Duke ITAC - June 16, 2016 Minutes

Duke ITAC - June 16, 2016 Minutes

I.  Announcements

There were no announcements.

II.  Agenda Items

4:05 – 4:25 – OIT Services for Duke Global Initiatives, Robert Johnson (10 minute presentation, 10 minute discussion)

What it is:  President Brodhead once said "All of the deepest challenges we face – in economic development, in environment, in security, in health – arise across borders and must be solved across borders.  We must be international to be part of that solution.”

Why it’s relevant:  As Duke’s academic and research Global footprint expands, so does the need for OIT services to support Global initiatives.  Bob will provide an overview of the most recent collaborations between OIT and Duke’s Global initiatives in Africa and China.

Duke Global Initiative Update:  Bob Johnson and Kevin Davis gave an update on their trip to Africa and China in mid-April.

Moshi, Tanzania: Moshi was the first site Bob and Kevin visited.  This is the location of Kilimanjaro Christian Medical Center (KCMC), one of the major partner locations for Duke’s Global Health Institute (DGHI).  Duke supports substantial collaborations with KCMC by placing medical students, Master of Science in Global Health students, medical residents, and fellows in Moshi for training and research opportunities.  The pupose of their visit was to check-in on KCMC’s self-sustaining support of IT equipment set up by Duke and to evaluate areas of need.  Identified challenges and opportunities include:

    • Wired Internet Connectivity:  There are limited internet service providers in Moshi.  The state owned provider is the only one with rights to use the national fiber opic backbone.  The cost for the service is extremely expensive, several hundred dollars per Mb per month.  For several years, there has been a government initiative thru their Science and Technology Ministry to give universities free internet access.  Although the access is free, reliability is problematic with service outages occurring one out of every 5 days.  UbuntuNet Alliance, the regional Research and Education Networking (REN) organization for Eastern and Southern Africa (the internet2 equivalent), is working with the Governor of Tanzania to help KCMC move away from a free service model which tends to have lower quality to a subscription service (most RENs are structured this way) which is more fiscally sustainable.
    • Collaboration and Support:  We are looking for ways to foster better communication and increase collaboration.  We’ll be increasing our mentoring partnership by resuming monthly support calls. 

Eldoret, Kenya Africa: Eldoret was the second site that Bob and Kevin visited.  This is another major partner location for DGHI.  Partners include Academic Model Providing Access to Healthcare (AMPATH) and Moi University School of Public Health.  Office of Information Technology (OIT) and Trinity College of Arts & Sciences Office of Technology Services (TTS) have been working together to help DGHI’s partners allocate grant funding for wide area connectivity for internet access and video conferencing.  This included selecting video equipment that would work with their computers and protocols. The purpose of this visit was to set up the video conferencing equipment.  Identified challenges and opportunities include:

    • Device Support:  The biggest challenge is device support.  TTS uses ScreenConnect to provide off-site support to the partner locations.
    • Security:  Computer virus and awareness of data hygiene is very challenging. 
    • Service Interruptions:  Sites were shut down four hours at a time as much as twice per day.
    • Collaboration and Mentoring:  Although some of the Kenyan sites have IT staff with strong knowledge, it might be limited to specific areas.  We are looking at ways to collaborate with other US institutions like Indiana University and Carnegie Mellon University to provide support and mentoring for our Kenyan partners. 

Takeaways:  Overall, the trip to the 2 African sites was a huge success.  Bob and Kevin were able to provide significant support over a short period of time (approximately 3 days per site).  We will be working with other U.S. institutions to explore a collaborative support model to provide rotating onsite and/or offsite support possibly through a global Service Operations Center (reduced travel time and travel expenditures).  We are hoping that we can have a pilot in place over the next 4 or 5 months.

Kunshan, China:  Bob Johnson visited the DKU site.  Some of the networking challenges at DKU have centered around internet connectivity.  The China Education and Research Network (CERNET) provides a 10 GB link between Beijing and Los Angeles where it connects to the U.S. Internet2.  In order to get from Beijing to Kunshan, there is a third provider, China Telecom, which often results in traffic congestion issues and doesn’t support IPv6.  To improve bandwidth and eliminate the need for a tertiary service provider, CERNET direct fiber was pulled from Shanghai to Kunshan (~70 miles).  In addition to improved bandwidth, the CERNET direct fiber supports the use of IPv6 with improved configuration and security features.

DKU is continuing to expand with Phase 2 planning underway.  An undergraduate program is being looked at.

Takeaways:  Like DKU, other global study-abroad locations might have less than adequate connectivity and bandwidth.  If a Duke University school or a department collaborates with a global partner and is experiencing internet connectivity issues, contact Bob or Kevin.  They may be able to work with that country’s Research Education Network (REN) to fine-tune the connectivity configurations. 

