Minutes from the December 13, 2006 CCD meeting

CCD-L in Attendance: Janet Heslop (CCD Co-Chair), Jen Holleran (CCD Co-Chair), Rich Jaenson, Graham Dobson, Keith Boncek, Ray Helmke, Mitch Collingsworth, James VanEe, Roger Garnett, Mark Sanford, Hurf Sheldon, Oliver Habicht, Sunny Donenfeld, Jon Corson-Rikert, Dan Elsweit

Guests in Attendance: Dan Dwyer (Research), Carol Gowan and Chad Loomis (PDC)

Announcements:    
Update from Ray Helmke on Ezranet and central network solutions

Presentations:

Carol Gowan and Chad Loomis – Power Quality and Harmonics

presentation

Dan Dwyer - Grants.gov

handout

November 8, 2006 CCD meeting

Presentation: Dell Roadmap

Minutes from the October 11, 2006 CCD meeting

CCD-L in Attendance: Janet Heslop (CCD Co-Chair), Jen Holleran (CCD Co-Chair), Rich Jaenson, Graham Dobson, Keith Boncek, Ray Helmke, Mitch Collingsworth, James VanEe, Roger Garnett, Mark Sanford, Craig Trowbridge, Laura Robinson, Tom Dunn, Hurf Sheldon

Guests in Attendance: MacDonald (CIT), Ken Ridley (CTC)

Announcements:    
Security SIG:

•  will soon do a presentation of how to use SPIDER to scan and report

•  Network password change discussion currently happening – how to encourage staff to update regularly

Presentations:

Rick MacDonald – University Disaster Recovery Task Force Report (handout)

http://www.itmc.cornell.edu/cornell_edu/ITMC/upload/DRTF%20Final%20Report%20-%20091506.doc

Three main questions to be answered:

1. How to protect University data?
2. How to provision equipment?
3. Where would a recovery site exist?

Early on in the planning stages the DR committee did level setting:

1. What could cause wide spread devastation
• Earthquake, tornado, intentional event
2. Risk vs. reward

DR committee felt need for “enabling recommendations”, if primary recommendations were to be successful. Most of these recommendations related to raising awareness across campus, particularly in the research community.

Trustees need to decide if they think the protection delivered by these recommendations is worth the expense. The university then must decide if and how to fund. – departments can then make decisions based on these determinations.

Recommendations to Ez-Backup:

- University funding to place second TSM frame at the Medical College and to subsidize rates to make them more attractive to units.

•  Manageable interface for many systems

•  Archiving cost model seems like something of interest to many units not currently using Ez-backup

•  Recpommend that Executive VP and Vice Provost to setup stake holders to determine priority of restoration

•  Ez-backup team to look at restore functions and time allotted

EMC owns Retrospect, a commonly used backup software on campus by many local units; CIT speaking with EMC to discuss interchange with Tivoli .

Looking at collaborating with other University locations

Ken Ridley - CAVE Tour (DVD handout)

Minutes from the September 13, 2006 CCD meeting

CCD-L in Attendance: Rich Jaenson (CCD Co-Chair),  Janet Heslop (CCD Co-Chair), Oliver Habicht, Roger Garnett, Jennifer Holleran, James VanEe, Don Sevey, Keith Boncek, Hurf Sheldon, Kelley Sullivan, Dan Elswit, Graham Dobson, Marcy Rosenkrantz, Ray Helmke, Frank Labonte, Tom Dunn, Craig Trowbridge, Jon Corson-Rikert, Mitch Collinsworth, Lori

Guests in Attendance: Dan Eckstrom, Wyman Miles, Glen Larratt, Ron DiNapoli, Sunny Donenfeld

Open Discussion:

Voting for the next CCD Co-Chair begins today, 9/13/06.  Look for a message this afternoon and reply to Janet (jch6) with your vote.

Security SIG :  CIT purchased GFI LanGuard for everyone to use.  Contact Steve Schuster for details.  Update:  Now available at the CUSoftware web site.
http://cusoftware.cornell.edu/licenses/languard.html

ITMC:   Disaster Recovery Task Force will be presenting recommendations at next meeting.  Executive Vice President sent a memo pertaining to standards on networking; specifically in the Wireless arena; CIT will be specifically responsible for Wireless on campus. 

VISTA:   CCD Executive Committee meets with CIT Senior Management Staff quarterly.  During a recent meeting CCD asked what was CIT doing about the upcoming release of VISTA.  Sunny Donenfeld has called together a group of technical staff from across campus to look at application compatibility, training resources, deployment, etc.  If interested in participating, contact Sunny.  The notes from the first meeting can be viewed at:  http://itmc.cornell.edu/cornell_edu/ITMC/SIG/Vista_Minutes_Sept_12_06.cfm

Presenters:

CCD Co-Chair Candidate Speeches were given by James VanEe and Jennifer Holleran.  The floor was opened to further nomination.  No response.

