Information Systems and Services

IS&S Projects for Summer 2007

Posted on by John Lympany

This year, our summer project planning has been influenced by three independent studies of our Network Services function. These studies focused on “best practices” related to setting up our network/server infrastructure, VOIP readiness, and Exchange Server configuration. A larger than normal carryover of technology capital funds will be used to resource initiatives 1 and 2 over the summer.

  1. Server Upgrades/Reconfiguration (est. $60,000)
    This initiative will upgrade the College to Exchange 2007, provide a new full-featured web email interface, and will address server latency issues.

    1. Hub/Backend Servers: Replace Hub and backend servers. Hub server is identified as a primary reason for email server delays and all servers need to be upgraded in order to transition to the new Exchange 2007 software.
    2. McAfee Server: One backend server will be reused as our McAfee ePO server to push updates to client computers.
    3. SUS/DNS Server: Second backend server will be reused as DNS and
      SUS server and configured appropriately. The SUS server pushed various software updates to client computers and the DNS server provides internet addressing resolution facilitating network communications in/out of campus.
    4. Cached Mode: Deploy this configuration across all campus computers to better manage Exchange server communications with clients.
  2. Network Core Upgrades/Reconfiguration (est. $100,000)
    Will address network latency issues, provide network redundancy, and establish quality of service to streamline and prioritize network traffic.

    • Network Redundancy: Provide network redundancy in three core closet locations via multi-link trunking (or similar technology) to eliminate points of failure.
    • Quality of Service/VLAN’s:Set up QOS and multicast on network backbone to ensure adequate internal bandwidth for VOIP, email, wireless, video streaming, and videoconferencing. Establish new VLAN’s with 24-bit subnet masks to reduce excessive broadcast traffic and move CallPilot and signaling server for VOIP to separate VLAN.
    • Network Hops:Eliminate excessive network hops to establish more efficient network traffic flow
    • Security:Provide stable core that enables secure wireless and network admission control to secure our network against attacks and intrusion potential introduced by a wireless implementation.
    • Hardware:Purchase and install enterprise aggregation switches in three core fiber points with new VLAN/QOS configurations
  3. Major Security and Application Software Upgrades -
    McAfee and Office 2007 (est. $4,000 annual savings)
    Based on recommendations, we will transition to McAfee Enterprise Security Suite and include this rollout with our Office 2007 upgrade

    • Security Coverage: Will include protection at the desktop, file server,
      e-mail server and Internet gateway network levels. Symantec is generating errors at the server level and does not have Internet gateway level protection like McAfee.
    • Pricing: Annual cost will be reduced by about $4,000 over our current Symantec solution by using KY-COT pricing
    • Spyware: McAfee includes full enterprise spyware solution
    • Hardware Resources: New McAfee security product will run more efficiently on client computers however ram upgrades will be performed for Office 2007.
    • Intra-organizational Encryption: All email passed through our internal network will be encrypted with Exchange 2007.
  4. Virtual Learning Community (Faculty/Staff/Student Web
    Portals)

