Duke ITAC - October 10, 2019 Minutes
Duke ITAC Meeting Minutes – October 10, 2019
4:00 – 4:10 – Announcements
Rachel Richesson convened the meeting and announced that the minutes for three meetings from 2018 have been circulated for review. Hearing no objections regarding the meeting minutes, they are approved and will be published.
· Self-phishing practices, Richard Biever (5 minutes)
Richard Biever briefly announced several recent security programs and changes:
1) The first of the Modern Authentication changes happened this week. These changes relate to a new authentication implementation from Microsoft that provide improved authentication and authorization security available to most newer devices and mail platforms. There were only 7 tickets regarding the Modern Authentication changes that went into effect as an optional, non-required configuration. Most of the tickets were from people asking questions about “what is this screen that popped up? And should I trust it?” The rest of it seemed to go fine.
2) There is a new phish alert button implemented in Outlook clients so Duke users can report suspected phish messages with a single click. One of the options that is part of the phish alert button, is the ability to do phish testing of departments and users. At a recent Common Solutions Group meeting, members were asked about self-phishing their community. About fifty percent said they are using services to intentionally phish their users as a means of education. This was a significant increase since the last time this question came up.
3) Related to email and self-phishing, starting on October 15th, the Information Security Office within Duke Health is going to implement a self-phishing campaign. It will start with DHTS and then move to volunteer/pilot groups around the Health System and Duke Medicine and then transition around the spring or summer to Duke Health individuals.
Q: Are they telling people that they are doing it?
A: Yes, they are telling people. There will be information given ahead of time.
Q: Has there been a decision to do this on the campus side?
A: No decision has been made.
Q: Other departments were experiencing not phishing attacks but impersonation schemes.
A: This is one of the main problems affecting higher ed at the moment. There is a lot of reports about ransomware and phishing with ransomware. Unfortunately, looking at the way the email is constructed, it is very difficult for an email system to say, “that’s how we are going to stop it”. Also, what these scammers are doing is trying to get you out of the email thread by giving a phone number and asking users to call, or text that number. So, they're trying to get you out of the email thread. At this point, detection is harder.
4:10 – 4:40 p.m. – Graphics Processing Unit (GPU) Virtualization and JupyterLab Notebooks, John Board, Charley Kneifel, Mark McCahill, Henry Pfister (20 minutes of presentation, 10 minutes of Q&A)
What it is: Duke OIT and Electrical & Computer Engineering (ECE) have deployed software from Bitfusion (now part of VMWare) that allows the use of remote GPUs (including slicing GPUs up by RAM). This has been deployed in support of 2 large ECE courses using a web application called JupyterLab.
Why it’s relevant: Primary users so far have been students in the ECE 590 course. However, the
GPUs are available for interactive use by anyone at Duke via low priority, scavenger access. This is important as GPUs are key to making Machine Learning tools available to students. A demonstration will be given.
Questions were asked during the presentation, so this resulted in an interactive presentation between the presenter and the audience.
There is a lot of demand for graphics processing and GPUs to train machine learning models. Why is that? It's because machine learning models are basically systems of linear equations. And GPUs are really good at doing vector and matrix math. They're really good at running through systems of linear equations very quickly in parallel. This makes your machine learning training speed up a lot. It's way better than running on a classic central processing unit. What we have learned is that keeping the GPU busy for 24/7 is pretty hard unless you’ve got a massive job to train, then maybe you can keep it busy 24/7 for a couple of weeks or a month. But 24/7 365 days a year is pretty tough to accomplish. When it comes to coursework, the demand spikes right before the assignment is due but then it gradually slows down but again picks back up when assignments are due.
