NET 99 University of Florida Council on Information Technologies & Services May 25, 1995 Table of Contents Preface 1 Current Network Providers 1 Organizational Relationships Among Service Providers 3 Where We Need To Be 4 User Support Issues 5 Funding Models for Networking 8 Network Security and Reliability 9 Future Trends 10 The Bottom Line 12 Summary of Recommendations 13 Appendices: Appendix 1 -- NET99 Goals Appendix 2 -- Progress to Date Appendix 3 -- Organizational Relationships Appendix 4 -- NTSC Funding Models Appendix 5 -- NTSC Network Security Report Appendix 6 -- NTSC Reliability Report Appendix 7 -- NTSC Report on Future Trends Appendix 8 -- WAN Workgroup Report NET99 REPORT Current as of May 25, 1995 PREFACE Network '99 began in late Fall 1993 as a project of the University of Florida Council on Information Technologies and Services (CITS) aimed at moving the University networking environment forward and as an outgrowth of the 1991 "Report of the Task Force on Information Technology Resources" goals and recommendations. The specific goals of NET99 can be found in Appendix 1. A summary of the Council's prior achievements related to the 1991 report can be found in Appendix 2. After a year of study by the Council and its standing committees, a series of recommendations has evolved to move the University's networking environment from the present to where it needs to be in 1999. The remainder of this document presents and discusses these recommendations. CURRENT NETWORK PROVIDERS The University of Florida's (UF) current networking services are provided by a complex of several major service providers tied to many limited-mission systems. These systems, in turn, have a gateway to outside services such as FIRN and SURANET, the regional Internet provider. The major providers are, in alphabetical order: HEALTHNET -- a coalition among units of the Health Science Center whose mission is to build and operate a high-performance communication network for the HSC faculty, students, clients, and patients. HEALTHNET provides networking services to the J. Hillis Miller Health Center including Shands Teaching Hospital; the Colleges of Medicine, Nursing, Pharmacy, Veterinary Medicine, Dentistry, and Health Related Professions; and associated clinical operations statewide. It operates a Metropolitan Area Network in Gainesville, provides its own backbone and wiring services (including telephone station and riser cabling), and provides network infrastructure to the desktop for its clients. HEALTHNET utilizes UFNET for connections to the rest of the campus. HEALTHNET operates through the Vice President for Health Affairs. ICON -- IFAS Computer Network -- provides computing resources and statewide data communications to support the faculty, staff, and students of the Institutute of Food and Agricultural Sciences (IFAS). ICON provides networking services for IFAS' on-campus - 1 - facilities, has an extensive on-campus presence, and uses FIRN to provide services to extension agents and research centers through a Wide-Area Network (WAN) to all 67 counties statewide. ICON utilizes the Northeast Regional Data Center (NERDC) for connection to the Internet, the UFNET backbone, and Network Services for many of its inter-building connections. ICON operates through the Office of the Vice President for Agricultural Affairs. NERDC -- Northeast Regional Data Center -- also provides networking services to the University community. NERDC provides the campus gateway to Florida Information Resource Network (FIRN), the Internet, BITNET, and the state and campus Synchronous Network Architecture (SNA) networks for the other major network providers on campus. Network Services funds certain of these activities. NERDC provides a campus-wide token ring backbone and modem pool. NERDC also provides frame-relay support to the state Division of Communications and houses the Alachua County Freenet central hardware and modem pool. The State University System-wide online Library User Information Service (LUIS) runs at the NERDC. NERDC is an SUS regional center which is obliged to recover all of its operating costs through user fees. The NERDC is administered through a Policy Board chaired by the Provost of UF. NS -- Network Services -- provides policy and standards coordination among all network providers. Through UFNET, NS provides the main campus backbone, inter-, and some intra-building wiring. Network Services has the responsibility to provide core networking services and campus-wide video distribution (planning, deployment, operation, maintenance, and monitoring of the fiber plant and associated equipment and electronics) for the support and benefit of any and all units of the University administered through the Office of Information Technologies and Services and the Office of the Provost. In addition to these major providers, other units have mission-limited systems. The Center for Instructional and Research Computing Activities (CIRCA) provides network services for a targeted group of users. CIRCA, responsible for several large computing laboratories for students, operates its own network to serve these laboratories and provides a modem pool for student access to campus computing activities. CIRCA also provides technical (including wiring) and management services for its own labs and for the Colleges of Education, Fine Arts, and Architecture. Administratively, CIRCA reports to OITS and to the Office of the Provost. Voice communications is the responsibility of the Physical Plant Division which provides telephone service to all of the University through a contract