Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Harvard Offers Sneak Peek Into Their Network 132

Posted by ScuttleMonkey
from the what-makes-you-tick dept.
Bob Brown writes "Harvard University doesn't usually talk much about its internal network, but here, the guy overseeing it opens up about the homegrown and commercial tools used to manage the massive system." From the article: "Harvard, as of late, has been exhibiting another telco trait - considering the network as part of the university's critical infrastructure. As such, its construction is considered during the initial planning phases of building renovation, new construction and campus expansion projects. The data networks that are being built today, at Harvard and similar institutions, are being built to host a variety of IP-based traffic. Most every physical-plant control device, whether it be security cameras, chilled water-valve actuators or parking garage card readers, are being designed to work with the IP network"
This discussion has been archived. No new comments can be posted.

Harvard Offers Sneak Peek Into Their Network

Comments Filter:
  • Wait .. (Score:5, Funny)

    by karvind (833059) <karvind&gmail,com> on Monday March 06, 2006 @02:28PM (#14860489) Journal
    Wait till MIT hears about it !! :P
  • by qualico (731143) <worldcouchsurferNO@SPAMgmail.com> on Monday March 06, 2006 @02:29PM (#14860505) Journal
    I'd like to work in that size of environment.
    *sigh*

    [goes back to fixing another spyware ridden windows box]
  • Incompetence (Score:2, Interesting)

    by schmiddy (599730)
    All that, and they still don't know how to set up DNS properly.

    -----------
    $ host harvard.edu
    harvard.edu A record currently not present
    -----------

    I notified them about this months ago, but they didn't seem to care. Most web browsers automatically try the "www" prefix when you type, say, "harvard.edu" into your address bar, so you don't notice this problem generally. However, if you try wget, you can see it fail.

    -----------
    $ wget harvard.edu
    --14:38:45-- http://harvard.edu/ [harvard.edu]
    =>
    • Re:Incompetence (Score:5, Informative)

      by Anonymous Crowhead (577505) on Monday March 06, 2006 @02:52PM (#14860786)
      What magical internet law dictates having a web server at hostname.com? And what other law dictates hostname.com resolve to an ip address? If anything, they are being pendantic, not sloppy.
      • What magical internet law dictates having a web server at hostname.com? And what other law dictates hostname.com resolve to an ip address? If anything, they are being pendantic, not sloppy.

        Though, for largely historical reasons, having an A record (that points to a SMTP server) is considered A Good Thing. (For example, if for some reason MX lookup fails, postfix will, optionally I think, look up the A record instead. Some other MTAs have this behavior too).

      • Re:Incompetence (Score:3, Informative)

        by Feyr (449684)
        rfc states (don't rember which one, sorry) that hostname.com MUST point to an A. a CNAME is illegal.

        it is also Good Practice to have an A record on your hostname. for legacy reasons. some mail systems will refuse to send and/or receive mail if the A is absent (although they may check for MX, there's no garantee)
        • irrelevant ... (Score:1, Informative)

          by Anonymous Coward
          Ummm, check with dig -- harvard.edu is not a "hostname" and only has SOA, NS, and MX records associated with it -- neither CNAME nor A.
      • by s88 (255181)
        You can call me pendantic, but the proper spelling is pedantic.

  • by MLopat (848735) on Monday March 06, 2006 @02:42PM (#14860654) Homepage
    My favorite piece of network technology at Harvard is their system to shut off a student's WiFi network access when they have a scheduled class. :) Been in use for a while now, and it sure cut down on the kids at the back of the class yelling "PWNED YOU!" during a lecture.
    • by theJML (911853) on Monday March 06, 2006 @03:02PM (#14860913) Homepage
      Because there aren't any legitimate uses of internet access during class time...

      Like maybe browsing the notes to the lecture that the teacher made available and adding notes/annotations
      Pulling down source code from the book you've got because it didn't come with a CD (that costs extra)
      Googling for more info to assist a group project
      Uploading/Downloading your notes from your home server so you can keep them all in one place
      Saving bookmarks and urls that a teacher may point out as a good source for more info
      Using your laptop to run a presentation/group project
      etc...
      I know I was able to get a lot of use out of internet access when I was in the classroom a number of years back. It was Quite invaluable in MANY of my classes. The annoying thing is that we didn't have wireless then so I had to make sure I was by a port, although many of the newer buildings had classrooms where there was a network port and power plug available at every seat (if there weren't already PC's there). How one sided of a universtiy to think that because someone COULD missuse a piece of technology, that everyone will... but then again, it is Harvard. I bet they talk to the RIAA on a regular basis.
      • This is exactly the stance I take on the subject. Yes, if you have a class full of just out of high school kids then there might be problems with people surfing the Internet for stuff unrelated to class. However most of the students can and do use thier connection in class for building on the learning experience.

