Duke ITAC - February 11, 2016 Minutes

Duke ITAC - February 11, 2016 Minutes

I.   Announcements

The Divinity school moved into Kent Corner last week.  We were able to successfully support delivery of OIT services to them over DHTS networks, wired and wireless.

Mark Goodacre is Blue Devil of the Week.

Today, gravity waves were discovered.

II.  Agenda Items

4:05- 4:25 – Draft Duke Drone Policy, John Board (10 minute presentation, 10 minute discussion)

What it is:  Unmanned Aerial Systems (UAS), or drones, have captured the public imagination, with hundreds of thousands of them sold in the US last year.  Though hobbyists are free to experiment with drones in many ways, all commercial uses of drones, which include teaching and research uses, remain tightly regulated in this country.  Specifically, only licensed pilots may fly even very small drones if the flight is “commercial,” and then only after meeting numerous requirements. The UAS regulatory framework remains in flux and will certainly evolve in the coming years.

Why it’s relevant: Despite these restrictions, Duke researchers have begun to make use of UAS for research and teaching in limited ways.  John Board will provide an overview of the draft Duke policy governing drone operations.

In the last year, the better part of a million drones were sold.  Hobbyists can fly drones that weigh up to 50 pounds 400 feet in the air, as long as this is done responsibly.  This means flying over property you have permission to fly over, not flying near stadiums, and not being reckless.  In NC you need written permission if you have a camera and you can see others' property.  Every drone must have an FAA tail number now.  Whether newly purchased or already owned, drone owners must register with the FAA; pay a licensing fee; and put a tail number on the drone.

At the current time research or education uses are considered commercial and disallowed, unless you file for a section 333 exemption.  Duke has applied for and received an exemption that allows us to do certain things.

Under the Duke exemption, only a licensed pilot may fly a drone.

24 hours advance notice is required, including to all area airports; this includes Life Flight.

You must exclude uninvolved persons and structures 500 feet in all directions.  No place on campus meets this restriction, including our athletic fields.

The licensed pilot can only fly up to 200 feet.  Every flight is subject to stringent reporting of flights to the FAA.

Even with these restrictions, there is Duke drone research underway that falls within the FAA guidelines and Duke’s exception.  This especially includes environmental monitoring; research on drones also is happening in Pratt and Computer Science.

With Duke Police Chief John Dailey, we've drawn up a policy.  The Vice Provost for Research is charged with organizing our reporting and response.

Most Duke flights are done at the Marine Lab, where they are able to fly over the ocean and comply with most of these requirements.  The Marine Lab has made hundreds of flights.

The Office of Risk Management has agreed to assess suitability of flights over Duke property, once we've determined at some point in the future that flights on campus are allowable.

New regulations will be coming from the FAA.  The FAA admits they are years behind schedule in coming up with plausible regulations which promote commercial uses of drones while still protecting the air traffic control system.  Draft new regulations were published a year ago, and these may move forward late this year.

This is the condition today.  Lots of people have asked, "how can I fly drones?"  The answer today is, "Only with great difficulty."  There's work to amend our exemption to allow us greater flexibility.  Today, Duke does have an indoor facility in renovated space in the North Building, but there's only so much you can do indoors in a room.

Questions and Discussion

Question: It seems aerial surveys of Duke Forest would be useful.

Answer: Yes, but due to regulations, many Duke groups are planning at Duke but then going to Canada or Africa to conduct the actual flights.  But even abroad, regulations are changing.

Note that the FAA registration database is publicly searchable, and this results in a privacy issue.

Reporting and pilot restrictions apply even to flights of Duke drones in other locations, such as drone test ranges elsewhere in North Carolina. 

Question: What about hobbyists?

Answer:  Duke would welcome a hobbyist group on campus.  The Academy of Modern Aeronautics is recognized by the FAA.  We invite a chapter of such an Academy to be formed.

Question: Could hobbyists collect video or sensor data and put that into the public domain, for Duke to be able to reuse?

Answer: This is unclear.  Commercial users must obtain a North Carolina pilot certificate, as well as being subject to FAA regulation.

4:25- 4:55 – Duke Research Computing Symposium & Research Toolkits/RAPID VMs, Mark DeLong, Mark McCahill (20 minute presentation/10 minute discussion)

What it is:  Over 100 researchers met for scientific presentations, a poster session, and table displays at the second annual Duke Research Computing Symposium.  The scientific program consisted of lightning talks on virtual museums, sharing confidential data, data science at Duke Health, and the new Research toolkits and RAPID VMS service.   Research Toolkits is a beta test/pilot service that provides Duke faculty and their designees with free, self-service, on-demand access to Virtual Machine (VM) environments and scratch storage.  The long term goal of this project is to expand the service beyond VMs and storage to encompass data sets and other services.

