IT@Brown: News & Resources

By and for technology-minded folks at Brown

DCC Meeting Notes – September 13th, 2017

without comments

IT Auditing at Brown

IT Audit at Brown – Presentation

Presentation by: Beltus Ikechukwu – IT Auditor


  • Objective
    • Risk Management
      • Solution oriented approach – the three lines of defense
        • 1st line – Management Controls, Internal Control Measures (Example: Endpoint engineering/DCC’s)
        • 2nd line – Financial control, security, risk management, quality, inspection, compliance (Example: Mark Dieterich)
        • 3rd line – Internal Audit
    • Internal audit at brown
      • Independent, objective(does it make sense), assurance and consultative activity designed to add value to the organization.
      • Mission at Brown – Help the Corporation protect University resources and enhance the achievement of enterprise-wide strategies by evaluating and monitoring risks, processes and policies significant to the University’s mission.
      • Vision – Excel as value-added service that is committed to your goals.
      • Authority – Has free, full and unrestricted access as necessary to all and any University information, activities, records, property, etc
      • Process- Risk based approach, Project Planning and Risk Assessment, Test Work, Reporting-Draft and Final, Follow-up
    • It audit at brown
      • Focused on risks that impact
        • Organizational Units – Centralized and Decentralized IT Processes,
        • Infrastructure – Networking, Compute, Storage.
      • A simple control Model (SANS 20) -See slide show page 15


  • Potential Risk – Insider threat, Point of Sale intrusions, Cyber Espionage/phishing/ransom ware


  • FAQ
    • How is my department selected for an Audit?
      • Risk assessment or your request
    • How long does an audit typically take?
      • Depends on size, complexity, and strength of internal controls
    • How much of my time will the audit require?
      • We are considerate
    • How can I prepare for an audit?
      • Have key documents ready.
    • How confidential will the information I provide to you and my audit report be?
      • All info received and managed by the Office of Internal Audit Services is held at the appropriate level of confidentiality.


  • Common Findings
    • Lack of formalized policies and procedures
    • Inappropriate access management
    • Segregation of duties
    • Mis-configurations
    • Change management
    • Data Security



  • Most of us have our first encounter with IT Audit due to an incident, what is the threshold for when an IT audit will take place
    • Answer – Auditing can take place during an incident to bring in an outside perspective like another set of eyes. It can be used as a time to help solve the issue while knowing the risk has been lowered or removed. There is no specific threshold.

Chris Grossi – Announcements

  • Mary Salvas has announced retirement
    • Licensing issue’s will go through Chris Grossi
  • Remotes Apps have been rolled out to everyone
  • PPrint upgrades were overall successful
    • Over 700 queue’s
  • Looking for interest in Adobe Stock software
    • The software provides a library of stock images.
  • Keyserver – Users should be seeing messages notifying them to upgrade to newer non-keyed software.
  • Google Drive app – being deprecated


Link to audio :

Written by Jason T Jacques

September 18th, 2017 at 9:35 am

Posted in Uncategorized

DCC Meeting Notes – August 9th 2017

without comments

Chris Grossi –  Announcements

  • The Endpoint Engineering Team is hard at work developing PXE Boot for OSD. There will be more information coming on this in the near future.

Don Rogers – A Brief Introduction 

  • The new Associate Director for the IT Service Center Don Rogers came to say hello, introduce himself and speak a bit about the departments and people he now manages. Don will be managing the IT Service Center, the IT Support Consultants as well as the IT Helpdesk.

Stephanie Obodda & Gillian Bell – Zoom

  • The campus has recently signed an exciting new agreement to allow everyone on campus access to a Video Conferencing Service called “Zoom”
  • For more information about the features and implementation of zoom please check the link below.

Meeting Audio

Meeting Audio – August 2017 DCC Meeting

Written by Colin D Johnson

August 15th, 2017 at 10:46 am

Posted in Uncategorized

7-12-17 Meeting Notes

without comments

Jeanne Spinosa

  • Phone training available for the new Cisco phone system

Chris Grossi

  • Mathematica – Late for renewal, but continuing work on licensing. Currently in the grace period, but expect renewal by Friday.
  • Dell continues to be issues for the University
    • Still working with Jason to get things fixed
    • Pro Support Plus is included, but requires a custom quote
    • Property of Brown University label not always being applied, attempting to rectify
  • Desktop Management Working Group –
    • Drive Mapping Conversation this Friday
      • H: (home)
      • S: (shared – DFS)
      • Q: (classes)
    • Making progress with PXE boot. The following Tuesday DMWG meeting should have a demo.
    • Encryption – Working on key retrieval updates
      • Machines coming out of OSD are ready for encryption
    • RemoteApps – On track to offer to to everyone for the fall
    • Project landing for Papercut and RICOH at South Street Landing with possibility of expansion

