Special Thanks to This Year's Sponsors!
Technology Abstracts
Deploying PGP Whole Disk Encryption in Mac OS X
At SIGUCCS 2008, the Department of Surgery at the University of Washington School of Medicine (UW Medicine) presented an overview of how we selected and implemented PGP Whole Disk Encryption (WDE) for our fleet of Windows XP laptops. At that time the Department of Surgery had just begun testing PGP’s new WDE product for the Macintosh. Now we’re back to report on our results.
Our PGP rollout has taken many twists and turns over the past two years. Departmental users on the Macintosh platform had been on a rollercoaster ride as solutions like FileVault were considered and rejected, even while the department moved ahead with deploying PGP to Windows users. When PGP introduced their WDE product for the Macintosh late in our project, our Macintosh solution finally began to take shape.
An analysis of our PGP Universal solution will be presented, including a technical overview, issues in deploying WDE to our Macintosh fleet and how this has differed from our Windows deployment, user training and support, and troubleshooting. An overview of current encryption products for the Macintosh will be provided, as well as our set of best practices, which will be beneficial to anyone considering deploying an encryption product to a fleet of Macs.
Desktop Data Security and Management
Effectively managing end user data on desktops and laptops in Higher Education is probably the most difficult task faced by IT managers. It is relatively easy for centralized computing services to lock down and backup servers and regulates access to data for administrative computing but how do you effectively regulate and secure sensitive data that is created, downloaded and used on a desktop or laptop? How do we ensure that user data is backed up on a regular basis and easily accessible? How do you establish and enforce policies and guidelines for backing up and securing data on desktops? This session will explore and discuss the issues and problems faced by Colleges and Universities in relation to managing and securing data on user desktops and laptops as well as explore the most effective way to create and enforce desktop computing guidelines and policies.
Greening Your Computing Technology, the Near and Far Perspectives
"Green" computing has become a popular and trendy topic. Many companies are exploring methods and policies to use green technologies. Most merely scratch the surface, however, of greening computing technology, which is often seen as a necessary energy evil. At Colorado State University, we have gone beyond the surface polishing and explored some practical solutions to energy efficiency, consumption reduction, and environmental stewardship. Sensitive to the current economic climate, we will discuss how going green can have a significant positive impact on your budget as well. We will present a cafeteria-style plan that campus IT administrators can use to reduce energy use and to reduce or more efficiently use consumables. Projects range from server room (re)design and rethinking computing infrastructure, to energy-wise purchasing decisions and software performance controls. Thin client technology, facility planning, vendor collaboration, client base buy-in, virtualization, energy audits, and using software to balance performance and efficiency will all be on the menu. Wait until you hear how we incorporate the power of the bicycle into computing technology support!
Image Baby Image, Reloaded! Automating Vista Deployment
The task of imaging lab computers can be a complicated and manual process. Education Technology Solutions (ETS) at University of Calgary Information Technologies has endeavored to streamline this process by developing an in-house system. This system addresses the issues of collecting inventory information, loading an image on to a PC, and configuring the PC after imaging.
As a follow up to “Image Baby Image! Making PC Cloning More Efficient”, we endeavor to package a Windows Vista image that can be setup unattended post-imaging.
Upon image deployment completion, the automated configuration process begins at the first reboot. A custom script which we term “Declone” names the PC from our inventory information and joins the domain. Other scripts configure the task scheduler and other tasks. The post-imaging process is mostly standalone, only requiring network access to join the domain.
This system has greatly improved the efficiency of our imaging process and has stood the test of time. We have had success in the past with XP Professional, and it remains to be seen how well it will perform with Vista.
Protecting Intellectual Property and Sensitive Information in Academic Campuses from Trusted Insiders: Leveraging Active Directory
Presented by D.S. Bhilare of D.A. University, India
Insider threat has been the major Information Security issue for business houses for long time. But, Information Security Managers of academic campuses are yet to pay similar attention to the threat. As direct financial losses resulting due to this are not of similar magnitude. However, universities and colleges have sensitive academic and personal records. Also, many institutes are engaged in advanced research and creating valuable intellectual property, which need to be protected. Monitoring insider threats in academic campuses is particularly difficult because of complexity of networks, diverse mix of systems and resistance for strict restrictions. Major challenges include less disciplined users compared to industry users, sharing of terminals, inadequate budgets and fast turnover of student population. There are almost thirty percent new enrollments every year.
