|
|
|
Work continued on the Business Office Library and Database (BOLD) project this year. BOLD is a collaborative project between AIT and ITS Financial Services. It allows ITS managers and employees to view vital statistics about any purchased hardware products by including basic information, as well as budget descriptions and contract information. Currently, BOLD is used exclusively by ITS Financial Services and has become an important aid within ITS, specifically ASET, for managing purchasing contracts with vendors. It currently holds close to 8,000 entries. BOLD's inventory tracking capabilities are currently being reevaluated and redesigned.
During the 2004 - 2005, there were many infrastructure upgrades to the Computer Building. Included were the replacement of all windows in the machine room to enhance security; an upgrade of an existing air handler to improve cooling for the machine room; a major renovation to improve office space throughout the building; and the replacement of the steps at the building's front entrance.
The largest upgrade, which required coordination among many ITS units and other University units, was the upgrade of the two aging Universal Power Supplies (UPSs). A UPS is a power supply that includes a battery to maintain power in the event of a power outage. During November 2004, the first upgrade took place without any major problems. The second UPS was upgraded during the winter break without incident. The new UPSs provide additional protection in the event of a major a power outage.
Digital identity management at Penn State continues to be a a major and ongoing effort. The ITS Accounts Services Office, partly managed in ASET and partly managed in Consulting and Support Services (CSS), oversees the processes and policies associated with the Penn State Access Account. The Penn State Access Account, in tandem with the Penn State Online Directory (which uses Lightweight Directory Access Protocol (LDAP), a standardized method for providing directory information), provides the foundation for digital identity authentication (proving who one is) and authorization (what one has access to once authentication occurs). During the 2004 - 2005 year, many activities, both day-to-day and new, occurred in relation to digital identity management at Penn State. The following list provides a summary of some of the more prominent activities:
Downloading software supported by Information Technology Services (ITS) became easier during 2004 - 2005 thanks to a new and improved version of the "downloads.its.psu.edu" site. Now available to Penn State faculty, staff, and students, https://downloads.its.psu.edu/ provides central, "one-stop-shopping" access to software applications, updates, related information and documentation for ITS-supported and managed software. The site also integrates, as well as replaces, the Web version of PAC-ITS, and provides easy access to ITS' open source software mirror at: http://carroll.aset.psu.edu/. Due to the nature of licensing agreements and/or for-fee structures for some of the software products, the site is available only to Penn State faculty, staff and students. Thus, the site requires access via a Penn State Access Account userid and password through Penn State WebAccess. Users who connect via a dial-up connection still have access to the PAC-ITS CD, supported and distributed by CSS, to download larger software packages. The CD is available at local computer support and/or help desk areas at University Park and other campus areas. Not all software packages listed on downloads.its.psu.edu are available on the CD due to the nature of their respective licensing agreements and/or for-fee structures. In addition to licensed software, the site provides download links to other popular software programs, such as the Web browser, FireFox, and the e-mail client, Thunderbird. In addition, an XML-based interface was developed for staff in CSS responsible for updating software.
AIT continued to expand and improve services for providing dynamic content via the Web. On August 24, 2004, the second phase of a multi-phase rollout of Penn State Web Application Engines was begun. This phase provided major updates to the PHP: Hypertext Preprocessor (PHP) dynamic content service began with Phase I. This service has been designed for all Penn State students, staff, and faculty with Personal Web space; student organizations with Web space on the Student Organizations Web Server; colleges; other Penn State locations and departments with ITS Departmental Web space; and courses with Course Online Accounts (COLA). While a database server was not provided for this service with Phase II, one is planned for a later release; developers and Web content providers may use independently-operated database servers. This service is capable of authentication with either an Access Account and/or a Friends of Penn State account via Penn State WebAccess. There were two additional minor updates during the year, the latter on June 8, 2005. More information is available via the Penn State Web Application Engines Web site.
Several upgrades to Penn State e-mail services (for email.psu.edu and mail.psu.edu) maintained by ITS, specifically maintained within AIT's Networking and Advanced Systems group, occured this year. The following list represents a summary of the major upgrades:
Losing important data is catastrophic to those whose information is permanently lost. Off-site backup is the best way to avoid costly permanent loss. For several years, AIT has provided a for-fee backup service known as Tivoli Storage Manager (TSM). TSM is a central backup service, which acts as a file backup and archive server for the disk drives of any workstation or personal computer connected to the Internet. It supports twenty-five different platforms as clients and offers disaster recover and Hierarchical Storage Management (HSM). This year, the number of data in backups/archives increased from 60 to 130 terabytes. Of this 130, approximately 26 terabytes are PASS backups. A total of 1,400 machines at Penn State back up with TSM at least once a month.
