OCIONEWSLETTER Issue 2 • JAN 2011
SPOTLIGHT
Discover & Innovate @ CityU Andy Chun With curriculum changes to support the 3-3-4 academic reform, the University has a rare opportunity to rethink and redesign how we provide and deliver education to our students to create a rewarding and unique CityU learning experience. The University has instigated a new “Discover & Innovate @ CityU” (D&I) campaign, designed to broaden our students’ minds and to challenge their creativity in an interdisciplinary manner through a technology-enriched learning experience. The D&I initiative is by no means limited to student learning, but spans all University functions from teaching, research to administration. It is fully in line with and supports the University’s new 20102015 Strategic Plan. IT of course plays a very important role in supporting D&I efforts and the new Discovery-enriched Curriculum (DEC) that the University is creating. For the IT organization, we are promoting discovery and innovation at several fronts. At the organization level, we are exploring new ways to optimize how we deliver our services, streamlining processes, and adopting modern service management standards. At the IT infrastructure level, we are building up our cloud computing capabilities and further strengthening the robustness of our operations, as well as support for high-performance computing. At the enterprise systems level, we are deploying new systems to streamline administrative and academic processes.
2
OCIO NEWSLETTER
The key benefactors from our IT D&I efforts are of course our students. Last year, we made available a suite of cloud applications and productivity tools, allowing students working at different locations, even different countries, to collaborate, communicate and share – through web conferencing, instant messaging, blogs, wikis, and shared documents, spreadsheets and presentation slides. For teaching and learning, the University plans to make extensive use of IT to maximize our students’ learning experience through a technologyrich e-learning environment. The University Strategic Plan states that we plan “to continuously upgrade our e-learning environment to ensure that our information technology platforms and systems are up to speed, able to keep pace with the technological competence of our students and to provide them with new models of learning to enhance effectiveness.” D&I and the DEC efforts ensure our students are well prepared for a knowledge-based society that is very much technology-oriented. It is obvious that technology is inseparable for practically all aspects of daily life, in how we communicate, share, collaborate, learn as well as work and play. With D&I, we will be providing a technologyenriched environment where students and teachers can easily and freely share ideas and collaborate among themselves and with each others. We see the ability to easily and quickly share information and collaborate to be an important aspect of the CityU experience. Our first step in this direction is to upgrade our mobile-learning capabilities for both in-class and out-of-class learning. In-class mobilelearning includes the use of mobile devices to promote student interaction and participation. For example, with mobile devices, students can easily share ideas, questions, links, and web
content as part of a discussion or submit answers to quizzes/surveys and have all interactions displayed/analyzed in front of the class. Outside of class, mobile devices allow instant access to all course material anytime anywhere a student may be. Beginning in 2011, we will be piloting Blackboard Mobile Learn and Qualtrics to support in-class and outof-class mobile-learning. These devices also allow students to stay in touch with other students via University social networks, which is another area we are strengthening. A University-supported platform for social networking is a crucial part of our e-learning strategy. Globally, e-learning has been moving to a new model of “social-learning” and the University is aggressively moving towards transforming our current e-learning environment into a social-learning environment. For example, the use of social networks will allow arbitrary virtual research/learning communities to be easily established for sharing and collaboration. We envision a rapid increase in the use of social networks for teaching, learning and research, bringing students and faculty as well as external partners closer together. CityU has also been a leader in the use of e-portfolios to support learning and student employment. With DEC, the e-portfolio platform can be used to create portfolios to document discovery progress and results as well as to share with other students. For
graduate students, they will be using the e-portfolio platform to create research portfolios to highlight their research work, share their research papers, and to seek for jobs. For faculty, we plan to expand our e-portfolio work to include teaching portfolios as well as research portfolios. This will further enable the CityU community to share and learn from each other as well as expand the visibility of their work around the world. To ensure our students are truly benefiting from our DEC experience and D&I efforts, we plan to provide a platform to assist with the recording of student learning outcomes. Learning matrix and rubrics will be created where students can upload artifacts as evidence of achieving learning outcomes and at which level. These outcomes can be at the course, major, department, college/ school, or institutional level. The results can help the departments, faculties and university to measure effectiveness and set targets for improvements. With the University’s strategy in promotion globalization and internationalization, we see the prevalent use of technology within DEC and D&I to be crucial. Discovery, innovation and technology go hand-in-hand. Leveraging technology to innovate usually brings transformational changes that can propel an organization to new levels. With DEC and D&I, the University is moving rapidly in fulfilling the vision stated in the University’s new Strategy Plan.
Issue 2 • Jan 2011
FEATURE
Migration of Staff Email Service to Microsoft Exchange Henry Wong The Committee on Information Services and Technology (CIST) has approved to adopt the Microsoft Exchange Server (Exchange) as the standard University email server for staff, and will phase out the current Sun Java System Messaging Server (JSMS) which is old technology and must be replaced. Exchange is an enterprise messaging solution that caters for individuals and collaborative usages. It is more than an E-mail system. It is an enhanced, integrated and unified messaging system providing E-mail, Calendar, Scheduling, Resource Booking, Contacts (Address Books), Tasks, Notes, etc. on an integrated and unified platform. All those data and services can easily be accessed anywhere through Microsoft Office Outlook, Outlook Web Access (OWA, the Webmail of Exchange) and Mobile devices. To utilize the full features of Exchange, users are strongly recommended to upgrade their email client software to Microsoft (MS) Outlook 2010 and their Office Software to MS Office 2010. The campus-wide Exchange/Outlook Migration of Staff Email service will be carried out by the Computing Services Centre (CSC) on a “per department” basis. The objective of Exchange Migration is to switch users’ email activities from accessing their JSMS accounts/mailboxes to accessing their Exchange accounts/ mailboxes, and the CSC will ensure that interruption to users’ daily email activities is reduced to the minimum during the migration/switch-over. There will be NO change on the Account-IDs and Email Addresses of
users after their email accounts are migrated to Exchange. However, users should be aware that the password of their Primary Exchange account is their “Network Connection Password” that they use to logon Staff LAN, Student LAN, Wireless LAN, and VPN services. For many users, this may be different from the password that they use to logon their old JSMS email account. During the migration exercise for a particular department, the CSC will first discuss with the departmental Network Administrator (DNA) on the logistic and technical details of the migration exercise. Then CSC staff will contact every user in the department in due course to arrange for a time at his/her convenience to deploy Exchange on the office PC. This will involve migration or upgrade of the user’s email client software to MS Outlook 2010, set-up of Exchange account in user’s Outlook profile, switching user’s email access
from JSMS to Exchange, and advice on email message transferring from JSMS to Exchange. The time needed for switching email access to Exchange for a user is about 15 minutes if the user is already using Outlook 2010. The extra time required will depend on which email client the user is using and the email data volume that needs to be transferred to Outlook mailbox if email client migration to Outlook is needed. Staff training courses on MS Outlook 2010 and Exchange will be available and users can enroll via AIMS’s Staff Development. For more information on Exchange implementation, please visit “Exchange Migration Q & A” at http://www.cityu. edu.hk/csc/deptweb/support/faq/ email/exchange/Migration_QnA.htm, and “FAQ on Exchange System” at http://www.cityu.edu.hk/csc/deptweb/ support/faq/email/exchange/.