Existing monitoring and control methods are inadequate for two reasons: they are able to trace source IP addresses but fail to identify the precise user, performing suspicious or non-sanctioned activities. Secondly, they do not provide real-time actions, as user profile is not known. Given these security challenges and the complexity of protecting information assets across diverse servers, applications, and heterogeneous environment, a new approach is proposed. Identity issue is addressed by capturing detailed network user actions across most major applications and correlating it with directory context to track and enforce institutional policies. This is different from existing approaches, where a traffic oriented view of user activity is provided. The proposed approach provides a low cost and quickly deployable solution as no network changes are required. Proposed real-time tracking and alerting mechanism ensures early warning and also proactively stops transactions in progress without degrading performance. It also facilitates audit automation using rule engine, which is constantly updated by an Intelligent Rule Builder.
RDF, Jena, SparQL and the Semantic Web
The Resource Description Format (RDF) is used to represent information modeled as a "graph": a set of individual objects, along with a set of connections among those objects. In that role, RDF is one of the pillars of the so-called Semantic Web. In fact, Tim Berners-Lee, one of the “inventors” of the Semantic Web, has been known to refer to the Semantic Web as the “Gigantic Global Graph”.
This talk will show how RDF-XML is used to represent information, how RDF graphs can be read and written by using the Jena software package, and how distributed graphs can be queried using the “graphical” query language SparQL. It will include brief examples showing several applications (Twinkle, Virtuoso, etc.) that can apply SparQL queries against live data sets (such as the dbpedia).
Some mention will also be made of using RDF “front-ends” to back-end relational databases to help populate the Semantic Web, and of applications of this technology to bioinformatics research.
This talk is intended to be an Introduction, but it assumes a moderate level of general computing expertise, particularly some experience programming and exposure to SQL. It will include very basic examples in XML RDF, Java, and SparQL.
Reduce Pressure on Students and IT Services via Software-Vendor Programs and Hosting
Supporting computer science and computer application courses requires spending many resources on specialized software. Courses, such as database concepts and applications, depend upon hands-on experience with software to help students understand important principles. Both the university computer labs and students need to install software for homework assignments. Problems include software availability, cost, installation, platform compatibility, and configuration. While academic licensing provides software to students at significantly lower prices, the price may still be too high for some students. Installation and configuration on client/student side may also be a problem. Further, IT departments face the challenge of installing, upgrading and patching the software in student labs.
An inexpensive alternative exists to reduce the burden on both students and IT departments. Several software vendors provide either free software or free centralized hosting with web access. Service, technical support, and upgrades are also provided. Typically, client-side setup and configuration is minimized. Advantages include reducing platform dependence, providing prompt professional helpdesk support and account management, and training for instructors. We have implemented two variations of vendor provided software or hosting. This paper will share our experiences in using this approach to support our computer science courses, especially in our database related courses. We will explain how these technologies fit into our curricula and explore the implementation process including problems encountered such as instructor training and usability.
Thin Clients: Make Them Work for You
Thin clients have been part of main stream technology for over four years now, but surprisingly few universities utilize them. If deployed properly, thin clients provide a whole host of benefits, from reduced need for user support to high-availability to low energy consumption. The College of Engineering at Colorado State University (CSU) has been using thin clients since 2001 and now has an install base of over 500. In addition, CSU as a whole now has 70 thin clients installed as technology “kiosks” around campus. The practical “how-to’s” of getting started will be presented along with an in depth analysis of getting the most benefit from an investment in thin client technology.
Virtualization of Windows Desktop Applications
Bloomsburg University of PA has always held the philosophy of putting all software on the local desktop. We are now attempting a great leap into the world of virtualization. We are working on two projects. The first one will leave core software local but is “virtualizing” specialized programs on the user’s desktop. Another project is to use virtualized terminal services on our library’s search computers in the near future. We are implementing this type of service using Microsoft’s AppV application. This paper would show our successes and frustrations so far. The session would be a very interactive one where everyone can learn where other schools are at in this type of development and discuss our common issues.
Web Based Computer Lab Imaging with Grimiore
We present Grimiore, a web-based frontend for the disk imaging software Clonezilla. Grimiore was created to maintain computer labs in an academic setting. Each class had different needs for software and operating systems, yet classes compromise on what is installed so they can coexist in the same lab. Reinstalling the operating systems on the lab computers simply takes too long to be done daily, for each class. Labs, which are maintained by the professors, also face the problem of malfunctioning computers, and the time needed to troubleshoot the issue or reinstall the computer’s operating system is often not available during the semester.
Grimiore allows administrators to restore and maintain an entire lab of computers, rather than a single computer or a single homogenous image. Administrators can create a lab configuration for each use of the lab, and restore them with a single option. Grimiore stores configuration data for each computer in each class, allowing lab configuration to contain heterogeneous images. Finally, Grimiore is web-based and provides administrative control over the entire imaging system, as well as user level control over a single client computer. Professors can modify entire labs with one operation. Students can repair the computer they are logged into.
logos are trademarks of the Associaton for Computing Machinery, used with permission.