with the Southern Bell Company. The Office of the Vice President for Administrative Affairs ultimately is responsible for the operation of telecommunications at UF. The Office of - 2 - Information Technologies and Services is responsible for policy formation. The Colleges of Business, Engineering, Journalism, Law, Liberal Arts and Sciences, and the Division of Housing all supplement the services of the major providers but limit their activities to their own (sometimes multiple-building) constituents. ORGANIZATIONAL RELATIONSHIPS AMONG SERVICE PROVIDERS The organization of the networking environment at the University of Florida is highly complex because of funding, history, and administrative structure. The University receives state funding in three distinct operating budgets, one for the Health Science Center, another for the Institute of Food and Agricultural Sciences, and the third, Education and General, which supports all of the other academic and research programs of UF. Administratively, the University is highly decentralized; colleges and departments enjoy a good measure of autonomy. Thus, as the need for networking services began to be felt, the budget units and colleges within these units responded in differing ways, depending on resources available to them and the priorities they placed on access to computing and networks for their faculty, staff, and students. As a result, the development, operation, and maintenance support for data communications is a series of shared responsibilities. From the budget framework, four network organizations have emerged: HEALTHNET, ICON, NERDC, and Network Services. The organizational chart in Appendix 3 shows the relationships among these major providers. More detailed mission statements are also included in Appendix 3. This division of responsibilities and sharing of resources for network communications recognizes the historical and budgetary distinctions within the University wherein each of the units described above has its own special mission and constituencies. At the day-to-day operational level, there seems to be fairly general agreement that relationships among these service providers are reasonably effective and have substantially improved over the past several years, perhaps in part because each manager, as a Council member, has had continuing opportunity to interact on a regular basis with his or her peers in the resolution of networking problems. In addition, the interactions between faculty and staff on the three very active standing committees of CITS have resulted in some positive contributions to our networking environment. However, when it comes to describing current relationships within a formal document, differences in perspective are clearly evident. A self-description of service providers is attached (see Appendix 3.) There are instances of overlap between, ambiguity within, and even - 3 - disagreement with, the self-described role, scope, and responsibility of each. Though these formal differences sometimes cause serious, often heated disagreement, the professional commitment of the people involved has tended to minimize the impact of these disagreements upon daily operations, especially in the last three to four years. More importantly, these differences in perspective also show up in expressions of viewpoint on where -- organizationally, fiscally, and technically -- the University should head in providing its critical network functions. At present there is no consensus among the network services leadership on that direction and there are strongly held and articulated visions regarding it. Yet, robust and comprehensive network services are critical to our future as we move into the next century. There will never be enough resources, neither money nor personnel, to allow duplication of services or warfare over turf and technology. These differences in perspective and vision must be resolved and resolved in such a manner that no resource is wasted nor energy lost as we build for the future. No one knows the future; we must forge consensus and allow for the flexibility we shall need to meet the challenges of the year 2000. We need to resolve the incongruities which render dysfunctional our abilities to establish clear organizational relationships and responsibilities among the network service providers. The resources that we have must be utilized to provide the full range of services without unnecessary duplication and without territorial disputes at the expense of seamless service to the end users. Meeting the networking needs of 1999 will require the full range of expertise we have on campus working in concert to meet our common goals. Recommendation OR1: CITS needs to facilitate the establishment of clear working relationships and responsibilities among the major network service providers. WHERE WE NEED TO BE The challenge is clear. The distributed providers described above must be able to work together to provide robust and seamless-to-the-user networks and concomitant technical support to handle the expected exponential growth in network demands. Those demands will be driven by applications which, in spite of their evolution thus far, are still growing in terms of their ultimate impact. Applications which have only just begun to grow include: * Routine, full-featured off-campus access for students, faculty, and staff * Distance education with integrated two-way interactive video and data services - 4 - * Medical imaging and telemedicine * Graphical displays * Full document retrieval and searching * Networked, multi-media classrooms * Web pictures, sound, and