| dc.description | Presentations I Attended
“The One” Project – University of Toronto Mississauga
In 2005 UofT Mississauga (part of University of Toronto) began “The One” Project. The goal was to enhance student services by providing one identity, one card, one phone number, and one helpdesk. UofT has a highly decentralized IT structure. For example they have 128 distinct email systems. A central IT department provides the network backbone and access to the internet. 60% of the IT expenditures are done at the divisional level. The Mississauga has a more centralized IT structure providing all IT services.
Staff and students had to deal with two or more login ideas; UTMid was used by Mississauga and UTORid was used by the main campus. Mostly due to the budget the Mississauga campus began using the UTORid and the UofT’s mail system (UTORmail). One ID and one mail system allowed helpdesk’s from both facilities to provide support. Due to the available resources, the migration was handled in two steps: Students followed by faculty and staff. They were able to take the lessoned learned and ease the transition for faculty and staff.
The Mississauga Compute Services department managed 21,500 employee and student accounts. They had to deal with approximately 200 account name clashes in UofT system.
They could not afford to revamp their desktops or servers. Changes were tested in a virtual environment. In addition to the UTORid they needed to support Kerberos. Unix/Linux servers supported Kerberos with minimal modification. They considered running Linux desktops with Citrix providing access to Windows applications. One application did not work with Citrix so they settled on Microsoft’s Active Directory.
The change was advertised to students through email, flyers and notifications posted on the websites. When the changes were put in to place the Mississauga websites redirected students to the UofT websites where the new login information was supplied.
In addition to a single sign on they also implemented a speech recognition telephone system from Nuance. The University of Toronto’s ID cards system was adopted by the Mississauga campus which allowed students from each campus to grant/deny access and/or pay for services at each campus.
Lessons learned:
• They allocated enough resources; 5 Mississauga IT staff and 2 UofT staff.
• Clear communication and the ability to adapt to changing circumstances (e.g. getting nowhere with a vendor) was required.
• Not all practices could be adapted in to existing systems. For example the home-built Mississauga Helpdesk tracking software was replaced by “Request Tracker”. Request Tracker is an open source helpdesk application which they tailored to their needs.
• One general phone number resulted in 93% of calls to be routed to the correct department
• Effective project management allowed critical timelines to be met.
They feel that the ease of use of the systems has been improved. Other divisional IT groups are looking to adopt some of the pieces of the project (mostly the identity and authentication piece.
Reduce Response Time: Get “Hooked” on a Wiki - Valparaiso University
The IT department tackled the knowledge base issue. They were faced with the challenge of how to communicate the right information to internal and external customers. The goal was to improve service and also encourage the flow of information.
They began by evaluating the tools that they were using to facilitate the flow of information. They were using First Level Support (FLS) – a component that is included with HEAT as their knowledge base. Articles are stored and searched in a tree structure. The small plain text search window is not resizable and readily displays tree structure information rather than information that describes the article. The professionals and student employees needed something more robust, user friendly that was more interactive and not platform dependant. With the help of a Unix admin they decided on MediaWiki, an open source web based application that is also used by Wikipedia.
MediaWiki provides search results by page name and content. It organizes results in what it thinks are the most likely matches. Pages can be bookmarked for future reference.
Using the wiki, staff can accumulate knowledge independently. They are able to offer feedback on existing pages. The wiki offers real time, account or system specific information such as account quotas and alias information. Helpdesk policies and procedures are available on the wiki in an indexed and searchable arrangement. Helpdesk staff first search the wiki when they do not know the answer to the problem. If the information does not exist, they create a page (without having knowledge of HTML) when they have the solution.
MediaWiki includes moderation options that can prevent incorrect information from being published. The system can send email notifications to users or groups who are responsible for information. There is version control that allows moderators to view and compare past documents. They needed groups within the organization to have authority over their respective sections. Since the employees are encouraged to update the information it help to eliminate the bottleneck and free up the time of the employees who were previously responsible for updates to the knowledge base.
FLS did not have the capability to monitor who was making changes so if all staff were allowed to make changes there was no way to keep unapproved information from being visible to staff.
When they made the transition to MediaWiki they found that over 50% of their knowledge base articles were out date - requiring updates or obsolete. LDAP support was not included with MediaWiki out of the box but an extension was available.
Since there is no built in way to hide information they have decided to run two instances of the wiki. One that is considered internal for staff (including students on the helpdesk) and the other that is viewable by the public.
