CCFIT > Calendar & Minutes > 1998-2003 Minutes > May 6, 2002 AdC3 Minutes

Agenda

1. Approval of April Minutes
2. Proposed Access to Institutional Data Policy
3. Antivirus Pilot Project Progress Report
4. Incidence Response Project Report
5. Instructional Technology Funds Report
6. Enterprise Directory Services, Pre-Feasibility Report Review

Minutes

Excused/Absent: John Bruno, Mary Duthie, Janet Hamilton, Barry Klein, Celeste Rose, Steve Roth, and Kathi Sylva.

Guests: Sandra Stewart, and Bill Grabert.

Staff to the Councils: Randy Moory, Julie Saylor, and Babette Schmitt.

I. Approval of April Minutes - Chair Smiley

Chair Smiley asked Council members for edits and amendments to the minutes from the April meeting. Council asked for changes to the following items:

• The minutes state that Assistant Vice Provost Shelby summarized the review of the project by Analyst Moory for the Council. This review reports that the proposed architecture for the DaFIS Transaction Processor application is "not totally consistent with the New Business Architecture vision of providing access to all services through the enterprise portal and of ensuring single sign-on for major applications." A member expressed concern with this statement and felt that the proposed DaFIS Transaction Processor application is consistent with the NBA vision. Moory replied that the proposed application rewrite identifies two client architectures, a browser client and a "rich client". The "rich client" is not described in the proposal as one that would be presented through the browser, but as a thin client with direct access to the application server architecture. Moory reported that this client architecture would probably be incompatible with the objective of single sign-on. Associate Vice Chancellor Allred replied that it is their goal to make the application and the client architecture consistent with the New Business Architecture vision.
  
  
• Council members sought correction and clarification of the bullet items in the paragraph describing the Council's discussion of Item 2. Members asked that the last sentence be deleted from the first bullet. Council member Allred clarified the second bullet item, stating that input from the Customer Advisory Team was an ongoing endeavor throughout the project. Allred also clarified the last bullet item by indicating that only UC Davis and the University of Indiana use the DaFIS software.

The following is a restatement of the minutes with the proposed edits and clarifications:

Council's discussion of this item focused on the following points:

• The relevance of this project to the New Business Architecture initiative. Allred explained that the rewrite is intended to be in alignment with the NBA vision.
  It will not be performed by the NBA Technology Development Team, but by members of the Office of Administration, Information and Educational Technology, and others.
• Input from the DaFIS Customer Advisory Team. Allred noted that the CAT has been consulted and will continue to be consulted on an ongoing basis throughout this project. The new application will be built so it is flexible and can be expanded to meet changing customer and business needs.
• Impact on users. Allred mentioned that the new application will look different to users, but it is
• Comparable experiences at other campuses. Allred noted that the DaFIS team has been in contact with a number of universities, looking for opportunities to collaborate on the development of a Java-based rewrite of DaFIS (the TP application was originally designed for Indiana University and has been adopted by UC Davis).

Abby Zubov, Director of Internal Audit Services, announced that the proposed Access to Institutional Data Policy has been sent to Policy Coordinator Dottie Burton for formal campus review. The proposed review process includes the Administrative and Academic Computing Coordinating Councils (AdC3 and AC4, respectively). Zubov reported that the policy was refined to incorporate the comments received from this group prior to submission for formal review (see January minutes). Zubov also announced that a campus directive has been drafted announcing the new policy. It will be distributed once the review process is completed and the campus has officially adopted the policy.

Bob Ono reported on the outcome of the antivirus pilot project announced at the January meeting (see January minutes). He noted that recently the campus has been experiencing a significant growth in email virus outbreaks. Ono shared copies of a proposal to acquire and install antivirus software on the main campus email servers. The pilot team proposes to purchase antivirus software by Trendmicro. This product is expected to be capable of handling the current and projected volume of email processed by the main campus servers. Ono indicated that Trendmicro is used by large companies, like Microsoft, which handle a significantly greater volume of email.

Ono noted that Information and Educational Technology (IET) is taking steps to implement the proposal. This includes the selection, acquisition, and installation of new software and hardware.

Council asked about the extent of the coverage Trendmicro software will provide. Ono replied that the license will be large enough to cover all UC Davis email account holders though the software will be installed primarily on all email servers managed by IET. The campus departments that run their own antivirus products on their servers could choose to replace their existing software with the Trendmicro software at no cost. Similarly, those departments that do not currently run any antivirus software on their email servers could take advantage of the Trendmicro agreement. Council asked if there were any advantages to continuing to use a different product. Ono replied that the main advantage would be if the product's virus definitions were updated more frequently than the Trendmicro software.

