Duke ITAC - August 18, 2011 Minutes

Duke ITAC - August 18, 2011 Minutes

ITAC Meeting Minutes
August 18, 2011, 4:00-5:30
Allen Board Room 

  • Announcements
  • Campus fiber redundancy and IPv6 directions (Bob Johnson)
  • Exchange 2010 migration update (Eric Johnson, Mark McCahil)
  • Common Solutions Group/Ivy Plus meeting update (John Board, Mark McCahill, Eric Johnson)
  • Gig.U initiative (Tracy Futhey, Kevin Davis)
  • Other business 

Announcements

Molly Tamarkin shared that Duke Libraries recently received a gift of 13.6M to complete renovations. This gift represents the largest gift in the Library's history.  

 

Campus Fiber Redundancy and IPv6 Direction
(Bob Johnson, John Board)

Bob began by sharing details on two fiber cuts that took place during the summer of 2011. The first occurred on June 23rd, 2011 at the site of the new Duke Medicine School of Learning. This cut was fairly disruptive on the medical center network, heavily affecting PRMO. On August 2nd, 2011 another incident impacted the university network directly. Connectivity was lost at the North Building data center and a variety of other sites on northwest campus. As many as 12,000 phones had to re-route to a secondary server and the Fel, Phytotron and GSRB buildings were down for roughly an entire day.

Since the cuts, Facilities Management has instituted a new process for excavation on campus. Highlights of the process are new permit requirements before digging, risk mitigation forms, identification of high-risk zones, and training for Duke and its contractors. Despite process improvements, it is unrealistic to expect fiber cuts to be eliminated entirely, Bob said. Duke's network must be able to adapt and become more redundant in order to continue providing connectivity during future accidents. New fiber path IDs and routers use physically separate paths, and crucial servers have been reviewed to ensure network redundancy. While buildings on the edge of campus have electronic redundancy, most do not have path redundancy. Bob's group is working to identify these areas of risk and determine whether or not the cost of separate physical paths is justified.

John Board noted that some of the conduit at Duke is up to 25 years old, and is nearing the end of its expected lifespan. He asked if Duke needed to be thinking about replacement regardless of accidental damage. Bob replied that some pre-existing damage to conduits had been discovered over the years, but nothing concerning at this point.

Robert Wolpert asked whether or not we should be using these opportunities to focus on establishing greater connectivity over the next decade. Bob responded that Duke is already digging paths when possible, and should focus on growing the core when the opportunity co-exists with other projects, but that these types of infrastructure improvements are incredibly expensive. The benefits need to be weighed against the priority of other projects before we run cable in every ditch that gets dug.

Tracy Futhey asked Bob to discuss the impact of Duke University and Medicine operating on separate network infrastructures. Bob replied that while this separation is often discussed in a negative light, there are positive aspects as well. The separate networks provide the possibility of offering redundancy to each other.

John Board presented on Duke's IPv6 preparation, and shared that the IPv6 Futures Forum event held earlier in the summer had roughly 70 IT staff in attendance. Shortly afterwards on World IPv6 Day, Duke successfully performed a proof of concept showing network readiness. While the need to switch is not yet urgent, Duke has been buying IPv6 ready equipment for years in preparation for the future. John also noted that Duke seems to running out of IPv4 address space faster than many peer institutions. Decades ago when IPv4 blocks were initially assigned, they were considered infinitely large. Today's device usage however, is proving otherwise.

IPv6 address blocks are substantially larger than IPv4 blocks, and a /48 block for Duke works out to roughly 1.2*10^24 addresses. At this time http://www.duke.edu and http://www.oit.duke.edu have already been cloned and shown to work with IPv6. Bob noted that while there is a growing shortage of IPv4 address space, and increasing preparedness for IPv6, there is no pressing need to rush. Duke is well ahead of the federal government's mandate of July 2014 for IPv6 readiness.

Robert Wolpert asked if Duke still has routers that are not IPv6 capable at this point. Bob replied that it is likely we do, but not within OIT on the core network. He also noted that the NetReg system will need to be re-written to be compatible with IPv6, which presents an opportunity to update what is now a relatively old system. Tracy pointed out that the issues of fiber redundancy and other similar projects are more pressing currently, but assured the council that Duke will be prepared for IPv6 when the time comes.

 

Exchange 2010 Migration Update
(Mark McCahill, Eric Johnson)

Mark began by noting that this would be the final Exchange 2010 migration update, as the process is now complete. Exchange 2010 was chosen because of substantially better Outlook Web Access support, greater storage efficiency, and decreased disk I/O requirements from Exchange 2007. These efficiencies present the possibility of larger mailbox quotas, decreased storage spending, and support for federated exchange calendars. The latter could allow future sharing of calendars with external institutions, DHTS, and the cloud based Office 365 service. Mark noted that there is no such thing as an upgrade from Exchange 2007 to 2010, both instances must be run in parallel and data copied from one to the other in order to migrate. This process began with OIT employees, and was followed shortly after by the Duke Police Department and School of Law. After successfully migrating and troubleshooting these smaller groups, additional groups were migrated on July 22nd, 2011.

Migration consisted of 12,939 mailboxes and 4.31TB of mail. It was completed on August 12th, 2011 with minimal problems encountered. An unexpected timeout setting on the F5 load balancers temporarily impeded the move of mailboxes and was quickly resolved through a settings change. A more substantial problem was encountered with Exchange 2010's ability to backup mail to a fully redundant private mailbox replication network. This issue was able to be resolved without any visible impact to users.

