IR&C: JOG/CPG Meeting Agenda (Sept 8-9 , 1998)

Agenda

Minutes

Campus Reports

JOG/CPG
Meeting September 8-9, 1998 - Office of the President

Minutes

Joint Operations Group

Campus Reports

Campus reports are on the Web at http://www.ucop.edu/irc/jog/sept98.html#reports.

A couple of cross-campus issues emerged from the reports:

Citrix servers running on NT 3.5 have serious security issues. [After the meeting, Citrix announced that it would now run on NT 4.0, which will eliminate many of the problems]

All campuses are working on models for recovering the cost of campus networking. Information will be exchanged.

Universitywide Issues

Stuart Lynn’s report is on the Web at http://www.ucop.edu/irc/jog/uw998.html.

Last year’s strategic assessment of instructional technology costs helped obtain a total increase of $8 million in the permanent budget and one-time $17.5 million for 1998-99. The costing study will be repeated and extended in 1998-99. It was agreed that it should be guided by a steering committee including both IT and Budget functions.

Audit

External auditors’ comments indicate a need to focus on:

Disaster recovery. It was agreed that payroll disaster recovery should be an agenda topic for the next JOG meeting.

Firewalls. Firewalls are needed on subnets carrying sensitive administrative data.
Year 2000.
Business continuity planning. Issues and projects need to be defined in ways that allay concerns that this is an openended inquiry without payoff.

Audit questions require responses from campuses that indicate actual campus intentions rather than plans contingent on budget approval. The process needs to be revised so that audit letters are sent to Chancellors rather than IT administrators.

It had been hoped that the external auditors would also focus on the exposures caused by recruitment and retention issues, but it proved difficult to frame this as an audit issue. This will be reconsidered in next year's audit.

A discussion ensued regarding internal audit. Campuses need internal auditors who specialize in IT. To improve the quality of internal audits, JOG and CPG should meet regularly with internal auditors. External peer review should be considered at major check points in implementing large systems, with such external review coming from other campuses to help benefit from others' experiences where there are no vested interests.

Employee Systems Initiative

Funds have been committed, and a steering committee will be constituted, including several ESTF members. A working group is also needed with representation from every campus and every participating function. The consultant study proposed in the Report will take place in 1998-99. Near term projects include the underlying university directory which will serve as a key infrastructure for both employee self-service and for the authentication project; The Payroll GUI project is already underway.

It was agreed that Jim Dolgonas would collect data on the workload impact of functional and technical changes in Payroll.

Year 2000

Stuart Lynn reported that some new building control issues appear to be emerging that will be explored with facilities managers. Also, manufacturers of equipment involving embedded chips that have potential date problems are promoting replacement over repair.

Other concerns are reliability of feeder systems and major suppliers. There is need for joint testing with banks. Contingency planning must be emphasized.

Care must be taken not to damage systems in the process of testing. It is also necessary to ensure testing against all the date boundary issues that may arise.

The names of campus Year 2000 contacts should be posted on the Universitywide Year 2000 Web site as well as links to the campus web sites.

Business Officer Institute

Dave Tomcheck’s presentation on IT issues to the Business Officer Institute was well received. He will make the presentation again, but others need to follow. The presentation will be posted.
It is planned that all academic business officers will go through the Institute.

Research Administration Systems

MIT’s Coeus system is attracting interest at several campuses and is in production at Berkeley. UCSF has joined a collaboration to develop a Peoplesoft research administration system.

Document Management

Document management systems represent an increasing need. Meeting immediate needs with proprietary solutions may jeopardize longevity and portability, and open standards should be sought.

OP has established a document management test environment using Docushare.. Guest accounts are available for OP or campus users to test Docushare. Several campuses are establishing document management systems for Chancellor’s offices

OP will host a document management workshop later this Fall or in early Spring. Each campus will be invited to send one person.

Taxpayer Relief Act

Judy Coy reported that a contract has been concluded with CDSI for a hotline, helpdesk, and reporting function in support of the Taxpayer Relief Act requirements. These will be operational by mid-December. Data submission will require substantial local effort.

