Masahiro Ishigaki(ishigaki@econ.tohoku.ac.jp)
Graduate School of Econopmics and Management, Tohoku University
Kawauchi, Aoba-ku, Sendai
JapanShizuko Katayama(kata@econ.tohoku.ac.jp)
Graduate School of Econopmics and Management, Tohoku University
Kawauchi, Aoba-ku, Sendai
JapanKazuo Doi(kazuo@cysol.co.jp)
Cyber Solutions
6-6-3, Minami Yoshinari
Aoba-ku, Sendai
JapanGlenn Mansfield(glenn@cysol.co.jp)
Cyber Solutions
6-6-3, Minami Yoshinari
Aoba-ku, Sendai
Japan
The growth of the Internet has been uneven. There are areas, not necessarily economically backward, where Internet proliferation has been remarkably slow.
The contrast is perhaps most glaring in the academic arena. While in the engineering and science faculties of a university the Internet has permeated fast, in the Arts and Humanities faculties the growth has been remarkably slow. A similar phenomena is observed in the case of primary and secondary schools.
The main reason being that the required level of expertise of network users - planners, managers and administrators just cannot be met,particularly in areas populated by network-illiterate folks. The authors had been tasked with facilitating the Internet deployment in a premier department of a prestigious university. In this work we describe the problems we faced, the strategies adopted, the tools developed, and the
results we achieved after two years of toil. The major thrust of our
work has been in two directions:
(a) development of tools to solve
operational problems and
(b) putting in place, at the grassroot level, systems and procedures to ensure continuity and development.
Tohoku University is one of the prestigious national universities of Japan. The networking technology in the university has always been in a very advanced state. It got its 100Mbps optical fiber based campus backbone network way back in 1987. [1]. The engineering and science departments were fast in utilizing the campus network infrastructure to get connected to the Internet. But the Arts and Humanities departments seemed to have missed the Internet revolution. In late 1997 one of the authors was given the specific charge of managing the nearly non-existant network facilities of the economics department of Tohoku University. Since then the authors have been involved in planning, executing and operating the network of the economics department. Also, in order to analyse and understand the problem better the authors carried out several sample surveys among teachers,staff and students of the department and recorded network and computer related statistics in the department since 1997.
Table 1. Number of computers in the department
Year | Laboratory | Training room | Library | Office | For teachers | Graduate students' room | Rental for students | Number of LAN users |
---|---|---|---|---|---|---|---|---|
1995 | 13 | 39 | 3 | 3 | 101 | 25 | 0 | 37 |
1996 | 13 | 39 | 3 | 3 | 117 | 25 | 0 | 43 |
1997 | 15 | 39 | 4 | 3 | 95 | 25 | 0 | 89 |
1998 | 16 | 39 | 4 | 6 | 110 | 30 | 8 | 759 |
1999 | 17 | 40 | 4 | 9 | 113 | 40 | 14 | 1032 |
Table 2. LAN Utilization at the Economics Department
Total | LAN users | % | |
---|---|---|---|
Teachers | 54 | 53 | 98.1 |
Research staff | 15 | 15 | 100.0 |
Students | 1375 | 964 | 70.1 |
Total | 1444 | 1032 | 71.5 |
As can be seen in Fig. 2, with 1,100 odd users the department was late to ride the Internet wave. It is worth noting that the economics department joined the Internet bandwagon in 1996 some nine years after the university got its state of the art optical fiber backbone.
[2. The problem areas ]
It is evident, from fig. 2. that the growth in Internet usage in our
department has seen a delay of about three years when compared with the
trend in the developed countries and the network-literate departments in
the university itself.
We investigated the delay and found that the Internet wave was held back
from reaching the shores of the economics department due to the following
reasons
Since 1997, machines have been upgraded in steps. The department's LAN coverage has also been extended to connect (almost) all the data processing equipment in the department. The growth in networking is indicated by more requests related to hardware and software. There has also been a remarkable increase in the number of requests related to network troubles. Figure 3. shows the annual trend of the activities at the computer and network support center.
