Skip directly to: [Site Navigation] [Section Navigation] [Search] [Content]
Home » 2004
1:30 - 3:00 pm - I.G. Greer 224
Permalink Comments off
1:30 - 3:00 pm - I. G. Greer Hall - Room 224
Persons Present:
Ex Officio members: Doug May (Acad. Computing Serv.), Jeff Williams (Chair, Info. Tech. Serv.), Tim Huelsman (Fac. Senate)
Voting Members: Brian Brown (Student Services), Robert Brown (Student Govt.), Gabe Fankhauser (Hayes School of Music), Kevin Howell (Coll. of Fine & Applied Arts), Len Johnson (HRS/Chancellor’s Office), Emory Maiden (Coll. of Arts & Sciences), Ed Pekarek (Coll. of Arts & Sciences), Justin Pittman (Student Govt. Assoc.), Dick Riedl (Reich Coll. of Education), Dragan Stefanovic (Coll. of Arts & Sciences), Peter Wachs (Student Development), Bill Ward (Academic Affairs)
Visitors: Steve Breiner (Instructional Comp. Serv., ITAC Recorder), Tim Burwell (Academic Affairs), Tom Van Gilder (Arts & Sciences), Pamela Graham (Arts & Sciences), Doug Brantz (Fine & Applied Arts), Oscar Knight (ITS Security Manager), Greg Simmons (Instructional Computing), Jeff Church (Instructional Computing), Charles (Mick) Kreszock (Instructional Technology Ctr.)
1) Welcome, Introductions, and recent Activity
Jeff Williams opened the meeting at 1:33 PM, greeted the assembly and referred those present to the online posted minutes from the September 10 meeting. He recognized a number of new ITAC representatives, and asked the members to introduce themselves for the benefit of all present.
2) Discussion of Student E&T fee increase
Williams introduced Tim Burwell who reported that research begun last year indicated that the Education and Technology (E&T) student fees Appalachian were 15th lowest of the 16 UNC institutions and that that was the result of attempts to keep tuition and fees low during last year’s cycle. He mentioned also that there had been a proposal for a $100 increase last year. He stated that the combined student fees of $225, when considered with tuition, left Appalachian with a revenue level third from the bottom in the UNC system. His research showed that the E&T fees netted some $400,000 for Information Technology Services (ITS) use with the bulk of the additional E&T revenues (roughly $1.2 million) flowing to departments for various uses. Additional revenues accruing to ITS include $200,000 from summer school allocations and and additional $120,000 in distributed salary monies. He noted that Appalachian had been able to achieve quite impressive infrastructure improvements, due primarily to the 1-time monies resulting from the bond referendum passed in November of 2000, but that the bond funds had been depleted. It was clear, noted Burwell, that Appalachian needs to establish a more stable and reliable funding mechanism to maintain its progress and to achieve needed improvements in the IT arena.The conclusions of his analyses, including a realization that we will be involved essentially in zero-based state budgeting, led the administration to request the $100 per year increase in per-student E&T fees, mainly targeted to IT needs, to provide approximately $1.3 million to be spent for service categories that directly impact students. The request will go to the Appalachian State University board of trustees for consideration at their December meeting.
Williams noted that ITS had been asked during the consideration of the fee increase request to identify as beneficiaries those uses that directly relate to student education. Among the issues identified were establishing a regular 4-year refresh cycles for the 1800 computers maintained for use in student computer labs, maintenance and refresh of the IT infrastructure, and personnel issues that directly impact educational activities.
Tom Van Gilder (A&S) asked whether the proposed refresh cycles would apply to computer labs that were originally established by the colleges. Doug May (ACS) replied that all publicly accessible labs would be included, if the request were granted. Van Gilder then asked whether faculty machines were to be included and May replied that faculty machines were expressly not included in this mechanism and that this funding can only be applied in direct support of instruction. He further noted that other funding, notably from state allocations, should be used for refreshing faculty machines and the related infrastructure, since those uses are considered routine office necessities.
Robert Brown (SGA) asked what would be the net impact on students as a result of the fee increase. Peter Wachs (Student Development) answered that the increase in E&T fees from $118 to $218 per year should have only slight impact, since all other fees were remaining essentially constant.
