THE UNIVERSITY OF
CHICAGO
Gregory A Jackson
Vice
President & Chief Information Officer
Winter 2002
Memorandum
To: Faculty, Officers, & Directors
About: Information technology notes, Winter 2002
I try annually to outline progress: improvements in University networking and computing. The first score of items on this year’s list are in this spirit, and I’ll begin with them. Unfortunately, I must conclude with some important and unavoidable network constraints. I hope you will skim those items (#22-#28) even if you skip the rest.
1.
Media equipment & services. NSIT now makes media
equipment generally available on a rental basis. Use in University courses by
regular faculty remains free. Other University uses receive substantial
discounts from market rates for comparable equipment. Similarly, some NSIT
multimedia production services are now available for more diverse uses.
http://intech.uchicago.edu/rental/
2.
The Chalk service. This service uses software from
Blackboard to simplify putting course materials online. The number of courses
using Chalk has grown sharply, from under 50 two years ago to over 600 this
year. We have expanded support for faculty who wish to use Chalk for course
materials. We expect some time next year to integrate Chalk more closely with
Gargoyle, the new student system.
http://intech.uchicago.edu/ltg/chalk/
3.
CNetIDs. In due course, many services on the campus
network will use CNetIDs in place of the earlier, separate “ph aliases” and
@midway.uchicago.edu addresses. New users of the campus network receive
CnetIDs. We have assigned CNetIDs to existing users (see the second URL below).
Although old email addresses will continue to work for a long time, we
encourage everyone to begin using CNetIDs instead. Users still have different
passwords for services with different security requirements. We expect to
simplify this over time.
http://cnet.uchicago.edu/
http://whoami.uchicago.edu/
4.
New students. Beginning this past summer, incoming
students got their CNetIDs during the summer. They thus joined our online
community much earlier than in the past, a very popular change. We also
provided much orientation material on a Windows/MacOS CD, replacing several
printed documents.
http://o-fest.uchicago.edu/
5.
Classrooms & clusters. The Crerar cluster continues
to be widely used and appreciated. The classroom, seminar area, and multimedia
production facilities get heavy use. NSIT and the Libraries are designing a
similar cluster for Regenstein, in the hope funding for it will become
available. Renovation of media classrooms continues, with better projectors and
other equipment in a larger set of rooms each year. New scheduling software in
the Registrar’s office should enable better allocation of these popular
resources.
http://intech.uchicago.edu/ccc/
6.
IMAP versus POP email. The “Post Office Protocol” (POP)
is designed to hold email only until it has been read, and performs very poorly
otherwise. Nevertheless, many users use the “leave mail on server” setting for
flexibility, thereby causing great inefficiency. We support and strongly
recommend the more sophisticated “Internet Message Access Protocol” (IMAP),
which is designed for flexible access from many locations, and it is now the
default protocol. Users whose POP
settings include “leave mail on server” should change to IMAP, since we soon
will be forced to limit or disable this POP setting. Somewhat related, it is
important to check mail at intervals no shorter than 15 minutes. Higher
frequency greatly degrades email services.
http://connectivity.uchicago.edu/
http://advisor.uchicago.edu/docs/authchange/ssl-imap
7.
Webmail. We have enhanced and expanded direct Web access
to University email. The service now includes signatures, filters, and other
advanced features. It satisfies the secure-authentication rules I outline
below. For IMAP users, it gives access to all IMAP folders from almost anywhere
on the Internet.
http://webmail.uchicago.edu/
8.
Directories. Until now there have been several
repositories for online directory information. We are combining and
coordinating these, reducing the discrepancies and confusion frequent today. In
due course the core directory will not only contain the usual information, but
also will serve as a central resource for authorizing access to restricted
resources through the CNetID.
http://phonebook.uchicago.edu/
http://www.uchicago.edu/uchi/directories/phquery.php
9.
Organizational email. Three years ago we discontinued
so-called “orgmail” accounts, as they had been widely misused. We implemented a
list-based mechanism whereby addresses like <xx@orgs.uchicago.edu>
forward mail to the appropriate recipient(s). NSIT now can provide publishable
“@uchicago.edu” addresses in cases where official University business requires
this. A department must always take
official responsibility for managing the special address, and I must approve
each request.
http://orgs.uchicago.edu/
10.
Desktop computers. Working with departments campus-wide,
NSIT recommends particular configurations for users of Windows or MacOS desktop
computers. We make the recommended platforms available at cost (about $1500
with monitor, $2000 with flat panel) through the Campus Computer Stores (CCS).
http://ccs.uchicago.edu/Prices/Recommended.html
11.
