Remote Access
Quick Links
RAMP Report, 10/12/98
Table of Contents   |  
Acknowledgements
   |  
Section: 1   |  
2   |  
3   |  
4   |  
5   |  
Appendices
Appendices
Appendix A: Remote Access Improvement Appendix B: Financial Analysis Detail Appendix C: Diagram of Expanded Modem Pool Services Appendix A: Remote Access Improvement Current Campus Remote and Network Access Improvement Projects ResNet RAMP Commercial Access Services (Contracts with Internet Service Providers) Distributed Authentication Services Magic WAND (Wide Area Network Davis) Wireless Dynamic Host Configuration Protocol Public Network Ports Approaches at Other Universities Comparison Institutions to Be Used Summary of Findings return to top Appendix B: Financial Analysis Detail One-Time Costs Already Funded One-Time Costs for Expansion Remote Access Servers (Modems) Communication Line Installation Charges Installation Costs Step Function Switch Cost Develop Billing System Annual Operation and Maintenance Costs Internet Line Charges Depreciation Equipment Maintenance Technical Support Operations and Maintenance Support User Support Billing Communications Resources Overhead Appendix C: Diagram of Expanded Modem Pool Services return to top |
Appendix A: Remote Access ImprovementCurrent Campus Remote and Network Access Improvement Projects ResNet This project installed network data ports in each residence hall unit, providing high-speed networking to the dorms. This project has reduced the load on the campus modem pool, as residence halls previously accounted for 25% of the dial-in usage. RAMP The Remote Access Management Program (RAMP) was a series of pilot projects IET conducted to evaluate the benefits, costs and feasibility of new remote access alternatives for the campus. RAMP's Remote Access Pilot evaluated:
Phase A of the pilot began in November 1997 with 12 faculty participants. Phase B began in February 1998 with an additional 100 faculty and 11 Technical Support Coordinators from 11 departments. The test service expanded in May 1998 to include members of the Academic Senate and Academic Federation, and the Technology Support Coordinators who provide them technical support. The project also involved assessing the existing 14.4 modem pool. Commercial Access Services (Contracts with Internet Service Providers)
Distributed Authentication Services In the past, UC Davis affiliates using outside Internet Service Providers (ISPs) had problems accessing restricted on-campus servers and documents. That's because access to those resources was granted based on a list of authorized UC Davis IP addresses (128.120.*, 169.237.*, 152.79.*). Users connecting through an off-campus ISP don't have a UC Davis IP address; they have an IP address assigned by the ISP. To solve this problem, IT's Distributed Computing Analysis and Support unit developed the Distributed Authentication solution. This allows webmasters and other information providers to authenticate incoming users with high-security Kerberos user names and passwords, instead of IP addresses. UC Davis affiliates can access restricted materials even if they are connecting through ISPs instead of the campus modem pool. If a UC Davis affiliate uses an ISP to connect to campus, they will need a UC Davis Login ID and Kerberos password to access restricted resources through the Distributed Authentication solution. They will also need to use a Web browser that is capable of SSL (Secure Sockets Layer) connections, such as Netscape or Internet Explorer version 2.0 or above. Information on the UC Davis Login ID and Kerberos password can be found at http://computingaccounts.ucdavis.edu/. General information on the Distributed Authentication solution, a pointer to a page to perform a browser test and UC Davis Login ID and Kerberos passwords can be found at http://www.ucdavis.edu/authentication/. The following table and footnotes will help webmasters and service providers understand which features of distributed authentication can be used with a particular combination of hardware and software.
Notes:
Magic WAND (Wide Area Network Davis) The project involves working with local property owners at off-campus apartment complexes in Davis to install high-speed connections (ISDN or better), on a pilot basis. The project team also provides technical and other assistance to apartment complex property owners to help encourage the installation of high-speed connections to the Internet from small computer labs at apartment complexes and from students' apartment residences. Students at such apartment complexes would be able to use the lab computers or plug their own computers into network connections in their apartments to check electronic mail, obtain on-line course materials from campus computers and conduct on-line research via the high-speed network connection. A team of IT staff, apartment complex property owners, and community organizations developed four pilot sites, where small computer labs, located in apartment complexes, had ISDN connections installed. An additional pilot will extend network connectivity to adjacent study halls and apartments, through a wireless access point. Students with notebook computers and PC/PCMCIA card slots would be able to check out wireless cards from the complex office or purchase wireless cards, and connect their machines to the Internet through the wireless access point. Based on the pilot's results, team members will develop a Guide to Networking Apartment Complexes in order to educate local apartment complex property owners and managers about the benefits of Internet connectivity for their business and their residents. Wireless This project will expand the range of communications service options that are available to the campus involving wireless technologies. Wireless communication gives its users greater flexibility and mobility and provides an alternative to the traditional constraint of being bound to a specific physical location. The voice service users would be able to program their desktop telephones so that all calls to their campus number are forwarded to a cellular-like device capable of receiving calls at any location, whether the user is on-campus or on the other side of the country. Wireless data users would have network access from almost any location on- or off-campus within range of a signal transmitter. Wireless services, however are limited by their speed and cost. For example, wireless data communications tend to provide speeds similar to modem dial-up access but can be among the most expensive of the connectivity options. While