Skip to Content

ITPG Meeting Minutes - 2010-07-15

Printer-friendly versionPrinter-friendly version


Attendees: John Ajao, Arlene Allen, Michael Colee, Mark Dotson, Ann Dundon, Matthew Dunham, Randall Ehren, Kirk Grier, Tom Lawton, Elise Meyer, Steve Miley, Bruce Miller, Alan Moses, Mike Oliva, Tom Putnam, Andy Satomi, Deborah Scott, Heidi Straub, Yentran Tran, Don Voita, Paul Weakliem, Jim Woods

Administrative Items

1. Minutes of 06/17/10 meeting were posted 7/10/10.

2. Election of vice-chair

Richard Kip was elected ITPG vice-chair for 2010/2011.

Informational Items

Member Announcements

Communications Services (Ann Dundon): There was a successful training session for

LSIT (Alan Moses): Through a cooperative effort with ISBER, Letters & Sciences and GGSE, the campus now has a site license for SPSS.  This has been funded up front, and so there is no cost recovery at the enduser level.  Regarding cloud services, they are looking at 3-4 applications, and thinking about where it could live.  But they aren’t ready to do it now, but would in 2 years.

SIS&T (Deborah Scott): They are trying to outsource hosting a Credit Card system, but they are having trouble with the contract.

H&RS (Yentran Tran): No cloud computing.

EVC/Academic Senate (Andy Satomi): No cloud computing.

ISBER (Randall Ehren): They use via Amazon, which is an online file syncing service.  You get one folder in “My Documents” and 2 gigabytes of storage for free.  You always have a copy on your hard drive and they do revision control.  You can also access it from a web browser.  This service can be used to collaborate.  (Steve Miley noted that there would be a training video available soon on about, in addition to Skype and opera unite (turn it into a server)).  Files stored on dropbox are fully encrypted.  (Andy Satomi uses JungleDisk because it allowed controlled access on shared folders, but now dropbox has capability.)

Earth Research Institute/ERI (Michael Colee): He has poked at cloud computing, but the bandwidth is too slow for their needs.

IC (Steve Miley): Collaborate is offering a lot of resources to GauchoSpace, and they now have additional staff in James. GauchoSpace is getting decentralized for training, so they are looking to certifying trainers, or using an orientation specialist.  They are considering the same approach for support.  They are going to do an upgrade on Aug 1, which includes new modules and synchronization.  They are investigating Joyent, which provides dell & open solaris platforms.  They are experimenting with their support structure, ease of use, and scalability.  They pay $125/month for one virtual machine.  They could spin up a moodle environment in 15 minutes.  They might participate in a UC cloud.  (Matthew Dunham suggested that when we talk about cloud computing we define whether we are talking about cloud services that provide infrastructure, platforms, or software.)

OIST (Arlene Allen): They run a private cloud, working on virtual infrastructures, which includes both virtual servers and virtual storage.  There is a UC-wide discussion about infrastructure as a service.  She is using the IDM project space on to blog about different subjects on IDM, such as  what is UC Trust.

OIST (Kirk Grier): Mainframe printing is coming to an end. There will be a Directory outage this weekend.  They are offering their IBM equipment to anyone who will give it a useful life (rather than just sell it).  Contact Kirk if you are interested.

OIST (Elise Meyer): The NGB gear has arrived and is on the floor above us.  Thank you to those who provided content for our campus video report to UCCSC.  Please go to to follow links to viewing the presentations remotely.  She and Ann Dundon will be doing a presentation on the campus emergency blog system.  Personal cloud computing use is using the Thunderbird add-on “Google Contacts” to synchronize Thunderbird addressbooks.

CIO Report - Tom Putnam – The Regents approved a resolution to ensure commonality and best practices across all administrative applications.  (NB: The final wording is available at .)  The tone of the discussion was that UCOP didn’t want central control, but rather wanted leverage between the campuses.  They wanted to influence, not govern the activity, and none of it would be run from Oakland, nor would they initiate efforts.  Also, this wouldn’t come into play until a campus was looking to migrate to a new system.  Our FIS efforts to partner with either UCLA or UCD could benefit from this movement, with no interest loans from UCOP to encourage the partnering.  The FIS includes GLO, A/P, Purchasing and Datawarehouse.  The SIS plan is to port an existing system, not change it.