Mike Connetta

  • Cannon fleet transition – from Graphic Services to CIS
    • Billing will be changing, details still being worked out
    • NECS is still the acting company for service
    • Price will not be changing
    • CIS will be providing Canon printer/copier recommendations

Ron Dunleavy

  • Tech Updates
    • Zoom web conferencing – coming down the pike (instead of WebEx)
      • More stable and easier to use
    • Personalized classroom experience
      • Occupancy sensor in rooms and auto detect for projectors and screens.
      • Room will automatically shut down without signal detection after a certain period of time
      • Tweaking GUI for touch panels to simplify the experience
        • 85 Waterman 015 (check room schedule in 25Live and test during open block)
        • Also upgraded 2 BioMed rooms
          • Laser Projector
            • Instant on and off
            • 20,000 hour lifespan (vs. 2000 hours for lamp)
            • Quiet
    • Panopto/lecture capture added to some event spaces
    • Lost 19 classrooms from Wilson Hall
      • New swing spaces are being provided with repurposed equipment
    • Services that Media Services offers
      • A/V Consultations
        • Quotes to installation
      • Event Planning
        • 10 day minimum requested
        • Flat labor rate of $85/hour of technician
        • Free technician setup provided
      • Production
        • Flat rate for video recording
      • Ambient Sound and Shanix are preferred vendors
        • Local with quick response

Written by

July 12th, 2017 at 12:39 pm

Posted in Uncategorized

DCC Meeting Notes – 5-10-17

without comments

Chris Grossi – Announcements

  • Dell is taking longer than anticipated updating the Premier Page with the Standard Configurations
  • Looking at PXE boot for OSD
  • Matlab TAH renewal is in process
    • May need to authenticate with Matlab account when using Matlab in public labs
  • SAS renewal is in process
  • Filemaker 16 has just be released, working on packaging and updating
  • Working on obtaining licenses for Scrivener

Stephanie Obboda – Virtru FAQ

  • Encrypted Email Solution – Nearly ready to roll out (hopefully in June)
    • End to end encryption
    • Does not protect against Gmail password hacks
    • Virtru detects SSN’s and recommends encryption
    • See FAQ at following link
    • Training Service Center to determine if Virtru emails are real or phishing to assist University questions

Josh Lamont (Telecommunications) – CISCO Phone Conversion Schedule

  • All infrastructure deployed
  • 35% of phones are deployed
  • 2200/6600
  • Call Centers
    • IT Service Center
    • Financial Aid
  • October 2018 Completion Date
  • Challenges
    • Are buildings PoE/UPS ready
    • Building verification confirming switch ports and tap IT’s
    • Populating 911 info
  • What we’ve learned
    • General Users
      • Single line
      • How to change wallpaper/ringtone
    • Power Users
      • Multiple lines
      • Significant difference in multi-line/multi-appearance
      • Forwarding of individual lines vs entire phone
      • Color phones, high contrast, huge text
    • Users shouldn’t move phones without the assistance of Telecom
    • Simple reboot of phone generally resolves basic issues
  • Additional info can be found at

Pat O’Leary – Network Group

  • Network Outage Review
    • Network Architecture (Core, Distribution, Access)
    • Control Plane versus Data Plane
    • High CPU
    • Control Plane Policing
    • Loop Detection
    • DPDU Guard
    • Broadcast Packets
  • BC Pod was having issues
    • Control Plane vs Data Plane
    • High CPU
      • When CPU gets too high, drops in services occur
    • Control Plane Policing (CoPP)
      • Issue with Dell NIC cards when machines were going to sleep
      • Categorizes and limits traffic destined for the CPU of a router/switch
      • “Helps” prevent against DoS attacks
      • Is customizable by protocol or access list policy
      • Allows the router/switch to continue doing it’s job over heavy loads
    • Cisco EEM Scripts
      • Embedded Event Manager
      • Allows NOC to capture traffic being received by the CPU during taxing periods
      • Tells which processes are using the most CPU
      • Allows us to have more visibility as to what is happening in the network and take corrective action
    • Loop Detection
      • Layer 2 networks must be loop free
        • Problem for redundant networks
        • Spanning Tree is the protocol used to prevent loops putting some points in blocking mode
        • BPDU’s are sent every 2 seconds
    • BPDU Guard
      • Bridge Protocol Data Units are only sent from switches participating in spanning tree
      • User ports should never see BPDU’s. If they do, then they are either connected to a  spanning tree switch
      • When this happens, tap is dialed for 15 minutes
    • Storm Control
      • Samples frames over the course of one second
      • If broadcast rate exceeds 20% of bandwidth, the port is error-disabled for 15 minutes
      • NOC receives a trap indicating this and can take corrective action
    • Residential halls are now under firewall blocking inbound

