Telecommunications and Systems Services Department
Support Services Plan 2005 - 2010

The Information Technology Department of Telecommunications and Systems Services (TSS) is responsible for support and operation of central university computing servers, the data network, the telephone network, and the digital video network.

TSS operates numerous servers that provide a wide variety of functions including email servers, www servers, administrative application servers (SIS, HRS, FRS, Alumni Development, etc), student lab servers, printer servers, disk servers, email gateways, DNS servers, DHCP servers, Domain controllers, user authentication servers, etc.

The data network includes the campus data network, wide area connections to the commodity Internet and specialized research networks, and a variety or remote access methods including the campus wireless network, modem access, DSL access, and VPN access from remote Internet sites.

The telephone network includes legacy telephony services, new VoIP services, call center services, voice mail, and integrated messaging services.

The digital video network includes a large multipoint conferencing unit, a gateway to legacy video services, and gatekeepers for registration of video end points and the delivery of quality of service functions.

Nearly every university academic, research, or administration function depends on central computing servers, as well as the data, voice, and video networks for every day operations. Consequently, it is imperative that TSS deliver quality services that are highly reliable.

Described below are ten specific TSS action items for the next few years that directly support the university’s academic plan. Each action item describes a specific action item, its associated TSS service, the university stakeholders, the objectives to be accomplished, the relationship to the university’s mission and academic plan, and the implementation strategy and plan.

1. Enhance centralized data storage facilities
2. Enhance centralized data backup facilities
3. Enhance Exchange, WWW, and other central services
4. Enhance student lab system with remotely accessible lab nodes
5. Enhance local and wide are data networks
6. Enhance remote access network facilities
7. Enhance network and data security
8. Enhance voice and video communication facilities
9. Implement ‘single sign-on’ to enhance user accessibility and security
10. Replace machine room and implement automation of machine room operations

---

1. Enhance centralized data storage facilities

Implement a Storage Area Network (SAN) where disk capacity is managed separately from servers allowing for enhanced performance, enhanced reliability, and enhanced manageability.

Associated IT Service: Data storage and backup

Stakeholders: Campus-wide

Objective(s) to Accomplish:

Information Technology is in the process of implementing a Storage Area Network (SAN) where disk capacity is managed separately from servers. Servers connect (via redundant connections) to the storage over high speed networks (for example, fiber channel and iSCSI) that are designed specifically for this purpose. Disk capacity can be easily added to the SAN and can be re-assigned from one server to another as requirements change. SAN storage can be backed up quickly due to advanced “point in time copy” technologies. Significant staff resources can be saved by managing disk storage in one central pool. The SAN storage can be expanded to support a large amount of data storage for critical applications that require high levels of performance, reliability and availability.

Initially the SAN will be connected only to centrally managed IT servers. The new SAN can be expanded to provide disk services to UW departments. The SAN can save staff time for departments and will offer higher performance, higher reliability, and higher availability than current Directly Attached Storage (DAS) solutions.

Relationship to the University’s Mission (UW institutional objective(s) supported, area(s) of distinction enhanced, or linkage to a specific Academic Plan Action Item):

Data storage and reliable backup capability are critical to nearly all UW missions. This is true today and will become more critical as libraries become digitized, business processes become more automated, and as computers become more integrated into research and teaching.

Implementation Strategy/Project Plan:

Implementation began with the purchase of an enterprise level SAN in the spring of 2005.

---

2. Enhance centralized data backup facilities

Implement a high capacity, high performance data backup system with the ability to support multiple copies or versions of critical data including off-site copies.

Associated IT Service: Data storage and backup

Stakeholders: Campus-wide

Objective(s) to Accomplish:

High capacity disk drives have become relatively inexpensive in recent years. As a result, disk capacity and the digital libraries they house have grown significantly at the University of Wyoming. Unfortunately, the cost of backup facilities and associated staff costs to administer the backup facilities remains expensive. Alarmingly, much of the university’s critical data is not being backup up at all or is not being backup up in a timely manner. On more than one occasion in recent years, critical university data has been lost permanently due to disk failures or other server problems.

