Search Stanford:
 

About this Service

• Overview
• News
• Service Summary
• Administrative Guide
• Migration
• Client List

Documentation

• Decision Maker
• IT Implementer
• End User

Service List

• Authentication
• Authorization
• Directory
• Exchange
• DFS
• BitLocker Key Escrow

Contacts

• Administrator List
• Email Lists
• Windows Systems Group

Related Services

• Managed Server Hosting
• BigFix Patch Management
• ITSS Contract Support
• Essential Stanford Software

Tools

• Password Reset Tool
• StanfordYou
• Workgroup Manager

• IT Services
• Stanford Windows Infrastructure
• University Environment

University Environment

Stanford's mission to provide teaching, research and community service is carried out with the leadership of 1,595 tenure-line faculty, supported by 8,000 staff serving 6,600 undergraduate and 7,500 graduate students. The faculty is organized in seven schools: Humanities and Science, Engineering, Earth Science, Law, Business, Education and Medicine. Stanford provides housing for 6,000 undergraduate and 3,500 graduate students on campus and supports a rich variety of programs and events. The extended Stanford community also includes over 250,000 alumni and each quarter thousands of distance education students and continuing education students.

Research is conducted in over 110 research centers, including the Stanford Linear Accelerator Center (SLAC) and the Hoover Institute. Most of Stanford's research income flows directly to the faculty principal investigators with a portion retained centrally in a general funds pool (along with tuition and some endowment income) to fund central, school and department administration. Faculty researchers act as independent centers of enterprise, securing their own funding and making their own spending decisions (subject to University policy). Other than necessary enterprise infrastructure such as wide area networking, researchers provide for their own information technology needs. There are hundreds of faculty-managed Unix servers including large installations such as the Human Genome Database. Corporations often donate computing equipment to faculty. This results in a variety of equipment supported in idiosyncratic fashion by departmental research groups. This also leads to security issues as systems administrators are often inexperienced and focused on research results rather than system administration.

Technical support for teaching and learning, particularly administration of undergraduate education, is more centrally supported. Classroom assignment, student registration, course registration, housing assignments and many other services are supported by the Vice Provost for Student Affairs. Stanford University Libraries/Academic Information Resources (SUL/AIR) provide support for student residential and regional computing clusters and courseware development. The Stanford Center for Professional Development (SCPD) provides facilities and services for distance education using television and video streaming technologies. The Medical School supports several information resources including Stanford University Medical Multi-media Information Technology (SUMMIT), the BioInformatics Resource and Continuing Medical Education. Two recent developments are the funding of the Wallenberg Global Learning Center and creation of a Vice-Provost position to oversea Learning Technology and Extended Education.

Since the mid-1980's, Stanford central and academic administration has been supported by relatively sophisticated, locally developed mainframe systems that provide for online transaction creation, routing and approval and standard and ad hoc reporting for most major functions, including procurement, accounting, student information and human resources. These systems are highly tuned to our environment, particularly in their support for broad, decentralized local resource management coupled with central services and overarching management. We are moving to a network computing platform with the main applications (accounting, purchasing, student services, human resources) purchased from ERP vendors and others developed in-house.

The picture of information technology at Stanford is one of highly sophisticated resources distributed broadly across the community, centers of excellence supporting various aspects of teaching, learning and research, centralized and local business applications and a robust infrastructure for networking and distributed computing. Although key IT infrastructure and central administrative systems are developed and maintained (or purchased and integrated) by one central organization (Information Technology Systems and Services), there are several computing support organizations on campus, each providing various levels of overlapping, but specialized services to the various schools and departments. This reflects the decentralized organization of the University.

Network Infrastructure

The Stanford University Network, SUNet, is a combination of a centrally managed backbone and departmentally managed local area networks connected by a variety of routers, switches and hubs. It provides ethernet connectivity to nearly 51,000 assigned addressees on 527 defined subnets at speeds of up to 100mbs. Local area network requirements have grown steadily over the years, resulting in a standard for all new network installations. Connectivity standards within buildings include four category 5 twisted pair connections, two for voice and two for data, in offices. Classrooms and conference rooms also include one fiber pair and one video connection. The connectivity standard within student residences is a port per pillow; one category 5 twisted pair data connection for each student in the room. Fiber to the desktop remains a future challenge.

