Estimated reading time: 8 minutes
By Rob Vietzke, Internet2 Vice President, Network Services
This whitepaper describes how campus, regional, and Internet2 networks provide access to cloud-based learning today, and what will change as campuses migrate to online learning by off-campus students. This information is intended to help campus leaders understand these changes.
While COVID-19 presents unprecedented uncertainty, Research and Education Networks (R&E Networks) will play an important role in supporting our campuses and K12 schools as they move online. Infrastructure usage patterns are already changing greatly from traditional campus learning environments, in part because of the massive shift of users from purpose-built campus networks to consumer-oriented home networks.
When students and faculty are on campus, they use a well-tuned campus infrastructure that is blended with remote cloud computing resources through state and regional R&E networks and Internet2. Those networks are provisioned with substantial capacity for research data and also afford “headroom” for activities like Learning Management Systems and video-based online learning applications. These learning applications are often hosted on servers that are actually located off-campus in cloud computing data centers. When on campus, student traffic travels over R&E networks to these remote data centers. We can expect that network traffic patterns will change when campuses implement COVID-19 “work from home” and “learn from home”. This paper outlines a few scenarios on the potential effect this shift in the location of users may have on the way in which online resources are reached.
It is important to note that the following scenarios depict typical traffic patterns. There will be situations where a different traffic pattern will occur, or specialized engineering is in place that may impact specific campus patterns.
Scenario 1 – How Network Access to Online Resources Works from Campus Today and how campus participants in online education will continue to work
Let’s start by showing how faculty, staff and students on a campus ordinarily reach cloud-based learning resources. In this typical instance, a student on campus uses the campus network, a state or regional R&E network and Internet2 to reach the cloud data center. These networks are all tuned with abundant capacity that anticipates the historical usage patterns of faculty, staff and students on campuses and the academic schedule’s usage demands.
We can expect that as students move to residence halls and other spaces on their campus for online learning, they should have an excellent user experience that leverages long term investment in high quality networks on the campus, in the region and nationally. Those networks are already tuned for a typically much larger user base and should not require any remediation for the new use. Internet2 and regional networks are actively monitoring the network traffic patterns for these users as an added layer of assurance.
Scenario #2 – Students and Faculty learn/work from home and campus moves teaching online using cloud-based resources
When students reposition to home locations, these traffic patterns change. In most cases, it is likely that the network traffic from the student to the cloud providers where their institution’s learning management systems and video applications reside will use commercial networks (i.e., the broadband in their home or apartment) and will no longer traverse the R&E networks. The exact path a home user takes to a cloud provider is somewhat opaque and not manageable by the institutional IT staff that normally plan the path and performance characteristics of network traffic. The consumer commercial networks are generally designed around peak consumer utilization (ex: Friday night Netflix streaming) rather than the academic schedule or academic applications that R&E networks tune for. The consumer networks also do not support large research data sets and as a result may have less inherent “headroom” for the sudden growth of video and online learning.
A large influx of new traffic for online learning, together with other increases in daytime home use, may take some time for these networks to absorb. Some congestion of these networks and their interconnections to cloud providers may exist on the home networks that could impede performance of online learning in unanticipated ways. Planners may wish to consider contingencies for poor performing online experiences as these issues are diagnosed and capacity is added.
On the upside, announcements in the media indicate some consumer networks are lifting usage caps and surging resources to respond to expected new traffic. Within their deployed infrastructure, this will make a big difference in reducing any artificial constraints. However, more work investment in physical capacity and interconnections may be required to support the new applications. That necessarily will take a little time and human effort to ship parts, install equipment and configure the new capacity.
Scenario 3 – Access to campus from home using a VPN to gain access to online resources in the cloud or other resources on the campus
One potential variation to the scenario above is for faculty and staff who use a Virtual Private Network (VPN) client on their computer to secure a path to the campus. Some campuses require or advise their faculty (and to a lesser extent students) to utilize a VPN to securely access resources that are located on the campus (e.g., ERP systems used by administrators, research data sets including virus research, and learning resources that are not in the cloud).
VPNs can be configured to route all of the user’s traffic (both traffic to on-campus systems and the rest of the Internet) to the campus VPN server, or they can be configured to send only campus traffic to the VPN server. The latter, sending only campus traffic to the VPN server, is known as a “split tunnel” configuration.
Without split tunnel, traffic to services such as Zoom and Canvas will first travel to the campus VPN server, then it will use the campus’s connectivity to travel to its destination (e.g., traffic to Zoom would first travel to the campus network, then the regional network, then to Internet2). With a split tunnel, only traffic destined for resources within the campus network will travel to the VPN server, traffic to other sites, such as Zoom and Canvas will traverse the users normal commercial home connection.
Using split tunnel for off-campus users can improve their performance to services such as Zoom, as well as reduce the load on the campus VPN server. However there can be security tradeoffs. Some campuses may require that all traffic be directed to the on-campus VPN server so that it can be routed through devices such as firewalls and intrusion detection/prevention systems.
Increased off-campus access via a VPN server may require additional capacity both for the VPN server and the number of licenses it supports.
Other Planning Considerations
Cloud Scaling Capacity
This paper focuses primarily on the networks that connect learners to their learning platforms. It is also important to consider capacity planning and management on the server platforms and software applications for online learning required to meet the additional demand. Current trends are that campuses are actively moving from 100’s of administrative users on their video collaboration platforms to potentially tens of thousands of students tomorrow. This will most certainly require more storage, compute resources and licensing for those platforms than is currently in place. For those institutions that host their applications in the cloud or in virtualized compute environments, they may be able to leverage the scalability of those platforms for the compute and storage portions of this expansion and adapt quickly. In other instances, more hardware may be required.
In the cloud, scaling is not only about an institution’s scale-up, but also about the reality that other institutions are also making this switch at the same time. This reasonably could result in not just one institution’s tens of thousands of new users, but instead tens of millions of new users trying to access cloud-based applications in a way that was not previously tested. These capacity constraints can most certainly be addressed, but it is important to recognize the effort and time that providers may need to adjust.
Home Network Types and Wi-Fi Routers/Devices
Once users move home, they typically connect to a home router that connects to a cable company, telephone company or fiber provider. Often they have a wifi router that allows them mobility within their home. Some of the oldest of these routers may actually have less capacity than the capacity coming into the home and will require replacement to support multiple users on modern learning applications. While it is outside the scope of this paper, it may be an issue that will require local attention to increase capacity.
R&E support for Community Anchor Institutions
While this document talks about campuses, the same analogies apply to community anchor institutions (CAIs) such as K12 schools, community colleges, public libraries, etc. that also leverage R&E networks. Both the home student and the VPN scenarios likely apply directly to these CAI users. By example, a school district that sends its students home with “thin client” Chromebooks for online learning may, in fact, still rely on district networks to provide web-filtering and other processing for remote students before their traffic hairpins back from the district to online learning cloud providers. This is a notably different traffic situation than a student using a home computer that does not rely on the district’s systems.