NAC Log on Change – Aug 6

30 07 2014

This email from the TSC went out to all faculty and staff on 2014-07-28:

Dear Faculty and Staff:

When prompted to login to Cisco NAC beginning on Wednesday, August 6th your logon ID will no longer be your legacy user account (e.g., smithj2) but will instead be your Royal ID Number.  You simply enter your Royal ID Number (it is printed on your Royal Card) and your my.scranton.edu password (also your email password).

This conversion is part of Planning and Information Resources continuing efforts to improve services through standardization and to provide secure and reliable computing resources.

Questions and concerns about the Cisco NAC conversion to Royal ID Number should be directed to the Technology Support Center at x4357 or techsupport@scranton.edu.

P.S. Cisco NAC (aka CNAC) is that blue pop-up screen that you log in to in order to connect your desktop/laptop to the University network.


Comments : Leave a Comment »
Tags: , ,
Categories : Announcements, Network and Infrastructure

TAG Meeting Notes 2014-05-07

7 05 2014

TAG Meeting May 7, 2014 12:00pm-1:00pm

Attendees:
Jeremy Brees, Tim Cannon, Teresa Conte, Kim Daniloski, Dave Dzurec, Tara Fay, Jim Franceschelli, Eugeniu Grigorescu, Calvin Krzywiec (guest), Andrew LaZella, Kristen Yarmey

TAG thanks Library Dean Charles Kratz for sponsoring lunch for our meeting today.

1. BYOD Strategy Draft

Calvin Krzywiec joined us as a guest to present and discuss a draft version of IR’s strategy for accommodating the BYOD (Bring Your Own Device) trend. Cal is Assistant Director of Network Security & Engineering and served as chair for the IR Strategy Group tasked with studying BYOD. The group is currently seeking feedback from campus stakeholders to incorporate into a final strategy.

Cal explained that the group’s objectives were driven by increasing demand among students and faculty for access to institutional services from personal mobile devices. The group’s top priority is supporting BYOD for teaching and learning, while a secondary priority is protecting the security of institutional data.

For teaching and learning (see p. 2-4 in the draft), IR’s BYOD objectives include:

  • Investigate and implement untethered teaching/learning solutions
  • Focus classroom upgrades on providing collaborative, flexible workspaces
  • Leverage virtual desktop/application technologies and client devices to reduce reliance on physical lab infrastructure
  • Leverage virtual desktop/application technologies to provide ubiquitous access to lab software resources
  • Investigate and implement secure electronic assessment solutions
  • Expand lecture capture to additional locations

The draft identifies several barriers to BYOD implementation that were also raised by faculty members in TAG’s informal survey on specialized software and computer labs.  These include:

  • Expensive licensing fees for specialized software
  • Potential disparities in student computer ownership
  • Inaccessible and/or limited power sources
  • Security for electronic assessment/computerized testing
  • High demand on wireless network

The draft strategy recommends partnership with CTLE to support faculty needs as well as engagement with faculty during the implementation of BYOD-related strategies. Jim said that IR will work with TAG to recruit faculty volunteers to test out tools and services. While the precise timeline for rolling out these changes isn’t yet determined, there are some pilot projects already in motion. Faculty members in KSOM are piloting software for securing a browser (for computerized testing) using lab computers running thin clients. Teresa noted that the Nursing department would be very interested in piloting computerized testing tools in McGurrin. IR also plans to pilot test untethered teaching/learning options in the fall – TAG will get more information on this in the summer. Tim volunteered to participate in this pilot. IR has already been piloting Panopto lecture capture and will be looking to add this capability to additional classrooms for Fall 2014. Mobile printing is also in process.

Regarding network and authentication issues: Cal said that IR will be replacing the Cisco NAC client with encrypted SSID authentication, so that users will be able to log in to the University network from their device without downloading and installing CNAC. Once a device has been logged in,  it will stay logged in – users won’t have to reauthenticate multiple times during the day to stay on the network.

The second half of the draft (p. 4-9) addresses faculty and staff devices. One issue addressed is primary computing devices (for most faculty, our desktop computer). While currently primary devices are purchased and provided by the University, alternative models such as reimbursement or stipends for equipment and software purchases could be discussed.