Leasing & fee-based support. NSIT offers two
options for departments that do not want to support desktop computing
themselves. The lease-plus-support offering includes periodic replacement of
the desktop computer plus backup, installation, and other support ($90-$110
/computer-month). A support-only option ($40) is designed for departments that
already have active equipment-renewal programs of their own. This can be
particularly useful for departments challenged by the system-management
requirements I outline below.
http://dpc.uchicago.edu/cnetpc/
12.
Software. NSIT continues to license Microsoft Office,
Eudora, McAfee AntiVirus, and other widely used software for “free”
redistribution on campus. We work with departments on site licensing to reduce
costs and administrative overhead when several individuals or departments use
the same software.
http://licensing.uchicago.edu/
13.
Recycling. Some departments seek an outlet for working,
surplus computers. The Campus Computer Stores can add these to the large number
of trade-ins it already donates. Obsolete computers present a problem, since
they contain toxic heavy metals that must be disposed of properly. The Campus
Computer Stores also handles this, using a certified recycling contractor.
http://ccs.uchicago.edu/
14.
Web services. Many departments and offices use NSIT Web
Services as an internal fee-for-service vendor to design, implement, maintain,
and host their Web pages. This service has grown rapidly. So has the complexity
of services and mechanisms it can support. Many departmental websites – even
those with redirected “dept.uchicago.edu” URLs – are now managed and served
through Web Services. Separately, students, faculty, and staff continue to use
“home.uchicago.edu” for personal web pages.
http://nsit.uchicago.edu/webs/
http://home.uchicago.edu/
15.
Online applications. The College and several other
Divisions and Schools now provide online applications developed and managed in
conjunction with NSIT Web Services. These make the process more convenient for
prospective students, while preserving the unique features of our applications.
https://uncommonapplication.uchicago.edu
https://grad-application.uchicago.edu
16.
Videoconferencing. Small rooms equipped for H.323
(Internet-based) videoconferencing are available in Crerar and at 1155 E 60th
Street. We expect to add additional facilities, and to provide H.320
(ISDN-based) services in addition to H.323. We have a portable H.323 unit that
can be used anywhere on the University network.
http://intech.uchicago.edu/ltg/video/vconf.html
17.
Training. The range of NSIT courses continues to
expand, both in traditional classroom formats and online. We recently changed
from SmartForce to NetG as our provider of online information-technology courses.
This doubles the number of courses to about 500. They are available free to
anyone in the University community.
http://uccbt.uchicago.edu/
http://training.uchicago.edu/
18.
Student system. Gargoyle, the replacement for the
University’s old student system, is about halfway through its implementation.
Student billing will become active later this spring. We expect to move
historical records into the new system next year. Once this happens, the
cumbersome and frustrating splits between new and old systems will be behind
us, and it will become possible to exploit the capabilities of the new system.
http://registrar.uchicago.edu/
19.
Other administrative systems. Online access continues
to improve. POPS generates purchase orders online. ACCTS creates new accounts
and transfers expenses (soon to include payroll) online. TRACS processes grants
and contracts. BSD Institutional Review Board documents now distribute
electronically, replacing tons of paper. The administrative data warehouse
(IRF) now includes payroll as well as financial accounting data.
http://www.uchicago.edu/adm/ura/tracs/
http://nsit.uchicago.edu/csi/ssystems.shtml
20.
Caller ID & E-911. Within the next few months we
will implement off-campus Caller ID. Calls from off campus will display calling
numbers (on phones with screens). Calls to off campus will transmit a calling
number. Among other benefits, this means Privacy Manager and similar
telephone-company services will no longer block calls from the University. Meanwhile, we recently complied with the
Illinois requirement that 911 calls from campus phones transmit locations to
Chicago emergency services.
http://nsit.uchicago.edu/vdn/e911/
http://nsit.uchicago.edu/vdn/callerid/
21.
Emergency phones. Working closely with the University
Police and the Vice President for Community Affairs, we are extending the
University’s network of emergency phones into the Woodlawn neighborhood. This
work will begin soon, and should be completed over the next year or two.
http://www.uchicago.edu/commonsense/phonelocs.html
Now I turn to constraints. Beyond the CNetID(#3) and POP/IMAP (#6) transitions I mentioned above, they involve secure authentication, system management, and acceptable use of our network.
