NAC Log on Change – Aug 6

30 07 2014

This email from the TSC went out to all faculty and staff on 2014-07-28:

Dear Faculty and Staff:

When prompted to login to Cisco NAC beginning on Wednesday, August 6th your logon ID will no longer be your legacy user account (e.g., smithj2) but will instead be your Royal ID Number.  You simply enter your Royal ID Number (it is printed on your Royal Card) and your password (also your email password).

This conversion is part of Planning and Information Resources continuing efforts to improve services through standardization and to provide secure and reliable computing resources.

Questions and concerns about the Cisco NAC conversion to Royal ID Number should be directed to the Technology Support Center at x4357 or

P.S. Cisco NAC (aka CNAC) is that blue pop-up screen that you log in to in order to connect your desktop/laptop to the University network.

TAG Meeting Notes 2014-05-07

7 05 2014

TAG Meeting May 7, 2014 12:00pm-1:00pm

Jeremy Brees, Tim Cannon, Teresa Conte, Kim Daniloski, Dave Dzurec, Tara Fay, Jim Franceschelli, Eugeniu Grigorescu, Calvin Krzywiec (guest), Andrew LaZella, Kristen Yarmey

TAG thanks Library Dean Charles Kratz for sponsoring lunch for our meeting today.

1. BYOD Strategy Draft

Calvin Krzywiec joined us as a guest to present and discuss a draft version of IR’s strategy for accommodating the BYOD (Bring Your Own Device) trend. Cal is Assistant Director of Network Security & Engineering and served as chair for the IR Strategy Group tasked with studying BYOD. The group is currently seeking feedback from campus stakeholders to incorporate into a final strategy.

Cal explained that the group’s objectives were driven by increasing demand among students and faculty for access to institutional services from personal mobile devices. The group’s top priority is supporting BYOD for teaching and learning, while a secondary priority is protecting the security of institutional data.

For teaching and learning (see p. 2-4 in the draft), IR’s BYOD objectives include:

  • Investigate and implement untethered teaching/learning solutions
  • Focus classroom upgrades on providing collaborative, flexible workspaces
  • Leverage virtual desktop/application technologies and client devices to reduce reliance on physical lab infrastructure
  • Leverage virtual desktop/application technologies to provide ubiquitous access to lab software resources
  • Investigate and implement secure electronic assessment solutions
  • Expand lecture capture to additional locations

The draft identifies several barriers to BYOD implementation that were also raised by faculty members in TAG’s informal survey on specialized software and computer labs.  These include:

  • Expensive licensing fees for specialized software
  • Potential disparities in student computer ownership
  • Inaccessible and/or limited power sources
  • Security for electronic assessment/computerized testing
  • High demand on wireless network

The draft strategy recommends partnership with CTLE to support faculty needs as well as engagement with faculty during the implementation of BYOD-related strategies. Jim said that IR will work with TAG to recruit faculty volunteers to test out tools and services. While the precise timeline for rolling out these changes isn’t yet determined, there are some pilot projects already in motion. Faculty members in KSOM are piloting software for securing a browser (for computerized testing) using lab computers running thin clients. Teresa noted that the Nursing department would be very interested in piloting computerized testing tools in McGurrin. IR also plans to pilot test untethered teaching/learning options in the fall – TAG will get more information on this in the summer. Tim volunteered to participate in this pilot. IR has already been piloting Panopto lecture capture and will be looking to add this capability to additional classrooms for Fall 2014. Mobile printing is also in process.

Regarding network and authentication issues: Cal said that IR will be replacing the Cisco NAC client with encrypted SSID authentication, so that users will be able to log in to the University network from their device without downloading and installing CNAC. Once a device has been logged in,  it will stay logged in – users won’t have to reauthenticate multiple times during the day to stay on the network.

The second half of the draft (p. 4-9) addresses faculty and staff devices. One issue addressed is primary computing devices (for most faculty, our desktop computer). While currently primary devices are purchased and provided by the University, alternative models such as reimbursement or stipends for equipment and software purchases could be discussed.

Secondly, in order to protect institutional data, the draft proposes a three-tiered mobile device management (MDM) system:

  • Mandatory: This tier applies to all University issued devices and requires an enrollment in a MDM system that enforces the implementation of technical controls on the device, such as lock code, lock when idle, remote wipe capabilities, device encryption, and potentially even location tracking for locating a lost device.
  • Optional: This tier applies to all non-­‐corporate owned staff, faculty, and affiliate devices connecting to University systems, including email. Enrollment in the MDM solution is optional but the expectations of minimal technical controls and the requirement to notify PIR of a lost/stolen device are defined in institutional policy. Employees must agree to allow the University to wipe the device when it is lost/stolen or the employee separates from the institution.
  • Exempt: This tier applies to student devices. This tier has no requirements but offers guidance to students on how to secure their devices.