Ez-VPN:
Presentation by Dan Eckstrom
PowerPoint Presentation   http://www.ccd.cornell.edu/docs/index.htm

Ez-VPN will offer remote connectivity onto campus via an encrypted tunnel using Kerberos (University netid and passwords.)  Originally did a survey to determine needs – file service and remote application access.

The encryption occurs between PC-off campus to VPN Server; between VPN Server and departmental system NOT encrypted.

Equipment being used is a CISCO Concentrator ASA5000 (load balanced); 500 user limit at this time.

Test group available and will start testing this fall.  Production delivery expected late spring. 

Requires the use of CISCO's VPN client; working on a WEB VPN client

Open Discussion:

 Seeking open nominations for CCD Co-chair; please contact Janet or Rich. During the September meeting candidates will introduce themselves, briefly talk about their IT career at Cornell, and express their desire to be a CCD Co-chair.

Presenters:

Steve Schuster, Director of IT Security , led a vibrant open discussion on secure servers. What does it mean to have a secure server?

Audience: There was once talk about having an Administrative network vs. Non-Administrative network?

Steve: This has been put into the Netadmins hands; CIT provides edge ACLs, 10 space, etc for departments to accomplish this task.

The same concept is Routable vs. Non-Routable. 10 space is Non-Routable. Mostly used for printers, kronos clocks, etc. 10 space has not been broadly used.

Audience: Any thoughts about allowing Netadmins access to switches?

Steve: OH MAN!!! May in the future provide visibility to the ACLs on network, but not quite ready to even do this yet. Attempting to put together reasonable templates that one can choose from. Currently have a web page about ACLs noting things to consider. http://www.cit.cornell.edu/computer/security/edgeacls/

Audience: Currently a Netadmin can not do adequate audit of their subnets.

Steve: We need to first understand data on campus – what, who has access, where it is stored, etc. Work is being done on merging output to better enable data about network compromises.

Audience: Would find it helpful to assign one Security staff member to a specific building for help so that we do not have to repeat the circumstance over and over when another person is assign to us.

Steve: I fully support netadmins requesting someone specific, but sometimes it is better to have varying viewpoints too.

Comment: Steve: " We as technical people do not fully understand what we are responsible for supporting."

Steve: Everyone can do practical little steps: a) default deny strategy (must know network thoroughly for this implementation.) b) owe to community risks and how we handle data (user awareness.)

Audience: I see it as 40% IT problem and 60% creation of data, usage of data, and management of data

Steve: Need to request black out of SSNs before sending

Audience: We will take care of machines/networks; YOU have to take care of data. We have set up a Committee comprising 3 department members, 3 IT staff. Surveying staff about data they use/have; looking for red flags; Managers to talk to their staff – most don't realize what data they have

Comment: Steve: I will be speaking at Technical Support Providers meeting in September. This will be filmed and made into a one hour talk to be made available for future use.

Steve: FABIT supports the online TEH for all incoming faculty and current faculty. Currently the electronic version on TEH is up and running for all new netids.

Audience: May need to add a new category in “Skills for Success” as part of job requirements – “IT Data Stewardship”.

Steve: Spider is not a silver bullet

•  not easy to use, not fast
•  no image files can be opened; ie jpg
•  command version is done
•  Mac version soon
•  False alarms – user must take a look at every file

Spider User Group Meeting in August planned

Desire Spider to become an end-user application

Chuck Jessop, Software Acquisitions, discussed the Microsoft Settlement

http://www.microsoftnysettlement.com/

Just via the Select program for volume licenses Cornell University may be able to re-coop $130,000. Now Cornell is attempting to determine the value in looking at hardware purchases also. Purchases involved are from 1994 through 2004.

Purchasing department has been asked to pull data on computing equipment purchases – possible 7,100.

Dell equipment is 5,000 of the 7,100; hoping Dell is willing to help investigate.

Question: Any response from ITMC? Very little. Those that did respond, did not want to invest resources themselves to do the research.

Comment: Why not turn the $130,000 back over to Software Acquisitions!!

Deadline is October 18, 2006 .

Could be a significant impact on departments, if we do not hear from Dell soon.

At what level has Dell been spoken too? Joe DuBois and Keith Boncek has spoken to the East Coast rep.

Question: Has anyone asked a Microsoft claims person to send a list of everything with Cornell's zipcode?

Answer: Chuck will check into this.

