Computing Service Progress Report (October 2010)

User Services

Desktop Services

1. The summer programme of installation work for new and upgraded Desktop Services applications for the coming academic year has been essentially completed, in accordance with the list of planned changes published in May, following the requests received for 2010-2011. Some 50 such application changes have been made for PWF Windows, 23 for PWF Linux and 36 for PWF Macintoshes. Software required for teaching accounted for nearly two-thirds of the requests. The Computing Service is contributing to the MATLAB site licence; MATLAB and 16 of its toolboxes are now available at College clusters. Camtasia is available on the PCs, supporting a UCS course. It can also be used to facilitate screen casting of lectures, which can be uploaded to the Streaming Media Service and viewed via iTunesU.

2. An updated Windows image has been deployed and the PCs in Titan Teaching Room 2 have been replaced with new Dells, from HEFCE CIF funds.

3. It is planned to support most of the future Desktop Services server infrastructure using a VMware server farm. The servers for this were procured in June/July from HEFCE CIF funds and extra capacity for the supporting SAN was also procured. These servers are being set up under vSphere 4.1, the latest version of VMware with release to production scheduled for the end of October 2010.

4. The demonstrator system for improved Windows application delivery (internally named DS-Apps or "Applications Anywhere", and intended to support individually owned Windows laptops and PCs, including those of students) has been transferred to new hardware. The latter was procured in June/July from HEFCE CIF funds. Infrastructure support for the application delivery Terminal Servers is being transferred to the new Desktop Services VMware server farm. MATLAB and Mathematica are being installed, using application virtualisation, on the demonstrator system, alongside the current Microsoft applications, for evaluation of the technical issues involved in offering these through the Remote Desktop/Terminal Services environment. The remote applications system is being tried out by a number of staff in other institutions (specifically CITMG members).

5. Planning and preparation is taking place for migration, expected to take place in December, of the Desktop Services/MCS printing system to the VMware server farm and to use Windows-based print serving and PaperCut for page accounting instead of Novell's NDPS and Pcounter. Some significant enhancements to PaperCut were arranged in order to provide additional features to support the accounting flexibility needed by Institutions. These features have been tested and the enhancements accepted. After migration, the printing system will be positioned to support multi-function devices, including photocopying, assuming licensing and other costs for the later prove acceptable.

6. A new PWF Macintosh image has been deployed; the Macs now run OS X 10.6. FinalCut Express, for video editing, has been installed on the Macs. The 28 end of life Macs in the Balfour Room have been replaced with 15 new iMacs to support teaching.

7. A number of Institutions have expressed interest in the Managed Print Accounting Service, for Departments and Colleges outside the Managed Cluster Service, announced in the spring. The service enables users in participating institutions to use networked printers from their own machines using the same mechanism that is currently used for PWF printers. Three institutions are using the initial service; it is anticipated several more will do so once the migration to PaperCut has taken place.

8. 39 institutions, 16 departments and 23 colleges, are subscribing to the Managed Cluster Service (MCS) for 2010-2011. Hughes Hall has joined the MCS this summer and the Clinical School has left, electing to manage its PCs itself. The total number of managed stations at the start of October is about 1730 (a reduction of about 7% on October 2009). About 1475 stations (626 in Colleges, 715 in Departments and 133 at the UCS) are end-user PWF Windows stations and 135 (67 in Colleges, 44 in Departments and 22 at the UCS) are Macs. Of these, some 85 are Kiosk mode stations. About 860 PCs dual boot Windows and PWF Linux. PWF Linux is provided at 11 Departments and 18 Colleges, as well as the Computing Service.

9. Occupancy of the Desktop Services file-store for home directories at the end of September was 2.8TB, consisting of some 32 million files. This is an increase of about 350GB since last year. In addition, occupancy of the "shared" filespaces on the UX volume is now about 280GB, in some 1.5 million files.

10. During the reporting period, the MCS PC power saving service is estimated to have saved 74155 kWh of power (based on an average PC power consumption of 50W/Hr) which at a typical 10p per unit gives a monetary saving to the University of £7415.