video * Ubiquitous use of hypertext * Increased need to provide access for use of portable computers by students Providing the strategic resources necessary to handle these types of applications to their maximum potential 24 hours a day, 7 days a week, at a high percent reliability level, is critical to the missions of the University. To help the University move from its current networking status to a point where these demands can be accommodated, we make the recommendations below in the areas of User Support, Funding Models, and Technology Issues. Implementation of these resources is going to require considerably more resources than the University is currently investing in campus networking and will also require more efficient use of the resources already being invested. USER SUPPORT ISSUES The University community, as a whole, is composed of a large number of faculty, staff, and students. Although the majority of this community is located on and/or around the Gainesville campus, both the Institute of Food and Agricultural Sciences (IFAS) and the University Health Science Center (HSC) support a large contingent of personnel that are permanently stationed at various locations throughout the state. Irrespective of their assigned location in the state, the faculty, staff, and students require equal access to the wide variety of computing resources and information available on campus and throughout the Internet. With respect to this diverse user community, five support areas need to be addressed: Departmental Level Support, Single Point of Contact, Training, Access, and Communication with Users. Departmental Level Support - 5 - The primary support for network usage needs to reside at the local (departmental or college) level. Because of the unique nature of most local area networks and their interface to larger networks, it makes the most sense for each department to have a designated network support person who is familiar with the computing environment in that department and with the applications being used. Where smaller departments are unable to justify this level of staffing, several departments should be encouraged to share a line item for a computer support person or perhaps consolidated support could be provided at the college level. It is important that these local personnel be able to assist with installation, basic training, troubleshooting, and problem determination. Single Point of Contact Along with the departmental and college-level support there needs to be a campus-wide single point of contact. This would be one phone number that any computer user can call for initial problem discussions or questions. Most likely, this should continue to be the UF Computing Help Desk. In many instances, calls to this number might result in referral to the appropriate departmental or college resource person. Department and college-level consultants should make sure that personnel at this central site are apprised of the computing environment in their college and of any problems which might affect end users. This phone number should be answered 24 hours a day, 7 days a week (24/7). In-person problem resolution, referral, and follow-up would be provided during prime and second shift hours with more limited emergency response available during third shift. Third-shift coverage could perhaps be provided by current 24/7 operations personnel. Follow-ups should be conducted by the central site when referrals have been made to make sure that problem resolution was successful. Access Every university office and residence hall should have 24/7 access TO the central campus network, administrative applications where appropriate, the campus CWIS, and out to the Internet (except during scheduled or emergency maintenance). The university also needs to ensure that there are sufficient resources to provide remote access to central sites FROM off-campus locations (student, staff, and faculty homes, and off-campus offices) and from distant locations when required by faculty and staff away on University business. Training Network Services needs to coordinate ongoing training both for the end users of network services and for the technical personnel who provide and manage those services. - 6 - End users need regular training in the use of network services and in ways to access those services. In most cases, the training on access and on the use of departmental network services needs to be done on an individual or departmental basis by departmental network managers because of the unique nature of most departmental environments. Campus-wide training in the use of campus-wide network services (such as the campus CWIS, the UF Menu System, etc.) and beyond (such as World-Wide Web home pages, etc.) can best be handled through ongoing training programs such as those currently provided by the Library, the Faculty Support Center for Computing (FSC), the Personnel Division, and the DAta Network Computer Education (DANCE) program. Service providers need to make consistent use of these ongoing programs to provide updated training to staff campus-wide. Technical personnel also need training to help them keep up with the legal and technical changes inherent in managing a constantly changing computing environment. This training needs to be provided university-wide, including personnel from the Education and General (E&G) budget, IFAS, the Health Center, and Shands. This will require the use of several levels of training: peer-to-peer, cross training, resource sharing, and professional-level vendor training. Efficiencies can be realized by pooling resources to