Notes for IT Continuity Duane Elms 7/1/12 CHECS & NMTiE • • CHECS is a 30 year old consortium of the senior IT leaders of the New Mexico higher educational institutions. CHECS is unincorporated and enables collaboration and information sharing among IT departments. During my time as President of the group: – – – • CHECS expanded and offered membership to K-12 regions and systems. CHECS now represents all New Mexico Higher Education institutions and over 75% of New Mexico’s K-12 population. CHECS provided a technology roadmap to the legislature and the executive department. CHECS incorporated NMTiE as a 501c3 Corp. to handle the annual CHECS Technology in Education conference and other organizational and fiscal matters. • • • • • • I am a member of the board of both CHECS and NMTiE. I will be resigning as WNMU’s representative on the CHECS board and WNMU should select a representative to fill that position. I will maintain my seat on the NMTiE board. The current CHECS President is Joe Franklyn from NM Tech. The next CHECS President is Sean Cooper from NMSU. Unless someone else steps up, the WNMU representative is next in line. The CHECS web site is http://www.checs.net/ The CHECSnet web site is http://www.checs.net/net.html The NMTiE web site is http://www.nmtie.net/ • Why is CHECS important? – – – – – – – CHECS maintains contacts with New Mexico political entities and shares information CHECS founded and oversees the CHECSnet operation CHECS facilitates standard or semi-standard solutions among universities CHECS provides access to experiences of the state wide university IT community CHECS facilitates state-wide purchasing negotiations and contracts CHECS provides a focal point for addressing common issues statewide e.g. Libraries, Nursing rationalization CHECS is the pipeline between New Mexico Higher Education Information Technology organizations CHECS Players • • • • • • • • Max Baca – Highlands – best connected with state government, has ear to the ground, knows who’s doing what when, strategist for government/CHECS interaction Bob Tacker – Tech. (retired) – well connected in HED and gvmt. Founder of CHECS. Exec. Director of NMTiE. Consults. Daughters involved in network equipment business. Gil Gonzales – UNM – best funded, mover & shaker, source of network access & NM network infrastructure strategies, thinks big (statewide), provides purchasing support for Microsoft licenses. Joe Geri – CNM – probably the most traditional CIO in CHECS, doesn’t have UNM’s money, but serves more students, solid & practical Clark Elsworth – Eastern – most recent past president, seems most willing to take risks with new equipment and approaches – not always fully successful, hosts annual IT mini conference Joe Franklyn – Tech. – current CHECS president, took over Tech. IT after Tacker retired. Research drives much of Tech.’s directions. Sean Cooper – State – president elect. Formerly at LANL. CHECSnet reports to Sean. Personable, technology savvy. Others – – – Librarians – want to participate/interact but haven’t figured out their role yet Nursing – new player, still trying to get their vision to match the politics of their efforts K-12 – much less active since Blackboard/Ideal debacle CHECSnet • • • • • • • • • CHECSnet is a 20+ year old network center and service consolidator/aggrigator for Higher Ed (and other) network and Internet service users within New Mexico. CHECSnet is operated by NMSU and sits on the highly connected Rio Grand corridor. CHECSnet acts as an agent for and provides the vast majority of WNMU’s Wide Area Network transport and Internet access. As a result, WNMU does not spend significant time negotiating with communications vendors and interpreting tariffs. CHECSnet buys at the state negotiated minimum prices and passes the savings on to WNMU and their other customers. CHECSnet provides automatic access to Internet II, and Lambda Rail. CHECSnet is also the terminus for dark fiber running from El Paso to Raton. CHECSnet has access to the Albuquerque Gigapop and to other specialty networks used by UNM, NMSU and NMTech. CHECSnet has peering agreements with most for profit New Mexico ISPs and transport providers. This provides minimum degradation of WNMU ITV delivery to sites within our service region. WNMU most often interfaces with the following CHECSnet personnel: – – – • Norma Grejalva – Director, CHECSnet Matt Craig – Network Engineer Piyasat – Network Architect CHECSnet provides consulting and sanity checks on WNMU network architecture and connectivity initiatives. WNMU Wide Area Network • CHECSnet provides the majority of WNMUs WAN connectivity. As of 4/21/12, we get the following services from CHECSnet: – – – – – – • • • • • • • • OC3 connectivity at Silver City(150+Mbps capacity) of which 45 Mbps is in use Dual T1 connectivity at Gallup Dual T1 connectivity at Deming T1 connectivity at TorC 40 Mbps of Internet connectivity ATM transport for all of the above At TorC, a second vendor provides last mile services At Lordsburg we have a 2Mbps SDSL Internet connection through a different vendor. The WNMU WAN physically looks like a star network with the central node at the CHECSnet Network Operating Center (NOC). Logically, the WNMU WAN looks like a star network with the central node at Silver City. We have used packet shaping to provide priority to ITV data between Silver City and the extended campus sites. This effectively provides dedicated bandwidth to IP video in the WAN. Transport costs make WNMU’s current WAN expensive in today’s broadband market. Unfortunately, transport options are limited and the new Century Link MOE tariffs do not extend to bandwidths that would significantly help WNMU. MOE tariffs will help extended university sites, particularly Deming and Gallup, and activities are underway to upgrade bandwidth at those sites. Western Telephone may have fiber in Silver City by now. If they do then there remains only the connection to WNMU’s campus and a jumper in Tech.’s NOC to connect us to the CHECS network. This could provide a significant opportunity for both cost reduction and bandwidth increase. WAN Planning • • For WNMU to move much beyond the existing 40Mbps, the Silver City firewall, packet shaper, and possibly the border router must be upgraded to support higher bandwidth. This is true whether we expand our OC3 use or move to MOE. Metropolitan Optical Ethernet (MOE) tariffs are now available in Gallup, Deming, and Silver City. Unfortunately, the tariffs disclosed in Silver City do not approach the bandwidth we would like to immediately acquire. – – – • • Desired – 300Mbps min. MOE transport, 200Mbps Internet access (from UNM) Offered – 30Mbps max. MOE transport Unless Century Link discloses higher speed tariffs, WNMU will need to aggregate multiple 30Mbps circuits to approach our desires at Silver City. MOE is available at Deming and Gallup. We should move to 10Mbps MOE connections at those two locations. It may be possible to upgrade Deming using copper and prior to any fiber access upgrade at that location. CHECSnet have been tasked to implement relatively