BRIEF UPDATES
Short introduction – University Wallpaper Andy Chun To support the University’s new “Discover & Innovate @ CityU” tagline, all our public CSC Express Terminals have recently been updated in December 2010 with a new screen savers which highlights our new theme as well as sports a more modern and young look. To further promote our University spirit, we decided to offer our screen savers as “wallpapers” for computer desktops. The wallpapers are available at: http://www.cityu.edu.hk/web2.0/wallpaper/ Students and staff can also share their own designs with the CityU community. Just email them to me at cio@cityu.edu.hk.
3
4
OCIO NEWSLETTER
FEATURE
Private Cloud of Department of Computer Science C M Hui Cloud Computing is a promising technology trend for the provisioning of IT services. Many datacenters have been moving towards the Cloud service model. The Computer Science Laboratory (CSLab) has started to build a departmental private Cloud in 2008. Most IT services of the Department of Computer Science (CS) are now supported by this internal Cloud. CS students and staff have already been enjoying the efficiency and flexibility of the Cloud in their learning and research activities.
Instant Response to Server Requests In Cloud Computing, computers and data storages are put together to form a large and shared computing resource pool. Virtual Servers are created out of the resource pool dynamically upon request. Most CS courses require back-end server supports in order to provide an application development environment for students’ works. Teaching staff and research students ask for servers from time to time for their research activities. Before employing the Cloud Computing service model, CSLab
took months to acquire the required hardware. Set-up and installation normally took an additional week. Today, a request for a server can be completed in minutes. If pre-installed Operation System (O/S) is required, a new server will be replicated from a template. The replication process normally takes less than an hour.
Resources on Demand When a stand-alone server was purchased to serve an IT service request, it should be configured in its maximum capacity to guarantee peak-load performance. Very few servers ran at its peak load round the clock. As a result, computing power of many stand-alone servers was actually wasted. One advantage of Cloud Computing is that virtual servers are dynamically scalable. Computing power and disk storage for a virtual server can be increased anytime when needed. At the start-up of a project, we can always assign minimal capacity to the virtual servers being requested. As the project grows towards its full production scale, computing power can be increased accordingly. In the old days, expanding an IT service’s capacity can take months in acquiring of new hardware, re-installation of every system components and migration of both data and application.
Energy Saving Photo courtesy of Peter Mok (CSC)
Cloud Computing Service Model
Last but not the least, Cloud
Computing is an environment friendly technology. It is by nature an immediate answer to the demand on Green Computing. Cloud Computing enables the sharing of computing resource. The optimized use of resource reduces the demands on rack space, power supply and cooling capacity. Power consumption of the CSLab server room has been halved after migration to Cloud Computing. In anticipation of the growing demands, the capacity of our private Cloud has been doubled since its first deployment in 2008. As newly acquired hardware is much more powerful and compact, the required rack space and power supply remains the same.
Further Work CSLab has just taken the first step on Cloud Computing. Services on schedule include individual virtual desktops and virtualized computing labs which allow both staff and students to work anywhere anytime on the Cloud.
Issue 2 • Jan 2011
BRIEF UPDATES
BRIEF UPDATES
CityU Phone Service Update
Usage of Windows 7 — An Update
S K Tsui
Joe Lee
The CityU has adopted IP phone solution to replace old PABX system since 2002. Over 8 years’ growth, the CityU IP Phone system is now composed of a Cisco Unified Communications Manager cluster, a Unity voice mail system, RightFax server, voice gateways, fax gateways and IP phone sets (powered by PoE) inter-connected through Cisco routers and switches. The IP Phone system’s core equipment and core network are built with full redundancy with the highest priority being given to voice traffic to ensure best quality and reliability.
We started to deploy Windows 7 in the Computing Services Centre (CSC) and Library’s Information Space for teaching and learning in January 2010. As we replaced Windows Vista directly with Windows 7, students have two computing environments to choose from – Windows 7 and Windows XP. Students can freely select among these two environments to work with. The following table summarizes recent logon statistics. Year
Month
OS
2010
September
WinXP
62,894
69,287
Win7
25,747
22,784
WinXP
52,448
63,610
Win7
24,569
25,767
October
Currently over 5,500 desktop IP phone sets and fax lines have already been installed or migrated from the old PABX system on campus or remote offices including the new CMC Building. In contrast to the expanding IP phone system, we have less than 800 legacy analog lines in the old PABX system and this number keeps shrinking as the migration goes on. Besides the conventional desktop phone sets, wi-fi phone set is made available to staff who need mobility such as support staff who work among different locations on campus or remote offices. The wi-fi phone provides similar functions and messaging applications available on the desktop IP phone. It also provides fast and easy deployment for ad-hoc functions, events, etc. Personal fax service is another new feature integrated into the IP Phone system providing comprehensive network fax solution for creating, sending, receiving, and managing faxes directly from a user’s desktop computer. With RightFax (the personal fax server), users can fax documents as easy as printing it to a network printer. It has several advantages over the conventional fax machines. Users can send and receive faxes without the need to install fax machine and additional phone line; it also eliminates the cost needed to maintain and operate a fax machine. If you want to know more about the CityU IP Phone service, please visit http://www.cityu.edu.hk/csc/ deptweb/facilities/ctnet/IPPhone/index.htm for detail information.