bring vendor classes to campus for commonly sought topics in order to save money normally spent on travelling to remote sites. Technical personnel also need to be provided with training in the areas of network management, project management, communication skills, and the other affective components of their job duties. The technical training needs of the campus are currently being studied by a workgroup of the Council on Information Technologies and Services Standing Committee on Administrative Computing (CITSADMN). It is recommended that attention be paid to the specific needs of campus network managers in this study. The coordination of these training efforts needs to be addressed centrally. Communication with Users With growing dependence on network services, it is imperative that we formalize the means for communicating with end users about the status of the network. While it is realized that one cannot anticipate emergency problems, it is important that we communicate changes and planned maintenance outages in advance whenever possible so that users are not unnecessarily confused or frustrated when trying to accomplish their work through the networks. It should be the responsibility of the departmental network managers to communicate with their users in advance of any known network problems, changes, or outages. Centrally, departmental coordinators need to keep personnel at the single point of contact informed of any planned changes so that explanations can be provided to end users when the departmental resource person is not available. It is recommended that a listserv or web site be established so that communication can be kept current among network personnel and so that there can be an accessible location for network information. This would enable departmental - 7 - personnel to keep information about their own systems updated and permit the information to be available campus-wide. Recommendation US1: Every department should designate a network support person who will provide basic training, troubleshooting, problem determination and resolution for the users of that unit. The designee's job description should reflect these responsibilities. Recommendation US2: The UF Computing Help Desk should be given the resources and responsibility to be the single point of contact for all users, twenty-four hours a day, seven days a week. The Help Desk should also be responsible for maintaining a list of departmental user support personnel and should have access to network personnel who can provide 24/7 problem resolution. Recommendation US3: Network Services should be given the resources and responsibility to establish an 800-number modem pool to provide access to faculty, staff and students from off-campus locations, both local and statewide, including remote IFAS and Health Center locations. Recommendation US4: Network Services should be given the resources and responsibility to serve as the campus-wide coordinator of training for technical and department network support personnel. Resources should also be made available to those units that provide the training. Recommendation US5: The UF Computing Help Desk should establish a web site or listserv for network personnel and end users{ in order to communicate about the status of our networks. FUNDING MODELS FOR NETWORKING In addition to maintaining current networking services, there is a need to provide enhanced services in the form of additional hookups and in the form of additional robustness for current connections. The present model for funding these networking services is inadequate. Both the CITSADMN and the CITSAC standing committees prepared reports on possible funding models to support networking services. These were sent to a subcommittee on Funding Models which has presented three models for consideration. These models are presented in the January 26, 1995, report, "Funding Models for Network '99 Core Network Operations," which can be found in Appendix 4. The three funding models, explained more fully in the report, are summarized as follows: - 8 - 1. Base funding from a variety of sources. Enhancements from end-of-year funds if available. 2. Annual budget for core operations. Major adjustments to the core network come from a separate budget and/or from those who require the adjustments. 3. Enhanced services to be paid for by the recipients of those services. Model one basically describes the current funding model which is tied to end-of-year surplusses. It will not provide the resources necessary to meet future needs. Recommendation FM1: The University needs to utilize a funding model which provides an annual budget for core operations, a separate budget for required adjustments to the core service, and which will charge recipients for enhanced services. NETWORK SECURITY AND RELIABILITY Network security is a large, complex topic which covers many areas of concern. The reports submitted on this topic by CITSADMN, the Standing Committee on Academic Computing (CITSAC), and the Networking and Telecommunications Standing Committee (NTSC) detail the areas that need to be addressed in projecting campus security needs. Special attention should be paid to the September 20, 1994, "Network Security Report," submitted by the NTSC which can be found in Appendix 5. This report also includes the concerns raised by CITSADMN and CITSAC and clearly delineates the issues before us. The NTSC report should be used as a guide for establishing network security policy, determining areas of risk to network security and availability, and implementing action items to avert those risks. A secure