        I work at a health sciences university and recently the faculty voted to not instal network ports in thier main classroom. I was shocked. There are so many reasons why people with laptops would n
        • Why do the good students always have to suffer because of the few bad ones?

          It might be due to the fact that good students will know how to work around the limitation. Not in a bad/intrusive way, but they'll write down any addresses the professor mentions and look at them after class. They'll get the class notes from the professor's website before or after class.

          In other words, the good students aren't suffering, and there's a chance some of the people who would have been using IM, playing games, or

      • it is Harvard. I bet they talk to the RIAA on a regular basis.
        The Berkman Center for Internet & Society [harvard.edu], former home of Lawrence Lessig and current home of Jonathan Zittrain, Charles Nesson, et al, is at Harvard. Does that change your perception?
      • You have a much more altruistic view of college students than I.
      • >browsing the notes to the lecture that the teacher made available and adding notes/annotations

        A good student will have pulled down the lecture notes to their hard drive already.

        >Pulling down source code from the book you've got because it didn't come with a CD (that costs extra)

        You don't know when you got a CD with your book?

        >Googling for more info to assist a group project

        This one is a decent use. The instructor could have a web-based interface to say when students can use the Internet.

        >Upl
      • Using your laptop to run a presentation/group project
        Store it locally
        Uploading/Downloading your notes from your home server so you can keep them all in one place
        Store them locally temporally
        Like maybe browsing the notes to the lecture that the teacher made available and adding notes/annotations
        Pulling down source code from the book you've got because it didn't come with a CD (that costs extra)
        Grab them before class and store them locally

        Googling for more info to assist a group project
        This one can't be answe
      • how bouting skipping an easy class because you are behind and need to catch up in a hard class?

        man. that would tick me off.
      • ... How one sided of a university to think that because someone COULD missuse a piece of technology, that everyone will...

        Have you considered this policy was enacted after after it was misused?

      • >How one sided of a universtiy to think that because someone COULD missuse a piece of technology, that everyone will...

        I work in 3rd level IT support at a University.

        We installed cabling and RJ45 sockets into all the desks in the library as part of its refit. 90% of those sockets have since had pens shoved in them in order to break the pins. Many of them are also full of chewing gum. It's going to cost us quite a bit of money to have them all replaced, and the problem will just keep happening

        It's n

    • This policy is in effect at the Harvard Business School only, afaik.

      Instructors may override this per student, or per class when needed.

    • I've heard about this a couple of times now, and I'm not sure what the point of that is. If people using WiFi to goof-off during class is a major problem, then just ban laptops in class... don't ban the WiFi.

      Why? Well:
      1. Those who would use WiFi during class for non-class things will just use their laptop for playing offline games or whatever anyways, so it doesn't solve much.
      2. Those who are actually using their laptop to help learn during class benefit from WiFi. Prof uses a term you don't know? Wikipedia
    • This is not true at all. In fact, I'm using Harvard WiFi during class right now. I've never heard of this.
      • AS, I mention in a previous post, I believe this is only in effect at the Business School, where the default access settings prevent student access.

        I have been in both environments, and have seen what a difference it makes. There is always far greater ratio goofing off with the internet available. It is sad that a few rotten students ruin it for others.

  • My god the pranks that students will be able to pull!

    100 goats in the President's swimming pool will be so passe now!

  • ...reads post as I sit within range of MIT and Harvard WiFi at the 4th largest pharma company on the planet. Yet I still connect to my cripple (nothing the "game" in the URL ) internet access. That routinely downloads at 7mbps. Oh well, I have my EVDO phone for games.slashdot.org :(
  • Why? (Score:3, Insightful)

    by Mr. Freeman (933986) on Monday March 06, 2006 @03:04PM (#14860922)
    What's the point of being able to control a cold water valve actuator through the internet? Wiring everything into their internet servers just creates a lot more problems when something goes down.

    If a server goes down you would expect that internet access would not work. But now if a server goes down you can't access the internet and you can't get water either. Considering the fact that most networks are poorly configured anyway, the amount of problems that could be generated from something like this far outweigh the ability to actuate a cold water valve through the network,
    • Wiring everything into their internet servers just creates a lot more problems when something goes down.