November December
CSC
LIB
WinXP
49,688
58,035
Win7
28,885
28,664
WinXP
16,960
24,680
Win7
10,687
15,748
Obviously, students still use Windows XP often but more and more students select Windows 7 gradually. The logon ratio of these two platforms is approximately 2:1. As we have recently replaced the computers in the CSC and Library’s Information Space with advanced models, students will soon find that Windows 7 outperforms Windows XP significantly in various aspects. We will see the ratio change soon. We announced campus-wide support of Windows 7 in April 2010 after satisfactory production release on public access student computers, PCs at LTs and classrooms, and the successful pilot run with some staff LAN PCs of a few departments. As it is voluntary for staff to upgrade to Windows 7, some staff prefer to stay with older Windows platforms even though they know that Windows XP and Vista are inferior to Windows 7 in performance. The following table shows recent staff logon statistics. Year
Month
WinXP
Vista
Win7
2010
September
38,611
14,154
13,017
October
36,892
13,330
14,185
November
36,909
13,620
15,304
December
32,535
12,116
16,114
Windows XP still seems to be popular at the moment while Windows 7 gradually replaces Windows Vista. As Windows Vista performs poorly and its primary support ends in April 2012, its phasing out will be planned afterwards.
5
6
OCIO NEWSLETTER
RECAP
Protection for CityU Email Systems to Reduce Spam and Phishing Email Henry Wong As a protection for all University email users, the Committee on Information Services and Technology (CIST) endorsed in its meeting in August 2010 to enable email spam filtering as a default for all CityU email users, and it was implemented on staff, student and alumni email systems on 21 December 2010. The default spam filtering of level 9 (email with calculated spam score of 90% or higher will be filtered as spam) will be applied to new email accounts, and to all old email accounts which have not enabled or set spam filtering rules before. Filtered email will be kept in the AUTO-PURGE folder of the user’s mailbox for 1 month where the user should check regularly for any mistakenly filtered email. Users can adjust the spam filter level of his/her email account, and add whitelist and blacklist to complement the autofiltering as needed. Please see the Appendix for background on email spam filtering in the University, and refer to the details on spam filtering.
Appendix Background:
Since 2006, the CityU has deployed a popular email anti-spam filtering tool and has enabled basic spam filtering for staff, student and alumni email systems. This has reduced the volume of spam email by two-third, and for optimal antispamming result, users are encouraged to further enable spam filtering in their email accounts and adjust the filtering level according to the amount of spam email received (users with popular email address prefix or actively engaging in social networking and web services with
their email accounts may receive more spam email). However, almost 75% of staff and 90% of students and alumni have not enabled spam filtering, and this not only degrades day-to-day email communication for studies and work as spam and phishing email is intermixed with the normal one, but also exposes themselves and the University to spammers and hackers. Reference:
1. What are email spam filtering, spam level, whitelist and blacklist?
http://www.cityu.edu.hk/csc/ deptweb/support/faq/email/ spamfilter/usrguide.htm#autofilter 2. How can I adjust spam filtering level and set up whitelist and blacklist? http://www.cityu.edu.hk/csc/ deptweb/support/faq/email/ spamfilter/enablefilter.htm 3. Where can I find the messages filtered by spam filtering? http://www.cityu.edu.hk/csc/ deptweb/support/faq/email/ spamfilter/filteredmsg.htm
BRIEF UPDATES
Common Data Collection Annie Ip, Yolanda Yue All UGC-funded institutions have to provide a series of statistics covering student, staff, finance and research to the UGC in the annual Common Data Collection (CDC) Exercise. The Office of the Chief Information Officer (OCIO) is responsible for the collection and reporting of these institutional data. The CDC submission cycle starts in December and ends at October, covering census date student enrolment and staff numbers, exchange student numbers, student attrition numbers, graduate numbers, student load figures, admission statistics, non-academic information of new students, employment information of graduates, educational background of academic and research staff, staff movement, research outputs and grants, income and expenditure, patents, and companies with technology transfer. A large part of the required data are extracted on the census date from the Banner system, which is an integrated University database containing the single source of student, staff and alumni data. The extracted data are checked and the OCIO will clarify with relevant data custodian offices on any discrepancy found to ensure the data reported are accurate and consistent. For research data and financial data which are not kept in the Banner system, the OCIO requires assistance from relevant University offices to provide the data for compilation and consolidation. Apart from reporting to the UGC and other government bodies, the data collected are also provided to the University management through our Executive Information System (EIS) to support the evaluation and planning processes.
Issue 2 • Jan 2011
BRIEF UPDATES
BRIEF UPDATES
Searching the CityU Web Made Easy
The CityU Web Login Page Took on a New Design
Maria Chin The “CityU Web Search” support by the Google Search Appliance (GSA) was implemented on the CityU Homepage in mid-August 2010 (reported in first Issue of the OCIO Newsletter), and on 1 December 2010 it is brightened up by a new design. With the GSA, updates to web pages on any CityU websites become searchable shortly after they are released. The GSA also features “Narrow your search”, “Related Queries”, “Advanced Search”, and “Intranet Search” empowering users with speedy and concise search results.
Maria Chin A new design for the CityU Web Login Page has been released on 1 December 2010. Users of the CityU protected web (for staff-only or student-only) will see this page that prompts for CityU EID and password authentication.
