A Lesson in Higher Education Network Management

By Monique Lucey

As a follow up to my last blog regarding the implications of H1N1 to higher education networks, I had the opportunity to sit down with Les Stuart, H3C Intelligent Management Center (IMC) product line manager. We discussed the additional cost-containment and system control benefits of centrally managing and securing academic networks which extend beyond the current pandemic.

ML: What are the main challenges that higher education CxOs and their IT teams will face in the coming year?

LS: The biggest challenge—and it’s an ongoing one—is how to do more with less. While there will be exponentially more projects and users for IT to support, staffing and budgets will not increase to accommodate these demands. They’ll also have to deal with the proliferation of nontraditional devices and applications such as BlackBerrys and social networking, as well as increased government mandates to protect student access and data.

ML: Why will these pose such a problem?

LS: In some environments, if IT administrators see access, devices or applications as a threat, they can simply institute bans. But in higher education, cutting off access—even if the system is a possible threat—is a not an option because it may be partially government funded. Therefore, IT groups must figure out a way to manage the networks in a way that keeps them safe and compliant yet open.

ML: What are some specific network management challenges in higher education?

LS: Basic infrastructure and integration management is hard enough, but today privacy and security requirements necessitate increased network management. Over the past five years, the adoption of best-of-breed solutions by individual departments has also added to the complexity of network management. In addition, end users are demanding access to more bandwidth-intensive applications, such as high-definition gaming and streaming video, and that results in a further drain on IT resources. Add to that the proliferation of security, privacy and compliance requirements, and we now have extremely complex networks that have eclipsed the capabilities of most legacy network management tools.

ML: So what have IT teams done to address this?

LS: They’ve tended to treat their role as an ISP and only handle the core infrastructure, leaving individual departments to deal with their own environments. But that propagates an ad-hoc environment that is incredibly difficult to manage end-to-end. Other IT teams don’t have the in-depth, in-house knowledge to manage some of these more management-intensive technologies such as voice over IP (VoIP). And there are so many applications fighting for bandwidth or priority within users’ networks that if handled incorrectly, things start to break down.

ML: What are the benefits that centralized network management can enable?

LS: There are so many, but mainly bringing everything under one umbrella gives an amazing amount of control and helps IT staff deliver quality of service for all local and remote voice, video and data applications. Appropriate thresholds can be set to alert IT teams to network problems before users are impacted. And comprehensive metrics can be used for modeling and capacity planning. All these things help save time and money and enable tackling new projects in a strategic manner. From a single console the IMC tool manages wired and wireless voice, video and data networks as a unified set of resources. Other tools either require a separate infrastructure or a separate management package. IT teams have to shuffle between products or take time to learn how to use a complicated piece of software, draining productivity and efficiency metrics. IMC software features web-based service components that allow managing a range of heterogeneous network elements, including network access control, voice over IP traffic analysis, service-level agreements, and MPLS and VPN provisioning. Many customers, in fact, have told me that they can use more than 80% of the features without needing a manual. This ease of use speeds implementation and lowers personnel overhead.

ML: How has IMC software improved higher education IT environments?

LS: In an educational environment with tens of thousands of students accessing the network throughout the year and new applications emerging every day, it’s hard to rely on static policies. The IMC platform enables real-time monitoring of users, devices and network resources. For instance, if heavy peer-to-peer traffic is impacting the functioning of the admissions application, policies can be set, distributed and enforced to mitigate the issue.

How is your IT team addressing network management? Do you handle the core only and leave departments to address their own environments? Do you have complete end-to-end visibility of your network? We want to hear from you.

Cause for panic or call to action?

By Monique Lucey

Back to school barely one month and many students are already playing catch up. The list of colleges and universities with H1N1 outbreaks continues to grow leaving many students behind the eight ball with missed assignments. Even in the most supportive academic environments, students will find the onus is on them to determine whether to go to class when they’re feeling sick or to stay in bed and risk the consequences of missed exams, assignments and valuable classroom time.

If we want students to take the necessary precautions to stop the spread of H1N1, then institutions need to enable access to learning anytime from anywhere.  According to Arne Duncan, Secretary of the US Department of Education, they are encouraging institutions to develop alternatives for the delivery of educational programs in the event of an H1N1 outbreak.  These alternatives could include creating or expanding distance learning opportunities, either through existing institutional capacity or through agreements with other institutions. Watch the video for more on the Secretary’s guidance on H1N1.

However, extending a campus network to remote and wireless users leaves systems open to security threats from both deliberate and unintentional activity as well as the vulnerability of bottlenecks and bandwidth hijacking. Privacy and confidentiality of student data and other information are increasingly at risk.

To tackle these challenges, higher education IT requires end-to-end visibility and control over the extended enterprise. Centralized network management enables IT to easily configure, deploy, manage, monitor, audit and report on the performance and security of their environments without having to go door-to-door to each device in the network.

However, it’s imperative that IT consider the following tips to be successful in their centralized network management deployments.

