The First National University (FNU)

Background

The First National University (FNU) is a major public higher education institution. It was the first higher education institution in the country to launch distance education and more recently online programs. Apart from its main Campus, theUniversityhas operations in five (5) regional campuses (RCs) and ten (10) metropolitan campuses (MCs). At present,FNU provides diverse range ofundergraduate and postgraduate programs as well as Vocational and Educational Training (VET) and short professional programs. More than 45,000 students are currently studying various levels of programs at FNU as on-campus students. Additionally, around 15,000 students are currently studying at FNU under the online and distance education programs.

FNU has three (3) major facilities to support its information technology services, namely, Headquarters, Operations (Data Centre) and Backup. The Headquarters facility is located in the main Campus. The Operations facility is located 50Kms from the Headquarters in a warehouse the University owns near an industrial area. The Operations facility houses the back-office technical functions, the Data Centre, and the IT staff. The Backup facility is located in the country area about 1000km from the headquarters. FNU uses the Backup facility as a warm-site facility that can be operational within minutes in the event the Operations facility fails.

Apart from the main campus, all regional and metropolitan campuses are very similar in terms of size, staff, and technologies. Their IT infrastructure uses relatively old and complex technologies. FNU still uses a number of protocols to enable campus communication to the main server farm located at the Operations.

Each campus is connected to the university backbone through old Multiservice Platform Routers for flexible LAN and WAN configurations, easy upgrades, and the handling of various protocols at the internet and transport layers. The router enables the campus to communicate with different FNU campuses located in different sites.

To support the day-to-day learning and teaching activities, academics and administrative staff at FNU also deals with a dozen (12) of external partners including hospitals, research centres, vendor support, and technology partners in many different ways, non-necessarily compatible each other.

At FNU the current network has consistency, performance, and reliability problems owing to a growth in enrolments and recent operations expansion. The IT department has been informedaboutan increase in student and faculty complaints. Particularly, faculties and academic staff claim thatowing to network problems, they cannot efficiently submit grades, maintain contact with colleagues at other campuses, keep up with research, and conduct their daily tasks. Similarly, students say they have submitted student work late due to network problems. Assignments submission has been problematic since theintroduction of the online submission approach. Students complain that late submissions have impacted their grades badly. Despite the complaints about the network, faculty, academic staff, and students use of the network has almost tripled in the last three fewyears

Another issue at FNU is that there are no BYOD and Work-at-home (WAT) policies. This has become a focus of contention between the IT department, staff and students. The IT department is concerned about a number of rogue wireless ad-hoc access points often placed by students within the campus premises. The vast majority of staff, faculty and students agree that there is a need of implementing secure wireless and remote access including the WAT and BYOD policies.The evidence is overwhelming on the need to rethink the way network services are provided at FNU.

The senior management at FNU has identified a number of key business factors that need immediate attention:

1.Enrolment for both on-campus and distance education is to increase 50% in the next threeyears.

2.Improve faculty efficiency and allow academic staff to participate in more research projects with colleagues at othercampuses and partner universities

3.Improve student support efficiency and eliminate problems with assignment onlinesubmission.

4.As part of the BYOD policy, allow students, staff and visitors to the University to access the campus network and the Internet wirelessly using their mobile devices including notebooks, smartphones, andtablets.

5.As part of the WAT, allow students and staff to remotely access the campus network fromhome.

6.Secure the campus networks fromintruders.

In response to the senior management call, the IT department at FNU developed a list of technical goals that should be implemented as soon as possible:

1.Redesign the current network including provision for wirelessservices.

2.Overhaul the IP addressingscheme.

3.Increase the bandwidth of the Internet connection to support new applications and the expanded use of currentapplications.

4.Provide a secure, private wireless network for students, staff and visitors to access the campus network and theInternet.

5.Provide a network that offers a response time of less than a second for interactive applications.

6.Provide a network that is available approximately 99.9 percent of the time and offers an MTBF (mean-time-between-failure) of 6000 hours and an MTTR (mean-time-to- repair) of less than 90 minutes.

7.Provide security to protect the Internet connection and internal network fromintruders.

8.Provide a network that can scale to support future expanded usage of multimedia applications including onlineteaching.

9.Automate the majority of the network tasks and services including plug and play, network configuration, network management, troubleshooting, network monitoring, resource sharing, load balancing, updates, and data backups.

Wide Area Networks (WANs) atFNU

Currently, FNU supports its wide area network operations using a meshtopology of three (3)Layer2VPLS (Virtual Private LAN Service)point-to-point circuits. This mesh guarantees redundancy between the Headquarters, Operations (Data Centre), and Backup sites.

