CCFIT > Calendar & Minutes > 1998-2003 Minutes > January 7, 2002 AdC3 Minutes

Agenda

1. Approval of Minutes
2. Announcement - Security Coordinator Ono
3. New Business Architecture, Update on the Implementation Workgroup's Efforts
4. Proposed Draft Policy: PPM 320-24, Access to Institutional Data
5. Status of Campus Remote Access Service
6. Proposed Bulk Email Policy

Minutes

Excused: Mary Duthie.

Absent: Barry Klein, and John Meyer.

Guests: Herbert Diaz-Flores, Doug Hartline, and Amy Slavich.

Staff to the Councils: Randy Moory, Julie Saylor, and Babette Schmitt.

I. Approval of Minutes - Chair Smiley

Chair Smiley asked the Council for approval of the December minutes. Council approved the minutes as submitted. Chair Smiley also introduced Lorraine Beaman, the new representative from Staff Assembly.

Security Coordinator Ono announced a pilot project to test antivirus software on the campus mail servers. Ono reported that other UC campuses are evaluating antivirus solutions to detect and quarantine viruses directly at the incoming mail servers rather than at the desktop level. The test will be conducted on the listproc (campus email listserv) server which traditionally has been a source of viruses on the campus.

Ono addressed Council member comments. Highlights of the discussion follow:

• The antivirus software will be set to review and and quarantine attachments containing viruses. A message will be sent to the addressee(s) to inform them of the action taken. The software can be set to review all types of attachments. This will be adjusted based on performance measurements.
• There will be no impact to the current client software license agreement for Norton AntiVirus. MacAfee, another leading antivirus software vendor, does not offer any product that can deal with the level of email volume the campus generates.
• The two products selected for this pilot project are already in use at other campuses.
• Department mail servers will not be part of this test. The antivirus software will be added only to the central mail servers. Responsibility for the department servers continues to be with the departments. The exact number of users of central mail servers versus department servers is not known. Ono indicated that, depending on the pilot results, it might be possible to leverage the antivirus software contract to benefit campus departments that maintain their own email servers.
• Mail viruses originating both from outside the University and from campus computers will be examined.

Assistant Vice Provost Shelby reported on the efforts of the New Business Architecture Implementation Workgroup. Shelby, who serves as NBA Implementation Workgroup co-chair, informed the Council that the workgroup has been proceeding with the development of the functionality of the enterprise portal. Among recent developments, Shelby noted the following:

• The workgroup has approved a ChannelBuilder pilot that will allow staff to create channels for departmental use. The pilot, to be conducted in Winter and Spring 2002, will be limited to staff from administrative and academic departments as well as interdisciplinary research and teaching programs. Responsibility for channels built with ChannelBuilder will rest with the department Chairs. The Implementation Workgroup is developing a framework for channel creation and oversight responsibilities. A thorough evaluation will be conducted at the end of the pilot to determine the extent to which ChannelBuilder should be made available to a broader audience.
• During this first phase of the initiaitve, the workgroup is focusing on implementing "quick wins", or easily integrated functionality and applications, like DaFIS Decision Support and PPS Decision Support so that the portal gets functionality rapidly.
• The second phase will focus on developing an inventory of campus academic and administrative processes that can be integrated into the enterprise portal. The Implementation Workgroup has directed the Technology Development Team to identify and characterize those academic and administrative processes so they can be inventoried and prioritized for inclusion into the portal.
• The Technology Development Team is recommending three major projects, including the development of enterprise directory services and the implementation of common authentication.

A New Business Architecture Web site was launched on January 7, 2002 (see http://nba.ucdavis.edu/) and campus members can now add an NBA channel to their MyUCDavis portal. Both provide access to general information, frequently asked questions, meeting minutes, etc. A listserv (nba-info@ucdavis.edu) is available for general inquiries regarding the New Business Architecture Initiative at UC Davis.