Table 3. Category-wise Support
Year | 1997 | 1998 | 1999 |
---|---|---|---|
Hardware | 35.5 | 24.7 | 30.0 |
Software | 54.7 | 50.0 | 41.6 |
Network | 9.9 | 25.3 | 28.4 |
In Table 3 the support requests are classified into three categories
viz. hardware, software and network. Network support requests have
increased every year. Moreover, in hardware too, network related
problems e.g. ethernet connectivity problems, have figured prominently.
Similarly in the software category network application related problems
e.g. mailer problems, constitute a major share.
As the network expanded, the need for a network management system
to monitor the actual network usage, the operational status, faults,
and security of the network grew larger. Also, to inculcate a greater
network awareness among users and budding administrators the need of
a more widely usable network management system was felt.
A two pronged approach was taken
On the human resources front our major concern was to develop human networking at the grassroots while attempting to make it easier for more senior level staff and researchers to reach the threshold where network usage is more pleasure and less pain. A critical mass of knowhow needed to be built into the department to ensure progress and growth. In the absence of this critical mass of knowhow a viscious circle sets in - effective support is not available as enough knowhow is not there, there are not enough users as there is not enough support, and knowhow is not developing as there are so few users.
On the technical front our major concerns were:
(1) Operational: managing the IP-address space, detecting and tracing duplicate IP-addresses, unauthorized IP-addresses, monitoring status and usage of dial-in ports, the servers, the department LAN segments, maintaining an online and updated map of the department network down to the leaf node.
(2) Security: Detecting unauthorized users within the department. There have been instances of complaints from outside the department of illegal usage from users inside the department. Defending against attacks from outside the department.
The actual network management staff of the department was very much constrained due to lack of manpower. Recruiting and assigning new staff is a difficult proposition. More so, when the task is managing something as untangible as the Internet. There was very little that could be done by the network management staff physically by operating independently and isolated. Thus, the authors adopted the strategy of building a multi-layered support structure.
Each layer supported a specific group of users. And together this multi-layer structure comprised the network management group of the department. The role of the network management staff was to coordinate the working of the three layers and to ensure that progress was being made in the right directions. In the following we describe each group and their role in the network management structure.
In our perception the challenge of the Internet is one of distribution and dissemination. Distributed information collection and distributed information dissemination. For the distributed network information collection and management system we designed and developed KOBAN and for distributed network information access we designed NetSkate. In the following we describe the two systems.
In short, a simple home-grown network monitoring agent was placed in every segment of the department's network. These agents report to a set of supervisory agents.
Design and Implementation of KOBAN
The Distributed Network Management System consists of a monitoring AGENT
for each of the network segments and a few Supervisory AGENTS. The
monitoring agents are responsible for monitoring their respective
network segments for information like addresses (IP/MAC) of all the
connected machines, interface status, traffic flows. They may also be
programmed to collect dynamic configuration information, intrusion
related information. The supervisory agents are responsible for
collating the information received from the monitors and to seek
additional information as and when the need arises.
The general tasks of the monitoring agent are given below:
The general tasks of the supervisory agent are given below:
The general features of the KOBAN system are
The major areas of relief provided by the KOBAN system are
Presently NetSkate serves information on [5]
REFERENCES
[1] SuperTAINS, http://www.tohoku.ac.jp/TAINS/SuperTAINS/index-j.html
[2] NetSkate: Design principles. Glenn Mansfield et.al. Technical note
Cyber Solutions, March 1999.
[3] Network Maps: Synthesis and Applications, G. Mansfield, K. Jayanthi,
A, Ashir, N. Shiratori, Proceedings of APSITT'99, Ulaanbataar, Mongolia,
August, 1999
[4] Towards trapping wily intruders in the large, Glenn Mansfield et. al.
2nd Int'l Workshop on Recent Advances in Intrusion Detection (RAID99),
Indiana, USA, September 1999
[5] NetSkate, http://netskate.econ.tohoku.ac.jp/
[6] KEIKO system: Design principles. K Sugawara et.al., Technical report E008, August 1999.