RAMP Report, 10/12/98
Recommendations
Advisement Bodies
Information Technology Policy Board
Academic Computing Coordinating Council
Administrative Computing Coordinating Council
Consultative Process to Determine Long-Term Approach
Recommendations to Be Submitted to the Provost
Service Provisioning Alternatives
No Role for UC Davis
Maintain the Status Quo
Departmental Provisioning
Centralized Facilitation Role
Centralized Provision of All Remote Access Services
UC Davis Remote Access Alternatives Logic Flow Diagram
Needs Assessment and Evaluation
Communications
Consultation
Modifications to Service During the Consultative Process
New Authentication ID Required for Modem Users
Modem Pool Segments
Interim ISP Support
Risk Advisement
Supporting Remote Access for Faculty, Staff and Students
|
Recommendations in this section are being made to the following advisement
bodies who will be responsible for facilitating the remote access decision making process.
Information Technology Policy Board
Membership includes:
Provost & Executive Vice Chancellor (Chair; Chair of Committee on Academic Planning
and Budget Review (CAPBR); Associate Vice Chancellor, Information Technology; Chair of
the Academic Computing Coordinating Council; Chair of the Administrative Computing
Coordinating Council; Special Assistant to the Executive Vice Chancellor as Staff to
the Board.
Academic Computing Coordinating Council
This governing body meets monthly. Membership includes:
Council Chair (Faculty person jointly selected by Provost and Academic Senate Chair
for two to three year appointment); Six additional faculty appointed on three-year
terms by the Academic Senate as representatives from CAPBR, Committee on Educational
Policy, Committee on Research; Nominees to CoC from college/school executive committees;
Dean or Associate Dean of college or school; Director of Teaching Resources Center;
Vice Chancellor, Research; Dean, Graduate Studies; Vice Provost, Undergraduate Studies
(and chair of Instructional Space Advisory Group); Associate Vice Chancellor,
Information Technology; Academic Federation representative; Staff Assembly representative;
Graduate Student Association representative; ASUCD representative; Network 21 Committee
representative; Member of Administrative Computing Coordinating Council; and Director,
Information Technology Planning and Coordination (Staff to Council).
Administrative Computing Coordinating Council
This governing body meets monthly. Membership includes:
Council Chair (appointed by Provost for a two- to three-year term; Dean, Associate
Dean or Assistant Dean); Vice Chancellor, Administration; Vice Chancellor, Student
Affairs; Vice Chancellor, University Relations; Director, Program Planning and
Operating Budget; Director, Information Resources; Associate Vice Chancellor,
Information Technology; Assistant Dean, Administration (from college or school);
Staff Assembly representative; ADMAN representative; Chair, Data Administration
Steering Committee; Chair, Student Information System Area Advisory Committee;
Chair, DaFIS Area Advisory Committee; Member of Network 21 Committee; Member of
Academic Computing Coordinating Council; and Director, Information Technology
Planning and Coordination, Staff to Council.
Ideally, remote access policies should serve the technological, economic,
educational and sociological aspects of the campus in a balanced way. The
challenge is to create a consultative decision-making process that incorporates
all aspects, gives all campus constituencies a voice, and responds effectively to
the spectrum of campus needs. To maintain campus community involvement, program
goals need to be clearly defined and communicated to all of UC Davis.
For policy implementation to be successful, a context for decision-making must
be established. This could take the form of a definition of universal access
principles and goals specific to UC Davis. In addition, funding principles should
be identified to guide the development of remote access funding strategies.
All feasible alternatives should be included in the evaluation. A logic flow
diagram of the decision process can clarify the path to each alternative, breaking
the larger decision into a series of smaller decisions in a linear step-by-step
process. A proposed decision diagram is included as part of this report.
Upon completion of the consultative process, a set of recommendations should be
forwarded to the Provost by October 1, 1999 and should include:
- The appropriate role of UC Davis in achieving access goals
- Appropriate levels of campus access
- Funding model to support the recommended methods of access
- Sunrise/sunset dates for the implementation of the service
The viability of various service options is highly dependant on the set of conditions
that exist at the time service is implemented. A variety of options and associated
conditions are presented here.