1. Assess the environment. Before IT can decide on a centralized network management platform, they must know what they want to oversee, such as wired and wireless voice, video and data networks.
2. Focus on standards-based, heterogeneous solutions.  Most higher education networks are built from an assortment of various vendors’ gear. Therefore, a centralized network management platform should be able to interoperate with the academic institution’s architecture of voice, video, wired and wireless solutions.
3. Plot out the project.  With limited staffing and budget, higher education IT has little to no room for error regarding deployments so they must plan their centralized network management project carefully.
4. Baseline the environment. Once the centralized network management platform is in place, it’s critical to mark a baseline in terms of configuration and infrastructure performance.
5. Look for a single pane of glass. Human resources are a shrinking asset in most higher education IT shops. Therefore, they need a centralized network management platform that offers a consolidated and proactive view of the enterprise.
6. Revisit and optimize.  Centralized network management is an ongoing strategy, not a one-and-done proposition.

Many institutions already have a robust learning on demand infrastructure and are prepared for the increase in remote learners. How does your institution rate? Is H1N1 a cause for panic or a call to action and the impetus for delivering anytime, anywhere access? We want to hear from you.

Risky Business

By Monique Lucey

It’s hard to believe there was a time in higher education IT where you would try for a secure network but it was okay for users to trump those attempts in favor of being unencumbered. Now, as the list of compliance mandates coming at you from all angles grows and higher education security is considered critical from a business and academic standpoint, suddenly the pressure is on to deploy unparalleled network security.

Most importantly, you are on the hook to provide proof in audits that you’ve taken significant measures to protect the privacy of sensitive student, employee and even research subject information.

Here’s just a sampling of the regulations to which most colleges and universities have to adhere:

• The Health Insurance Portability and Accounting Act (HIPAA) of 1996
• The Payment Card Industry’s Data Security Standard (PCI DSS)
• The Family Education Rights and Privacy Act (FERPA)
• Multiple rulings under the U.S. Food and Drug Administration

Each of these, in addition to the dozens of individual state privacy laws, dictate how institutions must safeguard data in motion and at rest through a solid security infrastructure, access control and enforceable policies. And in most cases, their guidelines must be provable in periodic and/or sometimes random audits.

The problem that most higher education institutions face in meeting these demands is that information needed to create reports and comply with audit demands lies in systems sprinkled around the enterprise. There is often no unified strategy for addressing what, in many cases, are common requirements, such as encryption for data at rest, the use of firewalls, and user authentication.

Instead, the financial aid and admissions office is left to tackle the PCI DSS and FERPA because they deal with electronic payments and student records. The on-campus clinic has a small group looking at HIPAA compliance for student medical data. And then the labs, which interact with the FDA regarding research, try to ensure their own proper handling of electronic records.

You’ll find that it would be much easier and efficient to gather a cross-functional team of administrators, researchers, clinicians and others that are close to these mandates and map out the crossover in requirements. From there you can develop campus-wide policies that satisfy the requirements. And finally, with this comprehensive, collaborative view, you can deploy technology across the entire network to automate the monitoring, auditing and reporting necessary to manage and enforce these policies and stay in compliance.

Suddenly, what once seemed like an impossible task – securing the network – is achievable and you can once again set your talents to allowing your users the freedom and flexibility to thrive.

How does your institution address compliance: in a one-off fashion where each group tackles what they perceive as their own mandates or as a unified whole? If each group is doing compliance separately, what do you think of that approach? Has it been successful?  Let us know.

Is higher education network security making the grade? How does your institution score?

By Monique Lucey

Welcome to the H3C On-Demand Higher Education blog. I’m Monique Lucey, the higher education solutions marketing manager for the H3C product line.  I’m responsible for understanding the technology trends and issues in higher education and ensuring that our solutions deliver performance and value to meet the specific needs of academic institutions around the globe.

We’re launching this blog to create a dialogue about the business and technology challenges you’re confronting as you support collaboration among your users via secure on-demand access.  Our goal:  To help you enable your institution to deliver best-in-class services to achieve enhanced collaboration and academic excellence.

In the coming months, my colleagues and I will offer a look at the industry from our point of view which encompasses the latest research, analyst and industry expert views on topics such as cloud versus data centers, implications of web 2.0 on security and the growing demand for Network Access Control to name a few. We hope to get your feedback to round out the discussions.

So let me kick off this premier edition with the top concern among academic institutions – security and student privacy.  As the headline of this entry suggests, higher education network security is at risk.

This Network World article looks at some alarming survey results which make it clear that higher education institutions perceive the threat of viruses and malware as the greatest network security threat.  58% of respondents claim the most common way they fight these shortcomings is through education of students and staff. But is education alone enough?

I’m wondering if you’re seeing increased pressure in your institution to shore up your network against the latest security threats.  If so, what are you doing to meet this demand?

Over the next few weeks, we’ll continue to probe into this topic, share your insight and best practices. We hope you continue to visit us to join in on the discussion and stay tuned for more on the topic of security as it relates to FERPA (Family Educational Rights and Privacy Act) and other compliance challenges in higher education.