network needs uniform requirements for physical network integrity from telephone closets to classrooms, privacy for the users of the network, and assurances of data authenticity passed through the network. The campus community should be informed of University policies on network security, who is responsible for data and network security, and what the penalties are for those who use networks improperly. With respect to network security we recommend: Recommendation SR1: A Standing Committee on Information Security (SCIS) be established that permits regular interaction, communication, and cooperative activity among those who are responsible for ("owners" of) private, non-public, proprietary data; those who are responsible for facilitating the implementation of network hardware and - 9 - software network components required to secure these data; and those who are needed to participate in ensuring the authenticity of all data. It should also be the responsibility of this committee to communicate with the managers of local area networks on the campus decisions which impact the local area networks or require security measures by them. This Committee should be chaired by the campus ISM. Recommendation SR2: A risk audit should be sanctioned by the ISM and be performed by the SCIS to analyze those areas where the University is exposed to security threats. This audit should include a study both of the types of data that require specific security measures and of the delivery methods that are used to deliver these data to appropriate faculty, staff, and students. The audit should specify action items such as those recommended in the NTSC report which should be implemented for handling security risks. Recommendation SR3: A University security policy should be established which addresses policy and procedure issues as raised in the NTSC report in the subsection titled "Security Policy." The policy should be concise and enforceable. Specific guidelines should be provided separately where necessary to assist personnel in complying with the policy. This policy should be reviewed regularly. Network reliability is discussed extensively in the NTSC report of June 29, 1994 (see Appendix 6). In that report it is acknowledged that network reliability is difficult to measure meaningfully and the general approach suggested is to develop procedures which would work toward the goal of 100 percent network availability to the users. The NTSC report is quite specific and broad in its recommendations, addressing the areas of procedures, monitoring, physical security, environmental conditions, design, disaster recovery, personnel and training. Recommendation SR4: NTSC shall be briefed regularly of changes in management procedures and network design activities by Network Services. Similarly, other major network providers are encouraged to report on modifications in their activities. Recommendation SR5: Since network equipment is placed in every building which is connected to the network, it is necessary that space be allocated for the equipment. NTSC should continue the study it began in this report to create criteria for the kind and quality of the communications space. Network providers can then use these criteria to inform users of the requirements for space and how this may affect their quality of service. - 10 - Recommendation SR6: The role of the network administrator is increasingly important to a properly functioning department. Designation of where, or from whom, a unit gets its network support needs to be made by the unit executive. This designation should be made explicit in the job description of the designee and appear as part of the evaluation process. The unit should be prepared to make release time and training opportunities available to the designee. Recommendation SR7: Disaster recovery plans should be made for the voice, video, and data networks. The role of communications is critical in the event of a disaster; however such plans only make sense within the context of a larger University plan sanctioned by the Provost. In particular, some understanding needs to be reached about what constitutes a disaster for a university and what is the role of the University in the event of a disaster. Recommendation SR8: There should be a resource for LAN managers to call to receive trouble-shooting assistance 24/7. FUTURE TRENDS We cannot, in good conscience, state at the beginning of 1995 what technology will exist or be needed by UF in 1999. That is a prime example of the moving target that is embodied by our modern technology. The best we can do from this vantage point is to recommend practices that will help UF keep abreast of whatever technologies come along, will help UF position itself to take advantage of emerging technologies that CAN be forecast, and which will assist UF in implementing those technologies in ways that support the educational, research, and service missions of the University. To these ends, we make three recommendations. Recommendation FT1: OITS should assess, with broad user input, what applications users need now and applications they can predict they will need in future years. The results of this study can then be used by campus technical personnel to assess which technologies might be needed to support those applications. Recommendation FT2: User needs and network plans need to be reviewed at least annually by CITS and analyzed in view of the known needs and possibilities. It is recommended that CITS keep in touch with the user community as user application needs become apparent and network resources become available. - 