Critical issue 4: Security, reliability, access

How the IT environment can be made secure and reliable while maintaining the kind of access required of an open university. This critical issue has been analyzed and subdivided as follows:

• Security
  • Security 1: Large number of unmanaged or mismanaged computers on our network
  • Security 2: Lack of adequate resources to bring campus systems into compliance with minimum standard
  • Security 3: Need of IT security related education and cultural change
• Reliability
  • Reliability 1: Reliable, centralized backup service
  • Reliability 2: Reliable funding
  • Reliability 3: Reliable, physical network infrastructure
  • Reliability 4: Reliable computing security
  • Reliability 5: Reliable physical environment for information and services
• Access
  • Access 1: Ubiquitous access to appropriate IT infrastructure and services
  • Access 2: Timely and integrated access to online information is impeded by missing or inadequate middleware components
  • Access 3: Physical infrastructure

• The original, tabular presentation of this information can be found in the following PDFs:
  • ITAC Security Draft
  • ITAC Reliability Draft
  • ITAC Access Draft

Security

Security 1: Large number of unmanaged or mismanaged computers on our network

Description or problem statement

UC Berkeley has more than 45,000 systems on our network and a majority of these systems are either unmanaged or inadequately managed. These include student computers, faculty and staff systems in offcampus locations, and computers in departments that lack professional support. Even in departments with adequate resources available, many computers are administered by nonprofessionals out of convenience or tradition. There is no way to track or ensure the integrity of these systems, or to monitor activities. This is a great threat to our ability to fulfill our missions.

Examples of this issue

• Res Halls have over 6000 student systems; all of them are self-managed.
• SNS has blocked network accesses for over X systems in the past 12 months.
• In EECS, 2 out of 5 registered Windows systems were compromised by "blaster", with over 65% of graduate student laptops compromised.

Goals for this issue

• An automated certification-on-entry setup for devices to gain access to our network.
• Inventory (database) of all campus networked devices.
• Adequate authority to enforce IT policies and standards.

Current actions taking place to meet goals

Future actions needed to meet goals

Security 2: Lack of adequate resources to bring campus systems into compliance with minimum standard

Description or problem statement

Campus recently adopted the "minimum security standard" policy, effective May 2004, with a grace period of 12 months. Many of our existing networked computers do not comply, either due to lack of expertise, staffing, or availability of software, or outdated hardware configurations. Systems not in compliance with this policy can be denied networked access. Campus also has provisionally passed "DMUP" which requires data classifications and ownership identification, as well as proper protection for certain data. Failure to comply could put the University at risk for violation of state or federal laws.

UC Berkeley currently does not have any IT organization to provide comprehensive services to assist individual departments to meet these requirements. User-level consultations, evaluations, training, etc., are not readily available. Existing system/desktop management support is not viable for many departments. Funds for technology refresh do not exist.

Examples of this issue

• Technology refresh has not been high priority during budget planning.
• There is no campus organization funded to provide the tracking, monitoring, and consulting for individual departments or organizations to be in compliance with the IT policies (such as DMUP).
• Staff resources in most departments have already been stretched due to the recent budget cuts.
• One of the major concerns from Academic Senate and Deans/Chairs with respect to DMUP is the mandates it imposes but are unfunded.
• DMUP calls for an "office of records" to be established and act as a record keeping for data classifications; however, funding for this, as well as staffing to review and ensure compliancy, is not addressed in the policy.

Goals for this issue

• Create a cost-effective service infrastructure to bring systems into compliance.
• Create an IT audit/consulting organization that is responsible for the auditing of compliancy to policies, reviewing security plans submitted, and providing advises and assistance to the individual groups.
• Emphasize the mandates for SNS, especially the educational/training component, by allocating adequate permanent budget to SNS.
• Create a convenient budget process to help departments or organizations obtain new hardware.
• Provides cost-effective IT services that meet campus needs.

Current actions taking place to meet goals

Future actions needed to meet goals

Security 3: Need of IT security related education and cultural change

Description or problem statement

The cultural climate at UC Berkeley has long tolerated or even celebrated a mixed model in which centralized, distributed, and highly autonomous support schemas coexisted. The culture on campus has been largely value-neutral regarding these models and there is a lack of awareness concerning the security implications to this "anything goes" environment. Increasing awareness of security issues is limited by the difficulty of educating all relevant decision-makers in our environment. Effectively educating the campus on computer security issues is also impeded by the lack of resources for SNS to fulfill the educational component of their mandate.

