Duke ITAC - July 22, 2010 Minutes

Duke ITAC - July 22, 2010 Minutes

ITAC Meeting Minutes
July 22, 2010, 4:00-5:30
RENCI Center
  • Announcements, introductions and meeting minutes
  • Google Apps - Brown University's experience (Mike Pickett)
  • IP address exhaustion and private addressing/NAT directions (Sanjay Rao)
  • Microsoft System Center Configuration Manager update (Mark McCahill, Laurie Harris)


Terry Oas called the meeting to order at 4:02pm. 

Noting no announcements or objections to the minutes from the June 24th meeting, he reminded the council that that August 5th ITAC meeting would be canceled.  The next meeting will be held August 19th.           

Google Apps - Brown University's experience (Mike Pickett)          

Terry Oas welcomed Brown University CIO Mike Pickett, who joined the meeting via videoconference to talk about Brown’s experience with Google Apps Education Edition, a free suite of email and collaborative tools offered by Google.

Mike began by explaining that Brown began looking at Google Apps when the university’s only major data center was being reorganized, setting the challenge of upgrading email service against a unique set of time and resource constraints.  With Google Apps promising a solution sensitive to both time and resources, the university launched an in-depth evaluation of the suite and its technical and political viability in their environment.

According to Mike, a survey comparing Google Apps and Microsoft Live showed that students were very receptive to both products, but showed a slight preference for Google Apps.  Further evaluation revealed that the Google Apps suite was capable of meeting the school’s functional requirements, which included supporting existing email addresses, being free of advertisements, conformation to standards, generous quotas, and strong attachment support.  Google Apps Education Edition is functionally the same as Google Apps for business, and Mike says that the number of successful and well-known companies trusting Google with their business communication was another confidence-building factor during this evaluation.

None of the stakeholders objected to the use of Google Apps, and ultimately, the suite emerged as the official recommendation. Thanks to Rhode Island’s School of Design’s Steve McDonald and Duke’s Tracy Futhey and John Board, who provided guidance during the contract phase, Mike said that Brown was ready for implementation very shortly after coming to this decision.

Brown first rolled out Google Apps to undergraduates in 2009.  Departmental migrations were scheduled starting May 2010, and students hired as “Google Guides” were made available to provide support to users adjusting to the new system.  Since the switch, Mike said that Brown has been very impressed with Google’s adherence to standards (making for easy integration into a user’s existing mail client) and active innovation as seen in Google Labs’ pre-production add-ons to Gmail.  Though he cautioned that allowing users access to “beta” services such as those in Google Labs can result in more support requests when bugs arise, Brown’s experience has been that students appreciate the stream of new tools and integrate them into their educational activities.  In fact, Mike says that many faculty members were so enthusiastic about the tools students were using that they actively encouraged migration of the faculty mail system to Google Apps as well.

Mike then discussed some takeaways from the experience so far.  Though the school was initially nervous about granting access to seven departments asking to be early adopters, Mike says that the process of piloting the system on a smaller scale and receiving feedback proved to make the wider deployment much easier than it otherwise would have been.  Additionally, mobile device support created some unanticipated problems, particularly with regard to calendaring.  Following the elimination of the BlackBerry Enterprise Server (BES), which connected BlackBerry devices to Microsoft Exchange, BlackBerry users found that they were unable to create calendar items.  As a result, Brown decided to replace BlackBerry devices with iPhone and Android alternatives.

From Mike’s point of view, some of the more difficult aspects of this transition have been questions of policy.  For example, Google Sites availability has already resulted in the creation of 80 websites at Brown, and as this service grows in popularity, Mike anticipates a need for site creation guidelines in order to ensure that organizational websites are governed by the appropriate parties.  Other challenges have come from the elimination of Proofpoint, the consolidation of Microsoft Exchange group email to work with Google Groups tools, and some slight confusion resulting from the differences between traditional email user interfaces and Google Mail features, as well as the occasional bug introduced as the result of Brown’s decision to make Google Labs’ beta applications available to their users.

Overall, though, Mike said he felt that the advantages of Google Apps outweigh the inconvenience of changing email systems.  Mike lauded Google for its responsiveness, sharing that the company has received several requests from Brown and addressed each in a timely matter.

Terry thanked Mike for sharing his experiences and opened the floor for questions.

John Board began by asking Mike how Brown’s lawyers came to terms with the fact that Google Mail is not Health Insurance Portability and Accountability Act (HIPAA) compliant.  Mike responded that the Google Apps suite does not claim to be compliant with HIPAA or International Traffic in Arms Regulations (ITAR), so the Brown community is educated about not sending regulated data through these channels.  Mike also indicated that this may be less of a factor for Brown as it would be for Duke, as there is more administrative separation between Brown’s university and hospital systems.