Each regional and metropolitan campusis also redundantly connected to the major facilities (links to Headquarters, Operations and Backup respectively) via Frame Relaypermanent virtual circuits (PVC). Similarly, two separate frame relay Internet Service Providers (ISP) are used for redundant Internet access: one PVCvia the main Campus (Headquarters) and the other PVC via the Backup site.The external partners are connected to FNU via DSL.

Campus Network in FNU (Main, Metro, and Regional Campuses)

Each FNU campus is supported by 100Base-TX Switched Ethernet LANs, and FNU is expecting to upgrade to more modern Switched Ethernets. Staff at FNU are distributed as follows:

1.250 employees including academic (x150), administrative (x50) and management staff (x50). There are about 2,000 on-campus students in each of the regional and metrocampuses.

2.The main campus houses around 2,000 employees including academic (x1000); administrative (x500) and management staff (x500). Nearly 15,000 on-campus students are studying at the maincampus.

The Operations facility is also supported by 100Base-TX Switched Ethernet LANs. In the Operations facility, there are 100 engineers in charge of technical support of the data centre, networking, maintenance, and application development. The organisational and operational structure of the Backup facility is similar to the structure of the Operations facility.

Academic staff at the main campus, regional, and metro campuses teach courses in seven faculties, namely: arts and humanities, business, social sciences, mathematics, computer science, the physical sciences, and health sciences. The administrative staff handle admissions, student records, and other student operational functions. The management staff consists of human resources, senior management and information technology. Enrolment at FNU has almost tripled in the past three years; and the faculty and admin staff has doubled insize.

Each campus backbone (including main, regional and metro campuses) supports the operations of the seven faculties, management, and administrative staff. The following are the details of the IT infrastructure:

1.A high-end switch in each building is connected to a high-end Campus core switch in the campus backbone.

2.Within each building, 24-port Ethernet switches on each floor connect end usersystems.

3.Floor switches are connected to the high-end buildingswitch.

4.The 100Base-TX switches are layer-2 switches running the IEEE 802.1D Spanning Tree Protocol.

5.All devices are part of the same broadcast domain. All devices (except public servers) are part of the 192.168.0.0 internalnetwork

6.Addressing for end-user hosts is accomplished with DHCP. A Windows server in the cluster located in the Operations facility acts as the DHCPserver.

7.A Windows-based network management software package monitors the switches using SNMP and RMON. The software runs on a server in the cluster located in the OperationsCentre.

8.FNU email and web servers use public addresses assigned by AARNET (Discuss with your mentor the allocation of these public addresses). The system also provides a DNS serverthattheFNUuses.AllthesepublicserversarelocatedintheOperationsfacility.

9.The Multiservice Platform router in each campus has a default route to the WAN and does not run a routing protocol.

10.Campus servers support for local file storage (students and staff) and data backups that are periodically transferred to the main data centre at the OperationsFacility

The logical topology of the Operations facility is similar to the Campus backbone. The main differenceis that the server farm with the public services (Web, email and file services) are housed in the Data Centre of this facility. The MultiservicePlatformrouterattheOperationsfacilityactsasa NAT-Firewall.

Application and Enterprise Services

The following table provides a summary of the main network applications and enterprise services currently running in all FNU campuses.

Application / Service / Description / Users
Students and academics’ work / On-campus students use the network to write assignments and other documents. Computer Science academics and students use the network to develop code.They can save their work to file servers in the campus servers and print their tasks on printers within the campus and otherbuildings. / Students and academic staff
Electronic Mail (SMTP) / Email is used campus-wide (MS Outlook Desktop). / Students and University staff
Web services (HTTP and HTTPS) / Use of web browsers to access information, participate in chat rooms, and other typical
Web services. / Students and University staff
University Library / The University has a main library atthe main campus and smaller library facilities at each regional and metro campuses. Students and staff access theonline library catalogue. / Students and University staff
HPC / Higher Performance Computing Cluster located in the Operations building. This system is part of the nation’s scientificresearch program. / Students and faculty in collaboration with external partners
Online and Distance Education / All faculties have online teaching programs that require video streaming via BlackboardCollaborate. / Students and Academic staff
Moodle Learning Management
System / Management of learning
resources / Students and Academic staff
ERP / Human Resource Management and SAP Enterprise Resource Planning / Administrative and Management staff
Student Information System / The University administration staff uses this system to keep track of class registrations, enrolments and student records. / Administrative and academic staff
Data Analytics / Business intelligence Platform to find, explore, and share data-driven insights within FNU. / University Senior Management
GoogleDocs / Online word processor to create and format documents and work collaboratively. / University staff
Office 365 / To access Microsoft Office apps on Windows, macOS, iOS, Android, and Windows mobile. It also provides webmail and social networking services via the Exchange Server / Students and University staff
Adobe Creative Cloud / To access Adobe apps including Photoshop, Illustrator, InDesignand Premiere Pro. / Students and University staff
Academic Information Management System / Academic workflow support / Academic staff
Video Conferencing System / For Online meetings. Each campus has at least two virtual rooms fully configured. / Students and University staff
Laboratory Software / All computer labs are equipped with Microsoft Office and a wide range of software development tools (both proprietary and open source) / Students and University staff

