Stephanie Obodda – 2-Step Authentication
Provost is making 2-step authentication mandatory for Shibboleth at Brown.
App is available for Windows Phone / Android / iPhone. They are also adding a “Print” button in MyAccount to print access codes rather than having to physically write codes if not using app. There will be setup training sessions for using 2-step authentication.
Presentations at faculty meetings (or other meetings) can be scheduled with Stephanie.
2-step works with app for smartphone, phone call, text message, or printed passcodes from MyAccount. CIS will provide UBkey (usb key) for an additional option, if necessary. Currently, CIS has loaners available in the Help Desk.
You can set the browser on the computer to remember the authentication for 30 days.
The most common way that the accounts have been hacked is via Phishing.
If 2-step isn’t working, call the Help Desk / IT Service Center. M-F 8:30AM-8PM. Assessing training student management for night/weekend help.
If laptop or phone is stolen / lost, you should change your password.
it.brown.edu has 2-step information at the top of the main page.
This will be coming for AD (beyond just Shibboleth) and VPN in the future.
Faculty and Staff need to log in prior to starting, to set up initial pre-employee work. They will be prompted upon first login. Still planning when the 2-step will go into effect for incoming students…expecting to be their commit date.
Sponsored ID’s don’t have a timeline yet, but will become 2-step required at some point.
Duo is one of the largest providers for 2-step and should work worldwide.
If you don’t have any cell or wifi signal, you can generate a passcode with the app and input for the Shibboleth page.
If someone gets a Duo request that they did not generate, they should decline the request and change their password.
Please feel free to download an audio recording of the meeting
1. Pat Falcon – Cyber Security Month
a. Promoting 2 step authentication
b. Safety Clinics around campus – training sessions include IOS device safety, android device safety, Encryption and SSL/TLS.
c. Quiz each week at events – chance to win raffle – ipad mini and other prizes
2. Chris Grossi – Announcements
a. Keyserver upgrade went bad this morning
b. Adobe software download and licensing changes. Change to using non-serialized version of adobe creative cloud software. This will require people to sign in on brown owned computers. If you still have serialized versions of adobe applications, you will need to use the serial removing tool to properly install and license adobe apps through the creative cloud downloader.
c. Mac OS 10.11 is looking good – CIS is comfortable saying go ahead and install.
d. Lowering Sophos license count – Please Upgrade from Sophos to SCEP (System Center Endpoint Protection)
3. Chris Grossi – Endpoint Engineering
a. Client Engineering is now Endpoint Engineering – Endpoint referring to the technology in your hands.
b. Personnel and what they do will mostly remain the same.
c. Chris would love to hear feedback – Is what we are doing working for you?
4. Chris Grossi – Upcoming changes
a. The future of computing makes the desktop/laptop an “appliance”
b. Remote App demonstration – allows users to run applications over the network on a terminal server, but the end user only sees the application interface. This can allow Windows only apps to run on Mac. Apps include Statistical Analysis software, core applications such as web browsers, and adobe applications. They would like to scale this up to make it available to everyone on campus, but that will require additional hardware and licensing.
c. Chris demonstrates launching Arcmap through Remote App.
d. CIS is still working on making profile redirection and how to implement it.
e. Chris goes over operating system and software deployment using SCCM. Task sequences can be configured to layer on software without the need for IT intervention. Windows gets installed, updated, and core software installed as configured through SCCM. They are working on providing IT personnel a choice during deployment for what software they want to have installed. Task sequences can be set up for different departments so that software gets deployed based on what the department needs are.
f. The 2015 software survey is coming out soon.
g. Print server changes – Plans in place to Migrate or bring up new PPrint server to Server 2012.
h. We may not need a dell standard image with the upcoming deployment options. It only takes about 45 minutes to do a build and install all the core software you need.
Pat Kinghorn introduced the newest members of the DCC Steering Committee.
Jason Jacques—ITSC Campus Life
Announcements – Chris Grossi (Client Engineering)
Another round of System Center Training will starting on Oct 19th. Contact Chris for more details.
Successfully launched Remote App for ArcGIS as a pilot for class this fall.