Why it’s relevant:  Mark DeLong will provide an overview of this year’s symposium, while Mark McCahill will describe how Research Toolkits provides access to IT resources needed for research projects.

Pratt, Trinity, and School of Medicine provided very constant participation.  About 50% came from School of Medicine; 28% from Trinity; 19% from Pratt.  This is almost exactly what we had last year.

School participation was about 110 people, predominantly staff; some faculty, postdocs, and grad students.

26 posters were presented from Duke researchers, including Classics.

Four prizes were awarded. 

The focus of this year's symposium was much more scientific and much less IT. 

Presentations from:

Doug Boyer, Evolutional Anthropology - 3D representations and the science of shapes.

Jerry Reiter - broadening access for researchers to datasets that are often closely held.

Erich Wong - Data sciences in Duke Health.  Talked about matters of provenance and capturing provenance, and how data can be captured and help to inform medical decisions.

Mark McCahill will present shortly on the subject of his symposium talk.

I think the best theme of the symposium came from Tracy's mouth, with the metaphor of gardening.  When you get a bush or a plant, you expect it will sleep the first year; creep the second year; and leap the third year.  Research computing is in some sense learning to leap this year, and in our third symposium we expect to leap

Mark McCahill: I've talked in the past about ways of provisioning virtual machines (VMs): VM-manage, which is oriented toward coursework or Innovation Co-Lab projects.  These persist for quite a while.  Before we were using VMmanage, we were using VCL (Virtual Computing Lab).  This allows short-term leases related to an assignment: usually lasting a couple of hours.  Research toolkits is our effort to have a similar offering that fits research needs.  Fast, easy access to compute and storage.  Researchers tend to be project-oriented, with multiple people having different roles in the project.  Our ambition for RT is to let researchers define projects; define roles and groups within the project; and map those groups to access permissions to their resources.

Define projects, roles, and resources 

We tried not to impose a common schema, but say that you can have multiple projects, and within each project create as many roles as you like; name the groups; and populate roles.  This is a framework that allows you to define your own structure. 

Roles are automatically reflected into groups in Grouper; they appear in LDAP/Active Directory; and they can be presented as assertions in Shibboleth.

Data Commons storage space

This is an SMB/CIFS file store, with permissions controlled in Research Toolkits.  It’s mountable on Windows, Mac, Linux.

RAPID virtual machines

This is a VM reservation service, with project role-based permission management via Research Toolkits.

Demo.

https://rtoolkits.web.duke.edu/

Begin a new project with the Create a New Project button.

Currently, we aren't accepting sensitive information, including PHI.

The project creator is the initial administrator.  The admin can add services, and single or multiple VMs.  RSTUDIO and Jupiter are offered alongside Ubuntu 14.04.

Admins can add users, and you can look them up by name.  Users can be grouped into teams.

Teams are represented through Grouper groups, and Research Toolkits also exposes the WIN Active Directory group name corresponding to those Grouper groups.  This helps researchers or departments to take advantage of these groups in other applications.

You're responsible for backing up these machines; we're not doing the backups for you.  Please make backups.

Some will want "vanilla Linux"; some will want research software, and we're working on some useful images. 

What's coming?

    • MATLAB
    • Mathematica
    • Anaconda Python
    • Windows
    • Centos/RHEL Linux

If you want it, let us know, and if reasonable, we'll try to get it in there.

This is a pilot beta test, not yet full production.  If you find bugs, let us know what they are.

Feedback: 

https://rtoolkits.web.duke.edu/

research_toolkits@duke.edu

This can be used by regular rank faculty, and select additions.

Persistence is for a single semester.  During the pilot period, we will ask participants how they're using it.

Questions and Discussion

Question: What about external users?

Answer: That's coming.

Question: Is there a way to transport products from VM-manage into Research Toolkits?

Answer: Yes, but this isn't self-service yet.  Make a .vmdk disk image; tell us about it; and we'll import that .vmdk into a Research Toolkits VM. 

We're pre-building the defaults in Research Toolkits.  Defaults are created quickly; customized VMs may take several minutes to build. 

Question: How big a box can I get?

Answer: Today, 24 cores, 256 GB RAM, but just for testing; we wouldn't want to do many of those.  This is an extension of the DSCR, and it involves resource reservations, even when you aren't actively using them.

This is rather different from CoLab/VM-manage VMs, which are overbooked.

