IT Services
From CNUpedia, an IEEE Innovation.
Contents |
Overview
The University's Information Technology Services is responsible for the maintainance, upgrading, and development of the majority of the school's technology infrastructure. They provide, among other things, residential ethernet networking, wireless access points, firewall protection, email services including spam filtering and limited SMTP and IMAP. They also deploy integrated services for registration, class web page development, and campus announcements, as well as cooperate with other groups in their technology efforts.
Key Players
Prominent IT employees, as referenced on their site are
- Dr. George Webb, Chief Information Officer email
- Thomas Mackay, Assistant Director of ITS - Systems Development email
- Andrew Crawford Assistant Director of ITS - Networking and Support email
- Assistant Director of ITS - Academic Computing
- Sheila Higgins Administrative Services Manager email
- Charlie Ruble, Sr. Technology Services Manager email
A number of other employees may be found on IT's site. There is also a steering committee comprised in part by various CNU staff, of varied membership. Examples of past (and possibly present members) include Dr. Griffin and Dr. Game.
System Resources
Subnets
The subnet 137.155.0.0/16 is reserved to the CNU network systems, since before it even ceased to be a college. Hence, almost all computers on the subnet, including those in residence halls, are granted unique addresses. DHCP is implemented for student computers, but it appears its assignments are semi-static (i.e., they doesn't change if there is no need). The risk of this public existence of individual computers on the internet is negated partly by a firewall system. Furthermore, there is defined and implemented as well a routing internal policy that hides non-broadcast traffick from adjacent computers inside the network. These policies have also been used to prevent what is deemed inappropriate usage of the systems and other forms of unapproved communication by blocking particular ports:
- See the talk page to discuss which ports are blocked.
Protocols
CNU handles mail with the following protocols: SMTP (mail sending), IMAP (message receiving), and HTTP (both). The SMTP server is an iPlanet Messaging Server (currently a version 5.2 HotFix 2.04 built Feb 8 2005). It allows computers inside the CNU netblock to send messages freely without any need for authentication. Absurd domains and sender addresses are allowed. Unlike the previous server that had been running for some time, this system does track the IP address of the computer initializing the transaction. Non-repudiation is thereby limited. Computers outside the netblock are, however, unable to relay mail. The IMAP system does require authentication but provides no encryption. The HTTP system is authenticated. Whether it encrypts tranmissions has not yet been determined, but it is likely that it doesn't. In addition to these services, there is a barracuda spam filter system. It may optionally be disabled, supports whitelisting, and has a learning algorithm.
Computer Labs
A number of computer labs are specially controlled by or at least maintained by IT Services. These include almost any outside of Gosnold and the library. It is worth noting, however, that computer systems in residence halls need not be directly under their supervision. In the case of the computer lab in James River, Student Life is expected to notify them if maintainence is needed. Those who have only used the lab in McMurran, it is worth noting that there are additionally
- The Media Center in McMurran (right past the main lab)
- A lab in each of Wingfield and the Business Technology Center (i.e., Suntrust) and other locations
- one in Gosnold (a PC lab)
Servers
IT also hosts a file server, Galileo, and web accounts for all its students. WebDAV has replaced the original FTP-based update method for these pages. For those interested in viewing these pages, one may go to http://users.cnu.edu.
History
Emergence from Difficulties
For a time IT Services were plagued with interrupted service, slow connections, massive spreading of malicious software, and server downtime. It appears that there had been some turnovers in staff, before the current membership had arrived and consolidated a largely functional system. A number of factors may have contributed to the difficulties all groups experienced. First, there was no policy to control and secure resident's systems. The eruption of a number of massively-mailing worms and port-vulnerability exploiting worms caused a downward sprial as more computers spread what essentially were bandwidth thiefs. Second, there were issues with the system policies themselves: A single computer, drake, was responsible for almost all services including FTP, TELNET, HTTP, and DNS. Dialup access to the school was previously handled by a 1998 Bay Networks appliance decommissioned December 15, 2005. If, however, drake went down for any reason, all services were lost at once. Even after services were phased out from drake, ITS had numerous hardware and software configuration issues to resolve. There are additionally rumours that the original administrator left in a hurry without leaving any reference documentation to explain how the systems functioned. This supposedly would have meant that the new staff would have to figure everything out from scratch. Also, it has often been mentioned by the current IT staff that one of the main difficulties has been the firewall. Apparently, a fix for this was often just rebooting it.
A number of strategies have been implemented to overcome this trail of disaster. Students are now required to configure their computers before being granted access to the internet. They must install an antivirus engine, a spyware cleaner, and (make sure) a firewall on their computers. The means of prevening access is to cause DHCP requests to be answered with information that places computers on a special network layered within the actual one, replacing DNS entries such that any site requests will redirect to a registration page. The result of this is that until students registered, they would generally be stuck on a "fake" network (in truth, a fully functioning, if bland, one). Another strategy is to host different services on different computers. In use now are blessing (HTTP), kidd (cnulive HTTPS), richmond (DNS), barracuda (mail filter), and messenger (SMTP/IMAP), among others. A more aggressive helpdesk policy and the sending of IT support personnel to the residence halls have also reinforced cohesion and reactivity.
A number of continuing projects are still underway, such as Sender Policy Framework to help control mail. ITS has a number of challenges still in front of them, as they also continue to experiment with the new wireless systems and have yet to build certain kinds of infrastructure in terms of student web sites, maintainence of residence hall labs, and whatever else they might unleash to improve the quality of CNU's systems.
Personality of IT Services
Opinions
Personal Opinion (TwoFlowers)
To an extremely inquisitive observer, ITS may seem a little quiescent. This is not due to a lack of communication on their part, but a reluctance to share details about the systems or to discuss implementation ideas seriously outside of established circles. There is an attitude, albeit understandable, of shielding off members of IT who are not directly in a publicly visible position. IT would appear to operate in large part under a business paradigm: Responsibilities and information must be structured and pipelined in a controlled manner. There is an emphasis on devolving responsibility also upon outside companies, by obtaining proprietary software with support contracts. It seems regrettable to one influenced by Open Source that they would pay out money for what can be freely obtained, and that they would subject themselves (as has been said by members) to having to defer to outside organizations to configure important parts of their systems.
Personal Opinion
