IR&C: JOG/CPG Meeting Minutes (May 2001)

Agenda

Minutes

Campus Reports

JOG/CPG Meeting May 22-23, 2001, Riverside

Minutes

JOINT OPERATIONS GROUP

May 22-23, 2001

Riverside

MEETING NOTES

Day 1

University-wide highlights (Dolgonas):

Budget: Budget is still in negotiation. Current highlights for IT: (1) No funds for salary adjustments outside the general salary adjustment pool, currently proposed at 1.5%, but UC plans push for increase to 2%; (2) One-time $18 million for "Internet 2" buildout on campuses (see below, under DCP) is still possible; (3) No further increment in permanent instructional technology funds. All of the above is subject to further negotiation and the Legislature's final approval of the budget bill.
DOE labs: Regents approved appointment of VP for Laboratories in May. Student Services Architecture: Student services infrastructure presented to Regents in May as component of New Business Architecture. VCs-Student Affairs endorsed collaboration across campuses on student systems, including portal technology. Although much remains to be resolved, funding for new systems acquisition could result.
Employee Systems Initiative: Self service Web applications (W-4 modification) is operational as planned and has been well received (approximately 1200 W-4 changes are processed through the Web each month). New self-service functions are in development.
ACTION: Comments by June 8 to Chet Burgess () on UC For Yourself application maintenance. Refer to document at http://www.ucop.edu/irc/estf/docs/essDocList.htm; choose "Issues Document"
Comments on Employment Verification mock-up by June 8 to Chet Burgess. Mock-up is available at https://development.ucop.edu/UCEmploymentVerification.htm
Review mock-up of first components of Check Stub project at http://www.ucop.edu/ucophome/test/essdemo/earnings/ IR&C to schedule conference call in mid-June.
California Institutes of Science and Innovation (CISI): The fourth CISI has been included in the budget, with an industry match of 2:1, as required of the other CISI's. CENIC will oversee enhancement of UC backbone to provide connections at OC 192 or higher. Academic engagement with the CENIC board is strengthened by appointment of John Bruno (confirmed), Vice Provost for Information & Educational Technology at Davis as one of UC's three members, and proposed appointment of Larry Smarr, director of the San Diego CISI as an at-large member.
DCP: Access to CENIC & 4Cnet for K-12 schools, with substantial content from UC or through UC's contract with Apex ( Paul Allen corporation). Budgeted at $31.6 million/year, including maintenance & refreshment. Successful presentation to Assembly Committee on Higher Education helped justify $18M Internet2 buildout (noted above under Budget), because campus infrastructure is needed to produce and transmit material to K-12.

ACTION: UCOP guidance to campuses on allowable expenditures of $18M, likely to be included in Chancellors' budget letter.

CDL: Aleph (Ex Libris), built on Oracle database, has been selected as the successor to Melvyl. The system will hold 20 million records (compared to Library of Congress holdings of 12 million). Note that the Abstracting & indexing services will be outsourced rather than migrated, using Web and (in some cases) Z39.50 interfaces. The hardware RFP to operate the system will be released soon. The first production release of Aleph (to continue to be called Melvyl) will occur in Spring 2002, beginning with a Telnet interface. SFX will be added as a common back end for services.

HIPAA (University Auditor Patrick Reed): A UC-wide steering committee chaired by Vice President Gertner has the lead in planning for UC compliance. The committee includes representatives of the 5 campuses with academic medical centers and is developing a self-assessment capability for each campus. UCOP's role has not been fully defined but must at least guide compliance for non-medical center records, such as retirement, disability, and student health service records; additional unresolved concerns related to risk management and research. For some records, HIPAA is subordinate to FERPA. Discussions with medical center CIOs suggest that compliance problems are more likely paper than for electronic records and that more changes are needed in business practice than in technology. OP needs to determine what guidance is necessary beyond Clinical Enterprises and develop assessment capability.

ACTION: In expectation of future political attention similar to that given Y2K, plan an in-depth analysis for a future JOG meeting.

Campus Reports

Posted on the web at http://www.ucop.edu/irc/jog/may2001.html#reports

ACTION: Irvine to arrange visitation to observe iGreentree.

