DUKE ITAC - June 13, 2002 Minutes
June 13, 2002
Attending: Ed Anapol, Mike Baptiste, Pakis Bessias, John Board, Ken Hirsh (for Dick Danner), Angel Dronsfield, Brian Eder,David Ferriero,Tracy Futhey, Patrick Halpin, Billy Herndon, Ken Knoerr, Roger Loyd, Forrest Smith (for Melissa Mills), Kyle Johnson (for Caroline Nisbet), George Oberlander, Mike Pickett, Clare Tufts, Fred Westbrook, Robert Wolpert, Molly Tamarkin
Guests: Chris Cramer, Suzanne Maupin, Mark Olson, Bill Rankin
Call to Order: Meeting called to order 4:05 PM
I. Review of Minutes and Announcements:
- Today is Ken Knoerr's last official ITAC meeting. On behalf of ITAC, Robert Wolpert thanked Ken for his years of service and contributions to the group.
Update from Cflix pilot
- 525 students participated
- Content came from places such as Disney, Comedy Central, Adam Shockwave, Heavyink, etc
- During the trial, there were 9900 logins
- 75% testers logged in one time a week
- 25% - logged in 5x a week
- 40% - logged in 3x a week
- Post Pilot Survey results showed:
- 28% watched 30 minutes to 1 hour per visit
- 44 minutes per visit was the medium time
- 77% said they rent movies once a month, however, they have physical and monetary restraints that keep them from renting more often.
- 80% of the population said the service was good or very good
- 13% said the service was excellent They would like to see more movies that are shown for classes, etc.
- 41% said they would be very likely to pay monthly subscription rate for the service if it was under $3.00
- Pearl Harbor was the most popular movie
- In the future those surveyed said they would like more content, more variety, and more blockbuster movies
- Students could have hooked their computer up to TV to watch the movies, but most watched on their computer instead
- 525 students participated
Some preliminary results of beta test which took place from March 21 - April 28:
John Board: Is there anything specific planned for the fall?
Angel is talking with Cflix about offerings - They are also looking at having a stand alone offering - for those who may not be getting cable, but would still be interested in the offering. It would be a complimentary service, not competitive with cable TV
Robert Wolpert: Because people self selected, seems like it could have been a bit of a biased sample
Angel: True, but they had so many people try to sign up, they had to shut off registration service
Duke PH/ED/ HR integration plans and timelines
- Telephone directory schedule,
- send out mailings,
- do maintenance,
- ship to directory convergence center,
- Telephone directory schedule,
Schedule for roll-out:
this year we will have converted to LDAP and will coordinate with LDAP before sending data to the convergence center. Converted the data the best they could to match the SAP organization structure as department on locators as well as on titles, It was hoped that it would have been easier to convert.
Mailed out department locators, individual locators mailed out in mid-July, all information will be updated, and we will be on LDAP then, update LDAP, send to convergence center
Right now, nothing is running from production, conversion 1st week of August
LDAP will be converted on the evening of Aug 6, they will come up on LDAP on Aug 7, they hope to be feeding other systems by Aug 12 Loading from PeopleSoft and SAP Aug 12 - remedy, office environmental safety, 3-4 total other groups will have feeds from the Enterprise Directory
Rob Carter Chris Cramer and Suzanne met and made a preliminary decision for Systems Administration to use the Enterprise Directory instead of building their own LDAP type system - they will continue to investigate this.
John Board: Is LDAP running now ?
Suzanne - Yes, but a new Enterprise Directory LDAP will be loaded daily, which will replace old one.
Ken Knoerr: Each year we verify our addresses, do you also send lists to the departments to review?
Suzanne: Those are the blue pages which are sent to a contact person in each department. They receive their section with a cover letter, and are asked to distribute to others as necessary.
Suzanne: Individual locators go to payroll clerk first and if the person is no longer on payroll, they should take this person out, unless it is overridden.
Mike Baptiste: When the new LDAP goes to standard port - all emails clients will not work for LDAP if they have been configured for the current LDAP, is there a way to make that automatic?
Suzanne: All of the currently configured clients will work. We're implementing a routing mechanism that will route any requests addressed to the current CNAME and port to the new CNAME and standard port. We encourage users to change their configurations over time to the new CNAME and port just for the sake of increased efficiency, but the current configurations should work indefinitely.
Robert Wolpert: With different databases loading, how do discrepancies get resolved, are individuals notified?
Suzanne: the primary systems: SAP, PeopleSoft and overrides, get put in 3 places, their primary affiliation determines how they are listed.