Examples of this issue

• No funding for user awareness and training for SNS even when it is part of group's mandate.
• Current IST outreach to other campus IT constituents is limited to self-initiated mailing lists and user groups.
• IT awareness is not built into student orientation.
• No outreach to faculty; only limited trainings (mostly application-based) are available to staff.

Goals for this issue

• IT orientations for incoming students.
• Mandatory IT professional certification.
• Periodic campus wide trainings for different focused groups, including faculty.

Current actions taking place to meet goals

Future actions needed to meet goals

Reliability

Reliability 1: Reliable, centralized backup service

Description or problem statement

Not all critical or sensitive campus data is backed up on a regular basis by a reliable backup service. This puts University operations at risk, as well as the core mission of teaching and research.

Examples of this issue

1. There is no requirement that critical data be backed up, nor is a reliable, centralized low/no-cost backup service available.
2. The current central backup system is underutilized and expensive. The cost is out of reach of most departments.
3. Many on campus do not consider backups important until they have personally lost data. (Example needed: actual data loss in a department.)

Goals for this issue

1. Require that all campus data (as defined by DMUP) be regularly and professionally backed up.
2. By December 31, 2004, develop the ability to recover and restore any campus data within 24 hours.
3. Offer fast, free, secure storage (that includes professionally managed backups) to all interested students by December 31, 2005.
4. Insure that 80% of faculty and staff have affordable, regularly scheduled backups in place by June 30, 2006.

Current actions taking place to meet goals

1. A new tape backup architecture has been installed in the campus computing center.
2. A provisional Data Management Use and Protection (DMUP) policy has been adopted.
3. Current % of systems backed up = (IST-CNS central campus backup + department backup) / (total number of faculty + staff)

Future actions needed to meet goals

1. Develop a reliable storage architecture for student use that seamlessly integrates into standard desktops.
2. Acquire funding to reduce or eliminate costs to faculty and staff for a centralized backup service.
3. Ask the Data Stewardship Council to take responsibility for the data backup and retention policy.
4. Work with CalPACT to develop a training program for all faculty, staff and students on policy and options for data backup.
5. Develop heuristics for measuring success criteria for backup, retention, and restoral needs.

Reliability 2: Reliable funding

Description or problem statement

Core infrastructure and services are currently unreliably and inconsistently funded. IT funding inappropriately competes directly with academic priorities.

Examples of this issue

1. Many departments don't have an annual IT budget.
2. Many faculty machines have not been replaced in five years or more because deans and departments have cut or redeployed Commission on Computing (COC) funds.
3. Central services, like CalAgenda, are often funded for capital purchases but not operational expenses, thereby preventing software licenses from being realized and used by students.
4. When funding models do exist, like the campus network funding model, they are often under- funded or out of compliance.
5. Network funding includes a subsidized recharge rate for network operation and technology refresh but the subsidized portion has frequently been under-provided.

Goals for this issue

1. Publish a definition of what "core infrastructure and services" means by February 28, 2005.
2. Publish a model identifying the minimum levels of protected funding required to support core services including remediation, daily operational and lifecycle costs by February 28, 2006.

Current actions taking place to meet goals

1. IST-CNS has published a "lines of business" model that shows costs associated with network services.

Future actions needed to meet goals

1. ITAC to publish a definition of core infrastructure services.
2. Require deans and directors to include clearly delineated IT expenditures in departmental budgets.
3. Analyze funding models at peer institutions and provide concrete recommendations to the Budget office on changes to the existing funding approach.

Reliability 3: Reliable, physical network infrastructure

Description or problem statement

Network services cannot be provided over a substandard, unreliable physical network infrastructure composed of a variety of aging and inconsistent technologies.

Examples of this issue

1. The reliability and performance of the physical network varies greatly, with inadequate funding designated to support lifecycle equipment replacement or to enforce standards in old locations. A good example of this is Tolman Hall, where uneven funding has manifested itself in a very high-performing network in the eastern tower and a very poor network in the western tower. Server-based file storage cannot be implemented due to the inconsistent quality of our networks.

Goals for this issue

1. Publish minimum infrastructure standards for all wired and wireless networks by December 31, 2004.
2. Beginning January 1, 2005, annually publish a lifecycle plan of changes needed to keep all networks up to current standards.
3. Replace the portion of the campus network (currently 30%) that doesn't meet current minimum standards by June 30, 2007.
4. Provide network connectivity at 99.9% availability by June 30, 2007.

