Skip to Content

ITPG Meeting 2010-04-15

Printer-friendly versionPrinter-friendly version
Date and Time: 
April 15, 2010 - 9:00am - 11:00am
Phelps 2536

Administrative Items

  1. Minutes of 1/21/10 meeting were posted 4/7/10.
  2. Minutes of 3/18/10 meeting were posted 4/7/10.

Informational Items

  1. Member Announcements
  2. CIO Report - Tom Putnam
  3. CISO Report - Karl Heins
  4. Subcommittee Reports
    1. Backbone Engineering Group (BEG)
    2. Security Working Group (SEC-WG)
    3. Web Standards and Content Working Group (WSG)
    4. ITPG Communications
    5. Identity Management Subcommittee (IdM)
    6. Calendaring Interoperability Workgroup
    7. ITLC E-Mail Outsourcing Project Workgroup
  5. Liaison Reports
    1. Information Technology Board (ITB) – Bruce Miller
    2. Academic Technology Planning Group (ATPG) – Alan Moses
    3. Enterprise Information Systems Planning Group (EISPG) – Deborah Scott
    4. Cyber Infrastructure

Action Items

  1. Annual review of ITPG Charter Document "to ensure that the goals and procedures continue to serve the campus and the ITPG constituencies."
  2. Discussion and approval of revised wiring standards.

Discussion Items

  1. Voice over IP (VoIP) follow-up questions?
  2. Web site: demo and "rollout" discussion

Minutes of ITPG 2010-04-1 Meeting

Attendees: John Ajao, Arlene Allen, Jeffrey Barteet, David Bosso, Ted Cabeen, Ann Dundon, Randall Ehren, Karl Heins, Richard Kip, Tom Lawton, Aaron Martin, Elise Meyer, Bruce Miller, Alan Moses, Ben Price, Tom Putnam, Andy Satomi, Glenn Schiferl, Kevin Schmidt, Deborah Scott, Henry Shatavsky, Heidi Straub, Jim Woods.

Administrative Items

  1. Minutes of 1/21/10 meeting were posted 4/7/10.
  2. Minutes of 3/18/10 meeting were posted 4/7/10.

Tom had a modification to the 3/18/10 minutes.

Informational Items

Member Announcements

Communications Services (Bruce Miller): after a lot of work, Communications Services has sent new billing statements out. They are now off the mainframe printer. They have beta customers for an application to reduce paper printed and to change mail code. They’ve received positive feedback so far. Now they are working on their budget.

OIT (Elise Meyer): We received approval to proceed with RUAC IP address fee billing at $11/address. Billing information is sent to each Departmental Acounting Officer, and they can use an online tool to view the bill details and to make changes. The Campus Emergency Blog team trained some EOC personnel on using the blog, and now we are waiting for the blog to be part of an EOC exercise.

IS&C (Arlene Allen): We believe we are near the end of the mainframe transition to UCOP – all of the milestones have been completed. The Z OS 1.8 upgrade is now complete – this is now in a steady state and will probably not change again. The EISPG is discussing what to do next. The Z9 to z10 hardware upgrade will be occurring this weekend, but it should be transparent. This has been a three-year project, and we are now in a functionally stabilized environment. A printing pilot group is moving ahead with Zytho- based printing, and around 6/30 we are going to stop using all that paper.

Housing & Residential Services (Ben Price): They are working on a department migration to the latest version of Sharepoint, a shift in their staff document procedure, and a new mechanism for handling document management.

SIS&T (Tom Lawton): They have installed a new firewall from Palo Alto that provides a different level of data than they were using before. They need to rewrite their policy of what is available to be looked at for their customers. This tool shows you things about the application (not port level data), and issues alerts based on changes in application or packets. Does this cause grief with respect to the ECP? Their division will form an oversight group to provide them direction.

Administrative Services IT (Henry Shavastasky): They are working on the gift development system.

ISBER (Randall Ehren): ISBER is going through an 8-year audit process, and as part of that, they are looking at dusty policy.

MRL (Jeffrey Barteet): He and Paul Weakliem (CNSI) got a new cluster into production.

MSI (Jim Woods): He attended a Student Affairs meeting regarding an online time reporting system (this is a competitor to Chronos). It’s from UCM and has a SQL Server interface back to PPS. Can UCSB commit to the ongoing maintenance costs of something like Chronos?