The SUNet backbone architecture is based on an n-dimensional mesh network design proposed by Roger Beeman of Cisco Systems. The design features a well-defined expansion methodology, multiple paths which provide aggregate capacity and significant redundancy which makes individual components less critical. The implementation of this design at Stanford is in three dimensions and takes the form of a cube supporting eight networks with six routers. (Figure 1) Each router, located on the faces of the cube, is connected to four networks utilizing fast ethernet (100mb/sec). Each network is connected to three routers. Routers supporting local area networks are connected to the cube at two opposite corners. During the summer of 2000, Stanford will be expanding backbone capabilities to support gigabit speeds.

 

There are three areas of concentrated network traffic which receive special attention: the unix-based academic computing servers, the administrative application servers, and the connection to the Internet. The academic and administrative server network routers are connected to two opposite face backbone routers to ensure the highest availability of connectivity. The router to the Internet is connected in the same fashion as local area network routers. This connectivity is provided by GTEI over a 100mb connection.

Stanford has been very active in the high speed networks being developed for the research and education communities and is a charter member of Internet2 and CalREN-2 (California Regional Network). Network traffic destined for other member institutions travels at speed of up to 2gps over either the vBNS or the Abilene network.

Stanford community members who are traveling or are off-campus can access network services remotely via the University's high-speed modem pool as well as via ISDN, DSL, Cable Modems services.

Distributed Computing

Stanford supports a highly distributed, heterogeneous computing environment. Layered on top of the SUNet infrastructure is a broad set of services which provide the basic building blocks for applications and users. These services include authentication, directory services, electronic communication, file services, and information services. (Figure 2)

The core of computer and network security at Stanford is the SUNet ID, a unique, persistent identifier associated with each person utilizing computer or network services. This ID, in combination with kerberos as the authentication mechanism, provides authenticated access to compute servers, lab machines, mail servers, administrative applications, the modem pool, and web-based services through a locally developed product called Webauth. Kerberos 4, running on one master and two replicated servers, is the primary service supported today. Kerberos 5, also running on one master and two replicated servers will be supported in the near future. Because of the homogeneous nature of computing, Kerberos is supported across a variety of desktops. This support is provided natively on Unix desktops and through locally developed tools, PC- and MacLeland, on PCs and Macintoshes. This support is tightly integrated on the desktop so that single sign-on is available across many applications.

In addition to the SUNet ID, applications and services have many other information requirements. Information about people at Stanford is managed and provided through an infrastructure built around a person registry and an LDAP-based directory service. (Figure 3) The registry is a transaction system which interacts with the end-user through a web interface and University source systems through an event broker. An important aspect of the web interface (Stanford.Who) is that it allows users to specify, at a field level, the privacy level: (world, Stanford-only, or private). The registry ensures that all data changes affecting individuals remains synchronized. This information is then fed to the directory which acts as the information supplier to other systems. This approach will soon be expanded to include information about groups and departments. The current directory is a product from Netscape configured with one supplier and two consumers for general purpose access and another two consumers for use by the electronic mail service.

Information about machines is managed through a locally developed product called Netdb. This database application registers machines connected to the network, assigns IP addresses and automatically updates network services such as Domain Name Service.

The primary electronic mail service at Stanford is POP-based with four servers supporting faculty and staff mailboxes and five servers supporting student mailboxes. Three servers handle sending and receiving mail, which averages over two million messages per week. Alias, forwarding and vacation information is now stored in the directory and these servers make calls to the directory to determine the appropriate destination for incoming mail. An IMAP based electronic mail service is currently being piloted and is intended to support heavy email users. This new service will provide for group accounts and delegation to help reduce the sharing of passwords. Departments and schools may also choose to run electronic mail services locally.  In addition, Stanford supports a majordomo based electronic mail list server. This service has been upgraded with a web interface in order to improve ease of use.

The campus-wide file service is based on the Andrew File System (AFS).  File space is provided for each SUNet ID holder as well as for courses, departments, and specialized academic software. There is a total of 1.5 terabytes of disk space available on 15 user volumes and 5 replication volumes, all of which utilize RAID technology for reliability. AFS directories are accessible from Unix machines, Macintoshes, and PCs running the NT operating system.

The final piece of the infrastructure is the delivery of information. Stanford provides a wide variety of information services through the World Wide Web. There are 3 primary servers running the Apache web server software which provide access to general University information, department and course information, and access to licensed software. In addition, anyone holding a SUNet ID can create a personal web page. Stanford also supports a wide variety of news groups, both public and private to the institution.

Computing Services

In order to meet the growing needs of academic computing, Stanford supplies a variety of Unix resources to support the academic mission.   These resources include a public lab of 120 multi-user workstations, a public lab of 30 graphics workstations, and three high-end compute servers providing a total of 32 processors. A variety of specialized software required by academic courses is licensed and supplied across these machines. 

