Harvard Offers Sneak Peek Into Their Network

Bob Brown writes "Harvard University doesn't usually talk much about its internal network, but here, the guy overseeing it opens up about the homegrown and commercial tools used to manage the massive system." From the article: "Harvard, as of late, has been exhibiting another telco trait - considering the network as part of the university's critical infrastructure. As such, its construction is considered during the initial planning phases of building renovation, new construction and campus expansion projects. The data networks that are being built today, at Harvard and similar institutions, are being built to host a variety of IP-based traffic. Most every physical-plant control device, whether it be security cameras, chilled water-valve actuators or parking garage card readers, are being designed to work with the IP network"

Wait ..

[karvind]

Wait till MIT hears about it !! :P

Re:Wait ..

[Globby]

Oh... you mean that trade school down the River... :)

Re:Wait ..

[Dachannien]

Maybe I'm wrong, but I thought the point of the GP was that once the MIT students hear about it, the occurrences at Harvard of building lights blinking on and off or the temperature fluctuating wildly during the day would be non-stop.

Re:Wait ..

[kfg]

MIT was MIT when Harvard was a pup
And MIT will be MIT when Harvard's time is up
And if any Harvard son of a bitch thinks he's in our class
He can pucker up his rosey lips and kiss the beaver's ass

And should we find a Harvard man within our sacred walls
We'll take him to the physics lab and amputate his balls
And if he should cry uncle well I'll tell ya what we'll do
We'll stuff his ass with broken glass and seal it up with glue

KFG

Re:Wait ..

[Globby]

Reminds me of another tale... When the Massachusetts Avenue bridge was built it was examined by MIT engineers who said, "This will never last... let's call it the 'Harvard Bridge'"

I'd like to work there.

[qualico]

I'd like to work in that size of environment.
*sigh*

[goes back to fixing another spyware ridden windows box]

Re:I'd like to work there.

[lucabrasi999]

I'd like to work in that size of environment.

Why don't you apply? I hear they are looking to fill at least one position.

Re:I'd like to work there.

[TubeSteak]

They have the money to do everything properly!
I can't remember the last /. article where that actually happened.

Documentation - Check
Test Environment - Check
Disaster Recovery Tests - Check
Inform the Users - Check

They made a really good move hiring someone from the Telephone Industry. Nothing like having someone used to managing critical infrastructure in charge of your biz.

Re:I'd like to work there.

[StarfishOne]

You ..can't.. do that... Dave.

Incompetence

[schmiddy]

All that, and they still don't know how to set up DNS properly.

-----------
$ host harvard.edu
harvard.edu A record currently not present
-----------

I notified them about this months ago, but they didn't seem to care. Most web browsers automatically try the "www" prefix when you type, say, "harvard.edu" into your address bar, so you don't notice this problem generally. However, if you try wget, you can see it fail.

-----------
$ wget harvard.edu
--14:38:45-- http://harvard.edu/
=> `index.html'
Resolving harvard.edu... failed: Host not found.
-----------

Pretty sloppy if you ask me.

Re:Incompetence

[Anonymous+Crowhead]

What magical internet law dictates having a web server at hostname.com? And what other law dictates hostname.com resolve to an ip address? If anything, they are being pendantic, not sloppy.

Re:Incompetence

[Feyr]

rfc states (don't rember which one, sorry) that hostname.com MUST point to an A. a CNAME is illegal.

it is also Good Practice to have an A record on your hostname. for legacy reasons. some mail systems will refuse to send and/or receive mail if the A is absent (although they may check for MX, there's no garantee)

Re:Incompetence

[s88]

You can call me pendantic, but the proper spelling is pedantic.

WiFi Accounts Disabled

[MLopat]

My favorite piece of network technology at Harvard is their system to shut off a student's WiFi network access when they have a scheduled class. :) Been in use for a while now, and it sure cut down on the kids at the back of the class yelling "PWNED YOU!" during a lecture.

Re:WiFi Accounts Disabled

[theJML]

Because there aren't any legitimate uses of internet access during class time...

Like maybe browsing the notes to the lecture that the teacher made available and adding notes/annotations
Pulling down source code from the book you've got because it didn't come with a CD (that costs extra)
Googling for more info to assist a group project
Uploading/Downloading your notes from your home server so you can keep them all in one place
Saving bookmarks and urls that a teacher may point out as a good source for more info
Using your laptop to run a presentation/group project
etc...
I know I was able to get a lot of use out of internet access when I was in the classroom a number of years back. It was Quite invaluable in MANY of my classes. The annoying thing is that we didn't have wireless then so I had to make sure I was by a port, although many of the newer buildings had classrooms where there was a network port and power plug available at every seat (if there weren't already PC's there). How one sided of a universtiy to think that because someone COULD missuse a piece of technology, that everyone will... but then again, it is Harvard. I bet they talk to the RIAA on a regular basis.