low speed MOE at WNMU’s Deming, Gallup, and Silver City campuses. At this point, the easiest and least expensive route to higher bandwidth at WNMU appears to be to bring pressure on Century Link to disclose higher speed tariffs. While there are other solutions, (microwave or potentially fiber), these solutions are both expensive and unless fiber already exists, time consuming. See previous notes on Western Tel. NOTE: WAN transport to date has been ATM (asynchronous transfer mode), a deterministic protocol, which has allowed us to control our WAN end to end, to the benefit of ITV. Ethernet is not deterministic and does not allow this tight control. As Ethernet traffic increases, the efficiency and quality of the Ethernet connections goes down. Therefore MOE connections should be specified with enough headroom to minimize any delay of IP video and audio packets and maintain our current quality of ITV service. Internet Access • • • • • • • • Currently, we buy Internet Access from CHECSnet at $46 per Mbps per month. With a goal of 200Mbps, this represents $9,200 per month, which we cannot afford. NMTech (Joe Franklyn) and NMSU (Sean Cooper) have purchased 1Gbps of Internet access from an El Paso provider at roughly $.95 per Mbps per month. Additionally, they have purchased transport to connect the El Paso provider to CHECSnet at $1,200 per month or $1.20 per Gbps per month. NMTech has offered to sell Internet Access bandwidth to WNMU at cost (roughly $2.20 per Mbps per month). Since this traffic passes through the CHECSnet NOC (verify), there should be little problem routing it to WNMU. Until we choose to move beyond 200 Mbps of Internet Access (or State and Tech increase their use), this seems to be the least expensive Internet access available. CHECSnet may balk at our using this alternative source for Internet Access since we would essentially be ‘cherry picking’ services and not holding up our end of the aggregation deal. Another source of Internet access that might be more palatable to CHECSnet, is available from UNM at roughly $7 per Mbps per month or $84 per Mbps per year dropping to around $5 per Mbps per month around mid year (2012). CHECS can provide transport from Albuquerque to WNMU using MOE tariffs. Access to research networks is available in this model. A solution similar to that used by State and Tech may also be considered. It would provide us with 1Gbps of Internet access at roughly $2,200 per month. We currently pay $1,840 per month for 40Mbps. The above approach provides access to the alternative networks (I2, Argone, Lambda Rail). Long Term Networking Planning • The following goals seem reasonable for WNMU for the next few years: – – – – – – – 1Gbps Internet access – Silver City campus 50Mbps connectivity at all extended university campuses Access to research networks handled by CHECSnet IPv6 implementation handled by CHECSnet System wide Gigabit to the desktop as infrastructure is refreshed System wide 10Gbps backbone as infrastructure is refreshed System wide meshed full duplex wireless capable of handling video to hundreds of mobile devices – Portal capable of supporting mobile applications and emergency notifications NOTE: Except for the fact that Century Link has yet to disclose the higher bandwidths, we could purchase today the top three items on this list, 1Gbps Internet Access in Silver City for $7,616 monthly for transport and $2,200 monthly for Internet. This totals $9,816 per month or $117,720 per year, and is roughly equivalent to what we pay today for 40Mbps over our OC3. But for Century Link, (and limitations in our firewall and border equipment), we could do this today. 50Mbps connectivity would cost $1,682 per month ($20,200 per year) for each extended university site. With two extended university sites, total WAN costs would be about $157,720 per year, slightly higher than FY11 WAN costs. Campus Networking • • • • • • • As money and resources became available, we upgraded the WNMU Silver City campus network. The current implementation is shown on the attached drawing. Today, the WNMU Silver City LAN exhibits the following characteristics: 2 additional fiber runs are needed to provide redundant fiber paths to all WNMU buildings (not residence halls) Most buildings are connected with Gigabit Ethernet Most buildings have a modern switch at the top or their switch stack The network architecture is optimized to support ITV transmission to the extended university sites The residence halls and most wireless connections are isolated from the rest of the campus LAN. Connectivity to the residence halls is moderated by a device that prevents a single user from monopolizing the available bandwidth. – Residence hall traffic is shaped by time of day. The current shaping is shown below. • • • • • – Traffic for individuals in the residence halls is shaped as shown below • • • • • • • • • Time Guaranteed minimum – maximum (cap) Midnight – 7am 20Mbps 30Mbps 7am – 6pm 10Mbps 18Mbps 6pm – 9pm 12Mbps 24Mbps 9pm – Midnight 20Mbps 30Mbps Time 7am – 6pm weekdays 6pm – 9pm weekdays 9pm – 7am weekdays, weekends Streaming Content 512kbps 512kbps 1024kbps Browsing/Other 512kbps 512kbps 768kbps There are still a large number of switches that do not provide QOS or POE and which will need to be replaced before VoIP can be implemented campus wide. We can prioritize or constrain inbound and outbound traffic based on a number of characteristics including traffic type and traffic source. For instance, peer to peer (P2P) traffic is limited to 64Kbps. We can monitor the LAN port by port if necessary. We do not maintain logs of LAN or WAN traffic. Most fiber routes have dark fiber available Instructional Television (ITV) • • • • • • • • • • • The recent USDA RUS grant allowed us to make significant improvements in our ITV capability. Most ITV equipment was replaced and about 10 classroom systems were deployed throughout WNMU’s service region. There are 10 ITV capable classrooms plus one mobile classroom system in Silver City, two in Deming, two in Gallup, and one each in TorC and Lordsburg We have standardized on Polycom for ITV equipment. All ITV rooms have compatible equipment. We have a video bridge capable of 100 simultaneous connections. More connections can be added with licensing. We have two video gateways, one that supports conventional ITV and one that supports desktop video conferencing. The campus LAN is configured to minimize ITV latency. WNMU’s WAN is configured with VPNs to minimize ITV interference. WNMU’s infrastructure does not support studio like ITV classrooms. AV1-3 do not have enough power available to upgrade lighting, etc. The extended university needs additional ITV classrooms in Deming, TorC, and Gallup. We do not provide facilitation for classes. We monitor ITV activity from 8AM to 9PM Monday through Friday. We do not have the manpower to provide ITV support on weekends. We provide access to a small audio studio and a small green screen video studio to allow the creation of learning objects and media. NOTE: Since completion of the installation of the USDA funded