    1. Faculty/Staff/Student Portals: Faculty, Student, & Staff portals will rollout 10 months earlier than originally planned. Luminis will deliver our “virtual learning community” which will include work flow, self-service, and dashboard elements to individuals based on roles established in the system.
      1. Will include latest version 4.0 (not 3.3 as originally planned) 4.0 was released in March.
      2. Will include base shells for faculty, staff, and student portals
      3. Will incorporate Bond self-service features in our initial release
    2. Labor Time Entry: Will include labor time-entry features (we are now live with four departments on time-entry using Luminis 3.3)
    3. Password Complexity Conversion: Establish Password Complexity in ActiveDirectory for single sign-on capability
  5. Labor Program
    • Time Entry: Continuing live rollout of system through the summer
    • Portal: Will roll out Labor Program portal presence in Fall, 2007
    • Student Evaluation Form: Will incorporate in portal presence
  6. Standardized Classroom TechnologyWe are standardizing classroom media technologies around Crestron systems. Installations at the Trustees Room (Seabury Center) and Instructional Technology Classroom (Hutchins Library) are now underway.
    1. Faculty Training: Faculty will be trained on the new system in the Instructional Technology Classroom before it is rolled out incrementally to other classrooms on campus
    2. Centralized Management: The new system provides remote management capabilities. This means that anything the user can do at the console, Media Services can do remotely. This will expedite assistance and support to those using these systems.
    3. Preventative Measures: We can remotely track error conditions such as when bulbs burn out or reach the end of their useful life.
    4. Laptop Integration: The new system will allow faculty to use their laptops to control any classroom with a touch panel interface.
    5. Security: System will notify Media Services/Security for tamper prevention.
  7. Media Projects
    1. President’s Home Intercom System: Recommended solution was sent to Facilities Management
    2. Trustees Room: New Crestron media management solution will be installed
    3. Instructional Technology Classroom: New Crestron media management solution will be installed and we will use the facility to train faculty on use of this instructional technology control system before we implement it in additional classrooms.
    4. Commencement: Support and video these activities
  8. Wireless Site SurveyWireless site surveys will be performed over the summer with implementation of a campus-wide wireless solution to be planned in the upcoming academic year. As wireless access is rolled out campus-wide, clean access (or a similar product) will be implemented to control network admission and reduce internal threats including the connection of rogue wireless devices on the network.
  9. Network MonitoringIS&S recently purchased a NETMON network device which will provide dashboard capability to monitor servers and network devices. This will be implemented over the summer.
  10. Renovation Projects
      • Haaga House: We are on schedule for VOIP rollout. Copper cabling is being run for emergency phones and we are setting up a media room in this facility.
      • Middletown: Direct point to point wireless installed. We are on schedule for VOIP implementation.
      • Elizabeth Rogers and Emery: We are working with architects now on communications infrastructure planning based on new IS&S specifications.
      • Boone Tavern: We will need to meet to discuss planning for network/voice communications systems. We are completing over the summer the transition to new DSL service.
  11. Fill Vacant PositionCurrent thinking is to hire a senior server analyst and perform minor restructuring. I am working in tandem now with Mike and Kevin and will have an organization plan in a few weeks.
  12. Dashboard SystemsThe activities planned below will lay the foundation for intensive technical work on Dashboard systems to take place in Fall, 2008.
    • Summer 2007 (Continue Prep Work):
      • Continue discussions with SCT on Cognos through the summer
      • Set up on-site demos with three vendors to take place in Fall, 2007
      • Analyze pros/cons of using an SCT supported application or another industry standard solution
      • Evaluate pricing of different solutions
      • Work with V.P.’s on selection of benchmark measures
    • Fall, 2007 (Luminis Rollout)
      • Luminis will be the base system that delivers future dashboard features based on staff roles
    • Spring, 2008 (Release implementation of Banner 8.0)
    • Fall, 2008 (Technical work on Dashboard systems proceeds)
  13. Integrated Web Presence for AdmissionsWe are working with Admissions staff on a new integrated solution to strengthen web communications with prospective students. Hobson’s products are in the forefront at this time.
  14. Projects Continuing Into the Next Academic Year
    • Server Room Electric Upgrade with Generator: This project was funded by the AC but may not move forward until Fall, 2007 due to summer project schedule. This includes backup generator, new electrical circuits and a reconfiguration of the server room layout.
    • Backup Process: Establish new server/client backup processes that include offsite storage through secured KPEN connection.
    • Door Lock Security System: New BASIS security system to be installed in Computer Center. IS&S staff will use Employee ID cards to gain access.
    • MFD Project: We are working with Printing Services to upgrade our copiers to network multi-function devices.
    • Interasys and BPS2000 Switches: Will be replaced in the 2007/2008 academic year.
    • Converged Messaging: Callpilot converged messaging will continue to be rolled out so that both email and voicemail may be managed in the Outlook email client.
    • Firewall: We will move to a new ASA device which is a new generation product that will provide adaptive security.

Appendix A—Results of CBTS (Network/Server Infrastructure) and E&H (VOIP Readiness) Studies.

