HEAnet The Schools Network Presentation to HEAnet

HEAnet & The Schools Network Presentation to HEAnet National Networking Conference by Ronan Byrne & Tim Maher 10 th November 2005

Presentation Structure § Schools Network Overview Ronan Byrne § Network Design Tim Maher § Network Services Tim Maher § Support Services Ronan Byrne § Project Update Ronan Byrne

Schools Network Overview § Responsibility Areas § Access Tender & Broadband Technologies § Project Management Approach

Schools Network Overview • Free ‘always on’ broadband connectivity to Schools • 3 Year Agreement – Dept of Education/Dept of Communication/TIF • 3, 925+ Schools • 6 Access Providers • HEAnet backbone network • Onward connectivity to Internet & Educational Networks • HEAnet Managed Services: Network; Security; E-Mail • 1 st Line NCTE Service Desk & 2 nd Line HEAnet Schools NOC

Responsibility Areas

Dept of Education Access Tender Evaluation • HEAnet Technical Advisors to DES/DCMNR • Strong response to Call for Tender • Evaluation by Evaluation Team over Sept-Dec 2004 • Evaluation of 100+ broadband service offerings • Evaluation of 80+ different router offerings • Report to Ministers - Christmas 2004 • Decision by Ministers – 5 th January 2005

Schools Network Bandwidth

Phased Availability of Services INITIAL SERVICES LATER SERVICES IP Connectivity between Schools Web Hosting IP Connectivity to the general Internet Personal disk space Educational/Research Networks Access Video Conferencing Network Security Content Filtering Web-based E-mail Video Streaming Video Lecture DNS E-Schoolbag 2 nd Line Support to NCTE Service Desk Content Hosting

Project Management Approach

Project Management Approach • Project Planning – dependent on Access Tender • Project Financials – dependent on Access Tender • Project Initiation Document – (scope, constraints & exclusions) • Risk Register • Resource Planning: – Dedicated Schools Team – Cross-HEAnet Consultancy – External Consultancy • Project Organisation

HEAnet Project Organisation

HEAnet Schools Team Ronan Byrne Tim Maher Donal O’Cearbhaill Brian Scanlan Liam Kennedy Rachael Holt Senior Project Manager Technical Project Manager Systems Administrator NOC Engineer (2 nd Line)

Network Design • Network Topology • Access Network • POP Layout • Layout and Routing • IP Scheme

Schools Network Topology

Access Network Principles • • • Layer 2 service from Access Providers PPPo. E over L 2 TP, VLANs & ATM VC’s RADIUS authentication Managed Router in schools (Cisco 871) Public (HEAnet) IP addresses IPv 6 & Multicast (later services)

Access Provider Aggregation Overview

Sample ADSL Service

Sample Satellite Service

Schools’ Po. P Layout

Layout and Routing • Only links and loopbacks go into OSPF • Everything else is redistributed straight into BGP • Each Po. P provides the other with transit over the National Backbone Extension • Onward connectivity provided by BGP connection to HEAnet core

IP Addressing Very Large Post-Primary (>1000) /23 (510) Large Post-Primary (500 -999) /24 (254) Medium Post-Primary (100 -499) /25 (126) Small Post-Primary (<100) /26 (62) Large Primary (500 -999) /24 (254) Medium Primary (100 -499) /25 (126) Small Primary (50 -99) /27 (30) Very Small Primary (<50) /27 (30)

Network Management Systems

HEAnet: Centralised Network Services Ø Ø Ø Monitor schools’ connectivity Generation of intelligent alerts Monitor services Graph network usage Capacity planning Access Provider measurements vs. SLAs: – Latency (RTTs) – Packet loss – Network availability

Smoke. Ping Cricket Nagios

Geographical Network Map

Geographical Network Map

Provisioning Systems

Provisioning system - overview • Required to generate school specific configurations for CPE router, monitoring, etc. • Dynamically provision services • Database backend with schools’ information • Informational web front-end

Provisioning System – services provisioned • • • CPE router config Nagios Radius Cricket Cisco ACS Smokeping Fortinet Maps DNS

Provisioning System Structure

Security Design

Schools Network Security Design

Centralised Content Filtering • • • DES Requirement Fortinet solution Security node at each Po. P 500 Mbps capable “in-line checking” High Availability & ASIC technology Content filtering capability: – – – In-Line Anti-Virus blocking White List Black List 56 Categories Database of 28 million rated URLs 24 x 7 Managed Service • Intrusion Detection/Protection System (IDS/IPS) • “Security Profiles” set by Dept of Education

Kilcarbery Centralised Security

E-Mail Services

Schools E-Mail Service • • DES Requirement Award to Sonas Innovation Web front end Opensource components LDAP foundation Anti-Spam & Anti-Virus blocking Calendar & Address list facility Autonomy at school level to administrate some email services (e. g. new mailboxes) • Scalable to accommodate all staff & pupils • Dept of Education set email policy

Scalability of Network Design • /12 IP Address Space = over 1 million public IP addresses • Email solution can accommodate 200, 000 mailboxes, scalable up to 800, 000 mailboxes • Security solution scalable up to 4 Gbps • Cisco 871 new generation router

School Support Services

HEAnet Schools NOC • • • Separate to main HEAnet NOC Different customer needs Separate processes 2 nd Line role Shared ticketing system with NCTE Separate contact channels

Support to NCTE 1 st Line Service Desk • Acceptance Test Tools – Lot 1 (Smoke. Ping) – Lot 2 (Bespoke Acceptance Script) • Front-end Service Provisioning – Automated Network Monitoring on Lot 2 Acceptance – Enable Security Policy • Documentation (Wiki) – – Installation & Troubleshooting Guidelines Technical Advice School LAN Connection Guidelines FAQs • Training

Schools Support Escalation Channel

Project Update

HEAnet Schools Project Status ü ü ü ü ü HEAnet ‘Schools’ backbone network built HEAnet interconnectivity with all Access Providers HEAnet Schools NOC in place Network monitoring live Provisioning systems live Router configurations released to Eircom Security services live Schools connecting (LANs enabled) HEAnet delivering to project deadlines HEAnet delivering to project budget

Broadband Roll-Out Status Ø Lot 1 (Broadband): 2, 000 complete Target completion: end 2005 Ø Lot 2 (Routers) : 1, 000 complete Target completion: end Q 1 2006

Questions & Answers