Present: John Ajao, Arlene Allen, Jeffrey Barteet, Sean Bennett, David Bosso, Ken Dean, Saturnino Doctor, Doug Drury, Ann Dundon, Matthew Dunham, Randall Ehren, Chuck Haines, Richard Kip, Tom Lawton, Tom Marazita, Aaron Martin, Elise Meyer, Steve Miley, Bruce Miller, Larry Murdock, Mike Oliva, Ben Price, Tom Putnam, Fuzzy Rogers, Andy Satomi, Glenn Schiferl, Kevin Schmidt, Deborah Scott, Henry Shatavsky, Jan Smith, Jamie Sonsini, Heidi Straub, Chas Thompson, Colin Thompson, Paul Valenzuela, Jim Woods.
Vote for New ITPG Chair and Vice Chair
Included in the vote were 5 proxy ballots. Bruce Miller was elected Chair with 79% of the votes, and Jim Woods was elected in a runoff for Vice Chair with 55% of the votes.
Recording Critical Campus Communications: Related Policies/Issues
Presenter: Karl Heins
There are not specific policies that address this issue directly. The ECP states that one cannot do audio/video monitoring or recording without participant agreement. Intellectual Property issues allow recording, but in order to post on the web you need to get a release for name, image, or voice. For a meeting situation this can be accomplished by having a poster provide notification that the meeting will be recorded, and that by oneís attendance, they are giving their assent. Another issue to be aware of is that, when meeting notes are taken and posted, they often are an abbreviated view of the discussion or transactions that happen; but if you record the entire meeting, the full meeting contents could then become part of a public records request or ediscovery request.
At a Regents meeting, everyone uses microphones, and it is very obvious that it is being recorded. At the recent Budget Forum Public meetings, there were microphones that members of the audience could use to ask questions.
The recommendation was as follows.
- For a public meeting: The minimum is to post a sign notifying attendees of the recording, and you should get the speakers to sign a release. The standard release form is available from Risk Management. It gives rights to the Regents.
- For a less public meeting: Have everyone sign a release.
It was noted that for the recent UCCSC, presenters were asked to sign two releases: one for having their presentation recorded, and the other for posting their materials on the web.
There was a question about whether one could take an officially authorized recording of a meeting and post it on Youtube, such as Yudof did. It was proposed that if one had the proper permissions/releases they should be able to be extended to other agencies, but this needs to be confirmed.
Draft Communications Infrastructure Standards
The BEG has completed their initial review of the draft communications infrastructure standards. The draft will be updated with our changes and made available for broader review. When a meeting is scheduled for that review, we will also invite the ITPG. Following an example of one of the changes that we want to make in the current standards.
Beginning now for both new building and building renovation projects:
- All infrastructure must be sized and installed to support cat 6A backbone (risers) and horizontal (workstation wiring) cables.
- All installed data backbone (riser) cable must be Cat 6A (i.e., shielded Cat 6A or 100m unshielded Cat 6A).
For new buildings and building renovation projects that will be completed prior to January 1, 2015:
- All installed horizontal (workstation wiring) cable should be at least Cat 5E.
For new buildings and building renovation projects that will be completed after January 1, 2015:
- All installed horizontal (workstation wiring) cable must be at least Cat 6A.
There was a question about the process for accepting these standards. The BEG plans to hold a final review meeting this summer that includes not only BEG, but some of the other stakeholders who have been participants in this process: FM Project Management and FM Electricans (for the low-voltage compatible systems). We will be giving our final comments to our consultant at the end of August. Once we get the final draft back, we will need to present it to the ITB.
Once the new standards are approved we need to get the new standards into the FM project managerís hands so that it could become part of their process. There was a comment that this would be hard to enforce for departmental renovation projects. The original BEG proposal for addressing Communications Infrastructure issues included a proposal for enforcement, but the ITB did not endorse that proposal. However, there is still see a need for an escalation process. The current draft is more of a narrative than a specification, so it needs to be converted.
Border and Backbone Network Upgrade to 10GE: Proposed Plans
Presenter: Kevin Schmidt
There is now one funded grant on campus that requires 10 Gigabit Ethernet (10GE) availability. The campus needs to supply 10GE across the backbone core, and the grant would cover the connection from the core router location to the grant equipment location. To provide 10GE to an end point, we need to do the following:
- Get a 10Gbps connection from CENIC.
- Acquire 10GE interfaces for our border routers.
- Acquire an Intrusion Detection/Prevention System to handle 10Gbps traffic.
- Upgrade or replace our 6 + 1 spare core routers (fusion splice the existing single-mode pairs between them, and acquire new racks and UPSs.)
- Fusion splice a pair of single-mode fiber from a core router to the end pointís building switch (if single mode fiber is available).
- Upgrade or replace the building switch
- Provide a fiber path from the building switch to the end point.
We currently have six separate connections to CENIC: two HPR (High Performance Research Network, which connects us to the other UCs, Stanford, Caltech, USC, Internet2, and NLR), two DC (Digital California, which connects us to CSUs and K-12 sites), and two ISP (our connection to the commercial Internet). CENIC has recently upgraded their HPR routers, and they are working on upgrading the DC network. One reason for the latter is to support business continuity/disaster planning functions between UC campuses, so that traffic doesnít need to go on the research-focused HPR. We have ordered an upgrade to 10Gbps for our HPR-LA route. CENIC is applying for a grant that may provide us with the HPR-Sunnyvale route.