3) Follow-up on IT audit - workstation management
Williams reported that, to meet the requirements of our latest audit report from the State Auditors office, Oscar Knight, formerly in the Network Support Services area in ITS, had been appointed to the newly created position of IT Security Coordinator and will report directly to Williams. He noted also that this, and other requirements of the audit report, had been addressed by November 9. Included in meeting those requirements was the deployment of a scanning mechanism for compliance certification of workstations — initial results indicate that from 75 to 100 workstations (computers) had completed the soon-to-be mandatory process. He noted that the scan process would be required for all servers and faculty/staff workstations (computers) every 6 months to verify the absence of vulnerabilities. Those machines with Novell workstation management will be updated routinely and automatically but standalone machines will need to complete a (fairly rigorous) manual process to achieve their certifications.
Williams then introduced Knight, who explained the auditors’ concerns with issue of “null sessions” and described how registry changes related to this (and to similar vulnerabilities) were fixed remotely using Novell’s remote Workstation Management capabilities. Williams added that the recent “Paypal Phishing Trojan” (see an explanation and examples) and many others like it make it only prudent to be very careful with our access and with the machines that connect to our network and the Internet.
Brian Brown (Stud. Serv.) asked what plans for future security were being considered. He proposed that items such as a standard, university-sanctioned, reasonably secure browser, spyware scanners and removers, and other security-friendly items be included in the standard university computer OS build(s). Williams replied that those things and others are under consideration. May noted that information related to security of the Appalachian builds is always being included and considered. Kevin Howell (F&AA) suggested that Appalachian look at the Pest PatrolĀ® be considered as a particularly effective possibility for spyware removal.
4) Recent legal actions for P2P activity
May reported that the RIAA (Recording Industry Association of America) had been granted subpoenas ordering Appalachian to provide names and contact information for three Internet addresses allegedly conducting illegal file sharing of copyrighted materials from within Appalachian’s network. On advice of the university counsel the information was provided to the RIAA and the students implicated in the allegations were notified of the action. May mentions that the recent spate of legal action by the RIAA seemed to cast a wide net with some 700 alleged offenders being targeted at some 226 institutions. He suggested we can use these unfortunate events to help educate the university community, students, staff, and faculty, as to both the criminal nature of and potential problems resulting from illegal file sharing.
May noted that on November 4 the MPAA (Motion Picture Association of America) has recently announced action plans similar to those of the RIAA, having sent letters to campuses and individuals threatening legal action against file-sharing abusers. Williams noted that UNC President Molly Broad had testified before congressional committees in Washington, DC, about the issue, and supports efforts to curb illegal file trading and sharing. There are system-level discussions occurring to determine how to address the P2P (peer to peer) issue and that recent efforts at Penn State to curb illicit file sharing by promoting legal alternatives has not been particularly effective at reducing the undesirable activity. Brantz asked about actions the university might take, such as warning individuals, to help curb the activity. May replied that there was a delicate position the university must take in order not to subject itself to losing it’s “safe harbor” status as an Internet Service Provider.
Robert Brown asked whether there might be system-wide recommendations as to P2P coming out of the system-level discussions. May acknowledged that as a clear possibility. Williams mentioned that those groups were following the testing of software at UNC-Charlotte that can supposedly prevent unauthorized transfer of copyrighted material. He added that the university probably needs to take a role in attempting to educate the nonuniversity public as well as out community about P2P issues.
5) Workstation refresh - cycles, approach, etc.
Williams noted that it appeared that establishing a formal, routine refresh cycle for computers on campus would likely be most successful if based a formula using the numbers of employees using them, leaving the localized administrators to allocate “refresh credits” appropriately, rather than attempting to centrally identify specific computers (using FAS or individual assessment) for replacement. He mentioned that the current CIO of the State of North Carolina would likely retain the position and that he anticipates that the state’s efforts to devise a statewide inventory would benefit Appalachian.
