Information Technology Advisory Committee TO: Information Technology Advisory Committee [Jim Brown (Chair), Kay Clouse, Ian Dees, John Dixon, Jean Donham, Matt Johnson, Scott Olinger, Dee Ann Rexroat, Todd White, Andy Wildenberg] FR: Jim Brown, Chair RE: Minutes of meeting of 18 January, 2005, 3:30 – 4:45 p.m. Members absent: Jean Donham I. Minutes of the meeting of November 30, 2004, were approved as distributed. II. Brief updates 1. Printer-copier service calls: IOS performed some maintenance in early December [at least in the library] which appears to have improved the situation. Service calls since then appear to be required about every 20,000 impressions, which was reported by John to be good. It was not reported what the service call frequency was before these “fixes” nor the extent of fixes around campus. It is not known by us whether the IOS changes were upgrades newly available to improve reliability or were maintenance issues. 2. Graham Leach Bliley Act: IT will be recommending changes in password implementation to begin in Fall, 2005. These will feature strong passwords [a description of which was distributed to ITAC members shortly after the meeting], a password replacement cycle of 90 days, and an education/ publicity campaign to encourage users to lock their computers if they are going to be away from their desks. Areas for continued investigation include how/ whether to implement computer locking in student labs. 3. Web based request forms for the Office of College Communications: OCC rolled out last month a web-based form for requesting publication of items in Today at Cornell [and some other OCC media]. So far, they are being used well and no complaints have surfaced. 4. Spam management tool: Mike Cerveny visited the committee and reported that IT’s preference is for a Microsoft Server 2003-based network spam filter. This solution can be implemented at low surface cost [although hidden costs are not yet clear] and involves spam filtering on an all-institution level, before materials reach individual accounts. The software assesses the probability each mail item is spam based on a number of characteristics, and the college chooses the probability level it wishes to use in blocking email. Mike suggested that we would choose a relatively lax standard initially so that we would not deny mail delivery without a better notion of how the program works and what is being blocked, and that we would likely become more stringent as our experience managing spam grows. The database of spam characteristics the software uses is automatically updated at frequent intervals. 5. Publishing a mechanism for reporting after-hours IT outages: The IT division is reticent to publishing anything because the college has not worked out a good strategy for handling responses to reported outages, and IT fears a flood of reports they are not in a position to respond to adequately. IT wanted to wait until Fall 2005 before announcing an approved reporting process. Other committee members felt is it inappropriate for there to be no generally-known process for reporting outages and to rely upon hit-or-miss, individual resourcefulness in order to get a problem reported to anyone in a position to do anything about it, and that waiting until next fall yields another 8 months of dissatisfaction and annoyance. John Dixon will speak to John Harp about use of PerMar security personnel for screening after-hour outage reports, and the chair will bring the matter up with the president for guidance; both will report back to ITAC for potential discussion and recommendation of a mechanism. 6. Large-format printing: The printer in Theatre serves curricular and production needs in that area, and the printer in geology is serving needs in the natural sciences. Each has served other college needs, particularly students desiring large format printing for presentations, but staff time, printer backlog, costs of supplies, and finite lifetimes of equipment necessary for serving the curriculum argue against service to the general community on a regular basis for these printers. An additional printer to serve these all-college needs, to be located in the multimedia studio in the library, has been requested and is on the upgrade capital list; it is not known whether sufficient funds for its purchase will be available in this round. 7. Server security: Mike Cerveny reported on closing a couple potential security holes on college servers, and there was substantial discussion of the matter in general. No additional moves are scheduled at this time. 8. Limit on the number of computers which can be attached to the campus network: The software which automates student access to the network can support only two Ethernet connections and two wireless connections. Students requiring a larger number of connections will need to be in touch with IT. III. Review of information technology upgrade proposals for capital funding. Copies of the capital request for information technology purchases were reviewed. The Board of Trustees will approve a capital budget at their meeting on February 4-5; depending on how much funding is approved, ITAC may need to meet to prepare a recommendation about priorities for spending. This discussion provided background for contemplation so that members can be prepared to discuss priorities promptly, if necessary. The remainder of the agenda will be taken up at the February meeting: 1. Policy on headers for student organization pages on the college web site. 2. Access to computers when general access labs and the library are closed. 3. Support for the online term table and the college catalogue.