ITAC Meeting Minutes

January 19, 2012, 4:00-5:30
Allen Board Room

  • Sakai Update (Shawn Miller, Lynne O'Brien, Samantha Earp, Chris Meyer)
  • Tech Expo Report (Matt Royal)
  • Openflow GENI/ORCA (Victor Orlikowsky)
  • EduRoam (Richard Biever, Rob Carter)

Announcements

Julian announced that Samantha is leaving to become managing director of academic technology services at Harvard. Julian complemented Samantha on 13 years of wonderful contribution to Duke University and credited her with dramatic improvements in the academic technology service offerings.

Alvy noted that minutes from September had been distributed and asked for any objections. There were none, the minutes will be posted online.

Sakai

Shawn Miller noted that Sakai is open this semester, and hoping to get between a third and half of faculty to use this tool in spring 2012. So far things are looking good, while hoping for over 500 classes the number is currently close to 800, which is excellent. There is still the possibility for substantial growth over the summer and fall 2012 when Blackboard is decommissioned. Following course migration, blackboard organizational sites will also need to be moved to Sakai in the coming semester. Robert Wolpert asked if Sakai is the best place to move organizational sites. Shawn responded that not necessarily, while some will move nicely to Sakai project sites, there are also other tools such as Wordpress, Sharepoint, Duke Wiki, and other good alternatives. Many of these alternatives did not exist when Blackboard was initially being used at Duke.

Lynne mentioned that CIT considered reaching out to every organization site owner to consult on this, but that many of them are abandoned, and in other cases it's not clear as to who is the owner or decision making authority for each. So the main concern at this point will be to migrate automatically and preserve content, and those which are being activity managed can choose other tools if desired.

Shawn noted that there have been bug fixes and standard issues along the way but the two major issues for Sakai at Duke were an outage in Fall 2011 and issues during Mark Goodacre's large final. This event highlighted some issues with the Sakai testing tool. After working with Mark and his students, it was determined that attempts to access older exams in additional browser windows while keeping the current exam open in another caused data discrepancy errors. One solution to this issue is providing better guidelines to students and faculty before exam taking. Some of these warnings may be put into Sakai itself. Some students also claimed they had issues with the timer, which is being investigated further this semester.

Alvy noted that Sakai appears to view as a feature rather than a bug the lack of need to maintain state among multiple exams that are opened from within multiple windows/tabs/browsers.  This is broadly considered to be problematic to faculty when the goal is to administer the equivalent of an "open book" exam online.

Mark noted that more rigorous testing by the vendor may be called for, and indicated that as a result of uncovering this behavior in Sakai, he is likely to scale back some of his planned uses to focus on simpler tasks rather than complex ones that may push the envelop or expose under-tested features.

Tech Expo

Matt Royal started by sharing that Tech Expo began in 2007 as a joint initiative where IT staff would be brought together to share expertise, collaborate, and learn from one another. We often do this externally in our jobs, but rarely internally. As the event has developed over the years, it has been tremendously successful and a valuable educational opportunity for Duke's IT professionals. The planning committee this year had representatives from DHTS, IGSP, OIT, Trinity Technology Services, and featured Ginny Cake as executive sponsor. Approximately 450 people, 58% university, 42% DUMC attended the event. In addition, there were 32 vendor participants.

Tech Expo includes technology demonstrations, vendor exhibits, and a key note. This year we had talks on system administration, web programming, security, project management, data sharing, and trends analysis. Evaluations from the event are still being received. 98% have said they will attend future Tech Expo events. 67% said they gained contacts or information, which will be helpful in performing their job. Molly Tamarkin asked how people find out about Tech Expo. Matt replied that emails are sent to major Duke IT mailing lists, CLAC and CLIF. DHTS staff received a notification on an internal list. There is also a Tech Expo twitter account, emails to past attendees, and largely word of mouth.