• Narrow Your Search helps user refine a search by suggesting a list of search phrases which are extracted from the search result heuristically. • Related Queries provides a list of pre-defined related queries (key words, vocabularies) that match a user search phrase, and it greatly increases the chance of locating the right information. Departments are welcome to provide the CSC with related queries to enrich the search database. • Advanced Search provides options for searching pages in a specific language, file format, location, etc. It can also search for pages which contain links to a specific URL. • Intranet Search facilitates staff and students to search both the City public web as well as the CityU intranet upon authentication. This provides great convenience to the users; however, departments, staff and students are reminded to go through the content stored in their departmental/project/personal websites to remove sensitive information to avoid it turning up in search result undesirably. Apart from being a central search tool on the CityU Homepage, the GSA can also be used as a local search in a website, for example the one on the CSC Homepage (please see screen snapshot on the right) that only searches for pages contained in the CSC website. Departments interested in implementing a local search on their homepage may contact the CSC for technical arrangement.
As visual appearance is the most direct way for identifying the genuineness of a web page/site, especially one that asks for username and password, users should take note of the change. The old and new looks are shown on the right. Information on staff and student EIDs and how to technically verify the genuineness of a CityU protected web page/site is also found on the login page.
7
8
OCIO NEWSLETTER
FEATURE
DegreeWorks on Its Mark W K Yu
The seven nominated programmes piloting the 4-year degree curriculum in 2010/11 are on board; so is DegreeWorks, also for these programmes. After eight months of preparation and hard work from The Academic Regulations and Records Office (ARRO), the Enterprise Solutions Office (ESU) and the Computing Services Centre (CSC), the system was launched on 23 December 2010 for preview by the programme leaders and the departments offering the seven programmes. After the grades of Semester A had been recorded in the student database, the system was opened up on 7 January 2011 for students to view their progress of studies. DegreeWorks, the new web system for academic advising and degree audit for the 4-year degree curriculum, provides a user-friendly and comprehensive worksheet for students and their advisors to track degree progress, prepare for registration, and plan for graduation. At its first stage of implementation, a worksheet summarizing the curriculum requirements for each student is made available to the student and his/her advisor(s). The worksheet shows the course grades if applicable, and highlights the credit units attained and the
units required for meeting the requirements for graduation. Feedbacks, comments and suggestions are being collected from students and staff on the clarity of curriculum requirements presented in the students’ advising worksheets and ease of understanding of information shown. More functions will be implemented to facilitate academic advising and study planning in the coming months.
Moving On The second phase of implementation covers further 22 programmes which adopt the 4-year degree structure starting from 2011/12. With experience gathered in using DegreeWorks to help the students of the 29 programmes to plan their studies and to provide a useful tool to faculty members for advising students on academic matters, it is expected that the system interface and information delivered through the software will be well prepared for the full implementation for all 4-year degree programmes, about 70 of them in total, in 2012/13.
DegreeWorks is also taking over the existing Curriculum, Advising and Program Planning (CAPP) module in Banner Student being in use for degree audit. The latter has been considered inadequate to support communication between students, faculty members/advisors and administrators. It does not provide web report that is easy to view, read and understand. Hence students of all other programmes, including taught postgraduate, professional doctorate, research and associate degree programmes, will join the 4-year degree students to enjoy the more user-friendly, interactive and effective study planning and advising facilities that DegreeWorks offers. Subject to the resources available and priority being given to the undergraduate programmes, it is planned that the implementation for these programmes will also be in 2012/13.
Issue 2 • Jan 2011
FEATURE
Quota-controlled free printing hits new record high Joe Lee Hitting new record high sometimes is good but it is certainly not the case in student printing as more trees are destroyed and substantial energy is consumed to produce tons of paper, distribute them and print them. The following chart depicts the usage trend of quota-controlled free student printing service in 6 consecutive years since its launch in 2005. The usage pattern is very similar over the years; however, the total number of pages printed rises rapidly. In only 6 years, the usage has been doubled giving a total of nearly 25,000,000 pages per year. Analysis of the printing records shows that most files printed are already in commonly used electronic formats (e.g. MS Word, Excel, PowerPoint and Acrobat etc.) which can be viewed on screen conveniently. However, students want to print hardcopies for some reasons. Perhaps, it is necessary to cultivate online studying habit so that printing can be reduced.
a lot of money as there is a standard charge rate levied by the vendor for each page printed regardless whether the printed page is blank or not.
2. Printing of non-academic related materials Printing of restaurant menu, private tutor material, cartoon snapshot, promotion of election, scanned image, photo, banking statement and others is common.
3. Uncollected printouts
Printing hitting a new peak is not without reasons. Although we emphasize that the precious resource is solely for academic purpose, we have observed unacceptable wastes and abuses from time to time.
Course notes are printed but not collected. They become scattered on the surface of the printer or dropped around the printer. Finally, they are not only treated as trash, but also unnecessary extra effort has to be spent on keeping the printing areas clean and tidy.
1. Printing of blank paper
4. Printing without previewing
This is the worst situation in which students print blank pages and collect them for their personal use. This wastes
Students tend to print everything of a document without previewing the content first. As a result, blackened
graphics, unreadable PowerPoint slides and useless pages are printed.
5. Printing of unnecessary pages Students tend to print the whole set of course material while only part of it will actually be needed.
6. Changes in course notes Students tend to reprint the entire course notes as the course materials are amended. This comprises the major waste if not abuse. Printing demand can be drastically reduced if students care to print only the changed pages. The CityU printing service has always been the most generous when compared to that of other institutions. However, with the forgoing abuses of this service, we are forced to review the service shortly to make it sustainable in the long run. We hope that our students can save more trees by making the best and prudent uses of the printing resources for learning and course work.
9
10
OCIO NEWSLETTER
BRIEF UPDATES
Current State of the Campus Network C Y Kwok Introduction The University’s data network (CTNET – City University Campus Network) has undergone several major upgrades since its creation in 1985. Each major upgrade represents the adoption of the latest state-of-the-art networking technologies and standards. The network has evolved from circuit switching to Ethernet, Extended Ethernet, FDDI, ATM, Gigabit Ethernet, and eventually to 10 Gigabit Ethernet as of today. The CTNET became a converged network (a single network that moved both voice and data simultaneously versus running separate circuit-based and IP-based networks) in 2002, when Gigabit Ethernet was deployed throughout the network. The last network upgrade was performed in 2007-2008 with the incorporation of 10G Ethernet. The current network has sufficient capacity in meeting users’ bandwidth demands at least for the next 2 to 3 years.