A problem we have been trying to address for years is how to how to efficiently provide GPU access to large classes and researchers. There is a company called Bitfusion that has a product called Flex direct that lets you make a pool of GPUs. An advantage here is that you don’t have to run the jobs directly on the machines where the GPUs are. You can run them on a separate machine. This gives us a lot of flexibility about how we set things up. Most of the machine learning stuff is using an interface that Nvidia has called CUDA. CUDA calls stuff to send work over to the GPU which then gets intercepted on the machine where you're running your job, then gets shipped across the network where the GPU is. The GPU does the work and ships the answer back. This means that you've got some flexibility about where you put the servers. It also means you want to put this stuff on a place where there's a fast network because that could be a potential bottleneck.
To address the issue with students that leave their job running and walk away from it for hours. Flex direct lets us enforce timeouts if the GPU has been sitting idle for 30 minutes. At this point, we can offer the GPU to someone else and if the user comes back, we can start up another session. Flex direct manager allows us to enforce timeouts and track usage.
Q: Why do we need these to kick off the people when they timeout? Can’t we just allocate in real-time? GPU is running, let it do its thing and as soon as the calling program doesn’t request GPU operations, the GPU gets released to somebody else?
A: We could but it takes a little bit longer to transition the resource and there are significant benefits to the fast startup for a user. The other reason for kicking them off is if we're going to do multiple classes of service, we might want to have scavengers around. So, getting the people that are a high priority, but not doing anything moved off the resources means there are available cycles for scavengers.
The way this works in an architectural way is that VM manages a container reservation system, that’s how you get to the Jupyter lab instances that have the GPUs. After authenticating, VM manage is going to ask the question, “is there a GPU slice available? And what are you using it for?” if there is one available and it can connect to the flex-direct API, startup the container and connect it to the slice.
Q: In one sentence can you say what a Jupyter notebook is?
A: Jupyter notebook is a Python front end.
So, Jupyter lab stuff is running and Docker containers make CUDA calls to the pool getting answers back and your machine learning training runs nice and fast. The Jupyter notebook lets you have a combination of text and words and then live cells. The Jupyter notebook runs through a series of Python commands and gives back output. As it goes through the Python commands, it grabs models and a bunch of things to train on.
You can use these Jupyter lab notebooks to have text explaining how to run the model, and executable code to run the actual model. They get dynamically created and hooked up to GPUs for managing the GPU pool so we can get a lot of people on there. We are not wasting a bunch of cycles, meaning we're not wasting the investment in the GPUs. and that makes it available for lots of people to do this.
Something to keep in mind is that you are going to want to have enough CPU memory on your machine to be able to hold all the memory that is going to be shipped over to the remote GPU and back.
Q: Do you want to talk about benchmarking?
A: I did some standard TensorFlow benchmarks that had been published and saw between two and five percent slowdown which at the end of the day is not a lot to give up.
We have an undergraduate student who wishes to spread the gospel of machine learning as a co-curricular activity for Duke undergraduates in particular to embrace. He is already working with Mark. He is gathering data about all machine learning research at Duke using machine learning methods. He has been a very eager customer and pusher of new features on the system as well.
4:40 – 4:55 p.m. – Common Solutions Group, Tracy Futhey, John Board, Charley Kneifel, Mark McCahill (10 minutes presentation, 5 minutes discussion)
What it is: The Common Solutions Group (CSG) works by inviting a small set of research universities to participate regularly in meetings and project work. These universities are the CSG members; they are characterized by strategic technical vision, strong leadership, and the ability and willingness to adopt common solutions on their campuses.
Why it’s relevant: CSG meetings comprise leading technical and senior administrative staff from its members, and they are organized to encourage detailed, interactive discussions of strategic technical and policy issues affecting research-university IT across time. We would like to share our experiences from the recent Fall 2019 meetings.
Richard mentioned that it was a good meeting overall. It was also mentioned that there was a workshop on strategy policy governance classification for securing research data.
Topics covered included threat intelligence and information sharing, noting that there aren’t many schools that are doing it to the extent that we are, and this is one of the reasons why the STINGAR project was started. STINGAR is a tool that generates threat intelligence and allows the sharing of information amongst other schools.
There were also conversations around research administration. Other talks included metrics and reporting, budgeting, key priorities for today vs tomorrow, ransomware, and budgeting around security. One take away from budgeting around security is to keep spending at a rational level without impacting the other programs going on in that environment.