Benchmarking

There is increasing need to compare IT expenditures as part of the budget process. It was agreed to select key functions for focus and comparability. OP will provide staff to collate and array cost data for network costs.

Performance measurement continues to be a difficult area to pursue, particularly given the demands of Year 2000. Instead of self-reporting as in the past two years, OP will provide staff to conduct interviews with IT managers on self assessment.

IT Organization

Various organizational models for IT were discussed and the advantages of each compared.

Scheduling and Calendaring

UCSB reported on its progress in selecting a scheduling and calendaring system. The report on their selection process is posted at

http://ucsbuxa.ucsb.edu/isc-web/osg/sbschd/esag-report.pdf

System Environments

The relative merits and progress of UNIX and Windows NT were discussed. NT5.0 was not seen as a near term production environment, and NT still suffers from scaling problems, However, its ease of use mitigates in its favor where this is an issue. Both environments are likely to be used in the foreseeable future. Linux use is spreading where a desktop UNIX experience is required.

Firewalls

OP will sponsor a 2-day workshop on firewalls including vendor participation. This will cover topics such as deployment, policies on control, management of sensitive data, and security software.

JOG/CPG

Combined Meeting : September 8, 1998

Minutes

Authentication Project

Jim Dolgonas reported that the University Directory now updates employee data and issues net IDs nightly; effective late Spring, 1999, student data will be updated on the same schedule. Certificate-enabled web self-service for new hire benefit selection will be available by the end of September; 403(b) self service for all employees will roll out in the first quarter of 1999. Consultation with Counsel is underway regarding the use of student identifiers. One of the major concerns is the cumbersome methodology for users to be able to obtain certificates using their web browser.

It was agreed that Joan Gargano should continue to chair the Authentication Project working group.

A one-day workshop on authentication is planned, at which in-depth conversations among smaller groups will be developed.

Recruitment and Retention

Discussion of the consultant study RFP focused on increasing difficulty in recruitment and the need to position UC in the compensation market. Questions were raised about the usefulness of title-code salary studies in determining market compensation for specific high-demand skills (e.g., Oracle programming). Consultants will be asked to explain how they will address regional diversity.

It was agreed that the RFP should be modified to include: compensation; targeted outsourcing options (all units are using contractors for some tasks); examination of UC market analysis; best recruiting opportunities; effect of organizational instability on recruitment and retention.

Consultant proposals will be reviewed by the JOG subgroup that advised on developing the RFP.

University Policies

Campus comments have been received on the Information Security Policy and revision is underway. The final policy should be issued within a few weeks.

The Electronic Communication Policy Task Force (formerly Electronic Mail Policy Task Force) will be reconvened this Fall to work on a policy framework generalized from the Email policy. Overall policies will be developed for Acceptable Use, Confidentiality, Security, and Liability with specific provisions as necessary for different electronic media.

Review of the Administrative Systems Standards has been postponed to Winter 1999.

Legislation

Martha Winnacker will provide further analysis of State and Federal bills on "spamming" and of State regulations on Electronic Signatures. She will also circulate analysis of a State bill on "information gathering."

Communications Planning Group

Meeting: September 8, 1998

Minutes

ISP Status

David Wasley reported on the continuing problems with Exodus caused by breakdown in their peering relationships with other network providers. NOAG will recommend steps to be taken to resolve the situation.

Traffic volume is reaching capacity on the northern OC-3 drain and will eventually do so in the South, although some relief is available by diverting traffic over less-used routes. NOAG will be asked to recommend steps to be taken to provide additional capacity.

CalREN2

David Wasley reported that CalREN2 had been turned over to CENIC for testing on September 8, except for the vBNS connection in the North, completion of which was imminent. Some campuses had not yet built out there campus connections, however.

Internet2/Abilene

Stuart Lynn reported that, in connection with the upcoming Internet2 meeting in San Francisco, Abilene will be coming to Northern California. Plans are for it to connect to the CalREN2 northern gigapop. Depending on decisions to be taken by CENIC, Abilene will also connect to the southern gigapop whether in Los Angeles or in San Diego (or both).