6) Update on campus communications plan for faculty and staff
Williams reported that the Communications Committee, chaired by himself and Len Johnson (Human Resources), had devised a mechanism for establishing email subscription lists that facilitate university communications. He stated that the current flood of locally produced email (via the SUBSCRIBERS and FACULTY listserves) made it almost impossible to communicate when important issues arose. Too many people simply delete or ignore those messages, buried in the volume of email they don’t want to receive in the first place. To alleviate the situation, the committee has recommended establishing two email lists, one for faculty and one for staff, that would be used only for critical notices - this list would subscribe every Appalachian employee immediately on employment and would not offer the recipient an opportunity to opt out. All other lists would target specific audiences and subscribes to those lists would be allowed to opt out of them at any time. Messages from the “voluntary” lists would necessarily carry instructions on opting out in every message. The proposed system would collect all of the list options (opt in or out) on a single management page accessible to all employees. Williams mentioned that other modes of communication were being considered, particularly for emergency-related information, including outbound calling and automated systems. The new subscription system for email should be active by early Spring semester, 2005.
7) Other items
Ed Pekarek (Computer Science) asked about the status of the IT status report issued by the consultant who visited the campus this (Fall) semester. Williams replied that the Vice Chancellors had received and were considering the report and its implications next week (11/16) and that he expected to hear more about the results following that discussion. He noted that the IT discussion was part of a more comprehensive discussion that would be looking at multiple issues facing the institution and administration.
Adjournment
Williams thanked the the members for their efforts, wished them well, and adjourned the meeting at 2:32
Permalink Comments off
1:30 - 3:00 pm - I. G. Greer Hall - Room 224
Persons Present:
Ex Officio members: Doug May (Acad. Computing Serv.), Jeff Williams (Chair, Info. Tech. Serv.)
Voting Members: Al Harris (Walker Coll. of Business), Brian Brown (Student Services), Robert Brown (Student Govt.), Tom Leonard (for Teresa Canton - University Advancement), Gabe Fankhauser (Hayes School of Music), Kevin Howell (Coll. of Fine & Applied Arts), Lynne Lysiak (University Library), Emory Maiden (Coll. of Arts & Sciences), Ed Pekarek (Coll. of Arts & Sciences), Justin Pittman (Student Govt.), Don Rankins (Registrar), Dick Riedl (Reich Coll. of Education), Dragan Stefanovic (Coll. of Arts & Sciences), Peter Wachs (Student Development), Bill Ward (Academic Affairs)
Visitors: Steve Breiner (Instructional Comp. Serv., ITAC Recorder) , Mary Beth McKee (Instructional Comp. Serv), Pamela Graham (Arts & Sciences), Doug Brantz (Fine & Applied Arts), Mick Kreszock (Instructional Tech. Ctr.)
1) Welcome, Introductions, and recent Activity
Williams opened the meeting at 1:30 PM and greeted the group. He passed around two draft documents related to the ASU Communications Plan under development by the University Communications Committee. He then asked the attendees to introduce themselves and to provide describe their functions at Appalachian.
Williams then commented to the group that the recent AppalNET server replacement had gone relatively smoothly thanked those who were involved in the effort.
2) Report on recent IT Audit and possible consequences
Williams reported on the recent IT audit of Appalachian by State Auditors Office during a three-week visit to campus. He commented that ITS had prepared for the audit through conference calls with other campuses who had recently been audited and by addressing issues uncovered during last year’s audit by outside IT consultants commissioned by IT Services. He reported that, based on “traditional” external attack scenarios, the audit team was unable to penetrate, or even probe any systems on the secure side of our internal network. After being unable to penetrate our border protections to even probe our secure systems, the audit team requested access to our secure network areas, normally reserved for trusted user access and server-to-server communications. They in effect “raised the bar” and probed into areas they normally don’t have time to consider. Once Network Services allowed the audit team to penetrate the protected network, the team discovered a number of issues that, while not posing serious threats of penetration from outside the secure network, were identified as potential weaknesses, were some attacker able to somehow penetrate our internal network. To help strengthen security on the secure side of our network, the Systems group were handed these vulnerabilities for investigation and resolution.
Williams and Wes Bunch (as representative of the Chancellor’s Office) worked together to develop reports and responses to address the concerns that were uncovered, and the ITS Systems group were able to resolve the most important issues quickly. The upshot of the auditor’s visit was a clean, “very good” public report, with a number of “private findings” that were to be addressed within 90 days of their issuance.
Williams did mention that, as a result of the “raised bar” related to security, the Appalachian community should expect soon to see requirements for more comprehensive, and possibly intrusive, scanning of all systems, workstation and server alike, for potential security vulnerabilities.
