3 IT trends to tackle now: before your institution is consumed by security, data, and telecom challenges, take action today.
To put it simply, these shifts have come about because of the success of client-server computing, with its propensity to spin off yet another system for each new application. There are now too many systems, too much data, and too much uncertainty about whether it all ties together and is safe, secure, and well managed.
Data accumulates everywhere: e-mail, ERP systems, office and departmental applications, the courseware management system, and of course on countless desktops, laptops, and PDAs. Until now, backup was a different proposition for each of these systems and devices; each had its own way to save a copy of its data in case of an emergency. However (except for the systems with the highest institutional profile and sensitivity), the likelihood that most, let alone all, were being backed up was just a hope. Data centers have had to extend their reach to help with the chore of backing up all of those systems. The number of servers under central management and the time needed to roll data from those computers to tape have forced basic changes in how backup occurs.
At Pace University (NY), for instance, the need to act was urgent. In the span of a few months, the number of servers grew from 45 to 70, and the data store from 300 gigs to 600. The school's solution was a BrightStor EB storage area network (SAN) from Computer Associates (www.ca.com). (A SAN is a separate network connecting storage devices and servers without regard to differences in server or application operating systems; it can even involve devices at various physical Locations on a network.) Backup time was reduced by nearly 60 percent, with some servers seeing their backup runs cut from 12 hours to five.
Case Western Reserve University (OH), using EMC's (www.emc.com) CLARiiON CX600 SAN and associated products, brought 20 applications and four terabytes of data into a single new storage system, reducing its staffing to run the backups from 16 to three. The success of the SAN approach has encouraged the university to bring other applications into this solution at an aggressive pace.
Bucknell University (PA) runs dual systems from Spectralogic (www.spectralogic.com) for disaster recovery purposes. The Spectra 12000 and 20000 shared-tape Library systems divvy up the processing chores and give the university two points at which it can retrieve data from tape.
The distance-bridging capabilities of a SAN are put to good use at Caltech, pooling data from research facilities in three states. Caltech uses three Sun (www.sun.com) StorEdge 2GbFibre Channel Switch-64 products that are powered by QLogic (www.qlogic.com). The system is expected to stream 300 terabytes of data annually from collectors to repositories where they can be analyzed.
Each of these systems provides networked storage with built-in redundancies, massive capacity, and the ability to accommodate disparate software server types in one system.
STAYING AHEAD OF INTRUDERS
In IT today, network intrusion detection and prevention is one of the hottest areas of development. Viruses and worms now target network services through the computers that they infect, causing packet floods and denial-of-service attacks, generating spam, and putting affected computers to other uses unsuspected by their owners.
Campus networks are rapidly acquiring new hardware-based appliances to combat network intrusions. Their primary purpose is to detect known or suspected malevolent packets in the data stream, and patterns of network activity indicating an intrusion. The appliance discards suspect packets, blocks certain kinds of traffic, and sends alerts to the system operators. These devices depend on a constant flow of updated "signatures" from the vendor, to be able to detect and respond to the newest kinds of threats. The devices sometimes include features familiar from appliances perhaps already in use, such as firewall and bandwidth shapers. By the same token, firewall devices have gained functionality, making them more dynamically responsive to changing threats.
Still, intrusion prevention systems themselves present some formidable management challenges. They need to be sensitive enough to spot and act upon a wide variety of problem cues, and yet should not mistakenly block legitimate traffic, slow the network by processing packets inefficiently, or fail altogether, leaving the network wide open or shut down.
The anti-virus providers have had an early lead in this new field of intrusion detection and prevention products. The McAfee (www.nai.com) Entercept and ePolicy Orchestrator products are widely used server-based protection systems.
The University of Colorado uses TippingPoint Technologies' UnityOne Intrusion Prevention System (www.tippingpoint.com), and administrators there estimate that the system blocks an average of 300,000 packets per day. New software patches and security filters are sent to the system regularly, via its Digital Vaccine service, to protect against newly discovered vulnerabilities.