One thing that another institution is doing is that they have invested in a data forensics office. This is in order to track the misuse of data and misbehavior by faculty. Another workshop that lasted half a day focused on distributed IT environments and the best strategies for that.
Lastly, there was a discussion on the next generations of technology spaces and another talk about IT ethics and analytics.
4:55 – 5:00 p.m. – ITAC Annual Photo (5 minutes)
5:00 – 5:30 p.m. – Taking a digital-first approach to University Communications, Kristen Brown (20 minutes presentation, 10 minutes discussion)
What it is: Over the past two decades advances in technology have contributed to a significant shift in the role and operations of university communications offices. Today, individual communicators in offices and departments (as well as faculty members themselves) can promote research and scholarship directly to key audiences without having to go through the central communications office (or the media).
Why it’s relevant: As a digital-first communications office, the team in University Communications develops content for digital consumption using new formats and media to engage audiences in support of Duke’s mission and we use digital metrics to track and measure the effectiveness of our work and adjust our efforts as needed. For faculty, staff, and students participating in these new formats and conversations, University Communications has resources and guidelines available at https://socialmedia.duke.edu/.
Kristen mentioned that there used to be five communication offices which throughout time got merged into what is now called University Communications. The name University Communications reflects the breadth of work being done by the office. University communications looks at things at a very granular level but also an enterprise level, this is to build and protect the reputation of Duke University. University communications recently rolled out a new site, news.duke.edu which aims to showcase how Duke is part of the everyday conversations outside of the university.
There are 15 social media channels that the office manages here and in China. Throughout these different social media channels, the content is different. The office has captured the content that most appeals to users. The point of the social media channels is to customize the experience, to build a relationship and to think about it as an engagement, not a broadcast. All this is to reach people, make people take action, share, like, and comment on the stories. It is very important to know your audience and knowing what you want them to know about you so that you can create content around that. There are some students that the office oversees who manage and create content on these social media platforms. They are there to reach out directly to and engage their peers and prospective students.
Kristen talked about a few YouTube series and mentioned one that is coming later this year. One of those series, extra credit: Life’s curiosities explained, will try to answer questions like can my dog read my mind? Or why do I crave sugar? Or is stress always bad? The series brings experts to the topic who will address them in under three minutes. Another YouTube series is Duke origins. Duke origins entail looking at an interesting thing at Duke and trying to understand where it came from, as well its origin. The first Duke origins episode was about the Hollows. The Hollows is the new dorm that was built. This is more place-based in order to attract people to Duke and to make them think about having experiences here at Duke. Another series that will start later this year “Why do we study that?” will take a video-first approach to science in order to, again, make a pathway for people to engage and understand what is going on at Duke. The goal of using YouTube is to engage people who are not engaged with Duke.
Q: how many subscribers do you need to generate revenue on your YouTube channel?
A: It depends. It’s a combination of how much time they spend, how much do they interact, and how much of what you ask will the viewers do. There are some students who are paying their way through Duke with their YouTube channel. There are metrics that contribute to that and also how influential you are.
Q: Do you have goals or metrics that you are looking for?
A: Not yet. That is because we are not very far into it. One thing we have decided is that we are not chasing clicks. Instead, what we are looking for conversion, we are looking for subscribers. We are looking for quality because we want those people to think that Duke is doing good things.
Q: so, it looks like you are looking for engagement and subscriber counts?
A: Yes. Because its all-digital, we can then start to look at who are those people, what do they do, where do they go, do we convert them to something else at Duke?
What university communications try to do is commit time and energy to set standards and document best practices along with a lot of training. The office is also interested in how it can help communicators around Duke to do better and to feel that there are resources for them at Duke. There are a variety of resources for communicators. The office does a lot of teaching and a lot of one on one. There is also a curriculum series within the communicators called “ProComm” where its peer to peer teaching.
Rachel said thank you to everyone and adjourned the meeting.