equipment we have not dropped an ITV call and the ITV network has not failed. There have been several incidents resulting in ITV connections being severed, all of which were traced to hang-ups by the users. There have been one or two incidents of connections not being made. In these cases, ITV was not informed that a connection was needed or scheduled. Lecture Capture • The USDA grant and the construction of the new nursing building allowed the addition of several automated lecture capture units. These units are in AV1-3, Harlan 221, and the School of Nursing. We have one portable unit. • At this point we are using MediaSite as our standard lecture capture unit. These function well but are very expensive. Less expensive solutions are being sought. • We have a streaming server and a repository for captured lectures. • Lectures in lecture capture capable classrooms are automatically captured unless the instructor requests not to be recorded. • Anecdotal evidence suggests that this technology provides a number of benefits. – Improved grades – The ability to time shift classes – Better access for athletes • The problem of students not attending lecture capture classes has not materialized. Student Printing • • • • • • • • • • • Student printing at WNMU has been mostly free since student printing became available at WNMU. Today we provide the equivalent of 500 pages of free printing to each WNMU student. This is the equivalent of preloading each student’s printing account with $25 . Printing accounts and the limit on free student printing was implemented to prevent abuse of the free printing made available to students. There is no connection between student printing and the student tech fee. We were providing free student printing well before there was a tech fee. If a student chooses to print more than 500 pages (or the equivalent in more expensive formats), then the student is required to purchase additional printing at our current rates. In some art courses this is facilitated by course fees. Student printing prices are less than or, at worst, equal to any other printing source in Silver City. Relatively few students find that they need to purchase additional printing. We do not carry over unused printing capability semester to semester. Student printing accounts are zeroed out at the end of each semester and reseeded with $25 for the next semester’s printing. Students can print from their accounts at many locations across campus. They can also send a print job to the GRC Labs from most campus locations. Printing resources in the GRC Labs includes conventional 8.5 X 11 B&W & color printing, high resolution color image printing at 8.5 X 11 on a variety or media, and high resolution color image printing on 24 inch wide paper of “unlimited” length and a variety of finishes. We are looking at providing this printing capability at extended university sites. This is a perk for the students compared to other NM universities and pretty much works as well as we would like it to. This is not something that needs fixing. Video Conferencing (see ITV) • WNMU is capable of establishing a video conference with any location in the world that supports standards based video conferencing. • Users need to request this service from the IT New Media group, and provide the necessary information for them to make the connection. • Typically, when the necessary information is provided, they will test the connection before the scheduled conference. • Video conferences can be held in any unused ITV classroom. • A mobile video conferencing system is available that can function in any room with a wired network connection. The wireless network does not currently support video conferencing. • If recording equipment is available at the time of the conference (not being used for lecture capture), most video conferences can be recorded. Desktop Video Conferencing • • • • • • • Desktop video conferencing is available on WNMU’s campuses. WNMU’s equipment can support several dozen simultaneous desktop to desktop video conferences. If this service becomes over-subscribed, IT will limit desktop video conferences until they can obtain the necessary additional licenses and channels in the video bridge. The video bridge is currently limited to 100 simultaneous video paths. Roughly 50% of these are consumed by ITV. People who want to use desktop video conferencing must have a video camera and some small software applications installed. IT can install those for you. A video gateway specifically for desktop video conferencing is available. Desktop video conferencing is currently being made available to interested parties. At this point, IT discourages the use of Skype as Skype is not well behaved in its use of bandwidth. However, if Skype becomes the overwhelming application of choice for desktop to desktop video conferencing IT will have to find ways to accommodate it, preferably using the equipment on hand. Watts Hall • There are two connections to Watts Hall – 50 Mbps point to point WiFi data connection – .5T1 used for ITV and phone • Watts Hall has the following capabilities: – – – – – One ITV capable classroom A small wireless constellation LAN connectivity A local router and network switches A local PBX • As wireless solutions improve, it may be possible to eliminate the .5T1 connection. Currently, delays in the wireless path prevent this. • This would also be an issue for VoIP implementation. • Watts Hall should become better integrated into WNMU’s technology plan. Virtual Machines • • • • • • • • • As part of the December data center move, WNMU IT implemented a number of virtual servers. This allowed significant reduction in the cost of the move and the total amount of equipment needed to provide WNMU networking and services. This also allowed IT to run more services on modern equipment rather than on old servers. The previous model was ‘a server per service.’ This approach minimized failure group size and mean time to repair (MTTR). By virtualizing many of the servers, IT increased the failure group size, but reduced the likelihood of failure by using new modern equipment. This step also paves the way for virtual clusters that reduce mean time to repair and potentially provide n+1 redundancy. IT will need to keep its finger on the status of virtual server technology in order to maximize availability and minimize cost. IT is also monitoring and testing virtual desktop technology in the belief that it may provide a cost saving opportunity for workstation equipment and applications availability and licensing. There are still many issues with virtual desktop technology, not the least of which are application licensing restrictions that may prevent WNMU from running multiple instances of the application centrally. Virtual Desktops • • • • • • • • • WNMU has been investigating the Citrix solution for deploying virtual desktops on WNMU’s campus and possibly beyond. (Jason Collet) Ideally, a virtual desktop would provide all WNMU students and personnel access to WNMU’s licensed suite of productivity software where ever they are