Skip to Content

ITPG Meeting Notes 2012-03-15

Printer-friendly versionPrinter-friendly version

Attendees (21):

John Ajao, Masha Aksenova, Tiye Baldwin, Ted Cabeen, Cliff Chabot, Bill Doering, Ann Dundon, Matthew Dunham, Kirk Grier, Richard Kip, Bill Koseluk, Tom Lawton, Dan Lloyd, Elise Meyer, Steve Miley, Bruce Miller, Alan Moses, Tom Putnam, Andy Satomi, Heidi Straub, Paul Weakliem

Administrative Items

The 2/16/2012 Meeting Notes were approved with the following addition: (NB: On 3/9/2012 Matt send a note to the ITPG mailing list with the following: "Just to recap on this topic, after ~2 weeks I've received no negative responses (or even any requests for continued discussion). The only responses in fact were in the positive, along the lines of "I strongly approve using @ucsb.edu for this new service".)

Informational Items

CIO Report - Tom Putnam

Shel Waggener is stepping down after being UC Berkeley's CIO since 2005.  He will be joining Internet2 as Senior Vice President, and provide senior executive leadership for Internet2 NET+ Services.

The ITLC had their annual face-to-face meeting at UCI this month.  Discussions paralleled discussions we've had at UCSB, e.g., the UCPath project is requiring a longer design phase than anticipated, & this phase involves campus staff, Oracle staff, and now they're hiring ucop staff into project positions.  The ITLC discussed how to do it, and who pays for it.  They also discussed how it is decided if a project is enterprise-wide.  These are just like our own OE discussions, and UCSB is farther along in this discussion than UC. UC is still going in different directions.  One reason that the UCPath design effort has taken longer than expected is because, instead of dealing with just 75 interfaces, they have actually found around 200+ interfaces. UCSB uses only around 25.  Officially the schedule has changed by extending the first wave by 6 months, but they only extended the whole project by 3 months.

The system-wide presidential Privacy and Security Committee continues their work.  Our current ECP has been around a while, and is now strained under current laws, e.g., HIPAA.  (NB: The University of California Electronic Communications Policy was originally issued November 17, 2000. A revision was issued in 2005.  A revision to Attachment 2: ECP Implementation Guidelines was issued in 2011.)  HIPAA requires us to monitor access to health information. EVC Lucas chairs the committee, and Karl Heins and Meta Clow participate for UCSB.  The committee has formed guideline definitions for privacy.  One issue is that faculty want to preserve privacy to do anything and everything.  Tom presented a “UC Santa Barbara Campus Update”  to the ITLC.  His PowerPoint briefing is available here.

CISO Report - Tom Putnam

Nothing in addition to UCPath news mentioned above.

Subcommittee Reports

Backbone Engineering Group (BEG) - Glenn Schiferl

They last met in June 2011.

Security Working Group (SEC-WG) – Kevin Schmidt/Karl Heins

They last met on 11/3/2011.

Web Standards and Content Working Group (WSG) - Heidi Straub

They met on 3/6/2012.  The UCSB Web Standards Best Practices have now been updated and published.  They are working on 3 upcoming workshops:  a Social Media scheduled for March 23, 2012, a Web Application Security Workshop scheduled for April 23, 2012, and a Mobile Web Framework scheduled for May 25, 2012.  The Web Application Security Workshop will be taught by a Computer Science graduate student and will look at the issues from a hacker's point of view.  Workshop registration will be available via the UC Learning Center online system.

On a related note, Bruce mentioned that the campus Verizon Wireless sales representative has mentioned a program they have with Apple to help organizations build more apps for Apple platforms.  This would provide the opportunity to work with the Apple group that helps with app development.  Is there any interest in having someone come out to discus this?   They can also discuss mobile device management, e.g., it is possible for those using Exchange activesync to wipe out stolen phones.  Yes, there is interest.  Bruce will email out more information.

ITPG Communications - Ann Dundon

They met on 3/12/2012 to review the survey results for the Lynda.com evaluation project. A total of 46 faculty, students, and staff (both IT and non-IT) had full access to the Lynda.com Online Training Library from mid-January to the end of February; the rate of participation in the evaluation was fairly high. [NB: Actual numbers: 76% (35 people), tried out 79 different courses. 65% (30 people) completed the survey.]  Evaluation project team members are now drafting their report, which they plan to have completed by the next ITPG meeting.

This project arose from two events: a panel discussion at last year's UCCSC about sharing IT training, and the resulting effort to see if UCLA's contract could be extended system-wide, and Arlene Allen's communication with Lynda.com, which led to our obtaining a set of evaluation accounts.  While the TAS did not take on a system-wide Lynda.com contract for this year, however we've learned that in addition to UCLA, UCR and the Division of Agriculture and Natural Resources at UC Davis also have large subscription bases.  They plan to have their report completed by the next ITPG meeting.

Their next meeting will be in April, and that will begin their new meeting schedule of every other month.

