Duke ITAC - September 30, 2010 Minutes
Duke ITAC - September 30, 2010 Minutes
September 30, 2010, 4:00-5:30
RENCI Engagement Center
- New DukeCapture (Panopto) system background and demo (Samantha Earp, Steve Toback)
- Backup and Data Storage Roadmap (Eric Johnson)
- Device Encryption Project and SEI Policies in Duke Health (Craig Barber, DHTS)
Alvy Lebeck called the meeting to order and opened the floor to announcements.
CIO Tracy Futhey announced that Microsoft Chief Research and Strategy Officer Craig Mundie would be on campus October 5th for an open session at 4 o’clock at the Fuqua School of Business. Following this announcement was a brief discussion about a recent study conducted by Duke, Penn State, and Intel Labs that has been gaining a lot of attention for exposing information leaks in mobile applications.
New DukeCapture (Panopto) system background and demo (Samantha Earp, Steve Toback)
Samantha Earp began the presentation with a recapitulation of the impetus and purpose for the DukeCapture evaluation committee, which has been working since 2009 to select an enterprise lecture and event recording/transcoding platform that will expand Duke’s digital presence while satisfying a majority of needs expressed by Duke educators. The 30-person, 18-department committee was convened to select a replacement for Duke’s current lecture capture software, Samantha explained, when the product was discontinued in 2008.
According to Samantha, numerous working groups met throughout 2009 to evaluate lecture capture software offered by 8 vendors against 54 different criteria. The group favorite, Panopto, was selected early in 2010 for its ease of usability, cost-effectiveness, flexibility, mobile recording functionality, and innovative features such as interactive note taking.
Following this fall’s deployment, Samantha explained, Panopto has been used for 75 courses and events across 13 schools/departments in 8 campus venues, accounting for 668 recordings that have been accessed 3221 times as of the presentation. Although all the core features of Lectopia are available through Panopto, Samantha noted that Lectopia would continue to be available for the next two years.
Steve Toback then provided a functional demonstration of Panopto, explaining that the team is very excited about the idea of expanding lecture capture at Duke to allow for recordings outside of the classroom. Showing clients for both Macs and Windows machines, he demonstrated the process of capturing lecture data from a personal computer to be uploaded for viewing. These clients allow for audio/video recording via webcams and microphones and simultaneous screen capture and/or presentation indexing. In addition, the Windows client supports multiple video sources and a full-screen viewing feature. According to Steve, the lecture will automatically start uploading upon completion of the recording unless instructed not to.
Terry Oas commented that he has been recording lectures using Camtasia, which provides important editing functionality not available with Lectopia. Steve shared that later this year the DukeCapture team will be rolling out a new version of Panopto that will include a basic editor for removing undesired footage from recorded lectures.
Steve then showed a sample recording, which included an index/table of contents, thumbnails of slides, and a search interface to help a viewer jump to a certain part of the lecture and associate notes with particular segments. DSG representative Mark Elstein asked if the service featured NetID authentication. Steve explained that it was fully integrated with Shibboleth, but users without a NetID could theoretically also be granted access to the service, if desired.
In response to a question from Terry Oas, Steve offered that while 2x playback was not a standard feature of Panopto, this functionality is available via Windows Media Player.
Ed Gomes commented that he would be very interested to hear which classrooms could benefit most from built-in lecture capture tools such as ceiling microphones, and Tracy Futhey spoke to the economical and logistical advantages of centralizing core infrastructure for DukeCapture while allowing individual schools and departments to evaluate individual needs for edge equipment such as actual capture devices, lighting and microphones.
A discussion ensued regarding the possibility of making DukeCapture available to students. With enough interest in this expansion, Samantha would recommend a pilot study to examine student needs for the service. Terry Oas suggested that graduate students, many of whom assist in course instruction for undergraduates, could make excellent candidates for such a pilot.
David Richardson asked about frame rates and retention of Lectopia lectures once only Panopto is available. Steve responded that the video frame rate for Panopto is 15 frames per second, and Samantha explained that lectures would be kept for four years, as is the standard with Blackboard content. Once Lectopia is decommissioned, any necessary lectures will be brought over to the Panopto instance
Terry Oas brought up some issues with whiteboard glare in Lectopia and general challenges surrounding video lecture capture. Ed Gomes explained that his group has been working on solving these problems through experiments with lighting, marker color, and multiple cameras. Ed mentioned that students would currently have to select which camera they choose to view based on where the professor has, but motion detection might be a possibility for the future. He also has test recordings, which he’d be happy to share.