3) Discussion of general communications with faculty, staff and, students
Williams asked ITAC to begin serious consideration of how the university should approach developing a mechanism for rapid dissemination of important communications, particularly those involving emergent situations. He reported that, members of the Subscribers and Faculty listserve have received some 225 announcements in the last 30 days, and that its sheer volume of messages precluded its use as a “must-know-now” communication mechanism. He mentioned to the group that there was an ad hoc University Communications Committee that was examining options for important communications and asked that the group provide input on precisely what would constitute “importance,” and about who should be able to take decisions about initiating those communications. Williams suggested that a series of tightly targeted listserves might constitute part of a comprehensive system. Several issues are under discussion as regards critical communications, such as:
Williams then described current mechanisms for distributing critical information on issues like class cancellations, emergency procedures, etc., and suggested that ITAC begin consider suggesting guidelines for initiations of and decisions regarding those types of announcements for inclusion in a future University Communications Policy and Plan. Mick Kreszock (Instructional Tech. Ctr.) suggested contacting the Department of Communications (in Fine & Applied Arts) to tap their expertise and knowledge of corporate communications systems.
Brian Brown (Electronic Stud. Serv.) proposed guidelines for submissions to such “must-see” listserves suggest using web links in lieu of attachments, as has been the case in the past. Steve Breiner (Instr. Comp. Serv.) echoed the sentiment, proposing that requirements, rather than guidelines, be implemented as policy to restrict use of attachments. Pete Wachs (Stud. Dev.) suggested building a web form for submissions to such lists.
Kreszock asked whether it was possible to allow for “self-service” creation of listserves for departments or other campus areas to streamline the ability to communicate. Williams replied that users could now initiate the process of listserve creation based on their roles at the university… then clarified that, in the future, self-service initiation might be handled as a role-based application. Brown asked what was the mechanism for a user requesting establishment of a listserve and suggested that the Communications Committee adopt some form of naming convention for lists created for Appalachian. Doug Brantz (F & A A) asked whether lists might be created through an existing AppalNET mechanism. Breiner replied that the “Groups” feature in AppalNET was a tool initiated by users using a self-service request mechanism, but that AppalNET “groups” were a browse technology rather than a “pushable” one.
Robert Brown (SGA Student Rep.) asked whether group membership lists can be modified by the group manager, unlike the “class list” features in the Faculty Services areas within AppalNET. Breiner responded that the group owners had the complete ability to add or remove users as desired, but that adding a member issued an invitation to join the group that has to be accepted by the invitee.
Williams then mentioned the need to communicate with IT users about such things as planned outages in university systems for purposes of maintenance, repair, or software updates. He gave the example of the recent (on the Thursday prior to the Labor Day weekend) replacement of the university system hosting email services, thereby refining and completing the upgrade process begun in August. He noted that the timing was selected to minimize the impact on uses by performing the operation during a traditionally low-usage time, when most faculty and students were in holiday mode. Williams suggested that ITAC propose a list of the types of people who should be notified of such operations. Kreszock suggested that notification would not be necessary if ITS pre-scheduled times for non-emergency maintenance periodically during the year. Williams agreed to have ITS look at and pre-evaluate times for maintenance during the year that would minimize service disruptions.
Justin Pittman (SGA Student Rep.) asked why the daily SIS maintenance cycle occurred between seven and nine PM, when that was a time many students need to access their information in SIS. Don Rankins (Registrar) responded that that time frame selected because it was the time of the day with minimal usage. Williams remarked that the daily downtime was the result of our current SIS being a “legacy” system subject to constraints that should disappear when the Banner SIS system is deployed. Breiner mentioned that he had learned that the reason maintenance cycles were performed evenings rather than overnight was to eliminate the possibility that processing of a days events, absolutely essential to the next day’s system operations, could be restarted and completed overnight if the evening’s processing aborted for any reason. Initially running the processes overnight would not provide sufficient time, in case of a failure, to diagnose the problem and redo the processing in sufficient time for the next day’s start.
Williams gave another example of a day-long Internet outage that occurred just before the start of the semester. Williams explained that the outage was caused by a failure of off-campus equipment, not operated by Appalachian. Although a notice was posted on the ASU homepage about the outage, there was no estimate for the resolution of the problem since vendor couldn’t find the point of failure. Kreszock noted that Appalachian’s fully redundant Internet connectivity would soon be in place and operational.
