of Philadelphia. (PA) chose Nortel Networks (Nortel Networks Limited, Brampton, Ontario, www.nortelnetworks.com) A world leader in telecommunications products, which includes switching, wireless and broadband systems for service providers and carriers, telephones and systems for residential and business users, computer telephony (www.nortelnetworks.com) to bring voice, data, and video services to 400 buildings and 90,000 devices. The university included three campuses, a local technology park, and the countywide K-12 network in its installation. The school uses a Passport 8600 routing switch See layer 3 switch. to drive the transmission media, a Business Policy Switch 2000 to run the LAN (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used. and Optivity Policy Services, and Network Management to ensure quality of service and provide central monitoring and troubleshooting from a single point. The California State University Enrollment  at Dominguez Hilts chose a mix of
products from Intecom (www.intecom.com) to replace Centrex service and
also provide 100-megabit network connectivity. By integrating voicemail
with the Intecom switch, the university figures that it avoids $250,000
annually in extra services it would have had to acquire via Centrex.
MANAGING THE MUNDANE BUT CRITICAL All three trends show a glimpse of an IT future, fast emerging, that capitalizes on smarter technologies to transform the most mundane but critical aspects of information technology. Unseen by users--and even by many systems managers--the new systems for backup, intrusion prevention, and converged communications are vital ways for institutions to cope with the pressures of growth and uncertainty in their campus IT systems and networks. Tom Warger is a consultant for Edutech International (www.edutech-int.com). |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion