The Higher Education CIO’s Year Ahead

By Monique Lucey

While 2009 was certainly a challenging year for higher education CIOs, 2010 is shaping up to be just as daunting. The economy is expected to still be plaguing budgets and staffing yet you’ll have a slew of new projects headed your way such as cloud computing and network and firewall virtualization. And get ready for regulatory compliance to play an even bigger role in your lives.

Experts are saying that it will take transformational CIOs, rather than functional ones, to help organizations achieve their business objectives. The difference is that you’ll have to adapt to being a strategic part of higher education institution’s leadership rather than a reactive service provider.

According to CIO Magazine’s “State of the CIO 2009” report, 70% of CIO respondents say that IT is considered an integral business partner by the rest of the business. In their leadership role, CIOs say they spend their time aligning IT with the business goals, cultivating the IT/business partnership, improving IT operations and system performance, and leading change efforts. This is in stark contrast to previous eras when CIOs were knee-deep in hardware and software deployments. These days CIOs say long-term strategic thinking and planning, expertise in running the IT function, and collaboration and influence are the leadership competencies most critical for their current role.

This switch from hands-on IT infrastructure management has resulted in 74% of respondents being able to say they hold a seat on their organization’s executive committee – a higher number than the past two years.

Sitting at the table requires you to be a visionary who can clearly communicate the power technology has to support business goals while at the same time keeping an eye to cost containment. In lieu of explaining the wonders of new hardware and software, you must map technology advances to revenue-generating projects.

In higher education, CIOs have to understand the needs of faculty, student and staff, targeting your efforts towards making admissions run more smoothly, academic resources more readily available, content access more compliant, and research networks more secure. In effect, CIOs must have a clear grasp on every requirement within your college or university.

Once you have that insight, as a 2009 Gartner report “Meeting the Challenge: The 2009 CIO Agenda” points out, CIOs above all else must be decisive and resourceful despite economic conditions. Gartner encourages CIOs to focus on improving business processes, using business intelligence to raise visibility, and enhance workforce effectiveness.

The research firm says CIOs must restructure IT to be more productive and more agile because “the business will not reduce its demand for IT just because you have fewer resources.” This is something that leaders at academic institutions know all too well. Gartner also advises modernizing your technical infrastructure to take advantage of newer technologies that lower cost, use less energy, deliver better performance and provide greater capacity.

The CIO that does all this will shine a positive light on IT and ensure that you maintain your newfound stature within the organization. What are you doing to meet the challenges in 2010?  Has the difficult economy shifted your institution’s IT focus? How?  We want to hear from you.

Real Security from Virtual Firewalls in a Virtual Network

By Monique Lucey

A couple of weeks ago, I touched on the demand for network virtualization in a wrap up of Educause sessions. My colleague, Gary Kinghorn, product marketing manager at 3Com, focused on H3C security solutions recently posted this discussion about the advantages of virtual firewalls in a virtual network:

Real Security from Virtual Firewalls in a Virtual Network

By Gary Kinghorn

Virtualization has certainly become a driving factor in networking, application deployment and data center design over the last few years. One of our marketing folks recently ran across an interesting deployment scenario where as part of a large network virtualization project, they were also making use of virtual firewalls to virtualize the security layer of their network, further reducing costs. While the first step of virtualization usually happens in the application server, customers should also be thinking about ways to reduce hardware costs and management complexity by taking advantage of the same concepts inherent in all of our H3C security appliances and blades.

The typical deployment scenario goes something like this: A large distributed enterprise has multiple campuses, or a large distributed campus, with divisions or groups spread throughout. You can think of these as potential subsidiaries of a conglomerate, departments in a university, or logically separated clean-room projects. The problem is that the physical location of the groups is not aligned with the physical layout of the campuses or buildings. This is a challenge for network designs that frequently are aligned with campus layouts and not the virtual organizations. Virtual Local Area Networks (VLANs) work well locally, when closely mirroring the network topology, but don’t work well across the enterprise WAN, since layer 2 network virtualization doesn’t scale when extended through the layer 3 routers.

