DIVISION OF INFORMATION TECHNOLOGY
Executive Summary
This strategy outlines the the Drivers, Principles, Vision, Goals and objectives that influence the
direction of the Universities network infrastructure for the next three years.
Related Documents
Network Strategy Drivers.docx
Strategy Timeline
This strategy covers the period of 2014 to 2017
Consultancy (Matrix)
Position
Enterprise Architect, Infrastructure
Senior Technology Specialist (Networks)
Director Operations
Director EA&L
Manager Technology Integration
Manager, Service Delivery
Director, Customer Service Management,
Manager, Online Student Experience Strategy
Enterprise Solutions Architect (Security)
Administrative Officer, Finance
HP
Cisco
Role
DIT
DIT
DIT
DIT
DIT
DIT
DIT
DIT
DIT
DIT
Business
Vendor
Vendor
Contribution
Coordination, Strategy
Strategy, Drivers, Scope
Scope, Drivers
Drivers, Strategy Mapping
Review
Review
Review
Review
Review
Review
Discussion
Discussion
Business Vision
To have a network infrastructure and technologies that successfully underpin the delivery of
services to the entire University community regardless of location, while providing a level of
flexibility and scalability that expedites and encourages the introduction of new and
innovative technology, services and pedagogies. The network should be architected to
provide appropriate levels of availability, resilience and performance and is effectively
controlled, monitored and managed to ensure exemplary levels of service delivery that
supports the strategies of the university. The network should enhance the users experience
and foster the connection between people and the information they need in through an
environment that encourages Security and Mobility
DIVISION OF INFORMATION TECHNOLOGY
Principles
Title
Wireless before Wired
Best Practice
Architecture
Environmental
sustainability
Efficiency and Quality of
Service
Security
Statement
Where performance and access to service is not compromised wireless
network infrastructure should be deployed in preference to wired.
Best practice Topology and architecture built on a foundation of
flexibility, innovation and resilience that does not inhibit the ability to
incorporate future trends and industry directions.
Environmental sustainability is considered in all aspects of design,
implementation and Management
Efficiency in the procurement, delivery and management of services as
well as the quality of the solution should be a major driver for strategic
decisions.
Security is integral by design to all aspects of network services.
Responsive
The ability to respond to client needs in a timely way is fundamental to
design.
Currency
Keeping infrastructure hardware, software and technologies Up-to-date
supports the ability to respond to changing requirements
Simplicity of access
Network design should enhance the user experience by making access to
services as transparent as possible to the client
Network services design should leverage existing Master Data
Management and Integration capabilities within the organisation
Information Architecture
Integration
Rational
Supports Mobility, Cost reduction, BYOD, and delivery of services to clients the way they
want them.
Strives for excellence in design that offers the best solution for clients The architecture
must consider predicted trends in technology and influencing strategies.
Supports the University position and commitments to Environmental sustainability
Explicitly states the goal to achieve high quality solutions through a strategy of
improving efficiency in all aspects of ICT processes
Reaffirms the need for the appropriate protection of the universities data, intellectual
property and the privacy of its users as well as meeting legislative requirements
Student experience, Expanded Corse Profile and increased Research presence are CSU
foundation strategies and require a network that can adapt rapidly to changing
technology landscapes
Commitment to keeping network technologies current to allow the ability to leverage
improvements in performances and technology features without introducing riskLeading Edge not Bleeding edge
Improvements to network performance, and manageability are significantly undermined
if Access to services is impaired by difficulty in accessing services
Network services such as Traffic Billing, VPN etc. are becoming increasingly user
oriented and highly reliant on data from disparate sources as well as centralised identity
access management systems. Service design should always utilise existing Information
Architecture rather than creating new data transfer methods.
Strategic Goals
GOALS
FROM
G2
G3
A network and telephony cabling infrastructure with significant amounts of
legacy copper and multimode fibre optic that limits performance and is prone to
failure.
An antiquated network topology that limits potential performance gains,
through aging hardware and non-optimal cable infrastructure. Inflexible
architectures that require Forklift replacement projects necessitating large
Capital Expenditure.
TO
A high-performance network cable infrastructure that is capable of high-speed, high-bandwidth data
movement while reducing maintenance overhead and points of failure.
An integrated, high-performance, flexible, robust and agile network infrastructure that underpins the
delivery of services to the CSU community. It will utilise up to date devices, technologies, architectures as
well as providing opportunities for reducing Total Cost of Ownership and introducing Environmental
Sustainability benefits.
