UC Davis Information & Educational Technology

IET Report : Computing and Networking

Computing and Network Security

May 30 application deadline for IET’s firewall subsidy program
On March 9, the IT security coordinator announced a new program designed to help campus units meet UC Davis cyber-safety policy mandates and to encourage broader campus usage of VLAN firewalls. Through the new firewall subsidy program, IET will make $170,000 available each year for the next three years to reimburse campus units for the acquisition and first-year support costs of new VLAN firewalls. The maximum amount of funding available to each unit is based on campus headcount figures. Applications for participation must be submitted no later than May 30. Authorized reimbursements will be announced by June 1. Additional information is at security.ucdavis.edu/firewalls.cfm.
IET issues network admission control RFP
Integration issues arose during the 60-day testing of the Cyber-Gatekeeper endpoint security product from Info Express. The campus initiated testing with this product after issues arose during testing with a similar product. Lessons learned during testing of these two endpoint products will benefit the project team as the campus moves into the formal bid process. The request for proposals was issued in early April and bids are expected in mid-May. Endpoint, or Network Admission Control (NAC) security solutions verify that computers meet campus security policies before allowing access to the campus computing network. For more information, contact Bob Ono at raono@ucdavis.edu.
CAS enables single sign on for many campus Web-based applications
Central Authentication Service, known as CAS, is the new Web sign-on system that IET piloted last June and was released in December 2006. CAS provides robust security architecture and various client modules and is used by more than 50 universities and organizations worldwide. CAS will eventually replace Distauth, UC Davis’ current Web sign-on system. In the meantime, CAS has been modified to accept valid Distauth authentication information in place of its own authentication. This lets departments run both CAS- and Distauth-protected applications while minimizing the number of sign ins required.
The current UC Davis sign-on system requires individually granting access for each Web-based application. Using CAS, users are prompted for their UC Davis username and Kerberos password before accessing a secured application. Once a user is granted access to one CAS-secured Web-based application, his or her information is repeatedly verified behind-the-scenes for access to all UC Davis Web-based applications using CAS for authentication.
Some campus units already use CAS. The project team is working on expanding the cluster of CAS servers and implementing client modules for legacy Web servers. Later, CAS will expand to provide new methods of authentication for clients, such as automatic Windows single sign on and RADIUS authentication. CAS was created by Yale University and has since become a JA-SIG (Java in Administration Special Interest Group) project co-developed by Yale and Rutgers universities. For more information, see “CAS” at middleware.ucdavis.edu.
Educause video contest receives few entries
The Educause Computer Security Awareness Video Contest deadline was March 15, 2007. The purpose of the contest was to boost awareness of computer security issues. The grand prize offered by Educause was $1,000. As an added incentive, UC Davis offered $500 to UC Davis students who entered the Educause competition. Unfortunately, Educause received few entries this year, and none were from UC Davis students. For more information, including the announcement of the prize winners in May, see www.educause.edu/SecurityVideoContest2007.
Cyber-safety program enhancements
The UC Davis Cyber-Safety Oversight Committee is reviewing program enhancements and reporting efforts. In parallel efforts, IET continues to work with Internal Audit Services to develop an information technology auditor position. The auditor will report to Internal Audit Services and will periodically review and validate the annual cyber-safety progress reports submitted by colleges, schools and large administrative units. In addition, this year, the UC Davis cyber-safety program features two new components: Whole Disk Encryption Subsidization and Firewall Subsidization, both of which were initiated to assist units previously precluded from complying with campus cyber-safety security standards due to financial constraints. For more information, see security.ucdavis.edu/cybersafety.cfm or contact Bob Ono at raono@ucdavis.edu.
Identity management overview presented to campus advisory groups
In February 2007, an overview of the 212-page Burton Group report, which sets forth an identity management architecture and migration strategy for UC Davis, was presented to the Campus Council for Information Technology (CCFIT). This group voiced support for this project. Earlier in the year, the Technology Infrastructure Forum (TIF) reviewed the proposed identity management architecture and indicated that implementation of the architecture is the most important information technology project for UC Davis. To view the overview, see ccfit.ucdavis.edu/documents/UCD.IDMgmt_CCFIT.02.12.07.pdf.