Internet2 is looking for use cases (researchers/collaborators/study programs) to expand connections to the following geographical locations:  India, west/central Africa, Caribbean and Italy.  Contact Bob or Kevin for assistance establishing research educational connectivity status for non-campus international needs such as research centers and other types of global offices.

Questions and Discussion

Question:  Are U.S. educational institutions working together and sharing experiences and knowledge as it expands globally?  Is there opportunity for coordination among institutions in the U.S.?  Is there guidance? 

Answer:  There are some resources being stood up such as Indiana University’s Global Research Network Operations Center (GlobalNOC).   IU’s GlobalNOC is an operations and engineering organization supporting advanced international, national, regional, and local high-performance research and education networks, including Internet2, NOAA and Indiana’s own I-Light (https://globalnoc.iu.edu/index.html).   Internet2 and international REN organizations also provide support.

4:25- 4:50 – Targeted Attack Protection Pilot Results, Debbie Deyulia, Jeremy Hopkins (15 minute presentation, 10 minute discussion)

What it is:  Every month Duke receives millions of email messages, many of which are deleted or quarantined before ever getting to the intended recipient, due to the message being fraudulent or malicious in some way.  Even with the large volume deleted, we still see daily occurrences of messages successfully targeting Duke faculty, staff and students.  Phishing attacks that get through can result in compromised accounts, ransomware, or the execution of fraudulent wire transfers.  Duke activated its new Targeted Attack Protection service on June 1 to better defend against malicious URLs and attachments that get through our conventional scans;  Debbie and Jeremy will discuss the early impacts of this service.

Why it’s relevant: Targeted Attack Protection(TAP) protects Duke email users by further reducing the effectiveness of malicious URLs and attachments.  TAP adds new protections that more fully mitigate risk associated with malicious URLs and attachments in email.  

Background:  Targeted attacks using malicious URLs and attachments were resulting in an increase in compromised accounts, compromised machines and ransomware - software designed to block access to a computer until a sum of money is paid.  In March 2016, approximately 93% of Duke’s phishing emails contained ransomware.  At the April 21st ITAC meeting, Debbie Deyulia and Jeremy Hopkins announced Duke’s plan to move forward June 1st with Targeted Attack Protection (TAP) as a response to this increase.  TAP provides a more in-depth real-time analysis of URLs and attachments to more quickly remove possible malware threats. Attachment defense evaluates attachments that could contain code (files of the type pdf, html, Word) and blocks suspect emails.  URL defense scans and rewrites all email URLs and blocks malicious links. 

TAP is not a tool to track or report on individual user activity.  Only malicious URL and attachment details are visible to Security.  Users are asked to remain skeptical when clicking on links.

Rollout Update:  The TAP service was enabled for all users on June 1st, excluding internal email between Duke accounts.  On June 16th, we began scanning outbound email attachments in an effort to reduce blacklisting and to protect Duke’s reputation.  There have been 5 minor incidents since go live with one issue being identified. 

Since June 1st, there were a total of 47,417 messages evaluated.  Of those, 41,321 messages were caught (87.14%) and blocked.  Of the 6,096 that were delivered, 4,974 urls were rewritten (81.59%).

Questions and Discussion

Question:  How is confidentiality handled since TAP is a 3rd party vendor? 

Answer.  The content of attachments is not being sent to the vendor.  It is the code within the dynamic pdf that is uploaded. 

Comment:  A latency test showed that TAP does not appear to negatively affect email delivery speeds. 

Question:  How do you know that an attachment has been blocked?  Answer:

    • for emails that contain malware – typically virus laden email – the message is blocked and no notification is given
    • for emails that contain bad URLs  – the mail is delivered and the link is blocked when clicked
    • for emails that contain .EXEs (or other executable files) that are blocked, the user receives a notice
    • for emails that are considered spam – the mail is quarantined and the user is not notified

We are planning to develop a dashboard to allow users to see what email has been blocked as spam.

4:55- 5:30 – Software & Lab Services Update, Glenn Setliff Jr., Mark-Everett McGill (25 minute presentation/10 minute discussion)

What it is:  OIT’s Software & Lab Services group provides physical and virtual computing labs, specialty facilitates such as the Multimedia Project Studio and Innovation Studio, licensing servers, software imaging, contract negotiations, and acquisition and distribution of many popular software products such as Microsoft, Adobe, SAS, Matlab, and more.