      While true, that's another part of the system's analysis and design. A risk and cost/benefit assessment must be made. How important are these services in the event of IP failure? What redundency can be built in to avoid it? What are the consequences of a security breach? etc. It seems to me that if they were smart enough to address IP possibilities before construction begins, they also have the b

    • Re:Why? (Score:1, Informative)

      by Anonymous Coward
      Two things:

      - you're confusing the servers and the network. The network is intended to be up 24/7 just like electricity and water, and it seems from the article that they do a pretty good job of this. This is also true of individual servers, but you're kidding yourself if you think that crashing the www.harvard.edu webserver, or cutting their internet access off, is also going to shut off the water. The water server is separate, and more importantly:

      - the water valve actuator is not likely to be continuously
    • Re:Why? (Score:3, Insightful)

      by Anonymous Coward
      Why would you want to control an actuator valve remotely? Because in the event of an emergency you can respond a lot faster by pressing a few keys than you can by sending a man out to do it for you. It is also cheaper for maintenance purposes. I know a valve doesn't sound very complex but when you talk about an entire system, especially a loop that serves multiple buildings it all adds up. It also allows you to monitor the system and tune it so that you aren't wasting energy. There are other reasons too but
    • Welcome to 1999 where we have IP-enabled console access.
    • He's talking about chilled water, not cold water, though chilled water is cold.

      Chilled water is the water that the campus's aircon units use to cool the air in the buildings. The chilled water is pumped from a central plant where there are massive things called 'chillers'.

      I can only assume that HVAC controls companies are starting to use IP with their controls. used to be all custom.

      Still scary putting it all on the same net, though.
    • Re:Why? (Score:5, Informative)

      by denobug (753200) on Monday March 06, 2006 @04:55PM (#14862052)
      What's the point of being able to control a cold water valve actuator through the internet? Wiring everything into their internet servers just creates a lot more problems when something goes down.

      A cold water valve actuator works very differently from your faucet in your ketchen, both in the mechanics and scale of flows.

      Let me begin by pointing out the facts that most, if not all of the new industrial controls are trying to get on the IP based networking already. It is far cheaper to convert all different wiring and protocols (RS-232, RS-485, serial communication in general and Common and proprietery protocols like Modbus, ControlNet, etc.) and have them run over the TCP/IP network than having dedicated networks on all of those devices across a plant, or in this case, across the campus (and possibly multiple "plants."

      TCP/IP network is scaleble, and second, it can be secured (with proper isolation and expertise). It is also transparent, i.e. multiple typs of physical wiring/connection scheme can be used. Other industrial protocols (yes, there IS a protocol involved in that actuator valve you mentioned, and so does other devices) often are either proprietary or are "narrow-band" type protocol designed to run across a serial cable. Running multiple networks on dedicated medium requires more wiring than single TCP/IP network. It also makes it difficult to do upgrade/equipment change-out in the future. When changing out industrial equipments down the road (we're talking about like 10 years later), technology changes, making it unreasonable to put up a wiring that will need to be changed.

      In addition, there are usually limitations on the physical length of the wiring on the medium. Most protocols not based of TCP/IP model tends to be limited on the length on its own, requiring a repeater if it needs to travel longer distance (we're only talking about more than 250 ft). TCP/IP network, on the oter hand, has switches and routers in place, they act as the repeaters when needed. TCP/IP can also be run on fiber, expanding the distance a lot farther than traditional copper wires. Across the campus control with direct serial cable might work (RS-485, for those who are famaliar with them), but management cost is a lot higher today using pure serial wiring network than new "virtual" network resides on TCP/IP infrastructure. Signals can be re-routed without signigicant physical re-wiring as well.

      Let's also talk a bit about the "why" we need to have the on that actuator valve connected to the network. Modern campus-wide (or plant wide) controls are monitored and done by a centralized control room. They monitor and issue commands to run the equipments to maximize the use of equipments while minize the cost of operation (wages = expansive cost). Actual machine controls(flow control, automatic safety switches) are done by PLC or other embedded devices on site. They are your field operators today! The commands are issues by the central Control Room to those controllers, and they in term control individual devices (pumps, valves, power breakers, you name it). If my descriptions does not convince you how complicated it can be, it is. To have dedicated control networks on those devices, which are not necessarily on the same protocols, especially not at one location, only add cost to the control system. It is better to "out-source" the transmission medium to a more transparant network platform and let the networking people to ensure its constant uptime.

      I'm sure I do not have to mention the use of VOIP, audio/video, survalience (security) on the TCP/IP network. We already beat the subject to death.

    • What's the point of being able to control a cold water valve actuator through the internet?