Audit Issues

Karl Heins outlined the method used by Internal Audit to choose audit subjects:
Risk evaluation factors: Management control; business exposure; public/political sensitivity; compliance requirements; financial reporting; organizational change or growth; use of IT.
Core business activities that may not be risky but for which regular audits are necessary: cash management; payroll processing; procurement; disbursements; C&G; central administrative computing; major construction.
Central Administrative Computing: Software acquisition, development & maintenance; logical security; physical security; data center operations; backup & recovery; database systems management. The same analysis applies to important systems run in functional departments. These will be examined on a rotating basis. Rather than using external benchmarks, each campus prepares an audit plan. Action: Karl will share model campus audit plans.
PWC focus: Application change maintenance; information security; computer operations; software projects. Internal Audit is auditing core IT infrastructure, subject to testing by PWC. The core business activity approach began this year and will show benefits in the future. The overall effort is to allocate audit resources properly between core business processes and high-risk activities. Note that audit comments sometimes need revision to reflect where responsibilities lie, and IT managers should bring concerns to attention of PWC.

New Business Architecture

Campbell-Relyea briefings to COVCA are now on web at http://www.ucop.edu/irc/jog/may2001.html.
HRIS needs assessment update: See handouts. Goals: "once and for all" definition of needs & a strategy for meeting them based on careful analysis of diversity of systems & needs. Parallel information-gathering mechanisms. Workshops: (1) to define core requirements in four areas that cut across all campuses; (2) individual campus requirements. Campus workshops (1 north, 1 south) will be informed by preliminary needs list from "expert" workshops; needs list will also be posted on the web. Web-based surveys: 300 participants in full-length data needs survey; and open-ended participation in survey intended to inventory shadow systems*. Report scheduled to be completed by June 19, with report to COVCA July 25. Advisory group validated schedule, selected vendor, and will review report before presentation to COVCA. Web site: http://www.ucop.edu/irc/nba/hris/

*Notes on shadow system survey: Scope: A "system" is anything (e.g., Access & Filemaker) that is the system of record or supports the PPS system. "Systems" are distributed widely in many departments and include many low-tech solutions. To the extent possible, a survey form should be completed for every shadow system used to track HR data.

ACTION: (1) Identify people who should receive survey (requires 2+ hours to complete). (2) Review list of functional experts identified by HR (handout) and add IT people. (3) Feedback on satellite systems survey instrument by May 29. JOG members to review output of project with campus HRD. Reassessment is possible when product is issued. (4) Bill Campbell to distribute weekly updates to JOG membership.

E-procurement: E-procurement is probably not a quick win in terms of return, as evidenced by experience in other states and public sector organizations. Participants in e-procurement study were selected by VCs. Consultant deliverables: consolidated statement of needs; alternative solutions with pros & cons of each and a recommendation for one of: common central solution, common distributed solution, varied/distributed systems/solutions; relationship between solutions for campuses, medical centers, & labs; potential for further purchase savings; costs of integration; opportunities for process improvement; cost/benefit analysis. Consultants to manage expectations. Note problem of distributed savings and central costs. Solutions include use of revenue from increased use of procurement cards to finance development or vendor registration charges. Challenges: authorization & authentication; integration with accounts payable, purchasing, GL systems; administration of catalogs; interface standards to vendors. Benefits: more planned purchasing; data from eprocurement system on vendors and prices improves negotiating stance for consolidated catalogs; some economies of scale; improved matching between invoices and accounts payable. Report due June 18; will probably go to COVCA July 25.

JOG

May 23, 2001 (Day 2)

New Business Architecture

UCR demonstrated a facilities request system on Oracle application server with Oracle database and interface to Peoplesoft Financial System.

NBA-cont'd
Treasurer's initiative: As component of NBA, Treasurer, which is UC interface to banks, wants to identify web-based credit card processing capability that would be used for any applications that so desire. JOG input- representatives needed for an advisory committee to ensure that the project complies with architecture.
Action: JOG members who want to participate email Jim Dolgonas asap. (jim.dolgonas@ucop.edu)
Enabling architecture: Draft document has been distributed to JOG members. Purpose: Document and justify funding for IT component of NBA to top University management. Initial components: high capacity network; common authentication; directories; authorization/access management systems; portals with just-in-time training; content management; definition of XML schema or DTD's.