Question: Will this claim of $130,000 for Cornell infringe upon our Microsoft relationship?

Answer: It is public domain, should not. Dean Krafft will be speaking with the Dean of CIS to determine.

Chuck hopes that if units have to do own research that the timing would be such that at least a minimum of 4 weeks be available to them for responding.

Units should know that work is being done centrally at this time.

Minutes from the May 10, 2006 CCD meeting

CCD Attendance: Rich Jaenson (CCD Co-Chair), Janet Heslop (CCD Co-Chair), Oliver Habicht, Roger Garnett, Laura Robinson, Jennifer Holleran, Shari Avery, James VanEe, Don Sevey, Keith Boncek, Hurf Sheldon, Wendy Busch, Thomas Crook, Frank Strickland, Jeff Bishop, Debra Howell

Guests in Attendance: Diane Sempler, Aimee Decker, Catherine McNamara, Jonathon Atherton, Andrea Beesing

Open Discussion:

Frank Strickland announced the first annual IT Forum to be held on June 14 th . Guest speaker Paul Glen, author of Leading Geeks , will give the keynote presentation at the Statler Auditorium in the morning.  In the afternoon, IT organizations, special interest groups, and local and national vendors will set up in the Biotechnology Building .  "Birds of a feather" sessions for IT staff to meet one another, as well as food, prize drawings, and more will occur during the afternoon .

 Note: CCD will take part in the IT Forum event; therefore, there will not be a regular scheduled meeting for June.

 Rich Jaenson mentioned “a work in progress” called the IT Grapevine. CCD and CIT Sr. Mgmt. staff would like to initiate an e-list for departments to announce work that they are doing, investigating, or implementing. This will keep other IT staff in the loop, so that unnecessary efforts (re-creating the wheel) do not create wasted university work time.

Presenters:

Jonathon Atherton – Salsa Replacement

•  see PowerPoint presentation

Catherine McNamara -- CPMM -- Cornell Project Management Methodology

•  see PowerPoint presentation

Keith Boncek introduced Kim Livolsi; Dell Regional Manager

• we have a new Dell Sales Representative for the Cornell account – Devin Cook

Kim Livolsi – opened up the floor for questions

Q: What is the status of the Repair Certifications on campus?
A: Alive and Well!!

Q: Would it be possible to have available new hardware for testing before available to faculty via the premier page?
A: Dell will look into this.

Keith Boncek stated that Feature Products will soon be available on the premier page; including printers, pda's, etc. Also, Cornell should soon be able to take advantage of monthly specials that may be offered within other areas of Dell.

Q: Since Intel chips are now in Apple computers rumors have it that Dell will be selling Apple computers. Is this true?
A: Not in the Roadmap that they were aware of.

Q: Does Dell support/sell VMware?
A: ESX and GSX integration is available

Q: Dell seems to be selling much more software to us. Is this an area that is expanding within Dell?
A: Dell can always provide a price quote, give them a try. Microsoft Campus Agreements are available via Dell.

Michael Swenson – Centralized Issue Tracking Project (handout)

Minutes from the February 8, 2006 CCD meeting

CCD Members in Attendance: Rich Jaenson (CCD Co-Chair), Janet Heslop (CCD Co-Chair), Oliver Habicht, Graham Dobson, Ray Helmke, Mitch Collinsworth, Roger Garnett, Laura Robinson, Jennifer Holleran, Shari Avery, James VanEe, Don Sevey, Bob Bandler, Joe Lalley, Lorrie Tily

Guests in Attendance: Rick MacDonald, Paul Zarnowski, Mark Mara, Lee Brink, Dan Bartholemew, Diane Sempler, Aimee Decker

Open Discussion:

Review of Sponsored NetID's:

• Timeframe for review extremely limited
• Raise concerns about this with Tom Parker, Lead on project

Rich Jaenson raised point about "what if" there was a pandemic; is everyone prepared; something to think about

Lee Brink - Centralized Symantec Service:

Reviewed handout

Questions:

Q: What about older versions?
A: SAV10 does not support older versions past version 9.x

Q: If running own managed server can the department point to the CIT "king" server?
A: Yes

Q: Other Symantec Enterprise Solutions being offered?
A: Currently pay for them; already have

Q: Will the "king" server stay up-to-date with version?
A: CIT never puts out a .0 release; to many bugs

Q: Will this be made available and offered to home machines, cooperative extension offices, etc.?
A: Yes, license is valid for all active Cornell community

Send feedback to Lee Brink with a Yes/No if you would utilize the service if it were implemented.

