Innovative Tech goes to School

Technical innovation isn't limited to the R&D department at Deakin University. Its IT department delivers cutting edge technology to its staff and students.

If you ever want to know how to run a large, complex enterprise IT infrastructure visit a large university. Deakin University, in the state of Victoria, Australia, boasts about 3,000 staff, 40,000 students, four campuses spread over a large geographic area and budgeted income of close to $700 million. In case you'd missed it - education is a big business.

So, what's it take to build and maintain the systems demanded by such a large business with diverse and demanding customers? We spoke with Craig Warren, the Operational Service Provision Manager for Deakin University.

Vision and Governance

With such a significant investment in technology, creating a vision for the university is important. Warren reports to Peter Brusco, the Executive Director for Information Technology Services and the vision is driven by them together. "What we saw the need to do with technology solutions and the culture within the IT department is a move from "constrain" culture to an "enable" culture. So many things we historically did with the network were about cost recovery, knowing who everyone is and what they're doing. We're now moving to a less constrained operational model". Through a combination of improved negotiation with suppliers and by lifting the shackles on services, they've been able to deliver a more robust and open infrastructure without substantially increasing costs.

There are a number of governance arrangements in place with an IT committee consisting financial, risk management, security and other specialists involved in critical decision making. Brusco reports to the COO of the university ensuring that critical issues are heard at the highest levels of Deakin. For example, the staff and student access is currently single factor with usernames and passwords. This forum is being used to discuss whether this is adequate, whether two factor authentication can be used and whether tokens are suitable. Even topics such as the introduction of iPads, as they infiltrate the C-Level, are discussed. By having a diverse set of views at the table, this group is able to discuss significant issues.

This level or organisation and the willingness to look at ways to improve services means that new initiatives such the use of VDI so that the university's SOE is decoupled from specific hardware has a place to be considered and heard by the university's senior management team. 

The Local Network

Deakin recently completed a wireless LAN upgrade. Warren explains "We installed about 500 WAPs [Wireless Access Points] across the university. This year's project was to saturate one campus and saturate high density locations at the other campuses such as libraries and cafeterias". In some areas, this required trebling the number of WAPs.

Although Deakin has four campuses, the Waterfront Campus in Geelong, the second largest city in Victoria, offers Warren's team a location that is close to main hub of the 250-strong IT team and small enough to use a pilot site for trialling new technologies and significant changes to infrastructure. An example of this is the deployment of the Jabber client so that staff can have a single phone number that follows them from desktop phone to PC to mobile phone using the wireless LAN. 

Although a broad and robust wireless network for staff and students is important, Warren and his team had some broader uses in mind. "We wanted to have a wireless network ready for RFID. This is a small campus where we can do a mass deployment and see benefits quickly. We have lots and lots of equipment and universities are very public places. We have places like computer laboratories open 24 by 7 and data projectors hanging off ceilings that walk out the door. We need to secure expensive equipment. That's our initial use case. We'll see more use cases like location awareness so that devices can automatically log on when people approach. We'd probably pilot with staff but eventually extend this to students".

Location aware services are an important area of development for Deakin. Warren can see a time where the use of RFID, intelligent noticeboards and other devices work together so that staff and students get better access to resources and the significant investment is more fully utilised. A simple example was in the use of computer labs. "Many students are habitual. They go to the same computer lab they always go to and sit at the same machine. Sometimes, they get to that lab and it's full. However, there may be a lab two floors up that has 20 machines and only one user. So we need to find mechanisms to tell students where they could go to a free computer" Warren explained.

Currently, the university's wireless LAN supports connection of thousands of users and devices each day. Warren noted with great interest a bill recently introduced to the US senate declaring that every government building ought to provide free, public wifi access. Warren is looking at the possibility of providing a public, low bandwidth service. Potentially, this would be speed limited and offer a limited connection time. In addition, this would assist the many third-party support people that come to the university to provide services.

Fibre between sites

With intra-campus networking covered by gigabit Ethernet and 802.11n, inter-campus connectivity requires a different solution. Warren explains "We have very good links between campuses. There's 10Gbps fibre between each location. This is part of the VERNet [] fibre. The eight Victorian universities got together about eight years ago and decided that they needed fibre between all the critical locations across Victoria. We ended up building 2,800km of fibre network. That's probably the second largest fibre network in the state behind the Metropolitan Fire Brigade and ahead of Optus." The fibre network replaced an ageing microwave solution.