Secondly, in order to protect institutional data, the draft proposes a three-tiered mobile device management (MDM) system:

  • Mandatory: This tier applies to all University issued devices and requires an enrollment in a MDM system that enforces the implementation of technical controls on the device, such as lock code, lock when idle, remote wipe capabilities, device encryption, and potentially even location tracking for locating a lost device.
  • Optional: This tier applies to all non-­‐corporate owned staff, faculty, and affiliate devices connecting to University systems, including email. Enrollment in the MDM solution is optional but the expectations of minimal technical controls and the requirement to notify PIR of a lost/stolen device are defined in institutional policy. Employees must agree to allow the University to wipe the device when it is lost/stolen or the employee separates from the institution.
  • Exempt: This tier applies to student devices. This tier has no requirements but offers guidance to students on how to secure their devices.

The draft proposes that a remote wipe could be partial rather than complete, “removing only corporate data.”

Kristen raised concerns about the Optional tier, which would apply to many faculty-owned mobile devices. Firstly, the exact definition of “corporate data” may need to be clarified. According to Appendix VIII (“Copyright”) of the Faculty Handbook, in most (but not all) circumstances, faculty retain copyright over works created as part of their normal teaching, research, and service duties – including research data, lecture notes, videos of lectures, syllabi, etc.  Kristen will look into existing University policies and documents to better understand what types of records (email?) would fall under this policy. Kristen also raised concerns about references to wiping data (including email) upon “employee separation,” which for faculty may take different forms (emeritus, phased retirement, terminal sabbatical, etc).

The BYOD Strategy Group will be compiling feedback into the next draft of the report. Kristen will write up summarized feedback from TAG’s discussion as a formal response to the draft document.

2. Brief Updates 

(The BYOD discussion took up most of the meeting, so updates were rushed.)

Identity Finder automated scans (Kristen)

Kristen has been working with Adam Edwards and Scott Finlon in Information Security to answer faculty questions about Identity Finder automated scans. Kristen has updated the Identity Finder FAQ with clarifications from Information Security.  There are still some faculty concerns about the scanning and reporting process (which was approved by the President’s cabinet back in June 2013); however, we have addressed as many as possible.

Information Security would like to begin the automated scans. TAG members present at the meeting felt ready to move forward with scanning faculty machines. Dave will report at this Friday’s Senate meetings that scans will begin. Kristen will work with Adam to coordinate a schedule and an all-faculty email notification.

Test Scanning Services (Jim)

Jim reported that IR will be changing the hours of Test Scanning Services effective Monday, May 12, 2014.  The service will continue to be provided from Alumni Memorial Hall, Room 001. Tests may be dropped off and results picked up Monday through Friday, from 8:30 am to 4:30 pm.  Based upon demand and operational requirements, immediate service while you wait may not be available.  IR will continue to strive to meet the needs of our customers and will provide a 24 hour turnaround of test scanning results.  Jim asked that faculty please plan accordingly as we approach the end of the Spring term.  Jim will contact regular users of the test scanning service with more details.

Desire2Learn (Eugeniu)

Additional Desire2Learn workshops are being planned for the summer – see CTLE’s workshop calendar for the updated schedule. Eugeniu also reminded TAG members that faculty should back up any student data (including grades, discussion forms, and dropbox submissions) in Angel that they wish to keep. Step by step instructions have been emailed out, but CTLE staff will also hold workshops on this during Senior Week for anyone who needs assistance (see ). Student access to Angel will be turned off as of May 30, but faculty will have access until July 31. After that, data stored in Angel will no longer be available.

PR Department/Program Website Initiative (Dave/Teresa)

We ran out of time for in-person updates on this project. Lori had sent Kristen updates via email. Kristen will post these notes to the TAG site in a separate update.

4. Adjournment

The meeting adjourned at 1:05pm. TAG will not meet again as a full group until Fall 2014, but projects and communication (via email) will continue during the summer.

[Updated immediately after posting with correction to Cal’s title]


Comments : Leave a Comment »
Tags: , , , , , , , , , , , , , , , , ,
Categories : Angel and Desire2Learn, Announcements, Classroom Mediation, Email, Minutes, Mobile, Network and Infrastructure, Security

TAG Meeting Notes 2013-10-02

3 10 2013

TAG Meeting October 2, 2013 2:00pm-2:50pm

Attendees:

Jeremy Brees, Tim Cannon, Kim Daniloski, Dave Dzurec, Tara Fay, Jim Franceschelli, Eugeniu Grigorescu, Andrew LaZella, Sandy Pesavento, Kristen Yarmey

Mary Goldschmidt, newly appointed Faculty Development Specialist in CTLE, sat in on our meeting to introduce herself to TAG members and gain familiarity with TAG-related projects.

1. Brief Reports

Desire2Learn (Eugeniu)

Staff members in CTLE and ITDA continue to develop an implementation plan for our switch from Angel to Desire2Learn. More details are forthcoming, but here’s what we know so far:

  • Desire2Learn will be in place in January and available for Spring 2014 teaching
  • By default, 2 years’ worth of past courses will be converted from Angel to Desire2Learn (academic years 2011-2012, 2012-2013). Faculty will be able to request that older courses be converted (e.g., if you’ve used Angel to teach a course that only runs every three years).
  • Desire2Learn support staff will do training for on campus trainers and administrators.
  • In mid-November, there will be 2 introduction sessions for faculty.
  • CTLE will be working with a few faculty members to pilot courses. (Eugeniu will let us know who.)
  • Angel will be “turned off” in May 2014 (that is, it won’t be available for teaching), but it will still be available for content retrieval until September 2014.

Let TAG know if you have questions or requests related to the LMS transition and we’ll pass them along to CTLE and ITDA.

Identity Finder (Kristen)

At our September 2013 meeting, TAG members volunteered to serve as pilot participants for faculty implementation of automated Identity Finder scans (prior to full rollout). Automated scans were to begin at noon on Friday, September 19. TAG members reported no indication that scans had taken place, but Jim explained that users are not necessarily notified by the Identity Finder application when a scan is running and that users cannot see their own scan results. Kristen will contact Adam Edwards in Information Security for clarification on this point.

Kristen continues to work with Adam on preventing Identity Finder scans of confidential human subject research data or client files. Adam met with Joe Dreisbach and University Counsel Rob Farrell for additional discussions about managing sensitive research data. Adam reported that Joe would meet with the IRB.

Automated scans do not apply to faculty members using Mac or Linux machines.

Active Directory – R Number Log in (Jim)

On September 25, Kristen and Dave met with Jim, Jerry DeSanto (VP of Planning and CIO), Robyn Dickinson (AVP of Planning and Information Management), and Lorraine Mancuso (Director of Project Management) to discuss IR’s current and planned projects for this academic year. There were three major projects of particular interest to or impact on faculty: implementation of Active Directory log-in for faculty desktops, phasing out of Windows XP, and a new lecture capture pilot.

Jim reviewed IR’s plan for converting faculty desktop PCs to Active Directory login – which on the user side essentially means that we will log into our desktops using our R numbers, as we do for lab or classroom computers. The conversion just began and will roll out over campus through the rest of Fall 2013, scheduled by department. Users will get email notifications one week prior to their scheduled conversion, as well as an email reminder the day before conversion that will include instructions. Triage teams of IR staff members will be available to assist users.

This change will only apply to Windows PCs (XP and Windows 7). The change does not apply to Macs, laptops, or tablets. Connections to networked printers, copiers, etc will be maintained.

Faculty members in Psychology were scheduled for the first rollout (with IR staff, since they are all in AMH) on September 30, but an unexpected issue delayed the conversion. Tim reported that this was confusing for users who tried to log in with their R numbers as they had been instructed to do and were not able to access their machines.

Windows XP End of Life (Jim)

Microsoft is discontinuing support for Windows XP in April 2014. There are about 1,000 XP machines on campus at this time – about 400 of them in Academic Affairs (including faculty but also adjuncts, academic staff, etc). IR plans to update all remaining XP machines to Windows 7, though not all of them will be completed by April 2014. For faculty desktops with XP, the conversion will involve downtime. Jim said that conversions are being scheduled with the academic calendar in mind, and once the schedule is released, faculty will be able to request alternative dates for conversion if the assigned date conflicts with teaching or research. Training on Windows 7 is available from Jack Williams.

Lecture Capture (Jim)

Last year, MediaSite lecture capture systems were installed in two rooms in LSC. TAG members Jeremy Sepinsky and Tara Fay were among the faculty who piloted the technology. This year, there was increased demand for lecture capture in LSC, but it was not feasible for IR to install MediaSite in additional classrooms, since each MediaSite installation requires its own, local server.

This year, faculty in Nursing and Counseling are piloting a different, cloud-based tool for lecture capture – Panopto. Feedback so far is positive, and installation is much easier and faster. At the end of the semester, IR will seek feedback from the pilot faculty to decide how to extend lecture capture services on campus.  TAG member Sandy Pesavento will keep tabs on faculty feedback. Kristen suggested that CTLE arrange a Faculty-to-Faculty workshop or demonstration for Panopto.