Backup and Data Storage Roadmap (Eric Johnson)
Eric Johnson began with an overview of Duke’s two-tiered SAN storage solution. Tier 1 applications include SAP, Mainframe, SISS, Time and Attendance, and OIT-ADS applications; this high-end storage solution is hosted by EMC Corporation’s synchronous Symmetrix Remote Data Facility (SRDF) with Oracle Data Guard across two campus data centers.
Tier 2 applications, Eric continued, include all other campus hosting. Tier 2 hosting is split into “gold”, “silver”, and “bronze” plans, in addition to providing Exchange hosting. This tier is comprised of Fiber Channel and SATA drives and uses EMC MirrorView for Storage Area Network (SAN) architecture. Eric discussed the cost for each of the hosting plans per gigabyte per year, as well as the differences in speed and redundancy between the plans.
Eric then showed a graph of the SAN/NAS storage distribution and capacity expectations for the near future. Due to growing media file and departmental storage needs, NAS and SATA requirements are expected to grow, requiring additional capacity and an additional array. “Gold” and “silver” plans are expecting more moderate growth and little supplementation in the near future, if any. Eric explained that Exchange requirements would need to be continually monitored as the Exchange 2010 evaluation is completed, but that the HP EVA8100 disk array currently being used for Exchange hosting will be up for refresh within the year, as well as the EMC CX3-40 array and both Tier 1 EMC DMX storage arrays.
Finally, Eric explained Duke’s backup system, which employs IBM’s Tivoli Storage Manager (TSM). The TSM environment is fed by nightly server backups and NAS, which are processed through a 60-terabyte disk cache pool and backed up both on- and off-site. Recent analysis has shown growth in storage space in every tracked area except AFS, which Eric explained was recently optimized to make more efficient use of disk space. According to Eric, Duke now has almost 800 terabytes in backed up data.
Molly Tamarkin noted that the library system researched many storage options for their digital collections and found Eric’s group to be the best value.
Device Encryption Project and SEI Policies in Duke Health (Craig Barber, DHTS)
Craig Barber joined ITAC from DHTS to talk about a recent computer encryption project taken on by the hospital system. With increasingly stringent HIPAA regulations, DHTS wanted to protect sensitive electronic information by implementing a standard process for maintaining whole disk encryption on mobile workstations. Six teams were assembled for this effort: an executive steering team, responsible for strategy and policies for workstation encryption, a project steering team, responsible for tactical decisions and co-chaired by IBM and Duke project managers, as well as four work teams (communication, architecture design, service desk support, and work station support).
According to Craig, the program was piloted at Duke Raleigh Hospital, Duke Primary Care, and for incoming medical and PA students. The pilot concluded on June 30th and official deployments began July 1st. As of September 28th, 1,088 laptops had been encrypted by the School of Medicine and School of Nursing, and 1,025 laptops had been encrypted by DUHS, for a total of 2,113 laptops. The project is set to be complete by March 31st, 2011, with 7,500 DUHS and SoM laptops.
The process for implementing encryption, explained Craig, involves a project steering team sponsor approaching the target department/unit to establish an implementation schedule based on other ongoing IT initiatives and overall project timeline. Once the encryption process is complete, the department/unit submits an inventory of encrypted laptops that is then verified by checking the inventory against the PGP Universal Server. After this verification is complete, the business manager or director of the group is then asked to sign a completion report to acknowledge that all current laptops under their group are encrypted and encryption of laptops will be ongoing for any laptops acquired or purchased in the future.
Craig then demonstrated the PGP desktop clients for Mac and Windows machines and discussed additional services offered by the project teams, including monthly technical training sessions, data backup, and pre-encryption checklists. According to Craig, encrypting a 100-gigabyte drive takes about 4 hours, and the process can run in the background while laptop is in use. The overall failure rate of drives during encryption is approximately 3%, but no data has been lost during this initiative.
Craig then took some questions. Terry Oas asked about the probability of data on desktop computers being compromised due to theft or other reasons. Rafael Rodriguez commented that there is still some risk associated with non-mobile workstations, but that these machines were not the top priority for encryption. Rafael also noted that DUHS makes encrypted thumb drives available for those transporting information from stationary workstations.
CIO Tracy Futhey asked about the licensing details. According to Rafael and Craig, DUHS has initially purchased enough licenses for all health system users who carry laptops. Any of these users who also have desktop computers may encrypt those on the same license.
Molly Tamarkin asked why two IBM resources were needed for this deployment. Craig responded that one of the factors in selecting IBM to support this effort was that the company has deployed this technology to some 300,000 of their own laptops, but as Rafael offered, the need for two IBM resources was rooted more in time constraints for the project rather than size of deploy.