Why it’s relevant:  OIT specialty technology labs have been very popular at Duke.  OIT Software & Lab Services has been working with DDI to explore virtual reality technology, and in a partnership with HRDL, will be opening a new space featuring this technology next semester.  We will showcase some of the technology offerings for virtual reality and discuss some use cases for education.  There will also be a new website for software licensing launching this fall, and we will provide a preview of the application and discuss features.

Virtual Reality:  Virtual Reality (VR) allows a user to interact with a computer-generated environment that makes them feel as though they are physically in a virtual space.  The Oculus Rift was one of the first VR devices acquired by The DiVE – Duke’s research and education facility dedicated to exploring techniques of immersion and interaction.  A Rift user sits in a chair wearing a headset and headphones and interacts with the virtual environment using a keyboard and mouse.

The newest and most exciting addition to Duke’s VR suite is the HTC VIVE.  In addition to the headset and headphones, a user has hand tracking gear that enables them to interact with the virtual environment while walking around a room.  No longer being tethered to a keyboard and mouse, the HTC VIVE gives the user a more immersive experience.  A high performance liquid cooled computer built by OIT in collaboration with Housing Dining and Residence Life (HDRL) will be located in a dedicated virtual reality room in The Bolt.  The Bolt is a high-tech gaming suite located in Edens 1C.   The computer will be ceiling mounted, allowing the user to move freely around the room even though they are still tethered.  Due to latency concerns, wireless is not an option at this time. 

A Steam account has been set up to manage the software and software licensing.  Both educational and gaming software will be available, along with all of the tools needed to create and view a new virtual environment.  A webpage with a list of available software is being created. 

Augmented Reality:  Unlike VR, Augmented Reality (AR) allows a user to interact with virtual contents in the real world.  Mark presented a demonstration of HoloLens - Microsoft’s standalone AR headgear that enables users to interact with high-definition holograms while maintaining presence in the real world.  Mark demonstrated HoloLens’ Cortana, which is similar to Apple’s Siri, which gives users the ability to interact using voice commands in addition to hand gestures.  Some functional uses for AR include training and surgery.  Visit https://dukedigitalinitiative.duke.edu/projects/2016-ddi-call-for-proposals/ for information on submitting a grant proposal for this emerging technology.

Upcoming Changes: 

    • ePrint upgrade – There will be a major ePrint upgrade the beginning of July.  The upgrade includes the ability to print using an Android app.  Comment:  In Fall 2015, ePrint storage allocation was increased to have 24 hours or more of storage.  There haven’t been complaints, yet more than 30% of print jobs time out and are purged after 24 hours.  We might want to investigate why so many jobs are timing out.
    •  OIT Software Licensing website upgrade – There will be an upgrade fall semester 2016.  Some of the key upgrades will include:
      • ability to use fund codes for online purchasing
      • improved layout and navigation
      • ability to order multiple products at a time using a shopping cart

Metrics:  The following metrics were shared for academic year 2015-2016 (September 1 – June 1):

    •  ePrint
      • 10,164 unique users
      • 3,729,745 sheets of paper on 6,108,924 sides
      • 797,404 print jobs

There was a 7.4% decrease in print jobs compared to academic year 2014-2015 with 297,000 fewer sheets printed.   During the fall semester, we may want to research what is driving this change.  For example, is the decrease due to shifts in cultures of thinking or reducing the number of abusive print jobs or is something else driving this change like Green Classrsoom Certification – provides faculty with the opportunity to reduce the environmental impact of the courses and classrooms at Duke while demonstrating eco-friendly behaviors to students.

    •  Computer Labs
      • 9 OIT-supported computer labs and 8 kiosk locations
      • 34,320 total logins
      • 4,089 unique users (since Labstats 6 was launched)

We are continuously reducing labs to free up resources for other technologies such as 3D printing and Virtual Reality.  Metrics data will help guide future reductions by identifying labs that are used less frequently than others.

    • Software Licensing
      • software licensing is up 30.7% from academic year 2014-2015
      • 70,000 software downloads
      • staff represent the largest portion of users
      • largest number of downloads happens in August when students return
    • 3D Printing
      • 25 operational 3D printers
      • students make up the largest portion of users
      • overall usage July 2015 – June 2016
      • 33,879 print hours
      • 495 kg. of filament (on average <$1 per print job)
      • $10,399 total filament cost
      • 446 unique users 

Questions and Discussion

Question:  What technology was used to develop the site? 

Answer:  Duke Web Services used Drupal.

Question:  Would the Adobe agreement signing in August have contributed to the spike in August?  Answer:  This wouldn’t have contributed since the student Adobe usage is not reflected in these numbers. Students only need the instructions, not the actual download since they already have the software available through their Creative Cloud accounts.  Question:  Is there a way to get the student usage for Adobe. 

Answer:  Adobe said they could not provide this.