ACTION: Add data warehouse component. Note: Data warehouse is generic technology that enables use of functional systems in seamless environment and is in addition to existing ERP solutions.

Next steps: in coordination with one another, development/installation of directories (common contents + unique elements, technologies, etc. ); share & coordinate portal development; share & coordinate content management; define XML standards (data interchange as alternative to single University-wide ERP) & implement pilot; establish fund source for multi campus projects.
Future: standard & policies for online archives; digital signature standard & technology; encryption standards & related policies; online digital notary service.

ACTION: (1) Comments on draft document to Jim Dolgonas (jim.dolgonas@ucop.edu) by June 15. Complete for distribution to VCAs on July 25. (2) IR&C pull groups together on each topic. (3) Establish top-10, must-do priorities; prebrief VCs to become advocates. (4) Final draft to be completed For use at July 25 COVCA meeting.

Management
Measures: Difficulty with Measure 4. Questions about purpose of measures: compare campuses; longitudinal tracking on single campuses; preempt imposition of measures defined elsewhere.

ACTION: (1) Revise Measure 4: total cost of network operations divided by number of users, each campus to report its cost elements. Also, campuses can/should add comments to any other measures. IR&C note to JOG. (2) After this cycle, revisit broad issues and metrics.

Sautter award: Double award, one to Administrative and one to Academic computing. Work is needed on publicity for this award and the next cycle.

BOI: Chuck Rowley made the Spring presentation on basis of Tomcheck outline.
Action: Chuck to circulate presentation to JOG members. Pat LeCuyer & Diana Brown to prepare presentation at next session (October, in north). Chuck will continue southern presentations.

JOG structure: In addition to coordinating across campuses in hierarchies of operational detail, better communication is needed to align discussions and decisions in administrative, instructional, library, and research computing. Student systems may also need to be included, at least in relation to portal technologies.

ACTION: (1) Convene regular meetings (2 times per year) of instruction, research, library computing; campus JOG members identify invitees. Notify Martha Winnacker of nominees by July 5. (2) Rework proposal to include formation of groups and linkages to groups within JOG. Distinguish project groups & standing groups. Use NBA specialist groups and groups suggested by common themes in campus reports. Synthesize info about, e.g. communications standards, on IR&C web site.

JOG-CPG JOINT MEETING

Power Contingencies
Some campuses have negotiated exemptions from rolling blackouts. UCOP may be able to represent all campuses. Note that existing cogeneration facilities offer potential to sell power, but new cogeneration plants require up to 18 months to launch.

ACTION: UCOP to gather campus requests for exemptions, use as justification in UCwide request. Send requests to????

Computer based training
Smartforce offers a new business model: bundled content and delivery based on their hosting. The new contract proposal is for double the previous cost, and reliance on the commercial Internet to access Smartforce hosted content may be a problem. At $60,000/year for access to full course array (12,000 courses), at least four campuses would decline. Consensus is building among the site licensing group that alternative products are inferior, but performance issues remain. Varying usage level and no user surveys, but anecdotal feedback is positive. Meeting on May 29 with Smartforce to review performance and other technical issues.

ACTION: Explore partnership with CENIC and hosting directly linked to CENIC.

Security: vulnerabilities & countermeasures
Uncertain how well best practices and real-time alerts are shared across campuses. More formal information sharing mechanisms may be useful: security officers, identified by JOG members, now included in UCITPS. Difficulty in "getting arms around" the distributed computing network of departmental systems & servers. Security officer component of UCITPS can use it as a communications channel. Firewall issues-how do network managers control the "other side" when departments put up firewalls?

ACTION: (1) UCITPS report on UC security status, investment strategy, common wishlist. (Didn't we suggest setting up a subgroup of UCITPS to deal with real time alerts?) [Sounds right.](2) Cliff Frost start an ad hoc firewall discussion list. (3) Ask UCITPS security officers to form a subgroup to manage real-time alerts.

