Duke ITAC - May 21, 2015 Minutes

Duke ITAC - May 21, 2015 Minutes

ITAC
 
Meeting Minutes
 
I.      Announcements
None
 
II.     Agenda Items
4:05-4:20 – DKU Update, James Dobbins, Bob Johnson (10 minute presentation, 5 minute discussion)
 
What it is:  DKU, Duke’s new joint venture university in China, has opened to students and faculty.    
 
Why it’s relevant: James will provide a brief overview of the current major DKU components, along with a Phase II planning update.  Bob Johnson will provide an update on DKU campus readiness including infrastructure and campus services. 
 
DKU Phase I Update (DKU pictures Appendix A):  
  • We currently have 3 masters programs: Master of Science in Medical Physics, Master of Science in Global Health and Master of Management Studies (MMS).  An International Masters in Environmental Policy program is in the review process.  We also have an undergraduate study abroad program which includes Global Learning Semester (GLS) and International Summer Program (ISP). 
  • Buildings are largely complete.  The Faculty has moved into apartments, and students are moving into dorms over the summer.  Classes are being held in the Academic Building.
  • The first MMS graduation was held on May 20th.
  • Initiatives are underway to address challenges around:   IT staffing recruitment (greatest challenge), service delivery (ePrint and other IT services), A/V support sourcing and internet/WAN improvements (Direct Fiber, IPv6 slated for July implementation).  The number one priority is making sure Faculty has the support it needs. 
 
DKU Phase II Update:  We are targeting fall of 2018 to offer a 4 year research-inflected liberal arts undergraduate curriculum.  We are hoping to add another 2,000 undergraduate students, 500 graduate students and hire an additional 200 faculty within the next 3 to 4 years.  Marketing initiatives are underway to promote interest and to build brand recognition in DKU both in China and abroad.
 
Questions and Comments:
(Q) Is Phase II intended to be a full 4 year undergraduate experience at DKU or partially at DKU and somewhere like Duke?  (A) It is intended to be a full 4 year experience.  However, we are considering ways to have some students come to the Durham campus for at least a semester.  It would be a Duke degree although students would have been accepted by applying to DKU.
 
(Q) Have you identified any infrastructure strains that might need to be addressed in the next couple of years?  (A) Adding more facilities to house and educate more students is most challenging.  There is a lot more work necessary over the next 3 to 4 years. 
 
(Q) Will the curriculum fit with the Duke Arts and Sciences curriculum or a different curriculum?  (A) Arts and Sciences would be the body giving input.  Faculty in Arts and Sciences has given preliminary input on the curriculum.
 
(Q) It has been difficult to recruit faculty for Kunshan.  Is it also difficult to recruit students?  (A) It is harder to recruit students to Kunshan than to Shanghai; however, we are hoping it will improve over time since it was Kunshan’s first year.
 
4:20- 4:35 – Monthly Global IT Awareness, Kevin Davis, Jeannine Sato - Mobile Devices Follow-Up (10 minute presentation, 5 minute discussion)
What it is:  OIT has created a monthly awareness campaign in an effort to inform Duke students, faculty and staff of IT services and tips for productive and security technology while traveling. Improving awareness of Duke IT services is a key activity to improve the IT experience for travelers.
 
Why it’s relevant: We will provide an overview of the planned topics for each month and take a deep dive into the first two topics. Going forward, we will highlight one topic each month at ITAC.
 
Global IT Awareness for Cell Phones:  OIT is increasing Global IT awareness around cell phones. There is a new OIT site for Global Tech Tips (http://oit.duke.edu/comp-print/traveltips/) that has recommendations for generic and country-by-country cell phone use.  Information has also been distributed via normal channels of communication such as DukeToday (https://today.duke.edu/2015/05/cellphonecharges), Extended Staff, Working@Duke and social media (Twitter Tweets and Retweets greatly increased exposure).
 
Some specific advice for travel includes:  Encrypting devices to protect Duke data and personal privacy, talking to local IT support before traveling and using fingerprint protection, passcodes and Android security settings.
 
Questions and Comments:
(Q) What is the biggest impediment to encrypting devices?  (A) Encryption is really easy, and it is widely known that it is a good idea; however, people might think encrypting is more complex than the actual experience.
 
(Q) Do you make it very clear how to encrypt?  Could we have a campaign to tell people that it is not complex?  (C) Some may want the encryption done for them.  They would need to know where to get support
 
(C) Suggestions to improve the use of encryption include: getting the message out early perhaps in February or March to prepare for summer travel, making it an annual campaign like changing the batteries in smoke detectors and targeting everyone not just travelers. 
 
(C) Backup drives and USB/thumb drives were mentioned as possible security gaps.   
 
4:35- 4:55 – Research Computing Update, Mark DeLong (10 minute presentation, 10 minute discussion)
 
What it is:  Research Computing connects Duke University researchers to computational resources that match research requirements, to education and training opportunities, and to expertise in high-performance/high-throughput computing and visualization.
 
Why it’s relevant: Research Computing has been studied in recent months to lay out directions useful to Duke researchers. We will provide an update on the current of Research Computing.
 
Research Advisory Committee Update:  The Research Advisory Committee met for the first time on April 17th.  It is a broad group with representatives from many of our schools.  The group agreed to meet at least once per semester.
 
Restructuring/Reinvigorating Research Computing:  Several initiatives are underway to restructure and reinvigorate Research Computing.
 
