Notes of the meeting held Wednesday, June 14, 2000

Present:  Derek McCammond (Chair), Rick Frecker, Jack Gorrie, Emile LeBlanc, Peter Martin, Bruce Rolston, David Shewchuk, Eugene Siciunas, Eva Swenson, David Wortman, Jim Wells, Rob Wright, Carol Robb (Secretary)

Regrets:  Bob Cook, Don Cormack, Peter Clinton, Michael Edmunds, Eric Fong, Graham Kemp, Dave Martell, David Mock, Johathan Ohayon, Alan Rosselet, Paul Tsang

1.                  Bandwidth Consumption and the legal liability of tolerating Napster.  Three American universities (Yale, Indiana and Southern California) have blocked Napster traffic after being sued by the rock group Metallica for violation of copyright licensing agreements. 

You are asked to agree to only download music if you already own the CD.  By allowing access to the Napster server that downloads the music files we are in a questionable legal position.  We ignore at our own peril our liability vis-à-vis the U.S.

We have the means to limit access without having to block it completely.  There are MP3 type files being distributed within and without the University.  The University should have a policy that we do not allow our bandwidth to be used in violation of copyright laws.  The appropriate use policy should clearly prohibit copyright violation.

There are two issues here that need to be dealt with:  (1) Bandwidth and priority on lowering traffic and (2) Policy.  Jack Gorrie’s committee on appropriate use will draft a policy.  Students are subject to the laws of the land.  Perhaps the University should do more to inform students of the law.

With regard to bandwidth, one solution is to identify individuals who are using huge quantities, identify the nature of the use  and, if necessary, throttle them on a case-by-case basis.  When someone using an excessive volume is identified, s/he should be given a warning and if excessive use persists s/he should be cut off.  However, we need an appropriate use policy to justify any action.

2.                  Impact of 3Com withdrawal of support for networking products on our backbone. 

3Com will no longer be providing nor supporting the 3500 type switches needed for the existing campus backbone.  Eugene is investigating alternative product providers.  Under the circumstances, we should be planning to replace the switches.  Eugene will provide Derek with a report and a proposal.  Existing switches will be redeployed to the extent possible during the transition phase and then sold to the highest bidder to attempt to recover some of our investment.

3.                  UTORdial fiscal situation.

There is a surplus of $250,000.  We are planning to drop the price of tokens from $5 to $4 (for 20 hours access). The price adjustment will be made September 1.  Jack Gorrie asked if the $91,000 p.a. subsidy by the Provost’s Office should be discontinued, but it was pointed out that the subsidy from the Provost’s Office was intended to fund off-campus users.  Our price should be dropped as low as possible, while retaining sufficient funds to cover operating costs and to purchase replacement equipment.

4.                  Draft Security Policy for networked computers. 

In response to denial of service attacks, CNS recently did a scan of hosts across the University looking for vulnerable systems.  Sysadmins reacted strongly and negatively to the scan.  The University needs a policy that spells out the rights and responsibilities of UofT network users.  This is not a CNS policy but an institutional policy.  A draft document has been circulated to sysdamins for comment.

Comments have been received that suggest that some sysadmins hold the view that divisions are independent entities and can run their systems any way they see fit. While it is true that responsibility has devolved to the divisions so has accountability, and there is a need for the University to have common policies in some areas.  We need a policy document that allows sysadmins the freedom to run their systems in a way that best suits the needs of their divisions while at the same time to reconcile this with the needs of University as a whole.

Many departments and faculties already have policies on network use and Eugene should get copies of these policies.  If a security problem is identified, CNS will help.  They could put together an “incident response team” as recommended by the TFACNM Report.  Security is a serious problem in some departments.  Departments should be proactive in setting policy and working with CNS in response to specific situations.

Part of the problem is that every staff member has become his/her own sysadmin.  Perhaps the most obvious vulnerabilities could be summarized and distributed on a regular basis so that users know what to look for.  The summary should be brief, user friendly, distributed widely and updated regularly.  Scans will identify particularly vulnerable areas.

If a Department is at risk through careless noncompliance, there should be a centrally enforceable means to correct the situation.  Arbitration in case of disagreement may be handled by the Provost’s Advisor on Information Technology.  Scans are the equivalent of fire drills and most people will appreciate being informed of a serious vulnerability.

