Minutes - September 10, 2004
1:30 - 3:00 pm - I. G. Greer Hall - Room 224
Persons Present:
Ex Officio members: Doug May (Acad. Computing Serv.), Jeff Williams (Chair, Info. Tech. Serv.)
Voting Members: Al Harris (Walker Coll. of Business), Brian Brown (Student Services), Robert Brown (Student Govt.), Tom Leonard (for Teresa Canton - University Advancement), Gabe Fankhauser (Hayes School of Music), Kevin Howell (Coll. of Fine & Applied Arts), Lynne Lysiak (University Library), Emory Maiden (Coll. of Arts & Sciences), Ed Pekarek (Coll. of Arts & Sciences), Justin Pittman (Student Govt.), Don Rankins (Registrar), Dick Riedl (Reich Coll. of Education), Dragan Stefanovic (Coll. of Arts & Sciences), Peter Wachs (Student Development), Bill Ward (Academic Affairs)
Visitors: Steve Breiner (Instructional Comp. Serv., ITAC Recorder) , Mary Beth McKee (Instructional Comp. Serv), Pamela Graham (Arts & Sciences), Doug Brantz (Fine & Applied Arts), Mick Kreszock (Instructional Tech. Ctr.)
1) Welcome, Introductions, and recent Activity
Williams opened the meeting at 1:30 PM and greeted the group. He passed around two draft documents related to the ASU Communications Plan under development by the University Communications Committee. He then asked the attendees to introduce themselves and to provide describe their functions at Appalachian.
Williams then commented to the group that the recent AppalNET server replacement had gone relatively smoothly thanked those who were involved in the effort.
2) Report on recent IT Audit and possible consequences
Williams reported on the recent IT audit of Appalachian by State Auditors Office during a three-week visit to campus. He commented that ITS had prepared for the audit through conference calls with other campuses who had recently been audited and by addressing issues uncovered during last year’s audit by outside IT consultants commissioned by IT Services. He reported that, based on “traditional” external attack scenarios, the audit team was unable to penetrate, or even probe any systems on the secure side of our internal network. After being unable to penetrate our border protections to even probe our secure systems, the audit team requested access to our secure network areas, normally reserved for trusted user access and server-to-server communications. They in effect “raised the bar” and probed into areas they normally don’t have time to consider. Once Network Services allowed the audit team to penetrate the protected network, the team discovered a number of issues that, while not posing serious threats of penetration from outside the secure network, were identified as potential weaknesses, were some attacker able to somehow penetrate our internal network. To help strengthen security on the secure side of our network, the Systems group were handed these vulnerabilities for investigation and resolution.
Williams and Wes Bunch (as representative of the Chancellor’s Office) worked together to develop reports and responses to address the concerns that were uncovered, and the ITS Systems group were able to resolve the most important issues quickly. The upshot of the auditor’s visit was a clean, “very good” public report, with a number of “private findings” that were to be addressed within 90 days of their issuance.
Williams did mention that, as a result of the “raised bar” related to security, the Appalachian community should expect soon to see requirements for more comprehensive, and possibly intrusive, scanning of all systems, workstation and server alike, for potential security vulnerabilities.
3) Discussion of general communications with faculty, staff and, students
Williams asked ITAC to begin serious consideration of how the university should approach developing a mechanism for rapid dissemination of important communications, particularly those involving emergent situations. He reported that, members of the Subscribers and Faculty listserve have received some 225 announcements in the last 30 days, and that its sheer volume of messages precluded its use as a “must-know-now” communication mechanism. He mentioned to the group that there was an ad hoc University Communications Committee that was examining options for important communications and asked that the group provide input on precisely what would constitute “importance,” and about who should be able to take decisions about initiating those communications. Williams suggested that a series of tightly targeted listserves might constitute part of a comprehensive system. Several issues are under discussion as regards critical communications, such as:
- what topics should give rise to these targeted lists
- which constituents should be targeted by which lists
- who should “own” (i.e., control) which lists
- which should be “opt-in,” “opt-out,” or mandatory
Williams then described current mechanisms for distributing critical information on issues like class cancellations, emergency procedures, etc., and suggested that ITAC begin consider suggesting guidelines for initiations of and decisions regarding those types of announcements for inclusion in a future University Communications Policy and Plan. Mick Kreszock (Instructional Tech. Ctr.) suggested contacting the Department of Communications (in Fine & Applied Arts) to tap their expertise and knowledge of corporate communications systems.