Rick MacDonald / Paul Zarnowski:

Rick MacDonald

Context of Disaster Recovery Planning:

• CIT has Emergency Preparedness Committee which looked at CIT's issues, then realized not only CIT issue, but a University issue

Trustees feel a duty that the University ensures survival; protection of critical data

Key Notes:

• Options - what works/ what doesn't
• Task force formation; ~12 people
• Getting extra copy of data away from "here"
• How and where would we put extra copy of data
• Rapid replacement of equipment
• Where to place equipment if no machine room available
• Reporting monthly to ITMC - Report due to the Trustees in December meeting (therefore September deadline)
• How much data is critical; how is it stored now; where might consider putting it?
• Consider machine replacement; how much?
• How might CIT better utilize TSM for a copy located offsite
• CIT has looked at equipment providers to leverage set with in # days; equipment providers have difficulty grasping how to deal with diverse university; usually deal with a DataCenter environment

Discussion:

Comment: Need to look at "range of disaster" and "scale of recovery"

Q: Is there the possibility to share datacenter resources with other universities?
A: Discussions with Weill Medical Center , whom also runs TSM; easy access via Lamda Rail; Weill has agreement with Sterling Forest for warm site in Hudson Valley

Q: What about Geneva location?
A: To regional

Dave Vernon is setting up a new task force to discuss Voice and Data networks in light of a disaster.

A web site is already available for Cornell located in CA, which will also provide email addresses to the Emergency Preparedness members and University officials. http://emergency.cornell.edu

Paul Zarnowski:

Reviewed handout

Phil Cox: attached Power Point presentation

Steve Golding:

Public utility vs. Need to expand in technology with limited resources - creates a natural tension; Tension between looking forward and providing 24/7 support

Balance: 24/7 support <- ->creating new knowledge (cutting edge) that will impact what we are actually trying to maintain --- which becomes part of the utility

There is a positive and a negative side to the tension - concentrate on the positive!

As an institution how do we facilitate this with limited resources - time, money, people?

Myriad of stakeholders: President -> Provost -> to the person farthest away with a laptop -- using data which falls under NYS law on confidentiality -- RISK for University

How are we dealing with NY State legislative mandates?

• Increased liability for Cornell
• The world that CIT operating in is changing in a very fundamental way
• not able to use computers without worry
• use of computer being governed by law
• data protection, what is kept where, by who
• The rules governing our behavior have fundamentally changed
• Need to balance flexibility against following the rules
• Increasing liability for individuals, institutions, and individuals we hold information for (credit card server hack)
• In the eyes of the state a student ID is the same as an SSN.
• We just got ssn under control, here we go again.
• Individuals need to be held responsible for the data in their hands (worker takes home info that is hacked) everyone is libel

What is the role and responsibility of CIT in a broadly decentralized institution?

• Support; Leadership, Set direction
• Keeping in mind:
• Utility 24/7 - need to provide utility level services, but still evolve the technology to address changing needs
• How to spend and support centrally vs. how decentralized units are supported; broader needs of the whole verses the wants of special interests
• Drop technology with less utility/need; while adding new technology with growing capacity;
• How to help the units know what is available so they don't duplicate what exists

9 months of learning at the University- continue to build on technology already in place - build on the positive

Highlights from a presentation he recently gave Hunter Rawlings:

1. Lambda rail

• We chose to get involved in the front end; now control Northeast corridor
• Huge implications for research
1. seen as a huge win and positive advancement in computing
• Major cost saving
• Not in the plan but the result -> we are now enabled to use Wiell as a hot backup site

1. PeopleSoft upgrades and deployments
• He thinks this was a good thing - HR systems, Student Services, etc.
• We learned project management skills
• Developed a strategy for developing budgets
• Learned from pain!
2. Polley & Steve
• How do we manage complexity

Three component pieces to managing Central Computing on campus

1. Cost of utility (functionality, capacity)
2. Maintenance and Care of systems
1. Previously built that need to be modified/enhanced
2. Define and constrain the level of resources available to enhance existing systems
3. Putting together a capital budget
1. Kuali, student systems, those determined to be institution priorities

 i. Manage from "cradle to grave"

 ii. Based on priority of university

Steve reserves the right to make decision on priorities!

Most important point of all:

•  So many times "I have to have something now!"

•  Pressure to provide service

•  Only so many resources competing with other requests

•  Getting the right technology

•  In 12-18 months the evolution of technology washes away 80-85% of bad choices

•  To often look at from technology perspective, instead of business decision

•  If right business decision - should it be provided centrally or decentrally?

•  Subset or economies of scale

• Is it a good business decision? What is the best technology today? Do not get hung up on decision in the middle! Collectively make best business decision for the University.

The guiding principle: Is it a good business decision?