Montana State’s flexible research network is improving security and reducing costs
Montana State University deployed a new type of computer network this fall that can be easily modified to provide its researchers with a more secure, efficient and personalized platform to support projects and collaborative relationships.
The university says the new “intent-based network” allows for greater network flexibility to meet user need. As a land-grant university, education at MSU focuses heavily on science and engineering, and according to the school, its mission is supported heavily through on-campus research, enforcing its commitment to learning, discovery and engagement. According to Jerry Sheehan, chief information officer at Montana State University, the school’s focus on research is in turn supported and maintained by its recently upgraded research network.
First built in 2013 and funded by the National Science Foundation, the university’s Bridger Scientific Research Network is an example of innovation on campus. The original research network extended to seven research-intensive buildings on MSU’s campus and was built to give researchers a dedicated high-speed connection with the necessary bandwidth to transfer and collect large data sets, said Sheehan. Outside of those seven buildings, devices connect to MSU’s enterprise network. Although having an independent network initially improved researchers’ network experience, the research network did not extend to the entire campus, and in many cases required physical infrastructure additions to be customized, Sheehan said.
In a continuing effort to improve the functionality of its research network, MSU implemented Cisco’s Software-Defined Access and Digital Network Architecture. The new system decouples network functions from the hardware, allowing for more efficient storage, greater computing functionality, and high processing speeds, according to Cisco.
This new style of network, Sheehan told EdScoop, can be easily modified to meet the need or “intent” of its users. He said, “[an intent-based network] is a value-add that allows the underlying hardware to do more and to be more flexible.”
Sheehan said the flexibility of intent-based networking solves many of the issues MSU’s original network had. “It decreases our total cost of ownership because I don’t have an additional piece of hardware, it increases my efficiency because I have an easier time to deploy, and it makes it more resilient because I have a more homogeneous network without pieces and parts that I’m bringing in,” he said.
According to Sheehan, Cisco’s SD-Access uses MSU’s existing infrastructure to support an intent-based network, and as a result, the new network saves MSU the expense of building additional physical connections. Because network functions are decoupled from the hardware in an intent-based system, MSU’s IT team can more easily expand the research network beyond the seven buildings it was originally limited to, he said. “Research needs span the campus, and it would be cost-prohibitive to build out new physical connections in each of our 45 buildings,” Sheehan said in a Cisco case study.
Although SD-Access utilizes MSU’s existing infrastructure, Sheehan said some modifications were necessary. “We’ve replaced hardware that has new software capabilities that support intent-based networking.” Deliberately, changes to the hardware were made during scheduled maintenance to save the university from redundant expenditures, he said.
Security for 45,000 devices
Using the intent-based network is also safer, Sheehan said.
Previously, he said the IT team had to build physical connections to bring computers and instruments into the network. Connecting older scientific instruments was time-consuming for the IT team and often times vendors stopped releasing updated security patches for the older equipment researchers still used. “In order to prevent network vulnerabilities,” Sheehan said, “the IT team would install hardware to connect the instrument to the network.”
Because MSU’s intent-based network does not rely on new physical connections, it has created a more resilient and homogeneous network, Sheehan said. According to the case study, the physical connections to the old network created distributed points of visibility and threatened the security of both the research and enterprise network.
Additionally, Sheehan said MSU has about 45,000 devices connecting to its networks on a daily basis. All of these connections, each having different uses and service domains, pose a security risk to the network that, according to the case study, is now negated because of the flexibility of intent-based networking.
The intent-based network, Sheehan said, allows data transfers to occur on secure pathways beyond the firewall because the network understands the intent of the user. This ultimately has created a means by which data can be shared quickly and securely. On the old network, researchers had to push large data sets through firewalls, often overwhelming the system and causing transfers to fail, he said.
The flexibility of an intent-based network also saves MSU’s IT team a lot of time.
Only three members strong, Sheehan said his team would spend months building new connections and developing solutions to fit researchers’ changing needs.
“Hardware solutions may take something like 25 hours worth of work to get configured and in place, but since I don’t have a body that I can devote to that, it may take, in our experience, upwards of 6 months to get that solution put in place,” Sheehan said.
Because the new system decouples network functions from hardware, the IT team no longer has to spend time building network infrastructure. “If I can do it via software, my time to deployment is a lot easier which means I can bring solutions to bear quicker,” Sheehan said.
Now, instead of requiring hours of work, a typical project can be completed in a matter of weeks — not months.
The intent-based network’s ease of scalability also saves the IT team time. According to the case study, Cisco’s SD-Access will allow MSU to converge its two networks. Consolidating the two physical architectures means that MSU can work within its existing footprint and staffing allowance, the study found.
‘Canary in the coal mine’
The seven buildings connected by the research network now support and use intent-based networking, Sheehan said. Preliminary results show statistically significant performance improvements over the dedicated research network, according to the case study.
Sheehan said MSU has not yet merged the two networks on campus but plans to continue rolling out the intent-based network to other buildings during the spring semester. By first converting the research network, the IT team can gain insight into the future needs of the enterprise network, he said.
“The research network is, in a sense, a canary in the coal mine,” Sheehan said. It allows he and his team observe the network in a comprehensive framework before they complete the campus-wide network switch.
Sheehan said the network will continue to support a broad and changing array of needs across MSU’s campus.
“The new network reflects that flexibility and can meet the needs across the entire campus instead of in defined pockets,” he said, “It supports all of the critical functions of the university’s mission.”