Three key questions must be answered in order to determine the overall architecture of a backup system - and the answers affect the cost of the backup facilities:

1. Are off-site backups required?
2. Is a single copy of the data on tape adequate for archiving data that is no longer stored on disk?
3. Are multiple copies/versions of data required for archival purposes?

If off-site backups are required, then a high-speed remote network is required. If a single tape copy is inadequate, then two tape libraries must be maintained. If multiple copies of data must be stored, then the capacity of the tape library must be increased commensurately.

Information Technology maintains two tape libraries: one in the Ivinson machine room and one remote in Cheyenne. IT also operates a Storage Area Network (SAN) that supports advanced features (for example, “point in time copy”) that significantly reduces the time required to perform data backups.

Planned upgrades to the existing centralize backup system will provide the necessary capacity to backup departmental servers.

Relationship to the University’s Mission (UW institutional objective(s) supported, area(s) of distinction enhanced, or linkage to a specific Academic Plan Action Item):

Data storage and reliable backup capability are critical to nearly all UW missions. This is true today and will become more critical as libraries become digitized, business processes become more automated, and as computers become more integrated into research and teaching.

Implementation Strategy/Project Plan:

The initial infrastructure for the backup system has been in place for a few years. The current system needs to be upgraded and expanded. Consideration will be given to performing remote backups to a library at CSU in Ft. Collins in order to leverage a high speed communications system installed to provide redundant Internet access.

---

3. Enhance Exchange, WWW, and other central services

Enhance and expand E-mail, WWW and other central services to meet the growing needs and uses of faculty, staff, and students.

Associated IT Service: General Network Servers, E-mail Servers, WWW Servers, Administrative application servers, Network Servers for Departments and Divisions

Stakeholders: University-wide

Objective(s) to Accomplish:

The Exchange hardware and software for Faculty and Staff will be upgraded to provide for an increase in email performance. Students will be migrated to use Microsoft Exchange for email which will provide a common interface and feature set for both groups of users. This should decrease confusion by providing a common email experience and make it easier for students and staff to communicate with each other. Server-side white and black listing as well as enhanced spam and virus message control is under development and testing on the central email gateway servers to improve user's management of spam and virus-removed messages.

The university will enhance the WWW servers to increase usage in many forms by faculty, staff, and students. New technologies will be evaluated and added to enable wider and richer uses of the web servers.

There are a large number of general network servers which operate ‘behind the scenes’ that are also important to the operation of the university. Some of the general network servers will be leveraged to provide additional service that make network services easier to access and enhance overall security. For example, Active Directory will be further developed to streamline user access to network services (for example, simpler user authentication) and enhance security (for example, group policies), and central administration (for example, reduction of separate Windows Domains). These servers will be further enhanced to automate manual tasks (such as the patching of workstation and deployment of workstation software) that will save significant resources and costs for the university.

Expanding support for departmental sever to offer a complete solution in a well supported, stable environment for the least amount of cost is a significant saving opportunity for the university. IT recommends that a governing body be tasked with the responsibility to assess all departments’ intent to purchase, develop, or deploy publicly consumed services on departmentally owned servers.

Relationship to the University’s Mission (UW institutional objective(s) supported, area(s) of distinction enhanced, or linkage to a specific Academic Plan Action Item):

Central computing servers are critical to nearly every university function.

Implementation Strategy/Project Plan:

Exchange servers will be replaced in 2005 and user disk quotas will be increase over threefold. Other upgrades and enhancements will proceed incrementally as funding permits.

---

4. Enhance student lab system with remotely accessible lab nodes

Enhance the student lab system to enable students and faculty to utilize the student lab system remotely from UW residences and offices as well as any remote location that has Internet access.