Integrated edge through core (routers/ switches/wireless and integrated security)
Forming a vendor partnership to achieve this
Bandwidth limitations removed , support wireless and mobility
Automates switch management and provisioning
A network that incorporates best practice security technologies that ensures the integrity of CSU
computerised services and related data, is user-centric and allows appropriate access to services from
anywhere on any device.
A data centre environment that delivers the capability to leverage the latest technology trends around
network convergence and virtualisation while supporting improved Business Continuity measures.
G4
IP based network control reliant on highly manual configuration that is reactive
rather than proactive in response to security issues.
G4
A static data centre infrastructure that limits options for server and storage
environments and perpetuates the division in traditional ICT disciplines.
G6
Network technologies, characterised by ad hoc configuration, that is complex
and poorly documented.
Standards based approach to network infrastructure and technologies that is understood and articulated.
G7
Poorly understood network infrastructure with limited ability to discover
impending issues or failures.
A network that is effectively monitored and measured with the capability to recognise and respond to
failures in a timely manner, analyse trends and provide meaningful reporting platform on which
appropriate planning can be based.
Objectives
Objectives
Goal
G2. CABLING
A high-performance network cable infrastructure that is capable of high-speed,
high-bandwidth data movement while reducing maintenance overhead and
points of failure.
G3. SWITCHING (Wired and Wireless)
An integrated high-performance, flexible, robust and agile network (switching
and routing and wireless )infrastructure that underpins the delivery of services to
the CSU community.
It will utilise up to date devices, technologies, architectures as well as providing
opportunities for reducing Total Cost of Ownership and introducing
Environmental Sustainability benefits.
G4. SECURITY
A network that has integrated security technologies and allows for the unified
management of network security policies and services.
Enable identity based network access to appropriate information and services
from anywhere on any device.
Enable the application of individual security policies on a per service basis to
secure inter service communications. Enable the hosting of services with
disparate security requirements while reducing operational and management
complexity
Proactive and automated network security incident identification response and
reporting capabilities
G5. DATA CENTRE NETWORKS
A data centre environment that delivers the capability to leverage the latest
technology trends around network convergence and virtualisation while
supporting improved Business Continuity measures.
G6. STANDARDS
Standards based approach to network infrastructure and technologies that is
understood and articulated.
G7. MEASURE MONITOR and MANAGE
A network that is effectively monitored and measured with the capability to
recognise and respond to failures in a timely manner, analyse trends and provide
a meaningful reporting platform on which appropriate planning can be based.
Objective
O1. Finalise the current audit, and document the CSU Fibre Infrastructure.
O2. Thoroughly audit and document the physical aspects of CSU Cable Infrastructure – including Pits, Conduits, Communication Rooms and Racks,
Power infrastructure.
Integrate the results with Facilities Management’s diagrams and mapping applications.
O3. Redesign the fibre topology to reduce the effects of individual switch and building power failures affecting other buildings and consolidate
distribution points.
O4. Replace all of CSUs multimode fibre with Singlemode fibre to support our bandwidth needs for the next 20 years (up to 100Gb/s).
05. Leverage this fibre deployment to meet the needs of DFM to deliver fire alarm services over fibre optic cable. This supports our direction to
remove our reliance on old copper telephony cable.
06. Develop a design for an integrated end to end network infrastructure in partnership with industry vendors and consultants to deliver
10 Gb/s Uplink speeds with 1Gb/s Access port Speeds
60w UPoE Capability (Power VDI Terminals etc)
Support for industry standard switching features (802.1x, QOS, IPv6, stacking and modular power etc)
Integrated 802.11AC (Wave 2) wireless solution (10 gig uplinks, 1gig Access ports & Poe, supports mobility, video and student experience)
Integrated security and authentication solution
Software Defined Networking (SDN) support and implementation
Automated switch provisioning
Power management and reporting
O7. Centralised security policy management Linked to IGMS
O8. Client side security
Work with vendors to implement identity based access to the network both wired and wireless
– Application access policy enforcement (Procera – external)
O9. Server side security
Work with vendors to implement service based access to the network
O10. Security event monitoring
Increase visibility and reporting of potential security incidents through active network security monitoring (egNext gen firewall, IPS/IDS
appliance. Security Event and Incident management (SEIM)
011. Replace data centre network infrastructure to provide a reliable data centre network platform.
Deploy current generation routing equipment
Deploy high bandwidth, redundant, Loop free switching fabrics
Leverage virtual networking appliances to integrate with our VMware environment
Simplify inter data centre connectivity
Improve security while reducing management overhead
Use cloud compatible technologies to take advantage of public and hybrid cloud offerings
O12. Audit, review and remediate where appropriate all current network standards and procedures to ensure quality solutions are the norm
O13. Assess current network services to ensure currency, optimal configuration, appropriate server infrastructure environment, levels of automation
and management overheads and identify and implement continuous improvement measures.