Authorization & authentication
Authorization: nothing new to add to architecture questions.
Authentication: slow progress since last meeting due to various Verisign delays, but UCOP pilot certificate issuance may begin by early June. Issues for campuses: online certificate status service; directories; authorization. PKI funding is permanent and applications supported by IR&C are or will be cert enabled. Campus applications need to be cert enabled. Jack: the general difficulty in implementing PKI suggests that the technology may not be as usable as we thought. How about asking PWC for an official audit opinion on viability of PKI? Access to PWC's technology thinktank?

ACTION: (1) David Wasley to post definitions on listserv. (2) Jack McCready to ask for perspectives on viability of PKI technology from Gartner and CSG listserv. (3) UCSF to ask for perspectives from Giga (4) Karl Heins to ask for perspectives from PWC thinktank. (5) If progress from Verisign does not improve, consider alternatives.

PWC audit status

Auditors have been to San Diego, Berkeley, San Francisco for about one week; will be at Davis in June. No major comments. Interest in service level agreements, frequency of password changes; firewalls; change management; fire suppression.

CPG

Videoteleconferencing
Rising demand for greater flexibility. Demand & existing infrastructure: ready to upgrade to H323 compliant MCU. Videoconference room scheduling is awkward, particularly when more than 2 sites are involved in a teleconference. Widespread interest in and experimentation with desktop conferencing: helpful to coordinate and identify products. Scheduling & coordination are the big challenges.
ACTION: Form a videoconferencing subgroup. Report on options in September. Prices are dropping so there will be a multiplicity of products. CPG members forward names of workgroup participants to Mike Shannon by July 9.

ISP Service
ISP volume estimates and engineering for FY 2001 ok. New estimates needed for FY 2002.
CENIC flat rate model for ISP services. CENIC working group is making progress. CENIC has agreed to provide for growth if need rises during budget period. Agreement that CalREN will provide ISP service for all members. CENIC is contacting individual campuses; need to resolve whether UC is one customer. Need clarification on process. No recommendation from CENIC ISP committee yet, so review has not begun.

ACTION: (1) Bill Campbell clarify with CENIC that UCOP represents UC. (2) Ask CENIC technical subgroup (TAC)???? to consider whether alternative usage metric would be better than mb/s currently used.

Next Meeting

Livermore—September 25-26

[ Back to JOG Home ] [ Top of Page ]