A concern was raised about how the monitoring will be done.  Headers, volume and, with sufficient processing power, even the data itself could be monitored by Intrusion Detection programs.  There should be strong strictures on the scans or patterns that are eligible to avoid turning up information that could be potentially embarrassing, personal or sensitive.  There is also the issue of what is archived and for how long.

Eugene will convene a small group including Jack Gorrie, Dave Wortman and Emile LeBlanc to incorporate comments into a revised version of the document.

Notes of the meeting held Wednesday, 10 May 2000

Notes of the meeting held Wednesday, 10 May 2000

Present:  Peter Clinton, Bob Cook, Don Cormack, Michael Edmunds, Rick Frecker, Jack Gorrie, Graham Kemp, Emile LeBlanc, Derek McCammond (Chair), David Mock, Johathan Ohayon, Carol Robb (Secretary), Bruce Rolston, Eugene Siciunas, Eva Swenson, Paul Tsang, David Wortman, Jim Wells

Regrets: Dave Martell, Peter Martin, Alan Rosselet, David Shewchuk, Rob Wright

1.                    Report of the Task Force on Academic Computing and New Media

The meeting was taken up with a discussion of the Report of the Task Force on Academic Computing and New Media.  Input from this discussion will inform the Provost’s administrative response to the Report.

Recommendations 1-3:  It was noted that it would be useful to know what the financial implications of various recommendations are.  The crossover between the TFACNM Report and the Report on Teaching Excellence currently being prepared and the synchronicity between the two Reports were also noted.  The Academic Commons is intended as a vehicle to put academic computing front and centre with an emphasis on how the technology supports the academic mission.

Recommendation 4 is the central recommendation of the Task Force.  The thrust behind this recommendation is the sense that in order to advance information technology within the academic mission there needs to be more support for those who wish to embrace technology but do not have the resources.  CAT currently provides such services but in a very limited way due to very limited resources.  This recommendation is basically to provide such a unit with adequate resources for effective service.  It was noted that if technology is to be introduced into teaching there needs to be a balance between local support and central support.

Recommendation 5:  The Adaptive Technology Resource is primarily a resource for students and is more appropriate within the Information Commons.

Recommendation 6:  There has always been support for expanding the Information Technology Courseware Development Fund.  This recommendation proposes to include unmatched projects as well as suitable student projects.

Recommendation 7:  There is overlap between the Information Commons and the Academic Commons, which should not result in duplication of services.  There needs to be further clarification of student services appropriately located in the Information Commons and faculty services located in the Academic Commons.  Cf. p. 11:  the Academic Commons will create a network of resources.  It is not intended to disrupt or usurp existing infrastructure and resources but rather to create a network of resources across the University.

Recommendation 8:  The Academic Commons would be more aggressive in identifying the need for site licenses, evaluating licenses and putting pockets of users together.

It was noted that archival standards should be developed.

Recommendation 10 is recommending common standards and consistency in classroom construction so that faculty can use rooms easily.  Users must be included in the plan of such classrooms perhaps by strengthening recommendation 18.  

The question was raised about who is running the Academic Commons.  There must be some advisory board with faculty membership to ensure the emphasis is on pedagogy rather than technology.

With regard to classroom management, CNS, IC and Space Management must get together to decide how classrooms will be managed.  Classroom management should be more directly driven by academic needs.  The details of recommendation 8 must be worked out. 

With regard to electronic classrooms, there should be documentation on use available in each room.

Recommendation 12:  It will be too expensive to connect all classrooms.

Recommendation 24 raises the issue of Intellectual Property.  The old policy states that software is owned by the University and this is seen as a disincentive.

Recommendation 27 suggests a more formal mechanism for networking the sysadmin group.

Recommendation 28:  There will be resistance at the local level to this recommendation.  However, if was felt that, if a department affects the integrity of the backbone or misuses technology in such a way that reflects poorly on the University, this is a University issue.  Standards should be established and funds should be available to ensure that departments can meet the standards.

Recommendation 31:  This position would provide a coordinating function to bring together the various computing systems in an official capacity.  The fact that it is a Vice-Provost as opposed to a Vice-President indicates that the emphasis of the position is more academic than administrative.  The new position simply integrates services.  Potential overlaps with other positions are not necessarily a problem.

Recommendation 33:  Departments should be encouraged, not required, to replace equipment.  It must be remembered that departments had equipment lines which have been lost over time to budget cuts.  This recommendation needs to be stated in such a way that it cannot be abused.

Recommendation 34:  When disposing of equipment, ensure that the hard drive has been cleared.