Outages

Service Desk

11. A twelve month project has been initiated to merge the various front-line contact points for the UCS into a focused and rebranded "Service Desk" located in the Cockcroft building. In September, the reception point for the collection and return of customer's equipment for Hardware Support work was moved from the less accessible Arup Tower to the more user-friendly Cockcroft floor 2. Members of the Help Desk and the Reception teams (incorporating frontline User Admin & Sales) have started cross-training and, when possible, the Help Desk is now remaining open over the lunchtime period. Further progress is planned for the 2010-11 academic year including the physical re-organisation of Cockcroft 2 such that we are able to offer an improved service to walk in users.

Videoconferencing

12. The videoconferencing studio has undergone extensive refurbishment and now offers HD videoconferencing over IP (H.323) utilising a High Definition Tandberg C40 codec, cameras and plasma screen, plus digital visualizer and new computing facilities for web-conferencing.

13. In addition to a portable Tandberg MXP 990 videoconferencing codec, the service now offers a Polycom Roundtable camera for hire for use with web-conferencing solutions. The Service also offers an audio mixer and a variety of headsets and microphones primarily intended for the creation of production quality screencasts.

14. The project to investigate possible web-conferencing solutions for the whole University is now at midway point with an interim report available detailing the products evaluated so far.

15. Availability of the videoconferencing studio can now be viewed online via a Google calendar at http://www-tus.csx.cam.ac.uk/videoconf/vcbook.html.

Assistive Technology

16. The Assistive Technology service has updated the existing hardware with a variety of new ergonomic input devices including ambidextrous mice. The latest version of voice recognition software Dragon NaturallySpeaking is also now available.

17. The purchase of specialist conversion software has enabled staff to offer a central service to easily convert printed text into alternative formats including Braille, audio and large print.

Technical User Support

18. During the reporting period the Mac Support, Windows Support and Hardware Support teams have merged into a new logical unit called the Technical User Support group. The intention is that the new group will evolve to be better able to deal with cross platform queries in the most efficient manner.

19. In September a new "DS-Repair" service was launched. This is a hardware support service aimed at departments and colleges who wish to cover out of warranty desktop computers for hardware failure that are up to six years old.

20. Following an assessment of demand and costs we have ceased to offer hardware repairs for printers in order that we can focus on our primary areas of desktop and laptop support.

21. The group produced the annual Security Disk for distribution to Colleges/Departments and continues to run WSUS and KMS servers for use across the university.

Training Services

22. A number of new courses were added to the programme, a series of Top Ten Tips in the Microsoft Office applications, Screen Recording: Create Video Tutorials using Camtasia, Visio 2007: Organisational, Gantt and Flowcharts, Project 2007: Scheduling a New Project and Publisher 2007: Creating Professional Publications.

23. A new self-paced Language and Linguistics course is being launched this term. The course, entitled Zotero: Introduction to a Reference Management Program, will be offered in addition to our other work in this area.

24. The programme of courses aimed at developing the skills of University IT supporters was extended to include the successful Cisco Certified Network Associate (CCNA) programme. To this date there has been an impressive 100% pass rate for those who have taken exams. A new McAfee ePolicy Orchestrator course was delivered to extend IT Supporters' skills in dealing with Virus security.

25. As a result of a number of seminars given to University Training Providers by the UCS Training Services and a subsequent evaluation of the UCS web-based Training Booking System, the UCS and Management Information Services (MISD) collaborated on a joint initiative to enhance the in house developed UCS Training Booking System to support the Integrated Services Programme in the Unified Administrative Service (UAS). The system was launched 1st September with five University Training Providers. The key benefit is a single site for all users to find and book training courses delivered by participating providers across the University. The University Training Booking System (UTBS) provides real-time information on training availability. Users can browse training courses, book online, receive immediate confirmation of their booking and view their own training records. For training planning purposes the system offers a central point for reporting on training provision and evaluation. The UTBS will expand to incorporate other University training providers, offering even greater value to users and institutions.

Online Services

Web Services

26. The Service has launched the "Falcon" content management system. This service was initially funded by the Pro-Vice-Chancellor for Research to support inter-disciplinary research initiatives. These initiatives are hosted for free as a result and the service is available on a charged basis for other groups in the University. It currently supports five live web sites with seven more in development.

27. The University Training Booking System was launched at the start of this academic year. This was developed within the UCS to provide a common, integrated booking system for training across the whole University. It is currently used by five training providers with another two planning to use it and two more investigating it for suitability. This provides a user-friendly web application, common to all participating courses, for training administrators, training providers and trainees.