Terry asked Mike to confirm his understanding that Google has a policy not to permanently delete any piece of email.  Mike responded that Google periodically adds to a user’s quota as he or she accumulates data with the hope of eliminating the perceived need to delete emails, but that emails could still be permanently deleted from an account. DSG representative Michael Ansel noted that there is no guarantee that there will be no archival record of an email after a user deletes it from his account.  This comment led to a group discussion about subpoenas; Mike indicated that Google handles them as one would expect, which does create some questions if users cannot permanently remove an email from Google’s records, but this is a risk Brown felt was acceptable when evaluating the value of Google Apps to their institution.

Tracy Futhey asked if the contracts for Google Apps Education Edition and its counterpart for private businesses were as identical as the services themselves.  Mike shared with ITAC that Tracy has been a national leader with the Common Solutions Group in wording contract languages, and admitted that he was not familiar enough with the business suite contract to have noted any differences.  He did feel it was important, however, that Google does not claim ownership over users’ data, as this allows realistic avenues for transferring service and eliminating all records should that be desired.

Terry asked if Brown was exploring any other applications in the Google Apps suite besides email and calendaring.  Mike responded that chat and videochat have become widely accepted and integrated into campus culture as a method for communication.  Google Forms has also been widely used for transforming spreadsheets into email surveys, while Google Docs has become very popular for sharing documents among groups on campus. 

Susan Gerbeth-Jones asked if the contract allowed the ability to run reports and see statistics for email use.  Mike replied that the suite includes a console that can be run by an administrator at the university to run canned reports, as well as control service configurations, such as whether Google Labs applications are available to users.  If the canned reports are insufficient, he explained, a school could request a particular report from Google.

The council thanked Mike for sharing his experiences and expressed a desire to hear his future impressions on the service sometime next year.

IP address exhaustion and private addressing/NAT directions (Sanjay Rao)

Sanjay Rao began by announcing that his co-presenter, Joseph Lopez, was unable to make the meeting.  He then gave an overview of Duke’s IP address concerns.  Currently, the university is using IPv4, which is expected to run out of available public addresses sometime in 2012, making it impracticable for Duke to grow it allocation of publicly routable IPv4 addresses.  As a result, the university is taking action to ensure continued availability of addresses for the Duke community.

While IPv6 is the only viable long-term solution, its slow adoption has made it difficult to rely upon, Sanjay said.  Despite being in full production since 2006, less than one percent of internet-enabled hosts are currently using IPv6, and many devices in North America are not capable of working with IPv6 addresses, though Sanjay notes that most core routers are IPv6-capable with an operating system upgrade.

After discussing the directions of peer universities, Sanjay shared that Duke has decided to employ private IP networks in order to create the free address space needed as the Duke network grows.  This effort will also help prepare Duke for global interoperability, reduce load on DHCP servers, increase lease times, and enable better reporting, troubleshooting, and monitoring.

Sanjay then presented the migration plans for the move to private IP networking.  Prior to the West-Edens Link (WEL) residence hall wired migration on June 25, he says, Duke issued public IP addresses exclusively.  The ATC Wireless migration took place on July 16; the final ResNet and wireless migrations would take place before the start of fall semester.

Terry asked how this private IP transition would affect, for example, students who previously used static addresses to run web servers on their personal computers.  Sanjay responded that if the service is running on the student’s personal computer and is not using ports 8080 or 443 (for HTTPS), it should not be a problem.  Terry confirmed with Sanjay that traffic to such services would be routed to the appropriate private address.  According to Sanjay, the Fuqua School of Business has been using private IP addresses for some time without problems, but some applications not properly equipped for network address translation may require additional consideration.

DSG representative Michael Ansel asked if it would be possible to provide out-of-network access to a machine on the private address system, as he has previously set up a file server in his campus residence to back up files remotely.  Sanjay responded that this should remain possible as long as the service is operating on standard ports.

Tracy Futhey identified Michael’s question as a key point for communication with regard to the network address privatization.  End users should be aware in advance that their services might be affected, she says, so that they can be in communication with OIT to resolve any problems that may arise.  Tracy also said she would be open to exploring the possibility of maintaining some static addresses for a small percentage of users who can justify a need for one.

DSG representative Mark Elstein asked if Duke had researched where the problems with network address assignment are most serious, suggesting that limiting address assignment in certain areas could delay the need for privatization.  Sanjay responded that this data is available, but as Tracy explained, growth in demand for IP addresses at Duke is far in excess of what could be made available by trimming disproportionate use.