The fibre hasn't yet reached every campus with the Warnambool campus, is the west of Victoria still to be connected. However, the fibre is now extended as far as Terang - just 50km short. A final investment of about $1M will close the loop and complete the inter-campus network. The university expects that this infrastructure is likely to end up as part of the National Broadband Network. Warren says that the "Fibre is a national asset and has to be used. There's was a move to create a public-good network with universities, TAFEs, hospitals, the health sector and emergency services but this was put on hold because of the NBN. Although the NBN is a significantly great announcement, we still have to wait for it and it caused many potential projects to stop".

The connectivity between campuses at local network speeds enables Warren's team to use facilities at each campus for business continuity and failover. For example, if a wireless LAN controller fails at one campus, the service can be easily switched to another controller at other site without service interruption. As a result, it's possible for Deakin's IT team to operate a technical environment that boasts near 100% uptime. In fact, such capability was a key driver for investing in the fibre network. Deakin runs two data centres that operate in co-primary mode with services shared between the two centres. The data centres are connected by a pair of gigabit links - one for data replication and the other for IP traffic.

As the fibre connections between campuses are part of the broader VERNet network, Warren's team is able to leverage the network in many ways. "We have used a Layer 2 technology and there are parts of the network where I can get a actual strand of fibre from one point in the network to another point. So I can get a 10Gbps connection directly to the Syncrotron without going through other campuses". This highlights that the network is not hub and spoke. It is a full point to point solution with most sites directly connected to other sites that enables applications that were never considered when the network was first established.

The fibre network has also enabled Deakin to extend fibre with spokes to other locations. Deakin runs a post-graduate medicine program with students spending two years on campus and two in hospitals and other facilities as part of a placement program. As the VERNet network is so expansive, it's possible to split off branches to other facilities at very reasonable costs. So, extending the network to hospitals and small clinics, even when they are in reasonably remote areas, can be achieved at low cost because of the investment in the larger network.

802.1X, VLANs and User Connectivity

Part of the challenge in managing such a geographically dispersed network with a large population of different hardware that's usually not under the direct control of Deakin's IT department is that securing the network becomes difficult. Typically, organisations get around this by creating VLANs that segregate specific devices. Deakin is now looking having VLAN selection shifting from device-centric to being based on user accounts. This has driven Warren to looking at using 802.1X as it works by providing access to network resources based on their network authentication rather than device identification.

"We are trying to get to the point - and this is part of our networking strategy - that you should be able to walk up to any active network outlet and plug in anything. At the moment, if we plug in a video-conference unit and the VLAN hasn't been configured for that port then it doesn't work. We want the port to not care" says Warren.

Although delivering on the vision is still a work in progress there are many elements of making user connection easy that have been achieved. With the deployment of Deakin-issued computers, there's an SOE that's deployed to almost every computer. When a user receives a device, they connect it to the network, go to an internal web service where the device is registered and ready to go.

Skills and Simplicity

Given the pervasiveness of Windows, it's interesting that Warren's focus when recruiting new technical staff is their skill with Linux. 

"I'm a Unix systems administrator by trade so I may have a personal bias here but the university made a decision way back to run all of its ERP systems on Unix. We had good Unix skills at the time and grew them from an early stage. We found that it relatively easy to find people with Unix skills" Warren explains. "When we replaced our Linux-based system and chose Exchange we realised that we lacked the Windows skills we needed so we sent a bunch of people on Windows training and found that they were able to pick up the Windows skills very quickly". In contrast, translating Windows skills to the Linux world, that's still required for the ERP systems has not been as easy.

Documentation is also important with Warren describing a "no golden screwdriver" mentality. All systems are rigorously documented so that anyone in his team can troubleshoot and maintain any system. Knowledge is shared and not held by a few people. "The days of specialised hardware or highly customised operating systems are behind Deakin with the two data centres using about 400 Intel-based servers and stock standard installations of Red Hat and Windows Server 2008. There's nothing freakish or unusual" said Warren. There's a goal to reduce the number of physical servers through the introduction of virtualisation over time.

For specific projects there are still needs for highly specialised skills that aren't in the team. There's a potential NPLS migration for the Deakin LAN on the cards. For that, Warren will likely engage with an integrator that has CCIE skills that can be brought in for a limited time. Core skills are retained in the team with specialists hired in when required. 

You can follow the writer on Twitter at

Read more on CW500 and IT leadership skills