Summer network downtimes

2 06 2014

Just a heads-up for those who work on campus during the summer — there are some rolling Saturday morning network downtimes planned for university buildings (residential and administrative) over the next few weeks. All are Saturdays, 8am-12 noon and will affect wireless as well as wired phone and computer network connections.

See the calendar (PDF) for a full schedule, but here are a few of the planned downtimes for academic buildings:

  • O’Hara — June 7
  • McGurrin – June 14
  • Hyland — June 21
  • WML — June 28
  • CLP — July 5
  • STT — July 12 and July 19 (July 12 is STT-East, including Harper-McGinnis; July 19 is STT-West)
  • Long/Byron — July 19
  • Brennan — July 26
  • LSC — August 2 and August 9
  • IMBM — August 16
  • Loyola Hall — August 16

And here’s the announcement from the downtime-notices listserv:

Downtime Notices:
1) Purpose
Upgrade network-switch software
2) Systems Affected:
Wireless, IP-phones & computers connected in these buildings
3) Downtime Window:
Saturdays from 8AM to noon for administrative buildings or Monday-Thursday prior to 7AM for residence-halls per the attached building schedule
4) Point of Contact:
Steve Gilbody
Office:  941-6193, Cell: 335-3926

Wireless Network work this week

5 08 2013

Update 2013-08-08: Downtime complete :)

[Updated 2013-08-05]

Network Infrastructure is going to be working on our wireless network this week, upgrading to a new version of Cisco NAC. If you’ll be working on campus this week, you may see some downtime on Tuesday and Thursday in the late afternoon/early evening. Notice from the downtime-notices RoyalList:

Network Infrastructure will be upgrading Cisco NAC to version 4.9.3.

To add support for newer operating systems and antivirus as well as add new features. During this upgrade we will also be migrating off of legacy hardware onto new appliances.

August 6th 4:30 PM – 6:30 PM
August 7th 4:30 PM – 8:30 PM

August 6th 4:30PM – 6:30 PM:
Approximately 20 mins of downtime is expected for the wireless network.  Wired connections will be unaffected.
August 7th 4:30PM – 6:30 PM:
There will a 1 hour window of downtime where wireless (Royalair, RoyalGuest) and unauthenticated users on wired connections on campus will be unable to login.

Royal Drive – Off Campus Access

31 07 2013

Update as of August 16th: Fixed!



Notification from the TSC, sent out via email yesterday at 4:20pm:

Access to RoyalDrive from off-campus, via both the portal and the Xythos client, has been disabled as of 4:30 p.m. on Tuesday, July 30, 2013 due to a vulnerability.  Alternative methods for off-campus access are being developed and tested and will be made available as soon as possible.  If you are currently working off campus and need access to files on RoyalDrive, the server, via both the portal and the Xythos client will be made available to you from 9:00 a.m. to 11:00 a.m. on Wednesday, July 31, 2013.

More information will be provided via my.scranton portal announcements.   If you have further questions, you may contact the Technology Support Center at 570.941.4357 or

[Update as of August 1: ]

Off-campus access to Royal Drive will continue to be restricted until the vendor releases a patch for the vulnerability. Employees having a critical business need to access Royal Drive from off-campus through the end of next week may request alternative access by submitting an email message to with a valid business justification. If you have questions, please contact the Technology Support Center at (570) 941-4357.

State of IT – Notes from September IT Forum

3 10 2012

Last week, CIO and Vice President for Planning Jerry DeSanto presented on the “State of IT” at the semester’s first IT Forum. His talk provided some really interesting insight into how CIOs strategically plan for the future – see his slides (in pptx) for more detail.

Some of the trends that Jerry discussed:

  • Consumerization – consumers bring their interest in technology to the workplace, and increasingly they’re also bringing their own devices (BYOD) to the workplace as well. For CIOs, this means a shift to supporting a wider variety of devices, with less depth of support for any one device/platform.
  • Cloud services – as we use more cloud computing services, we rely less on the computing power of our desktop computers. Thin clients let users access software from the cloud, so you don’t have to be at a specific workstation to use certain software.
  • Security – cloud computing raises a lot of issues in terms of security and data management – e.g., who owns the data? Is it secure? Is it exportable? Terms of service become very important. IR is working on some additional security initiatives, like two-factor authentication (for high risk data users), forced password changes, and guidelines for remote access (under development) – that is, how to safely work with restricted/confidential data from a non-University device.
  • Teaching and Learning – lots of new developments here – MOOCs, learning analytics, software licensing…
  • Network – The redundancy and reliability of the University network have become increasingly important. At the same time, there are increasing demands on the network (video streaming, gaming…). Our network just underwent a huge upgrade – our bandwidth is now 500 Mb, as compared to 50 Mb back in 2008.
  • Big data – corporations are increasingly leveraging data about their consumers to make decisions and to get a competitive edge. We might start seeing some of these techniques used in higher ed.
  • Business continuity – disaster recovery is really important. We have a good on-site data center, but we need an off-site backup as well.
  • Workforce and services – soft skills are becoming as important in IT as technical skills. As more software-as-a-service tools become available, there’s less need for home-grown solutions.