Re:WiFi Accounts Disabled

[A_Duck_Named_Ping]

This policy is in effect at the Harvard Business School only, afaik.

Instructors may override this per student, or per class when needed.

Re:WiFi Accounts Disabled

[shawn(at)fsu]

Using your laptop to run a presentation/group project
Store it locally
Uploading/Downloading your notes from your home server so you can keep them all in one place
Store them locally temporally
Like maybe browsing the notes to the lecture that the teacher made available and adding notes/annotations
Pulling down source code from the book you've got because it didn't come with a CD (that costs extra)
Grab them before class and store them locally

Googling for more info to assist a group project
This one can't be answered by store it locally, but in my years in college we never had the chance to work on a group project during class time.

Re:WiFi Accounts Disabled

[jacksonj04]

Tablets. Without WiFi for my tablet, half the features which do things like cross-reference stop working. I quite like being able to quickly look something up, whilst still scrawling notes, then drop it straight into my work. Tap the 'save' and the whole thing is backed up off-site.

I'm only in 6th Form at the moment, but I find being able to access everything absolutely invaluable. I could live without it, but having 3 years worth of notes on-hand to search through comes in useful.

MIT already knows. (was Re:Wait..)

[elwinc]

Crimson brags about its class B address -- MIT has a class A! And if you look at the physical connection, last I heard the Harvard campus was served by a fiber strung along the MBTA Red Line tunnels -- straight from an MIT router!

Why?

[Mr.+Freeman]

What's the point of being able to control a cold water valve actuator through the internet? Wiring everything into their internet servers just creates a lot more problems when something goes down.

If a server goes down you would expect that internet access would not work. But now if a server goes down you can't access the internet and you can't get water either. Considering the fact that most networks are poorly configured anyway, the amount of problems that could be generated from something like this far outweigh the ability to actuate a cold water valve through the network,

Re:Why?

[Chabil+Ha']

Wiring everything into their internet servers just creates a lot more problems when something goes down.

While true, that's another part of the system's analysis and design. A risk and cost/benefit assessment must be made. How important are these services in the event of IP failure? What redundency can be built in to avoid it? What are the consequences of a security breach? etc. It seems to me that if they were smart enough to address IP possibilities before construction begins, they also have the brains to make such assessments--which means that despite the obvious problems that might come up, they have solutions that outwiegh the costs.

Re:Why?

Why would you want to control an actuator valve remotely? Because in the event of an emergency you can respond a lot faster by pressing a few keys than you can by sending a man out to do it for you. It is also cheaper for maintenance purposes. I know a valve doesn't sound very complex but when you talk about an entire system, especially a loop that serves multiple buildings it all adds up. It also allows you to monitor the system and tune it so that you aren't wasting energy. There are other reasons too but there are some major ones.

In addition most networks for controlling critical building services are separated physically from the rest of the network. And even if the network were to go down the valves or equipment would be set to fail in a certain position ensuring not only safe operation but continued service.

Re:Why?

[denobug]

What's the point of being able to control a cold water valve actuator through the internet? Wiring everything into their internet servers just creates a lot more problems when something goes down.

A cold water valve actuator works very differently from your faucet in your ketchen, both in the mechanics and scale of flows.

Let me begin by pointing out the facts that most, if not all of the new industrial controls are trying to get on the IP based networking already. It is far cheaper to convert all different wiring and protocols (RS-232, RS-485, serial communication in general and Common and proprietery protocols like Modbus, ControlNet, etc.) and have them run over the TCP/IP network than having dedicated networks on all of those devices across a plant, or in this case, across the campus (and possibly multiple "plants."

TCP/IP network is scaleble, and second, it can be secured (with proper isolation and expertise). It is also transparent, i.e. multiple typs of physical wiring/connection scheme can be used. Other industrial protocols (yes, there IS a protocol involved in that actuator valve you mentioned, and so does other devices) often are either proprietary or are "narrow-band" type protocol designed to run across a serial cable. Running multiple networks on dedicated medium requires more wiring than single TCP/IP network. It also makes it difficult to do upgrade/equipment change-out in the future. When changing out industrial equipments down the road (we're talking about like 10 years later), technology changes, making it unreasonable to put up a wiring that will need to be changed.

