CIO's Blog

Stephen Frazier, Western Illinois University


Scanning of WIU E-mail for Sensitive Information Underway

Throughout this spring semester, automated processes will be scanning the Zimbra email accounts of all Western Illinois University community members (faculty, staff, students, and alumni) to identify sensitive information (social security numbers and credit card numbers) contained in email messages and attachments. The date when individual email accounts will actually be scanned cannot be determined because of the way email accounts are distributed across the mailbox clusters. However, we will email the campus community sometime in the late spring or early summer when the process has completely finished.

This is part of Western Illinois University’s ongoing commitment to protect its electronic assets. Scans of desktop computers and infrastructure servers in recent years have resulted in the remediation of over 37 million instances of sensitive data. Until recently, however, we have not had the means of scanning Zimbra accounts where this type of information is also stored. In addition to protection efforts, the remediation of sensitive information in Zimbra accounts is necessary to prepare for the possible migration of email accounts to another email service provider (such as Google or Microsoft).

When the automated scans identify possible credit card or social security numbers in an individual’s Zimbra account, it will send a notification via email to the account owner. The subject of the notification message will be “Sensitive Data Scan Report”. If you receive one of these messages, click on the link in the message to view instructions and then determine the nature of the information that was identified by the scans. Delete the email message or the attachment containing the sensitive information. You may also secure it outside of the email system, preferably in an encrypted format. However, do not simply copy it to your desktop or a shared folder where it will still be discoverable.

If no action is taken within a week of when the alert message is sent, the data will be archived and removed from the email account. If you have questions on how to protect sensitive information that needs to be retained, need access to the information once it has been archived, or are concerned about the validity of any email notification that you receive, please contact the uTech Support Center at (309) 298-2704.

It is everyone’s responsibility at Western to help ensure the protection of WIU’s electronic data. We appreciate your help, understanding and commitment to these ongoing efforts!


Email in the Cloud

The following is an executive summary of IT Governance proposal #42 -“Implement Google Apps for Education at WIU” – written by Dr. Justin Ehrlich, Computer Sciences professor and co-Chair of the IT Governance Marketing/External Alliance.

This proposal will be presented at the next IT Governance Council meeting at 3:00 p.m. on Thursday, January 28, 2016 (in Horrabin Hall 1/QC Complex 2204). The meeting is open to the entire WIU community, and students, faculty and staff will be given an opportunity to make brief remarks concerning the proposal.  You are welcome and encouraged to view details on this proposal and provide additional feedback (note that the proposal details and forum are only accessible from an on-campus computer or via WIU’s VPN).


 

Last year an IT Governance proposal was made to move from Zimbra to a cloud-based service. The basis of this proposal (Proposal #42) was to save the University money by using Google Apps for Education (GAE) to host our email and calendar, while at the same time offering more services such as unlimited drive space, shared folders that can be set up by individuals, a superior interface, real-time collaboration (Google Docs), and alumni life-time WIU email addresses.

By using Google to host our email and calendar, we won’t have to continue to replace or maintain our Zimbra software and VMware servers, saving us between $55,000 and $72,000/year and between 250 and 500 hours/year of personnel time, allowing these resources to be used for other areas and services.

The proposal has gone before the Student Government Association, Faculty Senate and the IT Governance Administration Alliance, all of which voted that we make the move to a cloud-based service. While the SGA voted that the switch be made directly to GAE, the Faculty Senate and IT Governance Alliance asked that a task force be created to compare the available platforms and to decide which platform, if any, might serve WIU the best.

Last semester the task force was formed by a representative from the Quad Cities appointed by the Vice President of Quad Cities and Planning, two administrator and staff representatives appointed by the ITG Admin Alliance, four University Technology members appointed by the Chief Information Officer, the director of Center for Innovation in Teaching and Research, the chair of the ITG Executive Committee, and five dean-appointed faculty members to represent the colleges and library. The task force narrowed the available options down to Microsoft Office 365 for Education and GAE, and ultimately decided on GAE for its superior interface, functionality, and campus familiarity. To augment task force’s decision, a survey was sent out to the entire campus. Of the 1,420 respondents, 79% responded that the University should move from Zimbra to a cloud-based platform, 93% reported a familiarity to Google gmail, and 71% responded that we should move to GAE. The accumulated survey data is included in chapter 4 of the full report, and the comments are located in appendix II. The task force received a few emails, which are anonymously included in appendix III.