Recommendation 35  

Recommendation 39:  It was noted that this recommendation would be fairly expensive to adopt.

Recommendation 45:  Connections could be wireless.

Recommendation 46:  The University does try to accommodate such initiatives.

Recommendation 51:  Should we provide this service and, if so, should it be provided in-house or by a commercial service provider?  Control, performance and security were the factors considered that led to a decision to provide in-house e-mail.  This is a service that some universities provide, but if we wish to do so we must establish appropriate policies to ensure a reasonable level of service is provided to staff and students.

Recommendation 52 introduces the idea of a portal as a customizable web page (see “my.ucla”).  Portals are effective ways to collect useful personal information.

2.                    Date of the Next Meeting

Wednesday, 14 June, 2-4 p.m.

Notes of the meeting held Wednesday, 08 March 2000

Present:  Bob Cook, Rick Frecker, Jack Gorrie, Graham Kemp, Emile LeBlanc, Peter Martin, Derek McCammond (Chair), David Mock, Carol Robb (Secretary), Bruce Rolston, David Shewchuk, Eugene Siciunas, Eva Swenson, David Wortman, Jim Wells, Rob Wright

Regrets:   Peter Clinton, Don Cormack, Michael Edmunds, Dave Martell, Alan Rosselet

1.                    Chair’s Report

Bell Sympatico’s HSE Help Desk service is quite limited.  It took several calls, which had to be made in the very early hours, to resolve a problem.

2.                    Scans of University hosts for security vulnerabilities

UTCNS conducted a scan of UofT systems with CyberCop.  It was discovered that there are no controls on CyberCop:  anyone can get a copy and use it to determine vulnerabilities in networked hosts.  CNS would like to continue to run scans but recent experience raises the problem of notifying sysadmins without creating security issues.  It was noted in this regard that there is a need for a security policy outlining how devices should be set up, configured and maintained and including sanctions in the event that the policy is not followed.  CNS is investigating making firewalls available on a site license basis. Concern was expressed that mandated security standards could increase costs as well as workloads of sysadmins. The TFACNM has identified the need for improved system security through central funding.  Also, increased costs of security need to be balanced against the costs of being hacked or someone using equipment illegally.  Eugene will prepare a proposal for security with input from the sysadmins.   

3.                    Growing consumption of bandwidth and protocols used

Eugene Siciunas distributed a package of statistical reports with comment.

(a)                 Internet Connection Bandwidth and Cost

(b)                Traffic Analysis for UTORNet/Onet Gateway

(c)                 Onet Traffic Analysis

(d)                Traffix Manager Reports

(e)                 Innis Residence

To date, the University has increased the bandwidth in correspondence with saturation levels which has resulted in steadily rising costs. Eugene has undertaken some analysis to determine what kind of traffic is actually using the pipe.  Analysis has revealed that one user in Innis College residence transferred more data than all of the email messages sent from and received by the University in one day.  Issues were raised in connection with follow up.  Such conspicuous consumption by one individual emphasizes the need for a clear and enforceable policy on appropriate use of information technology that includes the idea of reasonable use of University resources or even restricting use to academic purposes.  Some felt that there is an obligation to follow up because University resources might be being used for questionable or even illegal purposes.  Concern was raised because more and more residences are being connected and this problem could replicate itself.  Jack Gorrie’s committee on the appropriate use of information technology will take these concerns under advisement.  In the meantime, Eugene will follow up with the Principal of Innis College.     

4.                    Ontario Research and Innovation Optical Network (ORION) RFP

ORION will connect all the universities in Ontario via an Optical network and Onet has requested a letter of support from the UofT.

5.                    Web-Mail  rollout update

UTORwebmail is ready to roll out.  It was announced to PDAD&C and sysadmins on 8 March.  This service allows access to UTORmail inboxes while away from the University.  It is intended as an eventual replacement for PINE.

6.                    Corporate Time rollout update

The server and software are being prepared for production. CNS will be ready for production on April 1.  Documentation prepared by the Information Commons may not be ready until mid April.  Corporate Time will be available to all faculty, staff and departments throughout the University.

7.                    Static IP Addresses for faculty and staff HSE users

CNS has determined that it is possible and that the advantages outweigh the disadvantages.  The IP address will be linked to the barcode number.  Post docs are treated as staff by the Library’s Patron data base and hence will have access to a static IP address.