OpenFlow GENI/ORCA

Victor Orlikowski began by sharing that Jeff Chase and RENCI had recently received funding for a project called ExoGENI, which stands for Global Experimental Network Initiative. The proposal is intended to setup a new network test bed using our control framework to allow private clouds local to the university. We already have a number of pieces of software, but they usually involve a separate authentication scheme or cannot cross universities. ExoGENI grants the ability to more easily partner with other universities.

The intention is to essentially enable virtual computing resources. This is similar to VLAN except now we can use the OpenFlow protocol and controller software. This allows us to put policy in place by network administrators at given sites, and delegate portions of flow and live network for researchers to do something outside of normal permissions. Any number of controllers can be proxied through FlowVisor. Rules are placed into the flow table via OpenFlow protocol, via FlowVisor, and any number of additional controllers that it proxies on behalf of. A network administrator can have live traffic for their university as a whole, which is production traffic. We are currently working on an authorization method to allow the cross university scenario to be properly handled. An IT staff member should be able to allow 10% of the bandwidth on a particular switch to test x, y, and z. Traffic can then be controlled with the OpenFlow controller based on how the servers are performing. John Board pointed out that a number of vendors are currently working on OpenFlow switches. Victor responded that IBM is providing the current switch, and it is a production product. A number of other vendors are working on pre-production OpenFlow capable switches.

Alvy summarized that this project is aimed at allowing people to do volatile testing without risk of bringing down the production network. Victor said that is correct. As we gain capabilities on various switches, we would like to be able to edit links between nodes, ensuring that we have a circuit with at least a certain amount of bandwidth and or latency. Isolation is currently provided, but not assurance beyond that.

Victor demonstrated the ability to quickly bring up a dedicated circuit with another university, a process that would otherwise be time consuming to provision and would involve multiple system administrators at the different universities.  If you were to make this request in a conventional manner, best case scenario, you've been granted access to a VM at both sites, someone has agreed to give you network bandwidth between UNC and Duke, and then work to create these links begins and probably spans several days or longer. Using OpenFlow, these agreements are already in place and arranged and the circuits are provisioned (nearly) real time.

EduRoam

Rob carter explained that Eduroam is essentially a WiFi federation based on generic standards like 802.11 and 802.1x for authentication. It is specifically designed for higher-ed by higher-ed and currently spans four continents. EduRoam started in Europe, one of the most concentrated areas for higher education institutions and users. It is frequent in Europe to travel between countries. It then caught on in Canada, and eventually the US, Australia, and the Pacific Rim.

Participating sites set up wireless zones named "eduroam" and bring up RADIUS servers to authenticate users. Sites arrange to forward foreign requests to regional hub sites that are trusted by participants and forward requests along. Users can authenticate using credentials from their home sites, no matter where in the federation they are.

Is it safe? Yes, each site has 802.1x wifi with WPA2 encryption. Intra and inter-site traffic are done across SSL and fully encrypted. Credentials, passwords in particular, are opaque to intermediate sites and sent in encrypted packets. Sites and hubs cross validate using shared secrets.

EduRoam is available on Windows, Windows Mobile, OSX, iOS and Android.

Why use EduRoam versus a guest network or such? The reasons are security, higher education only, and federated communication which alleviates worry about creating authentications. Ease of use is another factor. With EduRoam the zone is essentially the same everywhere, so configure once at home and use anywhere.

How is Duke involved? Duke is officially an EduRoam member with full peering and reciprocity. EduRoam SSID is broadcast in ATC, Allen, and most of the academic Quad. The rest of campus will follow the week of January 30th. Duke users can use their NetID to access EduRoam at thousands of location world-wide. Victor asked if someone from, say, UNC came to Duke, used EduRoam, and does something unsavory. Rob responded that part of the EduRoam agreement is that records will be kept for six months. The understanding around the reciprocal agreement is that because the home RADIUS server is doing the actual authentication, it's not the host universities responsibility to have that authentication information. Richard responded that in DMCA requirements, all we're responsible for is passing information on to the home institution.

www.eduroamus.org(link is external) for more information