Description of Existing Campus Network The CTNET is built based on a three-tier hierarchical architecture, which comprises the Core Layer, the Distribution Layer and the Access Layer. The 10G Ethernet Backbone of the CTNET is composed of a pair of Layer-3 switches at the Core Layer together with over half-a-dozen pairs of Layer-2/3 switches at the Distribution Layer. The core switches and each pair of distribution switches are interconnected in a meshed topology using 10G Ethernet links for full path redundancy. Each pair of switches at the Distribution Layer is further connected to a number of Layer-2 switches (located inside the various wiring closets distributed over the campus buildings) at the Access Layer, forming a Distribution Group.
Normally intra-group network traffic is confined within the same Distribution Group while inter-group and offcampus network traffic is exchanged at the Layer-3 core switches. For each Distribution Group, redundant links exist between each access switch and the pair of distribution switches. Apart from the Layer3 core layer, a small Layer-2 core layer is built for the purpose of linking up a department’s network which spans across the distribution groups. The existence of the Layer-2 core is undesirable for its being a potential threat to network stability, but it is necessary because a typical department may have staff offices located at separate zones, buildings or remote sites.
Networks for the New Buildings and Remote Sites The CTNET has been extended from the main campus to a number of remote sites over the years. These sites include:
• Festival Walk – direct fibre connection • Student Residence Phase 1, 2 & 3 – direct fibre connection • Creative Media Centre – direct fibre connection • InnoCentre – 100Mbps leased Ethernet service • Science Park – 1000Mbps leased Ethernet service • Chak On Market – 20Mbps leased Ethernet service • GrandTech, Shatin (Library)) – 100Mbps Ethernet service • Ka Chi School (SCOPE) – 20Mbps Ethernet service • United Centre, Admiralty (SCOPE) – 20Mbps Ethernet service • ChinaChem Plaza, TST (SCOPE) – 100Mbps Ethernet service As such, all the network services provisioned at the main campus such as the Internet, IP phone and wireless LAN, etc. are also available to users at the remote sites.
Issue 2 • Jan 2011
BRIEF UPDATES
The coming new buildings such as the Academic 2 Building and Academic 3 Building, as well as the Student Residence Phase 4 will also have direct optical fibre connections to the main campus.
Looking Forward Much effort and time have been spent in extending the network from the main campus to the remote sites in the recent 2-3 years, resulting in far less effort and time being put in fine-tuning the network for optimal performance and stability, as well as keeping abreast of the new networking technologies. Since data communication links (leased Ethernet circuits) are expensive, the remote sites relying on using leased Ethernet service for connection with the network at main campus do not have the luxury of having backup links and sufficiently large spare bandwidth. Therefore, as the number of remote sites increases, the overall resiliency of the network degrades accordingly. Hopefully, the number of these remote sites will drop after the completion of the new buildings. Also if the University can come up with a better policy for space allocation (e.g. to avoid allocating space in separate zones/buildings/ sites to the same department), then the Layer-2 core can be retired. Since network upgrade is a never ending process, it is about time to plan for the next major network upgrade, which may occur in 2 to 3 years from now. The current hierarchical network design may become outdated by then, as network vendors are talking about flat networks and borderless networks nowadays. Cloud Computing, Green IT and Virtualization has changed the requirements on the data centre networks, and the existing networking equipment inside the Computer Room may require an upgrade earlier than the other parts of the network.
CAP – Feature Highlight and Usage Statistics Maria Chin The CityU Announcement Portal (CAP) was launched on 1 September 2010. Considering the feedbacks of staff and students, there have been some 30 feature enhancements since then which have enriched the users’ experience. Below are the most popular features: • Scheduled Posting — Departments can prepare announcement in advance and set a release date, and the announcement will be posted at 9:00 a.m. on the release date. • Post message to customized list — Departments can prepare a list (EIDs or e-mail addresses) and use it to post announcement to the selected audience. • Sign-up option for seminar and event — Departments can enable the “Signup” option when preparing an announcement. Users will see a “Sign-up for the event” button in the posting and can click on it to enrol in the event immediately. Confirmation of enrolment and reminder can also be sent afterwards. • Re-edit a submitted posting — A submitted posting (except University Announcement) can be edited and posted as a revision (Update) of the original posting. • Hit counts — Departments can keep track of the number of times a posting is read and the number of email-this-post-to-me is selected. More enhancements for the CAP have been planned which include a mobile interface, i-calendar, instant messaging for urgent announcement, etc.
11
12
OCIO NEWSLETTER
BRIEF UPDATES
BRIEF UPDATES
Notebook Ownership Scheme for Students (NOSS) 2010 Joe Chow To encourage our students to employ IT device for their studies, the University has organized the Notebook Ownership Scheme for Students (NOSS) 2010. For students who are eligible for the NOSS 2010, they may apply for the subsidy amount of $1,000 for a notebook computer (including netbook computer) purchased from EITHER the Digital Technology Festival 2010 (DTF 2010, altogether 5 runs) organized by the Student Union (SU), OR the Notebook Ownership Programme 2010 (NOP 2010, altogether 2 runs) organized by the Computing Services Centre (CSC). The NOP provided the whole University community including staff, students and alumni with an opportunity to purchase notebook computers at competitive prices. Nearly 1,000 notebooks were sold in the two NOP roadshows. Each eligible student can apply for one subsidy only regardless of how many units of notebook computers have been purchased. After collecting the notebook computers, eligible students can apply for the reimbursement by completing the NOSS application form available from the AIMS. For more information of the NOSS, please refer to http://www.cityu.edu.hk/csc/ deptweb/services/noss/noss2010/noss2010. htm.