There's significant infrastructure behind this.  We're able to blur the line between the applications of the underlying infrastructure (cluster, Research Toolkits, etc).  We're in the process of occupying about 2400 new cores.  The idea is to build a VM and then deploy it across the cluster. 

We hope that this pilot can help us get a better idea about what researchers want to do with such machines. 

Scratch space is in increments of 100 GB. 

Question: Do you anticipate many current DSCR users moving to Research Toolkits?

Answer: We think this provides a model where you can build in one place and then make your product mobile.  This is packaged as Docker containers for maximum flexibility.

We're finding virtualization produces a 1-2% impact on performance, as long as we're not using multiple levels of virtualization.

We do have proof of concept on this. 

This allows researchers to think more strategically about how they implement computation into their research project plans. 

Some discussion of requiring students to use VMs exclusively, to avoid mixing research data with personal storage.

Docker now is becoming a research artifact, part of the currency of research.

4:55-5:15 – Duke Responsible Disclosure Policy Draft, Richard Biever (10minute presentation/10 minute discussion)
 
What it is:  Duke University takes the safety and privacy of our community and dataseriously. System users sometimes find security vulnerabilities incidentally duringthe course of some other activity. Duke is committed to the identification andremediation of security vulnerabilities within systems and networks.
Why it’s relevant:  This Responsible Disclosure policy addresses the need to identifyand report security vulnerabilities within Duke systems and networks.  Richard willpresent the draft and discuss the timeline for adoption.
 
It came to our attention some time ago that a different university hada student who reported a vulnerability; the security office acted on the
report and fixed it, but the student was brought up on conductcharges.  That university's security office went to bat for the student,but later that same student hacked a different university's calendaringsystem and was brought up on charges.We've talked about adding a clause to the policy that addressesindividuals who want to scan for security vulnerabilities, that theyseek permission before doing so.  Recently a student reported thatsomeone had shared Sakai information much more broadly thanintended.
 
We want to reward that kind of disclosure, as opposed tostudents who download Netsparker and use it to bring down a Dukeweb site.The current draft will be posted on the Security Office website as adraft, in the Policies & Procedures section.  We'd welcome anyfeedback you might have.

Questions and Discussion

Question: How do you communicate this to the people who need to know about it?

Answer: We want to be careful not to declare open season.  This is a fine line; we are a living, learning laboratory environment.  My stance on it: if we see you doing something, I want to talk to you about why you did it.

Question: What kind of legal reviews?

Answer: Legal has been involved and is reviewing the drafts.

5:15-5:30 – SISS Redesign Check-in, Kathy Bader (10 minute presentation/5 minute discussion)

What it is:  ACES/STORM portal redesign:  A new web interface for the common student and faculty views of our student information system is begin designed based on feedback from faculty and student users of the current system.  Kathy and her team will review progress to date.

Why it’s relevant:  Faculty and student users of the student information system have expressed numerous frustrations in recent years; new features in the base program afford Duke the opportunity to develop a new front-end to the most commonly used aspects of the systems to improve the user experience.  Kathy and her team will focus on student view.

Since we adopted the delivered PeopleSoft self-service in 2008/2009, we've wanted to improve the user interface and better manage the experience of people who have multiple roles.  This includes graduate students who are also teaching, or alumni, or applying to other schools.

We aren't returning to the days of bolting on a new product; instead we're using CSS/XSL and PeopleSoft technologies to put a web wrapper around the pages to improve navigation.  In large part, this development can be done by people in the SISS Office, rather than by the technical team.

This is the most engaged group of students we've had since 2008/2009.  We will turn on a live beta for a select group of students to use; we hope to turn this on March 7.  We expect a group of 75 students.

We need a group of students that is representative across the university, students in the humanities and sciences and the like.  We're looking for real feedback on usability.

Demo.

There's a prominent display when a student is on hold, including pointers on how to get off hold.

It's easy to contact instructors form this interface; look up advisors; provide feedback.  There's also an easy-to-access calendar which displays the student's courses.  It's easier to find GPA for any given period, not just overall.  Billing and payments are readily available.  Academic and non-academic forms are available in a single list, as well as form history.

In May or June, we hope to roll this out to students beyond our initial 75 student test.  Late April, we hope to begin a test group among faculty, with rollout in June as well.

Questions and Discussion

Question: Can Duke@Work and STORM be integrated in a similar way, for faculty?

Answer: Not the same way, but we can provide links to services in Duke@Work.

Question: Is there any hope of importing Sakai gradebooks into PeopleSoft?

Answer: We’re working on this.  Sakai will upgrade to a newer version that has greater capability in this area.