8.                    Wireless Pilot

Hitherto price and lack of standardization have been obstacles to this type of technology.  This is changing and New College residence, Rotman School and Simcoe Hall have been selected as test sites.  It is possible that wireless technology will eventually replace ethernet technology.  The security issues are the same as for current technology such as that used in the public access facilities.  Users will still need an IP address. 

9.                    TFACNM

The Task Force has another meeting scheduled for later this month.  There has been considerable feedback to the discussion paper and there is still time to respond for those who are interested. 

10.                 Date of the Next Meeting

The date of the next meeting is Wednesday, April 12, 2-4 p.m.  However, because that conflicts with the IT Forum, the meeting may be rescheduled.

Notes of the meeting held Wednesday, 12 January 2000

Present: Peter Clinton, Bob Cook, Don Cormack, Michael Edmunds, Rick Frecker, Jack Gorrie, Graham Kemp, Emile LeBlanc, Dave Martell, Peter Martin, Derek McCammond (Chair), David Mock, Carol Robb (Secretary), David Shewchuk, Eugene Siciunas, Eva Swenson, Rob Wright

Regrets: Alan Rosselet, James Wells

1. Chair’s Report
1. The Task Force on Academic Computing and New Media is at the draft-writing stage and it is expected that the final report will be discussed at a future meeting of the Academic Advisory Committee.
2. Discussions of the future of our telecommunications contract have begun. The University signed a contract with Bell for five years with an out at the end of three years. The three years is up in June 2001. If we are going to move to a new local service provider, a significant amount of forward planning is required so Debby Stewart has alerted Bell that we are starting negotiations.

2. UTCNS Plans for Webmail Rollout

The new UTORwebmail service will be accessible from anywhere on the Internet. It will eventually displace PINE. The new service offers control, better service and UofT identity. Rollout will begin soon. New service has the support of the Task Force on Academic Computing and New Media. In response to concern about security, the Committee was informed that the new service will initially offer the same level of security that users currently have. In order to avoid over-subscription, the new service will be rolled out quietly. Capacity can be increased by adding new servers, but initially it should grow in a controlled fashion. Training should not be necessary; users simply log on through any browser. The Information Commons will prepare documentation and provide support.

3. UTCNS Plans for UTORschedule

The scheduling/calendaring program "Corporate Time" has been developed by a Canadian company, CST, with an impressive list of customers throughout North America. It, deployed as "UTORschedule", should eventually replace Meeting Maker. One advantage of the new program is superior scalability, as well as both web-based and direct interfaces. UTORschedule will be available on a central server, but departments that run their own servers can also benefit from the site license. The program can schedule individuals or groups. It works at both the individual and the departmental level and can also be expanded to class scheduling and room bookings, (other than those booked through the OSM). The initial deployment will be to groups that have LAN or sys admins to support their users. The WTS group of CNS will provide second-level support. The wider the use of the program, the stronger the argument for central funding and support. The Faculty of Architecture expressed a desire to be an early adopter of UTORschedule.

4. UTORdial Update

Eugene Siciunas distributed several statistical reports with comment:

1. Jan. 1, 2000 UTORdial Token Subsidy Distribution
2. System Accounts Summary Report (as of 01/10/2000)
3. 56 Kbps modem access
4. Weekly Statistics (01/03/2000 to 01/10/2000)
5. Tokens and Connect Time
6. System Utilization Graphs for UTORdial (01/11/2000)
5. Megabit Modem Update

Service seems stable and reliable. Direct connection to UofT is very good. It is not obvious in the documentation how to access UofT directly. The web pages need to be improved. More statistical reports were presented with comment:

1. Megabit Accounts Summary Report (as of 01/10/2000)
2. System Utilisation Graphs for Megabit Access
6. UofT to ONet Bandwidth Update

UofT’s bandwidth to the Internet was upgraded from 20 Mbps to 25 Mbps on Jan 10/00. The cost has gone up but not proportionally. Since September ’96, costs have increased by a factor of four, but the bandwidth has risen by a factor of fifteen..

Charts distributed at the meeting include:

1. Internet Connection Bandwidth and Cost
2. Traffic Analysis for UTORNet/ONet Gateway (01/11/00)
3. Traffic Analysis for UTORNet/ONet Gateway (01/12/00)
7. Backbone Network Upgrade Update

The Backbone project is 100% complete.

8. Final Y2K Update

No significant problems have surfaced but systems will have to be monitored for the rest of the year.

9. Date of the Next Meeting

Wednesday, 9 February, 2-4 p.m., Board Room, Simcoe Hall