The descriptions in this section are intended as a narrative guide to understanding the
logic flow diagram (presented on pages 17 and 18) and its associated decision factors.
The alternatives correspond to options shown in the logic flow diagram.
No Role for UC Davis
If the conditions listed below exist at the time a decision is to be made, then
it is probable that the following will be a viable outcome: UC Davis should shut
down the existing modem pool (459 14.4 modems and 480 recently installed additional
modems) at the end of the interim period. Each member of the campus community could
then choose an ISP with the help of Recommended Solutions documents written by the UC
Davis Information Technology Division. Through this mechanism, users would be provided
with advice in the selection of an ISP and acquisition of remote access equipment.
Conditions-
- The private ISP market is sufficiently robust in Davis to respond individually to the needs of all faculty, staff and students with regard to application support, accessibility, speed, cost, equality of access, availability outside of Davis, choice, performance, security and authentication.
- Individual choice is the highest priority, and the individual faculty member, staff or student would prefer to negotiate their best deal.
- The associated costs are low enough to be acceptable to all interested parties.
If the conditions listed below exist at the time a decision is to be made, then it
is probable that the following will be a viable outcome: The campus should maintain the
status quo with the free modems as long as they last, with no plans for support or replacement,
and augment service by negotiating non-exclusive agreements with as many ISPs as possible.
Optimistically, some new innovation may be able to better allocate resources and reduce
busy signals. Information Technology should also help members of the campus community
choose their own ISP, with the help of Recommended Solutions documents.
However, this alternative can only be temporary. The campus modem pool will cease to
function as modems breakdown at the end of their life-cycle. Also, the overall lifetime
of the campus modem pool is limited to December 1999 by Y2K problems. A previous
provisioning option, remote access subsidization through telecommunication revenues, is
no longer available. The campus community has indicated a b preference that
telecommunication revenues should not be used to subsidize remote access costs. So,
even without buying more modems, on-going operations and support costs have not been
covered, creating an immediate budget deficit for 1999.
Conditions-
- The private ISP market is sufficiently robust in Davis to respond individually to the needs of all faculty, staff and students with regard to application support, accessibility, speed, cost, equality of access, availability outside of Davis, choice, performance, security and authentication.
- Somehow, the campus is now in a new position to consolidate the market and/or to obtain a significant discount from ISPs, even absent an exclusive agreement.
- The ISP won't mind the competition of the free modem services, and users will choose to use ISPs even in the presence of a free service.
- Some new resource allocation mechanism can be developed. An improvement in the performance of the existing modem bank may be possible if the current approach of regulating modem traffic can be enhanced.
- The associated costs are low enough to be acceptable to all interested parties.
Other campuses continue to use this approach. Some campuses, notably Harvard, are
using this approach where each department or college makes its own arrangements, even
to the extent of charging variable usage fees.
If the conditions listed below exist at the time a decision is to be made, then it
is probable that the following will be a viable outcome: UC Davis should turn off
the campus modem pool and implement this approach.
Conditions-
- There are no limits on trunking that would prevent departments from supporting their own separate modem lines.
- Each department would prefer to provide remote access services to some subset of their constituency.
- This option would cover enough of the campus community to be sufficient alone, or be combined with another to cover any gaps.
- This approach is responsive to the needs of a sufficient number of faculty, staff and students with regard to application support, accessibility, speed, cost, equality of access, availability outside of Davis, choice, performance, security and authentication.
- The associated costs are low enough to be acceptable to all interested parties.
- The security of the campus network would not be significantly compromised by this approach.
In this case, IT would negotiate with a Managed Service Provider (MSP) for all
remote access services (RAS).
The Gartner Group contends that "enterprises planning more than 5000 remote access
hours per month will experience increased savings by using a managed remote access service
provider and will be able to avoid making substantial capital investments in central-site
equipment." In comparison, over a six-month period, the average daily use of the
14.4 modem pool exceeded 5,500 hours. The average total monthly use of the 14.4 pool
exceeded 163,200 hours; or approximately 33 times the recommended break-even point from Gartner.
Although much of Gartner's analysis deals with remote telecommuters, both part time
and "road warrior", the comparison of where costs are generated can be applied
to analyzing the University environment.