IT Security Symposium registration opened in April
In March, the symposium planning committee finalized the schedule for the 2007 IT Security Symposium, which includes 35 unique sessions. Special features of this year’s event include:
  • Panel discussion featuring Marcus Ranum, Chief of Security, Tenable Security; and Doug Nomura, consultant with Ories Scientific
  • Panel discussion featuring Robert Ono, Lisa Lapin, Maria Shanle, and Matthew Carmichael
  • Sponsor barbeque
  • Full breakfast
  • Networking lunch
In February, Sophos was confirmed as the platinum sponsor of the event. Gold sponsors include Cisco Systems, Inc., Juniper Networks, Microsoft, and Oracle. Vendors providing instruction include Apple, ISInc, Moskowitz, Inc., and Sun Microsystems. Registration opened in early April and will remain open through mid-May. Additional information and registration is at itsecuritysymposium.ucdavis.edu/index.cfm.
Sophos technical training planned for late spring, early summer
The Software License Coordination unit is currently planning for Sophos to provide on-campus technical training to the campus Technical Support Coordinators (TSCs). Sophos Mobile Security provides virus protection for handheld devices. The training is scheduled for spring or early summer, when the Sophos team will be on campus for a two-day, four-part training session. The training will include four four-hour sessions to review implementation and use of their anti-virus product: Enterprise Console Implementation, Competitive Removal Configuration, Help Desk Training, and Operations & Administration Training. The Enterprise Console Implementation and Competitive Removal Configuration sessions will likely include live demonstrations using a volunteer network from a department at UC Davis. Once these dates have been scheduled, this information will be announced to the campus. For more information, contact software@ucdavis.edu.
Information session in March for Spider, Pointsec
A 90-minute information session was held on March 21 in the Silo Cabernet Room for technical support staff on using Cornell Spider to find restricted data and deploying Pointsec for PC to encrypt a hard drive. A PowerPoint version of the session is available online at security.ucdavis.edu/spider_pointsec.ppt.pptx. For more information, see security.ucdavis.edu/training.cfm.


Sophos Mobile Security available to students, staff, faculty, and departments
Sophos Mobile Security 1.0 provides virus protection for handheld devices and is now available for download from the Software Web site, my.ucdavis.edu/software/. As part of the five-year campus-wide agreement with Sophos for anti-virus software, Sophos Mobile Security is available to students, staff, faculty, and departments for use on university- and personally-owned devices at no individual or campus-unit cost (it is important to note that the agreement does not include coverage for the UC Davis Health System, which has a separate agreement with McAfee for anti-virus software). Sophos Mobile Security runs on Windows Mobile 5 for Pocket PC and Pocket PC Phone editions. For more information, see www.sophos.com/products/es/endpoint/mobile-security.html.
IET offering free whole disk encryption
In late February, the IT security coordinator announced the availability of Pointsec encryption products and a program under which IET will cover 100 percent of the cost of Pointsec for PC whole disk encryption licenses. The program is for individuals and departments demonstrating the need for encryption services. As part of this program, IET provides support services including central key retention, consultation and pre-installation assistance. Additional information is available at: security.ucdavis.edu/encryption.cfm. Pointsec for PC is a Microsoft Windows compatible whole disk encryption software package currently available for Windows XP and Windows 2000. Two other Pointsec products—Pointsec Media Encryption (ME) and Pointsec for Linux—are also available, but are not subsidized or supported by IET. For more information, see my.ucdavis.edu/software.


Move to Cyrus is latest email upgrade
Beginning spring quarter, Information and Educational Technology (IET) will deploy a new email architecture system, Cyrus, which will improve email performance and user response time, allow faster access to mailboxes by Web-based email programs, and improve the system's storage of messages. During February and March, IET’s IT Express staff tested Cyrus with all supported mail clients, including Microsoft Outlook, Outlook Express, Entourage and Mail, Mozilla Thunderbird, Eudora, Apple OSX Mail, Pine, and Geckomail, and found them to all be compatible. The actual migration process from the existing color servers to Cyrus was also tested to ensure a smooth transition. Cyrus is running successfully at several leading universities, including University of California, Berkeley, University of Michigan, Carnegie Melon, and Stanford University. Currently, UC Davis is consulting with UC Berkeley and will be adapting UC Berkeley's Cyrus email migration code. The move to Cyrus will enable the campus to consider additional improvements, including replacing the locally developed Web-mail program, Geckomail, and increasing mailbox quotas. For more information, see vpiet.ucdavis.edu/email.storage.cfm.
IET begins analysis of email service for students
Information and Educational Technology is currently evaluating options for improving electronic mail services for students. Many students arrive at UC Davis with their own email accounts through providers such as Microsoft, Google, and Yahoo, and an increasing percentage of students forward their university email to these accounts. Simultaneously, UC Davis is challenged to provide the rich feature sets provided by these companies and is struggling with the increased costs associated with higher storage volumes, virus protection, and spam filtering.
  • UC Davis currently has 64,500 personal email accounts, of which approximately 30,000 are student accounts.
  • Most students access email through MyUCDavis, or directly from the Geckomail Web interface.
  • Seventy-five percent of the current users who redirect their mail IDs to other domains (gmail.com, yahoo.com, hotmail.com, sbcglobal.net, and aol.com), are students
Options being evaluated include: keeping the current system; deploying an in-house solution that compares with external provider offerings; and considerations of partnering with external service providers for next-generation student email alternatives. Campus groups to be consulted on proposed student email improvements include: Campus Council for Information Technology, Technology Infrastructure Forum, Undergraduate and graduate students, Senior Advisors, and the Council of Deans and Vice Chancellors. Feedback from students is also being solicited using focus groups and surveys. For more information, see vpiet.ucdavis.edu/student.email.cfm .
IET moves its email and calendaring functions to Exchange services
Last fall, IET began using Microsoft Exchange services as its internal email and file-sharing solution. To complete the migration, the calendaring portion of Exchange will replace MeetingMaker on April 23rd, 2007. IET’s Desktop Enterprise Solution is assisting with the IET migration to Exchange. Completion of this migration follows a similar switch by the Office of Administration, which moved its system accounts and email to Exchange in 2006. Exchange standardizes group policies, email services, and automated security and system updates for technical staff. IET is working with the Office of Administration to create efficient departmental migration plans and training for other UC Davis departments that want to use Exchange. More than 2,200 users have converted so far. For more information, see xeda.ucdavis.edu.