While Google Apps for Education is free, Google will have access to our data. Under contract Google will not run ads or analyze University or student data for purposes of ads, but they can still analyze users’ activities for purposes of improving services. Also Google will not make any guarantees as to where the data resides. While we will be able to choose to base our data in the United States, pieces of our data may be migrated for performance reasons. For instance, if a faculty travels to the UK and accesses data stored in the cloud, that data may temporarily be migrated to the Dublin data center. While this might be considered an added risk, under contract Google is subject to FERPA. The FERPA clause stipulates that Google is considered a “School Official” and must protect our data in a way that is FERPA compliant. Further, the University remains the owner of all data stored in GAE. To provide administrative access to the users’ data, Google provides a tool, Google Vault, that features e-discovery, email archiving, email and file searching, removal, and audit reports.

The original proposal called for the University to replace the P:\ drive with Google Drive. However, after researching Google Drive, we found that there is no easy way to implement Google Drive in the computer labs due to not being able to map a drive letter unless the files are synced. We’ve also received requests from the University community to retain the P:\ drive for a variety of reasons. The task force looked at the costs of maintaining the P:\ drive and found that it is insignificant when compared to maintaining the Zimbra servers, so we recommend not replacing the P:\ drive. However, we do recommend enabling the Google Drive functionality, as this won’t require any additional costs and adds a lot of functionality, including collaboration tools using Google Apps.

In conclusion the cloud services task force recommends that the University replace Zimbra email and calendar with GAE. The campus community should have all of the GAE features available to them, including Google Classroom, Google Sites, Google Drive, and Google Docs. While migrating to GAE will take time, we believe that if the process is started this semester, the University can be fully migrated by the end of Summer 2016 in time for the Fall 2016 semester.

A complete report on this proposal includes the timeline of this proposal (chapter 2) comparison that the task force made between GAE and Office 365 for Education (chapter 3), the survey aggregate data (chapter 4), the Google Apps for Education terms of service (chapter 5), notes from other institutions (Appendix I), the survey comments (Appendix II), email questions/comments (Appendix III), and frequently asked questions (Appendix IV).


We welcome additional feedback, comments and discussion on this proposal via our online forums. The forums, as well as the complete details on the proposal, are accessible from on-campus computers or via WIU’s VPN.

 


uTech Support Center Services Moved to University Union

Walk-In Computer Support now available in the University Union

Welcome back to the spring 2016 semester, Western!

Last Sunday, January 17, 2016, the University Union concourse location (previously solely occupied by the uTech Computer Store) became uTech’s primary walk-in support center location. In addition to the personal sales and repair services currently offered, much of the support services historically offered from uTech’s Stipes Hall location now call the Union home.

uTech (in the Union) will assist patrons with installing various software packages as well as configuring mobile devices to work with the campus wireless and Zimbra. In addition to warranty repair services, several fee-based services will also be available for personally-owned devices such as removing malware, attempting data recovery from malfunctioning portable drives, operating system reinstallations, and non-warranty repairs for both Windows and Macs. Opportunities for students, faculty, and staff to make personal computer, mobile device, and accessory purchases will continue to be available. All of these services will be offered solely through the Union location. Patrons seeking these services in Stipes Hall will be re-directed to the University Union location.

uTech (in Stipes) will continue to provide test scoring, item analysis, and evaluation processing as well as troubleshooting WIUP and STARS login issues in person. Troubleshooting ECom login issues in person will be available at both locations.

This is a significant change for uTech and WIU. However, by shifting much of our walk-in service to the more central Union location, we are making these services more available to students, faculty, and staff at the south end of campus. In addition, the Union facility lends itself to allowing uTech to provide more hours of operation for walk-in services – our normal hours of operation for walk-in services will be extended in the Union until 6pm during the week. We are also thrilled that we will now be able to consistently offer weekend hours while classes are in session. The new setup takes advantage of the natural tie-in between technology support and technology sales.

We truly believe that the format for the uTech Union location will prove to be a very valuable resource to the WIU community. Our top-notch full-time and student staff will be able to provide greater access to an improved service. We also realize that old habits are hard to break, so please be patient as uTech makes this transition.


University Technology Reorganization Update

University Technology at Western Illinois University is continuing its transformation process!  Beginning on January 2, 2016, the department will be reorganized to become more efficient and effective.  Planning for this change began nearly a year and a half ago when Administrative Information Management Systems (AIMS), Electronic Student Services (ESS), Quad Cities Technology, and University Technology (uTech) were combined under the name of University Technology.