Campus Data Administrator Diaz-Flores reported on changes made to the proposed Access to Institutional Data policy in response to requests made by Council members at the December AdC3 meeting. Diaz-Flores met with the Data Stewards Committee to address and implement the requested changes.

Diaz-Flores reported that the Data Stewards' review raised two main issues regarding the listing of responsible data trustees.

• The stewards were faced with an increasing list of data subjects, some of which did not have a discernible trustee.
• The stewards also were concerned about the trustee role the deans of the colleges should play. The stewards recommended that the Council of Deans and Vice Chancellors (CODVC) be identified as the trustee for institutional data covered by the policy.

Highlights from the dicussion follow:

• Council members commented that the CODVC is a committee appointed by the Chancellor. As such, the Chancellor's Office will need to be consulted before proposing the CODVC serves as the trustee for institutional data.
• There are specific requirements of the University of California Security Policy, BFB IS-3, that would also need to be addressed by CODVC if it is defined as the trustee. Diaz-Flores replied that the data stewards believe that the policy issues would rise to CODVC anyway.
• Council members inquired about what makes the process of identifying the data subject areas and the trustee difficult. Diaz-Flores replied that the list of data subjects that require a trustee grew very rapidly, and there are interrelationships in the data subject areas that make it difficult to identify distinct trustees. Council recognized that interrelationships amongst data required involvement of more that one single trustee, but suggested that identifying all the subject areas was critical. Council also noted that the CODVC might not be the most appropriate group to take on data trustee responsibilities.
• Council also addressed the need for a clear statement in the policy indicating that access to institutional data is open, consistent with state and federal law as well as University policies. Council commented that security incorporated into applications to protect data from unauthorized viewing is expensive to maintain. Applications could reduce this cost if open data standards were applied. Diaz-Flores will prepare a new Statement of Principles regarding data access for inclusion in the policy to be reviewed by Council before the next meeting.

Council directed Diaz-Flores to modify the policy to reflect the issues raised and to work with Council staff to obtain Council review before the next meeting.

Doug Hartline reviewed the status of the campus modem service and informed the Council that a decision needs to be made regarding the continuation of modem service to the campus community. Funding for the modem pool was granted only through the end of the 2001-2002 fiscal year.

Hartline reported a decrease in usage on the campus modem pool compared to last year. Recent statistics show that modem users never receive a busy signal and the contention ratios established for the modem pool are no longer reached for the staff and student pools. Hartline also reported that the roll-out of DSL and the City of Davis Telecom access initiative have not proceeded as rapidly as originally thought.

The continuing annual cost to provide the modem service is approximately $272,000. This cost covers the line charges paid to Pacific Bell as well as equipment maintenance. Costs related to support staff as well as Internet and backbone charges are separate and were included in the Network 21 costs.

Council inquired about alternatives for funding the modem pools. Highlights of the discussion follow:

• Council discussed the extent to which the existing number of modems (and lines leased from Pacific Bell) could be reduced, given the decrease in usage. Hartline noted that we could increase contention to an acceptable ratio and save approximately $10,000/year.
• Council discussed the possibility of instituting a fee for modem pool use. Hartline noted that the expense of developing a way to bill for the service could exceed the current costs of providing the service. The estimate for providing the existing service is $27 per year. Vendor estimates for billing the University for the service would be double this estimate. If the vendor billed users directly, the monthly cost would be greater.
• Council also examined the extent to which support of the modem pool is still a high priority for the campus, particularly considering shrinking budgets and competing projects. Council noted that approximately 50% of the total student and faculty population use the modem pool.

Council agreed that the modem pool still represents an important service to the campus community. As such, support of the modem pool should be continued for the upcoming year. Council agreed, however, that long term, as usage continues to decrease, the campus should consider gradually retiring the modem pools. Council requested that Director Hartline determine the cost savings that could be achieved by reducing the number of modems and raising the contention ratios.

This item was deferred until the next Council meeting in February.