TIO Accomplishments in 2019

In reviewing the year end accomplishments, I wanted to provide a short list of the many impactful accomplishments for Technology Infrastructure and Operations team.

  • Completed campus-wide phone migration to VoIP. 5,000+ end points migrated or decommissioned, new carrier, and e911 system upgrade
  • Upgraded Next Generation Firewalls, edge routers, wireless APs, and various building switches
  • Completed Residential Student Housing Wireless project. Wireless APs located in every student bedroom and common areas
  • Developed Lehigh University Cyberinfrastructure Plan 2019-2024
  • Started the Ellucian Banner to the cloud migration
  • Systems engineering team completed the majority of Windows 2008 migrations in the data center and is expected to be completed before Jan 14th
  • Deployed Duo Two-factor Authentication to all faculty and staff
  • Improved communications and collaborating through Jira and Slack
  • Continue to modernize and secure the Cyberinfrastructure through HA Proxy, ELK, Drupal, replication to AWS and disaster recovery location, open source tools, streamline processes, and continual skills development
  • Started Data Center Cooling Expansion Project
  • Conferences attended includes Cisco Live 2019, BICSI, NERCOMP 2019 (2 presentations presented), Internet2 Global Summit, KINBERCON 2019, Aruba Atmosphere, Atlassian Day, Google Tech Talks, VMworld 2019, LISA 2019, and Cloud Forum 2019

Kudos to all team members and other those that helped to contribute to the success of LTS and Lehigh.

Two-Factor Authentication – Second Factors

Recently, Library and Technology Services teamed up with Duo Security to deploy two-factor authentication (2FA) at Lehigh. While we are still in the early phases of 2FA socialization, this post serves as an introduction to second factors used for 2FA.

Two-factor authentication is about what you know (password) and what you have (physical second factor such as a mobile phone). 2FA provides an additional factor for authentication in case passwords are compromised, which means if someone has your credentials, they will need your physical second factor in order to authenticate.

While 2FA may seem an inconvenience, there’s no argument that hacking, malware, phishing and ransomware has been on the rise in recent years. If you are not using 2FA for your personal accounts, including bank accounts, you need to rethink how you are protecting your data.

For our deployment, we support many different second factors such as Duo Mobile app, text messages, voice callbacks, and hardware tokens. Preferred second factor is to download and use the Duo Mobile app which is supported on a variety of mobile devices including iPhone, iPad, Android and Windows phones. After registering the mobile device, a push notification will be sent to your device when you need to acknowledge that second factor. If you have an Apple watch, you will get the notification directly on your watch.

While we currently support text messages (codes) as a second factor, there’s a growing debate in the security community on how secure text messages are for 2FA. Good reference for why this method is not recommended can be found at “So Hey You Should Stop Using Texts for Two-Factor Authentication“.

Voice callback option works by calling the predefined phone number that you registered and provides a code over the phone to enter in. While this works, its not as fast and convenient as the mobile app.

Hardware tokens, sometimes referred to as Universal 2nd Factor (U2F) or Security Token are USB keys that you can place on your keyring and inserted into your USB port. Pressing the button sends over the key for authentication. These keys are the most expensive of the second factor options but can be useful for those that do not have access to cell phones, cell or wireless service.

For our deployment, users are not limited to the # of second factors that can be registered. For example, you can use the Mobile App as your regular second factor but have your office phone # for callback in an event that you forget your mobile device.

Lastly, once you have signed in and authenticated with your second factor, there is an option to select remember device for x days. This means that as long as you use that same device, such as laptop or desktop for those days, you will not be prompted for the second factor. If you should go to another system that was not remembered, you will be prompted.

Stay tuned for more information about our planned rollout of two-factor authentication for faculty and staff.

LTS Two-factor Authentication with Duo Knowledge Article

Image Sources: Duo Security and Yubikey

LTS Cisco Unified Communications Reaches First User Migration Milestone

Upon my arrival at Lehigh University, one of the first major projects for the organization was to replace our near end of life (EOL) traditional phone PBX system with modern Voice over Internet Protocol (VoIP). With 4,000+ phones, life safety requirements and integrated phone services, this is a massive undertaking by the telecommunications team.  After vendor selection, contract negotiations and initial setup, the team started migrating Library and Technology Services during late summer with general rollout beginning in September. With the large number of users required to be migrated, the team developed a self service deployment process that allows users to quickly setup and migrate to the new phone system. We have staff on hand during the migrations to assist with any issues or questions.

Towards the end of November, the Cisco Unified Communications team reached their first user migration milestone of 500 users, approaching 600+ users at the end of 2017. While we still have a long road ahead of us, it’s reassuring from the feedback we received so far that the self-service process is working well and users are generally pleased with the new system. I encourage faculty and staff to respond to the surveys so we can tweak our processes for the next round of migrations. Training is available prior to and after the migrations. Please refer to the training schedule for upcoming sessions.

For those that have not been migrated, a reminder of some key links for the project.

As we begin the new year, look for announcements on feature enhancements to the phone system such as off campus access, fax services and other collaboration services.