CISO Report - Tom Putnam (for Karl Heins):  The campuses were asked to send letter to UCOP with respect to use of SSNs on campus, and ours was submitted.  It says we've got things pretty much under control, and there are some places we want to get rid of them, e.g., Extension, which is getting a new system.  There was also a statewide SSN report about use of SSN, that was due 7/1 to legislature, in which we provided a similar summary.  SSNs are required, but we safeguard them and try to minimize their use.  We thought we had found an encryption solution for laptops etc., and we were focusing on the pointsec security package.  However through discussions in the ITPSO systemwide committee (Information Technology Policy & Security Officers) we learned that UCLA Medical Center had trouble with it, it’s a bear to setup and hard to use unless one has a monolithic active directory environment.  UCLAMC is discussing a university-wide license with PGP at a steep discounted price. Stay tuned.  Encryption and decryption packages also need a key caching system, so that one can manage, retrieve and update security keys.  Contact Karl if you are interested.  Our current appraisal of the need for encryption on this campus is minimal.  People are careful to either not carry around PII or encrypt it if they do.  Alan Moses commented that there is ongoing interest because some granting agencies are now requiring data encryption.  Steve Miley added that there are many hardware encryption solutions available now, such as home folder encryption with file vault on a Mac.  Arlene Allen noted that all current laptops include trusted computing framework chips for hardware encryption.  But these solutions have the escrow problem, i.e., when an employee leaves, or when a faculty member forgets their password.  IS-3 requires us to implement a password/escrow management system.

Communications Services (Bruce Miller): They are doing lots of maintenance projects including making room for the new core router.  They still see strong demand for the printed directory.  These are ordered by MSOs. They have now extracted the data from ldap for printing the directory. Michael Colee said that they were looking for an efficient way to substitute ERI for Crustal and ICESS to ERI, and they haven’t found a way to do that yet.  No cloud computing.

Subcommittee Reports

Backbone Engineering Group (BEG) - Elise Meyer

The consultants completed their first project by adding references into the full standards for the categories listed in the worksheet.  They are now working on the Division 29 version of our standards.

Security Working Group (SEC-WG) – no report.

Web Standards and Content Working Group (WSG) - Ann Dundon

They had their 2nd Drupal brown bag, which focused on building Drupal websites. 30 people attended from 26 depts.  Their next training event is an accessibility workshop on August 5th that will feature a screen reader demonstration.  You will be able to see how websites appear to one who is visually disabled.  Their next meeting is Thursday 7/24, to not conflict with UCCSC. One  of their discussion topics will be rss newsfeeds, and how to best share news.

ITPG Communications - Ann Dundon

A training workshop was attended by 15 people, in which all created content.  We may offer another one in the fall.

Identity Management Subcommittee (IdM) - Matthew Dunham

(NB: The technical discussions and decisions regarding the Identity Management Service happen at the IDM meetings, of which the next is August 25th at 2:00 in SAASB 2001A.)  Discussion at the last meeting included: the needs for role based authorization, and the existence of silo authentications systems and whether they can be federated.  Matt has been pushing hard to get the OIST IDM system back on the rails.  He plans to send out the next generation schema soon, and it will be somewhat different.  If you use LDAP programmatically, please look at it.  (NB: The proposed schema sent out on 7/19/10 is located here and there will be a meeting to discuss this 7/29 at 2:00 in Phelps Hall 1514.)  There was discussion of some of the current thinking about the IDM Service: We have a directory, not really an identity management system, but we use it as a DBMS, so it contains lots of metadata.  In the next generation system, there will be true a DBMS, so the directory will have less metadata.  For example, currently the full department name is self editable.  In the design change that will no longer be the case.  There are several fields that need to be reconciled e.g., ucsb release, ucsb release student and other NFR flags.  It needs to be able to deal with NFR students.  A question was asked whether you will be able to tell difference between visiting faculty, faculty, etc.  They hope that there will be the ability to enter faculty roles, and there also needs to be an interface for adding visitors.  The current architecture has everything in the directory, and the next generation architecture will have person object data in a sql database, and the identity manager product will poll sql service.  It will provision data out to children directories, e.g., active directory, ldap, /etc/passwd .  The metadata will only be in the sql and will be pushed out to the children directories.  These changes will also facilitate UC Trust, which requires the federation of LDAP.  One will need to show ID so that the directory knows that you are who you say you are, and your info is now in UC Trust LDAP that can be federated with other UCs.  The target specification that was approved by ITB and funded by EVC includes 3 children directories: umail,, and a directory to support UC Trust (satellite systems).  The next scheduled meetings are Wednesday 7/21 and 8/25.