Brian Brown (Electronic Stud. Serv.) proposed guidelines for submissions to such “must-see” listserves suggest using web links in lieu of attachments, as has been the case in the past. Steve Breiner (Instr. Comp. Serv.) echoed the sentiment, proposing that requirements, rather than guidelines, be implemented as policy to restrict use of attachments. Pete Wachs (Stud. Dev.) suggested building a web form for submissions to such lists.
Kreszock asked whether it was possible to allow for “self-service” creation of listserves for departments or other campus areas to streamline the ability to communicate. Williams replied that users could now initiate the process of listserve creation based on their roles at the university… then clarified that, in the future, self-service initiation might be handled as a role-based application. Brown asked what was the mechanism for a user requesting establishment of a listserve and suggested that the Communications Committee adopt some form of naming convention for lists created for Appalachian. Doug Brantz (F & A A) asked whether lists might be created through an existing AppalNET mechanism. Breiner replied that the “Groups” feature in AppalNET was a tool initiated by users using a self-service request mechanism, but that AppalNET “groups” were a browse technology rather than a “pushable” one.
Robert Brown (SGA Student Rep.) asked whether group membership lists can be modified by the group manager, unlike the “class list” features in the Faculty Services areas within AppalNET. Breiner responded that the group owners had the complete ability to add or remove users as desired, but that adding a member issued an invitation to join the group that has to be accepted by the invitee.
Williams then mentioned the need to communicate with IT users about such things as planned outages in university systems for purposes of maintenance, repair, or software updates. He gave the example of the recent (on the Thursday prior to the Labor Day weekend) replacement of the university system hosting email services, thereby refining and completing the upgrade process begun in August. He noted that the timing was selected to minimize the impact on uses by performing the operation during a traditionally low-usage time, when most faculty and students were in holiday mode. Williams suggested that ITAC propose a list of the types of people who should be notified of such operations. Kreszock suggested that notification would not be necessary if ITS pre-scheduled times for non-emergency maintenance periodically during the year. Williams agreed to have ITS look at and pre-evaluate times for maintenance during the year that would minimize service disruptions.
Justin Pittman (SGA Student Rep.) asked why the daily SIS maintenance cycle occurred between seven and nine PM, when that was a time many students need to access their information in SIS. Don Rankins (Registrar) responded that that time frame selected because it was the time of the day with minimal usage. Williams remarked that the daily downtime was the result of our current SIS being a “legacy” system subject to constraints that should disappear when the Banner SIS system is deployed. Breiner mentioned that he had learned that the reason maintenance cycles were performed evenings rather than overnight was to eliminate the possibility that processing of a days events, absolutely essential to the next day’s system operations, could be restarted and completed overnight if the evening’s processing aborted for any reason. Initially running the processes overnight would not provide sufficient time, in case of a failure, to diagnose the problem and redo the processing in sufficient time for the next day’s start.
Williams gave another example of a day-long Internet outage that occurred just before the start of the semester. Williams explained that the outage was caused by a failure of off-campus equipment, not operated by Appalachian. Although a notice was posted on the ASU homepage about the outage, there was no estimate for the resolution of the problem since vendor couldn’t find the point of failure. Kreszock noted that Appalachian’s fully redundant Internet connectivity would soon be in place and operational.
Williams, referring once more to the auditor’s reports, stated that Appalachian would soon need to repeat the network registration of all network-connected faculty machines. He acknowledged the inconvenience that always accompanied this task, but stated it would have to happen anyway. He posed the question of how to notify faculty in such a way as to minimize problems leading to tech support calls.