      Not "the internet", the TCP/IP infrastructure.

      The reason is the same that you want your toilets, lab sinks, coffee machines and drinking fountains on the same, unified water supply network, rather than seperate ones for each. Sure, if the watermains break, you loose ALL of those, but on the other hand, you have the budgets of n networks, rather than one, to make sure that won't happen.
  • Ok (Score:1, Troll)

    by Cryptacool (98556)
    So a couple questions first a) what makes harvard so special? seriously I mean its a generally well regarded college, but not nessecarily in the area of IT b) putting everything on the IP network, is probably a bad idea.

    Does Harvard have a nuclear reactor? That would be a "not so good" technology to have on the public network. just seems that the current trend to give everything an IP address is a step in the wrong direction.
    • Harvard doesn't have a reactor, but MIT does - and just outside Central Square.
    • by mplex (19482)
      There's nothing wrong with putting this stuff on the network. Before the network, each system needed it's own cable plant with it's own problems installed in every building. Air conditioners had their air pressure system, with door locks and other equipment on seperate low voltage systems. It costs a lot of money to install and maintain all those different cable plants. With IP, you just run network jacks everywhere, and when Bob wants to cool down a building, he can do it from his desk. This is great
      • by _Splat (22170)
        The electronic lock systems I've seen all stay locked as soon as the network goes down or the power goes out. And the police and firemen have old-fashioned manual keys that can open them when they need to get in. Sucks when it's not an emergency and you need to get in though...
    • by dildo (250211)
      Sigh.

      Giving everything an IP address is not an intrinsically bad idea. It _would_ be a bad idea if the hypothetical nuclear reactor was controlled remotely, but do you think anyone would be that stupid? If we were to remove everything that _could_ be misconfigured, broken, or hacked we would quickly run out of possessions (the first thing gone would be your beloved computer.)

      To convince you that it is not intrinsically stupid, look at this
      thumbnail strategy for protecting the IP connected water mains.

      Case 1
    • IP network != public network.
  • Is it me or does that number seem a bit high? If a 100mbit line will push only 30TB in a month. And yea I know they are probably not running a flat network.
  • I used to work there, Harvard's <insert anything here> is nothing compared to what they have at MIT.
  • If only you knew. (Score:4, Informative)

    by Anonymous Coward on Monday March 06, 2006 @04:32PM (#14861872)
    It's not nearly as rosy a picture as is painted in the article. I've been working in IT at Harvard for quite a few years and until recently we've had too small of a budget with priorities on gadgets for VIPs and not regular infrastructure replacement. We're still in the dark ages in many ways.

    Those custom apps he brags about? They break, are poorly documented, and we're in fact trying to move away from them as much as possible. Testing of major network changes is so poorly done as to be nonexistant in many cases. And let's not even get into the uptime of critical systems like email and webspace (those have been down for hours at a time, days in a row for week son end).

    And those staff numbers? Inflated. We are really short-staffed.
    • why not tell us how you REALLY feel? It must help to publicly air the dirty drawers of Harvard's seamy underside rather than languish voicelessy in bitter serfdom... Harvard's CLOCK is really getting cleaned lately. I am glad this article came out so some people could vent and now are able to move on with their lives...
    • Ah, this person actually works for the Department of Indoor Tennis at Harvard. Actually, FAS's dept of IT. Yeah, there's only two of them there and you should see them scramble on the out of bounds balls. Strange, I thought the dept of Indoor Tennis was well funded.
    • I am available, and in the Boston area right now! In fact, I could stop by this week, if you are hiring people. Send me an email, and I'll drop by, we can talk about it. Four weeks *paid* vacation sounds nice for a change...
  • Most every physical-plant control device, whether it be security cameras, chilled water-valve actuators or parking garage card readers, are being designed to work with the IP network"

    Sounds like they're introducing a single point of vulnerability. In one fell swoop you could take out a lot of important systems.
  • posting right now from a harvard ip, i can't host wc3 custom maps. stupid port blocking. i can't ping shit and the latency is terrible. :(
  • This guy "oversees the operations center at the heart of the network." Huh? He's doesn't run the network. He's the dude who smacks the netops guys when they fall asleep at their HP Openview screens. The way he talks is a tip off. From TFA:

    We have long polled network interfaces using SNMP to count the octets crossing interfaces from which we create real-time bandwidth-capacity graphs as a baseline to measure our overall network use.

    Or as net arch would say: We use MRTG.

I have never seen anything fill up a vacuum so fast and still suck. -- Rob Pike, on X.

Working...