This is part 1 of a 2 part post. 


Post one: The OLD way of doing DSL on campus.


So for the past few years I have been part of a team that provides DSL access to various test teams on campus.  For a company like MSFT testing the "home scenario" is very important.  So to do that test teams pulled in DSL lines from Verizon or Qwest.  They had two ways of connecting to the internet once they line was provided by the telco.  They would use MSFT as the ISP or the Telco (Verizon online).  


Some teams used MSFT and some used the telco and did not even think about what this involved.  From a SECURITY stand point the telco provided internet was very bad.  This would mean a team would have internet access in/out that was not monitored by our Corp IT security team.    It was unfiltered and a huge whole.  It also cost more money. 


For the MSFT ISP.  We pulled in lines (Frame-Relay/ATM) from the telco to Datacenters and the DSL lines would then link to these lines.  Internet egress would then go through MSFT’s normal internet access (Via MSN).  This allowed us to limit some high risk ports while still providing the test teams the “home scenario”. 


With MSFT ISP there is a fine line between what could be offered to a test team and what MUST be limited for security reasons.  For example Windows File and Print Services, SQL, VPN, FTP.  Test teams normally bitch with any mention of ACLing ports.  But most of this bitching is just because they don’t know any better.  They did not know what ports their product used or required and most of them don’t have a clue how networking or even DSL works.  They just want something is like what they have at home.  There is also the issue that the phone line (analog) that the DSL came on could be connected to a modem and allow un-authorized dial in access to the corp network.


The cost of providing this service to teams was also VERY expensive.  It costs about $2,000 per line per year for a DSL line that goes to the telco for internet access.  This was a huge hit for some labs that have 100+ DSL lines.  It also was expensive for the install.  Verizon would slap on a ~200.00 charge per line for a tech to come out and verify it worked.  I cannot count how many times I had to walk the Verizon tech through how to verify the DSL line was working over the phone, and Verizon was charging us for this visit.  It was amazing! 


The reason why the DSL costs ~$2,000.00 per year is these are Business class DSL lines not residential.  Along with the cost of the analog service (Verizon does not offer DSL only like Qwest) and ISP services.


Lab moves happen all the time on campus.  So a lab with a bunch of DSL lines would have to pay to have new lines installed in their new lab and the old ones disconnected.  Again paying the install fees and the tech visit fees. 


With the change in DSL services nationwide the default 256k/256k (or 768k/128k for Verizon) was out in most major cities.  So the ability for the testers to keep a bunch of DSL lines that had various speed settings was a pain and expensive.   Another option was to call Verizon when you need a line speed changed.  This would require a 5 day delay and about $100.00.


So with this original version security holes were a major issue.   It cost a lot of money and just did not scale/move well.