Unrelated to the wiki, they have been are continuing to use HEAT as their call tracking tool. Since the 90’s they’ve been using it pretty much out of the box. Their goal is to move towards ITIL and they have recently revamped their call classification from 1 tier to seven tier. Their new classification system aims to help prompt Helpdesk attendants with the common questions to ask – they want them to ask questions. E.g.:
-Device (PC)
-Person (Student or Staff)
-Application Name
-Do they have access, corruption, etc.
The overhaul for their classification system took approximately six weeks.
American ITIL – Hobart and William Smith Colleges
ITIL stands for Information Technology Infrastructure Library. It is a set of concepts and techniques for managing IT infrastructure, development and operations. In other words it provides a set of best practices. Hobart and William Smith Colleges (HWS) explained how ITIL is influencing how they handle incident management, problem management, service level agreements (SLA), operating level agreements (OLA), creation of metrics, and the beginning stages of how to design a service catalog.
ITIL can be considered a framework that can be adapted to suit the needs of an organization. Published benefits included:
• Reduced costs
• Improved customer satisfaction due to a more professional approach to service delivery
• Improved productivity
• Improved use of skills and experience
Hobart and William Smith Colleges is selectively choosing which components of the framework to use.
The best practices that make up ITIL are documented in a series of books which are updated as the concepts evolve. The five core titles are service strategy, service design, service transition, service operation and continual service improvement.
The service strategy explains how service management should be designed, developed and implemented.
Service design targets the design and development of services offered and how the services will be managed. A service catalog (either a database structured document) lists what services are offered and includes information such as deliverables, prices, contact points, and how to order. Hobart and William Smith Colleges currently has a service catalog in its early stages in the form of a excel spreadsheet. Operation level agreements document define the workflow and procedures for the IT services department and other departments within the organization. HWS does not publish their OLAs. A service level agreement is an agreement between the IT services department and the customer. SLAs basically define what a customer can expect in terms of timeframe and deliverables but also serve to communicate the IT department’s expectations in terms of required information and how much notice is required. HWS publishes their SLAs.
Service transition is essentially another name for change management. The aim is to control the lifecycle of all changes and prevent disruption of other services.
Service operation refers to the delivery of support services to ensure they are of value for the customer and the service provider. Incident management is responsible for managing the lifecycle of all reported incidents. HWS is implementing an enterprise information system that will provide college constituents with information tools and processes that support a broad set of mission critical operations. In Computing Services and other departments in AU we use HEAT to log incidents and to assist with the workflow process. As with our Helpdesk, HWS’s service desk is the single point of contact for all IT service related requests not including project work.
Problem management, the other major component of service operation is the process responsible for managing the lifecycle of all problems. The basic goal is to prevent incidents from happening and minimize the impact of incidents that cannot be prevented. When a large scale problem occurs HWS pulls together the team that solve the problem and investigates the causes that led to the problem. Causes include processes, people, technology and resources. Once the cause is determined they attempt to prevent the problem from occurring again by determining who is responsible for fixing it, who approves the fix, who is available as an additional resource, who is consulted, and who needs to be informed.
Continual Service Improvement targets creating and maintaining value for customers through better design, introduction and operation of services. Change management also known as Service Transition overlaps heavily in to this area.
ITIL certification is available. The foundation certificate provides a foundation level of knowledge. The practitioner’s certificate is aimed at those who design and support services. A manager’s certificate is also available.
Refer to http://www.itil.co.uk or OCG ITIL Library for additional information.
“You Know More Than You Think You Do” – Helping Participants Transfer Knowledge – University of Michigan
This was a training oriented presentation that suggested that people could be eased in to a new program or system by finding similarities between the new software and software they are familiar with. Visual cues such as buttons and icons (e.g. the print button) are often shared between programs. Similarities can be used to impress the knowledge that the software really isn’t impossible to learn. If a person has learned to use one system in the past, there should be no reason why they can’t be trained to use another system.
The learners should be encouraged to think. It is import for them to know what they are trying to do. If the person is just clicking buttons at random, chances are they’ll end up with results that they did not expect. If the person knows what they want to accomplish chances are, they’ll be able to relate that goal to visual clues that they see on the screen. If I want to send an email, I look for an envelope.