LSIT (Alan Moses): They're actively evaluating Microsoft Security Essentials (MSE) as an alternative to Norton. If L&S drops out, then the cost of NAV goes up for everyone else. MSE only works on PCs, but it would be covered by MCCA. They’ve informed COSL. They are currently looking at who could put up a server, and whether it can run as a standalone product. They are not looking at the server access piece. They use Sophos and CLAM AV for server-side virus protection. Since MCCA is licensed based on headcount, MSE could also be used on personally owned machines. LSIT supported L&S departments represent 1,200 licenses. (NB: In FY 07/08 the total campus spend on NAV was 9,450 licenses.)

There are several UCSB folks going to DrupalCon next week. Alan would like to do lunch to find out what people are learning.

SIS&T (Deborah Scott): They are moving forward with establishing a mobile applications working group led by Joe Sabado, that would be similar to WSG. In parallel, they are developing their first prototype iphone app for GOLD, including a course schedule and finals dates. They are working with students. The subcommittee is forming.

IA (Heidi Straub): After several months spent moving, they are now getting back to work. They are reviewing and testing a virtual environment for an Oracle database proprietary product called Advance. They also have a few online projects: udev and web-based application projects.

OIT (Kevin Schmidt): He is working on the purchasing request for the new core router. This also includes wireless network replacement that will provide better redundancy, and trading in of older Access Points (APs) that will support newer firmware and 802.1n. We are currently running 802.1 3AF. Power Over Ethernet restricts AP functionally; we expect to run 2.4 & 5. Not all APs will have n. Also note that in theory, departments are responsible for the maintenance and replacement costs for the APs in their self-funded installations, but we are currently not charging these expenses.

Wireless installations are being subsidized in multiple ways, including free site surveys, and no overhead added by OIT. Wireless installations do continue; see for a list of completed installations. Work in progess includes Bldg 489, Library 3rd, 6th, and 7th floors, and SSMS 1st floor LSIT lab.

Sedgewick Reserve is looking for an upgrade in bandwidth via a radio shot over Santa Ynez Peak via a small tower nicknamed the "toothpick." We are investigating getting access to a state tower. Perhaps this could provide bandwidth to others. The network connection to the NWC Cottages is now in use.

The Core Router Backbone upgrade timeframe: We want to complete the order ASAP, to get a delivery in the first half of July. There are long lead times for this equipment. We also need to do site prep projects. These routers are really large, and we'll need power work for proper redundancy by bringing in a 2nd 208 circuit. In some locations we’ll need new UPS and need air handling work. We'll need larger cabinets, and in some places there is room for a second cabinet for easier migration, but in other places there isn't room. The plan is to get the routers all lined up, and bake and test the configuration; then start installations in early August and finish before the start of classes. We have 6 months to turn in the trade-in items and we have maintenance on the existing equipment until 12/31/10.

Library (John Ajao): The 8th floor wireless installation is planned to be the last one.

COE (Richard Kip): The COE postmaster is on leave, so he's very busy filling in for the postmaster. The COE is replacing all of their servers and hardware. And they are looking at switching from mailman to simpa.

ICESS/Crustal (Aaron Martin): They are continuing to merge their operations and network, and they are trying to build up firewalls.

CIO Report – Tom Putnam

A major issue for the campus continues to be the major applications that are dependent on Adabase and Natural on the mainframe. The mainframe hardware has just been upgraded by UCOP and is okay, but the software base we are using hasn't been maintained for 12 years. The rough estimate cost to get current with all the Adabase, Natural and Operating System software is $4M in effort and time. We can limp along and try and keep the current operating environment up, but we could hit a position where we have to upgrade everyone.

One possible trigger for this is when UCOP wants to upgrade the mainframe hardware. So there is interest in buying new applications or moving existing applications off the mainframe. Student Affairs is looking at doing a code conversion to move the existing applications off the mainframe. Administrative Services is looking to replace the GLO and other financial applications.

A group went to UC Merced to look at their use of UCLA's system, and then they went to UC Davis to look at their implementation of Kuali. These two options are being considered because there are other campuses doing the same thing. UCLA's system is also used by UCOP, UCM, and Boalt (UCB School of Law). In addition to being used by UCD, Kuali is being looked at by UCI, UCSB and UCOP. The sense is that those campuses on Peoplesoft want to move to something else. UCSB has not made a decision yet, and there is no money to do a project. But there are planning funds available, so that when there are funds for doing a project, we’ll know what to do.