O14. Use integrated & external tools to monitor network performance, develop meaningful reporting and trend analysis. Develop metrics and KPIs
O15. Use integrated and external network management solutions to reduce operational workloads and introduce operational efficiencies
Initiatives
Initiative
WAN Cable Audit
Campus Cable Audit
Cable
Documentation
Finalise Fibre
Topology Design
Fibre Replacement
Network
Infrastructure
Design and
Implementation
Security Design
What/How
Document WAN Cable Infrastructure
Commercial Services
CSU Owned Fibre
SPOF’s
Maintenance & Support arrangements
Contracts
Cost Benefit Analysis
Monitoring
Document On Campus Network Cable Infrastructure
Cable Topology
Pit Condition
Conduits
Communications Rooms
Racks
Power Infrastructure
o
UPS
o
Generators
Integrate Cables into DFM Mapping (FM Central)
-
Use Campus Cable Audit Data
Draft UPS requirements
Draft Distribution switch design
Complete design
o
Cable Layout
Plan for DFM Campus Fire Alarm Services
Leverage Preferred Suppliers for work
Quote process
Assess Quotes and appoint Contractors
Confirm Fibre Design with contractors
Develop prescriptive work packages
Monitor & Review contractor work and costs
Quality control on Comms Spec
Engage Standards compliance contractor
Specify Security Requirements
Develop Request for Proposal
Submit tender through E-Tender
Select preferred partner
Develop detailed design with partner
Procurement
Implement design
Finalise Requirements for inclusion in RFP
Plan integration with IGMS (Auth & Groups) via
LDAP and AD.
Map Group memberships to services.
Who
Network Team (coordination)
Finance Officer
AARNET
Contractor
Process
ITC:SWR
Budget
BAU
Dependencies
Status
Roadmap
Q3-16 –Q2-17
-
Network Team
Finance Officer
DFM Staff
Contractor
ITC:SWR
Communications
Budget
N/A
In Progress
Q4-14-Q4-15
-
Network Team
DFM Staff
Contractor
Network Team
Associate Project Manager (AT)
Vendor Consultation
ICT:SWR
BAU
N/A
In Progress
Q4-14-Q4-15
ICT:SWR
Communications
Budget
Campus Cable Audit
In Progress
Q4-14-Q2-15
-
Contractors
Standards Compliance Contractor
Associate Project Manager (AT)
Network Team
ICT:SWR
Communications
Budget
Fibre Topology
Design
Q4-14 – Q4-15
-
Network Team
Partner (joint PM)
Associate Project Manager
Technology
Project
Capital
Management Plan
Fibre Replacement
(option to begin
before finalised)
Q4-14 – Q2-16
-
Network Team
Security Architect
Systems Team
Associate Project Manager
Technology
Project
Capital
Management Plan
Network
Infrastructure
Design and
Implementation
Q4-14 – Q4-15
-
Security Event &
Incident
Management
-
Router Replacement
-
Virtual Network
Services (e.g. VSwitches, V-Security
appliances)
Cloud Assessment
Network Technology
Review
-
-
-
Define Server communication matrix
Determine Intrusion Prevention System (IPS) Scope
Plan and evaluate integration between existing
solutions & any recommended security
technologies.
Define KPI’s, metrics and Trend Analysis
Develop threat response methodologies
Test with Penetration Tests
Define Requirements for Tender
Evaluate SEIM Technologies Splunk and how it
integrates with network monitoring
Gap analysis in security technologies Reporting and
Alerting capabilities
Recommend Governance and operational
Structures
Define Reports, Alert Thresholds & Dashboards etc.
Design Topology
Work with Vendor to develop design &
configuration options
Develop change management Plan
Design integration with Virtual Network Services
and Security
Lab Testing
Staged Implementation
Design Topology
Work with Vendor to develop design &
configuration options
Develop change management Plan
Design integration with Physical Network Services,
Security and VMWare environments.
Lab Testing
Staged Implementation
Work with vendor to develop a flexible
architecture that allows network services that
facilitate non-traditional data-centre paradigms.