Agenda Minutes Campus Reports	JOG/CPG Meeting May 22-23, 2001, Riverside Minutes

	JOINT OPERATIONS GROUP May 22-23, 2001 Riverside MEETING NOTES Day 1 University-wide highlights (Dolgonas): Budget: Budget is still in negotiation. Current highlights for IT: (1) No funds for salary adjustments outside the general salary adjustment pool, currently proposed at 1.5%, but UC plans push for increase to 2%; (2) One-time $18 million for "Internet 2" buildout on campuses (see below, under DCP) is still possible; (3) No further increment in permanent instructional technology funds. All of the above is subject to further negotiation and the Legislature's final approval of the budget bill. DOE labs: Regents approved appointment of VP for Laboratories in May. Student Services Architecture: Student services infrastructure presented to Regents in May as component of New Business Architecture. VCs-Student Affairs endorsed collaboration across campuses on student systems, including portal technology. Although much remains to be resolved, funding for new systems acquisition could result. Employee Systems Initiative: Self service Web applications (W-4 modification) is operational as planned and has been well received (approximately 1200 W-4 changes are processed through the Web each month). New self-service functions are in development. ACTION: Comments by June 8 to Chet Burgess () on UC For Yourself application maintenance. Refer to document at http://www.ucop.edu/irc/estf/docs/essDocList.htm; choose "Issues Document" Comments on Employment Verification mock-up by June 8 to Chet Burgess. Mock-up is available at https://development.ucop.edu/UCEmploymentVerification.htm Review mock-up of first components of Check Stub project at http://www.ucop.edu/ucophome/test/essdemo/earnings/ IR&C to schedule conference call in mid-June. California Institutes of Science and Innovation (CISI): The fourth CISI has been included in the budget, with an industry match of 2:1, as required of the other CISI's. CENIC will oversee enhancement of UC backbone to provide connections at OC 192 or higher. Academic engagement with the CENIC board is strengthened by appointment of John Bruno (confirmed), Vice Provost for Information & Educational Technology at Davis as one of UC's three members, and proposed appointment of Larry Smarr, director of the San Diego CISI as an at-large member. DCP: Access to CENIC & 4Cnet for K-12 schools, with substantial content from UC or through UC's contract with Apex ( Paul Allen corporation). Budgeted at $31.6 million/year, including maintenance & refreshment. Successful presentation to Assembly Committee on Higher Education helped justify $18M Internet2 buildout (noted above under Budget), because campus infrastructure is needed to produce and transmit material to K-12. ACTION: UCOP guidance to campuses on allowable expenditures of $18M, likely to be included in Chancellors' budget letter. CDL: Aleph (Ex Libris), built on Oracle database, has been selected as the successor to Melvyl. The system will hold 20 million records (compared to Library of Congress holdings of 12 million). Note that the Abstracting & indexing services will be outsourced rather than migrated, using Web and (in some cases) Z39.50 interfaces. The hardware RFP to operate the system will be released soon. The first production release of Aleph (to continue to be called Melvyl) will occur in Spring 2002, beginning with a Telnet interface. SFX will be added as a common back end for services. HIPAA (University Auditor Patrick Reed): A UC-wide steering committee chaired by Vice President Gertner has the lead in planning for UC compliance. The committee includes representatives of the 5 campuses with academic medical centers and is developing a self-assessment capability for each campus. UCOP's role has not been fully defined but must at least guide compliance for non-medical center records, such as retirement, disability, and student health service records; additional unresolved concerns related to risk management and research. For some records, HIPAA is subordinate to FERPA. Discussions with medical center CIOs suggest that compliance problems are more likely paper than for electronic records and that more changes are needed in business practice than in technology. OP needs to determine what guidance is necessary beyond Clinical Enterprises and develop assessment capability. ACTION: In expectation of future political attention similar to that given Y2K, plan an in-depth analysis for a future JOG meeting. Campus Reports Posted on the web at http://www.ucop.edu/irc/jog/may2001.html#reports ACTION: Irvine to arrange visitation to observe iGreentree. Audit Issues Karl Heins outlined the method used by Internal Audit to choose audit subjects: Risk evaluation factors: Management control; business exposure; public/political sensitivity; compliance requirements; financial reporting; organizational change or growth; use of IT. Core business activities that may not be risky but for which regular audits are necessary: cash management; payroll processing; procurement; disbursements; C&G; central administrative computing; major construction. Central Administrative Computing: Software acquisition, development & maintenance; logical security; physical security; data center operations; backup & recovery; database systems management. The same analysis applies to important systems run in functional departments. These will be examined on a rotating basis. Rather than using external benchmarks, each campus prepares an audit plan. Action: Karl will share model campus audit plans. PWC focus: Application change maintenance; information security; computer operations; software projects. Internal Audit is auditing core IT infrastructure, subject to testing by PWC. The core business activity approach began this year and will