In the meantime, we still have an issue with the mainframe software, and we may run out of time. We are developing a strategy to freeze all the applications, so when UCOP buys a new mainframe, we would then buy a small used mainframe at the current software level. But another potential problem is if any of the frozen applications get new requirements.

CISO Report - Karl Heins

The FTC Red Flags Rule impacts the campus by requiring a new program for how we handle account openings. From 7/1 through today, we have had zero red flags on this campus. This will be reported up to the Regents.

The Enterprise Risk Management Group reported on the results from a survey of deans regarding the major concern on this campus. The biggest risk identified is our mainframe applications. All the rest of the risks, such as deferred maintenance, etc., were ranked much lower. The next stage is to grapple with how to work with groups to reduce that risk. Ron Cortez heads the working group.

President Yudof's SSN letter included 7 steps, many of which are steps that what we did for IS3. In response, we have proposed:

  1. That the departments that do use SSNs should scan their desktops to see if any SSNs have leaked out of their main repository.
  2. That these departments also have those people take security training (now available).
  3. To provide encryption for laptops, with an identified encryption standard.

Departments don't have to do a scan of all systems, just target known locations. We encourage people to scan, and Andrew Bowers has documented how to use the Cornell spider. Please note that you will get false positives. There are both Mac and Windows versions. One should scan shares too. If there are people out there that aren't on that short list, let Karl know.

There was a question regarding the primary purpose of this effort, and the answer is to reduce our own risk. As a university we've had a number of cases of SSNs on compromised systems. We need to protect them, and to do that, we need to find where they are. Some places will be missed. This is something that you should be afraid of. Do you have to have them, can you substitute something else, e.g., employee id? Is it portable, can it be locked down? Academic personnel did a purge five years ago, but will still do a scan. You will find something. If you have a unix server, use the tool on the Windows file share.

Breaches are still happening. Karl received a letter from UCLA that there were printouts not disposed of properly. Now the regulations include paper. If you know of something, let him know so there can be proper protection. Andrew will be glad to come and work with you if you need it.

Karl should check how Central Stores disposes of computers. Some IT staff first destroy old hard drives, and others have a cabinet of old hard drives. Student Affairs does a Department of Energy (DOE) wipe of the disk, which involves writing multiple patterns of nulls and 1s to the disk to make sure all data is erased. One department uses a spare cd-bootable machine that runs dband. Someone should put up a resource page on One can use Iron Mountain to shred tapes.

Subcommittee Reports

Backbone Engineering Group (BEG)

Nothing to report.

Security Working Group (SEC-WG)

The group met on March 25. They covered the 7 steps described in Yudo'’s letter. There was an update on the Cornell Spider user test: users have found results. There was also discussion of DNS usage. The media encryption project is looking at Checkpoint Pointsec, Sophos, Microsoft, Bitlocker, and others. More information is available in the Full Disk/Removable Media Encryption Project.

Web Standards and Content Working Group (WSG)

Meta Clow has been working on a privacy notification statement for campus websites that collect information from visitors. If the collected information is general, then the notification can be linked to from the homepage, but if the collected information is personal then the notification should appear on the page where the information is requested. WSG is developing language for the UCSB Web Guide on how websites should specifically do this.

The group wonders what procedures do we have in place to monitor compliance with policies. This is something we need, because there is not a lot of support in place right now. WSG hopes to invite Sandra Featherson to their 5/18 meeting to discuss credit card processing (Payment Card Industry) rules and procedures. A lot of formal procedures need to be followed, but it is not documented online.

ITPG Communications

The website has now been moved to a new server. There is a push to add content. We plan to launch the site around Solstice. (It was suggested that only those who contribute content can attend the launch party1) Once it is officially launched it will be made available outside of campus.

The question arose, what about security information? You can restrict content access by to a group, campus or public.

EISPG users were confused that they needed to log in to access restricted content on the site. Access denied message will be customized to say you may need to log in. There is documentation on How to Use This Site, but you can call Ann at any time if you have questions. There is a place to post projects on the site, e.g., The campus 10Gb/s backbone upgrade.

Identity Management Subcommittee (IdM)

At their last meeting they came up with an outline from which to develop a white paper to provide direction to project.

Calendaring Interoperability Workgroup

Nothing to report.