Results of Vista testing available on new campus Web site
In a campus-wide effort coordinated by Desktop Enterprise Solutions, individuals and groups from 15 departments volunteered their expertise and time to complete compatibility testing with widely-used software applications and critical campus services. Limited testing was done on Vista, Office 2007, and Internet Explorer 7. The test results, which can be found on a new campus Microsoft Web site, iet.ucdavis.edu/microsoft/, show which applications were tested; which ones functioned as expected; which ones did not; and the problems that surfaced. The Web site will be updated on an ongoing basis as compatibility issues are discovered and as dates are known for expecting compatibility issues to be resolved for various applications. The site also includes information on the following: Campus Microsoft software licensing agreements; details specific to how departments, staff, faculty, and students can obtain copies of Vista and Office 2007 and activate these products; hardware requirements for compatibility with Vista, Office 2007, and Internet Explorer 7; Vista security features; compatibility testing methodology; compatibility testing results; news and announcements; and useful resource links.
At this time, like many other universities, UC Davis does not recommend an immediate upgrade to the new Vista operating system. Early adopters could experience some application compatibility and hardware support issues. If you are considering upgrading to Vista, proceed with caution. For more information, see iet.ucdavis.edu/microsoft/.
IT Express Receives Seven-Fold Increase in Call Volume on Admission Day
On March 15, 2007, "admission day," 22,624 undergraduate applicants who had applied to UC Davis for the 2007-08 school year received email notifications that admissions decisions had been made, and could be viewed on the UC Davis My Admissions website at http://myadmissions.ucdavis.edu. Over 1,000 applicants contacted IT Express for help resetting passwords or creating accounts so that they could check their admissions status-a call volume of nearly seven times the usual for IT Express.
In order to accommodate the anticipated increase, IT Express supplemented the normal staffing level with IET staff from other areas. In addition, IT Express hours were extended until midnight. The higher-than-average call volume continued on March 16, with nearly 400 calls from applicants.
A three-tiered call structure was set up to facilitate the handling of calls. Applicants were directed to one call queue for password resets and account creation. Parents of applicants were directed to a message informing them of state and federal law that prohibit IT Express from giving information to anyone other than the actual account holder (parents were advised them to have their child call IT Express directly). All other calls, including calls from current students, faculty, and staff, were directed to a separate call queue for immediate assistance by IT Express staff.
IT Express will continue to assist incoming freshmen, transfer students, and first year students in the Law School with account setup and password resets. For more information about IT Express, see http://itexpress.ucdavis.edu/.
IET helps campus mitigate impact of early Daylight Savings
On March 11, Daylight Saving Time (DST) was extended by approximately four weeks. The extension impacted the way electronic devices, including computers and applications, report the correct time. Servers, personal computers, mobile devices, email clients, calendaring programs, office telephones and pagers implement daylight savings time in different ways. Some systems required patches or updates to ensure that the correct current time was displayed during the expanded portion of DST, and to ensure that date calculations that cross the new DST boundaries are accurate. In a coordinated effort to provide information and updates to the campus community on this change, several Information and Educational Technology units worked together to gather, evaluate, and disseminate timely information to the campus community. A Web site was created as the primary information conduit at vpiet.ucdavis.edu/dst/.
New reseller, Web site, for campus software products
The Technology Resource Center (TRC), which had been UC Davis’ designated reseller for software products, has merged with another reseller, CDW-G. Due to this transition, the TRC Web site is no longer available for UC Davis purchases and downloads, and a new UC Davis-specific CDW-G site, www.cdwg.com/ucdavisvla/, is still somewhat under development. The Software License Coordination (SLC) unit, along with the UC Technology Acquisition Support (TAS) group, has begun a series of ongoing discussions with CDW-G to try to address issues that arise as a result of the transition. If your department has an existing TRC account, you may convert it to a CDW-G account at www.shoptrc.com/esite/uc/. If you have any questions or you would like to create a new CDW-G online account, you may contact the CDW-G representative, Jacqui Stilson, at jacqsti@cdw.com or 877-890-1402.
Enrollment in Microsoft Consolidated Campus Agreement closes May 11
Enrollment in the Microsoft Consolidated Campus Agreement (MCCA) through CDW-G (see above) opened on March 30 and will close on May 11 this year. Through MCCA, departments license all the computers and users in their department for 12 months, and are eligible for the latest Microsoft software. To determine the cost of enrolling in MCCA, a department must calculate the full-time employee (FTE) count. For more information on MCCA, please visit the campus Microsoft Web site at iet.ucdavis.edu/microsoft/. To enroll in MCCA, visit the CDW-G Web site, www.cdwg.com/ucdavisvla/, or contact Jacqui Stilson at jacqsti@cdw.com or 877-890-1402.
Campuswide solutions for backup being considered
IET’s Software License Coordination (SLC) has been looking into providing a campuswide solution for backup software. Based on surveys, Symantec Backup Exec and Netbackup are reportedly the most widely-used solutions on campus. UC Office of the President has begun negotiations to pursue a direct agreement to purchase Symantec backup software through UC Davis’ software reseller, CDW-G. If this is not achieved, IET will pursue a campus backup agreement. For more information, contact software@ucdavis.edu.
Feedback requested for Parallels Desktop for Mac
IET’s Software License Coordination unit has requested feedback from the campus technical community on interest in Parallels Desktop for Mac. UC Office of the President is pursuing a potential UC system-wide licensing agreement for Parallels. If a system-wide agreement is not achieved, IET will pursue a campus license for distribution from the UC Davis Software site, my.ucdavis.edu/software/. For more information, contact software@ucdavis.edu.