show benefits in the future. The overall effort is to allocate audit resources properly between core business processes and high-risk activities. Note that audit comments sometimes need revision to reflect where responsibilities lie, and IT managers should bring concerns to attention of PWC. New Business Architecture Campbell-Relyea briefings to COVCA are now on web at http://www.ucop.edu/irc/jog/may2001.html. HRIS needs assessment update: See handouts. Goals: "once and for all" definition of needs & a strategy for meeting them based on careful analysis of diversity of systems & needs. Parallel information-gathering mechanisms. Workshops: (1) to define core requirements in four areas that cut across all campuses; (2) individual campus requirements. Campus workshops (1 north, 1 south) will be informed by preliminary needs list from "expert" workshops; needs list will also be posted on the web. Web-based surveys: 300 participants in full-length data needs survey; and open-ended participation in survey intended to inventory shadow systems. Report scheduled to be completed by June 19, with report to COVCA July 25. Advisory group validated schedule, selected vendor, and will review report before presentation to COVCA. Web site: http://www.ucop.edu/irc/nba/hris/ Notes on shadow system survey: Scope: A "system" is anything (e.g., Access & Filemaker) that is the system of record or supports the PPS system. "Systems" are distributed widely in many departments and include many low-tech solutions. To the extent possible, a survey form should be completed for every shadow system used to track HR data. ACTION: (1) Identify people who should receive survey (requires 2+ hours to complete). (2) Review list of functional experts identified by HR (handout) and add IT people. (3) Feedback on satellite systems survey instrument by May 29. JOG members to review output of project with campus HRD. Reassessment is possible when product is issued. (4) Bill Campbell to distribute weekly updates to JOG membership. E-procurement: E-procurement is probably not a quick win in terms of return, as evidenced by experience in other states and public sector organizations. Participants in e-procurement study were selected by VCs. Consultant deliverables: consolidated statement of needs; alternative solutions with pros & cons of each and a recommendation for one of: common central solution, common distributed solution, varied/distributed systems/solutions; relationship between solutions for campuses, medical centers, & labs; potential for further purchase savings; costs of integration; opportunities for process improvement; cost/benefit analysis. Consultants to manage expectations. Note problem of distributed savings and central costs. Solutions include use of revenue from increased use of procurement cards to finance development or vendor registration charges. Challenges: authorization & authentication; integration with accounts payable, purchasing, GL systems; administration of catalogs; interface standards to vendors. Benefits: more planned purchasing; data from eprocurement system on vendors and prices improves negotiating stance for consolidated catalogs; some economies of scale; improved matching between invoices and accounts payable. Report due June 18; will probably go to COVCA July 25. JOG May 23, 2001 (Day 2) New Business Architecture UCR demonstrated a facilities request system on Oracle application server with Oracle database and interface to Peoplesoft Financial System. NBA-cont'd Treasurer's initiative: As component of NBA, Treasurer, which is UC interface to banks, wants to identify web-based credit card processing capability that would be used for any applications that so desire. JOG input- representatives needed for an advisory committee to ensure that the project complies with architecture. Action: JOG members who want to participate email Jim Dolgonas asap. (jim.dolgonas@ucop.edu) Enabling architecture: Draft document has been distributed to JOG members. Purpose: Document and justify funding for IT component of NBA to top University management. Initial components: high capacity network; common authentication; directories; authorization/access management systems; portals with just-in-time training; content management; definition of XML schema or DTD's. ACTION: Add data warehouse component. Note: Data warehouse is generic technology that enables use of functional systems in seamless environment and is in addition to existing ERP solutions. Next steps: in coordination with one another, development/installation of directories (common contents + unique elements, technologies, etc. ); share & coordinate portal development; share & coordinate content management; define XML standards (data interchange as alternative to single University-wide ERP) & implement pilot; establish fund source for multi campus projects. Future: standard & policies for online archives; digital signature standard & technology; encryption standards & related policies; online digital notary service. ACTION: (1) Comments on draft document to Jim Dolgonas (jim.dolgonas@ucop.edu) by June 15. Complete for distribution to VCAs on July 25. (2) IR&C pull groups together on each topic. (3) Establish top-10, must-do priorities; prebrief VCs to become advocates. (4) Final draft to be completed For use at July 25 COVCA meeting. Management Measures: Difficulty with Measure 4. Questions about purpose of measures: compare campuses; longitudinal tracking on single campuses; preempt imposition of measures defined elsewhere. ACTION: (1) Revise Measure 4: total cost of network operations divided by number of users, each campus to report its cost elements. Also, campuses can/should add comments to any other measures. IR&C note to JOG. (2) After this cycle, revisit broad issues and metrics. Sautter award: Double award, one