Current ICT infrastructure Summary

ICT infrastructure at Metro and Regional campuses

Hardware

Staff equipped with Desktop PCs running Windows 7 (dualmonitors)
Staff PCs equipped with first generation headsets andwebcams
4 networked Laser Printers in eachfaculty
10 computer labs, each equipped with 24 PCs running Windows and a printer
One Network Attachment Storage for local storage
100Base-TX SwitchedEthernet

ICT infrastructure at Headquarters (main campus)

Hardware

Staff equipped with Desktop PCs running Windows 10 (dualmonitors)
Staff PCs equipped with latest generation headsets andwebcams
20 networked Laser Printers (also capable of scanning and photocopying)
50 computer labs, each equipped with 24 Desktop PCs running Windows 10 and a printer
One Network Attachment Storage (NAS) for local storage
Staff equipped with VoIP videophones
100Base-TX SwitchedEthernet

ICT infrastructure at Operations site

Operating systems: Combination of Windows and Linux servers
Staff equipped with Desktop PCs running Windows8

All operational servers including file, web, mail, DHCP, DNS, Authentication, Blackboard, Domain Controllers, Database, SAN, Load Balancing and video streaming servers are concentrated in this facility. The Operations facility also contains the infrastructure to support FNU’slearning management and student information systems; and ERP services.

ICT infrastructure at Backup site

As mentioned, the Backup is a warm-site facility that can take over within minutes in the event that the Operations facility fails. The backup site infrastructure mirrors the Operations facility.

Problem Statement

FNU business processes rely on a combination of systems and services with a very complex ICT infrastructure. FNU academic board acknowledges this as major issue that could compromise FNU’s growth and sustainability. The senior executive argues that currently the University is spending a huge amount of money to maintain and integrate disparate and cumbersome systems, with little room to expand and improve services. FNU needs to change and re-provision the ICT infrastructure to provide high quality learning and teaching in the most cost-effective way.

As part of this change, the transition to interoperability should be achieved in a smooth manner while leveraging the latest advancements in network and information security infrastructure to guarantee “zero” problems.This might also include the migration of key universityapplications and services to the Cloud.

In terms of network and information security, the ICT infrastructure should safeguard appropriate access and use of resources; and ensure unauthorised and malicious internal and external network attacks are properly blocked. Network redundancy is currently achieved with the mesh topologies (VPLS and Frame Relay); however, nothing has been done in terms of security plans for both disaster recovery (DRP) and business continuity (BCP).

Statement of Works

Your task is to plan and implement a project to help FNU re-provision its ICT infrastructure in accordance with its rapidly changing needs. The project consists of three parts: network security plan, network redesign, and technology implementation.

Part 1: Network Security plan

The network security plan should include as minimum the following items:

1.Introduction outlining the importance of the plan and its purpose. Your introduction should also provide a brief description of the components of the proposed network security plan in terms of the First National Universityneeds.

2.Scope outlining the areas of the organisation that the Plan applies. The scope also relates to the breakdown of the tasks that are needed to make sure that the network issecure.

3.Assumptions documenting any assumptions you have made in order to prepare the plan. There are things that might not be clear from the case study, hence you have either to consult with the mentor or assume them in a reasonable way with a clearjustification.

4.Clear and concise statements about what the Security Plan is designed to achieve. This statement must relate the business and technical goals ofFNU.

5.Summary and analysis of the organisation’s risks, highlighting the current threats, challenges and vulnerabilities along with an assessment of current security environment and treatments in place. This is perhaps the most important component of the security plan. It includes the complete assessment of each of the network assets (computer hardware, PCs, servers, application and system software, network devices, employees, partners and the like) and its importance for the normal operation of the networkservices.

The analysis also investigates the vulnerabilities of each asset and its associated threat that might exploit those vulnerabilities.

6.Network Security policies to address all possible network attacks and vulnerabilities. Note that these policies address the likely issues that might occur during the transmission of the data through thenetwork.

7.Information Security policies to address unauthorized and misappropriate use of FNU data and software applications. Note that these policies address the likely issues that might occur during the storage and processing of thedata.