Angel Support (Dave)

The Faculty Senate executive committee reported concerns from at least one faculty member about the availability of support for Angel during off hours (nights and weekends). Jim said that faculty can contact the Technology Support Center over the weekend (9am-5pm Saturday, 12pm-10pm Sunday) for support. On Saturdays, students work the TSC but can escalate a major issue to staff. On Sundays, a staff member is present.

3. Items for Discussion

Budget Priorities – Software and Labs

IR administrators are preparing contingency plans should budget cuts be required for the future. Two areas that may be at risk for cuts are specialized software licenses and computer labs. In order to minimize the impact on teaching and research, IR needs information from faculty about what is most important to us. Dave and Kristen would like TAG to gather faculty feedback in October and November that can be submitted to IR in time for discussions in December. Several points from our discussion:

  • There was general agreement that a survey would be more effective than a faculty forum. We also agreed that we would need to work through department chairs, Faculty Senate, etc to encourage responses. We could especially focus efforts on departments that we know rely heavily on specialized software and labs.
  • Jim will provide a list of specialized software and computer labs currently available. For software, Sandy asked if the list could include prices to give faculty a better understanding of which licenses are most costly. Kristen suggested that we could break the list into pricing ranges or levels if actual costs cannot be shared. Dave suggested that a financial incentive could be explored — for example, the Library’s acquisitions budget is allocated to departments, which then can use that funding for databases, journals, and books.
  • We need to understand how specialized software is used — e.g., whether a faculty member needs one license for his/her research, a handful of licenses for his/her lab, or lots of licenses since the software is a required part of a course.
  • We would also like to understand if faculty would consider alternative software options. For example, Tim suggested that we push faculty and students towards R rather than using SPSS, which is extremely expensive.
  • The Library’s Learning Commons initiative will include providing specialized software at dedicated machines (possibly reservable), so the Library may be able to cushion some of the impact of cuts. Kristen and Jim will work with Learning Commons Coordinator Sheli McHugh to coordinate and share feedback from the faculty survey, such that the Library can anticipate new faculty and student needs.

Kristen will email all TAG members to ask for volunteers (at least one from each college – either a TAG member or another interested faculty member) to assist with developing and disseminating a survey (ideally by the end of the month). Please contact her with suggestions or concerns.

Adjournment

The meeting adjourned at 3:00pm. TAG will reconvene on Wednesday, November 6 at 2:00pm in WML305 (Library instruction classroom).


Comments : Leave a Comment »
Tags: , , , , , , , , , , , , , , ,
Categories : Angel and Desire2Learn, Announcements, Minutes

CNAC upgrade

7 02 2011

Just a reminder that this Wednesday, you’ll have to log in again to CNAC in order to access the University network.

What’s CNAC? Click here for more than you ever wanted to know – Jeremy’s explanation.

Here’s the upgrade announcement from IR, emailed out to all faculty today:

On Wednesday, February 9th the re-authentication will also upgrade your CNAC client.  On Wednesday, all end-users will be prompted with the following:

NAC Agent 4.8.032 is available.  Do you want to install this update now?

Click OK and after a few minutes the new Cisco NAC Agent will install.

Once the install is complete, you should enter your University user name and password into the CNAC agent to gain network access.

This process will allow us to continually assess the validity and health of our computing environment.  A CNAC re-authentication process will routinely occur on the second Wednesday of each month.

Thank you for your patience and understanding as we implement these changes.  If you have any questions or concerns, please contact the Technology Support Center at 570-941-HELP or at techsupport@scranton.edu


Comments : Leave a Comment »
Tags: ,
Categories : Announcements, Security, Upgrades

CNAC Upgrade on the way

25 01 2011

IR posted a note to Royal News about an upgrade to CNAC (emphasis ours):

Cisco Network Access Control (CNAC) will be upgraded to the latest version on Tuesday, Jan. 25, between 10 – 11 p.m. Downtime should be approximately five (5) minutes. The next time you authenticate your computer in CNAC you will be prompted to install a new Cisco NAC Agent. If you have any questions or problems, please contact the Technology Support Center at 941-HELP or techsupport@scranton.edu.

 

What’s CNAC? Click here for more than you ever wanted to know – Jeremy’s explanation.


Comments : Leave a Comment »
Tags: , , ,
Categories : Announcements, Network and Infrastructure, Outages, Security, Upgrades

User IDs will be changing!

25 01 2011

TAG just got news yesterday of a major change to University authentication systems – starting in either March or April this year, our user IDs will be changing to R numbers.