Associated IT Service: Student Lab System

Stakeholders: Students and Faculty

Objective(s) to Accomplish:

The current Student Lab System requires users to physically visit a lab in order to utilize the lab system. IT has proposed to enhance the student lab system so that it can be accessed and utilized remotely. Whether a student is in the Union using their laptop over the wireless network, working from their dorm room via ResNet, or working off campus using DSL or modem, they could use the same software, have access to their files, and enjoy the same reliability that is currently provided with lab locations across campus. Outreach students would have the opportunity to use the student lab system as they never have before and Outreach instructors could use the lab system as it is intended, to enhance the courses they teach, just like instructors on the Laramie campus. Even professors in Laramie would benefit from a remotely accessible student lab as they could now access the lab system on personal workstations in their offices, eliminating the need to visit a lab just to use an application or demonstrate advanced software techniques to students. Support for remote connections is growing and we see this sort of connectivity as the way of the future. While other institutions have achieved functionality similar to the UW student labs, to the best of our knowledge, no university has yet implemented a remotely accessible lab system.

Relationship to the University’s Mission (UW institutional objective(s) supported, area(s) of distinction enhanced, or linkage to a specific Academic Plan Action Item):

The student lab system is used by a large number of academic classes.

Implementation Strategy/Project Plan:

Initial work on identifying available technologies and products to implement the system began in the Fall, 2004. The remote lab is expected to be available for the Fall semester, 2006.

---

5. Enhance local and wide are data networks

Continue to enhance and develop the campus data network and Internet access to provide support for growing voice, video, and data applications.

Associated IT Service: Internet Access, Data Network

Stakeholders: Campus-wide

Objective(s) to Accomplish:

The data network is essential for nearly every university function. In order to keep par with other leading universities, the University of Wyoming must maintain data networks with similar capacities and functionality.

Thanks to the President’s PLUS budget and a NIH grant, UW recently implemented a high speed data network between Laramie and the Front Range GigaPoP (a network peering location supported by a consortium of universities and research organizations) in Denver, UW now has Internet access facilities that are on par with other universities in the US. In the future, this network must be enhanced and upgraded as usage increases and technologies advance.

Similar to the Internet access network, the campus backbone network has been upgraded significantly recently thanks again to PLUS budget funding.

No permanent source of funding has been identified for either the campus backbone network or for Internet access. Permanent funding should be secured to that the networks can be upgraded incrementally.

A number of campus buildings have category 3 wiring news to be replaced. Category 3 wiring is not sufficient for 100 mbps Ethernet and many existing wiring runs exceed the maximum length for 10 mbps Ethernet. The campus was last rewired in 1988. Many locations have been upgraded to category 5 wiring; however a campus-wide project to install category 6 wiring in all campus buildings is recommended.

Relationship to the University’s Mission (UW institutional objective(s) supported, area(s) of distinction enhanced, or linkage to a specific Academic Plan Action Item):

Internet access and the UW data network are fundamental to the functioning of voice, video and data networks – all of which are integral to university research, teaching, and business processes.

Implementation Strategy/Project Plan:

Both Internet access and the campus data network will be incrementally upgraded as usage and technological advances require.

---

6. Enhance remote access network facilities

Enhance remote access network facilities to enable students, faculty, and staff to access and utilize UW computing resources easily and ubiquitously from anywhere on campus or from any remote location with Internet access.

Associated IT Service: Wireless and remote network access

Stakeholders: Campus-wide

Objective(s) to Accomplish:

Mobil and remote computing has become very popular in recent years. The power of the Internet allows users to work from home or remote offices as if they were physically on campus. Mobil computing devices such as PDAs and laptops allow users to access the network without a hard wired connection. The use of email and instant messages for business functions require users to be connected to the Internet at regular intervals – even during non-work hours. Four major technologies provide such connectivity for UW students, faculty, and staff and each technology need to be enhanced and expanded as usage increases. In addition, new services are planned (for example remotely accessible student lab systems) that depend on remote access capabilities.

1. The campus wireless network allows any device with Wi-Fi capabilities to access the UW data network. Currently there are approximately 150 wireless access points on the Laramie campus administered by IT. Most of the units have been purchased by individual departments or the Central Student Technology Committee. Wireless access is available in many UW buildings - however there are several buildings with no wireless service and many buildings with incomplete coverage. Also, most outdoor areas lack wireless access.
2. A large number of users do not have high speed Internet access at home (for example cable modem or DSL service) and still depend on modem service to connect remotely. There is significant demand to increase the number of modems – perhaps on a monthly fee basis.
3. Approximately 200 faculty, staff, and students subscribe to the UW DSL service. In order to provide excellent performance and accommodate additional subscribers, the DSL service must be upgraded accordingly. A review of services and rates is needed to ensure that UW is not subsidizing the cost of this service.
4. A large majority of UW faculty, staff, and students who access network facilities remotely do so using commercial services such as commercial cable modem or DSL service. In order to utilize computing resources that are behind the UW firewall, remote users must first establish a VPN session that allows them to appear as if they were on campus. VPN services will continue to grow in importance and must be expanded as necessary to meet the growing demands.