For the past two years NSIT has provided free anti-virus software, implemented various mechanisms for securing username/password transactions, and tightened access to the network. We did this anticipating the current epidemic of dangerous network-based viruses and worms, and University liability for acts by network users. We now must move from enabling secure authentication and virus/worm protection to making them mandatory. We also must enforce acceptable-use policies more actively. I expect further restrictions from the Patriot Act, but for the moment we foresee five principal constraints. More information is linked to http://security.uchicago.edu/.
22.
Secure access to central services. Beginning this
spring and taking full effect for email later this fall, we will disable
non-encrypted username/password transactions on central servers. I first
announced this change two years ago. It affects the University’s mail servers
and the shared Unix and file-transfer services on harper.uchicago.edu. We
encourage all campus network users to install a recent Connectivity Package, to
configure SSL or ssh access, to begin using Webmail, or to make other
arrangements soon. Clear-text authentications will no longer work once this
change is complete.
http://advisor.uchicago.edu/docs/authchange/
23.
Secure access to departmental services. By January
2003, any individual or departmental server that does substantial
authentication – many users, many transactions, or both – must use some
suitable mechanism to encrypt its username/password transactions, or otherwise
to make them inaccessible to sniffers and crackers. This will especially affect
departments that run their own mail servers.
http://security.uchicago.edu/
24.
Computer administration. Personal computers on the
University network must run anti-virus software. So must other computers that
share files with campus computers. Virus-definition files should be updated and
scans performed daily. Server-class computers, whatever the operating system,
must be actively managed. The OS and network applications must be upgraded or
patched regularly as their manufacturers specify.
http://licensing.uchicago.edu/download/antivirus/
25.
Scanning & disconnection. NSIT will disable the
network connection for any machine its routine scans find vulnerable to or
compromised by dangerous viruses or worms, or to be violating the Eligibility
& Acceptable Use Policy (EAUP) in ways that place the University or the
network at risk. We will not reinstate connections until the machine is
demonstrably secure. If an offending computer is behind an unauthorized
firewall, or part of a subnet or hub not managed by NSIT, NSIT may have to
disable connections at the firewall or hub, thereby disconnecting other related
computers as well. In cases where a machine violates the EAUP, NSIT refers the
case to the appropriate authority for disciplinary or legal action.
http://nsit.uchicago.edu/eaup
26.
Wireless & local subnets. Only eligible users (see
the EAUP) may connect computers to the campus network. This applies not only to
NSIT-installed jacks, but also to hubs, base stations and other wireless access
points, and similar “private” network extensions connected to NSIT jacks or
ports. Anyone who permits an ineligible person to connect a computer to the
campus network assumes full personal responsibility for any legal, financial,
or other consequences of the improper connection. Anyone operating an accessible
wireless access point must take steps, such as WEP encryption or access lists,
to prevent unauthorized wireless access. “Private” hubs and access points must
not interfere with campus network operations.
http://network.uchicago.edu/docs/networking-policies.html
Separately, distribution of unlicensed music and movies has become almost as large a problem as viruses and worms. Use of the University network for such purposes violates the EAUP. It can entail legal consequences for the individual and the University. Moreover, distribution of unlicensed music and movies clogs University Internet connections. This interferes with more legitimate uses of our network. I reiterate the University’s policy:
27.
Illegal use. The University’s network may not be used
for illegal purposes. This includes unlicensed distribution of copyrighted
material. Such use will subject offenders to University discipline, and perhaps
to legal action with serious consequences. Under the federal Digital Millennium
Copyright Act (DMCA), second violations require the University permanently to
deprive the offender of all network access.
http://nsit.uchicago.edu/eaup
28.
Ancillary use. Current students, faculty, and staff of
the University may use the network for non-University purposes (personal email,
travel planning, catalog purchases, and so on) provided (a) it is not
illegal, commercial, for private gain, or otherwise prohibited and (b) it
does not interfere with core University purposes, or with other users. Any
non-core use of the network that NSIT deems to be interfering with others may
result in disciplinary action.
http://nsit.uchicago.edu/eaup
I’m happy that the University’s information-technology resources continue to progress. I’m sorry that increasing malfeasance, both on campus and off, requires constraints on our use of those resources. We will continue trying to balance the competing demands on our infrastructure and services.
For convenience should you want to share it, this memo is online, with live links to the specified URLs for additional information (http://whodunit.uchicago.edu/nsit/letter-winter-02.html). As always, I welcome your comments and questions. My phone number is 2-2828, my office is in Admin 605, and my email address is <gjackson@uchicago.edu>.