Tracy noted that a touted benefit of Exchange 2007 was its high level of redundancy, yet in the last year we had experienced two periods of time where Exchange was unavailable. Through the process of migrating to Exchange 2010 we have become better able to understand the complexity of this system, and while Exchange itself may be redundant, there are external factors at play, which we were less prepared to resolve in the past. Mark agreed and pointed out that increased redundancy comes at the cost of greater complexity.

Wayne Miller asked if various options for junk-mail handling had been investigated further. Mark explained that the spam detector in Exchange 2010 is capable of marking mail it identifies as extremely safe, in a manner that prevents mail clients from marking it as spam. Wayne expressed that he would like the client software to be capable of marking mail as spam regardless of the server's opinion. Mark responded that we are still investigating how to allow this without disabling the server's ability to mark mail as extremely safe. Doing so would cause false positives for the majority of users, who's clients are not configured this way.

Terry Oas asked if graduate students had moved to Exchange. Mark responded that this would depend on their department. Law and Fuqua graduate students have Exchange accounts already. Molly Tamarkin extended congratulations on such a large-scale upgrade being completed on time and with minimal customer impact.

 

CSG & IVY+ Update
(Eric Johnson, John Board, Mark McCahill)

Attending the IVY+ conference earlier in the year, Eric found that peer institutions seem to be facing issues highly similar to our own. Working towards the virtualization of servers and storage was a common theme. Eric also said that there was a large amount of discussion regarding data center and space concerns, which Duke has already begun to address. From the Common Solutions Group, Mark noted that security and desktop support were heavily covered topics.

Roughly one third of schools in attendance were using sensitive data scanning tools, searching for exposed social security and credit card numbers. Some schools have been using this data to identify folks who may need additional training. Mark said that a particularly interesting tool called Fire Eye is being used at the University of Virginia. The tool performs behavioral analysis of machines, and identifies those acting abnormally against their own trends.

Mark said that the University of Iowa is managing as many as 12,000 workstations in Microsoft's System Center Configuration Manager (SCCM) through a distributed support model with central backing. Similar to Duke's findings, there does not seem to be a good solution for Apple OSX clients in SCCM at any peer institutions. A few schools are experimenting with virtualized administrative desktops for administrative use. Mark feels this could be an interesting possibility for Duke with regard to increasing global expansion. This would likely involve using VMWare View rather than our existing open source VCL solution. 

John Board reported that many schools were working on event oriented mobile applications, providing the ability to use GPS to locate participants and points of interest. He also noted that Stanford has been able to remotely configure iOS and Blackberry devices for mail and remote wipes. In order to use even a personal mobile device on the Stanford network, users must provide the school with authority to wipe the device if a password is entered incorrectly 10 times. Princeton expressed the opinion that the creation of mobile applications is not the difficult task at hand, but getting institutional data in an accessible format. If data such as building locations, classrooms, schedules, tours, dining menus, and more could be provided in XML format, it would enable much greater development.

In the area of research computing, John reported that it seems increasingly common across all institutions that provost office funding is decreasing or being eliminated. Condominium models like that at Duke are becoming more popular. A problem regularly faced by those publishing papers and journal articles today is author ambiguity, particularly among those with relatively common names, and those who have changed names. The ORCID project (http://orcid.org/), aims to work around author ambiguity issues by adding a second level of identification. 

John said that greater than 50% of CSG schools reported having 5 or more active distance learning programs. The majority of which are offered internally rather than through an external partner. Private institutions were far more likely to be working with external partners, and also more likely to share revenue when using external vendors where most state schools reported operating on a fee for service basis. There is a common hesitance by both private and public institutions with regard to using for-profit vendors.

The 2011 CSG meeting took place amidst an interesting battle in Wisconsin legislature over the allowance of private academic networking. By the end of the CSG meeting, a compromise had been reached; a two-year reprieve in which the providers of private academic networks in Wisconsin must prove that their networks are not creating unfair competition with local telecommunications businesses. Tracy noted that CIO's from across the country reached out to offer their support in Wisconsin. She also said that MCNC, the provider of North Carolina's academic network, has partnered with and worked closely to include local corporate telecom companies over the years, including in the recent grant proposals for federal funds to extend the NC academic network.

 

Gig.U
(Kevin Davis, Tracy Futhey)

Kevin Davis presented on the Gig.U initiative (http://www.gig-u.org/), a project seeking to accelerate the deployment of ultra high-speed networks to leading U.S. universities and their surrounding communities. Kevin emphasized that Gig.U is not about competing with corporate telecom providers, but looking for opportunity for those companies to partner with their local communities and universities. The United States is quickly falling behind on national broadband performance. Many countries are investing in next generation infrastructure at a substantially higher rate, while the market driven US telecom corporations see no compelling use case proving demand for improved services.

University communities are the home for entrepreneurship and innovation. Students, faculty, and staff congregate in these communities, both on and off campus, and demand higher connectivity speeds to do so. Tracy clarified that this initiative is not seeking investment from university communities, but leveraging the geographical location of universities as a test bed to pursue these ideas. She also believes that non-traditional providers may become large players in such an initiative. Providers of cloud services such as Amazon, Apple, and Google have a vested interest in improving connectivity for their current and potential future customers.