Calendaring Interoperability Workgroup - Bruce Miller

There is a draft outline on, that shows techniques for specific tasks. (Because this is a resource, anyone can edit this.)

Liaison Reports

Information Technology Board (ITB) – Bruce Miller

Their next meeting is tomorrow.

Enterprise Information Systems Planning Group (EISPG) – Deborah Scott

Status for the SIS conversion project: the RFP is on the street and they expect good response.  There were two bidders’ conferences.  The responses are due at the end of next week.  The process includes having the top respondents doing a proof of concept.  Each of the vendors uses a different percentage of automated vs. manual conversion.  They hope to have a vendor selected by January.  Student Affairs has joined into a partnership with the Graduate Division, where they are joining their information technology into SIS&T.  So they have included the Graduate Division tools in the SIS RFP.  SIS&T is helping them do basic triage and streamlining.  They found lots of manual querying and mailing of files around.  Next week they will start routing their domain, and put them behind the Student Affairs firewall.  Ancient History: Arlene, Bob Kunz and one other visited Multnomah county Oregon in 1978 to investigate Adabase and Software AG.

Research CyberInfrastructure - Arlene Allen

There is UC wide activity in shared infrastructure computing.  There are clusters located at SDSC and LBL that have been allocated to 24 PIs.  UC is trying to build on that concept.

UCCSC - Elise Meyer

Thanks to those who contributed content for the campus report video.  The conference is next Monday & Tuesday, and you can participate from your desktop.  (NB: The presentations are available online at )

Discussion Items

1. Items to bring to ITB Meeting (Jim Woods)

Continuation of Cloud Services Survey:

MSI (Jim Woods):  They purchased the Coupa(sp?) hosted purchasing system, which is an eprocurement system similar to UCLA's system.  It can handle catalogs and allows punch outs to Dell’s site, where you can fill out a shopping cart there, and then returns you to local system to complete purchase.  It handles approval based on managerial or dollar amounts, and it has both an invoicing and a budget component.  They are looking to synchronize purchasing data with their budgeting system.  The Library is now using it too.  They use jungle disk for backups, and have used Amazon cloud computing services.  There was a comment that IS-3 and IS-10 give all the guidance that you need for the question of whether you can put sensitive data on remote services.  UCB is still working on risk assessment framework for cloud computing.

Instructional Computing (Matthew Dunham): They use central desktop which is kind of like a platform agnostic Sharepoint.  It is also similar to googledocs with revisions and project management.  It is free for groups of less than 5-6 people.  In the Software as Service type of product they use Logic Monitor from former UCSB employee Steve Francis.  It is an enterprise it monitoring service.  It detects all of your systems, services, etc, and decides how to monitor them with intelligent metrics.  They do have an educational discount.

Library (John Ajao)
: They are using the NSF funded research ready net, which is a research and education deposit network, providing a working stage for migrating data to the wide network.

2. Develop a "short list" of IT issues in need of coordination which the ITPG or Subcommittees should address. See June minutes for some proposed issues.

Should these issues be addressed via a presentation or lab-based environment instead of forming a committee?

-  Cloud hosting of drupal sites – Heidi Straub mentioned that there was webinar available on the topic of Amazon Web Services Building Blocks for Drupal Applications and Hosting .  Are there any policy issues with remotely hosted websites on Amazon web services?  Amazon allows you to pick your region where your data will be stored.  What departments want is a Content Management tool what can you do without any more investment.

-  There is grass roots momentum for mobile applications.  People want functions available for iphone & droid.  The Library is interested in the following types of applications: library hours, and “Ask a Librarian”.  Should these be developed as an application or a style sheet?  Let's form mobile standards subcommittee.  Joe Sabado has been spearheading the SA effort.  UCSD has coded true iphone applications .