11 - Recommendation FT3: Network Services should develop procedures for keeping abreast of Wide-Area Networking (WAN) trends as they relate to long-distance carriers, to cultivate beneficial relationships with the carriers, and to provide a campus-wide clearing house for WAN-related activities. We once again refer to the excellent work done by the NTSC. Its December 6, 1994, "Report on Future Trends in Networking Technology," can be found in Appendix 7. For a more detailed discussion of the issues and specific recommendations related to WAN services, see the October 3, 1994, report from the WAN Workgroup in Appendix 8. The NTSC report looks at the advantages and disadvantages of currently known future technological networking trends in three main areas: mobile communications, client/server computing, and multi-media services. These include specific technological options such as Speeding up Existing Technologies, Switching Hubs, ISDN, ATM, different cabling media (unshielded twisted pair, single- and multi-mode fiber, and coax), and Wireless communications. A review of these summaries should serve as the starting point for analysis of future technologies for campus. We quote three sections of the NTSC December 6, 1994, report as supportive of the spirit of these recommendations: "2. Future of This Report -- As part of the annual review process, NTSC should review the 'Future Trends' document from the previous year early in the Spring. This would allow Network Services and other campus organizations involved in networking to incorporate any recommendations into their budget request for the coming year. However, no emerging network technologies will be a factor at UF until a consistent and adequate funding base can be established for maintenance and growth of this mission-critical resource." "3. Introduction -- Networking technology is changing rapidly in almost all areas. Decisions about which of the emerging technologies will ultimately prove useful in the UF environment, let alone hold enough market share to be well-supported and economically feasible cannot be made at this time. Historically, UF has made technological advances in information technologies either through close vendor relationships or by waiting until commodity level pricing was reached. Many of the problems of being at the cutting edge of technology are eliminated as a result. In this report, we will evaluate the various technologies on the horizon with an eye for how they might impact UF. There are three general directions that we are watching: Mobile computing, client-server computing, and multi-media applications. Some applications, like Mosaic, combine two or more of these modes. Client-server and multi-media both tax the available bandwidth of the wired network. Some forms of multi-media like interactive - 12 - video require low-latency to be effective. There are various ways available now and coming available to handle the bandwidth problems. Whenever we are dealing with new technology, we should follow standards which come from an open discussion whether that be the Internet RFC process, the IEEE, the ISO, or NIST." "5. Conclusions -- It is very difficult to guess how many people will drive across a bridge by observing how many swim the river. In order to make any reasonable projections of needs and appropriate technologies, the user population must be surveyed. This includes the faculty, administration, staff, and students, who should be asked about both desired uses (teaching, research, service, management, work at home, etc.) and requirements (speed, distance, reliability, delay, costs, etc). Until this survey is made, it will be difficult to determine the impact or the value of deployment of emerging and often-expensive technologies." THE BOTTOM LINE Units in the University have managed to initiate distributed networks and networking service organizations that permit local LANs to connect to campus-wide and national networks for the most part. Although the network service providers work well together in many instances to provide seamless interconnections among the various units, there remain some lapses in service while energies are sometimes spent in duplicating other services. It works, although not always well for everyone. The current level of service, cooperation, and funding will not carry us to the year 1999. We have tried, in this document, to make recommendations in the areas of user support, funding models, security and reliability, and positioning for future trends that will help bridge the gaps so that the University can expand its networking resources in both scope and robustness. The goal of these recommendations is to help the University reach 1999 with the realized vision of a network which operates as an effective utility for the campus - 13 - SUMMARY OF RECOMMENDATIONS ORGANIZATIONAL RELATIONSHIP RECOMMENDATION Recommendation OR1: CITS needs to facilitate the establishment of clear working relationships and responsibilities among the major network service providers. USER SUPPORT RECOMMENDATIONS Recommendation US1: Every department should designate a network support person who will provide basic training, troubleshooting, problem determination and resolution for the users of that unit. The designee's job description should reflect these responsibilities. Recommendation US2: The UF Computing Help Desk should be given the resources and responsibility to be the single point of contact for all users, twenty-four hours a day, seven days a week. The Help Desk should also be responsible for maintaining a list of departmental user support