numerous campus wireless pilot projects have been carried out over the past four years, wireless voice and data network access services are finally feasible as a regular type of service, because a sufficient variety of shapes, sizes and capabilities are appearing on the local market. A campus wireless services project team was appointed for the purpose of surveying user interest and vendor capabilities, to conduct pilot testing services and to perform a cost/benefit analysis. On the basis of these criteria, the team made recommendations about new wireless services for the campus. Other tasks included the identification of the Voice/Data functional characteristics that are considered desirable as well as the pricing and cost options that must be considered prior to a service rollout. A team of staff from IT and other university departments, was assembled to formally address this subject in detail. Wireless technologies were evaluated in three pilot projects including spread-spectrum/narrow-band microwave wireless, cellular wireless, packet data wireless and specialized integrated voice/data/pager wireless devices and services (e.g., PocketNet). For each, a pilot test plan was developed. In addition, team members conducted a current market survey (inventory of technology and services), and a survey of wireless projects and services at other institutions. Based on the research and the pilots, the team completed cost-benefit analyses and user cost profiles, and made a final report with recommendations to the Director of Communications Resources (CR). The team is evaluating the introduction of AT&T's Wireless Service in the immediate future, with additional installation of microcells to improve campus coverage. One reason for an early rollout is to provide the benefit of government pricing to potential users of the service. It would also be a way of gauging the potential demands for wireless service. Test plans were developed for each of the three pilots, pilot participants have been recruited, equipment has been identified and loan/purchases are underway. A survey was distributed to wireless campus customers at two phone number swap exchange sites at the beginning of March 1998. The survey is being analyzed for usage information and for interest in different types of wireless service technology. Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol is a protocol that, through a server, automatically assigns IP addresses to computers as they connect to a network. If this service were provided at UC Davis, campus notebook computer users whose equipment's Ethernet card was registered with the campus, could more easily access the network as they move around between office, classroom, library and home. The major deliverable for the project team is a report which evaluates the costs, benefits, and recommended architecture of any DHCP services potentially provided by IT, in the Network 21 post-cutover environment. The report would include recommendations as to whether IT should deliver such a service. A preliminary report that was completed during Spring of 1998 covers three activities:
Public Network Ports This project:
Approaches at Other Universities Information gathering in this area is still underway. Comparison Institutions to Be Used
The following universities participated in CAUSE remote access survey in 1996 (see http://www.georgetown.edu/acs/people/hassler/)
Summary of Findings Of 34 institutions planned for the survey, two are presently discounted for lack of data (Blue Cross and University of Phoenix). We have at least partial data from Web sites and e-mailed correspondence on the remaining 32 sites. Subsidized Access
Only one institution, Penn State, offers access on a paid basis at a rate comparable to ISPs, and it's not apparent from the Web page whether that rate applies to students or only to faculty ISP Dependent Access Two institutions are entirely ISP dependent. University of Michigan offers "free" access that is paid for through a student technology fee. Michigan State offers limited free access, with a charge for additional hours. ISP Partnerships Eight additional institutions list an arrangement with an ISP for remote access. A number of institutions seem to be passively encouraging ISP use by offering only low end services (both Purdue and Arizona State offer only UNIX access) or impossible contention ratios (Duke has 128 modems to service 32,000 accounts). From the University of Texas, Dallas, webmaster (UT Dallas offers 72 free modem lines and a good ISP partnership): " We're trying to get out of the business of maintaining modem pools. 1. They break/die too frequently. 2. They need constant firmware upgrades. 3. Faster speeds require newer hardware investments annually. 4. Too many man-hours required for good support." From Arizona State University, which offers only UNIX access to students, the statement: "ASU encourages individuals to use a commercial ISP." ISDN Services Both of the following alternatives are currently being used:
We didn't specifically look at resource allocation, and there is no clear pattern on handling it. Many institutions limit access time by session length, by monthly usage or both. Memorial University of Newfoundland, in response to a 1997 study, has devised a "Fair Allocation" program (15 hour time allocation to start, plus 35 minutes per day; users can bank up to 15 hours in their accounts. Additional hours can be purchased at 10 Hours for C$7.50, plus $.50 for additional hours. Usage time is charged against the account at full use during prime time, 50% from noon to 4 p. m. and 25% from 1 a.m. to noon.) Many institutions, however, don't address the issue at all, as University of Virginia says: " Faculty, staff, graduate, and undergraduate students all compete for access to our free modems using the same rules and probability for access." Back to top   |   back to Table of Contents. Appendix B: Financial Analysis Detail
The campus has already made some investments in remote access equipment that is highly scalable and that requires only minimum augmentation at high use thresholds. This equipment includes:
User support conversion costs were funded, and the amount of time necessary to assist various types of users (faculty, staff, and students) through the conversion process. Often, this involved indirect needs, such as the need to upgrade the mail package, or in worst cases, the operating system, in order to use the higher speed remote access services. The following table provides the details of the conversion support model.
