College Computing Council Networking Subcommittee Status Report December 3, 2010 Meeting

1) Network Authentication Project

Core Policy & Guest Manager Servers (Data Center)

The core servers for the NAC systems have been racked and are in the process of configuration with the base operating parameters. The wireless network has a test ESSID for direct testing of the NAC features and this is restricted to the test lab until installation testing is complete. The systems require “branding” of the screens and additional testing that is scheduled through the end of the semester. The test ESSID will be activated at select campus test sites for training purposes during the winter intersession. The Pilot Testing of the NAC system will occur once campus training and all acceptance testing of the NAC system is complete.

Campus Agent Servers (Each Campus)

The Campus Agent Servers, located on each campus, will provide the interaction with the wireless users and act as an “middle man” between the users and the LDAP authentication servers. These devices will eventually execute the policies required for wireless access and lab access in the future.

Training for Campus ETU PA’s

Training for Campus ETU PA’s is planned for the late winter intersession or near spring break (if delayed). The initial training will familiarize the user interfaces and provide an understanding of the wireless registration process for students and faculty laptops. The training will cover the reporting and statistics access of the systems to properly identify typical problems and verify registration of equipment. Future training will cover guest access, mobility and diagnostics (planned for summer months).

2) WAN Upgrade Project

Cisco 3925 Routers

As part of the WAN Upgrade project, the Cisco 372x Routers will be removed from service and replaced with Cisco 3925 Routers. These devices have been equipped with “Network-Based Application Recognition” or NBAR technology. This technology has the ability to perform wire-speed analysis of data traffic to identify specific flows based on user-level application behaviors. The routers will be configured with policy-based access control lists (PB-ACL’s) to block specific user activity such as Peer- to-Peer applications, unauthorized VoIP applications (Skype), and assist in blocking malware and other application vulnerabilities. The routers are scheduled for delivery in mid-December with installation in late-December (follows the core switch schedule – see below). The Winter Inter-session will be used to profile traffic with full activation prior to the start of the Spring 2011 semester.

Ammerman / Data Center Cisco Nexus 7010 Switch and Cisco 4506 Switch

The Cisco 6509 in the Ammerman Campus Data Center (A/R105) is being replaced with Cisco’s newest data center switch product; the Nexus 7010 switch. This product is specifically designed for interconnections between host servers and core switching. The product is expandable to 248 ports operating at 10Gbps each and meets the college’s needs for the next 10 years.

A Cisco 4506 switch has been installed in the data center to accommodate the internal Riverhead Building connections (non-data center). This eliminates the local building users from being connected to the core switch and treats the Riverhead Building as an equal to other Ammerman Campus facilities. The Cisco 4506 switch was installed in September and the connections migrated over a short span to prevent outages from users.

The Cisco Nexus 7010 switch is being assembled and configured offsite and will be shipped in mid- December. Final configuration will coincide with the end-of-semester change freeze. The conversion of the configuration was complicated due to the age of the software on the Cisco 6509 and using a new IOS version on the Nexus 7010. Cutover for the Nexus 7010 is scheduled for the evening of December 28 th, 2010.

Grant / Cisco 6506 Switch and 4506 Switch

The current Grant / Cisco 6509 switch is being replaced with two units (similar in concept to the Ammerman Campus) but space limitation in G/S141a have made the project unique. To accommodate the new switches and future growth, two racks are being reorganized by moving the patch panels from old racks to new racks that are situated to permit greater access and house additional devices. The Cisco 4506 switch was installed in a new rack that is “floating” (not bolted to the building’s structure). As connections migrated from the older 6509 switch, the rack’s position shifted and is approximately in its final placement. The Cisco 4506 switch was installed and is live for the Sagtikos Building connections and only the core network connections remain on the old Cisco 6509. The new Cisco 6506, with its new configuration, will be installed on December 29th, 2010 during the morning and a “hot” cutover will occur during the evening.