New remote access services such as Research-In-Motion Blackberry devices will be offered allowing for additional choices and convenience in electronic communications and remote network access.

Relationship to the University’s Mission (UW institutional objective(s) supported, area(s) of distinction enhanced, or linkage to a specific Academic Plan Action Item):

Network and computing service have become and integral part of nearly every university activity. Remote access to these services increases user productivity by allowing users to work from home and make better use of their time on the UW campus.

Implementation Strategy/Project Plan:

The above services all currently exist but must be expanded and enhanced to keep current with technological advances and increase usage by faculty, staff, and students.

---

7. Enhance network and data security

Enhance network and data security in order to protect university data and computing resources from viruses, malware, hackers, and other threats.

Associated IT Service: Network and Data Security

Stakeholders: University-wide

Objective(s) to Accomplish:

A variety of tools and measures are being utilized to protect the network and data from attacks from malicious users and software. Attacks include viruses, worms, Trojan horses, and general user hacking. Attacks on the network come from many sources including direct attacks, email, downloads, contaminated disks and other portable media, etc. Network and data security requires a multi-faceted approach to mitigate these dangers including firewalls, intrusion detection/prevention systems, software patching and updates, anti-virus software, VPN systems, and data encryption.

Much progress has been made recently in the protection of the university’s network and data, however several additional measures need to be taken. The university needs to have a system in place that will examine non UW owned systems when they connect to the network to ascertain they are not infected with malware and have the recommended security measures in place. The intrusion detection system will be upgraded to an intrusion prevention system that will actively prevent attacks from both outside and inside the network. The firewall needs to be extended to administrative systems so that only users who need access to these systems have access. Network appliances are needed that will help IT Security analyze network traffic by storing various network data for future reference in cases when crimes are committed and UW needs to reconstruct what occurred. The university should encrypt any sensitive data that moves across the network to protect privacy and comply with the federal and state laws. It would also be beneficial to implement stronger authentication systems to insure proper user authentication.

Relationship to the University’s Mission (UW institutional objective(s) supported, area(s) of distinction enhanced, or linkage to a specific Academic Plan Action Item):

The university’s image, operations, and legal responsibilities require that university data and computing systems be protected.

Implementation Strategy/Project Plan:

Network and data security will be an ongoing concern for UW. Significant progress has been made in recent years and future changes will be necessary as described above.

---

8. Enhance voice and video communication facilities

Replace aging telephone system with modern Voice over Internet Protocol (VoIP) telephone system with enhanced functionality and provide new, integrated video services.

Associated IT Service: Telephone & Video Services and University Cable Plant

Stakeholders: Campus-wide

Objective(s) to Accomplish:

IP based telephones (VoIP) will be deployed to enhance the functions of computer-telephony applications. The convergence of voice, video, and data networks has enabled a wide range of communication and productivity options. For example, an IP telephone (VoIP) integrated with a desktop computer allows a computer application to extract data from a database and populate a screen of information relative to a calling party. This would allow a ticket sales agent, for example, to be more helpful to a customer calling to ask a question or place an order by avoiding the need to ask for the same personnel information (for example, seat assignments and past orders) each time a customer calls.

VoIP telephones allow users to work from home, hotels, conference centers, etc. as if they were in their UW office. In short, the user’s complete desktop telephone functionality can work from a remote location and emulated in software on a laptop computer including caller ID in both directions. This will have significant ramifications for the ability to telecommute and function productively when not in the office.

Nortel Networks has announced the end of life of UW’s current SL-100 voice switch. Over the next five years the SL-100 will be replaced with the VoIP telephone system.