Desktop Computer Upgrade in Computing Services Centre and Library Joe Chow After serving for more than 5 years, the desktop computers in the Computing Services Centre (CSC) and the Library (LIB) were planned to upgrade in the 2010 summer semester break. As these computers were purchased and upgraded in the same exercise last time, it is reasonable to replace them also in one single exercise this time. The reasons for upgrade are not only the performance of these computers, but also their high hardware failure rate. After replacing these old computers, it is expected that a performance gain of about 20 to 30 percent and a drop of hardware downtime of about 50 percent in the first year can be anticipated. It is hoped that the upgrade can provide students and lecturers with the best user’s experience. The tender exercise started in June 2010, and the vendor chosen was Expert Systems who offered HP 8100 Elite desktop computers with the main configurations as shown below: Model
HP 8100 Elite
Central Processing Unit
Intel i5-750 (2.66 GHz, 8M Cache, 4 cores/4 threads)
Memory
4GByte
Hard Disk
500GByte (7200rpm)
Chassis
Small Form Factor
The original upgrade was planned to be done in the summer break of 2010; however, due to an intermittent system problem* suddenly occurred, the upgrade exercise was postponed. After solving the problem, the upgrade was completed in the mid December 2010. About 700 PCs in the CSC Student Terminal Area and 135 in the LIB were upgraded in this exercise. *The system problem was related to one of the start-up services, used by application virtualization, which randomly conflicted with other system processes. The solution to this problem was to adopt the “delayed start” function of this service to avoid the conflicts.
Issue 2 • Jan 2011
IT Security Awareness Series by JUCC With an aim to enhancing the IT security awareness of the CityU community, the KPMG was commissioned by the Joint Universities Computer Centre (JUCC) to prepare a series of articles on IT security and they will be adopted and published here for your reference.
Mobile Computing I. Background
Benefits
The users’ aspirations for easy access to information resources has spurred the demands for the use of mobile computing devices, e.g. PDA, laptop and Smartphone) through wireless network.
1. Mobility — With access to educational information at any time and from any location with wireless coverage, teachers and students would benefit from great flexibility in communication, which improves the efficiency of faculty teaching, student learning and collaboration.
Industry Story
People
The Mobility Effect By 2013, Internet Data Centre (IDC) predicts the number of Internet-capable mobile devices that will go online to reach 1 billion. Mobile phones will overtake PCs as the most common internet access device worldwide. More and more organisations in different industries have deployed mobile devices for higher efficiency in communication and collaboration, ushering in a new era of computing and employee productivity. The strong growth of mobile computing also poses new concerns for data security. According to Symantec’s Internet Security Threat Report, 63% of vulnerabilities reported in 2008 affected Web applications. In 2009, the first Smartphone botnet took advantage of users’ contact lists to spread itself via SMS. See the article: See the article: http://www. computerworld.com.au/article/348611/ mobility_effect/
Mobile Computing in Education The use of mobile computing within universities is expanding at an everincreasing rate. While staff and students can enjoy the beauty of mobile computing, drawbacks also exist at the same time.
feasibilities and establishing an effective strategy when adopting mobile computing. An assessment on the key elements, including people, policies and technology, should be performed to determine the necessity and approach of mobile computing implementation in university environment.
2. Higher efficiency — Today’s portable computing devices provide a variety of functionalities such as organiser, instant messaging and video streaming, which allow better organisation of teaching / learning schedule, effective individual (oneto-one) mentoring process and enhanced teaching approaches.
Drawbacks
A university’s transition to mobile computing relies on an effective integration of wireless technologies into a higher education environment with proper commitment from management. To support and manage its educators and students in a mobile environment, management should perform a comprehensive analysis of the user profiles. The major elements that should be assessed by management include:
1. Security threats — Wireless signals are broadcasted in public area and can be easily captured by outsiders. Thefts of mobile devices not only cause economic loss but also result in potential leakage of personal information. Examples of the malware or spyware are FlexiSpy, QQsend and InfoJack.
• Educational needs — the criticality,time sensitivity, and user expectations of education and research activities that will be shifted to a mobile environment. Do they require a real-time response? What is the value added of moving to a mobile environment?
2. Higher security cost — The inclusion of mobile computing devices adds complexity to the existing security management process. New security devices for mobile computing are needed and the IT management needs to conduct more awareness training for IT staff and users.
• Access mode — management should find out the approaches and locations that users gain access to university’s information systems and resources. What kind of mobile devices do they prefer? How many different locations are involved, and are those locations used repeatedly or occasionally?
II. Management
• Usage patterns — management should consider how educators and students utilise mobile technologies to perform their tasks. The variety of tasks includes presentation, tutorial,
Transition to Mobile Computing Universities’ management are responsible for evaluating the
13
14
OCIO NEWSLETTER
peer mentoring, self-learning, documentation, research study and program scheduling.
Policies As mobile devices and information services are increasingly used in combination, universities need a comprehensive set of policies to ensure consistency of information security management, compliance of relevant laws and regulations, and an optimized achievement of educational objectives for mobile initiatives. Policies should address the following key questions: • Who is an eligible mobile user? • What are the user responsibilities? • What technology is provided and supported? • What level of access and services are provided and supported? • Who buys or owns the mobile devices? • Who pays for the support and maintenance? Developing comprehensive mobile policies cannot be done in isolation. It is crucial to involve all university key stakeholders, including management, educational staff, IT security personnel and students.