Doug Wilkinson – Network Group

  • Extending the network?
    • Switches and hubs – What will break?
      • Dot1x
      • Performance
      • BPDU guard and MAC address limits
    • Wireless routers?
      • Potential for interference
        • Home router defaults can cause issues
        • Has Brown-Guest ever prompted for a password?
      • Open Wifi (no password)
      • Tried Brown-Guest?
        • What doesn’t work?
  • Automated vlan/subnet selection (aka dot1x)
    • Why do this?
      • Security for networks with elevated access
      • Seamless access regardless of wired, wireless, or VPN
      • Alignment with Network Security Zones
    • Testing
      • Using Cloudpath to configure clients
      • MAC authentication for devices unable to use “credentials” to login
      • Fingerprinting device types as alternative

BBQ during June DCC Meeting

Written by

May 10th, 2017 at 1:03 pm

Posted in Uncategorized

DCC Meeting Notes – March 2017

without comments

DCC Meeting Notes – March 2017







This meeting is all about Dell and the new Products that they are offering this year.

All new Dell products released this year are releasing with the new Kaby Lake Intel Processors. These new processors ONLY work with Windows 10. Brown as a whole is pushing the windows environment to Windows 10. M and U are the new processor labels. M is a low power, low heat processor and leads to fanless notebook models. The U based processors are higher performing processors better suited for high level computing and research


  • All new notebooks released by dell this year will need to be coupled with the new dell docking system. It is USB Type C Docking.
  • Touchscreen Devices are now available in Full-HD (1920×1080) previously touch on these models required an upgrade to a QUAD-HD screen. The new touch screens have new Wacom digitizers (which increase accuracy when using touch and pen)
  • 5000 Series – Offers more internal components, processing power. Usually heavier and bulkier. The 5000 series also offers discrete GPU’s for higher graphics computing and rendering.
  • 7000 Series – Thinnest and lightest computing machines. Ethernet port “flaps” open to preserve the “thinness” of the ultrabook.
  • Wireless docking and wireless charging are coming to the new dell 7285 coming june this year. This coupled with the wireless dock and wireless charging mat make for a completely wireless computing solution. 5000/7000 notebooks will all work with wireless docking. You have to order your system with wireless docking.
  • New dell tablet (5485) solutions are openable and repairable. Unlike the Microsoft surface pro/surface book. Some models also offer Micro SD cards for expandable storage. The stylus/pen is sold separately.
  • Precision workstations are meant for high end users. They include high end graphics cards and fast storage.



  • WD15 – This is what most people will be using. Comes with HDMI and VGA. USB 2.0/Networking
    • There is a mounting bracket available for this dock as well.
  • Thunderbolt Dock – Drives 4k Displays and Has USB C as well as all of the other supported ports. This is the best option for future proofing.



  • 3000/5000/7000 are all smaller form factors
  • All in Ones are now offering 4k Displays
  • nVME storage is incredibly fast and are starting to be offered through dell.
  • Precision Towers are recommended for the power users on campus. They have certified graphics cards for business (nVidia Quadro) these are best for business/adobe/CAD applications.
  • Dell Canvas 27 is Dell’s answer to the new Surface Desktop. 27” Touchscreen with Wacom digitizer.


For more information about products and services please reach out to Brown’s Dell Representative. 


Written by Colin D Johnson

March 13th, 2017 at 10:39 am

DCC Meeting – 2/6/2017

without comments


<span style=”font-weight: 400″>Endpoint Engineering</span>

Chris Grossi, Andy Kang
<li style=”font-weight: 400″><span style=”font-weight: 400″>now able to deploy new labs via system center</span></li>

  • dell has new hardware, will use a next gen image, equivalent to new boot key

<li style=”font-weight: 400″><span style=”font-weight: 400″>installs most  up-to-date OS as possible</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>Mac progress</span>

  • new iOS devices set up with device enrollment (DEP) program via caspar client
  • DEP should be ready in April?

