A Modern University Raises the Bar: A Network Infrastructure That’s Secure, Agile, and Invisible Based on Cisco DNA
Founded in 1479, the University of Copenhagen has all the historic charms you would expect of Scandinavia’s second-oldest university. For all its impressive history, however, it is very much a modern university with a global reputation, ranked first among Scandinavian universities, and sixth in Europe.
A total of 37,500 students enroll in the University of Copenhagen (also known by its Danish initials, KU) every year, and the university employs 16,000 people across four large campuses and an additional handful of smaller campuses across Denmark. With 290 new startups launched out of the university every year, it’s no surprise that KU contributes the equivalent of $4.5 billion USD to the Danish economy annually, five times the public’s investment.
Until recently, though, our IT infrastructure was less than modern. It was not standardized across departments, which made it complicated to see and control the security of our network. Imagine dealing with 34 different firewalls—only 24 of them active—and 42,000 switch-ports, some of them more than 12 years old! What you can do with a 12-year-old switch is very limited, and it certainly limited any changes we could make. Everything was layered on top of an aged infrastructure installation.
Our legacy architecture obstructed our innovation and growth, exposing the university to cybersecurity threats. It also increased our operational costs, as it was becoming more and more complex just to keep it running as it should. As Denmark’s largest university and with a fast-growing student population, KU needed a fundamental change to support our research needs and to fulfill the expectations of new generations of students.
In other words, we needed an infrastructure that catered to the needs and requirements of modern campus life.
Built for Innovation, Mobility, and Flexibility
KU prides itself on being a hub of innovation and research, and is the home institution to 5,000 graduate students. Attracting and retaining academic talent is one of our key pillars, but our IT infrastructure did not enable the innovation that defined our programming, and the security that innovation requires. For example, we have many publicly funded research projects on the go at one time, and it is paramount that the research data not leave KU.
What’s more, new data protection legislation made it even more important to gain visibility and control over the activity in our network. Our infrastructure did not live up to these security requirements for our researchers or for compliance with the new legislation. In order to execute on our strategy and to further enable innovation, we had to make some changes.
We had another issue to consider, too. KU consists of multiple faculties across Copenhagen. Students move from one faculty to the next, and this presented problems with our old infrastructure because users couldn’t access the same systems between faculties. They got creative with workarounds, such as saving their documents to Dropbox, but they were unsatisfied with the lack of mobility. Everyone needed to have the same secure access to digital resources across our campuses, and our system didn’t have the flexibility people needed to move from faculty to faculty without issue.
As an IT professional managing the back end of our network, being in such a reactive posture was frustrating and exhausting, not to mention expensive. Our limited visibility into our infrastructure meant we were unaware of potential security threats to students and the university’s own data. The legacy system was not only time consuming to manage, but it was frequently an obstacle to implementing new solutions.
Our network specialists spent their days dealing with problems such as determining which port goes into which switch, and as time went on, this all resulted in accelerating operational costs. I knew our people could spend their time better. If we could just introduce automation, we could be more agile and end that overspending. So that’s what we set out to do.
Picking the Right Solution
When I joined KU in 2013, IT was spread across five different departments. Then, three years ago, we began our modernization effort by amalgamating those five departments into one IT department across the entire university. I am now head of network and data center.
With all of IT under one roof, it was now time to find a networking solution that could do everything we wanted. KU has a five-year strategy focused on four special areas of engagement. Apart from attracting, developing, and retaining academic talent, our other three pillars are: education with closer ties to research and practice; collaboration and social commitment with national and international partners; and becoming a unified university.
We needed an infrastructure that would enable that holistic vision. We’d been using a legacy platform, and while it had a lot of different products, they didn’t offer a single solution that matched all of our ambitions. To get the network visibility we required, we would have to work with a third-party provider. By contrast, we discovered Cisco Digital Network Architecture (DNA), a software-defined platform that could do much more of what we needed. Software-Defined Access would give KU the best and most secure network in the industry, and it would also allow for automation. KU had considered Cisco in the past, but their solution had matured considerably since then, and it now offered the high visibility we wanted—and desperately needed.
Another reason we were interested in Cisco is because they’re so well established in Denmark. They’re always ahead of the curve, and they have many partners here, which is a huge advantage. It makes it that much easier for us to receive consultations and advice on whatever Cisco products may fit our needs now and in the future.
We heard good things from other Cisco customers, and Cisco invested time in us by engaging us in workshops and inviting us to Cisco Live—all before we bought the solution. I was also impressed by Cisco Networking Academy, which is a much better education platform than we’d seen with other solutions providers.
Even with all of these factors in Cisco’s favor, we didn’t make this decision lightly, or quickly. Our wish list was lengthy, so we spent a long time investigating the market and exploring different options. After that, we ran a POC, and only then did we feel we had done the appropriate research necessary. We were ready to commit to a large-scale deployment with Cisco.
Putting Plans in Motion
At the moment, we are in an early phase of the project, working on the design through Cisco Advanced Services with our partner, Netteam. Our plan is to undergo two pilots before the full implementation begins, and then rolling out the solution one campus at a time. The specialists at Netteam will aid with both the planning and execution of those tests, as well as the accelerated rollout of the first sites and assist with implementation of the rest of the new network in the coming years.
We have a DNA Premier software subscription that will allow for centralized management, automation, and flexible network segmentation. DNA Premier also includes Cisco Stealthwatch and Cisco Identity Services Engine (ISE), which will help us with threat detection and to streamline security policy management. In terms of hardware, we are planning to use around 800 Cisco Catalyst 9000 series switches, alongside three Cisco and one test Cisco DNA Center. We plan to deploy the multi-domain functionality with our existing Application Centric Infrastructure (ACI) data center network.
Shooting for the Stars
At the end of this process, we’ll have an infrastructure that will be in line with KU’s five-year strategy, fulfill student expectations, and increase operational efficiency across the university’s campuses.
Students will have the flexibility to move from faculty to faculty as they wish. We will have threat detection and security compliance. We will have operational cost savings and financial predictability through automation, segmentation, and better insights. And, having replaced the aging platform, we will see improved agility and deployment times for new sites and services, which will bolster the speed of innovation.
This is an ongoing journey, but I have confidence the Cisco solutions we’ve chosen will help us achieve our goals. My dream is for KU’s network to be as invisible as electricity: it will always be there when users need it, with the consistency that users will never have to question.