Technology After management has analysed the mobile user profiles and defined the policies, there are technical decisions to be made: • Selecting devices for each mobile user type; • Setting the communication requirements; • Defining security requirements and support technologies; and • Formulating the support plan. The following principles should be observed when making technical decisions: 1. Mobile solutions must align with the university’s long-term mobility strategy. They should support the overall educational objectives and
also allow for easy migration to new mobile platforms and support multiple platforms. 2. University must keep its sensitive information out of the wrong hands by carefully choosing mobile technology with built-in security features. For example, the devices should have encrypted hard drive, device tracking and recovery abilities, and user-authentication solutions such as integrated smart cards or biometric readers. 3. University should adopt reliable and centralised device management mechanisms to handle increased risks of device theft, data leakage and other security breaches resulted from mobile solutions. A competent mechanism, such as Blackberry Provisiong System and Microsoft System Centre Mobile Device Management, shall allow its IT administrators remotely shut down, diagnose, repair, and update a mobile device’s system via secured channels. 4. University shall revise its existing security policies in response to the new security threats that come with the mobile computing technology. The revised security policies should cover the issuance of mobile devices, secure configuration, secured access control, travel considerations and device destruction. Corresponding security awareness training program shall also be delivered to mobile users before releasing the devices. 5. Regular risk assessment must be conducted by the university to identify any security vulnerabilities in its mobile network. The assessment may include a penetration test of wireless setup, a review of encryption measures being used for wireless communication and a revision of policies and procedures pertaining around wireless networking.
6. University should provide its IT administrators and support personnel with adequate technical training in relation to security hardening, device maintenance, and security incident management of mobile devices and infrastructure.
III. General Users Upon the deployment of mobile computing environment in the university, one of the issues contributing to a lack of security is the perception of general users that university mobile computing devices are also personal devices and there is little risk involved in common practices.
Roles and Responsibilities As the university mobile devices have real access to university data, general users should not use them for personal purpose and should comply with the university security policies. General users have an important role to ensure the security of their mobile devices and the university protected information.
Good Practices 1. Enable password protected screen / keyboard lock Always enable this first line of defence in helping to protect the information in your mobile devices. It should be set to automatically lock the devices after being left idle for a predetermined amount of time (e.g. 5 minutes). 2. Minimize storage of data on mobile devices Try to store only minimum amount of data necessary on a mobile computing device for the shortest possible time required. For data that requires longer period of storage, move it to a more secure device and remove it from mobile device as soon as possible. Avoid storing confidential data in the mobile computing device. University protected servers should be the first option for storing confidential information.
Issue 2 • Jan 2011
3. Encrypt your files Make use of data encryption software such as WinZip as well as TrueCrypt for file encryption on university laptop. A strong key, created in line with the security policy, should be used for encryption when files are being transferred into removable media or through email. 4. Do not use unauthorised wireless connections Avoid connection to unauthorised wireless network, either unknown wireless networks or unsecured connection in a public place. 5. Do not open messages from unknown sources SMS or Multimedia SMS (MMS) from unknown or suspicious sources may contain malicious content and should not be opened when checking messages on mobile computing devices. Bluetooth function should be deactivated by default. Data transmission requests from unknown Bluetooth devices must not be accepted. 6. Comply with security policies Understand and follow the guidelines and best practices stipulated in the security policies. Consult IT security for any inquiries or arising information security related matters.
BRIEF UPDATE
CityU WLAN Update S K Tsui The CityU was the first university in Hong Kong to provide wireless LAN service to the University community in 1997. After several generations of evolution, the CityU WLAN has improved dramatically in varies areas. Below is a summary of the current status: • The CityU WLAN system consists of 7 Aruba 6000 Mobility Controllers and more than 1,600 APs. It covers more than 98% of the campus area, and users can enjoy mobile computing anywhere on campus. Below shows the schematic diagram of the whole system. • It supports all kinds of wifi standards (802.11a/b/g/n) providing both data and voice service. To get the best performance, it is suggested that devices supporting the fastest standard 802.11n and the most sophisticated security standard WPA2 be used. You may get at most 300Mbps connection speed. • All staff, UGC funded students, alumni and ex-staff can enjoy the CityU WLAN service on campus. • Staff and students may also enjoy free wifi service at all local wifi hot spots operated by PCCW and Y5ZONE. There are over 11,000 hot spots in shopping malls, fast food shops etc. in Hong Kong. • Staff and students may also enjoy free wifi service at all JUCC institutions and all eduroam participants all over the world. • CityU WLAN service has been extended to the new CMC Building and will be extended to the new buildings under construction such as the new Academic 2 and 3 Building, etc.
Tips in Getting the Best Performance from the Wireless LAN
Occasionally users may find the connection speed very slow. This may be due to overcrowding and non-optimized configuration of the wifi device. You may get better performance by applying the following tips: • Update your wifi device with the latest driver and OS patches for bug fixes and better performance. • Turn on 802.11n channel width to maximize performance if your wifi device supports. Also select only 802.11a and/or 802.11g wireless mode for fast connection and do not enable 802.11b mode whenever possible.
Reference: http://clifmims.com/site/documents/ MobileWireless-HigherEd.pdf
• Increase the “Transmit Power” of your wireless adapter.
http://www.informationshield.com/ press04-17-2009.html
• Since wireless network uses share topology, all users using the same spectrum in the same area will share limited bandwidth. Interference and collisions will occur and increase exponentially when user density rise. In consequence, vigorous competition of bandwidth with others is inevitable and hence users will experience performance drop. If you find your location is crowded with wifi devices and your connection speed is unreliable, you may consider to move to another less condensed area to continue your work for better performance.
http://searchmobilecomputing.techtarget.com/ news/1269948/Mobile-security-is-end-userand-IT-responsibility
For further information, please visit the CityU WLAN home page http://www.cityu.edu.hk/csc/ deptweb/facilities/ctnet/wlan/wlanmain.htm.
http://www.nascio.org/publications/ documents/NASCIO-SecurityAtTheEdge.pdf http://www.computer.org/portal/web/csdl/ doi/10.1109/MITP.2010.96
15
16
OCIO NEWSLETTER
FEATURE
HARNET and Optical HARNET Upgrades C Y Kwok The Hong Kong Academic and Research Network (HARNET) is the wide-area network that links the campus networks of the eight tertiary institutions in Hong Kong and connects them to the Internet, the TEIN2 and other research and academic networks. The HARNET is managed by the Joint Universities Computer Centre (JUCC), a consortium of eight UGC-funded institutions. The HARNET also provides Internet connectivity to JUCC’s affiliate members and network members, including the Open University of Hong Kong, Vocational Training Council, the Hong Kong Examinations and Assessment Authority and the Hong Kong Science and Technology Parks. The HARNET currently rides on the Optical HARNET, which is an optical network provisioned as a managed wavelength service by a local carrier.