CalREN high performance research bandwidth upgrade
The California Research and Education Network (CalREN) serves as the regional Internet Service Provider for the UC Davis campus. Researchers and other network end-users at UC Davis use a component of CalREN, the High Performance Research (HPR) network, to quickly share large amounts of data with other California research facilities, such as California Institute of Technology, Stanford University, and other UC campuses. A team of engineers and technicians in the Communications Resources Network Operations Center recently upgraded the UC Davis fiber optic connection to the CalREN HPR network, increasing the bandwidth from 1 Gb/sec to 10 Gb/sec. Researchers throughout the campus will use the enhanced bandwidth to more rapidly collect and share large-scale datasets in service of numerous research activities. High Energy Physics and Genomics are among the first research groups that are upgrading high performance computing clusters to take advantage of the additional bandwidth. For more information, contact Mark Redican at mredican@ucdavis.edu.
Moobilenet-X pilot wireless network deployed
The campus wireless network, known as Moobilenet, provides wireless Internet access to thousands of people on the UC Davis campus everyday. Communications Resources has deployed a pilot wireless network called Moobilenet-X that uses the 802.1x wireless protocol to provide encryption, enhanced authentication, and improved performance as a parallel service on the existing campus wireless network. Standard Moobilenet access will remain available to the campus while the Moobilenet-X pilot program is tested and distributed throughout the wireless coverage areas. IET is developing support documentation and help desk services in parallel with the pilot users’ experience to assist with the desktop configuration changes that campus wireless users must perform to take advantage of 802.1x services. Full deployment of Moobilenet-X is expected early this summer. For more information, see vpiet.ucdavis.edu/init_moobilenet.cfm or contact Mark Redican at mredican@ucdavis.edu.
Request for proposal issued for automated emergency notification system
When disaster strikes, concerned members of the community often react by placing calls to 911, schools, public agencies, family, and friends. The resulting heavy call volume can overload landline and cellular networks and congest vital emergency communications. Last fall, representatives of the Police Department, Operations & Maintenance, Campus Emergency Management, and Information & Educational Technology formed a committee to study campus emergency communications. The committee’s goal was to develop a plan to alleviate call volume congestion on the campus’ telephony switch in the event of an emergency. The committee decided that the campus would greatly benefit from an automated notification system. Using such a system, emergency response coordinators would be able to provide accurate, timely information to any number of subscribers on multiple devices (office phone, home phone, cell phone, email, etc.) with a single, out-bound call or email. The committee released an RFP for bid in December 2006 and several vendors have submitted proposals. The proposals have been scored and vendor presentations are scheduled for May. For more information, see safetyservices.ucdavis.edu/emergencymgmt/ or contact Laine Keneller at lwkeneller@ucdavis.edu.