to Administrative and one to Academic computing. Work is needed on publicity for this award and the next cycle. BOI: Chuck Rowley made the Spring presentation on basis of Tomcheck outline. Action: Chuck to circulate presentation to JOG members. Pat LeCuyer & Diana Brown to prepare presentation at next session (October, in north). Chuck will continue southern presentations. JOG structure: In addition to coordinating across campuses in hierarchies of operational detail, better communication is needed to align discussions and decisions in administrative, instructional, library, and research computing. Student systems may also need to be included, at least in relation to portal technologies. ACTION: (1) Convene regular meetings (2 times per year) of instruction, research, library computing; campus JOG members identify invitees. Notify Martha Winnacker of nominees by July 5. (2) Rework proposal to include formation of groups and linkages to groups within JOG. Distinguish project groups & standing groups. Use NBA specialist groups and groups suggested by common themes in campus reports. Synthesize info about, e.g. communications standards, on IR&C web site. JOG-CPG JOINT MEETING Power Contingencies Some campuses have negotiated exemptions from rolling blackouts. UCOP may be able to represent all campuses. Note that existing cogeneration facilities offer potential to sell power, but new cogeneration plants require up to 18 months to launch. ACTION: UCOP to gather campus requests for exemptions, use as justification in UCwide request. Send requests to???? Computer based training Smartforce offers a new business model: bundled content and delivery based on their hosting. The new contract proposal is for double the previous cost, and reliance on the commercial Internet to access Smartforce hosted content may be a problem. At $60,000/year for access to full course array (12,000 courses), at least four campuses would decline. Consensus is building among the site licensing group that alternative products are inferior, but performance issues remain. Varying usage level and no user surveys, but anecdotal feedback is positive. Meeting on May 29 with Smartforce to review performance and other technical issues. ACTION: Explore partnership with CENIC and hosting directly linked to CENIC. Security: vulnerabilities & countermeasures Uncertain how well best practices and real-time alerts are shared across campuses. More formal information sharing mechanisms may be useful: security officers, identified by JOG members, now included in UCITPS. Difficulty in "getting arms around" the distributed computing network of departmental systems & servers. Security officer component of UCITPS can use it as a communications channel. Firewall issues-how do network managers control the "other side" when departments put up firewalls? ACTION: (1) UCITPS report on UC security status, investment strategy, common wishlist. (Didn't we suggest setting up a subgroup of UCITPS to deal with real time alerts?) [Sounds right.](2) Cliff Frost start an ad hoc firewall discussion list. (3) Ask UCITPS security officers to form a subgroup to manage real-time alerts. Authorization & authentication Authorization: nothing new to add to architecture questions. Authentication: slow progress since last meeting due to various Verisign delays, but UCOP pilot certificate issuance may begin by early June. Issues for campuses: online certificate status service; directories; authorization. PKI funding is permanent and applications supported by IR&C are or will be cert enabled. Campus applications need to be cert enabled. Jack: the general difficulty in implementing PKI suggests that the technology may not be as usable as we thought. How about asking PWC for an official audit opinion on viability of PKI? Access to PWC's technology thinktank? ACTION: (1) David Wasley to post definitions on listserv. (2) Jack McCready to ask for perspectives on viability of PKI technology from Gartner and CSG listserv. (3) UCSF to ask for perspectives from Giga (4) Karl Heins to ask for perspectives from PWC thinktank. (5) If progress from Verisign does not improve, consider alternatives. PWC audit status Auditors have been to San Diego, Berkeley, San Francisco for about one week; will be at Davis in June. No major comments. Interest in service level agreements, frequency of password changes; firewalls; change management; fire suppression. CPG Videoteleconferencing Rising demand for greater flexibility. Demand & existing infrastructure: ready to upgrade to H323 compliant MCU. Videoconference room scheduling is awkward, particularly when more than 2 sites are involved in a teleconference. Widespread interest in and experimentation with desktop conferencing: helpful to coordinate and identify products. Scheduling & coordination are the big challenges. ACTION: Form a videoconferencing subgroup. Report on options in September. Prices are dropping so there will be a multiplicity of products. CPG members forward names of workgroup participants to Mike Shannon by July 9. ISP Service ISP volume estimates and engineering for FY 2001 ok. New estimates needed for FY 2002. CENIC flat rate model for ISP services. CENIC working group is making progress. CENIC has agreed to provide for growth if need rises during budget period. Agreement that CalREN will provide ISP service for all members. CENIC is contacting individual campuses; need to resolve whether UC is one customer. Need clarification on process. No recommendation from CENIC ISP committee yet, so review has not begun. ACTION: (1) Bill Campbell clarify with CENIC that UCOP represents UC. (2) Ask CENIC technical subgroup (TAC)???? to consider whether alternative usage metric would be better than mb/s currently used. Next Meeting Livermore—September 25-26 [ Back to JOG Home ] [ Top of Page ]