The draft proposes that a remote wipe could be partial rather than complete, “removing only corporate data.”

Kristen raised concerns about the Optional tier, which would apply to many faculty-owned mobile devices. Firstly, the exact definition of “corporate data” may need to be clarified. According to Appendix VIII (“Copyright”) of the Faculty Handbook, in most (but not all) circumstances, faculty retain copyright over works created as part of their normal teaching, research, and service duties – including research data, lecture notes, videos of lectures, syllabi, etc.  Kristen will look into existing University policies and documents to better understand what types of records (email?) would fall under this policy. Kristen also raised concerns about references to wiping data (including email) upon “employee separation,” which for faculty may take different forms (emeritus, phased retirement, terminal sabbatical, etc).

The BYOD Strategy Group will be compiling feedback into the next draft of the report. Kristen will write up summarized feedback from TAG’s discussion as a formal response to the draft document.

2. Brief Updates 

(The BYOD discussion took up most of the meeting, so updates were rushed.)

Identity Finder automated scans (Kristen)

Kristen has been working with Adam Edwards and Scott Finlon in Information Security to answer faculty questions about Identity Finder automated scans. Kristen has updated the Identity Finder FAQ with clarifications from Information Security.  There are still some faculty concerns about the scanning and reporting process (which was approved by the President’s cabinet back in June 2013); however, we have addressed as many as possible.

Information Security would like to begin the automated scans. TAG members present at the meeting felt ready to move forward with scanning faculty machines. Dave will report at this Friday’s Senate meetings that scans will begin. Kristen will work with Adam to coordinate a schedule and an all-faculty email notification.

Test Scanning Services (Jim)

Jim reported that IR will be changing the hours of Test Scanning Services effective Monday, May 12, 2014.  The service will continue to be provided from Alumni Memorial Hall, Room 001. Tests may be dropped off and results picked up Monday through Friday, from 8:30 am to 4:30 pm.  Based upon demand and operational requirements, immediate service while you wait may not be available.  IR will continue to strive to meet the needs of our customers and will provide a 24 hour turnaround of test scanning results.  Jim asked that faculty please plan accordingly as we approach the end of the Spring term.  Jim will contact regular users of the test scanning service with more details.

Desire2Learn (Eugeniu)

Additional Desire2Learn workshops are being planned for the summer – see CTLE’s workshop calendar for the updated schedule. Eugeniu also reminded TAG members that faculty should back up any student data (including grades, discussion forms, and dropbox submissions) in Angel that they wish to keep. Step by step instructions have been emailed out, but CTLE staff will also hold workshops on this during Senior Week for anyone who needs assistance (see ). Student access to Angel will be turned off as of May 30, but faculty will have access until July 31. After that, data stored in Angel will no longer be available.

PR Department/Program Website Initiative (Dave/Teresa)

We ran out of time for in-person updates on this project. Lori had sent Kristen updates via email. Kristen will post these notes to the TAG site in a separate update.

4. Adjournment

The meeting adjourned at 1:05pm. TAG will not meet again as a full group until Fall 2014, but projects and communication (via email) will continue during the summer.

[Updated immediately after posting with correction to Cal’s title]

Wireless Network work this week

5 08 2013

Update 2013-08-08: Downtime complete :)

[Updated 2013-08-05]

Network Infrastructure is going to be working on our wireless network this week, upgrading to a new version of Cisco NAC. If you’ll be working on campus this week, you may see some downtime on Tuesday and Thursday in the late afternoon/early evening. Notice from the downtime-notices RoyalList:

Network Infrastructure will be upgrading Cisco NAC to version 4.9.3.

To add support for newer operating systems and antivirus as well as add new features. During this upgrade we will also be migrating off of legacy hardware onto new appliances.

August 6th 4:30 PM – 6:30 PM
August 7th 4:30 PM – 8:30 PM

August 6th 4:30PM – 6:30 PM:
Approximately 20 mins of downtime is expected for the wireless network.  Wired connections will be unaffected.
August 7th 4:30PM – 6:30 PM:
There will a 1 hour window of downtime where wireless (Royalair, RoyalGuest) and unauthenticated users on wired connections on campus will be unable to login.