personnel. Recommendation US3: Network Services should be given the resources and responsibility to establish an 800-number modem pool to provide access to faculty, staff and students from off-campus locations, both local and statewide, including remote IFAS and Health Center locations. Recommendation US4: Network Services should be given the resources and responsibility to serve as the campus-wide coordinator of training for technical and department network support personnel. Resources should also be made available to those units that provide the training. Recommendation US5: The UF Computing Help Desk should establish a web site or listserv for network personnel and end users{ in order to communicate about the status of our networks. FUNDING MODEL RECOMMENDATION Recommendation FM1: Network Services needs to utilize a funding model which provides an annual budget for core operations, a separate budget for required adjustments to the core service, and which will charge recipients for enhanced services. NETWORK SECURITY RECOMMENDATIONS - 14 - Recommendation SR1: A Standing Committee on Information Security (SCIS) be established that permits regular interaction, communication, and cooperative activity among those who are responsible for ("owners" of) private, non-public, proprietary data; those who are responsible for facilitating the implementation of network hardware and software network components required to secure these data; and those who are needed to participate in ensuring the authenticity of all data. It should also be the responsibility of this committee to communicate with the managers of local area networks on the campus decisions which impact the local area networks or require security measures by them. This Committee should be chaired by the campus ISM. Recommendation SR2: A risk audit should be sanctioned by the ISM and be performed by the SCIS to analyze those areas where the University is exposed to security threats. This audit should include a study both of the types of data that require specific security measures and of the delivery methods that are used to deliver these data to appropriate faculty, staff, and students. The audit should specify action items such as those recommended in the NTSC report which should be implemented for handling security risks. Recommendation SR3: A University security policy should be established which addresses policy and procedure issues as raised in the NTSC report in the subsection titled "Security Policy." The policy should be concise and enforceable. Specific guidelines should be provided separately where necessary to assist personnel in complying with the policy. This policy should be reviewed regularly. Recommendation SR4: NTSC shall be briefed regularly of changes in management procedures and network design activities by Network Services. Similarly, other major network providers are encouraged to report on modifications in their activities. Recommendation SR5: Since network equipment is placed in every building which is connected to the network, it is necessary that space be allocated for the equipment. NTSC should continue the study it began in this report to create criteria for the kind and quality of the communications space. Network providers can then use these criteria to inform users of the requirements for space and how this may affect their quality of service. Recommendation SR6: The role of the network administrator is increasingly important to a properly functioning department. Designation of where, or from whom, a unit gets its network support needs to be made by the unit executive. This designation should be made explicit in the job description of the designee and appear as part of the - 15 - evaluation process. The unit should be prepared to make release time and training opportunities available to the designee. Recommendation SR7: Disaster recovery plans should be made for the voice, video, and data networks. The role of communications is critical in the event of a disaster; however such plans only make sense within the context of a larger University plan sanctioned by the Provost. In particular, some understanding needs to be reached about what constitutes a disaster for a university and what is the role of the University in the event of a disaster. Recommendation SR8: There should be a resource for LAN managers to call to receive trouble-shooting assistance 24/7. FUTURE TRENDS RECOMMENDATIONS Recommendation FT1: OITS should assess, with broad user input, what applications users need now and applications they can predict they will need in future years. The results of this study can then be used by campus technical personnel to assess which technologies might be needed to support those applications. Recommendation FT2: User needs and network plans need to be reviewed at least annually by CITS and analyzed in view of the known needs and possibilities. It is recommended that CITS keep in touch with the user community as user application needs become apparent and network resources become available. Recommendation FT3: Network Services should develop procedures for keeping abreast of Wide-Area Networking (WAN) trends as they relate to long-distance carriers, to cultivate beneficial relationships with the carriers, and to provide a campus-wide clearing house for WAN-related activities. - 16 - Appendix 1 NET99 Goals Appendix 2 Progress to Date Appendix 3 Organizational Relationships Appendix 4 NTSC Funding Models Appendix 5 NTSC Network Security Report Appendix 6 NTSC Reliability Report Appendix 7 NTSC Report on Future Trends Appendix 8 WAN Workgroup Report