Williams, referring once more to the auditor’s reports, stated that Appalachian would soon need to repeat the network registration of all network-connected faculty machines. He acknowledged the inconvenience that always accompanied this task, but stated it would have to happen anyway. He posed the question of how to notify faculty in such a way as to minimize problems leading to tech support calls.
In further discussion of essential communications systems and how to provide up-to-date information to employees and student, Rankins proposed a multi-line telephone notification system to replace the current one-line snow notification system. Breiner suggested that all web pages on university servers be required to list a creation date and identification of a responsible party. Kreszock expanded on that theme, suggesting that there be a default, automatic expiration for web pages if those dates are not occasionally reset by a responsible party.
Ed Pekarek suggested a telephone-based information system, employed as gateway to the helpdesk telephone hotline, to inform users of known problems with campus systems — such a mechanism might provide enough information to satisfy many users and to prevent the crush of calls that must be answered individually by the tech support team whenever a problem occurs. Doug May (Acad. Comp. Serv.) replied that ACS was exploring telephone system upgrades that would provide that capability.
Williams next mentioned the growing importance of documenting each user’s acceptance of Appalachian’s Computer Use Policy in order to satisfy state requirements, and the difficulty of causing this to occur. Brantz, in reply, suggested that acceptance of the policy be placed on the now required password change form as a prerequisite to allowing a user to update his or her access codes. This would essentially require an acceptance of the policy conditions every 90 days, that being the lifetime of passwords on our campus systems. Williams stated that he would pursue that idea with the appropriate persons in ITS.
Breiner suggested that ITS create a “new service request” mechanism that would allow users to make it known to IT Services that there were new services, software, or processes needed or wanted by users.
Bill Ward (Acad. Affairs) asked whether, given the growing stream of announcements, there were a “gatekeeper” for the existing campus-based listserves. Williams stated that the “owner” of a list has full control over both whether approvals are required to post and who can use or delegate the privilege to make such approvals. Williams mentioned that such issues as this would be topics addressed by the University Communications Committee and that any eventual actions or products of that body would be distributed to ITAC and other campus constituencies for discussion and comment.
Justin Pittman asked how events such as class cancellations that occur after the traditional 6:30 AM decision deadline would be handled. Ward replied that the local radio stations, departmental personnel, and university web page should be able to handle notification of students and staff.
4) User survey suggestions
Williams told the group that ITS was looking for surveys, preferably validated ones, for examining the use of computers in labs, software needs and wants, and other issues related to provision of IT services. He requested that any members having knowledge of such surveys please contact him with that information.
5) Other business
Rankins reported that a new version of SCT’s Web for Faculty product was in testing and that itt should streamline faculty and advisor access to the information they need. He mentioned that an evolving, long-term vision for the “Web for” products, AppalNET, and other electronic data services was the consolidation and integration of all of those services into a unified interface. The current proposed upgrades will increase performance and convenience, and will undergo significant testing before being deployed. Rankins further stated that his goal was to fully test and develop training for these systems before Fall break. In related developments, he noted that the Banner project is well under way. He stated that the Banner Implementation Committee would be visiting each administrative unit to discuss and answer questions about the Banner system during its projected three-year implementation schedule. Our older systems will be “spruced up” and patched to latest levels to prepare for the eventual freezing of those systems. After that point, with the exception of emergency actions, all discretionary energies and efforts will be diverted to the new systems. Williams noted that the campus implementation team had changed and that he expected information about the project to flow more smoothly as implementation proceeds. He noted also that the Banner web site, http://www.banner.appstate.edu/, will provide more timely and informative answers about the details of the Banner project.
Brantz asked if it is currently possible at Appalachian to set up a database-driven, user-maintained web site for a department or other campus unit. Wachs and Brown briefly discussed Student Development’s mechanism for doing just that, with automatic collection of appropriate information, announcements and web pages. The site mentioned uses a PHP-driven open source database for storage of that information and provides RSS (Really Simple Syndication) feeds to SD’s live web pages. Brantz suggested that centralized server capabilities for storage space and database access would be a highly desirable service for numerous campus groups.
6) Adjournment
Williams noted that the 3:00 o’clock hour was approaching, thanked the attendees for their input, and adjourned the meeting at 3:00 PM.
Permalink Comments off