28. The Service is implementing Google Calendars (as the first of probably several Google Apps over time). A Raven-based authenticator for the Google suite has been implemented so that web access for Cambridge users will be by Raven, coupled with a system to provide tokens (similar to Lapwing/Eduroam tokens) for non-web applications to connect. A series of calendars have been pre-populated with University dates ready for use. The UCS and the Legal Services Office have been in protracted negotiations with Google over the contract. While the service is free (for at least four years) the University needed several concessions from Google regarding the use of personal data for the University to comply with the Data protection Act. Agreement has been reached, Cambridge has signed the contract and we are now waiting for the contract to be returned with Google's signature as well. The Service anticipates launch in the first half of October, a few weeks later than hoped for but it was in the hands of the lawyers.

29. Two venerable services were discontinued. The web cache, made redundant by the NAT system and the changes to JANET charges, was turned off after a very careful decommissioning process lasting several months as systems that were configured to rely on it were identified and their users assisted. The Usenet news service was discontinued after JANET ended their Usenet feeds. It has been replaced by a bulletin board system for discussions within Cambridge.

Streaming Media Service

30. The Streaming Media Service has now had the major facelift whose development described in the last progress report. It has also taken on support for additional formats and resolutions, and it has been made easier to add still further ones. The Service has also improved the keyword searching system.

Email

31. The email team have completed the replacement of all the email systems' hardware, paid for by CIF. The hardware now in place all comes with a five year warranty to avoid additional costs over the financial lean period expected. They have upgraded the webmail system to provide additional protection against cross-site scripting attacks and better support for complex multipart messages. They have completed the migration of half the systems to the off-site facility to balance load and vulnerability across the two locations.

Hosting Service

32. The hosted server service (also known as co-location) now has four paying customers, two of whom have rented entire racks in our machine room and two of whom are renting space within a rack.

PWF Linux

33. A new release of PWF Linux was issued over the summer, this one based on OpenSUSE 11.2.

Online Documentation

34. Assorted documentation has been updated. In addition, various documents that the Service looks after for in the absence of anyone else taking responsibility for them have also been brought up to date. These include The Guide to Courses, the Student Handbook, the Museum and Collections web pages, and the Natural Sciences Tripos Committee web content.

35. Members of the UCS staff were invited by Oxford to talk at their IT day earlier this year. One member of staff presented a seminar on web style sheets for mobile devices at the Sheffield meeting of Institutional Web Managers. Another member of staff is providing two courses for the new MPhil in Computational Sciences run out of the Physics Department.

User Administration

36. The accounts of 3,896 departing students were cancelled in this year's summer purges. This is less than in 2009, which can be attributed to two factors - an increase in students applying to continue their studies at Cambridge and an increasing number of Faculty Board meetings moving from the end of Easter to the start Michaelmas Term which causes certain postgraduate degree courses to continue to be treated as active within CamSIS until the end of Michaelmas. The 9,307 accounts for incoming students were provisioned over the summer and at the time of writing just over 5,000 people have collected their UCS account details and passwords online using the automated sign up process.

37. Much of the summer was spent implementing the infrastructure needed to support issuing CRSids and Raven accounts to students of the Institute of Continuing Education (ICE) who required access to the UL's electronic resources. The project was a complex one requiring information to be exchanged between the Virtual Learning Environment at ICE, CamSIS and Jackdaw. Significant development work was required within Jackdaw to ensure that current members of staff and students who take ICE courses would retain access to all their current UCS resources.

38. One case of alleged computer misuse was investigated, insufficient evidence was found to justify any action.

Identity Management

39. Internally the Service is actively developing an Identity Management database to underpin the IT strategy and a new front-end for searching within the University. These will be launched over the timescale of the next progress report.

Institution Strategy and Media Services

40. As part of the reorganisation of the Computing Service that took place over the summer, Institution Strategy has taken responsibility for media services. The team now includes the Photography and Illustration Service (PandIS), the Printroom and a number of colleagues whose work complements the core activities of providing consultancy, advice on strategy and policy and promoting communication and coordination.