Report from third study on Exchange Server configuration will be delivered shortly.

Primary Recommendations

  1. Voice Over IP (E&H)

    Challenge: Two mission-critical installations of VOIP including the Haaga House (Admissions) and Middletown School (Gear up) will take place over the summer. However, phone service quality during our pilot testing has continued to be substandard and packet tracing indicates that many VOIP calls would be dropped after midnight when server backups commence. In addition, the BPS 2000 switch used by the signaling server was configured improperly as an access port with three VLANS on the port. This configuration error caused the port to be 95% utilized by broadcast traffic making it almost unavailable for voice traffic.

    Corrective Actions: Both the signaling server and callpilot servers will be moved to a separate VLAN and updates will be made to the Signaling Server IP Address and S1 & S2 addresses on the phone. Second, we will configure all pass through devices to support QOS differentiated services code point 40 and 46. These are standard VOIP settings that will prioritize voice traffic over data traffic. Third, the configuration error on the BPS2000 switch has been corrected. All three steps will improve the quality of VOIP telephone connections to adequate levels and allow us to move forward with this rollout of VOIP.

  2. Network Delays (E&H)

    Challenge: The campus is experiencing some network delays in connecting to various servers (such as the email server) and when running nightly backups. Berea has seven VLANS that have a 15 bit subnet mask in their IP Address configuration and that allows over 131,000 addresses in each broadcast domain. As a result, 50% of the traffic on the Administrative VLAN is excessive broadcast traffic. The current configuration allows for 131,171 devices per subnet. This size subnet would support a large city per VLAN and this is the reason broadcast traffic is bogging down network access to our servers.

    Corrective Action:Over the summer, new VLANS will be established across the board and will be configured with a 24 bit subnet mask which limits each VLAN to 254 devices. We will also reduce the number of switch hops in some cases to expedite data traffic and we will increase the number of VLANS to ensure subnets
    are smaller. The Nortel 8600 will be upgraded to support new 8600 interface modules which will allow us to move servers to a core switch and eliminate a switch hop for data.

  3. Network Redundancy (E&H)

    Challenge:Our current router configuration allows for three points of failure that would bring down substantial portions of our network. Just one router component failure at any of these points can bring down a significant segment or the entire network for at least a day or more.

    Corrective Action:We will configure multi-link trunking on pass-through devices throughout next year to provide redundant pathways for communication between switches and routers using our existing fiber backbone. This will also speed up our network due to these redundant pathways. The BPS2000 MDA will also be upgraded to support gigabit connections to the 8600 and to utilize multi-link trunking.

  4. Server Backups (CBTS)

    Challenge:The capacity of our NAS devices is insufficient to handle current/future server backup needs. In addition, an industry standard enterprise level backup software solution is needed to replace our NT Backup solution.

    Recommendation:It is recommended that an off site storage solution is used for some critical data backups. This will free up capacity on our current NAS devices. In addition, it is recommended that we replace the disparate Snap Servers and the NT Backup solution with an appropriately sized redundant Storage Area Network (SAN).

  5. Rogue Devices Connected to our Network (CBTS):

    Challenge: Our current network configuration allows free access for students to connect network devices that jeopardize system security and reliability. CBTS used network monitoring utilities to identify more than 80 such devices connected to our network. This includes primarily wireless routers that open our network to others in a non-secured fashion. Students could be using college network resources to create private networks for steaming media, file sharing and gaming blocks. In particular, several Windows Media and iTunes libraries are being shared on our network.

    Recommendation:IS&S will be implementing a solution using Clean Access (or similar application) with MAC Authentication and Certificates to disable these rogue devices from being used on our network. We hope to have this solution in place before students return in fall. This would also provide an option for blacklisting MACS and rogue Wireless Access Points.

    Other Observations and SuggestionsBelow are observations and recommendations quoted from the detailed reports that cover a range of items studied.