Providing a VLAN for a widely separated group requires a technology called Virtual Routing and Forwarding (VRF), so that VLANs can be efficiently extended through the router core of the organization. This can provide the appropriate policy enforcement and network capacity appropriate for each division or group, no matter what their size. Other efficiencies can be realized through what is essentially a private wide area network broadcast domain. These VRFs are reasonably straightforward to set up and manage since the H3C networking infrastructure and management platform supports this capability for highly scalable deployments.

But things get even better when enterprises take advantage of virtual firewalls. Whereas logically distinct organizations sharing a network would need their own firewall to protect their LAN segment and to define their unique security policies, firewalls no longer need a one-to-one correspondence with the LAN segment they are protecting any more than an enterprise application still needs its own server to provide adequate service. In essence, a single physical firewall can be divided into hundreds of virtual firewalls, each with its own distinct set of rules, aligned with a particular LAN segment or VLAN, and individually managed by a local group administrator (as needed).

The enterprise class SecPath VPN Firewall F5000-A5, for example, supports up to 256 virtual firewalls in a single appliance. Perhaps it’s deployed at the gateways to the router core, and all the traffic that flows through the firewall can be partitioned to the right VLAN, applying the right policies. A widely distributed VLAN doesn’t need another firewall at each physical site. One virtual firewall located on a single physical firewall anywhere on the WAN can serve as the only firewall required for the entire VLAN no matter where it’s located, as part of a larger virtual network. How far are you in virtualizing your IT services? Have you already implement virtual firewalls? If so, what benefits have you seen?

Lessons Learned from the Mile High City

By Monique Lucey

Last week I attended Educause in Denver including a session given by Dennis O’Reilly, Network Architect at The University of British Columbia. In his presentation, O’Reilly provided an interesting look at the payoffs of network virtualization. He detailed the innovative way in which UBC is virtualizing the campus network to increase security, provide new functionality and reduce energy. Virtualizing the UBC network enabled many other services including wireless, VPN, virtual devices (VMs), virtual storage (SAN), virtual desktops and virtual load balancers.

During his discussion, O’Reilly mentioned a compelling conversation with Dave Foss, IT Director of Research Laboratory of Electronics at MIT.  O’Reilly attended a CIO Networking Forum sponsored by Dell and 3Com at the Hotel Teatro in downtown Denver. The CIO Networking Forum was hosted by Dave from MIT and Fred Tarca, Chief Information Technology Officer of Quinnipiac University. The event included a roundtable discussion on such topics as: How to leverage IT to help recruit students, attract funding and support research initiatives.

Dave Foss talked about his primary responsibility at MIT —  to provide the best infrastructure and support possible to enable leading-edge research initiatives, attract grants and funding, and to recruit and retain the world’s brightest minds. Dave explained that the MIT Research Laboratory of Electronics required 10GE connections to support testing of a next-generation MRI machine in their lab and needed the network capabilities and flexibility to adapt to new requirements in order to compete for grants. MIT has earned significant research grants because they can provide the best network infrastructure, and this has enabled his lab to grow faster than any other lab on campus.

A top priority for Fred Tarca at Quinnipiac University is to ensure that the network meets student and parent expectation.  Fred views parents as paying customers and is committed to delivering the level of support and service they expect.  He also requires the same level of commitment to customer support from their vendors.

One of the things not discussed in either Dennis O’Reilly’s session or the CIO Networking Forum was how network virtualization might play out in a multivendor environment. The reality is that current best practices for running today’s network infrastructures apply to both a single or multivendor network. For example, establishing well-defined, open standards boundaries between the access and core network layers provides a logical demarcation to deploy a different vendor solution if it makes feature/function or economic sense to do so.

Gartner recently published a research note around this very topic citing that: “The operational impacts of introducing a second vendor for basic network infrastructure are modest and easily handled by most organizations.” It continued: “Introducing a second vendor will reduce capital expenditures (capex) by at least 30% (and often more), while only minimally increasing operational expenditures (opex).”

Three key themes echoed throughout the event as being critical to academic institutions today: delivering centralized services, network speed and world-class service. With the conference behind me and another year quickly drawing to a close, I look ahead and wonder how higher education networks will evolve over the next five years? Where academic institutions will invest next? Let us know what you think.