So they needed an intelligent load balancer to dynamically balance traffic among the IDS systems. There are devices you can purchase to do that, but they tend to cost in the $100,000-$200,000 price range. We saw this was an obvious use case for SDN and OpenFlow, so we hired a couple of grad students to develop software for an OpenFlow controller that instructs a $40,000 OpenFlow-enabled switch to do the load balancing. This is something we use in our production network.
Will you ultimately use SDN in your broader IU campus environment?
Let me outline that environment first. We have eight campuses, two of which are very large. The largest is Bloomington, which has a student population of about 30,000, 10,000 of which live on campus, and we have a network that provides students, faculty and staff high-speed access to the Internet and resources on campus. We have roughly 400 buildings in Bloomington and our own fiber plant interconnecting those buildings, and a large wireless deployment with close to 5,000 access points.
What a lot of people don't realize is that higher education has many of the same security and compliance requirements as commercial organizations, plus many other issues to deal with. For examples we have a health clinic on campus so we have information that is covered by HIPAA (Health Insurance Portability and Accountability Act). We have student data and there are federal regulations -- predominately one called FERPA (the Family Educational Rights and Privacy Act) -- that requires we provide a certain level of protection for the student data. And then we take credit cards at the bookstore and other places and need to support credit card industry security standards. So we have a mix of things that require a level of security and accountability that would be equivalent to many commercial organizations.
On top of that we have bring your own device on a scale that few other organizations see. For example, every semester we have to accommodate tens of thousands of new devices. Students typically show up with a phone, a tablet or laptop, one or two game machines, maybe a television set with an Ethernet jack. So it's a huge number of bring your own devices.
We have automated systems in place that register new devices, that ensure the users operating the devices agree to certain terms, acknowledge their responsibilities for using the network, ensure their machines are relatively secure, and ensure we can provide integrity for all the data we're responsible for.
In addition, at universities it's common for the faculty, the staff and the students to have full system administration rights to their devices. So, unlike a company which might have an IT organization that centrally manages the desktop, universities typically don't behave that way. It's typical that a faculty member will get a research grant and part of the funding in that grant allows them to get a particular laptop to support that research and they order whatever they want and they are the system administrator on that laptop. So the campus has to provide a sort of security manifold that sits over those kinds of uses while preserving the integrity of the network.
Sign up for Computerworld eNewsletters.