In further discussion of essential communications systems and how to provide up-to-date information to employees and student, Rankins proposed a multi-line telephone notification system to replace the current one-line snow notification system. Breiner suggested that all web pages on university servers be required to list a creation date and identification of a responsible party. Kreszock expanded on that theme, suggesting that there be a default, automatic expiration for web pages if those dates are not occasionally reset by a responsible party.
Ed Pekarek suggested a telephone-based information system, employed as gateway to the helpdesk telephone hotline, to inform users of known problems with campus systems — such a mechanism might provide enough information to satisfy many users and to prevent the crush of calls that must be answered individually by the tech support team whenever a problem occurs. Doug May (Acad. Comp. Serv.) replied that ACS was exploring telephone system upgrades that would provide that capability.
Williams next mentioned the growing importance of documenting each user’s acceptance of Appalachian’s Computer Use Policy in order to satisfy state requirements, and the difficulty of causing this to occur. Brantz, in reply, suggested that acceptance of the policy be placed on the now required password change form as a prerequisite to allowing a user to update his or her access codes. This would essentially require an acceptance of the policy conditions every 90 days, that being the lifetime of passwords on our campus systems. Williams stated that he would pursue that idea with the appropriate persons in ITS.
Breiner suggested that ITS create a “new service request” mechanism that would allow users to make it known to IT Services that there were new services, software, or processes needed or wanted by users.
Bill Ward (Acad. Affairs) asked whether, given the growing stream of announcements, there were a “gatekeeper” for the existing campus-based listserves. Williams stated that the “owner” of a list has full control over both whether approvals are required to post and who can use or delegate the privilege to make such approvals. Williams mentioned that such issues as this would be topics addressed by the University Communications Committee and that any eventual actions or products of that body would be distributed to ITAC and other campus constituencies for discussion and comment.
Justin Pittman asked how events such as class cancellations that occur after the traditional 6:30 AM decision deadline would be handled. Ward replied that the local radio stations, departmental personnel, and university web page should be able to handle notification of students and staff.
4) User survey suggestions
Williams told the group that ITS was looking for surveys, preferably validated ones, for examining the use of computers in labs, software needs and wants, and other issues related to provision of IT services. He requested that any members having knowledge of such surveys please contact him with that information.
5) Other business
Rankins reported that a new version of SCT’s Web for Faculty product was in testing and that itt should streamline faculty and advisor access to the information they need. He mentioned that an evolving, long-term vision for the “Web for” products, AppalNET, and other electronic data services was the consolidation and integration of all of those services into a unified interface. The current proposed upgrades will increase performance and convenience, and will undergo significant testing before being deployed. Rankins further stated that his goal was to fully test and develop training for these systems before Fall break. In related developments, he noted that the Banner project is well under way. He stated that the Banner Implementation Committee would be visiting each administrative unit to discuss and answer questions about the Banner system during its projected three-year implementation schedule. Our older systems will be “spruced up” and patched to latest levels to prepare for the eventual freezing of those systems. After that point, with the exception of emergency actions, all discretionary energies and efforts will be diverted to the new systems. Williams noted that the campus implementation team had changed and that he expected information about the project to flow more smoothly as implementation proceeds. He noted also that the Banner web site, http://www.banner.appstate.edu/, will provide more timely and informative answers about the details of the Banner project.
Brantz asked if it is currently possible at Appalachian to set up a database-driven, user-maintained web site for a department or other campus unit. Wachs and Brown briefly discussed Student Development’s mechanism for doing just that, with automatic collection of appropriate information, announcements and web pages. The site mentioned uses a PHP-driven open source database for storage of that information and provides RSS (Really Simple Syndication) feeds to SD’s live web pages. Brantz suggested that centralized server capabilities for storage space and database access would be a highly desirable service for numerous campus groups.
6) Adjournment
Williams noted that the 3:00 o’clock hour was approaching, thanked the attendees for their input, and adjourned the meeting at 3:00 PM.
Permalink Comments off