<li style=”font-weight: 400″><span style=”font-weight: 400″>ability to set up out of the box Mac however  you like</span></li>

  • self service ap

<li style=”font-weight: 400″><span style=”font-weight: 400″>includes community software now available only for download from</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>scripts to install or reinstall</span></li>

  • IT Support Tools: brown core, software updates, team viewer, run montly maintenance, computer inventory

<li style=”font-weight: 400″><span style=”font-weight: 400″>“install brown core software”</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>with DEP: order from bookstore, assign to dept, install core software</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>each site administrator can have own rules</span></li>

  • corporation: all mobile devices must be encrypted

<li style=”font-weight: 400″><span style=”font-weight: 400″>in 2 months will demo DEP</span></li>

  • DEP serial# locked to jamf system

<li style=”font-weight: 400″><span style=”font-weight: 400″>if already encrypted relatively easy to put into caspar</span></li>

<span style=”font-weight: 400″>John Spadero</span>
<li style=”font-weight: 400″><span style=”font-weight: 400″>rolling out managed desktop on campus</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>projects</span>
<li style=”font-weight: 400″><span style=”font-weight: 400″>advancement database project 2012+: production this month, includes 2-week cutover</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>wireless infrastructure upgrade: about one more year to complete campus</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>grants management system: faculty conflict of interest live yesterday; part of much larger project</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>unified communication system: phones are network endpoint devices, pretty complicated; users may need help; online instruction available at </span><a href=””><span style=”font-weight: 400″></span></a>
<li style=”font-weight: 400″><span style=”font-weight: 400″>emergency use when network down? some analog lines will remain for incoming calls in some departments</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>UH had an isolated problem in one unit: some phones that failed took down computers as well</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>if there are not enough taps, the computer plugs into phone; that’s plan for all of South Street Landing</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>event management: increase number in room management system</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>undergrad admissions: customer relation system</span></li>

  • multifunction print/copy/scan/fax devices in individual offices are being phased out


  • the new model will be shared machines with release stations
  • might be good to discuss this with DCCs early in the process

<li style=”font-weight: 400″><span style=”font-weight: 400″>vendor not selected</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>part of the project for South Street Landing</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>digital experience project</span>

  • company in new york was hired to look at how to increase engagement of students with Brown, hoping to keep them engaged as alumni

<li style=”font-weight: 400″><a href=””><span style=”font-weight: 400″></span></a></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>concept is similar to what we used to call a portal</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>initially probably a mobile app for undergrads with direct connections into siloed systems</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>likely to include check balances, service availability, various academic elements</span></li>

  • really studying current data to see what students currently use, will do usability

<li style=”font-weight: 400″><span style=”font-weight: 400″>likely that the app will change slightly as they become alumni</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>minimum viable product expected in the fall</span><span style=”font-weight: 400″>

<li style=”font-weight: 400″><span style=”font-weight: 400″>Q&amp;A</span>
<li style=”font-weight: 400″><span style=”font-weight: 400″>wireless upgrades timeline, e.g. for basements – on the radar</span></li>
<li style=”font-weight: 400″><span style=”font-weight: 400″>charge for use of research storage? some discussion is going on about this, likely significant free storage, charge if beyond; possible new rate structure for grants to include data storage</span></li>

  • unix vs windows permissions? identities uses AD
  • remote app, e.g. for solidworks? – still working on increasing apps and ability to use them; ability to run student computing labs increasing difficult, especially with campus expansion, making this especially important
  • anything else? want to do something about video conferencing – currently confusing and doesn’t work very well – make sure all computers have right drivers and conference rooms have right equipment – e.g. zoom, bluejeans – skype? google hangouts? – standardize meeting rooms

<li style=”font-weight: 400″><span style=”font-weight: 400″>Ravi wants to walk into classroom, recognize him, bring up his slides, and send them to his students; pilot using 25 live does much of this</span></li>

Written by Bonnie Good Buzzell

February 14th, 2017 at 11:10 am

DCC Meeting Notes – January 11th, 2017

without comments

Chris Grossi – Announcements


  • Next generation of Dell hardware available shortly.
    • Next model up with new intel chips in the coming months.


  • Close to starting migration from “old” system center to “new” system center.


  • Andy Kang ready to give the go ahead with OS X Sierra. Users will start to see the option to update to Sierra. (He has officially made this announcement)


  • Ready for a soft launch of Remote App, ArcGIS to the entire University.


  • Looking to make a push to encrypt all mobile devices by enrolling in JAMF.


  • Dragon Naturally Speaking Licensing – Good amount of available licenses are still available and it will be added to shortly.

Brown Digital repository -BDR


Presented by : Joseph Rhoads – repository manager and Andrew Creamer – scientific data             management specialist


What is the BDR – The Brown Digital Repository –

  • Used to gather, index, store, preserve and make available digital assets produced via the scholarly, instructional and research activities and Brown.


What does it do

  • Searchable index of digital objects
  • Permanent storage
  • Off site backups
  • Tools for sharing and publishing
  • Data curation format migration


Data management and sharing services –


Visit this Link to access the DCC presentation page which has the audio from the meeting as well as the presented slideshow – ​


Written by Jason T Jacques

January 13th, 2017 at 2:30 pm

Posted in Uncategorized