41. During the reporting period PandIS organised and hosted a landmark exhibition of the work of the late wildlife artist, conservationist and Cambridge alumnus, Sir Peter Scott. The exhibition, which received more than 300 visitors, included the original sketches for the World Wildlife Fund Panda Logo and is now touring the Wildfowl & Wetlands Trust centres across the UK. PandIS Graduation Services had a busy and successful General Admission with over 38% of graduands purchasing photographs and/or frames; income rose by 8%.

42. The Institution Strategy team, in addition to providing the usual range of IT consultancy services, coordinated the first Cambridge participation in the annual Oxford University IT support staff conference. A coach load of Cambridge computer officers spent a very profitable day in Oxford and it was pleasing to note that the first and third most popular speakers at the event came from Cambridge.

43. Recent expansion and computerisation of the University Dental Service has continued with the introduction of a new surgery and digital x-ray equipment; all IT-related aspects have been managed by the Small Institution Support Service.

Networks

Unscheduled Outages

Network Support

44. A replacement system for processing the JANET network usage charges for institutions is being developed as the current system is running on a Windows XP specific system that does not support the more modern netflow statistics required by our current router infrastructure. Additionally, the current system does not have support for IPv6 when that becomes available.

45. Support has been provided to 30 Departments, 14 Colleges and 9 other groups.

46. Staff attended a liaison meeting with the University Library and external meetings of the UCISA Networking Group and the South East Region JANET User Group. Staff also attended the Campus Network Infrastructure event organised by the UCISA Networking Group and the joint ICT Forum conference in Oxford.

Network Installations

47. Significant effort has been taken up with the implementation of the GBN circuits for secondary CUDN connections and other GBN-related work [reported by others]. For the current installation base of CUDN PoP switches, 50% of these secondary circuits are now available for use. The remaining secondary circuits have been prepared but not yet presented in the relevant CUDN router racks and customer premises

48. Secondary local institutional singlemode fibre cabling has been completed for most of the colleges and external institutions (e.g. MRC). Site cabling for university departments is in progress but delayed by the need for asbestos control measures on University premises such as the Old Schools, Sidgwick and Downing sites.

49. MRC Biostatistics, Douglas House and the Disability Resource Centre are scheduled for upgrades to their PoP equipment by mid-October. This will complete the current phase of primary PoP switch upgrades. Thereafter, the focus will revert to completing and commissioning the secondary circuits.

50. A new CUDN installation has been completed for the Sainsbury Laboratory on the Botanic Garden site and two new connections completed at the Hauser forum for Cambridge Enterprise and Estate Management (CCTV). Additional CUDN connections for CCTV at Engineering, Mathematics, Downing and Sidgwick sites will follow during October and November 2010.

51 Emergency optical fibre repair work has been required on a number of sites including King's Parade (EDF power cable fire), Howe Farm (damage by cattle) and the Cambridge Archaeology Unit (damage by rodents).

Network Systems

52. The plan to migrate the Lapwing wireless network over to a centralised Aruba system is ongoing. So far, 92 of the 183 existing Cisco access points have been replaced and the remainder will be replaced over the next reporting period, barring access to the facilities in which they are in service. Currently, over 500 access points are deployed within the University-double the amount from the previous financial year.

53. The Magpie dial-up service went end-of-life on the 1st of October and will therefore no longer be offered by the University. Those impacted by this service discontinuation were notified at least 6 months in advance to ensure a suitable replacement, e.g. broadband, could be sourced. The serviced was discontinued as the number of subscriptions was rapidly dropping and had dropped below the threshold required to fully fund the service.

54. A major tender is underway to replace the core router framework for the University. This tender seeks to replace the ageing existing routers with up to date models whilst splitting the routing infrastructure across multiple sites. This is an overall strategic move that will allow for future upgrades which improve resiliency and manageability of the underlying network structure serving the University. Over the coming 12 months, some of the core CUDN equipment will be upgraded. This includes the chassis, supervisor control boards and some line cards. Some of the equipment is 8-9 years old and is reaching the end of its supported life by the manufacturer.

55. The structure of the CUDN will also be reorganised to improve resilience and better accommodate redundant institutional connections, with a two-layer hierarchical (core and distribution) topology rather than the current flat model, which has problems coping with many of the requirements of a multiservice network. Additionally, a small number of area fan-out switches will be replaced by full switch routers.