Identity Management Subcommittee (IdM) - Matthew Dunham/Karl Heins

Current information on this service is available on their public wiki.  Their projects haven't changed.  They sent out their Identity Migrator emails only to discover that campus anti-phishing education has been working.  They are about halfway through their first group, which was mostly administrative staff.  Faculty and Instructors will be next.

They have been working with Kevin on technology so that the campus wireless service can support 802.1x. 802.1x (NB: using the PEAP MS CHAP V2 authentication mechanism) requires access to clear text passwords.

What is status of ldap.ucsb.edu (new) vs. directory.ucsb.edu (old).  Authentication via directory.ucsb.edu was a two step process.  Authentication via ldap.ucsb.edu is a one step process, however, not all of the UCSBnetIDs have been migrated to ldap.ucsb.edu .

What is status of the Identity Annex that would allow departments to pre-provision ldap accounts that was demonstrated at the last IdM meeting.  This is behind Shibboleth and UC trust in terms of priority, and has not yet authorized.  A request was made to provide this application.  In the meantime, the ID Helpdesk is able to use it, and they can do for you.  One uses the Annex locator and a birthdate to allow one to create an identity.  In terms of federation, one needs to do more authentication, only federated people can authenticate at a certain level of assurance.  

The conversation then evolved into a broader discussion of how the identity management service and the service providers that use it for authentication interact, and the campus wireless service was used as a major example.  The issues that surfaced included:

- Currently wireless guest access is accomplished via a manual process that is not widely known.  Could the Identity Annex be used for this purpose?  Maybe, but it is not intended to be used for short-term, e.g., single day use.

- What services could Identity Annex authorized guest have access to?  Some affiliates need to manually uplift their UCSBnetID to get access to the services that they want?

- Problems like having an instructor with a PPS record that has an end date before the end of the quarter crosses multiple service units.

- What is the coordination between the service providers (SPs) and the Identity Management Service?  There needs to be better understanding of what the service providers are doing.  There is a gap in the support for services.  There needs to be a place to submit the names of services that don't work.  The ID Helpdesk needs to provide better coordination with the service catalog.  The ID Helpdesk will be changing in the near future.  Is there a way to develop a service catalog based on knowing what services can connect to the IdM service?  That doesn't provide a list of all services, because a service can do an anonymous bind and bind as a person.  They encourage people to bind as a service. Matt will coordinate with known services.

Student Email Governance Committee - Matt Dunham

Student members of the committee expressed a strong preference for Google email, which the rest of the committee thinks will cost campus more.   This issue will be forwarded to the ITB.

Liaison Reports

Information Technology Board (ITB) – Richard Kip

They last met on 2/24/2012.  The items discussed were information already shared at the ITPG.

Enterprise Information Systems Planning Group (EISPG) – Lubo Bojilov

They last met on 11/18/2011.

Academic Technology Planning Group (ATPG) - Alan Moses

They last met on 10/24/2011.  Their next meeting is scheduled for 4/6/2012.

OE IT Governance Committee - Doug Drury

There is no change from the status reported at our last ITPG meeting, i.e., they are still working on getting their document into its final form.  The approval path for the document is back to the OE Steering Committee, but there is also supposed to be some broader review.  A question was asked whether the committee could post their membership, and that will be forwarded to the two co-chairs. 

Project Reports - a brief report or location where projects will be located

Financial Information System (FiS) - Tom Putnam

They are currently preparing to go out with an RFI or RFP for implementation partners.  They are looking for integrators who have experience implementing the cloud-based Oracle PeopleSoft Financial System at universities.

Technology Infrastructure Fee (TIF) - Tom Putnam

We have heard that our proposal will be sent out to the Income & Recharge Committee in preparation for an April meeting.

Student Information System (SiS) - Tom Putnam

The last report we heard was that the project has slipped slightly and was trying to get back on schedule.  There was a question whether the STAR conversion was proceeding on schedule.

North Hall Data Center - Kirk Grier

They now have power distributed to the racks, and PDUs are in place in 11 of the 18 racks.  They don't have chilled water doors.  The PDUs have both power and temperature sensing, and they are working to correlate that with the building monitoring.  They have a weekly meeting with FM.  Last week they saw the Metasys system perform.  If there is a component failure, FM is to respond.  What about the chiller?  They are trying to develop these procedures.  They still have a few punch list items, and some other remaining issues, e.g., the UPS maintenance bypass, and integration with the new generator.  The biggest involves the HVAC control in the UPS room, where they are trying to improve airflow in that room.  They now have access to the control system.  Beneficial occupancy is imminent, maybe by the end of this week.

Discussion Items

Member Announcements

Communications Services (Bruce Miller): They are targeting Saturday morning 3/24 for a PBX outage to perform a routine software update.  The outage would occur between 6-7am and could be as brief as 15 minutes.  They are waiting for final confirmation from vendor. 

OIST (Matthew Dunham): Now that we are in DST, he has started working on the CSF bash.