If you are interested in following along with the progress of the user migration, you can visit our Library and Technology Services Cisco Unified Communications Migration Status Dashboard.

Drown Hall Wireless Upgrade

Drown Hall Lehigh University

After students finished Spring Semester 2017, Technology Infrastructure and Operations team went into Drown Hall to perform a wireless assessment to develop a plan for providing complete wireless coverage. Data from the assessment in May was used to strategically place Access Points (APs) throughout the building to provide optimal wireless coverage and performance. Working with Dawn Keetley, Professor of English and Chair of the English Department, we scheduled the installation of pathway and wireless APs during the summer in preparation for the upcoming academic school year. The project was completed at the beginning of August with 33 new APs and one new building access switch installed. We are excited to bring a much needed wireless upgrades for the English department and students that use Drown Hall for academics and research.

TIO Accomplishments for 2016

As we wrap up our 2016 activities and begin to discuss plans for 2017, below list some key accomplishments for TIO in 2016. While, this is by no means is a complete list, it encompasses the major activities that defined our team. Through the dedication, hard work, commitment of TIO, LTS and various teams throughout Lehigh University we were able to meet our goals in providing a secure reliable cyberinfrastructure for faculty, staff and students.

  • Mountaintop Fiber Project was approved, funded and awarded. When completed, we will have diverse fiber paths from Asa Packer Campus to Mountaintop Campus. These paths are crucial in supporting new academic and research initiatives such as DataX.
  • Throughout the year, we upgraded various building infrastructure wired and wireless networks. The results of these upgrades provides higher capacity, performance and stability for faculty, staff and students. Buildings that were part of our upgrades include Mudd, Packard Lab, Flatiron, and the Police Station.
  • The networking team, successfully engineered and piloted a next-generation wireless architecture at Warren Square. This hospitality design enhances wireless connectivity while providing 1 GB wired connectivity via 2-ports for those that still required wired connections. Pilot was well received and will be expanded pending funding.
  • For Asa Packer Campus, we dramatically increased the fiber-optic capacity, which will be required to support future Lehigh University growth as discussed in the Path to Prominence announcement.
  • Along with physical wiring, we replaced various building end of life (EOL) network switches. With the switch lifecycle management performed in 2016, nearly all of lower campus switches are now fewer than 5 years old. Not only do these switches provide higher speeds, better performance and stability, but they support new features such as Power over Ethernet that provides power to VoIP phones.
  • The Infrastructure Operations team continued to manage our data centers and operations. The team made many Data Center improvements such as adding UPS and HVAC to our secondary data center, additional UPS in main data center, assisted with the installation of the new High Performance Cluster (HPC), modernized and reduced systems using virtualization technologies and performed various data center cleanup activities.
  • As we look to replace our aging PBX telephone services with Voice over IP (VoIP), the telecommunications team setup a Cisco Unified Communication sandbox.
  • Completed Windows 10 upgrade and deployment to public sites and classrooms campus-wide as well as virtual public sites.
  • For special devices that can’t connect to the secure wireless network, the networking team engineered and deployed LUNA, a mac-based authentication for IoT networking.
  • The systems engineering team completed the effort to consolidate all our application license servers.

Looking forward to a new and challenging year ahead!

Packard Lab Wireless

As students take a much needed refresher after finals, LTS was busy performing updates to systems, applications and infrastructure. One of those infrastructure improvements completed over the winter break was increased wireless coverage in Packard Lab. Students returning to Packard Lab should see an increase in wireless coverage and performance as the team doubled the amount of wireless access points. Many buildings at Lehigh University pose interesting challenges for wireless due to architecture and structure, but the team performed an in-depth analysis and mapping to fill in weak gaps. Special thanks to Jon Hutchinson, Pat Murphy, Brian Posivak and Luis Rosario for their hard work in getting this completed.

If any faculty or students have any issues with the wireless changes in Packard Lab, please contact the LTS Help Desk: call 610-758-HELP (4357), log into online chat, email helpdesk@lehigh.edu, or text 610-616-5910. However, free feel to reach out to me if you have any general concerns or feedback.

Mudd Building Rewire Project

muddbuilding

After 5 months, Library & Technology Services completed the Mudd Building Rewire Project. Technology Infrastructure and Operations (TIO) started planning and engineering the network upgrades back in the spring of 2015. The goal of this effort was to replace old category 3 ethernet cabling dating back to the 90s with new modern category 6a cable capable of handing gigabit network speeds. In addition, modern networking switches and data closet architecture were deployed. This was the first project that we utilized blockouts to manage the endpoint connections by placing physical locks on unused ports. End users can requests blockouts to be removed. These blockouts enable us to reduce our costs and improve security. When the project was completed, 936 Cat 6a jacks were deployed, 346 connections activated and 101 phones relocated or newly installed.

Congrats to the TIO team members Lizanne Hurst, Pat Murphy, Jeff Deschler, Debbie Henritzy, Luis Rosario, Brian Posivak, Kent Smith, Lisa Luchini, Munroe Sollog, Jon Hutchinson and Mark Miller. Special thanks to Jim Roberts for being our interface for the users in the Mudd Building during this project.