ITLC E-Mail Outsourcing Project Workgroup

The report from the system-wide workgroup is due early April. ITPSO has decided to build a risk assessment framework for outsourcing email, so that people can be educated about the issues, e.g., can the Chinese look at your email. ITPSO won't be done for a couple more weeks. Then jointly the report and the framework will be distributed.

Liaison Reports

Information Technology Board (ITB) – Bruce Miller

The ITB next meets tomorrow. A standing discussion item is DOOM, or "Death of the Mainframe."

Academic Technology Planning Group (ATPG) – Alan Moses

They met for a jam-packed meeting last month. Alan provided an update on Collaborate. There was discussion that L&S is funding GauchoSpace for their needs, but what about the needs beyond L&S. There was a side conversation about Intellectual Property issues, since more were materials going online. There was a question of what is fair use (appropriate practice).

Enterprise Information Systems Planning Group (EISPG) – Deborah Scott

Thank you Ann for website support.

The group met twice since the last ITPG meeting. EISPG is reviewing the 2005 EISPG document that outlined that the highest priorities were to replace the campus Student Information System (SIS) and Financial Information System (FIS). The plan is to update that document with scenarios and costs for a full vendor implementation of a new SIS and a new Financial system. The SIS backup plan is to take the 30-year old code and to work with vendors that do automated conversion to more modern environment. This would preserve the 30 years of policy and decisions.

The goal is to be off the mainframe 2 years from now. GOLD and eGrades were written around the mainframe. Hopefully we would just need to reknit the interface to the ancillary systems. They will need to do a conversion due diligence and the next steps are to do the Proof of Concept and an RFP to select the best vendor.

The FIS backup position is to leverage what another campus is doing. UCD is implementing Kuali Financials, a community source software package, and UCLA has their home-grown system. UCLA's system is nearing end of life, and they are funded to research their future options, and depending on their choices we may face a significant re-implementation. On the other hand, Kuali is just at beginning of its life cycle. Do we want to be early or late on the curve? Research and analysis continues on these options.

Cyber Infrastructure

The North Hall Data Center bid is on the street.

Action Items

Item One: Annual review of the ITPG Charter Document "to ensure that the goals and procedures continue to serve the campus and the ITPG constituencies."

No one voiced issues, but some commented that the ITPG has really been great this past year. The next step is to transition leadership. Position statements will be presented in June, with the election in July. We need to set up a nominating committee. Email Bruce if you are interested in being on the nominating committee. There was a request that the election schedule be added to the website.

Bruce suggested that we should add a task to the ITPG charter to annually prepare a report on what we accomplished for the year, and present it to the ITB. It could also include major issues identified by the group.

Item Two: Discussion and approval of revised wiring standards. Glenn Schiferl (BEG Co-chair)

In March 2008 we hired PlanNet Consulting, and started a process that included input from FM, B&P, CS wiring technicians, and people using wiring for alarm, door lock, and security systems. We also incorporated our shared experiences of value engineering. This process took 2 years. Our goal was to make a document that could both be pushed through and have teeth. Our target was the minimum standards for a first rate university that you would expect to have in new buildings.

We are bringing it to ITPG, for approval of both the technical content and our process, and following approval to take it to ITB. Tom Putnam spoke with Marc Fisher about how to give it more force, and the suggestion was to submit it to the Campus Planning Committee (CPC). The effect would be that it becomes policy, but it can be overridden. The CPC process is to have a member champion an issue, and there would be a presentation at one meeting followed by a vote on the issue at the next meeting. The EVC has agreed to be the champion. Either after this or in parallel we have a quote from the consultant to convert the document to bid document format and to produce a usable summary. Concerned staff should have been at BEG or had input into the process. Is there a way to review upcoming projects to see if they are complying?

The ITPG had a vote and unanimously approved the draft BEG Communications Infrastructure Standards. The next step is to present both the draft standards and the concept that the standards should be used to the ITB.

Discussion Items

  1. Voice over IP (VoIP) follow-up questions? Email presenters with questions
  2. Web site: demo and "rollout" discussion

    There was a brief demonstration of how to add a Shared Resource to the site.

    1. Login with your UCSBNetID.
    2. From the left menu, select Create Content > Shared resource
    3. Copying and pasting from Word is possible but not recommended.
    4. Content access can be limited to groups, campus, or public (note if public, anonymous users can view Shared resources, but not edit them. editing privileges are limited to authenticated users only.