This operational model and Total Cost of Ownership (TCO) may greatly exceed UC Davis'
capability to provide quality service at a price competitive with ¾
or even slightly higher ¾ than an outsourced provider. There is some likelihood
that the total cost of ownership will be much greater than outsourcing remote access
services. A prediction by the Gartner Group (with 0.8 probability) is that remote access
WAN, LAN and network support can be reduced by 50% or more compared to owned and managed
systems. This can be accomplished by a negotiation strategy involving deep discounts
through long, leveraged contracts with escape clauses, detailed service level agreements,
and relying on the provider to remain competitive in the marketplace.
If the conditions listed below exist at the time a decision is to be made, then it is
probable that the following will be a viable outcome: UC Davis should turn off the
campus modem pool and implement this approach.
Conditions-
- This approach is responsive to the needs of a sufficient number of faculty, staff and students with regard to application support, accessibility, speed, cost, equality of access, availability outside of Davis, choice, performance, security and authentication.
- The associated costs are low enough to be acceptable to all interested parties.
- The security of the campus network would not be significantly compromised by this approach.
Benefits-
- Outsourcing will save money in operations because of the following advantages as described by the Gartner Group:
- Avoids adding more network and support staff
- Avoids adding more shifts to support 7 X 24 X 365 operations
- Reduces the demand for new training and skills
- Reduces down time through virtual presence and support
- Avoids RAS vendor lock-in of single source vendor
- Expansion placed at the Managed Service Provider, not the enterprise
- Provides extended service level agreements
- Avoids limiting technological growth
- Provides managed local access instead of 800 number and calling card access
- Provides global access through managed local access
- Provides early access to voice, data, fax and SS7 integration
- Outsourcing is good because it moves the point of negotiation to the network edge and provides for the following advantages:
- Reduces number of contracts that need to be made to maintain the system, such as hardware, infrastructure and line charges.
- Leverages discounts based on other services, such as voice, electronic commerce, application hosting and pagers.
- Improves ability to up-scale and provision more service because it is the provider's responsibility to implement improvements and increased scalability within a specified service level agreement.
If the conditions listed below exist at the time a decision is to be made, then it is
probable that the following will be a viable outcome: UC Davis should expand and enhance
the existing modem pool, budget for replacement and charge sufficient user fees in order
to recover all costs.
Conditions
- This approach is responsive to the needs of a sufficient number of faculty, staff and students with regard to application support, accessibility, speed, cost, equality of access, availability outside of Davis, choice, performance, security and authentication.
- The associated costs are low enough to be acceptable to all interested parties.
- The security of the campus network would not be significantly compromised by this approach.
- The Total Cost of Ownership for UC Davis to provide remote access services is lower than outsourcing.
This diagram suggests potential alternatives based
upon critical decision factors.
Continuing Communication
The communication efforts and evaluation methods used during the first RAMP pilot project
generated positive momentum. The need now is for a comprehensive communication plan to build
on that momentum and create a consultative process for the long term. A list of guiding
principles, priorities and decisions to be made regarding remote access should be
systematically and periodically submitted to various UC Davis constituencies for discussion,
evaluation and modification. This process should address guiding principles of universal
access and program goals, and a complete list of alternatives, funding principles and a
determination of the role of UC Davis in remote access to campus resources.
The following are recommendations for a comprehensive communication plan covering remote
access issues:
Needs Assessment and Evaluation
- Collect data to assess the changing perspective of students, faculty and staff over the interim period.
- Continue to evaluate remote access services during the two-year interim period, focusing on issues such as service levels, effects of service segmentation and campus satisfaction.
Communications
- Continue to educate the campus community, including non-adopters, and foster a two-way dialog about remote access issues.
- Use a combination of presentations, articles in campus publications, Web pages, handouts and campus electronic mailing lists to keep campus constituencies informed.
- Report on the progress and effectiveness of the interim solution and the long-term decisions that emerge from the consultative process.
Consultation
- Consult with formal representative bodies such as the Information Technology Policy Board, the Academic Computer Coordinating Council, ASUCD and GSA.
- Continue informal consultation with Technology Support Coordinators and experts from other campuses.
- Benchmark a select set of other college campuses to track evolving remote access alternatives.