Control over Internet bandwidth was a major issue for the University of Wisconsin at Green Bay. The university's networks manager credits Check Point's (www.checkpoint.com) VPN-1, FireWall-1, and FloodGate-1 products for $130,000 in annual cost avoidance for bandwidth that would be otherwise lost to peer-to-peer applications. The university uses firewalls and virtual LANs (VLANS) to segment its network of 40 Windows NT servers, and hide university workstations from intruders. The ability to prevent intrusions has allowed the university to reduce by about two-thirds the staff time spent investigating network problems.
Automating the administration of usage policy for residence halls was Baylor University's (TX) goal in adopting a suite of tools from Enterasys (www.enterasys.com). The university uses Enterasys Matrix E1 switches and NetSight Atlas Policy Manager 1.4 to accomplish user authentication, security management, and bandwidth control Ports known to be used for attacks are filtered; protocols not supported by the university are blocked from the residence halls.
The network manager at South Birmingham College (UK) uses the Sniffer Technologies product from Network Associates (www.nai.com) to improve his view of activity on his network. The college's biggest network problem was degradation of overall performance due to undetected causes. In fact, the network itself was rarely found to be running slow, and pinpointing the workstation or application server at fault via the sniffer has been an effective aid to diagnosis and troubleshooting.
CONVERGED TELECOM INFRASTRUCTURE
Voice over IP (VoIP) has heralded a new generation of digital communications able to use what was once thought of exclusively as the campus data network. That vision now expands to video, including cable television and videoconferencing. But these are not just other IP services to turn Loose on the same network. Voice, in particular, is very sensitive to network quality. Networks are not ready for converged services unless they are in optima[ condition. Traffic analyses examining bandwidth usage, availability, and Latency are an essential first step in determining whether the existing infrastructure is ready.
The fusion of IP networks and voice applications also exposes some key gaps to be bridged in standards of reliability. The telecom world has striven for "the five nines" (99.999%) in availability, a mark data networks have not matched. Management processes, staff skills, and specific technologies all figure in the higher standard and need to be assured when an IT staff moves into the realm of voice services.
At Howard University (DC), Siemens' (www.siemens.com) HiPath products were featured in a $10.4 million overhaul of the residential network. The new network gives both dorm and off-campus students a telephone Line with voicemail, access to a cable television connection, and 100-megabit-per-second network access. What Siemens terms "second-generation IP" includes strong central management of the whole suite of IP-delivered services and the ability to integrate functions to provide benefits such as one-click conferencing and collaboration.
Widener University (PA) chose Nortel Networks (www.nortelnetworks.com) to bring voice, data, and video services to 400 buildings and 90,000 devices. The university included three campuses, a local technology park, and the countywide K-12 network in its installation. The school uses a Passport 8600 routing switch to drive the transmission media, a Business Policy Switch 2000 to run the LAN and Optivity Policy Services, and Network Management to ensure quality of service and provide central monitoring and troubleshooting from a single point.
The California State University at Dominguez Hilts chose a mix of products from Intecom (www.intecom.com) to replace Centrex service and also provide 100-megabit network connectivity. By integrating voicemail with the Intecom switch, the university figures that it avoids $250,000 annually in extra services it would have had to acquire via Centrex.
MANAGING THE MUNDANE BUT CRITICAL
All three trends show a glimpse of an IT future, fast emerging, that capitalizes on smarter technologies to transform the most mundane but critical aspects of information technology. Unseen by users--and even by many systems managers--the new systems for backup, intrusion prevention, and converged communications are vital ways for institutions to cope with the pressures of growth and uncertainty in their campus IT systems and networks.
Tom Warger is a consultant for Edutech International (www.edutech-int.com).
|Printer friendly Cite/link Email Feedback|
|Date:||May 1, 2004|
|Previous Article:||Almost HEAR: reauthorization is on the horizon, but in an election year, the wheels of progress grind slowly.|
|Next Article:||Are we shutting her out? Dual degree and transfer agreements between state four-year and community colleges were once an open door to universal...|