56. In addition, many of the CUDN area routers will be physically relocated into a rooms vacated by RPE (Remote Peripheral Equipment) nodes of the analogue telephone system, rather than being co-located in institutional room

57. A major tender is underway to replace the core router framework for the University. This tender seeks to replace the ageing existing routers with up to date models whilst splitting the routing infrastructure across multiple sites. This is an overall strategic move that will allow for future upgrades which improve resiliency and manageability of the underlying network structure serving the University.

Telecommunications

58. A major upgrade was undertaken on the telephone system, migrating from CallManager version 6 to version 7. This upgrade is an interim change to allow for the introduction of the latest CallManager generation to be implemented early 2011 year pending licensing negations with Cisco and the assurance from Institutions that the upgrade will not cause unnecessary disruptions.

59. The voicemail system that was introduced before the new telephone system was deployed has been replaced with an entirely different system that is fit for purpose for the size of the University, commercially proven to be stable, and which integrates much better with the Cisco CallManager phone system than the previous system. The initial phase of this change will be relatively transparent for most users to ensure the platform is stable. However, within after the short proving period, new features will be introduced to users in the next term.

60. The telephone book (to be delivered early Jan 2011) is being developed with the aid of each of the Institutions within the University. This is the second time that the phone book is being developed purely on the data held within the University's central Lookup directory (http://www.lookup.cam.ac.uk/). The phonebook consists of individual listings and organisational entries which are nearly entirely maintained by Administrators within the Institutions of the University and therefore each of the Institutions have the responsibility to ensure correctness and have the opportunity to control how their organisation appear within the phone book.

Granta Backbone Network

61. Work on the GBN over the last reporting period has been extensive and varied. Many of the actions taken are the result of months of planning within the Computing Service in coordination with the city, affected Institutions, contractors, and property owners. Wherever possible, the work completed is conducted by the Computing Service Network Installation Team and the GBN manager to keep costs to a minimum and remove the reliance on external contractors unless it is not cost effective for internal members to complete the work or if other constraints, e.g. time and labour, become a factor. The following is a list of the works completed or planned over the last period:

62. Works were completed on the Whittle Lab GBN diversion, due to plans to extend the Lab.

63. Diversion works are nearing completion on the removal of GBN node from the Old faculty of Divinity building.

64. Addenbrooke's 2nd physical link is waiting for way-leave approval. EMBS are in consultation with the NHS Trust & the National Blood Service

65. GBN damaged in the paddock in front of Astronomy by a fence post boring drill. Institute of mathematics lost network connectivity for a short time while the diversions were put in place. All damage now repaired.

66. Repairs to the GBN, due to the EDF underground fire, have been completed.

67. Peterhouse College are moving their GBN node to a new communications room. Works due to start in early October, to be completed by early November.

68. 3000 metres of black GBN duct has been delivered in preparation for the network extension of the West Cambridge Site for the new Material Science building

69. GBN extension on the Addenbrooke's site to pick up the new MRC building is currently under way. Discussions are taking place to extend the network across the leasehold of CRUK.

70. GBN extension on Saxon Street is due to start in October to extend network into Pembroke College off site hostel.

71. St John's College have had 2 GBN mini nodes upgraded to single-mode, with the aim being to improve bandwidth.

Security

72. This report covers the summer months from May until the end of August. Wide-scale probes numbered 39673 with noticeable increases for SSH probes in June and July and for the VoIP-related protocol, SIP, starting in July; it should be noted that the University Telephone system has filters to block these external attacks.

73. Unfortunately with each phishing run, some users respond with their username and password. There were also 14 attempts to exploit email accounts to send spam. The Mail Group's counter-measures continue to help limit the damage.

74. On the web front, The Service saw two website defacements and an attacker exploited a vulnerability in out-of-date versions of phpMyAdmin to upload a toolkit to some local websites. One site was subsequently used for ssh scanning.

75. Malware incidents included variants of mufanom/hiloti, conficker, torpig, fake anti-virus and anti-spyware, and DNSchanger. Once again, during the vacation we saw visitor laptops arriving with malware on board. Three hosts in one department were seen participating in an IRC botnet.

76. There were 42 copyright violation notices received. Other incidents included an attempted Denial Of Service attack on a server, two open proxies exploited to gain illicit access to e-journals and a small number of Raven accounts used for the same purpose.

S. Kearsey