Some modifications to remote access services at UC Davis were implemented to comply with an
interim campus decision, resulting from an allocation of $563,000 from the Provost's office to
upgrade and operate the modem pool for a two-year period.
As a result of the allocation, the campus modem pool has been stratified to provide three types
of service. Each service level addresses the needs of a different type of user. A fourth type of
service will be provided through February 1999 for telnet users as a grace period for those users
who have yet to convert to standard and user-authenticated SLIP/PPP services.
Each of the UC Davis IT-provided remote access services is designed to improve contention rations
for its targeted user base. Therefore, as usage patterns evolve, it may become necessary to alter
connection times and the number of connections per day to optimize resource availability. Service
alterations may also become necessary should there be major failures in the aging 14.4K pool.
(Consistent with previous campus recommendations, no funds have been allocated for the replacement
of this pool.)
With a total of 459 14.4Kbps modems, 480 56K modems and an estimated user base of 18,910, the
contention ratio is greatly improved for the short term. Adding the new modems reduced the
contention ratio from 40:1 to an average of about 20:1. However, the 1997-98 failure rate of
the 14.4Kbps modems was 10%, and this is expected to accelerate as the modems grow older. With
the combination of losing modems over the course of the next two-year period and an expected
increase in the user base demand, the overall contention ratio of the combined modem pools can
only be expected to rise again.
Because the services have now been stratified by type of user, user authentication services
have been put in place to ensure the appropriate populations are using each pool. The authentication
process consists of granting a permit to each authenticated user. These permits are referred to
as ServiceIDs. In order to be assigned a ServiceID, a user must have a UCD LoginID.
(The UCD LoginID is automatically assigned to all new UC Davis computer accounts created
after September 26, 1996.) The ServiceID is then associated with the UCD LoginID so that
access to the modem pool can be granted.
The ServiceID types are as follows:
- Interim Remote Access Service (IRAS) - Grants access to the Student/Staff Modem Pool.
- Interim Remote Access Management Program (IRMP) - Grants access to the Faculty Modem Pool.
- Interim Modem Permit (IMOD) - Grants access to the Legacy Modem Pool. All registered campus account holders are automatically assigned this ServiceID so that they can access the UC Davis network computing services.
The existing modem pool is currently divided into the following segments:
Legacy Modem Pool
SLIP/PPP-391 Ports (will increase as general use ports are converted through February 1999)
Users: Open to All
Requirement: IMOD permit
Speed: 14.4K
Limits: Express connection, 20 minutes per connection, unlimited connections per day (not to be implemented until 2/99).
Telnet Only Modem Pool
14.4K General Use-48 ports (will be reduced to 0 over next 9 months)
Users: Open to All
Limits: Unlimited time per connection, unlimited connections per day.
Speed: 14.4K
Limits: Allows only Telnet access and a few other basic services
Faculty Modem Pool
Faculty High Speed Access (originated as the RAMP Pilot Service)-96 Ports
Users: Faculty Only (Includes Federation and Senate)
Requirement: IRMP permit
Speed: 56K service (implemented September 1998)
Limits: 4 hours per connection, unlimited connections per day pending contention ratio evaluation.
Student/Staff Modem Pool
General High Speed Access-384 Ports (380 usable)
Users: Students, Staff
Requirement: IRAS permit
Speed: 33.6K (Upgrade to 56K expected by December 1998)
Limits: 2 hours per connection, unlimited connections per day pending contention ratio evaluation.
Non-exclusive agreements remain in place with Cal Web and MCI as external remote
access providers. Individuals may purchase ISP remote access services from these or
another ISP vendor.
CalWeb
CalWeb Internet Services, Inc. is a Sacramento-based ISP offering Internet access
for personal and business users. CalWeb offers local service to the Sacramento and
Davis areas.
CalWeb offers tier services. Each tier has a flat number of monthly allowable hours and a
maximum monthly average disk space that may be used without incurring additional charges.
Should a user go over the monthly maximums, additional charges apply. CalWeb has agreed to
waive set-up fees for UC Davis computer account holders. For further information, call
1-800-509-9322 from the Davis area or 1-916-641-9320 from Sacramento. Information is also
available on the Web at http://www.Calweb.com.