East / Cisco 6506 Switch and 4506 Switch

The current East / Cisco 6509 switch is being replaced with two units (similar in concept to the Ammerman Campus) but is greatly simplified since majority of the connections represent administrative users. The Cisco 4506 switch was installed early in the Fall 2010 semester and is live for the Peconic Building. The new Cisco 6506, with its new configuration, will be installed on December 30th, 2010 during the morning and a “hot” cutover will occur during the evening. The Cisco 6506 will perform core switching between buildings and provide existing server and new server support. The East Campus Telecommunications room (E/P219) is an ideal location as a redundant data center and has space and power to support servers for redundancy and new services (security cameras and door access). 3) Major Construction Projects

East Campus / Learning Resource Center (Construction Phase)

The East Campus, Learning Resource Center is nearing its final construction phase. The building’s primary construction is scheduled to be completed on December 20th with a Temporary Certificate of Occupancy (TCO). The Department of Networks and Telecommunications has already completed support work in the Peconic Building (includes copper and fiber optic cables and installation of the door access control server). The department is scheduled to terminate the interior feed cables by December 6th and provide phone services and basic networking as required for the TCO. The department will continue work within the building to terminate all data and voice outlets (patch panels and station-side outlets). Final work, required prior to occupancy by staff and students, will include testing of the door access control system and video surveillance network.

Ammerman / Bio-Science Building (Architecture Phase)

This building is in the Architectural Design phase with completion of the draft design by mid-December. Networking and Telecommunications attended the Department Needs Analysis meetings and continues to meet with the engineering staff of the Architects to assist with the IT/AV requirements. Design issues include pathway logistics of the Riverhead to Bio-Science communication conduits, sizing of the backup power generator and in-floor systems supporting A/V and IT systems.

East Campus / Peconic Renovation (RFP Phase)

This project is in the RFP Phase to select the architectural firm that will design the space left open after the Library and associated departments move into the Montaukett Learning Resource Center.

4) Major Networking Projects

VoIP Server Upgrade/CM v8.5

The department is planning the upgrade of the VoIP telephony system from its original 2004 architecture to an up to date product. The current Call Manager (CM) cluster is based upon version 4.1 and the servers have been operating continuously for 5.5 years. Most of the software is schedule for End-of-Support in June, 2011 and therefore the telephone system will lapse in its maintenance agreements. The server replacements will be virtual servers and offer redundancy to all telephony services. The earliest window of opportunity is between the spring and summer sessions.

College-Wide Internet Service

The contract for College’s Internet Service Provider (ISP) expires in June, 2011 and the department will have to issue an RFP to contract for a new provider. The College has been using AT&T since December, 2001with only a conversion of the circuits from multiple T1’s to direct fiber optic connections. The College’s Internet usage has risen from 4 Mbps to over 100Mbps in the space of 10 years and the new ISP will have to be able accommodate such an expansion over the next 10 years.

Additional Network Related Projects

Digital Signage

The initial procurement and installation of controllers and displays has been completed and ongoing expansion is being investigated. New Buildings are required to have signage systems as part of the technology package for the facility.

Emergency Notification – Audio Broadcasting Systems

As reported by the Physical Resources Subcommittee; funds for completing the Security Notification System Project were appropriated by the County Legislature on November 16, 2010. The funds will cover the costs of the project for controllers, amplifiers and speakers within every academic and administrative building in the college. New buildings are required to have compatible systems installed as part of the original construction plans. Access to the funds and scheduling of equipment procurement and installation has not been finalized.

Security Systems Installations

As part of all new construction, the College is requiring card-access door control systems and IP-based video surveillance. To accommodate these systems, the Networking department is expanding its campus equipment rooms with additional rack space, environment and power systems. Based upon the construction schedules and funding for conversions, buildings systems will be added or converted and the campus servers upgraded or expanded (memory, disks or network bandwidth increased).