So there are lots of challenges ahead for Jerry and the IR division. Jerry has given TAG some questions he has about campus technology needs – we’ll be talking at our meeting today about how we can get input from the rest of the faculty. (More notes to come.)

Mac OS X Mountain Lion Incompatability

31 07 2012

Attention MAC Users!

There is a known issue with the new Mac Operating System, “Mountain Lion”, which prevents connection to the university network through Cisco Clean Access.

Therefore, at the present time, If you upgrade to “Mountain Lion” you will not be able to access the internet while at The University of Scranton!!

IT Services is working on resolving this issue, and we will update you with a timeframe as soon as one is available. We recommend waiting to upgrade your operating system until such time as IT Services resolves this issue.

Snapshot: How students are using the network

23 09 2011

To help TAG get an idea of how current students are using the internet on campus, Cal over in Network Infrastructure sent me some quick stats on student connections (from live snapshots taken at around 4:30pm on a weekday).

Student connections to the campus network:

Wireless: 2617
Wired: 181
Game consoles (wired): 103

OS/device breakdown of all of the students using wireless (from a slightly later snapshot):

Mac: 914
Windows: 1074
iPhone: 499
iPad: 54
iPod: 1
Linux: 67

No huge surprises here, but it’s interesting to see just how much our students rely on wireless – and it’s good to know that we have this kind of data available.

(Thanks, Cal!)

CNAC Reauthentication

6 01 2011

On January 12th, and regularly on the second Wednesday of every month, IT Services is going to require all faculty and staff to enter their username and password (as you would if you were to log on to my.scranton) in order to get internet access. This allows IT to ensure that your computer has the most up to date security software and protection.

On January 6th, faculty and staff received the following e-mail from IT Services:

As part of Information Resources’ continuing effort to enhance our services and increase our information security posture, the Cisco Network Access Control (CNAC) will require individuals to re-authenticate to gain network access on a monthly basis.

On Wednesday, January 12th all end-users should expect to enter their University username and password into the CNAC agent before gaining access to any network resources. This process will allow us to continually assess the validity and health of our computing environment. The CNAC re-authentication process will routinely occur on the second Wednesday of each month.

Thank you for your patience and understanding as we implement these changes. If you have any questions or concerns, please contact the Technology Support Center at 570-941-HELP or at

Click here for more information on CNAC authentication.

Click here for a detailed discussion of the new CNAC security procedures.

Software updates and access control (and a tutorial on the network structure of the University)

2 09 2010

MAJOR EDITS 9:35PM, 09-02-2010

Jim Franceschelli posted an update to the university community regarding the newest round of updates that will be coming to campus computers from Information Resources (IR; website). Here is a brief summary of how this will affect faculty and staff at the university.

0) This is the first apparent step (from the faculty point of view) of the more virtualized, transparent interaction between faculty machines and the campus network. While it may not appear so from our point of view, it makes the organization much cleaner on the server-side, i.e., the network administration becomes simpler and less complex, compartmentalizing the network by user type. This is coming right off the heels of a major network rebuild by IR, which means fewer network down times, and shorter network outages (which is a very good thing).

1) Previously, faculty computers did not need to “authenticate” to get access to the university network. This means that any computer plugged into a wall port that was designed for faculty use was allowed full access to the faculty network. This was then controlled on a port-by-port basis: Any computer plugged into the port in your office was connected to the faculty network, regardless of who the computer actually belonged to. And, if you plugged your computer into a port normally relegated for student use, you were relegated to the student network space, which left you unable to access certain network resources (departmental printers, for example). With the recent upgrades to the campus network, each network port now has the ability to be assigned to any virtual network. This means that, when you plug in your computer, you can be assigned to any of the on-campus networks (wireless, student, faculty, staff, dining services, etc., all have their own designated “network space”). Thus, instead of making the decision as to what network you belong to based on where you are connecting your computer, the decision as to what network you belong to is based on who you are and what community you are a part of (e.g., administration, faculty, dining services, etc.). So… where does this new update fit into the whole scheme?