Design for a Co-location data centre
Design for Cloud Services
Reassess all procedures, standards, policies and
Work practices after the implementation of the
new network infrastructure. Identify candidate
services for automation
Identify gaps in Business Continuity,
Identify SPOFS
Develop plan to improve robustness, redundancy
and automation ***
-
Network Team
Security Architect
Systems Team
Associate Project Manager
Technology
Project
Capital
Management Plan
Network
Infrastructure
Design and
Implementation
Q4-14 – Q4-15
-
Network Team
Associate Project Manager
Systems Team
TBA
TBA
Network
Infrastructure
Design and
Implementation
Q2-15 – Q4-15
-
Network Team
Associate Project Manager
Systems Team
Security Architect
TBA
TBA
Network
Infrastructure
Design and
Implementation
Q2-15 – Q4-15
-
Network Team
Associate Project Manager
Systems Team
Security Architect
Vendor specialists
Network Team
Associate Project Manager
Systems Team
Security Architect
Vendor specialists
TBA
TBA
-
Q2-15 – Q4-15
-
TBA
TBA
Data Centre
Strategy
Virtual
Network
Services
Q2-15 – Q4-15
Management Tool
assessment
-
Investigate available benchmarks
Define Metrics and KPI’s for network Performance
Investigate Network Management Tools
Establish Management and Reporting configuration
structure
Establish report recipients and timeframes
Establish monitoring and Alerting recipients and
methods
-
Network Team
Associate Project Manager
Systems Team
Vendor specialists
TBA
TBA
Q2-15 – Q4-15
Network Roadmap 2015-2017
2015 Q1-2
2015 Q3-4
2016 Q1-2
2016 Q3-4
2017 Q1-2
2017 Q3-4
1) Cloud Assessment
Prepare for a flexible architecture that can leverage
Cloud Services
Cloud Assessment
2) Virtual Network Services
Improving Availability, supporting Network Convergence
Infrastructure
Abstraction
Virtual Network Services
3) Campus Cable Audit
Comprehensive Inventory of campus-based Network
Infrastructure
Campus Cable Audit
Improved
Reliability
WAN Audit
Finalise Fibre Topology
Design
4) WAN Audit
Understand inter-campus connectivity and Internet
Points of Presence
Fibre Replacement
5) Finalise Fibre Topology Design
Design fibre optic infrastructure to eliminate Failure
Points and provide distributed switching
Cable Documentation
6) Cable Documentation
Integrate existing & planned cable map into FM Central
7) Fibre Replacement
Implement Fibre Topology Design
Simplified
Management
8) Management Tool Assessment
Management Tool Assessment
Monitor and manage Network Performance, events and
trend analysis
9
9) Network Technology Review
Network Technology Review
Continuous improvement of Network Services (DHCP,
DNS, VPN etc.)
10
Router Replacement
Network Infrastructure Design and Implementation
Improved
Performance
10) Router Replacement
Replace aging technology to improve performance and
flexibility
11) Network Infrastructure Design and
Implementation
Work with partners to develop a comprehensive
network design
12) Security Event & Incident Management
Intrusion Detection, Prevention & Monitoring to secure
data and meet compliance obligations
13) Security Design
Security Event & Incident Management
Data Protection
Develop a Network Security plan that significantly
enhances data protection and allows identity-based
access to services on the network
N.B. All timelines are estimations only, actual timelines will
depend on priority, funding and resource availability.
Security Design
CSU Network Strategy Roadmap 2014-2017
Planned
Underway
Keywords: Network Enterprise, Security, High Performance, Fibre,
Cable, Topology, Data Centre
Possible Future proposal
Div. Information Technology
Enterprise Architecture
DATE
AUTHOR
VER
17/09/2014
EA, Infrastructure
0.01
Network Strategy Relationship Map (Core (Included in strategy), Integrated(significant overlaps with strategy), Reliant (Relies on Strategy decisions))
CSU Network Strategy Map
Core
Integrated
Reliant
BYOD
Partnerships
Device Clients
Access Control
Professional Services
Strategy Development
Technology Support
Data Centre Network
NBN
Convergence
Business continuity
DC Network Segregation
Dependencies
Overlaps
Implications
Video Conferencing
Measure & Monitor
Monitoring Software
Trend Analysis
Desktop VC
VC Resource Booking
Bridging
Cabling
Fibre Replacement
Storage
Convergent Technology
FCOIP, ISCSI
Network Topology
LAN
WAN
AARNET POP s
Server
Virtualisation
Business Continuity
Security
Network Segregation
Firewalls
Load Balancing
Packet Inspection Desktop
Intrusion Detection
Desktop
VLAN s
Student Experience
Video Technologies
Communication Technologies
IVT
Streaming
Desktop VC
IPTV
Unified Comunication
Telephony
Mobility
Placement Students
Telecommuting
On-campus roaming
Billing
Telephones
Data Access Points
IPTV
Remote Support (Practicum)
Streaming
Desktop
Virtualization
Access Control
NAC
Wireless Network
Coverage
Security
Emergency Response
Mass Communication
Digital Signage
CCTV
Data Centre
Location
Tier level
On-Premise or Outsourced