Abilene will provide additional and higher speed connectivity to the vBNS between the northern and southern gigapops, as well as higher speed connectivity to other Internet2 sites. For UC to take advantage of this, however, all campuses will need to join UCAID (at present, UCB, UCD, UCLA, UCSD, UCI, and OP are members). Those campuses that are not members are urged to join.

UCNet Transition

Transition of UCNet to CalREN2 is planned for around the end of 1998.

The VTN videoconferencing network will also be phased over to CalREN2. This will be planned by NOAG working with the Media Center directors. This will be coordinated by Mike Shannon.

Videoconferencing

Various developments are occurring in the videoconferencing arena. UCOP is experimenting with some of the desktop videoconferencing products. Eventually, Internet2 will provide new services, but these will not become available for awhile.

The University is exploring the implications of acquiring digital satellite broadcast capacity for video distribution to various audiences via cable distributors and other outlets. An opportunity has been presented to its members by ADEC (formerly the Agriculture Distance Learning Consortium).

Network Security

Doug Hartline and Kevin Rhodes of UCD provided an overview of network security issues.

Existing policy and monitoring capabilities are not adequate to deal with increasing frequency of internal and external probes and intrusion attempts. Universitywide polices, existing and planned, on electronic communications and information security reinforce campus security measures, but operational guidelines are needed to instruct departments that maintain stand-alone modems and LAN servers. The anticipated information security policy directs each campus to appoint a security coordinator. These and other campus security staffs should be brought together in a Universitywide context to exchange information and solutions among campuses and foster improved local development of guidelines and education and training in security issues for systems administrators.

Year 2000

Campuses reviewed their Year 2000 status for communications systems. Generally, there do not appear to be serious problems. Technology vendors, however, continue to avoid certification but are providing helpful information. This increases the onus on campuses to test communications systems for compliance. Further communications have occurred with Motorola regarding their 800mHz products: although they will not certify, most components appear to be compliant. Operators of communications systems are urged to talk with their campus facilities managers to ensure that there will be no problems with HVAC and other building control systems.

Campus Reports

Campus reports are posted on the Web at http://www.ucop.edu/irc/jog/sept98.html#reports

[ Back to JOG Home ] [ Top of Page ]



Agenda Minutes Campus Reports	JOG/CPG Meeting September 8-9, 1998 - Office of the President Minutes