While there are many aspects to the reorganization, the most evident changes will be:

The formation of a new Applications Group. In the past if people went to AIMS asking for a program or application, AIMS would provide a mainframe-based solution.  uTech and ESS, however, would provide a Windows or Linux-based solution.  Now that AIMS, ESS and uTech are together in one organization, one group will handle all of these requests and be in a position to make the best decision on which platform to use.  This new group, called the Applications Group, will also maintain 3rd party applications and report to the director of AIMS.

Additional support for the IT Security team.  Bob Emmert will be heading up a new security team. Along with other initiatives, they will be working with an IT security firm, Dell SecureWorks. This firm has just finished a comprehensive IT security audit for WIU.  In addition, they are monitoring server traffic and watching for malicious or fraudulent activity.

The uTech Support Center will be relocated.  The uTech Computer Store will now be part of uTech’s Support Services headed by Kevin Morgan.  The Support Center (Help Desk), which is currently located in Stipes Hall, will be moved into the uTech Computer Store in the University Union. This will be more centrally located for walk-in support. Phone support, however, will continue to be provided from the Stipes Hall location.

Although reporting lines will change on January 2nd for some people within uTech, not all staff will begin their new duties immediately.  A transition period is needed to allow them to learn their new support roles and turn over some of their former duties to others.  Also, University Technology will form a liaison council during the spring 2016 semester.  The directors and some of the managers in uTech, along with college tech reps and staff in various organizations served by uTech, will meet regularly with the CIO to help identify service needs and priorities.

More details about uTech’s reorganization plans can be found on the uTech website at www.wiu.edu/utech/.  If you have any questions about the reorganization, please don’t hesitate to contact me.  I hope that everyone has a relaxing winter break and a wonderful holiday season, and I look forward to working with each of you in the year to come!


Reporting on Major uTech Projects

Two new online reports are now providing detailed information about University Technology (uTech) projects; Summary and Detail reports. These reports are automatically updated each night and they can be accessed on uTech’s website with ECom credentials at: http://www.wiu.edu/university_technology/other_info/projects.php

Given the number of initiatives that University Technology is managing, visibility into uTech’s projects is critical. uTech provides a wide variety of technology services that directly or indirectly impact almost every individual and organization at the University. At any point in time, uTech is managing dozens of new IT implementations while providing support for ongoing production services. Keeping our stakeholders apprised of the status of these is important.

This newest reporting system, called the Major Project Tracking System, documents and tracks all of uTech’s major initiatives; whether they are currently underway, completed, on hold, or planned. This system was developed in-house using an existing application.

Detailed information about twenty-four active major projects is now being updated and tracked in the system. Tracked information includes the projects’ purpose, scope, managers, target start and end dates, milestones, and the current status. While there are more projects than listed in these reports (150 at last count), we’ve eliminated those that are either small or specifically for uTech internal operations.

Project managers are updating projects in the tracking database on at least a weekly basis. The reports are generated by the Pentaho Reporting tool and uploaded to uTech’s website each night. These reports, along with the newly implemented IT Governance, will help to improve transparency of IT project activities.


Conquering WIU’s Wireless Divide

There has been a wireless divide on the Macomb campus at Western Illinois University.  Students living on campus are either on one side of that divide or the other.  That’s all going to change later this summer when wireless access becomes ubiquitous in all of the residence halls.

Wireless access has been available in the residence hall rooms on the south side of the campus.  Caroline Grote Hall was one of the first residence halls to be provided with wireless access in the Fall 2007.  When the Corbin and Olsen Halls remodel was completed in August 2012, the wireless system was upgraded in them.  Westbrook (formerly the International House) has also had wireless since August 2012.  Lincoln and Washington were the most recent ones, which were brought online in the fall of 2013.

The north side of campus has not enjoyed the same wireless coverage, however.  Bayliss, Henninger, Tanner and Thompson have only had coverage in the common areas on the 1st and 2nd floors (Tanner’s 3rd floor common area also had wireless) since August 2007.   The University is financing $450,000, approximately half the cost of the project, which will be paid back over three years using ResNet fees to provide Tanner, Thompson, Bayliss and Henninger with 802.11n or 802.11.ac wireless coverage in all of the student rooms.

Contract work is scheduled to begin on May 12 in Thompson Hall to run conduits, molding, installation of ceiling brackets and wireless access points.  The anticipated completion date of the work in all of the residence halls on the north side of campus is two weeks before classes start for the fall semester.  The contractor and University Technology will be working on it throughout the entire summer. The majority of work should be done by the time the general student population moves in.  However, there may be punch list items that still need to be completed when students arrive, depending on what unforeseen difficulties the contractor encounters.