Video conferencing will enable face to face meetings across campus, across the state, or around the world. Video conferencing will be developed to work with VoIP telephones as well as conventional H.323 endpoints. Conferences can be easily scheduled and will be as easy to use and dialing a phone number.

Also planned is to the ability to stream store video on demand to workstation connected to the Internet. This will allow class recordings and other video materials to be viewed by faculty, staff, and students from home and at a convenient time.

Relationship to the University’s Mission (UW institutional objective(s) supported, area(s) of distinction enhanced, or linkage to a specific Academic Plan Action Item):

Nearly all university functions require telephone service in order to functions. Order desks, ticket offices, help desks, and other service entities will provide better service and function more productively with call center features that can be provided with the new VoIP phone system and associated call center software and computer-telephony integration.

Outreach services will particularly benefit from new video services that will allow classes to take place with advanced video functions and low costs using Internet (packet based network) services.

Implementation Strategy/Project Plan:

The initial infrastructure for VoIP and digital video services has been implemented and needs to be expanded as funding and time permits.

---

9. Implement ‘single sign-on’ to enhance user accessibility and security

Implement a ‘single sign-on’ user authentication system that allows users to authenticate once and subsequently access and utilize all network and computing resources authorized for the individual.

Associated IT Service: Computer Account Administration

Stakeholders: University-wide

Objective(s) to Accomplish:

The existing account administration system needs to be redeployed using updated technologies. This would allow for more efficient integration with existing systems and automation of some processes that are labor intensive with the current system. Information Technology is working to provide the resources to make many of the needed changes during the upcoming year. A large portion of the existing account management system is expected to be replaced by the new Banner system. Over the course of the next few years, it is desirable to implement a single sign-on account management system based on Kerberos or other similar technologies. Single sign-on will allow users to sign-on to the system one time, with a single password, and be able to access all data and resources approved for use by the individual. Also, affiliates and other parties served by IT who are not student or employees should be accommodated by the system. Resources from HR, Academic Affairs and other UW entities will need to be involved for a successful implementation.

Relationship to the University’s Mission (UW institutional objective(s) supported, area(s) of distinction enhanced, or linkage to a specific Academic Plan Action Item):

Access to computing resources is fundamental to nearly all UW functions – academic, research, and business. User productivity can be increased by allowing individual to sign-on to the computing resources once and avoid having to remember multiple account names and passwords.

Implementation Strategy/Project Plan:

The plan begins by replacing the current “NewUser” system with functionality in the new Banner/Luminis system. Then work will progress with implementation of Kerberos or another technology designed to support single sign-on.

---

10. Replace machine room and implement automation of machine room operations

Replace machine room with a new facility that is secure, reliable, and designed to accommodate the power, heating, and environmental requirements of modern computing servers. Implement utilities that automate many machine room operations and monitoring systems in order to reduce dependency on machine room staffing.

Associated IT Service: Machine Room Operations

Stakeholders: University-wide

Objective(s) to Accomplish:

The present location of the machine room in the basement of the Ivinson building was installed in 1978-79. The air handlers are reaching their end of life making cooling marginal. The first systems installed were freon-water cooled and the machine room was not designed for air-cooling. All present equipment is air cooled. Since the machine room is below ground level, flooding is a constant danger. Also, the current machine room was not designed to be a secure environment that houses critical university data and computing resources. The current machine rooms needs to be replaced in order to provide a reliable and secure computing environment.

Additional tools will be evaluated to automate the operations and monitoring of the various systems. Further staff training will help the operations staff to deal with the changing environment. Automation and distribution of existing machine room tasks provides an opportunity to gradually reduce machine room staffing.

Relationship to the University’s Mission (UW institutional objective(s) supported, area(s) of distinction enhanced, or linkage to a specific Academic Plan Action Item):

Machine room operations are responsible for the reliable operation of central UW computing systems and backup of university data.

Implementation Strategy/Project Plan:

Tools for automating operations and monitoring systems are being tested and implemented on an ongoing basis. Machine room replacement is dependant on university funding for a new machine room and plans are being developed by UW facility planning groups in conjunction with a new Information Technology building.