Although I use the term "override", we really don't have "overrides" as such in the Enterprise Directory. We have the means to store additional information that does not exist in SAP, some of it being converted from legacy payroll and some from other various sources (notably the legacy telephone directory override files). This information includes Duke physical address, Duke mailing address, fax, voice mail, privacy preferences, email, alias, etc. LDAP has areas in the schema for SAP information, PeopleSoft information, and other "Duke" information. The primary affiliation determines which of those three areas populates the public inetOrg and EduPerson LDAP attributes.
It is noteworthy to add that for an individual who is both a student and an employee, the PeopleSoft "residence" and "mailing" addresses have the student's dorm and student box number, whereas the LDAP "Duke" area will have the employee's office address and departmental box number. All four addresses are for the same individual and all four are validly different. If the eduPersonPrimaryAffiliation is "student", then the student's residence address will populate the standard inetOrgPerson attribute named "postaladdress" and the student's mailing address will populate the inetOrgPerson attribute named "postOfficeBox". Otherwise (i.e. the eduPersonPrimaryAffiliation is not "student"), LDAP DuWorkPhysicalAddress will populate "postaladdress" and DuWorkMailAddress will populate postOfficeBox. It's a little complicated, but I think important for end users to understand that there are four possible valid "Duke" addresses for a student/employee, and only two places to put them in the standard inetOrgPerson and eduPerson object classes, so we decided to have primary affiliation be the deciding factor. All of the addresses are always available to authorized users in LDAP, but only postaladdress and postOfficeBox are publically available to anonymous access unless there are privacy preferences and/or FERPA protections).
To add further complexity, both postaladdress and postOfficeBox are multi-valued attributes, so we could populate them with all four addresses (two each). However, many of the standard LDAP clients do not handle multi-valued address attributes reliably, so we're loading them with single values until the technologies behind the clients catch up with those of the LDAP directory server.
Self service will be next phase for current employees and faculty Students will use SISS to make updates
John Board: Is there a global workflow picture somewhere showing the flow?
Yes, Suzanne's group has one, it can be pulled together and shared.
Tracy Futhey: Could Suzanne or someone in her group draw the picture for those interested in technical underpinnings of the Enterprise Directory? Will they be supporting LDAP groups?
Yes, they have a few groups, for phase one, those groups have to be groups they are managing right now
Tracy Futhey: We all need to help, we have to go to our school or departments to update our information so that the data is right and use the central system
Ken Knoerr: One problem is that the central database doesn't do what you need locally so departments create local databases, and use them, and then it doesn't get into the main database
Kyle: Their department has a process and workflow - they only allow certain changes in their local databases
Privacy policies and IT
- Look into files, this does not happy that often
- Request to monitor networking use, this happens a fair amount
- Look through email -
- email of employee not here today, but is an employee
- look into email of employee misbehaving
There have been privacy issues over last 6 months - The question brought up is what procedures need to be in place? This has come up many times, and it is not an issue of legality, legally Duke can watch all traffic email, etc. we would like to hold to a higher standard of ethics, however, so in Chris' opinion, this is not legal, but an ethical discussion
There are 3 types of requests to violate a Duke individual's privacy:
Chris feels this is not a good thing It is not just dealing with the privacy of individual's inbox - there could be other people's privacy involved as well It seems that most issues can be handled administratively -with work rules, for example
There are really no privacy policies out there - there is a security policy that says we cherish privacy, but we may violate it for legal, policy, or technical reasons
We do not have procedures, We do not set expectations, no where are the differences discussed between faculty vs non-faculty's privacy rights
Molly - Creating a policy will be painful, in meantime, some kind of statement of best practices to supervisors may be helpful. For example, how to make it easier for someone to leave, do not use personal email addresses for departmental needs, etc.
How many of these requests to access "private" information are being honored?
Chris works with the requestor to get them what they say they need while protecting privacy to the best degree.
It raises the question of using Duke email to talk to a lawyer or a physician, for example.
Forest: Maybe we could make a directory under mail where people could put non-private things
Might be difficult for non-sophisticated users to do things like that.
Tracy - Are these technical problems, or general privacy policies? For example, there is no statement of when someone can walk in another person's office and go through their things
This was agreed upon and there is need for a senior officer(s) to be involved in this discussion there are technical things that can help though, like an auto reply when people leave, etc.
George: There are different email clients, lotus notes for example, that the administrator needs to go into to diagnose problems - it wouldn't make sense in some departments that don't use lotus notes, but maybe individual units need to make up their own policies with guidance from the central organization, but not have one global policy.
Faculty vs Staff distinction is important. We need to retain the culture of the university to keep high quality people here
Robert Wolpert - It is not an IT issue, but it affects IT in a big way, it may be a good idea to start with a committee at ITAC.
