Duke ITAC - March 13, 2014 Minutes

Duke ITAC - March 13, 2014 Minutes

ITAC Meeting Minutes
March 13, 2014 Minutes

I. Announcements

Multi-factor authentication – Effective immediately more controls are being put into place surrounding direct deposit. Since Dr. Trask’s email was distributed on 5-12, another 2,200 people have enrolled in multi-factor and the numbers continue to rise.  However, another Phish email was sent today to about 700 users and at least 5 have clicked on it.

  • A note on multi-factor authentication:  For people who put their user id and password into their key chains, as soon as multi-factor is enabled in a Safari browser on a Mac machine, Safari fails and creates an infinite loop disallowing logins.  The only fix seems to be to remove the login information from the key chain in web preferences.  

II. Agenda Items

4:05 - 4:25 – DKU Update,  Bob Johnson (10 minute presentation, 10 minute discussion)

What it is:  Duke and its partners continue to prepare for the launch of Duke Kunshan University.

Why it’s relevant:  Ginny Cake and Bob Johnson will provide an update on Global IT, Infrastructure Design and Implementation for Duke’s China campus.

  • One week from today will mark 5 months until student orientation on the DKU campus
  • The IT principles and expectations have been centered around collaboration, privacy and security, along with deploying cost effective tactics for providing broadband networking technology.  The local area network will primarily consist of 802.11 AC capable Wi-Fi, where high speed wired bandwidth will be utilized where required.  We are expecting gigabit speeds through the access points with full coverage in the outside areas through Duke’s private, layered network – including a visitor layer for the Chinese public. Wide area network connectivity (how we connect to DKU) will be provided through a partnership between Internet 2 (a 10 GB link between Beijing and Los Angeles) and CERNET (China’s version of Internet 2) within China.
  • The site has a variety of spaces to allow for flexible learning including collaboration spaces, classrooms, a large auditorium, and team rooms similar to those on Duke’s main campus.
  • Tools, systems and software will be provided through a service agreement with Duke OIT.  Most of the tools in use on Duke’s main campus will be available in China, including library resources.
    • Question: Are there any software applications that cannot be offered?  MatLab.  However, there appears to be more difficulty procuring software.  We were hoping to utilize Duke’s existing licensing agreements, but have discovered they must be procured in China. There is also some work being done surrounding which, when and how some of the library databases will be made available or re-licensed.
    • Duke OIT will provide back-end 24 x 7 support through the Service Operations Center (SOC).  We are currently defining Service Level Agreements to ensure scheduled outages, patching, backups etc. are not overly impactful to the delivery of applications and services in China.
    • IT Security is of vast importance and we’ve adopted a strategy to ensure the safety and security of data being passed between DKU, the Singapore data center, and Duke proper.
      • Everything from China into DKU will take place behind a firewall, with all data moving between the sites encrypted, along with Intrusion Protection Systems (IPSs) between each site.
      • Question: How many students are expected for the first academic year that are not Duke students? Some existing Duke undergraduate students will participate in the study abroad program, along with.  We are estimating 70% Chinese students and 30% international in the undergraduate program.  The graduate programs will consist of a few US students, with others from Thailand, Malaysia, a couple of African students.
      • Question: How many students will be in attendance? The first year goal is approximately 70 graduate students and 50 semester undergraduates.
      • Question: Every Duke student receives a netid.  Will there be DKU-specific netids that only work on DKU systems, but cannot access netid systems on the main campus? Will existing main campus Duke netids work for DKU systems?  No campus-specific netids will be required.  DKU students will get assigned attributes in idM to identify them.
      • Question: What kind of IT A/V people will be on the ground there?  There will be 2 generalists on the ground for the first semester, with access to immediate outsourced assistance through Dimension Data.

 4:25 - 4:40 – Data Center In a Rack, Charley Kneifel, Bob Johnson (10 minute presentation, 5 minute discussion)

What it is:  Recently, OIT teams were tasked with collaboratively building a transportable data center for the Duke Kunshan University campus.

Why it’s relevant:  This “data center in a rack” holds the necessary infrastructure pieces to technically support the entire DKU campus, including storage, VMware hosts, intrusion prevention and detection systems, switch firewall router, and out of band management. The one-ton rack was shipped to Singapore where it was hooked up and tested to ensure that it had safely made the journey from the U.S.

  • We were asked to determine how much infrastructure needed to be deployed to support provisioning of Identity Management directories, web sites, learning, management support, applications, and any content into the DKU campus.  We had to decide which services would be delivered in-county (subject to rules of China) versus outside of China to have better control of the services and intellectual property.  One of the questions was where should this data center be located?  Singapore is significantly closer to DKU than Durham with a 90 ms data transfer speed between DKU and Singapore versus roughly 260-280 ms from DKU to Durham.  Question: Is that 90 ms the equivalent from going from here to California? On the current campus networks in the US, it’s more like 40 ms to the west coast on a clear day.  Question: Are we dependent on the politically stability of Singapore indefinitely? Yes, as well as that of China.
  • We were given a rack full of space in the Singapore data center and had to decide how best to provision to provide the most amount of flexibility for the future.  We utilized the VNX unified storage platforms from EMC and the Unified Computing System (UCS) from  Cisco in our current production environment, giving us the ability to put 10 blades in one rack, leaving space for future expansion.  We included our current security structure (Intrusion Detection Systems, along with the console network VPN terminations.
  • determine A 48 U rack was built in the ATC lab environment.   Documentation was also provided.
  • Question: Are all the services for DKU going to reside in that rack?

4:40 - 4:55 – O365 Update, Charley Kneifel - (5 minute presentation, 10 minute discussion)

What it is: Office365 is a cloud-based email service that will better meet the needs of the students, faculty and staff across the university and health system.

Why it’s relevant: We will provide an update on the pilot for OIT, student implementation and the proposed schedule for completion of this implementation across campus and the health system. 

  • DCRI moved 1150 users
  • Law is complete
  • Approximately 2200 people have been migrated to date.
  • What changes for the end user? The campus has Exchange and Sunmail.  O365 supports both imac and exchange.  However, it has restrictions
  • Is Microsoft responsive when we point out things that do not work? Sometimes
  • Is there a limit on the amount for storage for users? 50GB

 4:55 - 5:15 – CSG Update, John Board, Charley Kneifel, Mark McCahill (15 minute presentation, 5 minute discussion)

What it is:  The Common Solutions Group works by inviting a small set of research universities to participate regularly in meetings and project work. These universities are the CSG members; they are characterized by strategic technical vision, strong leadership, and the ability and willingness to adopt common solutions on their campuses.

Why it’s relevant:  CSG meetings comprise leading technical and senior administrative staff from its members, and they are organized to encourage detailed, interactive discussions of strategic technical and policy issues affecting research-university IT across time. We would like to share our experiences from the recent January 2014 meetings.

  • Digital Campus: The question was asked was “What is a Chief Digital Officer?” 
  • Media Amp – Rationalizing their digital production service.  They have phi-enabled access (recording)
  • Is there any thought of federated sharing among the CSG?
  • The last session was about innovation:  The things Duke is doing with co-lab was well received
  • The Stanford. (recording)
  • Enterprise architecture reports – different reviews are challenging – (recording)
  • Collaboration Tools – It is difficult to develop one-site

 5:15 - 5:30 – Other Topics

  • Box Update: In late January we disconnected from the process and began looking at other options, one of them being ShareFile.  Was on-premise use of storage a consideration with ShareFile?  Yes, but the pricing is still an issue.