Back to top   |   back to Table of Contents. One-Time Costs for Expansion Remote Access Servers (Modems) Due in part to the demands of the dynamic ISP market, and in part to the consolidation of higher numbers of ports/server, remote access hardware and software costs are dropping rather dramatically. For example, in the year between acquiring new modem equipment for the faculty pilot (which started in Fall of 1997), and the new modem equipment which will provide interim remote access services this Fall, per port costs of the Cisco equipment almost halved. In the summer of 1997, two modem communication servers (Cisco AS5200) providing 96 33.6/56Kbps ports (48 ports per server) were purchased, and then this summer (1998) Cisco AS5300 equipment (four servers providing 96 ports each for an additional 384 ports) was purchased at nearly half the cost per port. An even greater concentration (432 ports per remote access server) is also available, for example in the AS5800 which could further reduce per port costs. The downside of highly concentrated port/server ratios is the single point of failure problem: the greater the concentration, the higher the number of ports that would become unavailable at one time. The optimum configuration is one that balances per port cost against preventing single point of failure. Communication Line Installation Charges Line installation charges include PRI interface, T1 trunking, charges for dial plan, DID, PBX trunking, alternate routing, and PBX base additional trunking. For the recent installation of 384 ports, the total communication installation charges were $38,031.50, or $99 per port. This rate is expected to remain consistent during the short-term planning horizon. Installation Costs A small per port cost, representing a fully-burdened principal technician is included for additional remote access server installations. Step Function Switch Cost Given the existing configuration, additional network switches would be required for every purchase of 24 96-port remote access servers. Develop Billing System If the financial model decided upon requires recharge, additional costs associated with software development or acquisition of a billing/tracking system will be required. Annual Operation and Maintenance Costs The model assumes a three-year depreciation cycle; that is, every three years, all of the equipment charges described would need to be replaced. Internet An analysis of traffic across the border router indicates that the existing population of users account for 16% of the campus Internet costs and this should scale proportionately by the quantity of users. Line Charges Line charges are the monthly Pacific Bell costs associated with connecting the modem pool to the public-switched telephone network. Depreciation The remote access server depreciation is based upon three years and is scalable based upon 96 port increments. The main infrastructure depreciation supporting the modems (Router and ATM switches) is basically a fixed cost depreciation because of its large scalability. A step function increase in switching depreciation is required with the addition of 13 remote access servers beyond the current configuration, and for every 24 96-port servers after that. Equipment Maintenance There has been a minimal requirement for maintenance on the Cisco equipment or the T-1 lines. All have operated throughout the entire pilot without failure. A scheduled code upgrade was performed on the communications server without impact to the users. Additionally, while troubleshooting a reported slow response, interface cards were swapped to isolate the system, again with no impact to the users. Vendor maintenance agreements with the router and switch vendors are in place for high value equipment, and the cost of a 2% sparing level is assumed for the lower value equipment. Technical Support During the period of pilot testing, two part time network analysts, spent approximately 10% of their time resolving authentication issues. Procurement of two new SUN Ultra30 stations provided the required computing and capacity to maintain authentication with Kerberos and TACACS. Midway through the pilot, Radius was chosen to provide permit authentication due to its improved speed in processing the Kerberos permit. It is assumed that some level of technical support will be required on a continuing bases to deal with similar technology changes in the future. Operations and Maintenance Support Computer Resource Specialists and student analysts were used to troubleshoot configuration and password issues with new clients. 58 of the 457 trouble tickets opened between November 19, 1997 and April 19, 1998 dealt specifically with the Remote Access Pilot (13 %). Based on this experience, the Network Operating Center (NOC) estimates that technical support costs will be .25 FTE. Included in these support costs are the following items:
The IT Express currently provides support to the campus and its affiliates for dynamic IP dial-up network connections (PPP/SLIP). The IT Express also supports TCP/IP to the extent that it is required to set up PPP on both the Macintosh and Windows operating systems. IT Express also pre-qualifies (gateway ping) network trouble calls before escalation to the NOC for troubleshooting at their help desk. Details of the supported software packages are available for the IT Express Web site. IT Express support cost estimates for two user population levels are provided for
If the financial model decided upon requires recharges, additional costs associated with software licenses and modifications, administrative processing, paper, mail, etc., will be required. These costs were estimated to be approximately $2.00 per user per year although there is not sufficient data to accurately determine this figure. Communication Resources Overhead A portion of the administrative costs associated with the operation of Communication Resources is distributed to each service that it provides. An equitable share of these costs based upon the size of the service and the rate structure approved by the rate committee is approximately $42,000 per year. Back to top   |   back to Table of Contents. Appendix C: Diagram of Expanded Modem Pool ServicesThis diagram indicates the architecture adopted for the deployment of expanded modem services through the Provost's Office allocations. Back to top |
Table of Contents   |  
Acknowledgements
   |  
Section: 1   |  
2   |  
3   |  
4   |  
5   |  
Appendices