    • Domain Controllers: “For security purposes we recommend applying service pack 2 and any subsequent critical security patches”
    • Network Management: “Current configuration requires more maintenance and changes than normal networks we have encountered”. IS&S is purchasing a new monitoring device and will do several network reconfigurations to simplify network monitoring and management.
    • Internet Pipe: “Seems adequate for future growth” This recommendation refers to our current ability under the KPEN solution to expand bandwidth to the campus as needed.
    • Active Directory: “A total of three domain controllers host the 2400+ accounts that reside on the Berea.edu domain. We found this to be adequate.”
    • ISP: “We found no ISP monitoring or proactive alarm type service” We are checking into this.
    • Cabling and Physical Topology: “is adequate for current usage and should be fine for future anticipated use”
    • Switches: “There are a few daisy chained switches. As reconstruction and dorm upgrades continue, we suggest that these be eliminated”.
    • Firewall: “We recommend replacing the PIX with a new ASA Cisco Firewall and Cisco’s Clean Access”. It was suggested that we consider this in the upcoming year as new Firewall products roll out and
      support of our existing solution winds down.
    • Packateer: “We found the Packateer product to be performing adequate Layer 7 filtering for monitoring and bandwidth shaping. The device does not address the problematic LAN traffic that peaks and stresses the internal network. We recommend QOS on the internal network in the future”. This will be addressed as part of
      item 1 above.
    • Maintenance Contract and Support: It was recommended that we put some of the core routers on maintenance contracts unless we have adequate supplies on hand to replace failed components. We are evaluating our current maintenance contract with Pomeroy.
    • Virtual Local Area Network: “The VLAN scheme is overly complicated for an institution the size of the college. There are too many subnets and too many hosts in each VLAN”. Corrective actions are described in item two above.
    • Core Routers: “There are currently three core routers. This could easily be reduced to one core router with a backup for network redundancy. Currently a failure at any of the three core routers would cause a substantial network outage”. This will be addressed in item three above.
    • Wireless: “We recommend a new wireless network with central management and support teamed with a Clean Access type product”
    • Virus Protection: “With recent issues exposed by the Symantec Spybot Worm which used the AV product itself to propagate the worm, we suggest migrating away from that product” Berea is considering McAffee as an alternative.
    • Remote Access: “A new Cisco ASA with Clean Access would make the VPN even more manageable and secure”
    • Windows Patch Management: “Windows Patch Management is currently using WSUS 2.0. We suggest evaluating Enteo NetInstall. Add reminder to check WSUS on the second Wednesday of every month”
    • Passwords: “Get passwords out of .doc file and set up regular user accounts for admins for testing (i.e. Mturner and turnerm).”
    • Server Room Electrical Generator: It was agreed by all parties that this project will protect server assets and data in the event of an extended electrical failure. This project has been funded by the AC.
    • Facilities (Server Room, Switch Closets, Telecommunications Switch Room)
      1. Replace great stuff insulation with Hilti Firestop Products
      2. Install static free tile floors where possible
      3. Use small IDF containers where appropriate
      4. Add environmental controls to include AC/Humidity Control/Central Management/Monitoring of equipment in switch closets.
      5. Install lighting in some IDF’s
      6. Some racks in the server room need to be grounded. This should be done when the redesign of the server room layout is performed
    • Cabling: “Overall, the cabling is in good shape and most importantly functional. Recommend that all IDFs be brought into BCSI standards including replacing metal bread ties with Velcro or zip ties; all rooms be labeled in a standard fashion; fiber optics need to have covers implemented for physical eye protection.”
    • Callpilot Converged Messaging: The corrective actions taken in item one above should address problems we have experienced with Callpilot during our pilot testing of this product. This includes software delays and freeze ups.
    • Active Directory and Exchange Environments: “meet the needs of the college. We suggest that the IT department create an account for Technology Email to be shared by the department for vendor, product and technology updates and newsletters. We recommend that all products and software be registered to a central College Account instead of individual users. Lastly, administrators should utilize the calendar feature for IT Maintenance (i.e. WSUS Review).”

Appendix B – Instructional Technology Update

Report prepared by Don Hodges on 5-17-07.