It was suggested that trainers can relate the software to what the users already know. An analogy of learning to drive a new vehicle is a good example. Most people have some idea of how to drive but tend to be very comfortable with the vehicles they drive on a daily basis. Most vehicles have brakes and steering wheel but how those devices function can vary slightly. The extra features such as the audio system might be confusing for new users. It may not occur to the new driver that he or she needs to use the touch LCD screen to adjust the volume or change the radio station. If the person can think of the LCD as the radio then perhaps some of the characteristics of the controls on the old car can be related to the controls on the new car.
Concepts should be introduced in small steps in sequence. For example if the system can be though of as a house the first thing they need to before they can get in the house is to get open the door. The login prompt can be thought of as the door. If they have the right key, they’ll be let in the house. Once the person is inside the house, further training can proceed. The rate at which training proceeds will vary depending on the experience levels of each person.
From the Silent Generation to Generation X, Y and Z: Strategies for Managing the Generation Mix – Grinnell College, Valparaiso University, and Hamilton College
This presentation focused on people’s opinions of the different generations in today’s workplace. Videos were shown of subjects of varying ages who provided their opinions of generations in which they were not a part of. The presenters encouraged interaction from the audience. As to be expected individual opinions and thoughts were often quite different.
Open Source – A Practical Solution – Amherst College
During the Spring and Summer seasons of 2006 Amherst College’s was required to find a new ticket tracking system. Up till then they had been using Heat. While they did not go in to specifics they said part of the reason for the decision was the “quirkiness of some of the modules and costly maintenance fees”. They also had IT groups who resisted using the software. They desired a web based solution which is something that Heat could not yet offer.
The popularity of open source software was on the rise within their institution. The new software would have to enhance collaboration with IT, augment support efforts for constituencies outside of IT and offer a self service component.
They put out a short RFP that focused on core requirements and thoroughly tested four or five systems that they had short listed and recorded the results on a wiki. They included as many Help desk staff as were willing to participate in the test. They looked at OSU ticket tracking software and RuQueue but decided on RT ticket tracking software by Best Practical. The developers of RT published a book, RT Essentials in 2005 which provides documentation for the end user as well advance customization techniques. The book references wiki.bestpractical.com and
www.bestpractical.com/rt/lists.html. Both links are useful for bug fixes and feature requests.
It is possible to interact with RT entirely by email. Pre-defined scripts can control and record behavior and responses. It sounds like these scripts function much in the same we as our in house built scripts that are used to interact with Heat.
The three major components of the system are tickets, queues and email notifications. Queues are used to provide access to control tickets or a specific department. Email notifications alert users of a transaction within the system. Access rights and permissions can be granted at the user or group or global level.
The RT database is populated with information that is uploaded nightly from the college’s administration system. The information includes profile and contact type information for faculty, staff, students and alumni.
They are not yet using the self service module but have been developing it with plans to use it as an educational tool and a forum for dialog.
Overhaul You Helpdesk Ticketing System – Massachusetts College of Art
Massachusetts College of Art (MassArt) was using a homegrown ticketing system. It was not user friend and as a result, largely unused. They implemented Unipress Footprints 7 and have since upgraded to version 7.5. It is linked to their LDAP server for authentication and has a dynamic link address book. Reporting features and survey tools are included. The software is 100% web based on runs on Windows 2003 Server.
The Helpdesk had been struggling before they implemented Footprints. Customers would approach individual IT people directly. The previous system was developed by a student. I get the impression that it was not being supported. A single admin account was used to access the system which made it impossible to track who was working on what. The system lacked reporting features and had no options for customization.
Since they are a small institution they opted to purchase a solution rather than develop one. They evaluated GWI’s Incident, BMC’s Remedy and Numara’s TrackIT. The main reason Footprints was selected was due to the fact that it was web based and easy to customize.
Footprints ships with 13 different base configurations including “Corporate Help Desk”, “Asset Requisitioning”, “Facilities Management”, and “Sales Tracking”. Following installation they connected the system to their LDAP server. They encountered a few connections problems which Unipress helped them to resolve.
Since they were unfamiliar with this type of system they said the learning curve was steep but training was provided on a one on one basis with several short group demonstrations. A week long administrator training course is offered by Unipress and the presenter felt that it was well worth the cost.
Since implementation 10 months ago they have logged over 1700 tickets. The presenter could not stress the fact enough that the ticketing system should supplement the business practices of an organization. The business practices should not conform to the design of the system. The ticketing system should help to stream line processes and communications but should not replace what already works.