Support for more general purpose computing is available at approximately 90 Macintosh- and PC-based labs located on campus and in nearly all student residences.   These academic resources, managed by SUL/AIR or by individual schools, all utilize the authentication infrastructure to provide access to the other infrastructure services. These labs are in addition to student-owned computers. Over 90% of students own their own computers. Although most students arrive on campus with a computer, a large number of students purchase a computer through the Stanford Bookstore. 

Forsythe Hall contains a industrial strength data center with over 18,000 square feet of raised floor, temperature controls, power distribution and diesel power backup. This facility houses an IBM 9672-RX4 processor which supports many of the legacy applications and over 50 Unix machines of various flavors including a Sun ES10000.  Forsythe has a total of 8 terrabytes of EMC disk supporting the databases and applications in the on the mainframe, NT and Unix platforms. Stanford Libraries main systems, including HighWire Press, reside in Forsythe as do many the NT servers for the Graduate School of Business. The data center provides facility management services to several external organizations including Stanford University Hospital, the Research Libraries Group, and GTEi.

Sweet Hall, across campus from Forsythe, contains a second data center that supports academic computing resources such as the Leland servers and a significant portion of the enterprise infrastructure (including authentication and directory services and an administrative staff portal web site). The Sweet Hall data center will, by December 1999, have all the same environmental support facilities as does Forsythe UPS, battery back-up and diesel.

Administrative Computing

Stanford's administrative information systems are currently a mixture of mainframe-based, proprietary systems developed in SPIRES (a Stanford developed, hierarchical DBMS), custom developed client/server applications and ERP systems. The SPIRES systems developed in the mid-1980's using an application framework called Prism, are relatively sophisticated and extensively integrated. Features such as forms routing (including email notification), electronic signature, ad hoc reporting, job scheduling and data integration have been in use for over 15 years. The legacy systems were designed and tuned during a period when hardware resources were high priced, and therefore data storage was highly optimized. This combination of lower storage capacities, plus current database integration and application infrastructure functionality, sets a high standard for the new application packages and systems to meet.

Stanford has implemented several systems using client/server technology, including the Office of Development PostGrads system, Student Financial Aid, the University ID Card, and Departmental Expenditure Management System. These were developed at Stanford either from scratch or as major modifications of a vendor package. Experience with ERP vendors began with the Oracle Financials project which is close to completion of its first phase (general ledger) with a second phase for purchasing on hold. PeopleSoft student project is just started with several years of work to complete. After those systems come Human Resources and Space Inventory and Management.

Moving to a network computer paradigm using marketplace ERP applications and tools for administrative systems requires significant investment in infrastructure for authentication, authority, security, directory, database, data backup/recovery, data replication/migration, data warehouse, reporting, directory, job scheduling, change control/migration, desktop management, systems monitoring, incident management, and help desk services. In some of these areas reasonable solutions are in place, others have patchwork solutions and some have not been addressed.

The University Data Warehouse (UDW), developed in the mid-1990's, serves an important role in integrating data from mainframe and relational databases into an integrated image that provides for cross functional reporting as well as reference data. We are in the process of retrofitting some of the UDW management tools - many of which we developed in-house. We have the beginnings of a reporting strategy using ReportMart from Brio Technologies to provide a repository of reports for users. Incident management will be supported using Remedy. Apps*Integrity from ChainLink Technologies provides the basis for the change control/migration process. PVCS from Merant Inc is used for software version control. Oracle is our database of choice although there are several systems using Sybase, including the Data Warehouse, Directory and PostGrads. Authority is a complex, new area that will be addressed over the next year or two.

Security

Dissemination of information being one of the key goals for the University, we operate our backbone without firewalls (some areas within the University have local firewalls), implementing security on a server/application basis. This does create problems as we have very inconsistent systems administration across the University and Stanford is a prime target for hackers. Our Information Security Officer does extensive monitoring of traffic to look for signs of hackers, works closely with local and national law enforcement during actual break-ins, disseminates security information to the community and enforces Stanford's internal network and computer use policies for faculty, staff and students.

Support Services

Like other areas of computing at Stanford the computer support services are both centralized and decentralized. Each school and department is responsible for providing support for their computers, but there are two University-wide programs and a general help-desk facility to assist in these efforts. The Expert Partners Program provides central support for department-designated "Expert Partners" - individuals in departments who are responsible for the maintenance of local personal computers and first line consulting support. The Local Network Administrators program provides similar support for departmentally based network administration. In addition, there are fee-for-service organizations in ITSS that will contract for support of personal computers, LAN's and Unix servers.