DUKE ITAC - July 12, 2001 Minutes

Minutes

July 12, 2001

Attending: Ed Anapol, Landen Bain, Pakis Bessias, John Board, Ken Hirsch for Dick Danner, Brian Eder, Ed Gomes for David Ferriero, Nevin Fouts, Billy Herndon, David Jamieson-Drake, Ken Knerr, Roger Loyd (recorder), Forrest Smith for Melissa Mills, Kyle Johnson for Caroline Nisbet, George Oberlander, Mike Pickett, Rafael Rodriguez, Mike Russell, Jeffrey Taekman, Fred Westbrook, Robert Wolpert (chair). Guests present: Dave Turner, HRIS; Herb Commodore, OIT S.A.; Rob Carter, OIT; David Kirby, MCIS; Chris Cramer, OIT Security (by telephone).

Call to Order: Meeting called to order by Robert Wolpert

Review of Minutes and Announcements:

  • June 13 minutes were approved with no changes.

  • CIO Search Update: Bain reported the search is going well, and more smoothly than the previous search seven years ago. The group is rewriting the job description and gathering a pool of candidates. They intend to submit a slate of three finalists to Drs. Trask and Lange by October. The search committee invites comments or nominations. A list of CIO search committee members will be circulated to ITAC.

  • Gartner Contract: Rodriguez reported we have renegotiated the Gartner contract to permit campus-wide access to the basic suite of services Gartner offers. Special project accounts have been reduced in number, since they are more expensive per seat. The overall cost to Duke should remain about the same. If departments wish, they can purchase seats for their own use. New terms of the Gartner contract will be announced (Glovebox, CLIF, CLAC, etc.).

  • Oracle Contract: Herndon announced a new license agreement, based on IPEDS statistics, that is now for an unlimited number of Duke users concurrently. There is no limit on the number of servers or platforms; maintenance cost is lower. The contract includes a 5% cap on increases in maintenance cost for four years. Other products are available at the same discount negotiated for the main contract. If departments want to use Oracle outside the AIX environment, the cost would only be $40 for the CD. Herndon will explore listing Oracle with the site license committee (Gomes).

  • ECI Management: Bob Currier is now managing both voice and data groups (including televideo).

  • Donna Hewitt is retiring from the School of Nursing; her successor is Fred Westbrook.

  • Brian Eder (Fuqua) began work this summer in a new role as Director of IT for the University Development Office. Brian will attend ITAC representing that office.

CONTENT OF DUKE WEB PAGES AND ACADEMIC FREEDOM

  •  
    1. Create a small ITAC committee (Cramer, Hirsch, Carter, Kirby) to draft the guidelines, basing them on the guidelines on data privacy already in use at the Law School <see http://www.law.duke.edu/general/info/s07.html#policy7-8.

    2. Do not filter Duke websites from the Google search engine (except by coding placed in website by its author).
    Board: Is outraged at the violation of academic freedom.

    Oberlander: The Parking staff felt threatened by the web page, and is constantly subject to abuse.

    Jamieson-Drake: Parking could have prosecuted but didn't; is also outraged.

    Pickett: Searching Duke via Google brings up many websites with language some might find offensive; the issue is how one would choose what to filter/censor.

    Bain: This is an opportunity to educate our community about the proper role of technology staff in such controversies.

    Cramer and Hirsch: We should use the processes already in place to resolve these conflicts, and if necessary create further guidelines.

    Carter: OIT refused to intervene because it regarded the matter as a decision about appropriateness of content.

    Wolpert: Thanks to all for helping think this through.
  • Background: A disgruntled Duke student recently created a Duke webpage expressing anger at Duke Parking, with an obscenity. Duke Parking staff (using the Google-powered Duke search engine) discovered the web page, and brought it to the attention of Auxiliary Servies, which contacted staff in Student Services, who called the student, who removed the web page after the call. A large discussion has ensued among various Duke administrators, faculty and staff, with some ITAC members participating, on the subjects of whether the Duke various staff members' actions were appropriate, whether academic freedom had been observed, and whether any websites at Duke should be blocked from the Google-powered search.

    Issue: What is ITAC's role in the general discussions of these events? A principle advanced, with most ITAC members concurring, is that it is not the role of ITAC or technology staff at Duke generally to make decisions about appropriateness of content on Duke web pages; judicial processes are in place if needed for that matter. Rather, ITAC's role should be to create and promote a set of guidelines clearly laying out a procedure for data privacy and intervention by technology staff, as an extension of the 1997 ITAC policy, "Computing and Electronic Communications at Duke University: Security & privacy" <see http://www.oit.duke.edu/oit/policy/ITACPolicy.html>

    Decisions:

    Discussion (representative sample of comments):

HR SECURITY REPORT

Commodore reported on HR's actions to bring transmissions of sensitive data to Duke's business partners to a more secure status. Currently these are unencrypted. The University of Pennsylvania was successful in moving all of its HR data transmissions to encrypted status, using PGP.

Wolpert suggested it should be a clear policy goal to move soon to end unencrypted transmission of data.
Commodore and Turner (and Cramer by phone) agreed, saying that Duke may have to help its business partners through the transition (though Penn did not report any difficulties).

The Security Advisory Committee will discuss the matter and recommend next steps.

DATA BACKUP

  •  
    1. For AFS files, OIT backs up every night, with full backup monthly, and an archival backup once a semester. This is safe for live data. The goal is to provide adequate disaster recovery.

    2. For non-AFS files, OIT uses a product called Amanda which preserves changed files nightly, and makes a full backup every 30 days.

    3. For tapes, OIT uses UFF/AFF data backups; the machines run constantly.

    4. OIT uses an IBM product, ADSM, to back up to a tape robot. However, IBM no longer supports the product.
  • Carter summarized current backup strategies before discussing future improvements. Currently, OIT pursues four strategies.

    In the future, OIT plans to replace ADSM with a newer IBM product, TSM, which is more flexible. It can integrate with the Tivoli infrastructure. In two or three weeks, Carter expects to have TSM running; it is now in the approval process. It may even work out financially to use TSM for backup for Carter's group responsibilities (mailboxes, etc.).

    OIT has also negotiated a new contract with Triangle Resource Group (in RTP) for a backup client called Saf-T-Net, which backs up files to a huge server farm in Boston. Though retail prices are higher, Duke prices per machine will be $10 initial, $2.95/month, and $30/GB stored. OIT and MCIS will post final details to a website and in Glovebox News. The prices above depend on volume pricing; the goal is to have 2000 clients distributed (at least 500 of which would be on the university side).

EMAIL SPAM CONTROL

Discussion postponed. Wolpert noted that the General Email (GEM) policy has been approved by the senior officers and will be distributed during the week of July 16 to all who report to the senior officers directly.

MEETING ADJOURNED at 5:30 pm.