The local Internet connection to HKIX was also upgraded from 1 Gbps to 2 Gbps. The HARNET forms direct peers with the following networks at HKIX: • APAN-JP (Asia-Pacific Advanced Network, Japan) • ASGCNET (Academia Sinica Grid Computing Centre, Taiwan) • ASNET (Academia Sinica, Taiwan) • Google • KREONET (Korea Research Environment Open Network) • Hurrican Electric (for IPv6 traffic only)
The HARNET also peers with the CERNET (China Education and Research Network) and the TEIN3 (The Third Generation of the Trans-Eurasia Education Network) at Mega-Iadvantage, Chaiwan with bandwidths 155 Mbps and 70 Mbps respectively. The HARNET HKIX router and the HARNET routers of the eight HARNET member institutions were upgraded to using 10G Ethernet for the local HARNET connections. Along with the HARENT upgrade, the Optical HARNET was also upgraded in July 2010.
The following diagram depicts the current HARNET: A series of upgrades were conducted on both the HARNET and the Optical HARNET in last year. The HARNET was migrated to a new service provider for its Internet connectivity and central router management in March 2010. The following summarizes the changes and upgrades which have been performed: The International commodity Internet bandwidth was upgraded from 1.2 Gbps to 1.5 Gbps in March 2010. It was then adjusted down to 1.0 Gbps in June 2010 due to low Internet traffic in Summer Holidays and upgraded to 1.75 Gbps in September 2010 in anticipation of high Internet traffic for the new academic year.
Issue 2 • Jan 2011
The old Optical HARNET consists of two 10G rings as shown below:
Although the optical nodes are capable of DWDM (Dense Wavelength-Division Multiplexing), the two 10G rings were actually implemented over 2 optical rings instead of using 2 lambdas (Wavelengths) over one single optical ring. Since fixed-wavelength OADMs (Optical Add Drop Multiplexors)
were used, additions and changes to the optical network were difficult, downtimes and service interruptions also could not be avoided for those additions and changes. Each HARNET member was provisioned with 2 GE ports for the HARNET Internet connections.
Comparatively the new Optical HARNET is more advanced and more flexible. Each optical node supports DWDM with up to 40 lambdas (Wavelengths) out of box. A total of seventeen 10G rings (1 lambda for each) are implemented over three optical rings. Additional 10G rings (up to forty 10G rings for the optical network) can be provisioned on demand anytime without incurring service interruptions. The optical nodes of the HARNET members are eROADMs (enhanced Reconfigurable Optical Add Drop Multiplexors) while the optical nodes of the service provider which participate in the three optical rings are MD-ROADMs (Multi-Degree Reconfigurable Optical Add Drop Multiplexors). The following diagrams show the logical connections and the physical connections respectively.
17
18
OCIO NEWSLETTER
Statistics at a Glance DLS — Student Notebook Computer Daily Loan Scheme
Issue 2 • Jan 2011
WLAN – Wireless LAN
19
20
OCIO NEWSLETTER
LLS—Student Notebook Computer Long Term Loan Scheme
Glossary Corner
Social Media Info from Wikipedia Andy Chun (ed.) I am sure most people must have used or at least heard of Facebook and Twitter. But there are many other “up-and-coming” social media apps. In this Section, I will highlight two of the hottest social apps in 2010 – foursquare and groupon – both roughly only two years old. The following is extracted and modified from Wikipedia:
Foursquare Foursquare is a web and mobile application that allows registered users to connect with friends and update their location. Points are awarded for “checking in” at venues. Users can choose to have their check-ins posted on their accounts on Twitter, Facebook or both. Users can also earn badges by checking in at locations. If a user has checked-in to a venue on more days than anyone else in the past 60 days, they will be crowned “Mayor” of that venue. Foursquare started in 2009. As of December 2010, the service had 5 million registered users internationally. Foursquare added photo upload service in December 2010. Within 3 weeks, 1 million photos were uploaded through iPhone and Android.
Groupon Groupon is a deal-of-the-day website that is localized to major geographic markets. The company offers one “Groupon” per day in each of the markets it serves. The Groupon works as an assurance contract using The Point’s platform: if a certain number of people sign up for the offer, then the deal becomes available to all; if the predetermined minimum is not met, no one gets the deal that day. This reduces risk for retailers, who can treat the coupons as quantity discounts as well as sales promotion tools. Groupon makes money by getting a cut of the deal from the retailers. Groupon was launched in November 2008. By October 2010, it has amassed 35 million registered users. Groupon is “projecting that the company is on pace to make $1 billion in sales faster than any other business, ever”. In October 2010, Yahoo! was rumored to have offered over $3 billion to acquire Groupon. On November 2010, it was reported that Google offered $5.3 billion with a $700 million earnout to acquire Groupon. This article uses material from Wikipedia. The Author(s) and Editor(s) listed with this article may have significantly modified the content derived from Wikipedia with original content or with content drawn from other sources. The current version of the cited Wikipedia article may differ from the version that existed on the date of access. Text in this article available under the Creative Commons Attribution/Share-Alike License.
Editorial Box OCIO Newsletter Advisory Board Dr. Andy Chun (OCIO) Ms. Annie Ip (OCIO) Mr. Raymond Poon (CSC) Mr. Peter Mok (CSC) Mrs. W K Yu (ESU) Publishing Team Ms. Noel Laam (CSC) Ms. Annie Yu (CSC) Ms. Joyce Lam (CSC) Mr. Ng Kar Leong (CSC) Mrs. Louisa Tang (ESU) Ms. Doris Au (OCIO) For Enquiry Phone 3442 6284 Fax 3442 0366 Email cc@cityu.edu.hk OCIO Newsletter Online http://issuu.com/cityuhkocio