Current actions taking place to meet goals

1. IST-CNS has published wired network standards. Unpublished wireless standards exist.
2. Riser projects are renovating the physical network infrastructure on a building-by-building basis as equipment replacement funds from the network funding model are being used to replace network electronics. However, demand perpetually exceeds available funding.
3. 1. Some departments are providing funding for local network upgrades.
   2. A replacement for the seismically poor and infrastructurally inadequate Evans Hall core networking facility is currently being designed. Hearst Data Center Bechtel project.
   3. The new campus computing center was designed to provide redundant network services.
   4. The campus network core, including external connectivity, DNS, and other services, is currently fully redundant.

Future actions needed to meet goals

1. IST-CNS to publish a lifecycle plan for networking equipment.
2. IST-CNS to publish campus wireless standards.
3. Require technical signoffs at each stage of campus capital projects.
4. Complete hub relocation project out of Evans Hall.
5. Secure departmental funds to upgrade departmental networks that are below standard.

Reliability 4: Reliable computing security

Description or problem statement

Processes and practices for safe and secure computing across the campus are routinely missing. When they do exist, they are poorly defined and often avoided.

Examples of this issue

1. Security mitigation now represents the largest portion of departmental IT administrator time and is the greatest contributor to downtime.

Goals for this issue

1. Develop a training program of relevant security requirements and guidelines. Require participation in this program for administrators of compromised machines by April 30, 2005.
2. 90% compliance with campus minimum security standards by June 30, 2006.
3. Year-by-year measurable reduction in unplanned downtime and number of systems security incidents.

Current actions taking place to meet goals

1. 1. Minimum security standards go into effect May 1, 2005.
   2. Most departments are working toward compliance with minimum standards.
2. SNS is building a database to measure the number of security incidents.

Future actions needed to meet goals

1. SNS and Cal Pact to develop a training program on security requirements and guidelines for administrators.
2. CISPC to establish a policy on required attendance at administrator training.
3. Internal Audit and Computer Information Security Committee (CISPC) to develop and plan for security audits.
4. Create an emergency operations and response plan for technology failures and significant security breaches.

Reliability 5: Reliable physical environment for information and services

Description or problem statement

Many campus computing components, including servers, data storage, and network equipment are housed in substandard, insecure and inappropriate spaces such as custodial closets and utility closets.

Examples of this issue

1. Many departmental servers are housed in inappropriate locations. An example of this is: LSCR recently took over the computing operations in an L&S department. No one in the department even knew where the server was. It turned out to be a rack mountable server, without a rack, sitting underneath a bunch of papers in the department's library.

Goals for this issue

1. Develop and publish environmental standards for housing servers and data December 31, 2004.
2. 90% of campus servers should meet environmental standards by June 30, 2008.

Current actions taking place to meet goals

1. 1. IST-CNS has published environmental standards for network electronics. These can be shared and applied to departmental servers.
   2. IST-CNS has written a draft standard for building out environmental spaces that can be shared between network equipment and departmental servers.
2. 1. The campus has a campus computing center that is available to all departments.
   2. Some departments have published standards requiring that servers reside in server rooms.

Future actions needed to meet goals

1. Review standards for network electronics and determine applicability to departmental servers.
2. Develop an audit cycle for departmental servers.
3. Acquire funding to remediate problems resulting from audits.
4. Improve central mail, web, and file sharing services to reduce the need for departments to self-manage servers.

Access

Access 1: Ubiquitous access to appropriate IT infrastructure and services

Description or problem statement

Not all members of the campus community have access to appropriate information technology infrastructure, support, and services. This inadequate information technology (IT) environment is hindering Berkeley's ability to attract and retain the best faculty and students.

Educational institutions that incorporate information technology in better ways than their peers will do better in the competition for great students, faculty, and staff.—Jack McCredie, Does IT Matter to Higher Education? [PDF] Educause Review, November-December 2003.

The base or minimum level of infrastructure and support that is provided to all members of the community is not adequate. No comprehensive definition of a minimally acceptable IT environment has been developed. Technical choices and IT funding models do not adequately address the campus IT environment as a whole and the need for a ubiquitous computing environment.