MCI
MCI Internet is a national ISP offering Internet access to more than 300 local access
areas nationwide. If a local number is not available for an area, users may use the
following 800 number: 1-800-779-2966. In addition to regular MCI Internet monthly charges,
a $5.95 per hour access fee will apply with the use of this 800 number. MCI Internet offers
a number of different pricing plans and options.
Year 2000 Compliance
The current modem pool communication servers are not Y2K compliant. The vendor does not
recommend that the modem pool communication servers remain in service after December, 31, 1999.
The vendor does not view it as cost-effective to support extensive testing to rule out negative
Y2K impacts on other applications and systems, and they will not guarantee or warranty any
changes to adapt the operating system to Y2K. Additionally, it is impossible to rule out
negative impacts on other systems or applications if the non-Y2K systems are allowed to
remain on-line.
The IT governance bodies need to be advised as to this issue and the potential significant
impact to access, nearly one year before the Provost's decision on service is to take effect.
First pass testing of electronic mail applications only should be conducted to determine if
the pool's life can be extended for limited, special purpose service.
Manufacturer Support/Equipment Failure Rate
The current modem pool communication servers are not supported by the manufacturer
after December 31, 1998. Furthermore, the equipment ranges in age from two to six years
old; the life expectancy for such equipment is three years. International searches have
revealed that spare parts are no longer available.
The IT governance bodies need to be advised of the significant impact of a service
failure, with a request that a contingency plan be developed to mitigate the risk.
Security Recommendations
Much of the Internet is unprotected from security risks. Indeed, many of the
implemented Internet protocols provide no security features. Even for systems that are
password protected, there are effective, commonly available tools that can decode and
steal user passwords. Once the user password is obtained, it opens up the system to
whoever has it. For every commercial application that promises a secure service, there
are matching applications designed to break through that security. Applications that
send unencrypted passwords over the network, particularly through physically unsecured
pathways such as an ISP remote access service, leave the account-holder's systems at grave risk.
New protocols such as Kerberos provide a means to respond to this threat, by using b
cryptography. RADIUS has emerged as a common standard for centralized security implementation
on remote access servers. Finally, while still expensive, new access control or authorization
applications have become available.
It is highly recommended that the university adopt a global policy that addresses the use
of stand-alone modems and decentralized remote access devices. These pose a great security
risk to the campus. The IT governance bodies need to be further advised that limitations on
the 14.4K modem pool prevent them from being secure and keep the campus at risk until they
are decommissioned.
Support for remote access through the Client Services unit of Information Technology
ranges from 3.5 to 4.5 FTE annually, at an estimated cost of $210,000 to $270,000.
Significant cost drivers are:
- The heterogeneity of the home workstations (hardware and software) in the user population.
- Rapid remote user adoption cycles for new platforms, resulting in high research costs to implement and maintain remote access support.
- Heterogeneity of the hardware and protocols implemented at the campus level, as well as the variety of services offered. If significant reconfiguration is needed when switching between services, help desk call volume will increase.
- The 56Kbps standard is not fully implemented in the market yet.
- Increasing need for b authentication requirements such as Kerberos, which will increase the complexity of support issues, as well as the cost of client software acquisition.
- An increasing number of support calls due to the high failure and disconnect rate of the legacy modem technology.
It is therefore recommended that costs be contained through the following actions:
- Define hardware, operating system and remote access standards (an extension of Bovine Online) that will be supported and will conform to Recommended Solution documents. This should be expanded to include:
- Windows 3.1, with a sunset of March, 1999
- Windows 95/98, ongoing
- Macintosh 7.1, with sunset of October, 1999
- Macintosh 7.55 or higher, ongoing
- Standardize authentication options for all campus-based remote access services (PAP,PPP, TACACS and RADIUS). Standardize connection processes to reduce "switching" costs. Clearly define the service level and quality of service for each and keep service offerings as simple as possible.
- Complete the development of purpose-built tools for conversion. Automate to the greatest extent possible the "six step process" for obtaining new-style LoginID, Kerberos password and ServiceID for remote accesss, based on an existing UC Davis account.
- Phase out the old modem pool as soon as possible.
Back to top