ITAC Video Subcommittee "midpoint" update
- Capture comprehensive snapshot
- Work to benchmark against peer institutions/research
- Focus groups/ web poll for future needs
- videoconferencing services worksheet
- video streaming services worksheet
- Directory on video website - where to go , etc
- Online research and interviews with peer institutions
- U of WA,
- Selected these universities because they are doing what we are looking to do or peers based on proximity/size If you have suggestions on other institutions, please pass them along
- Benchmarking - June
- Snapshot -June
- Focus groups - July
- Recommendation to Tracy - August
- video services website
- Recommendation for centralized service
- Collaborative framework
- Sustainability plan
- Appropriate centralization/federation vs. Individual Ownership
- Baseline services vs Cutting-edge
- Funding models (fee for service - is it sustainable, what are alternatives)
- Administrative buy-in
Mark Olson and Fred Westbrook
Video Services subcommittee website:
In order to get the Snapshot - they will do a survey:
Focus groups/web poll - these will be the ones involved:
Clare: Will there be faculty around in July?
This topic comes up every committee meeting. May have thin research but still be able to get a broad map of what is out there, they may need to fill in faculty information in the fall, they will try to get as many as possible to respond to web poll, since that can be done remotely.
Clare: Need to try to make sure the faculty is not lopsided toward science faculty, other faculty in the humanities may not be as likely to be on campus in the summer.
George: how far are you in research?
The website has more details, but we are fairly far in research, have looked at practices extensively, The meeting minutes are on the website
Ken K: Fee for service may create have and have not departments - May need to look into a better funding model
Pat: How do granting agencies react to this - will they fund it?
We have Duke studios and Educ media services, which are providing services now and it is true that some grants will not pay for these services.
Molly: Possibly a need for a student facility, computer labs may need to change, recommendation for students to use,
Kyle: hired new person - looking at how to help student organizations
Robert Wolpert: As we have on demand - cataloguing - metadata? Make easier to find
The group did meet with the CMS group, how can they work together, Should the data be defined in CMS?
Ken K: Is there a rep from the library?
High performance/cluster and GRID computing at Duke
Center for Computational Science Engineering and Medicine, funded through Provost The focus of this position is to provide campus-wide support for distributed and cluster computing of the Beowulf variety. Supports high performance computing, cluster computing Rachael Brady does visualization piece of it
Trying to assist researchers with procurement, installation and setup, training and consultation using Beowulf clusters.
Assist with needs - consult and develop specifications, shipping and procurement, help with set up, training and consulting work
Also worked with groups across campus to develop a cheaper alternative for those with limited funding. Develop high performance computational nodes from Intrex, deal with issues of training, set up and using clusters to their specific needs, not as much support.
Physics - had a lot in place - Linux OS- 3rd party software, They were able to use that to build cluster community across campus.
By dealing with problems found in one department, they can also apply those to problems in another departments.
Training and consultation:
Follow through with plans - offer graduate class on programming and using cluster computers. Graduate students can come in with a project in mind and use the project as a vehicle throughout class. They will then be able to go back to their research group with project completed or more knowledge They hope to have the class in the fall, but it did not make fall catalogue, They are going to go out and discuss the class with professors who might be interested in having their research students involved, It will be a small pilot class
Looking at having a visualization class in spring
NC Bio grid - 2 pages handout,
breakdown of NC Bio Grid: Grid model is that as a researcher you login and get one password, login to grid, can access a machine that reaches out with many resources
Brings together large distributed resources, computational and storage It is like a powergrid, draw as much power as you want and you will be billed according
Same thing here, draw as much virtual computation research, draw as much power as you need and billed accordingly
The resources are connected
Bio Grid, UNC, NCS, Supercomputing System at Duke have developed the grid computer for bio informatics projects
2 page handout - 1st page , Diagram of initial testbed, Proof of concept Grid computing - grid is a lot of pieces of complex issues security, registry, etc.
How long does the process take to work with a department to set up something like this?
It takes about 2-3 months, depending on how much you know, what you need, what you have already, etc
John Board: They are on the second thousand of nodes, They have started putting together an inventory.
Robert Wolpert: Can you tap into the Supercomputer lab and use some of their short classes? Yes, technology is changing quickly, so we do look to you to keep up with that. Trying to build a virtual community across campus, there are pockets of good experience,etc.
They have a mailing list, and hoping to expand upon it
Fred: Is any data related to patient data? Is it HIPPA compliant?
Yes, there are several working groups, application working groups are dealing with patient data
How do people get in touch with you?
Right now, e-mail, call,etc. There are no formal publications, it is grassroots, they like to go out to the researchers.