	Joint Operations Group Campus Reports Campus reports are on the Web at http://www.ucop.edu/irc/jog/sept98.html#reports. A couple of cross-campus issues emerged from the reports: Citrix servers running on NT 3.5 have serious security issues. [After the meeting, Citrix announced that it would now run on NT 4.0, which will eliminate many of the problems] All campuses are working on models for recovering the cost of campus networking. Information will be exchanged. Universitywide Issues Stuart Lynn’s report is on the Web at http://www.ucop.edu/irc/jog/uw998.html. Last year’s strategic assessment of instructional technology costs helped obtain a total increase of $8 million in the permanent budget and one-time $17.5 million for 1998-99. The costing study will be repeated and extended in 1998-99. It was agreed that it should be guided by a steering committee including both IT and Budget functions. Audit External auditors’ comments indicate a need to focus on: Disaster recovery. It was agreed that payroll disaster recovery should be an agenda topic for the next JOG meeting. Firewalls. Firewalls are needed on subnets carrying sensitive administrative data. Year 2000. Business continuity planning. Issues and projects need to be defined in ways that allay concerns that this is an openended inquiry without payoff. Audit questions require responses from campuses that indicate actual campus intentions rather than plans contingent on budget approval. The process needs to be revised so that audit letters are sent to Chancellors rather than IT administrators. It had been hoped that the external auditors would also focus on the exposures caused by recruitment and retention issues, but it proved difficult to frame this as an audit issue. This will be reconsidered in next year's audit. A discussion ensued regarding internal audit. Campuses need internal auditors who specialize in IT. To improve the quality of internal audits, JOG and CPG should meet regularly with internal auditors. External peer review should be considered at major check points in implementing large systems, with such external review coming from other campuses to help benefit from others' experiences where there are no vested interests. Employee Systems Initiative Funds have been committed, and a steering committee will be constituted, including several ESTF members. A working group is also needed with representation from every campus and every participating function. The consultant study proposed in the Report will take place in 1998-99. Near term projects include the underlying university directory which will serve as a key infrastructure for both employee self-service and for the authentication project; The Payroll GUI project is already underway. It was agreed that Jim Dolgonas would collect data on the workload impact of functional and technical changes in Payroll. Year 2000 Stuart Lynn reported that some new building control issues appear to be emerging that will be explored with facilities managers. Also, manufacturers of equipment involving embedded chips that have potential date problems are promoting replacement over repair. Other concerns are reliability of feeder systems and major suppliers. There is need for joint testing with banks. Contingency planning must be emphasized. Care must be taken not to damage systems in the process of testing. It is also necessary to ensure testing against all the date boundary issues that may arise. The names of campus Year 2000 contacts should be posted on the Universitywide Year 2000 Web site as well as links to the campus web sites. Business Officer Institute Dave Tomcheck’s presentation on IT issues to the Business Officer Institute was well received. He will make the presentation again, but others need to follow. The presentation will be posted. It is planned that all academic business officers will go through the Institute. Research Administration Systems MIT’s Coeus system is attracting interest at several campuses and is in production at Berkeley. UCSF has joined a collaboration to develop a Peoplesoft research administration system. Document Management Document management systems represent an increasing need. Meeting immediate needs with proprietary solutions may jeopardize longevity and portability, and open standards should be sought. OP has established a document management test environment using Docushare.. Guest accounts are available for OP or campus users to test Docushare. Several campuses are establishing document management systems for Chancellor’s offices OP will host a document management workshop later this Fall or in early Spring. Each campus will be invited to send one person. Taxpayer Relief Act Judy Coy reported that a contract has been concluded with CDSI for a hotline, helpdesk, and reporting function in support of the Taxpayer Relief Act requirements. These will be operational by mid-December. Data submission will require substantial local effort. Benchmarking There is increasing need to compare IT expenditures as part of the budget process. It was agreed to select key functions for focus and comparability. OP will provide staff to collate and array cost data for network costs. Performance measurement continues to be a difficult area to pursue, particularly given the demands of Year 2000. Instead of self-reporting as in the past two years, OP will provide staff to conduct interviews with IT managers on self assessment. IT Organization Various organizational models for IT were discussed and the advantages of each compared. Scheduling and Calendaring UCSB reported on its progress in selecting a scheduling and calendaring system. The report on their selection process is posted at http://ucsbuxa.ucsb.edu/isc-web/osg/sbschd/esag-report.pdf System Environments The relative merits and progress of UNIX and Windows NT were discussed. NT5.0 was not seen as a near term production environment, and NT still suffers from scaling problems, However, its ease of use mitigates in its favor where this is an issue. Both environments are likely to be used in the foreseeable future. Linux use is spreading where a desktop UNIX experience is required. Firewalls OP will sponsor a 2-day workshop on firewalls including vendor participation. This will cover topics such as deployment, policies on control, management of sensitive data, and security software. JOG/CPG Combined Meeting : September 8, 1998 Minutes Authentication Project Jim Dolgonas reported that the University Directory