Council discussed the merits of requiring all campus departments that run email services to install the Trendmicro antivirus software. Council members agreed that the campus would benefit from defining, and requiring compliance with, minimum antivirus standards for all email servers. Such coverage would reduce the campus' vulnerability to email viruses. Ono added that there is also consideration of pushing antivirus client software updates to student computers in the residence halls.

Security Coordinator Ono reported on the proposal to establish an Incident Response Team for the campus (for background information, see October minutes and the charge to the project team). Ono informed the Council that there has been an increasing number of security vulnerabilities and breaches in network and computer systems on campus. To investigate and respond to these security incidents, Information and Educational Technology (IET) is proposing that UC Davis establish an incident response team as one component of comprehensive security architecture. The proposal outlines the framework for this incident response team, the objectives to be met, the associated costs, as well as the required tools, hardware, and software (see proposal).

Council asked if this proposal constituted a budget request from IET. Ono replied that the intent of this report was to make the Council aware of the proposed approach and forthcoming request. This is an item on the list of possible technology projects that Council reviewed last month.

Council asked what structures already exist on campus to address these issues. Members commented that electronic abuses are reported to the misuse committee. Ono noted that the existing processes leave many incidents unresolved. This new framework would establish processes and procedures to prioritize incidents, expand the reporting and tracking of those incidents, and engage other on- and off-campus organizations, depending on the nature of the incident.

Analyst Saylor presented an overview of the status of the expenditure of Instructional technology Funds (ITF) for campus technology projects. Saylor summarized how the funds were being allocated and the priorities identified to date for the remaining funds. Saylor reported that only $610,000 in permanent funds remain unallocated. In addition, some limited funds were carried over from previous years. Functions to support with these funds include remote access (campus modem pool), the Instructional Use of Computing (IUC) grant program supported by the Vice Provost for Undergraduate Studies, Mediaworks, and the Virtual Chemistry Lab. All of these items had previously received funds from this source.

Saylor asked Council for their advice on how to distribute these funds next year. Saylor commented that there were insufficient funds to fully support all the programs.

Council asked for a description of each program. Given the nature of these proposals, members suggested that the Academic Computing Coordinating Council would be better positioned to prioritize them. Saylor noted that she would return to the Council with a proposal for allocation of the funds.

Dave Shelby, Chief Operating Officer for Information and Educational Technology (IET), reported on the feedback received on the Pre-Feasibility Study for the Enterprise Directory Services Project. Shelby noted that the pre-feasibility study was discussed at the previous Council meeting (see April minutes).

Shelby indicated that the feedback was constructive and that no major concerns were raised by reviewers. Shelby indicated that two specific points stand out from the feedback received to date: the nature of this project's shared governance, and the need to collaborate on an ongoing basis with the campus during the project. Shelby confirmed that active and comprehensive campus involvement is one of this project's top priorities. He noted that the project plan accounts for significant engagement of campus units affected by the project. These include but are not limited to system owners, business users, the technology community, and New Business Architecture team members. Shelby indicated that one reviewer commented on the possible underestimation of the needed resources to complete this project.

Shelby summarized the next steps he expects Vice Provost Bruno, sponsor of this project, to undertake:

• IET will prepare an addendum to the Pre-Feasibility Study to address the feedback received from the campus.
• A detailed timetable will be developed for project tasks and milestones.
• The budget will be reviewed to determine whether the project could be accomplished by leveraging existing resources or by seeking 3 new FTE.
• Shelby reported that IET has started to engage UCOP in the project. The team is following up on opportunities for collaboration discussed with UCOP in the past 2 weeks.
• IET will return to the Council next month with a budget request and detailed project plan and timeline.

Sandra Stewart continued the discussion of the feedback on the pre-feasibility study report. Stewart summarized the issues conveyed in the feedback and the response to that feedback (see handout).

Council discussion of the Enterprise Directory Services project produced the following highlights:

• Council offered additional feedback on the pre-feasibility report. Members suggested that the project should consider a phased approach. The modification the project will require of the business systems could put a significant burden on the system owners.
• Council discussed the need for collaboration with the business system owners. Members commented that the business system owners would need to decide the need for data in the directory and registry and that consultation with the business rule experts would be needed to help guide the process. Shelby replied that the process envisioned by IET required significant involvement of the campus system owners as reflected in the lists of individual the team will consult with. (See handout)
• Council asked about the return expected from the Enterprise Directory Services project. Stewart replied that the return will be distributed widely throughout the campus, but savings would occur from reducing duplication of efforts and generally doing things only once whenever possible. Stewart specifically identified the current distributed reconciliation processes for duplicate address entries in existing systems. Members commented that this process would just transfer the costs from several systems to one central system. Stewart replied that the campus could expect a reduction in the duplication of effort. Different reconciliation processes currently exist for different administrative systems.