range of bandwidth of universities using Kerberos

John Hascall john at iastate.edu
Wed Apr 23 08:15:55 EDT 2003


> During a visit to Stanford University recently, I was surprised to see 
> users entering the campus network from a variety of places, both inside 
> and outside the campus. At my university in Japan, the security is very 
> strict,  and I can't access most of our data from outside of our 
> firewall and our single building campus.
>          How, I wondered , could Stanford manage to let their users log 
> in from anywhere? The security to do this was provided by Kerberos, I 
> was told. When I returned to my university, I recommended that we look 
> into using a system like Kerberos which would allow our faculty and 
> students (about 1300 members, each with at least one computer) to 
> utilize more of the network from outside of campus through a safe 
> password encryption system.
> 
>        The response I received was that most American universities have 
> a bandwidth of 1G, while our university is operating on a bandwidth of 
> 6 M.  I'm wondering, is this lack of bandwidth a reason for not 
> installing a password encryption system allowing us to use our network 
> from outside the firewall. Are there any examples of universities using 
> Kerberos with a limited bandwidth?

    I doubt most American universities have an off-campus bandwidth
    of 1G, perhaps a few really rich ones like Stanford have that much.
    (or are you talkking about the on-campus "backbone" speed?)

    Kerberos itself will have virtually no impact on your
    use of your off-campus bandwidth -- having it open up
    new services to your users would presumably increase
    your usage (if people aren't going to find a service
    useful, why bother?).

    Remote terminal access (e.g., "kerberized" telnet) will
    likely not add significant traffic, but if you add
    remote file access (e.g. "kerberized" ftp) or remote
    mail access (e.g. "kerberized" pop or imap) it may well.

    When we first installed Kerberos in 1990 we had a
    56Kbs connection and about 1500 computer users.

    Today we have about 35,000 computer users (virtually
    everyone on campus: 27K students, 5K staff and the
    reset recent admits or graduates).  Our connections are:
       150Mbs to I2 via Abilene
        70Mbs to I1 via ICN, divivided into
                 40 Mbs for main campus traffic
                 30 Mbs for dormitory traffic
        40MBs to Univ of Iowa (the "other" large state univ in Iowa)
        10Mbs to Univ of North. Iowa (the small state school in Iowa)
        10MBs to I2 via the Iowa Comm. Net. (ICN)
        10MBs to I1 via Qwest
       ~15MBs in smaller connections to various state agencies and things

    and in the case of the dormitory-I1 traffic we are using packet
    shapers to keep our bandwidth growth somewhat under control.
    Usage data available at http://netview.ait.iastate.edu/cgi-bin/selectline

John



More information about the Kerberos mailing list