Duke ITAC - August 29, 2013 Minutes

ITAC Meeting Minutes

August 29, 2013

Allen Board Room

I.        Announcements

·        Welcome Mark Goodacre as the new chair for ITAC chair

Thank you to Ashutosh Kotwol, the former chair, and other faculty whose terms have ended for their service as well as a welcome to new faculty members.

Congratulations on a successful Campus Infrastructure for Supporting Science and Research Computing workshop organized by Steffen Bass, John Pormann, and others at Duke.

John Pormann is moving into a role in a new research commons activity operated out of the library.

II.      Agenda Items

Network Outage – Bob Johnson

4:10 - 4:25 – International Travel, Richard Biever (5 minute update / 10 minute discussion)

What it is: International travel with Duke devices or data can carry unique risks and require special protections to be implemented.

Why it’s relevant: Planning for safe digital travel involves analyzing the risk versus your business requirements, taking into account the value of the data you carry with you as well as the data and services your accounts can access. Richard Biever, from our IT Security Office will review specific guidelines to keep you informed on best practices to keep your devices and data safe as you travel.

An effort was started to update the guidance for international travel in general, and to start a program of providing loaner tablets in particular cases where a person with access to sensitive data or systems is traveling abroad.  Guidance and approaches include:

  1. Whenever connecting from a non-Duke network, run the VPN (stays active for 8 hours) in order to ensure a secure, encrypted connection
  2. Store as little data as possible on the actual device and utilize remote storage or cloud where possible.
    • Some users may wish to access their files on a shared directory using the File Browser application or similar apps to access files in the Duke network.
    • Users can also use a Box account to view and edit files.  The benefit of using Box is that the files are stored in the cloud rather than on the device itself, and enabling faster access to the files from around the world compared to if the files were being stored only on the Duke campus.
  1. Consider products that enable editing of files from a tablet but using common desktop productivity software (such as Office suite), and for files stored in the cloud (e.g., Box).

Two of the concerns we’re attempting to address with these approaches and tools are 1. If a PC is taken abroad, what kinds of issues will arise with either Malware or being confiscated at the border? 2.  If an OIT-provided storage device is taken abroad and gets stolen, the actual files are stored outside of the device. 

We are attempting to determine how network connectivity affects the ability to access files and what point the files need to be stored locally to ensure productivity.

Another use-case is using a VDI (Virtual Desktop Infrastructure) to provide the end user with a fully featured virtual Windows desktop.  Box files can be accessed and edited.

Another product called PocketCloud can also provide a similar functionality to allow for a remote desktop connection back to a computer at Duke.

The OIT-CDSS team created a help document that includes instructions for how to use each application installed on the tablet for use personalization.

             If one of the loaner devices is lost or stolen, we have the capability to wipe it clean once it comes back online.

4:25 – 5:00 – China Update, James Roberts, Ginny Cake, Bob Johnson (15 min presentation / 20 min discussion)

What is it: Duke and its partners continue to prepare for the launch of Duke Kunshan University.

Why it’s relevant: Jim Roberts serves as one of Duke’s delegates to the DKU Executive Preparation Committee, the governing body appointed to coordinate preparation for the opening of DKU. Jim will provide a brief introductory overview on the status of our application and preparation activities. Ginny Cake and Bob Johnson will provide an update on Global IT, Infrastructure Design and Implementation for Duke’s China campus.

Jim Roberts – The effort is a collaboration of Duke, Wuhan University and the City of Kunshan to create a new private, independent joint venture university:  Duke Kunshan University (DKU) – We hope to begin going public with marketing and recruiting soon, with classes starting in Fall 2014.

Initial program offerings: Master of Management Studies (3 Fuqua short terms in Durham and 2 in China); Master of Science in Global Heath, Master of Science in Medical Physics, and a full credit, Undergraduate Global Studies non-degree program.

Bob Johnson – The LAN network will be built to Cisco best practices and will be fully redundant.

The WAN connectivity will have 2 redundant IP connections.  Using CERNET – Chinese Educational Research Networking (Chinese version of Internet2).  We have brought up a regional data center in Singapore through a partnership with Internet2 and other institutions.

Ginny Cake – Primary Services Goal

We are working to ensure services offered to DKU students and faculty are aligned with the Principles & Expectations for IT that were developed as part of Duke’s application to China’s Ministry of Education.  These called for IT transparency and consistency for faculty, staff and students, and global connectivity for a world-class university.

Service Proposal Highlights

  • Provide vision and strategic guidance
  • Provide an IT Director – that person has been hired and will be reporting to Bob Johnson
  • Identity management services & support and tailoring that to ensure students only have access to things they need, along with a design for a good exit strategy.
  • Deploy security policies, tools & processes to protect DKU and Duke assets
  • Extend Duke’s academic & collaboration tools (Sakai, Email, Calendaring, etc.)
  • Leverage technical expertise and support
  • Monitoring connectivity and infrastructure (storage and security)

Question: How will Duke best mitigate data security exposure risk? There is an encrypted data tunnel, along with layer 2 connectivity to allow us to run VLans, along with monitoring connectivity to watch for malicious network activity.

5:00 - Reception