Microsoft System Center Configuration Manager update (Mark McCahill, Laurie Harris)   

Mark McCahill began by introducing Microsoft’s System Center Configuration Manager (SCCM) as a tool to simplify system administration for desktop computers and servers, one that Duke is currently using for operating system deployments and evaluating for other potential uses.

One major advantage to the SCCM, according to Mark, is that the tool is part of Duke’s software agreement with Microsoft, making it freely available for use without additional costs to the university.  Other benefits to using the SCCM include detailed reports of computer installations, and remote and scheduled deployments of applications and patches.  Via the SCCM, administrators can also monitor the progress of their installations remotely.

Mark explained that Duke plans to use the SCCM to provide a centralized systems management service, thus reducing administrative overhead.  The SCCM provides independent, fine-grained control over policies and software installations, and system administrators retain control over machines within their site boundaries, so administrators can take advantage of the OIT infrastructure without sacrificing their current policies.

To give the council a better idea of the hardware requirements, Mark described Duke’s new primary site server setup, which uses VMware and can support up to 25,000 managed nodes.  Rafael Rodriguez commented that he would be interested in using the SCCM and wondered about the scalability of this tool, as 25,000 nodes would be exhausted quickly on the health system end.  Mark responded that additional primary servers could be established in the same infrastructure with additional hardware, but that the SCCM is a database-heavy application and thus the database aspect would be the potential bottleneck in extensibility.  Tracy Futhey asked Mark about the viability of creating an SCCM system that could handle double or triple the current nodes, which Mark responded would be possible with an extra virtual machine and MSSQL database.

Mark then turned the floor over to Laurie Harris, who discussed benefits to using the SCCM.  According to Laurie, the SCCM maximizes Duke’s investment with the Microsoft agreement and decreases operating costs for OIT as well as decentralized IT units such as ZENworks.  It is also highly flexible, allowing control and maintenance at different levels of organization.  Additionally, the SCCM establishes configuration standards, which improves operational efficiency and enhances IT security by encouraging streamlined practices for configuring and managing IT environments.

To illustrate how Duke plans to incorporate SCCM use into current operations, Laurie then demonstrated a project governance chart identifying project sponsor Ginny Cake, service sponsor Amy Brooks, service owner Debbie DeYulia, and service manager Sanjay Rao, as well as two support groups involved.  These groups are comprised of stakeholders in project and service guidance, such as ITAC guest Robbie Foust, and practitioners focused on administration, management, and building common practices.

Laurie explained that Duke is currently implementing the first phase of the SCCM deployment, which has been scheduled between March and August of this year.  This phase aims to remove ZENworks from service management, implement remote desktop and inventory management (as well as OS deployment pieces), and to looking at configuration management and the Quest plugin for managing non-Windows machines.

Early adopters for the June/July time frame included the Divinity School, Financial Services, OIT labs, OIT CDSS, Trinity labs, the library system, and NSOE labs, while August/September adopters will include the Pratt School of Engineering and DHTS Academic Support.  Each of these groups will be provided a two-hour initial consultation and a site evaluation worksheet.  After discussions about client distribution methods and preferences, the team dedicates two days to defining and building collections to get the group up and running.

John Board mentioned that Wes Tatum with the School of Nursing has been instrumental in helping with the SCCM deployment, as Nursing has been using the tool for about five years.  Laurie agreed that Wes has been a great help and hands-on partner since the project’s inception.

Laurie continued to describe the second phase of the SCCM project, which will take place between September and next January. This phase will include implementing server/desktop patch and server management, determining options and cost for implementing energy management capabilities, and continued investigation into options for reducing the number of tools used to support Duke’s cross-platform environment.

The floor was then opened for questions.  Terry asked to what extent use of SCCM committed Duke to future use with Microsoft products.  Mark responded that none of the remote management options take an open standards approach, but says that it is easy enough to use the SCCM to deploy another company’s remote deployment system if Duke ever needed to migrate to a different platform.

Tracy clarified a concern about centrally managed client systems by explaining how the SCCM rebuilds/reimages locally managed operating systems from a remote location, the end result being the same as if an administrator had come on site to perform maintenance while saving the time and resources typically required for that kind of maintenance.  The user is then free to manage the machine as he or she likes.

Ed Gomes commented that the inventory management aspect is also not to be underestimated, as it gives administrators the tools they need to remotely review software installations and manage licenses.

Other Business   

Tracy Futhey announced that this meeting marked the last of Terry Oas’ term as chairman of ITAC.  The council thanked Terry for his insight and leadership over the past year.