Examples of this issue

1. Prospective students expect an advanced technical infrastructure including ubiquitous access to online communication and learning resources and unparalleled online resources. New students are finding the Berkeley IT environment less robust and enriching than they imagined or are used to from growing up in the digital age.
   A similar observation applies to today's students. They have grown up using the Web, PCs, and fast-paced interactive games. They expect a good IT environment at the school of their choice. The downside of an inadequate IT infrastructure in higher education is a decline in the quality of students, faculty, and research in the short term, and inevitable extinction in the long run.—Jack McCredie, ibid.
2. All faculty members need access to affordable support for development of academic resources. Many faculty members have less desktop computing support than staff members. Many don't have sufficient technical support to feel confident that they have continuous email access. There is no direct funding for faculty IT support.
3. The network funding models currently being discussed should include consideration of the impact on the campus's ability to provide a robust and ubiquitous network.
4. Cost of access to electronic journals and online academic resources continues to skyrocket. UC should have facilities to host, archive, and deliver academic content independent from commercial providers.

Goals for this issue

To improve campus IT environment to a point where it is possible to provide ubiquitous access (to all campus members at all times and places) to appropriate information technology.

Current actions taking place to meet goals

Possible enhanced funding of ETS to provide support for faculty to develop learning resources.

CNS study of mesh networks for campuswide wireless system implementation.

Future actions needed to meet goals

Define an appropriate standard of access for each campus community segment and develop a method of evaluating progress toward these goals.

Prioritize projects for access enabling technologies.

Develop direct funding stream for faculty computing support.

Provide adequate funding.

Access 2: Timely and integrated access to online information is impeded by missing or inadequate middleware components

Description or problem statement

Critical components of our campus IT enterprise software architecture are either inadequate or missing entirely. Our identity management service (CalNet) is lacking functionality in areas of integration or ease of interoperation with modern software platforms such as J2EE or .NET, and, even more importantly, in failing to provide basic authorization and role data about campus customers. We lack entirely a production middleware messaging layer service that could provide more timely and reliable access to applications and data sources for campus developers to use. These missing infrastructure elements hamper efforts by campus developers to provide

1. simple, reliable, and ubiquitous access to applications and services, and
2. timely, consistent, and complete information about customers within campus applications.

As a result, our IT environment suffers from poorer application integration, security, and personalization capabilities.

Examples of this issue

The campus information technology architecture does not currently support systems exchange that is simple, easy, and integrated.

No real-time messaging exists in campus administrative systems.

Batch processing on many central systems imposes a delay, such as the HRMS lapse. While not everything needs to be real-time, there is still a high degree of unnecessary latency and the windows of acceptable latency are shrinking.

Current identity systems—CalNet, Kerberos and directory services—are homegrown and showing age. There is a serious gap. The e-Berkeley push got things started on a shoestring, but the service is not being managed or maintained (it is languishing).

Everyone thinks that CalNet equals secure; however, we are only maintaining the technical state and are purely in a maintenance mode. The environment has changed. We're behind. There are higher demands and no growth path, no technical plan as to what environments we are going to support in the near future

Goals for this issue

We need software middleware messaging infrastructure to support the improved sharing of data to provide more timely, reliable, and ubiquitous access to applications and services. Developers can use these technologies to improve the quality of access to applications and services by providing and sharing timely, consistent, and complete information about customers.

The campus information technology architecture should support broad access.

Improvement in the identity service (CalNet) that would facilitate simple, reliable, and ubiquitous access to applications and services must be a planning priority.

The quality of access to applications and services, CalNet must provide to applications a more easily available common authentication and a basic authorization view of campus customers in their various roles. This, in turn, will facilitate better application integration, security, and personalization capabilities.

Current actions taking place to meet goals

First production test planned for "CalNet Messaging" and the University Health Services "BizTalk".

Progress has been made on identity systems over the last 4 years—CalNet, Kerberos, and directory services have been implemented.

There are some areas of awareness, planning, and activity in this area—CCS announced that it will look more closely at an identity service—identity management "CalNet", the e-Berkeley portal roadmap, the Calnet identity management system.