This means that to log in to any University tool (like my.scranton), you’ll be typing in your R number rather than your existing ID, but your email address will remain the same.  So for example, my email address will still be yarmeyk2@scranton.edu, but instead of using yarmeyk2 and my password to log in to my.scranton, I’ll be typing in my 8 digit R number and password to authenticate.

IR explained that the reason this is happening is so that everyone’s user ID is a unique identifier for them that’s no longer tied to a last name, since last names can change over someone’s career at the University.

Many of the other big changes happening on campus, like the transition to Microsoft Live @ Edu email, will take place *after* this transition to new user IDs has occurred.


Comments : 4 Comments »
Tags: , , ,
Categories : Announcements, Upgrades

CNAC Reauthentication

6 01 2011

On January 12th, and regularly on the second Wednesday of every month, IT Services is going to require all faculty and staff to enter their username and password (as you would if you were to log on to my.scranton) in order to get internet access. This allows IT to ensure that your computer has the most up to date security software and protection.

On January 6th, faculty and staff received the following e-mail from IT Services:

As part of Information Resources’ continuing effort to enhance our services and increase our information security posture, the Cisco Network Access Control (CNAC) will require individuals to re-authenticate to gain network access on a monthly basis.

On Wednesday, January 12th all end-users should expect to enter their University username and password into the CNAC agent before gaining access to any network resources. This process will allow us to continually assess the validity and health of our computing environment. The CNAC re-authentication process will routinely occur on the second Wednesday of each month.

Thank you for your patience and understanding as we implement these changes. If you have any questions or concerns, please contact the Technology Support Center at 570-941-HELP or at techsupport@scranton.edu

Click here for more information on CNAC authentication.

Click here for a detailed discussion of the new CNAC security procedures.


Comments : Leave a Comment »
Tags: , , , , , ,
Categories : Network and Infrastructure, Security

CNAC Reminder… and Brown Bag Postponement

9 11 2010

Just a reminder that we’ll all have to log in to Cisco NAC Agent tomorrow morning in order to be able to access the University network.

Also, the Provost’s office is trying to reschedule this week’s Brown Bag on the CMS.  It seemed like this Thursday wasn’t a good time for most people. We’ll keep you updated on any new dates and times.


Comments : Leave a Comment »
Tags: , , ,
Categories : Announcements, CMS and University Website, Network and Infrastructure, Security

CNAC Update

3 11 2010

IT services sent out another CNAC update today.  What’s CNAC, you ask? Take a look at Jeremy’s monster explanation from back in September.

Bottom line of this latest update is that anyone using a University-owned desktop computer will have to log in to CNAC again next Wednesday (11/10) and then monthly after that to use the University network.

Here’s the full text:

In a continuing effort to enhance our services and increase our information security posture, Information Resources will be implementing changes to the Cisco Network Access Control (CNAC) system. The CNAC system, which was recently deployed campus-wide to Staff and Faculty machines, helps us validate that only authorized users are able to access network resources (Banner, Internet, etc). Additionally, CNAC will help us monitor the “health” (up-to-date patches, operating systems, etc) of the desktops that are connecting to our network.

During the deployment of CNAC, end-users were prompted by the CNAC agent to enter their University username and password once, thereafter allowing them to gain access to network resources. All end-users will be required to re-authenticate to the network via the CNAC client on a monthly basis. This will initially occur on Wednesday, November 10th. End-users should expect to enter their University username and password into the CNAC agent before gaining access to network resources. This process will allow us to continually assess the validity and health of our computing environment.  The CNAC re-authentication process will routinely occur on the second Wednesday of each month beginning in January 2011.

Additional information can be found in the announcements section of the my.scranton portal.  We thank you for your patience and understanding as we implement these changes.   If you have any questions or concerns, please contact the Technology Support Center at 570-941-HELP or at techsupport@scranton.edu

 

————

Note: Updated for clarification at 3pm 11/3/10.


Comments : 4 Comments »
Tags: , ,
Categories : Network and Infrastructure, Security, Upgrades

CNAC Deployment Feedback?

8 10 2010

The Library was the last building on the CNAC Deployment schedule – and we’re hitting a few rough spots today after this morning’s rollout.  How did the deployment go for everyone else? Any issues that the TSC hasn’t been able to resolve?


Comments : 3 Comments »
Tags: , , ,
Categories : Network and Infrastructure, Security, Upgrades

« Previous Entries