ResNet’s Internet egress also requires an equipment upgrade.  This upgrade will allow ResNet’s wired network and wireless network to take full advantage of our connection to our Internet Service Provider (ISP).  Bandwidth improvements will be needed to handle the increased network traffic from student-owned mobile devices in residence halls on both the north and south side of campus. The good news is that this ResNet egress upgrade has been approved and it is ready to go.

Bandwidth was increased from 256 Mbps to 620 Mbps (a 2 fold increase) earlier this year.  With the installation of new network equipment later this summer, it will increase to 2 Gbps in the fall.  That’s approximately eight times as fast as it was at the beginning of the Fall 2013 semester.  That type of increase will be welcomed by both mobile and non-mobile ResNet users… and I think they will be very excited!


How High Can We Go?

Judging by the reaction of students living on campus, the bandwidth improvements on the residential network (ResNet) just before the Thanksgiving break were well received! The total bandwidth was increased from 265 to 520 megabits per second (Mbps), effectively doubling the former capacity of the network. Students have expressed excitement about this turn of events, which University Technology wanted to accomplish before the upcoming final exam period.

It might seem as though the networking team pulled a rabbit out of the hat to accomplish this latest bump in Internet speed. Actually, however, they had been working on it for the past 6 months or more. It began with a series of discussions with one of the two Internet Service Providers (ISP) that are providing bandwidth for the University’s networks. Although we had subsequenlty received one Gigabit of bandwidth capacity from this ISP for ResNet, we are still waiting for final word regarding the Macomb campus network bandwidth increase from our other ISP. However, being provided with additional bandwidth from the ISPs is only part of the equation.

Providing access to the Internet involves many types of equipment (including the University’s firewalls, switches, packet shapers, intrusion detection systems, copyright infringement detectors, etc.). Unfortunately, our currently-owned network gear has limited capacity to handle much additional throughput. Therein lies the real challenge because replacement of this equipment will require significant investments (the cost could be between one and two million dollars over multiple years). So, although our ISP is providing us with a full 1Gps for ResNet, we are only able to access half of it because of our curren tnetwork equipment’s capabilities. The rabbit (okay, there was one) that the team pulled out of the hat was a plan which allowed ResNet to take immediate advantage of a part of the 1Gbps bandwidth by removing a piece of network gear that was creating one of the bottlenecks. So, given our current equipment, the reality is that we are only able to take advantage of just over 50% of the new ResNet bandwidth now available form the ISP.

With these most recent changes to ResNet, the previous individual student’s 1 Mbps limitation has been removed. Students now have the potential of obtaining higher bandwidth during times when fewer students are on the network, such as between 2:00 AM and 10:00 AM. They should also see improved bandwidth numbers during higher usage times, which typically occur between 2:00 PM and 11:00 PM. Students will now see more variability in the speeds they obtain. It is possible one second to get 20 Mbps throughput and the next they might only see 3 Mbps or less, depending on how many students are concurrently sharing ResNet. Nevertheless, these speeds are a significant improvement over the original 1 Mbps per second limit that was previously in place.

University Technology has been developing a proposal for the longer term that leverages a phased approach to acquiring the needed equipment to overhaul both the Academic and ResNet networks. It calls for supporting a full gigabit initially with increases to 3 Gbps, 7 Gbps, and eventually 10 Gbps. The plan includes the use of open source solutions where applicable (which is an inititiative in the new IT Strategic Plan) and the elimination of some equipment that will create new bottlenecks as the ISP-provided bandwidth is increased. To keep all of the costs from being incurred in any one single year, acquisition of new equipment will be spread out over several years or more . This plan will be proposed and vetted in the new IT Governance Process, along with future enhancements to the wireless and wired infrastructure.

Not wanting to raise expectations while we grappled with the best approach to resolving the network bottlenecks, University Technology refrained from openly announcing plans before now. Interestingly, we might now be faced with another dilemma. Students who live in the residence halls may notice the disparity in speeds between the ReNet and the campus network, particularly when they use computers in the labs and classrooms. If they do, we ask for their patience and understanding as we work though the issues noted above.

2013-11-[15-21] ResNet Weekly Average

Resnet Inbound and Outbound Traffic

The graph above shows the significant difference that recent changes made in the Inbound traffic on ResNet.  Dan Romano (Director of Infrastructure Services) and I would like to recognize the network team that has been working on these latest improvements and a long term strategy, including Tim Rericha, Hosam Badreidin, Brian Andrews and Gary Douglas.

Follow

Get every new post delivered to your Inbox.