on campus. Additionally, the equipment needed on the desktop in such an environment might be substantially less expensive, and/or require less frequent updating. It is unclear whether or not this technology can be effectively deployed at WNMU any time soon. There are many issues associated with this technology beyond the implementation of a large central applications processing system. One issue is the terms and conditions in software licensing language which may limit the manner in which licensed applications are deployed. This may require departments rethinking their software needs. It also may require limitations on the extent to which we can deploy virtual desktops. Another issue is student access to student data which may require each student to acquire and carry a small solid state drive. Opinion: I do not think that this technology will be ready for WNMU in time to forgo refreshment of the student lab and classroom computers. Lab Computers • • • • • • • • • • • • • • • WNMU has two formal and a number of informal student labs. There are small student labs in each residence hall. There are six IT managed computer classrooms. There are several small departmental labs and study areas around campus that are not managed by IT. These labs do not have Apple hardware and are not part of the IT refreshment program. The trend is to ask IT to manage these labs. There is a language lab/classroom in Light Hall that is not managed by IT and is not included in the IT refreshment program. Applied technology classrooms and Peter Bill’s classroom are not managed by IT and are not included in the IT refreshment program. Five years ago, the machines in all IT labs and computer classrooms were upgraded with Apple hardware, allowing any lab or classroom computer to run either a Windows or Macintosh environment (no separate lab for Mac or Windows). We had anticipated that lab and classroom machines would be upgraded on a four year cycle. We pushed that schedule out a year in FY11 to accommodate the IT move and some gaps in network infrastructure. Lab and classroom computers now need both more RAM and larger disks to support current versions of operating systems and applications. The IT managed classroom and lab workstation population is roughly 225 machines. Opinion: I do not believe that student owned technology will advance fast enough to allow WNMU to skip this refreshment. Use numbers show that today, lab use is increasing, not decreasing. It may be possible to move away from student labs in the 2015-2017 time frame, but from today’s view, this is far from certain. It appears that many of our students lag the country in technology adoption by several years so we are unlikely to have the flexibility available to other state and national institutions. The proposed creation of an Information Commons does not support the idea of eliminating student labs. Note that refreshment of student computing does not operate on WNMU’s fiscal schedule. Early in the process, we must bring in some target machines on which to create images and validate performance. Then all of the machines must be received and imaged twice (two environments). Finally, all machines must be moved to their final destination and tested on the network. This deployment needs to happen before students return for the fall semester and after summer session is closed. Therefore, refreshment decisions need to be made in early spring. Student Technology Fee • • • • • • • • The first student technology fee was assessed in FY03. Between FY03 and FY12, the student technology fee grew to $80 per semester, generating about $305,000 annually for the Silver City campus. Other student technology fee money goes to the extended university. IT has no oversight on the money going to the extended university. IT obtained approval for all student technology fee increases from the student senate. Up to the present, the students had reason to believe that roughly 67% of the money went to purchasing new equipment to support students and that 33% of the money went to support recurring costs. Student lab computers have been purchased out of student tech fee monies. These computers are the most visible benefit the tech fee provides to the students. Our plan was to upgrade the lab computers every four years so every student could see the money being spent directly for their benefit at least once during their college career. Otherwise, the majority of student tech fee money to date has been spent on network infrastructure. Even if WNMU aggressively rolls out mobile capability, I expect the computer labs and classrooms will need updating at least once more. That should happen this year. I see nothing in WNMU’s future that suggests that WNMU will not need to fund additional technology to support the students and WNMU’s mission. Money generated by the student technology fee should not be diverted for other purposes. On-line Payments • • • • • • • • • Several years ago, WNMU went through a review of our on-line payment processes with an eye towards becoming PCI (Payment Card Industry) compliant. It was determined (though not necessarily agreed to by all) that WNMU should outsource on-line payment and make the necessary changes that prevented any credit card information from entering or being stored on WNMU’s network. This approach allowed WNMU to qualify as a Class 4 merchant and therefore become PCI compliant by meeting PCI’s class B requirements, minimizing the amount of work and money WNMU would need to spend on compliance. If WNMU falls out of this Class, then WNMU will be required to deploy significantly more robust security and operations practices and will be subject to third party network testing. The PCI compliance document has been revised to version 2 and should be reviewed to determine whether or not version 2 changes impact WNMU. PCI documents can be found here. https://www.pcisecuritystandards.org/security_standards/documents.php WNMU currently claims PCI compliance through being a class 4 merchant and meeting the requirements in SAQ B (Self Assessment Questionnaire). SAQ B was developed to address requirements applicable to merchants who process cardholder data only via imprint machines or standalone dial-out terminals. If for some reason WNMU becomes unable to meet the conditions established for SAQ B use, WNMU may be required to meet the significantly more onerous requirements of SAQ C or SAQ D. Both SAQ C and SAQ D require quarterly network security scans. SAQ D requires the merchant to meet a long list of requirements. Although meeting all of these requirements would be a good thing, the cost in dollars and man-hours is prohibitive. Nevertheless, I recommend that WNMU begin the effort to meet SAQ D requirements since most of them are good best practices. It is also my recommendation that WNMU periodically review payment activities at all University locations in order to maintain Class 4 status and therefore be subject only to SAQ B requirements. Banner • • WNMU has been on the Banner system for over 10 years. We have deployed modules for: – – – – – • • • • • • • • • Student Finance Financial Aid Human Resources Workflow We have also deployed Sungard Luminus as our portal, Banner Web to support Web services, and Extender and related items to support document imaging. Opinion: WNMU does not get its money’s worth from its Banner installation and is not using Banner resources in the most efficient ways. Suspicion: The original Banner deployment was flawed. Opinion: Banner users are inadequately trained and are either unaware of Banner capabilities or are discouraged from using them. Opinion: Without significant change in how Banner is managed and used, improvements in efficiency will be very difficult to obtain. This is an area where the President could have a significant impact. Opinion: Given the number of WNMU Alumni, I see no benefit in deploying the Banner Alumni module over some much simpler donor management solution. Banner data is difficult to access and hard to use. A Data Warehouse solution could make WNMU data more easily available to all departments for ad hoc query and accreditation use without compromising data security. Most departments have chosen to not take advantage of Banner’s workflow capabilities. Without champions in the departments, development of workflows for departmental processes makes no sense. This is also an area in which the President could have a significant impact The maintenance contract for Sungard (Ellusions) software expires soon. If it is not renegotiated, WNMU will be subject to normal Sungard annual maintenance cost increases. Portal • • • • • • • • WNMU uses the Sungard Luminus portal. The Luminus portal is built on older technology, and is unimpressive and obsolete. WNMU has plans to move to the EAI myCampus portal in conjunction with moving student email to a cloud based service (Microsoft or Google). The myCampus portal is intended to be hosted by the vendor off the WNMU campus (cloud based). The myCampus portal was selected to speed WNMU’s support of mobile devices and applications. The cost of the hosted myCampus portal is currently $29,000 per year. Eliminating the Luminus portal should save a minimum of $14,000 per year Sungard maintenance costs, eliminate the portal server equipment, and reduce the amount of time Steve Liebhart spends maintaining Mustang Express. Improved student email access, portal quality, ease of integration, support for mobile devices, and marketing impressions easily justify the difference. Availability of consortium developed interfaces and applications enable a much wider range of opportunities than that provided by Luminus. Content Management (Sharepoint) • WNMU has a Sharepoint implementation that does not provide significant benefit to WNMU as a whole. • WNMU also has a 10T (expandable) repository for storage of University and departmental documents. Other specialized repositories are available at WNMU as well. • Sharepoint capabilities linked with the WNMU repository should be able to provide management for WNMU document content. • To make use of this capability will require either consulting, hiring a Sharepoint expert, or training our own Sharepoint expert. • Sharepoint licensing costs are part of our annual Microsoft license agreement. • This is not the same as a data warehouse which should be addressed under Banner futures. • This is not the same as Website content management although there may be a Sharepoint based solution for that. Student e-mail • WNMU’s student e-mail use, ease of use, and access has been less than satisfactory. • The WNMU portal and e-mail client is clunky and inefficient. • The WNMU portal has limited support for mobile devices. • IT had plans to address this in FY12 by – Moving to the myCampus portal – Outsourcing student e-mail to Google or Microsoft – Integrating the new portal and e-mail • While this has been delayed, it is still a desirable project • IT is indifferent as to which e-mail provider is used. We expect selection to be made based on which provider’s toolset is most compatible with the WNMU environment. • New Mexico State University is an existence proof/demonstration of this approach. They use myCampus and Microsoft email. • We have contacts at NMSU who are willing to advise on this project. Football Comcast DSL • • • • • • • • • • • While IT was struggling with the Exchange installation and preparing for the data center move, the head football coach complained about the performance of an application called HUDL. The complaint was that there did not appear to be enough bandwidth to support the application and the video HUDL provided was imperfect. We prioritized HUDL traffic and provided 4 Mbps of dedicated bandwidth. This was reported to be inadequate and the coach decided to install a Comcast DSL connection. IT has not actually seen the video problem and has been unable to determine actual bandwidth needs and use. The HUDL application does not appear to ‘play nice’ with network resources. Additionally, the company providing HUDL service does not seem to know how their service works and does not seem to be able to provide information about efficiently connecting to their service. The DSL connection appears to satisfy the football coach with respect to HUDL performance. IT is not supporting the DSL connection and has declined to incorporate this connection into the Campus Network for security reasons. HUDL traffic does not seem to have diminished as a consumer of inbound bandwidth on WNMU network. The current situation seems to satisfy the coach’s need for access to the HUDL application and does not compromise WNMU’s network so no changes seem to be necessary. At some future time when the IT department can spare the manpower, it would be appropriate to investigate HUDL further with an eye toward understanding HUDL and what it would require to source HUDL from WNMU’s network. Wireless • • • • • • • • WNMU’s wireless deployment was initially motivated by visitors to campus seeking connectivity. Resources did not support implementation of a secure modern wireless resource. In order to provide some wireless capability, it was decided to place wireless access points (WAPs) in the DMZ where wireless users could not harm the WNMU campus network. Over time, the WNMU wireless WAP constellation expanded to over 50 WAPs serving most of the Silver City campus. IT is now using virtual private networks (VPNs) to provide wireless capability at Watts Hall and extended university sites. EPSCoR data indicates that WNMU’s wireless infrastructure is not meeting the needs of students and faculty. A wireless upgrade project has been proposed to bring WNMU’s wireless network infrastructure up to modern standards. This project contains the following elements. – – – – – – – – – • Wireless network management implementation Creation of a meshed wireless network Wireless access management implementation Guest access management Adding coverage for external areas on the Silver City campus Doubling the WAP density on the Silver City campus Providing wireless coverage for all extended university sites Bringing the wireless network inside the DMZ Implementing wireless security solutions This is a project that is overdue and should be addressed as soon as possible. Bring Your Own Device/Tech • An increasing percentage of students are bringing their own technology to campus in the form of: – – – – • • • • • • Smart phones Tablets Laptop computers Other wireless enabled devices While a number of WNMU students are victims of the digital divide, IT still sees a significant growth in the number of these devices accessing the network. Faculty and staff are also embracing these technologies in increasing numbers.. Although we can expect penetration of these devices at WNMU to lag less isolated universities, the grace period that might result from such a lag has is quickly passing. It is now necessary for WNMU to address this issue, not only to provide students with access, but to also enable new teaching and learning opportunities provided by this technology. Improving wireless access only addresses part of the BYOD issues. Note that some personal devices communicate with cloud systems to support applications. Apple’s Siri is a specific example. There is no official statement from Apple as to what Apple does with information sent to their systems as part of the Siri experience. This is a potential data security loophole and suitable safeguards (policies) should be put into place to minimize risk to WNMU. CRM for Student Affairs • • • • • • • • • • For a number of reasons, Student Affairs has not been completely successful in using the Customer Relationship Management (CRM) elements of the Banner Student module in recruiting and admissions. One of the reasons may be that Banner is both arcane and deficient in CRM capabilities. CRM is in use by many universities to support the recruiting and admissions process while pursuing growth. Student Affairs has demonstrated the ability to embrace and use new technologies (document imaging). There are several high quality CRM applications available from the ‘cloud’. Some of these cloud based services are capable of interfacing with Banner. It is reasonable to suggest that Student Affairs, in collaboration with IT, review the cloud based CRM offerings with an eye to improving recruitment and admissions. Since these are cloud based applications, start up costs should be low and the implementation schedule should be reasonably short. Implementation does incur recurring costs. Modern CRM applications provide both flexibility and simplicity well beyond what Banner can provide. A good CRM helps provide the ‘personal touch’ consistent with several WNMU marketing themes. A cloud based CRM would be accessible from anywhere in the field, providing direct support to traveling recruiters. Mobile Applications • • • • • • • We expect mobile applications to become a very important on-campus service, to the point where mobile services will become a competitive necessity. While WNMU students lag somewhat in access to wireless technology, there are still a significant number of them with iPhone equivalents. Providing significant access to relevant mobile applications will be extremely difficult with WNMU’s current wireless infrastructure and portal. Migration to the myCampus portal is intended to simplify WNMU’s ability to deliver mobile applications. The myCampus association provides wireless applications; Sungard (Ellusions) expects users to develop their own. The upcoming Forefront installation is also intended to simplify the ability to deliver mobile applications. The proposed wireless upgrade (expanded WAP constellation, WAP and wireless access management deployment) is directly related to WNMU’s ability to provide mobile applications. Some general applications WNMU can be expected to provide to mobile users: – – – – – – – • • Messaging & Instant Messaging Calendar & Schedule Access to student grading and class information Polling Emergency notification Library access Banner access: Registration, Grades , Student Records, Course Information, Class Schedules, Student Account Information, Financial Aid Additional applications will be available which WNMU can customize for their purposes including a WNMU application “store.” WNMU may find it necessary to develop their own mobile application depending on course offerings, vision or direction. Classroom Technology • • • • • • • • • Initially, classroom technology was funded out of the ITV budget which could outfit a few classrooms each year. The ITV budget was inadequate to provide technology for all WNMU classrooms. It could not deploy to all classrooms and maintain a workable upgrade/replacement schedule. The ITV budget has eroded over the past several years as State funding declined. ITV was moved to the IT department and IT has been subsidizing ITV for the past several years. IT has partnered with Departments and the VPAA to fund classroom technology in several areas. Planning for FY13 included extending classroom technology to most of the remaining classrooms, but the IT relocation and other projects used money expected to be available for classroom tech. It is time for a review of classroom technology to determine just what technologies WNMU wishes to make broadly available in the classrooms. Currently we can outfit a classroom with a LCD projector, screen, computer and lectern for about $5000. Other candidates for classroom technology include: – – – – – – – • • • • Document camera Audio amplification Smart board or projector with smart board capabilities ITV broadcast/reception capabilities Lecture capture High density wireless access Etc. WNMU should define a classroom technology package that bundles the minimum acceptable technology components for a classroom and provides the ability to add standardized options. Standardized technology should be selected to minimize acquisition costs and maintenance inventory (projector bulbs). Once agreement is reached on a standard classroom technology package, all classrooms should be evaluated to determine how many and which classrooms should be updated. It would be appropriate to establish a rolling refreshment schedule for classrooms to minimize budgeting and cash flow issues Help Desk • • Employee retention in IT is very good with one exception, the Help Desk. The single primary reason for this is salaries. – – – • • • • • • • • Help Desk tech. -- $21,000 Silver Schools entry level tech. -- $35,000 Freeport McMoran entry level tech -- $35,000 The Help Desk Manager has copies of offer letters and salary schedules that verify the above numbers. On the average, Help Desk techs. stay with WNMU 2 years or so. Our only exception is David Leyba who has personal reasons for staying with WNMU. This issue manifests itself in the quality of extended university technologists as well. We’re basically operating a technologist training center for the Silver City area. It is not reasonable to expect someone being paid $21,000 to turn down a 66% increase in salary. Unless significant changes are made in this area, one should not expect future Help Desk retention to improve. This is a problem for IT since a large majority of IT’s