Expansion of survey/remote devices across the curriculum

We have provided remote polling devices in the hands of several academic departments for use within their courses as a means of obtaining instant student feedback concerning course content and providing learner directed feedback to students. These departments are Economics, Nursing, Physical Education and Health, and Child and Family Studies. In the future, we hope to expand the device usage in the Developmental Math department and the Sciences.

Faculty who are using these devices have reported a great deal of success in integrating them into their pedagogy. Furthermore, students have been excited to use these devices and have requested that the faculty use them on a continual basis. One faculty member, uses the devices every Friday as a review/quiz tool at the request of her students.

ITRC Support of Academic Documentaries. The ITRC has provided support for faculty to integrate student created documentary projects into their courses successfully. We have worked with 4 classes in the departments of Appalachian Studies, General Studies, and Theatre to allow their students to create documentaries. This trend for faculty to use documentaries instead of written papers to cover historical topics will continue to increase and will influence Instructional Technology development in the future. We envision assisting one class per semester in the area of student created documentaries. We begin working with the faculty prior to the start of the semester to refine the course syllabus, course schedule, and project milestones. The faculty we have worked with are Dr. Martha Beagle, Dr. Chad Berry, Dr. Meta Mendel-Reyes, and Dr. Rodney Clark.

Last summer we upgraded the ITRC with high end Lenovo notebooks which have been very successful in providing the level of computing power needed for the ITRC projects. The Lenovo notebooks were purchased using IBM grant funds.

Nursing PDA/Pepid Pilot Project We have worked with the Nursing department for a second year to develop the PDA Project. This project is currently ongoing and will be funded by IS&S for one final year. I am also working with PEPID to provide more in-depth training for the faculty in order for them to continue to integrate the PDA’s into their clinical settings.

Examples of these documentaries can be viewed online.

Pilot online IEQ Project Beginning in the Fall, I worked with Institutional Research to find a possible software package that would allow them to move the IEQ process into an online web process. After reviewing several different enterprise level packages, the decision was made to pilot an offsite package provided by Online Course Evaluations/Gap Technologies, Inc. The online IEQ system is currently being used by several tenured faculty members through the end of the Spring semester. During the summer, the pilot will be evaluated by the Institutional Research department and assessed to see if the Online Course Evaluation system will be used to replace the written IEQ process starting Fall 2007

Library CALEA Assessment I worked with Anne Chase to assess the libraries effect on our network’s CALEA status. The FCC has chosen not to extend the CALEA requirement to libraries that “acquire broadband Internet access from a facilities-based provider to enable patrons or customers to access the Internet”. (ARL, 2007). The facilities based provider includes a commercial ISP, state, local, or higher education provided ISP (ARL, 2007).

Based on all available information, it is the position of Hutchins Library and IS&S that internet access through computers located within Hutchins Library are exempt from CALEA regulations at this time and do not pose a threat to Berea College’s current private network status. The computers located in Hutchins Library are primarily located in two areas. One area serves as the “card catalog” system BANC which allows patrons to access the database of books and resources provided by the library. The second area is located within the Reference area and provides patrons access to online resources needed to conduct research via electronic services provided by Hutchins Library. While web browsing access is available on these computers, the primary function of these computers are for locating and utilizing library resources. There is minimal traffic in these areas of outside members using the computers for simple web browsing. The majority of patrons who use the computer resources of Hutchins Library are engaged in academic related matters.

Learning Commons Classroom We are continuing to rotate different technologies in and out of the Learning Commons Classroom which will have impact on future classroom deployment. This project is always ongoing.

Blackboard Update When I updated you at the end of Spring 2006 we had 19 faculty who were using Bb on enhance their courses.. I did a count this afternoon and we now have a total of 83 faculty members who are using Bb in some fashion for a total net gain of 64 faculty members. The usage varies but includes teaching common courses (such as GSTR 310 with other faculty members teaching common content) teaching team taught courses, participating in faculty groups, and normal online enhanced courses).

Blackboard Backup Server This is ongoing and should be up and running through the summer.

Comments

Your email address will not be published. Required fields are marked *

Berea College Logo

 

Copyright © 2014 Berea College