2) The key in the previous point is that your digital identity is now the factor in deciding what network resources you have access to. Over and above that, for security purposes, IR would really like to allow you access to those resources, making sure that you are the one using it, not someone else who has somehow managed to get onto your computer. At the present time, there is no additional level of authentication, i.e., anyone using your computer looks like you. The first and foremost reason for requiring you to install Cisco Network Admission Control is to make sure that the only person accessing your network resources is you. Thus, this piece of software will require you to log in with your my.scranton username and password (which no one else other than you knows anyway, right?). But what about this “up to date packages” part of it all? Well…

3) As we said, this is the first apparent step in the upgrade of our campus network. With the installation of Cisco Network Admission Control, not only does it allow you to authenticate* to the network, this software has some additional advantages over a simple password-only based authentication. Cisco Network Admission Control, when running, has the ability to look at your critical software components (e.g., windows system files, web-browser updates, critical system patches, etc.) and make sure that no identified security vulnerabilities are present. This is not currently implemented into the installation configuration. It will be implemented in the near future (there is a possibility for an October timeline, but this is still in flux), with the added benefit of eventually prompting and directing you through the install of these critical software updates (eventually even doing so automatically) and patches to make sure your computer is safe, protected, and able to get onto the internet.** So where do you fit into the picture?

4) In order to implement this level of security, you will need to have Cisco Network Admission Control installed on your computer. Starting on 09/08/2010 in the first and second floor, west wing of St. Thomas (and following the schedule posted here), IR will be converting the behind-the-scenes infrastructure such that you will not be able to log on to the campus network without Cisco Network Admission Control installed! Once they have implemented this change, your internet browser will alert you of the required software and will (painlessly) step you through the installation procedure to install Cisco Network Admission Control on your machine. You will then be able to log in with your my.scranton username and password*** and continue to access the campus network and the world wide web at your leisure! So… what comes next?

5) As the behind-the-scenes updates from IR progress, you will be periodically required to re-authenticate to the network. This will simply provide some additional security, and allow Cisco Network Admission Control to periodically make sure everything is still A-OK on your computer, look for any flaws or critical system components that have been compromised or are in need of updating, and, eventually, even perform those updates for you! This exciting feature is coming soon to a computer near you!

Please see the below post e-mailed to the faculty today. If you have any questions or comments, please post them below. You can also join the discussion at (see this post for instructions on how to sign up!).

* By “authenticate”, I mean “be recognized by”. This is just like showing an ID badge, swiping your Royal Card, or typing in your password at an online shopping site. You are proving your authenticity to the program, and it is allowing you access to whatever resources you are requesting, provided you have met all of its criteria.

** The extra time spent installing the updates is far shorter than the time it takes to fix your computer if it becomes infected with a virus. Currently, it takes nearly 3 full days of analysis whenever a computer is infected by a virus to make sure that no restricted information was passed to an outside source. This is a much more detailed and rigorous process than most are aware of, stemming from federal regulations regarding privacy laws. Hopefully we can post something about this is a future blog entry.

*** The login information for your computer will not change! Thus, your preferred username and password needed to start windows will not change. This will only affect your ability to access network resources (i.e., software not directly installed on your machine).

To All University of Scranton Faculty and Staff:

The University of Scranton provides our campus community with a robust environment consisting of over 2,000 desktop and laptop machines. Managing and ensuring the security of these machines has become increasingly challenging. In order to improve our services to you and increase our information security posture, we will be making changes to the way that desktop systems look and how they operate. Upcoming changes include a move to Internet Explorer 8.0 for using services found sites, use of Firefox as the default internet browser, automation of additional third party application updates, a change in our anti-virus protection, and the deployment of Windows 7.

The next change that you will experience starting on September 7th is the deployment of the Cisco Network Access Control (CNAC) system for all computers connecting to the University network. This system will require end-users to go through a process similar to the one currently used to connect to the wireless network (RoyalAir); meaning that you will be required to authenticate — enter your username and password — before gaining access to the network. The CNAC system will help us to validate that only individuals who should have access to our network resources will have access and, eventually, will help us to monitor the “health” (up-to-date patches, operating systems, etc) of the desktops that are connecting to our network. Collectively, this will insure a more robust and secure electronic working environment for all of us.

The implementation of CNAC will begin on September 7th and is expected to take 30 days for campus wide implementation. The implementation will occur in small network segments that are grouped by building and by floor. Network changes will be made overnight and users of the segment will notice the change the following morning. To assist end-users, information about the planned schedule for deployment can be found at . IT Services staff will be available and located in each of the affected areas as we work our way across campus.

We appreciate your patience and understanding as we continue to improve. If you have any questions or concerns, please contact the Technology Support Center at 941-Help or at

Special thanks to Jim Franceschelli and Tony Maszeroski for their help in writing and correcting the above tutorial.

Campus Network Outage

24 08 2010

Some of the on-campus network seems to be down. is accessible, but royaldrive and are not.  This is affecting the authentication system as well, so logging on to the computers with your scranton ID my not be possible.  Access to off-campus websites is unaffected.  I have been told that the Help Desk is aware of this situation, but no further information is available at this time.  Anyone with additional info, please pass it along.

UPDATE 1:00PM : Everything seems to be back working.  royaldrive, e-mail, and my.scranton all seem to be accessible.