Windows 10: We still don’t have a stable VPN solution and are waiting for the F5 folks.
There is a planned replacement of Sophos with Microsoft’s System Center Endpoint Protection by the end of October. This new solution will not run on OS 10.7 or 10.8 so Client Engineering is working a solution for those operating systems. More news to come at our next meeting.
It has been a couple of years since Ravi was last at our DCC meeting. He covered a lot of the changes that have happened since he has been on board. He also discussed a little bit about the Deficit Reduction report but did not want to say too much until the report was released. Below is a list of some of the changes/additions:
Adobe Create Cloud
Wireless improvements (on going)
CIS focus on customer service
For more details on Ravi’s presentation, please listen to the Audio Capture of the meeting and also the slides (when they are posted.)
Next meeting will be October 14th
This month’s notes by Gary Bryson.
Chris Grossi (Client Engineering) gave the following announcements:
Brown’s contract with Sophos ends in October and will probably not be renewed. We are thinking of moving to Microsoft Security Essentials. The ITSC group is working on a Casper uninstaller for the Macs that have Sophos already installed.
Brown is upping its concurrent Sibellius licenses to 50. However, the server can only run one version of Sibellius so we will need to upgrade to v. 8.
CIS cluster computers will be updated to Windows 8 and we will probably mount home folders for students so that they can save their work.
Windows 10 update: VPN is still problematic as the F5 folks have not released a Win 10 compatible client. Some users who did an upgrade in place are experiencing network issues. Those who have wiped their HD’s and done a clean install seem to be okay.
Folder redirection is on hold and under review.
Client Engineering hopes to present at the October DCC meeting.
Wendy McRae-Owoeye (Director of Diversity and Inclusion, Office of Institutional Diversity) and Amanda Walsh (Title IX Program Officer) spoke to the group about the upcoming on-line training: Preventing Discrimination and Sexual Violence: Title IX, VAWA and Clery Act for Faculty and Staff. They will share the link to the training so that we can try it out to anticipate any technical difficulties our users might encounter.
David Sherry, CISO, talked about privacy and security issues at Brown and what his group is involved in (often behind the scenes). His slides can be viewed on the DCC Presentations Page
Chris Grossi – Announcements
- Margaret Doll’s final meeting – retirement!
- DCC BBQ in July
- Adobe Software for Brown Owned machines, close for home use and students. Email Chris if interested in testing on personally owned computers.
- Access based enumeration coming 2 weeks from today. Feeling good, but want to wait until after commencement.
- New image for 7450 laptop. Updated Dell Premier page coming soon.
Catherine Zabriskie – Academic Technology / Ron Dunleavy – Media Services
- Goal is consistency for classrooms (and event spaces) across campus.
- Sayles Hall and Pembroke were recent large projects
- Sayles Hall typically had audio issues
- Issues have since been solved with upgraded audio system.
- Pembroke 305 also had audio issues.
- Display and audio have been upgraded and are now working flawlessly.
- Pembroke can be booked by all, but do charge for cleanup.
- Want rooms consistent for faculty to be comfortable setting up and running.
- Consistent A/V also allows for better maintenance and troubleshooting of problems.
- A/V renewal is on a 4 year upgrade schedule.
- Ron will work with departments for spec’ing A/V hardware for department spaces.
- “Flipping” is a new style of teaching where students ingest content prior to class meeting allowing for more discussion during class. Multiple displays throughout the room allows different projection needs.
- Wireless projection is appearing in multiple classrooms.
- To maintain consistency, VHS has finally been removed from media spaces.
- Catherine can help assist in getting VHS media transferred to a more modern format.
- Catherine is going to poll the community at large about technology in teaching spaces to help get all A/V equipment across campus on a 4 year update schedule.
- Add wireless speedtest.net results in the classroom as well for networking sake.
Doug Wilkinson – Networking
- Upcoming summer projects
- Just hired Pat O’Leary, the new “Don Wright”.
- Equipment refresh on distribution nodes. Fully redundant which avoids downtime.
- Edge switch updates cause downtime for about 8 minutes. Usually run between 6AM and 8AM.