In addition, there are usually limitations on the physical length of the wiring on the medium. Most protocols not based of TCP/IP model tends to be limited on the length on its own, requiring a repeater if it needs to travel longer distance (we're only talking about more than 250 ft). TCP/IP network, on the oter hand, has switches and routers in place, they act as the repeaters when needed. TCP/IP can also be run on fiber, expanding the distance a lot farther than traditional copper wires. Across the campus control with direct serial cable might work (RS-485, for those who are famaliar with them), but management cost is a lot higher today using pure serial wiring network than new "virtual" network resides on TCP/IP infrastructure. Signals can be re-routed without signigicant physical re-wiring as well.

Let's also talk a bit about the "why" we need to have the on that actuator valve connected to the network. Modern campus-wide (or plant wide) controls are monitored and done by a centralized control room. They monitor and issue commands to run the equipments to maximize the use of equipments while minize the cost of operation (wages = expansive cost). Actual machine controls(flow control, automatic safety switches) are done by PLC or other embedded devices on site. They are your field operators today! The commands are issues by the central Control Room to those controllers, and they in term control individual devices (pumps, valves, power breakers, you name it). If my descriptions does not convince you how complicated it can be, it is. To have dedicated control networks on those devices, which are not necessarily on the same protocols, especially not at one location, only add cost to the control system. It is better to "out-source" the transmission medium to a more transparant network platform and let the networking people to ensure its constant uptime.

I'm sure I do not have to mention the use of VOIP, audio/video, survalience (security) on the TCP/IP network. We already beat the subject to death.

Necessary Approach

[iamlucky13]

I worked for the network and telecommunications department for a smaller university for a few years. Building the infrastructure in place like this is critical. We constantly found ourselves working out awkward solutions to providing access to older buildings. A couple of the buildings are running ethernet over phone wires and served by hubs that are 20 years old because they are the only thing with a strong enough signal for the quality of the wires. Two of the dorms are using Cisco's LRE DSL technology. Locating IDF's when we did major upgrades was a pain in the butt. Sometimes we would spend most of a day adding a couple drops to a single office that needed more space, but rewiring that wing wasn't in the budget. In the long run, the costs add up, as do the frustrations.

In contrast, our newest building is thoroughly wired (with the perplexing and random exception of two small labs that I spent several days running cable to last summer). Even the closets have multiple ports, just in case, and that has been important several times.

Documentation is equally important, and someplace where we currently lag. Currently, what goes where is stored in our heads, and gets lost every time someone leaves. The mix of old and new standards, as well non-standard crap has made the documenting process difficult. Also, it is impossible if there isn't a method in place for ensuring that changes made as documentation is being built up aren't recorded.

Another challenge is correctly anticipating what your future needs are and building in expandability. Our athletic center was built right before the networking became standard, and while it has plenty of phone lines, the distance is too far to run ethernet in some cases, and the routing makes spot-upgrades close to impossible.

Re:MIT already knows. (was Re:Wait..)

[blinder]

huh, interesting. i take the t every day between harvard and central and i've always thought, as i stand in the car... looking at those bundles of cables, "what if i chopped through them?"

so... if that is right... i could, theoritcally, break the intarweb for all of harvard?

oh, did i just say that outloud? i mean come on! what do you think when you see large bundles of cable?

Re:MIT already knows. (was Re:Wait..)

[Kermit870]

so... if that is right... i could, theoritcally, break the intarweb for all of harvard? +5 Interesting? Only on slashdot.

Re:MIT already knows. (was Re:Wait..)

[The+Pim]

It used to be a microwave link to MIT. When whether was bad (and remember this is Boston), we had massive packet loss.

If only you knew.

It's not nearly as rosy a picture as is painted in the article. I've been working in IT at Harvard for quite a few years and until recently we've had too small of a budget with priorities on gadgets for VIPs and not regular infrastructure replacement. We're still in the dark ages in many ways.

Those custom apps he brags about? They break, are poorly documented, and we're in fact trying to move away from them as much as possible. Testing of major network changes is so poorly done as to be nonexistant in many cases. And let's not even get into the uptime of critical systems like email and webspace (those have been down for hours at a time, days in a row for week son end).

And those staff numbers? Inflated. We are really short-staffed.

I interviewed at Harvard

[drewzhrodague]

Twice, actually. Once for the design/architecture area. Nice gentelman interviewed me, and I was delighted to see that he was also into printing things. I was bombarded with recruiters at the time.

The other person I interviewed with was an asshole, insulting me in the interview. It was a Solaris shop, and at the time, the guy said that E10Ks were 'small', and that I needed experience with something bigger before I 'wasted any more' of his time. I scratched my head, and wondered what part of Sun's product line he was thinking of.

After repeatedly trying to get the position of someone I *knew* who's slot was now open, I gave up on Harvard, and worked at MIT's media lab as a volunteer. Besides, MIT had more interesting coffee machines, and lots of legos.

Disclaimer: I have only a GED.