There have been no end of service announcements for any of the components in our border routers, so we are planning for them to have a viable lifespan of at least another 3-4 years. This potential lifespan plus budget considerations were why we decided to add to our existing gear rather than replacing them. We have ordered 10GE interface cards for our two border routers.
We tested and acquired a new Intrusion Detection/Prevention System.
Unlike our border routers, our core routers have some components that are already no longer supported, with major components losing support in 12/2011 and 12/2012. At this time we donít think upgrading this equipment is a good investment, so we are researching the currently available 10GE routers.
Beginning in 1986 our fiber plant has been built over the years using one-time funds. The first fiber installed was FDDI multimode 62.5 micron fiber (not the current OM3 50micron multimode fiber). We have a lot of segments that are multimode only or have a low count of multimode (i.e., such as a 48/12 Multimode (MM) / Single mode (SM) composite cable). (NB: the actual counts are: 36 segments that are MM only, 41 segments that are mostly MM (i.e., 48/12), 57 high count SM (e.g., 48/48 or 60SM), and 71 other (small counts, e.g., 6/6). Weíve experienced loss with jumpers in delivering Gigabit Ethernet. If we assume a cost of $15K per segment (which is lower than the last real estimate that we received which was $24K per segment for 3 segments), and only do 75% of the MM only and low-count SM segments then the cost is over $800K. We need a plan for the upgrade of the fiber plant.
- Q: Has the cost of not doing the 10GE upgrade been considered?
A: We are concerned that if we donít do the upgrade, grants will not be awarded.
- Q: How will this be funded in the face of the $20M plus cuts facing the campus?
A: Our current equipment has lasted three years longer than expected, and so we have funds saved up that allow us to upgrade the backbone equipment. (NB: In addition, the completion of our ONI last mile construction projects has released funds that can be used to upgrade some of the campus fiber plant.)
- Q: Since the campus doesnít currently provide funding for the upgrade of the fiber plant (and intrabuilding wiring), will the cost of the fiber upgrade be added to the FTE fee?
A: The OITís current understanding of the scope of the FTE fee is to replace the existing RUAC and Data Network Surcharge fees, with the only addition of Identity Management costs. The process as we understand it is first to go through consultation and get approval for the RUAC fee, and then start consultation on the FTE fee.
- Our HPR traffic prefers the LA connection, so that is the connection that we have requested be upgraded to 10Gbps.
- Q: With new core routers, can we reduce the number from six to three?
A: The routers being considered should have the processing capabilities to allow that; however, higher bandwidth requirements ( 40 Gbps or 100 Gbps ) will probably require shorter distances, which would push us back to the current six routers.
- Q: Our current Cisco VPN doesnít have a 64-bit client. What is the status of a replacement VPN?
A: We are currently evaluating the second Cisco VPN. The first one didnít provide all of the functionality that we needed, and the second one should have what we need, but we havenít been able to get it to work. We have gotten it to download the client from a website, and to automatically upgrade the client. The profile is stored on the server rather than the client. But we have been unable to get it to successfully drop a session onto a department network, because it doesnít correctly forward traffic to the department networkís gateway.
- The group requests that a new VPN service that can support 64-bit clients be available by the start of Fall quarter.
- The OIT will keep the ITPG up-to-date on the VPN replacement status. (8/5/09 update: weíve finally received confirmation from Cisco that their VPN doesnít provide the drop in to a department network function like we need.)
ITLC Email Project
Presenter: Tom Putnam
In response to an ITLC survey of campus email systems, UCSB identified 40 different email systems that cost $2.8M to operate and take 30 FTE. Lots of people are proud of what they have, and they are all different. Providing local email service may cost 10% of a departmentís IT budget, but if they eliminate the service, they wonít get any cost savings, because the staff will spend their time on other department IT issues. Thus there is no hard money to be saved that can be used to build a new campus-wide system. Tom doesnít plan to take this issue any further on our campus.
- Other UC campuses are looking at outsourcing their email:
- Davis has moved their students to Google.
- Santa Cruz plans to move their students to Google this fall, and they are discussing moving their faculty and staff to a Berkeley service.
- Los Angeles is interested in changing.
- Google Apps is now free.
- Matthew has looked at the feasibility of moving the Umail accounts (undergraduate and graduate students) to Google. We would want to have an MX record that points to the local email server so that we had mail logs that could be accessed by local help desk staff. We would want to have umail.ucsb.edu go to a gmail page. But we are unable to use Google at this time due to the state of our Identity Management Service. We need SAML 2.0 support to authenticate with Google.
- The faculty and staff of one department are pushing to replace their departmentís hosting of students to gmail for both mail and docs. The department provides local student email because a local service is perceived as more reliable and because their students want their @department.ucsb.edu email identity. For this department there could be hard money savings if they no longer had to provide the disk storage, which is significant.
- For the Gauchospace service, a studentís Umail address is their business address, even if they ultimately forward it somewhere else. The advantage of having all of the forwarding coming from Umail is that then only one site needs to deal with rate limiting and other service provider practices when delivering to offsite service providers.
ITPG Going Forward
Presenter: Bruce Miller
The outgoing co-chairs and the nominating committee were thanked for their service. The next step is to formalize the mission statement and membership rules. The nominating committee was asked to work on a draft to bring to the next ITPG meeting. There was a question whether it was better to ask the ITB for direction, and the consensus was that it was better to propose a mission to the ITB. It was also introduced to create a Communications subcommittee to discuss how best the ITPG could communicate.
Back to ITPG Meeting Schedule