Future actions needed to meet goals

Access 3: Physical infrastructure

Description or problem statement

Members of the campus community daily rely on our information technology infrastructure to carry out many aspect of their work. The failure of even one of our main IT systems, such as email, creates a significant disruption to important campus activities. This dependence will continue to grow as additional crucial campus activities are facilitated by our IT infrastructure. The tools provided by it are essential to the conduct of our core missions of research, teaching, learning, and public service and also to promote collaboration among the members of our "coherent but heterogeneous community of colleagues"—Robert J. Birgeneau, Berkeleyan, Birgeneau's on the Job, September 23, 2004.

The campus will need to continue to improve the infrastructure to succeed in many of its new research programs including the computational biology and bioinformatics initiative and nanotechnology initiative. Students and instructors will grow more reliant on the infrastructure as the campus deploys the student portal, Sakai learning management system, and the Library delivers more and more of its scholarly resources via the Web. Finally, all members of the community will need an increasingly robust infrastructure as campus administrative and student services continue to be transitioned from paper-based to web-based business practices.

Although all of the factors listed above will require the campus to invest in the maintenance and improvement of our IT infrastructure, we must be mindful of our budgetary constraints and rising student fees which threaten to jeopardize many students' access to a world-class education. Projects must be selected because they are essential to maintaining existing campus services and advancing our strategic goals.

Examples of this issue

Research:
New research initiatives on campus including the computational biology and bioinformatics initiative and the nanotechnology initiative require the campus to provide researchers in these fields with an extremely fast networking infrastructure and vast data storage facilities to support the transmission and storage of large data sets.

Teaching and learning:
Today, instructors and teachers daily rely on the IT infrastructure for teaching and learning activities. The infrastructure is used to access course web sites, to locate and read scholarly materials, and to deliver instructional content from systems such as CourseWeb, WebCast, Blackboard and WebCT. Use of these services is likely to increase in the near future, and students and instructors will make even more intense use of the infrastructure as the campus deploys the Sakai leaning management system.

Student service and administrative systems:
Almost all of the campus student and administrative services are moving from paper-based to web-based business practices which make greater demands on our legacy IT systems and network infrastructure. Many of these systems must exchange data with one another by performing daily or weekly batch processes that remove the systems from operations for a number of hours at a time. These batch exchanges of data also delay business transactions by days or weeks when compared to the transaction conducted via modern web-service-based technical architectures. The campus has begun and will continue to develop web services like CalNet and the Paperless Payment System to speed the processing of secure transaction, but these new web services will also place greater demands on our network.

Funding models:
Current funding models make it difficult to execute projects that require several successive years of investment. The current funding models also place heavy emphasis on temporary funding for the operation of systems after they are developed. Owners often worry that they will need to shut down a system soon after they have launched a service because they don't have adequate permanent funding to operate the system. The campus needs to identify a more reliable model for funding IT infrastructure projects and operations.

Goals for this issue

Repair the campus infrastructure to prevent the disruption of existing services. Invest in new IT infrastructure to maintain the reputation of the campus as the nation's preeminent public institution of research and higher learning which attracts the best faculty and students.

Current actions taking place to meet goals

IST-CNS is working with the technical staff across campus to identify and prioritize the elements of the campus data network that should be repaired or improved within the next three years. Priority should be given to those elements of the network that should be repaired to:

• Prevent the disruption of existing key campus services.
• Reduce the cost of operating the campus IT infrastructure.
• Help the campus attract and retain top faculty and students.
• Achieve key campus strategic goals.

Future actions needed to meet goals

1. Determine options for making the AirBears network available in all areas of campus where it is important for teaching, learning, and research. Establish how many additional access points would be required to provide wireless networking for these purposes and the cost of operating the expanded network. Also explore other emerging wireless networking technologies such as WiMax that may be more cost effectively for delivering ubiquitous wireless networking service. Determine if it best to continue to invest in 802.11b/g technology or delay additional expansion of wireless networking services until a more cost effective technology becomes available within two years.
2. Have ETS and the Library identify the key elements of the campus infrastructure that need to be repaired or improved to support the broad use of the Sakai learning management system and allow faculty and students to make more intensive use of online scholarly resources provided by the Library.
3. Identify and prioritize key administrative and business processes that should be improved or replaced within the next three nears to reduce the cost and improve the delivery of student and administrative services conducted via the web. Identify key systems and network infrastructure that should be improved to support near-real-time business transactions. Priority should be given to those systems that reduce the cost of conducting these activities or help the campus attract and retain top faculty and students.
4. Identify a budgetary model that allows the campus to invest in multiyear infrastructure projects and provides a reliable model for the ongoing operation of these systems.