Who’s Really in Your Top 8: Network Security in the Age of Social Networking – University of Delaware
This presentation focused security concerns such as social engineering and how those concerns relate to popular social networking services such as Facebook, MySpace, Ruckus, Friendster, LinkedIn, SecondLife and even YouTube. Social networking services encourage people to share information in order to keep friend up to date and to help meet new people. While the sharing of information may sound harmless it’s important to remember that the information provided could be used for malicious purposes such as identity theft.
Social engineering is not a new concept. It could be referred to as a con or a scam or in the IT world you may hear terms such as “Phishing” or “Spoofing”. The purpose is often to obtain money, goods or even information that can be used to cause damage or obtain money and/or goods. An example might be if an attacker obtains a person’s and birth date and company email address from a Face book profile. Once the attacker has gather the required information, the attacker could phone the IT services department and request a password reset for that email account. Assuming the IT services department uses birth date to verify the caller, the attacker may obtain access to the victims email account. Email accounts can potentially house confidential or sensitive information such customer information or other passwords.
While it is possible for individuals and organizations to mitigate the risk of social engineering type attacks by adopting strict control over what information they provide and how they deliver it, there is no solution that will work 100% of the time. There is always the human factor to consider. All individuals on some level desire to be accepted and fit in. Attackers and predators prey on these vulnerabilities. Educating individuals and organizations helps to prevent these incidents from occurring but does not guarantee that social engineering attacks will not succeed.
Virtualization’s Next Frontier: Security – Ringling College of Art and Design
Today virtualization typically refers to the process of running a virtual computer inside a host system (often a virtual server). The virtual operating system operates independently from the hardware and operating system that is installed in the host system. In other words, the virtual machine doesn’t care what the host server’s operating system is. The virtual machines operating system could be Microsoft Windows Server 2003 and the host server’s operating system could be Linux. The virtual machine simply exists as a series of files on the host computers hard drive.
Server virtualization can improve overall system security and reliability by isolating processes and services from other software stacks. Although multiple virtual machines may be housed by one virtual server, those virtual machines operate independently of each other. Software updates can be applied to the various virtual machines without fear of breaking other processes and services that may not be related to the processes or services that updates apply to. Improved testing is made possible by the reduced cost of virtualization since each virtual host can house multiple virtual machines. At Ringline, approximately half of their computers are Macs. If the administrators need to test changes, they can simply load up the Mac OS and make their change. A second computer is not required and additional physical space is not required – only hard drive space.
The security of the host virtual server is extremely important. The virtual server should be kept up to date and should be in reduced visibility location (both physically and virtually). If the host server is compromised, it is possible that the hosted servers may be compromised as well. The presenters suggested that virtual honey pots could be put in to place to divert attackers to non critical equipment and services in the interest of gathering information and building security rules.
Backups of the virtual machines will allow services to be moved in a relatively hassle free manner to another host machine should a disaster occur. The new host server might be in a different building or city. Since the virtual machines are not dependant on server hardware, they can be run on a machine that is not identical to host server with minimal configuration changes. How frequently the backups should occur depends on the nature of the virtual machine. The presenters suggest that the while the server host can be entirely backed up it is not necessary to do so. Since the virtual machines are just files in a directory, as long as the files are backed up they can be restored with their functions preserved. Depending on the type of virtualization it can be possible to take a snapshot of a virtual machine. Changes to that machine from that point on are stored in separate files. If it turns out there is a problem, the changes can be rolled back by pointing the host to the original file. This is useful when applying an updates. Even if you expect the updates to work, you have the safety net in place to fall back to.
Performance of applications can vary depending on the software. Typically there is a more overhead required since there are two operating systems running and hence more system resources are required. The presenters did find that certain applications actually ran faster in a virtualized environment. They were referring to graphical type applications that were used for rending complex multimedia type files. They said that the time to complete tasks was basically cut in half. They pointed out that these improvements may be only for certain aspects of application and may not necessarily carry over to other components of the application.
The presenters concluded that virtualization has allowed them to test more variations of software using less physical resources thereby reducing costs. They are more confident in the security of their systems but also stress that it is not a magic box solution. Remaining vigilant to network activity and keeping up to date on updates will help to prevent compromises and infections.
The Proper Care and Feeding of Your Help Desk – Wayne State University
This presentation focused on how to best motivate student Help Desk employees. Since students are not permanent and are encouraged to advance their careers the Help Desk tends to have high turn over rates. In order to encourage talented student workers to not look for off-campus work while they are students at the university, the presenter suggested the following:
• Keep the work interesting
• Provide the training and information they need
• They need to be involved with decisions
• Allow them to work independently
• Recognition through increased visibility
While the focus was on student employees, probably any worker would benefit from what the presenter suggested.