interaction with faculty, staff and students occurs through the Help Desk where there are either personnel shortages or the personnel are not yet completely trained. Funding • • • • • • • • • • • • • In the past, funding for IT has been inadequate. With the exception of recurring expense costs (licensing, maintenance, connectivity and such), the IT budget has not changed for at least the last 9 years. Currently the IT budget is distributed roughly as 70% people, 30% stuff. Revenues from the student technology fee have been used primarily to augment the limited budget for equipment. Three years ago, a $25 increase in the student technology fee was implemented to support recurring costs. Today, student technology fee money is expected to be split roughly 67% equipment, 33% recurring. Student technology fee money has been used to pay for temporary workers needed to manage work studies in the computer labs. There is not a budget line for IT infrastructure replacement. Such a line, should it ever come to exist should be funded at over $500K per year. IT, in cooperation with other internal and external support, has been successful in obtaining grant money from USDA and from NSF EPSCoR. It is reasonable to assume that there may be additional money available from both those sources. Excluding student technology fee and grant money, WNMU budgets roughly $450 per student per year for information technology. This is roughly half the average amount budgeted by masters granting institutions surveyed by Educause. This amount has not varied more than about 20 percent over the last 10 years. With relatively minor exceptions, almost all discretionary money received by WNMU’s IT department has gone to replace or upgrade IT infrastructure. Without a considerable change in the resources available to IT, the focus on replacement and upgrade of existing IT infrastructure cannot change. While the promise to improve salaries is welcome, it is unlikely that the resources currently committed will significantly impact the turn-over in help desk technicians who often leave for 60-70% increases. Personnel • • Current – Alice Casares – Administrator – April Hanson – ITV Manager • • • • Lee Allensworth – Administrator Jon Docksteader – Labs Tech – Jason Collet – Systems Manager – Curt Smith – Network Manager – Steve Liebhart – Portal Manager, Webmaster – Dean Foster – LMS Manager – Greg Rolfe -- DBA – Sean Rees – Help Desk Manager • • • • – – – – – John Young – ITV Tech Zack Bassett – ITV Tech – April Matthews – Academic Computing Manager David Leyba – Help Desk Tech Rodger Huffman – Help Desk Tech Thomas Flores – Help Desk Tech Open – Help Desk Tech Proposed • Training Developer/Trainer DBA, Systems Manager Messaging Manager Assistant Network Manager Classroom Tech. Depending on growth, any of the following may be needed in addition to the above. – – – – – – DBA, Systems Manager Network Tech. Help Desk Tech. Assistant Systems Manager Labs Tech. Business Applications Manager Training – IT Staff • • • • • • • • When implementing new technologies, training is necessary for the IT staff charged with the implementation. This should preferably happen before the implementation starts. Without more depth in various positions, cross training is vital for the IT staff. Unfortunately, neither time or budget has been available to provide any significant cross training. Through the IT travel budget, I have tried to provide some opportunities for concentrated training for 2-3 SMEs each year. Through the same mechanism, I have tried to provide access to the CHECS/NM-TIE conference for 6-8 persons each year. Without additional training, the installation and management of modern technologies, such as Forefront, and wireless network management, will be problematic. At current salary levels, training is even more critical, since it will be difficult to attract quality trained professionals to Silver City. The success of on-line training has been spotty at best. Campus support needs tend to take precedence over training efforts. Training – End Users • • • • • • Our end user training capability was eliminated during a budget crunch 6 or 7 years ago. We did provide a portfolio of outsourced on-line training courses for two years with relatively little results. There is some training information available on the WNMU Web pages. Courses and presentations on end user topics have been poorly attended. We believe these results stem from a few fundamental problems. – The majority of staff are already overextended – There is limited value to improving one’s skills (performance is not rewarded) – Supervisors are unwilling to allow time for training – Schedule conflicts, particularly for faculty – Poor promotion of available training Some of the following approaches may help: – Use the CANVAS LMS, the course development support folks, and an IT trainer to create quality self paced on-line training modules – Mandate some minimum amount of training annually – Decouple training from specific schedules or times – Track who uses these trainings. – Create easily accessible tutorials and/or FAQs and place on our Website – Find some way to reward those who improve their skills and performance – Make departmental training an assessment criterion – Maintain awareness of available training through continuous promotion using e-mails, flyers, department supervisors, training awards & certificates, executive expectation, newsletters, reminders, posters, faculty & staff senates, drawings/raffles (each course completed gets you additional tickets), etc. Learning Management System • We have transitioned from Blackboard to Canvas as our learning management system. • Canvas was selected for both cost and functionality. • Canvas has been operating at WNMU since November 2011. • The majority of course material was migrated to Canvas early this year. • End user training is available for Canvas for both students and faculty. • New Mexico State and NMMI use Canvas. • Canvas is hosted by Instructure. • Instructure also provides a 24x7 Canvas help line. Nursing • • • • • • • The Nursing departments across the State are looking to “normalize” the nursing curriculum across New Mexico, with the objective of increasing the State’s output of BSNs over ADNs. In the first meeting between IT department leaders and the Nursing committee, it appeared that the Nursing vision was the equivalent of a “Central New Mexico Nursing College,” with centralized marketing, student application and advisement, financial aid, and all aspects of student and department management being handled through a central Web site. It is additionally the Nursing vision that this central site would be created and run by HED. It is the consensus among the IT leaders that the Nursing committee has a long way to go before it requires significant support from local IT departments. For example, the universities have yet to agree on a common application form. Until such agreement is reached, there is little or nothing local IT departments can do. The IT leaders suggested that to allow HED to make progress, HED, working