- Networking should be alerted about special, research hi-bandwidth needs for improved performance.
- Networking will work on published schedule for updates.
- Please alert networking of “unavailable” upgrade dates.
- Most upgrades will take place during the summer.
- DNS hardware upgrades coming this summer, but have redundancy.
- Load balancing this summer.
- VPN’s will be upgraded this summer, also redundancy.
- Network Security Zones coming to wireless and VPN.
- Wireless will come sooner than VPN.
- Grouper graduate student group will be moving to the campus security zone.
- VPN is going to switch from LDAP to AD groups via Shib for authentication.
- “Next Generation Wireless Conversion” still moving forward for dorms.
- Philo is the new system for TV at Brown over wireless.
- Management platform that watches every ethernet port which shows which ports haven’t been used in over 1 year.
- 50-60% of ports haven’t been used in over 1 year.
- Hoping to be able to minimize ethernet ports in the future, causing less edge switch update needs.
- You can submit need requests to be considered for priority edge switch replacement needs.
Chris Grossi – Announcements
• Workday will be updated this weekend – Workday will be down for 3 days. Mobile App will also be updated.
• Confidential announcement from Chris – good news coming soon from Ravi! Enterprise Agreement with Adobe
• We have a new Dell Rep – Mark Soloman – Replacing Joe Flynn. Please send any Dell feedback to Mark.
Chris Grossi – Next Generation Desktop Computing at Brown
• Ravi would like Client Engineering to ramp up desktop management as a campus wide service. Includes SCCM and folder redirection to Isilon.
• SCCM on Windows and Casper on MAC for desktop management.
• No good Linux option yet.
• SCCM gets installed automatically when a machine gets put in AD – This is not mandatory – you will need to opt in for this service.
• CIS will be up and running in March, and the rest of campus will be available in April.
• To opt in for desktop management, users will be asked to baseline their machine, which basically means reformat and put on the Brown standard image. SCCM will then get installed and download/install the standard software – can have department specific configurations.
• Encryption will be an option.
• Working group has been set up for every other Friday afternoon to work through issues creating install packages for SCCM. Talk to Chris to be part of this group.
• Casper – pre add to AD and pre-add to casper for out of box machines. Once enrolled in casper – task sequences will automatically install software that has been pre-configured ahead of time
• Chris gives live demonstration of folder redirection and SCCM functionality on laptop he has not used.
• Interaction with the computer only takes about 7 minutes, but software installation can take a couple hours depending on what needs to be installed
• This approach provides consistency across workstations – fewer updates and less interaction needed for new machines or rebuilds.
• Offline files will be turned on by default on machines that have batteries (laptops) – Microsoft sync will keep files cached on the device.
• Desktop, Documents, Music, Pictures, etc are redirected
• Only available for Windows 7 at the moment, but Windows 8 will be available soon, but not for a while for Windows 10.
Audio Notes and Stephanie Obodda’s slides on Kayako (The Remedy Replacement) can be found here.
Chris Grossi- Announcements –
Macintosh OS X 10.10.2 is Ok to now download. Wifi issue seems to be resolved.
FileMaker Pro 13 is now available to download to all.
Acrobat 10.10.3 ready to download.
Software.brown.edu page has new log in options. Check it out!
John Spadaro , Deputy CIO came by to discuss 2 factor Identification- only 130 people are actually using this now and he would like to see a lot more as this is a great protection against hacking!
Listen to the audio for more details on 2 factor identification and how it applies to groups, types of phones etc.
Also John mentioned about the changing of passwords and how most have changed but there is still a list of folks needing to do so. Stephanie Obodda has the list and will send out.
Jeff Clark and Stephanie Obodda talked about Kayako!
This will be the new replacement for Remedy. It is leaner, cleaner and easier to use. The system has greater flexibility and also will have an integrated database with solutions to common questions. It also has the ability to manage multiple tickets at once as well as a chat feature, reporting and a mobile app. For more info take a peek at the slides in the link above.
See you in March for a meeting devoted to Desktop Management with the Client Engineering Group in Room G01 Smith Buonanno.
notes by pm