TAG You’re IT – Valparaiso University
TAG stands for Technical Action Group. The group is made up of approximately 25 technical staff from all areas of IT. The goal is to share information and address issues about technical projects. They meet once a month for one to two hours to discus campus issues and other issues that affect IT.
With the number of projects on the rise, collaboration between IT teams is increasingly required. They are finding that the meetings provide opportunities for individuals to learn aspects of areas that they are not a part of and to provide help with issues that they other whys would not be involved with.
Future plans include inviting individuals from other departments. They plan to investigate and evaluate new technologies and products so that they can make recommendations to the management team. They are hoping to removing silos and build bridges throughout the university.
Encryption Technologies: Testing and Identifying Campus Needs – Lehigh University
Lehigh University is implementing a plan to secure sensitive campus information. Protection of privacy was always an important concern for them but with the increasing shift to technology more and more concerns are arising. They are mandated by law to comply with requirements set in legislation to protect privacy. By implementing encryption they are helping to protect the reputation of their organization. If devices are lost or stolen or if communications are intercepted, encryption provides assurance that information will not be readable by unauthorized parties.
They took a detailed look at the types of hardware, media and communications that they felt needs to be protected. What they identified:
• Desktop PCs (Windows, Mac and Linux)
• Removable media
• PDAs (Palm and Windows based)
• Backups
• Network traffic
• Microsoft SQL Server
They looked at what types of methods of encrypting (disk level, file level, virtual disk level.) could be used for the various types of hardware (SD cards, USB keys, handhelds, etc.). Price, performance and compatibility were all considered. Performance was measured in benchmarks. Encryption key management methods (the ability to restore data) were also tested. They considered limitations of file and folder security which include user compliance, hidden or forgot files (temp files, swap files, recycle bin, etc).
The whole disk products examined were as follows:
• WinMagic’s SecureDoc
• PGP Whole Disk Encryption
• PointSec
• Utimaco SafeGuard
• Microsoft Vista BitLocker
Microsoft’s solution was dropped due to it being a Vista only feature.
File encryption technologies tested were:
• Microsoft Windows XP Encryption File System
• AxCrypt
Virtual disk products:
• TrueCrypt
• DriveCrypt
• CyberAngel
Palm products tested:
• Warden
• TealLock
• Built in features
The committee recommended and selected PGP Whole Disk Encryption for whole disk encryption. Virtual disk file/folder recommendations encrypted disk images for Mac, Windows EFS or True Crypt for Windows. TrueCrypt was recommended for pocket PCs and removable media. For PC backups they recommend EFS encryption and MS backup, Symantec Ghost w/encryption. They advise that users change their passwords immediately if a device is lost of stolen. VPN and Terminal Services should be used where possible.
Like Technology from an Advanced Alien Culture: Google Apps for Education at ASU – Arizona State University
Under the direction of their president, ASU negotiated a partnership with Google. In October of 2006 discussions and negotiations began. Two weeks later, Google announced the partnership with AUS to deliver Google Apps for Education. In less than two weeks they made the transition from their homegrown IMAP client to Gmail giving each of 65,000 students access to two gigabytes of storage, spam filtering, calendaring, instant messaging and ability to sort, search and tag email.
In addition to the features mentioned above Google Docs and Spreadsheets allows students and staff to work collaboratively by simultaneously editing and sharing files. Third party advertisements such as Google’s Adsense technology are not displayed to students. The students have a personal start page and ASU is hoping to continue to enhance this page. They plan to display such information as what course they might be interested in and would like to provide an option to create a profile. ASU uses Google Maps to allow visitors to view all four campuses using the map, satellite and hybrid features.
The presenter said that Google Apps was easily implemented and that it was able to handle ASU’s single sign in and account provisioning processes.
ASU support requests for Google Apps. Incidents that cannot be resolved by ASU staff are escalated to Google. It is the responsibility of the third tier to contact Google. They have not yet had to contact Google’s support team.
Regarding security and legalities ASU prefers that Google handle all legal inquiries regarding student’s email. They feel it eliminates conflict of interest and helps to protect the student’s right to privacy. They are more confident in Google's security than their home grown email solution. The presenter stated that the contract was negotiable.
Out of the 89,000 accounts, approximately 23,000 are active daily. 81% of the accounts have been visited. | en |