now updates employee data and issues net IDs nightly; effective late Spring, 1999, student data will be updated on the same schedule. Certificate-enabled web self-service for new hire benefit selection will be available by the end of September; 403(b) self service for all employees will roll out in the first quarter of 1999. Consultation with Counsel is underway regarding the use of student identifiers. One of the major concerns is the cumbersome methodology for users to be able to obtain certificates using their web browser. It was agreed that Joan Gargano should continue to chair the Authentication Project working group. A one-day workshop on authentication is planned, at which in-depth conversations among smaller groups will be developed. Recruitment and Retention Discussion of the consultant study RFP focused on increasing difficulty in recruitment and the need to position UC in the compensation market. Questions were raised about the usefulness of title-code salary studies in determining market compensation for specific high-demand skills (e.g., Oracle programming). Consultants will be asked to explain how they will address regional diversity. It was agreed that the RFP should be modified to include: compensation; targeted outsourcing options (all units are using contractors for some tasks); examination of UC market analysis; best recruiting opportunities; effect of organizational instability on recruitment and retention. Consultant proposals will be reviewed by the JOG subgroup that advised on developing the RFP. University Policies Campus comments have been received on the Information Security Policy and revision is underway. The final policy should be issued within a few weeks. The Electronic Communication Policy Task Force (formerly Electronic Mail Policy Task Force) will be reconvened this Fall to work on a policy framework generalized from the Email policy. Overall policies will be developed for Acceptable Use, Confidentiality, Security, and Liability with specific provisions as necessary for different electronic media. Review of the Administrative Systems Standards has been postponed to Winter 1999. Legislation Martha Winnacker will provide further analysis of State and Federal bills on "spamming" and of State regulations on Electronic Signatures. She will also circulate analysis of a State bill on "information gathering." Communications Planning Group Meeting: September 8, 1998 Minutes ISP Status David Wasley reported on the continuing problems with Exodus caused by breakdown in their peering relationships with other network providers. NOAG will recommend steps to be taken to resolve the situation. Traffic volume is reaching capacity on the northern OC-3 drain and will eventually do so in the South, although some relief is available by diverting traffic over less-used routes. NOAG will be asked to recommend steps to be taken to provide additional capacity. CalREN2 David Wasley reported that CalREN2 had been turned over to CENIC for testing on September 8, except for the vBNS connection in the North, completion of which was imminent. Some campuses had not yet built out there campus connections, however. Internet2/Abilene Stuart Lynn reported that, in connection with the upcoming Internet2 meeting in San Francisco, Abilene will be coming to Northern California. Plans are for it to connect to the CalREN2 northern gigapop. Depending on decisions to be taken by CENIC, Abilene will also connect to the southern gigapop whether in Los Angeles or in San Diego (or both). Abilene will provide additional and higher speed connectivity to the vBNS between the northern and southern gigapops, as well as higher speed connectivity to other Internet2 sites. For UC to take advantage of this, however, all campuses will need to join UCAID (at present, UCB, UCD, UCLA, UCSD, UCI, and OP are members). Those campuses that are not members are urged to join. UCNet Transition Transition of UCNet to CalREN2 is planned for around the end of 1998. The VTN videoconferencing network will also be phased over to CalREN2. This will be planned by NOAG working with the Media Center directors. This will be coordinated by Mike Shannon. Videoconferencing Various developments are occurring in the videoconferencing arena. UCOP is experimenting with some of the desktop videoconferencing products. Eventually, Internet2 will provide new services, but these will not become available for awhile. The University is exploring the implications of acquiring digital satellite broadcast capacity for video distribution to various audiences via cable distributors and other outlets. An opportunity has been presented to its members by ADEC (formerly the Agriculture Distance Learning Consortium). Network Security Doug Hartline and Kevin Rhodes of UCD provided an overview of network security issues. Existing policy and monitoring capabilities are not adequate to deal with increasing frequency of internal and external probes and intrusion attempts. Universitywide polices, existing and planned, on electronic communications and information security reinforce campus security measures, but operational guidelines are needed to instruct departments that maintain stand-alone modems and LAN servers. The anticipated information security policy directs each campus to appoint a security coordinator. These and other campus security staffs should be brought together in a Universitywide context to exchange information and solutions among campuses and foster improved local development of guidelines and education and training in security issues for systems administrators. Year 2000 Campuses reviewed their Year 2000 status for communications systems. Generally, there do not appear to be serious problems. Technology vendors, however, continue to avoid certification but are providing helpful information. This increases the onus on campuses to test communications systems for compliance. Further communications have occurred with Motorola regarding their 800mHz products: although they will not certify, most components appear to be compliant. Operators of communications systems are urged to talk with their campus facilities managers to ensure that there will be no problems with HVAC and other building control systems. Campus Reports Campus reports are posted on the Web at http://www.ucop.edu/irc/jog/sept98.html#reports

JOG/CPG Meeting September 8-9, 1998 - Office of the President

JOG/CPG
Meeting September 8-9, 1998 - Office of the President