  • Infrastructure/Framework:  We’ve recently added 7 blades and are anticipating putting another 11 blades in service.  Some are acquired in support of specific researchers and others will be used to build inventory to reduce fulfillment time for future requests.  The University also has purchased 16 additional Cisco blades for the UCS system used throughout OIT for the backbone of our virtual machine setup.  We are looking at increasing our current storage of 45 TB to 400 TB with an EMC upgrade with more capacity.  We are rethinking network connections so nodes are 10 Gbps and linkages to storage are 20 Gbps.  This is important to researchers who want reliable multi-processor communications.  They currently use single node or adjacent nodes. 
  •  Automation:  We would like to use Toolkits as a model to control data access and provisioning within research computing. 
  •  Resource Sharing:  We’d like to leverage XSEDE’s 16 super computers.
  •  Training:  We have tentatively scheduled Amazon Web Services (AWS) training/hands on workshops on June 29th/30th.  Two trainers from the University of Chicago will provide training using Software Carpentry, a pedagogical framework, with a focus on CI-Connect/OSG sometime in the fall of 2015.
  •  Voucher Program:  The voucher program would allow faculty to apply for 50,000 CPU hours of computing.  We’ve received 6 applications, about half of what was expected. Improved communication about the program may increase applications. 
 
Questions and Comments:
 
(Q) How many grants does 50,000 CPU hours support?  (A) 50,000 CPU hours would support the equivalent of approximately 6 months of 1 node in continuous usage.  The hours are available for the entire year. 
 
(Q) Is there an interest in graphics in the voucher program?  (A) We are testing K20s or K40s used for scientific usage.  We are looking at ways to leverage GPUs for graphics rendering in the School of Engineering.  We currently have some nodes in the cluster that have GPU processors.  Amazon also has GPU cloud computing.
 
4:55- 5:30 – CSG Update, John Board, Mark McCahill, Charley Kneifel, Richard Biever(20 minute presentation, 10 minute discussion)
 
What it is:  The Common Solutions Group works by inviting a small set of research universities to participate regularly in meetings and project work. These universities are the CSG members; they are characterized by strategic technical vision, strong leadership, and the ability and willingness to adopt common solutions on their campuses.
 
Why it’s relevant:  CSG meetings comprise leading technical and senior administrative staff from its members, and they are organized to encourage detailed, interactive discussions of strategic technical and policy issues affecting research-university IT across time. We would like to share our experiences from the recent May 2015 meetings.
 
Overview of May 2015 CSG Sessions at Penn State University: 
  • Security: Advanced security threats was a relevant topic at the CSG meeting.  On May 15th, Penn State had their College of Engineering network disabled in response to two sophisticated multi-year cyber attacks (http://news.psu.edu/story/357824/2015/05/18/administration/college-engineering-network-secured-returns-service). In addition to the workshop session on security, a further, impromptu session on cybersecurity was added to the agenda.  Some security insights garnered from the meeting included:
    • One university correlated most of its attacks to a 9pm-5am Sunday-Thursday window, corresponding to a typical 40 hour working schedule in a distant time zone.
    • In reported cases, attackers want research data and Intellectual Property and are very patient and stealth in their attacks.
    • A number of schools have had dramatic changes in password policies.  At least one university has mandated 2 factor authentication and requires passwords to be changed every 6 months.  Their password policy allows complexity to be traded for password length.  Shorter passwords require more types of characters.
    • Internet of things and building management systems present vulnerabilities and security risks.   There is no simple solution in the short term. It could cost a million dollars to upgrade one building, but it would be a 30 year asset. 
    • We should assume unauthorized access is occurring.  Firewalls are a detection strategy, not a solution to keeping attackers out. Firewalls are best at finding when compromises have occurred and attackers are sending data out of our network.  One noteworthy quote was, “It isn’t a data breach until the data leaves our network.”  Work computers on non-Duke networks are at risk of uploading data to attackers because the transfer of this data from systems off the Duke network typically will not be picked up in our logs unless the computer is on Duke’s VPN.
    • We are generating more data then we can use with hardware. Data scientists have the skill to identify patterns in this magnitude of data. 
 
  • Research Computing:  The growth in data is fueling conversations around data center consolidation and around moving away from inefficient small clusters on campus. One university reported in the last 6 months it had waved indirect costs to facilitate a move to cloud computing (campus or external).  From a security perspective, moving to the cloud can present challenges.  Can we get access to logs to make sure bad things aren’t happening in the cloud?  A student HPC club at one university is using student activity funds to purchase its own HPC cluster. 
  • Business Intelligence Workshop:  Many peers are eager to mine their data in more efficient ways especially to target fundraising.  Schools that are performing detailed analytics in course demands have found that the predictions previously based on instincts have been incorrect.
  • Data Retention Mandates:  Funding agencies are coming out with detailed archiving directives for retaining data related to research that has been publically (government agency) funded. The compliance mandates are not the same across funding agencies making compliance difficult.  Agencies like NIH are reportedly withholding grant money for non-compliance. 
  • Technology Business Management:  Many peers and public institutions that are under extreme financial pressure are evaluating tools that can help them accurately determine the cost of specific IT services to help them drive decisions around what to outsource, what to cut back on or what to eliminate. 
  • Internet of Things:  Georgetown University put their garbage cans on the internet so that they can tell when cans need emptied, saving them a couple FTEs.  This raised questions about data governance.  For example, who is the data custodian and who has access to APIs
 
Questions and Comments:
None