Two upcoming outages

10 08 2011

IR posted two notices about upcoming outages to the my.scranton portal:

There will be a brief internet outage on August 13, 2011 between 9:00 AM and 11:00 AM as maintenance is performed on internet infrastructure. Off campus resources will not be accessible from on campus. On campus resources will be unavailable from off campus. Please contact the Technology Support Center at 570-941-4357 with any questions.


Network Infrastructure will be performing system maintenance on the CNAC systems on August 15 2011, between 9:00 PM and 11:00 PM. No downtime for authenticated users on the wired network is expected.  Downtime for wireless users is expected to be less than 10 minutes. Users attempting to authenticate to the wired or wireless network via CNAC will be unable to do so during this 10 minute window.


Good news for iPad users

3 05 2011

Heads up if you’ve tried to use an iPad on campus wireless. Network Infrastructure passed along some good news this morning:

We have received feedback from a number of users regarding the frequency in which iPads have to authenticate to ROYALAIR and how this is causing issues accessing some services from their device. This behavior is due to the unique way in which the iPads manage their wireless connections in that the device disconnects from the wireless network when the device is in a sleep state. Due to a low heartbeat timer in Cisco NAC, the device is decertified from the network while in this sleep state. In order to prevent this from occurring, we have increased this timer to 8 hours so that a user only needs to authenticate once during business hours. Please continue to provide us with any feedback you may have regarding this or any other iPad network issue.

Thanks to Cal and the rest of Network Infrastructure for the fix!

CNAC Update

9 02 2011

How did the CNAC update go for everyone this morning? Any problems?


CNAC upgrade

7 02 2011

Just a reminder that this Wednesday, you’ll have to log in again to CNAC in order to access the University network.

What’s CNAC? Click here for more than you ever wanted to know – Jeremy’s explanation.

Here’s the upgrade announcement from IR, emailed out to all faculty today:

On Wednesday, February 9th the re-authentication will also upgrade your CNAC client.  On Wednesday, all end-users will be prompted with the following:

NAC Agent 4.8.032 is available.  Do you want to install this update now?

Click OK and after a few minutes the new Cisco NAC Agent will install.

Once the install is complete, you should enter your University user name and password into the CNAC agent to gain network access.

This process will allow us to continually assess the validity and health of our computing environment.  A CNAC re-authentication process will routinely occur on the second Wednesday of each month.

Thank you for your patience and understanding as we implement these changes.  If you have any questions or concerns, please contact the Technology Support Center at 570-941-HELP or at

CNAC Upgrade on the way

25 01 2011

IR posted a note to Royal News about an upgrade to CNAC (emphasis ours):

Cisco Network Access Control (CNAC) will be upgraded to the latest version on Tuesday, Jan. 25, between 10 – 11 p.m. Downtime should be approximately five (5) minutes. The next time you authenticate your computer in CNAC you will be prompted to install a new Cisco NAC Agent. If you have any questions or problems, please contact the Technology Support Center at 941-HELP or


What’s CNAC? Click here for more than you ever wanted to know – Jeremy’s explanation.

CNAC Reauthentication

6 01 2011

On January 12th, and regularly on the second Wednesday of every month, IT Services is going to require all faculty and staff to enter their username and password (as you would if you were to log on to my.scranton) in order to get internet access. This allows IT to ensure that your computer has the most up to date security software and protection.

On January 6th, faculty and staff received the following e-mail from IT Services:

As part of Information Resources’ continuing effort to enhance our services and increase our information security posture, the Cisco Network Access Control (CNAC) will require individuals to re-authenticate to gain network access on a monthly basis.

On Wednesday, January 12th all end-users should expect to enter their University username and password into the CNAC agent before gaining access to any network resources. This process will allow us to continually assess the validity and health of our computing environment. The CNAC re-authentication process will routinely occur on the second Wednesday of each month.

Thank you for your patience and understanding as we implement these changes. If you have any questions or concerns, please contact the Technology Support Center at 570-941-HELP or at

Click here for more information on CNAC authentication.

Click here for a detailed discussion of the new CNAC security procedures.

CNAC Reminder… and Brown Bag Postponement

9 11 2010

Just a reminder that we’ll all have to log in to Cisco NAC Agent tomorrow morning in order to be able to access the University network.

Also, the Provost’s office is trying to reschedule this week’s Brown Bag on the CMS.  It seemed like this Thursday wasn’t a good time for most people. We’ll keep you updated on any new dates and times.