with the Nursing committee, should begin development of a Nursing marketing/sales site and of a repository for Nursing teaching techniques, tools, and learning objects. This initiative has just begun. While IT should monitor and participate in these activities and provide input at appropriate times, it will be some time before IT will have to modify local processes to accommodate Nursing’s vision. It will be necessary to identify a representative from WNMU for the Nursing IT Committee. WNMU Website • • • • • • • • • • The WNMU Website has been maintained by IT for over 10 years. We have tried to maintain a WNMU brand but have not been entirely successful (athletics has their own Website). Although we can create and maintain Websites, IT does not have graphics development or significant Web design experience. Steve is much more valuable as portal manager and service developer than as Webmaster. Institutional Advancement is the logical location for WNMU Website responsibility. They are the owners of the WNMU brand. Since a substantial portion of WNMU Website traffic is from the WNMU campus, it is not clear that outsourcing hosting of the WNMU Website is a win. Despite considerable time and effort expended, many people on campus do not believe that the WNMU Website is attractive or effective. An effort to contract a Website redesign was stopped for financial reasons. A copy of the Website RFP is available. Website content management in the form of multiple Adobe Contribute licenses was made available but not broadly adopted. Recommendations – – – – – – – Institutional Advancement be made responsible for the WNMU Website, its style, design, and navigation Institutional Advancement to contract the redesign of the WNMU Website incorporating all branding decisions A Webmaster (not Steve Liebhart) to reside in Institutional Advancement Advanced Website content management be put in place Each department be made responsible for the content and timely updating of their Web pages WNMU to host the WNMU Website onsite in Silver City (high percentage of access from on WNMU campus) IT to deploy and maintain the WNMU Web server, but not update data or content other than its own Things that Need to be Done • • • • • • • • • • • • • • • • • • • • • Appoint a CHECS representative. Appoint a representative to the Nursing IT committee. Appoint an Educause representative (the Educause representative will be responsible for filling out the Educause annual research survey). Appoint an EPSCoR representative to support the last few months of the EPSCoR project. Appoint a representative to Oracle to provide them with headcount information for licensing. Complete documentation of WNMU network architecture and upgrades. Maintain bandwidth expansion as a high priority. Prepare for and renegotiate the maintenance contract for Sungard software (upcoming). Create a new strategic plan for IT that matches President Shepard’s vision. Create a prioritized list of activities that implement the new IT strategic plan. Address wireless/mobile issues. Follow through on connectivity updates to Gallup and Deming. Deal with the items on the issues list and the projects list that haven’t been taken care of. Increase IT headcount and re organize to support the President’s vision. Deal with WNMU Web site issues, including content management. Update Disaster Recovery and Business Continuity planning, implementation and testing. Follow through on portal and student email services plans. Embrace workflow and mandate automation of most paper processes. Embrace document imaging and expand use across most departments. Address funding issues. Review & rewrite policies, particularly acceptable use policy, and use of personal devices policy. Cautions • A capable network and access to the cloud means that a variety of services are available on-line. Departments may choose to obtain services on their own from on-line providers with all the advantages and risks such actions bring. Risks can be mitigated somewhat by involving IT professionals in the selection and deployment of such services. – – – – – – – – • Some Advantages – – – – • Extended University – LMS, Data Storage Student Affairs – CRM School of ED – DB, Data Warehouse, Reporting Athletics – HUDL School of Nursing – Simulations Library – Library Management Institutional Advancement – Website, Content Management Business Affairs – Payment Speed of implementation Cost of implementation Reduced up front costs 24x7 support Some Risks – – – – – – Lack of integration Incompatibilities Data security Recurring costs Network dependence Performance Duane’s Rules & Observations • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Don’t be leading or bleeding edge; be fast followers. Don’t get caught up in debugging someone else’s product. Everyday, everything gets a day older. Someday, it will be a day too old. Technology doesn’t stop changing just because it’s inconvenient for you. The Intel & Microsoft business models require constant advancement. The easiest way to save money on something is to not do it. If you can’t afford redundancy, maybe you can afford faster refreshment. If you find yourself uncomfortably behind, it may be appropriate to skip a generation. Or two. It’s best to have one or two strong vendors with another strong vendor on the bench. When you’re short staffed, (and even when you’re not), standardize everything. Every salesman wants to make their quarter. Schedule purchases when the salesmen are most desperate. Salesmen lie. Trust but verify. You can’t become exceptional doing average things. You can’t become exceptional chasing benchmarks. A castle built on sand will not stand. (If the infrastructure isn’t there, the application won’t be successful.) Buy quality, it’s cheaper in the long run. IT doesn’t fund programs. VPs and/or Deans fund programs. No plan survives contact with the faculty. Approach any solution presented to you by end users like you would a car bomb. Be wary of anyone who comes to you with a solution instead of a problem. No end user has the best interest of IT (or the institution) at heart. Software works the way it was designed and written, not the way you think it should or want it to. It’s not likely to change just for you. Small compromises by end users can lead to big savings. Small compromises by IT can lead to disaster. Customization is for organizations that have more money than sense. To have star employees, find out what they do best and have them do that. Quality, schedule, cost – pick any two (I recommend quality and cost). When something is late, helping usually makes it later. You can’t make a baby in one month by impregnating 9 women. Nothing’s impossible for the person that doesn’t have to do it themselves. You can’t know where you’re going if you don’t know where you’re at. If you don’t know where you’re going, any road will take you there. When you’re not fully deployed, there is no such thing as a spare. Withholding information is like sowing land mines in the planning process. If someone else can do it better and/or cheaper, let them.