The file storage service (used for home directories, Penn State WebMail, the Penn State Portal, Personal Web space, Departmental Web space and other services) commonly referred to as Penn State Access Account Storage Space (PASS), was continued during 2004 - 2005. PASS permits finer access control to images and files and enables improved collaboration between individuals and groups (see the Penn State Portal information below for details). This year, the total storage capacity for PASS was increased to 14.7TB. Currently, there are 149,818 PASS home directories with 44,607 Personal Web Space directories, 147 Departmental Web Space directories, 722 Course Space directories and 777 Student Organization (Clubs) directories.
The default allocation was increased from 200MB to 500MB for the beginning of the fall 2004 semester. This fall, ITS will double the amount of space available to University community members. Individuals will be able to manually add space to their respective base allocations of 500MB in 100MB increments up to 1GB. In addition, student organizations with Web space hosted on the Student Organizations server also will be able to take advantage of this upgrade.
The digital identity service, Friends of Penn State (FPS), developed by AIT, continued to grow and gain momentum. The FPS infrastructure supports the delivery of a variety of centralized University services to potential students, alumni, and e-commerce customers via the Web. A joint project between several ITS organizations, the FPS account management system has been designed to enable the development of Web-based information resources to more efficiently serve individuals outside the University. FPS is also part of the University's initiative to create a long-term relationship with the many individuals who use Penn State services such as Digital Library Technologies, a unit of ITS; the Office of Undergraduate Admissions; the Office of Student Aid; Penn State World Campus; Cooperative Extension and Outreach in the College of Agricultural Sciences; eCommerce Services; and the Office of the University Registrar.
During 2004 - 2005, new stakeholders/clients included the Office of Human Resources, the Graduate School, and the Office of the University Bursar. Currently, thee are 312,000 FPS accounts.
AIT staff continued to work on developing and providing an Access Account Windows Active Directory® (AD) Root domain for use within the University community to leverage the existing infrastructure, providing for a unified authentication and authorization domain between Windows Active Directory® and the current open standards-based infrastructure. As of early spring 2005, the deployment of Windows Active Directory® at Penn State transitioned from a pilot program to a fully deployed service. Participants include: Commonwealth College; Penn State New Kensington; Penn State Altoona; Penn State Berks; Penn State Beaver; Penn State Mont Alto; Penn State McKeesport; the College of Earth and Mineral Sciences; the College of Arts and Architecture; the College of Health and Human Development; the Division of Student Affairs; the Departments of Chemistry and Physics in the Eberly College of Science; the Office of the Vice Provost for Educational Equity; the Office of Student Aid; and the Morgan Academic Support Center for Student Athletes.
As a way to update and recruit the Penn State community, the Windows Active Directory® Team held a successful town meeting in July 2004. As a result, a follow-up town meeting/presentation was held as part of the May 2005 Network of People (NWOFP) meeting and intensive, targeted workshops are being planned for fall 2005. In addition, the Windows Active Directory® Team developed a set of policies and guidelines related to this service, in compliance with University policy. Information about this and other Windows® services related to Active Directory® is found via the Penn State Windows® Services Web site.
ASET continued to maintain the infrastructure for Penn State's Online Music service, Napster. Its infrastructure leverages the current University authentication and authorization infrastructure in a way that permits secure account creation with Napster while keeping network traffic in check. Shibboleth, an Internet2 middleware initiative designed to provide federated access management between Web-based resources, with an emphasis on security, scalability, and privacy, is used for account creation. Shibboleth enables Penn State students to authenticate to the service using the Penn State Access Account. In addition, a local Napster caching server, which streams music/videos and is owned and operated by Napster, has been setup within the Penn State network and is maintained by AIT. The local caching server permits faster downloads and a reduction of network traffic.
As of the fall 2004 semester, the service was made available to Penn State employees and all students. For more information, visit the Online Music: Napster at Penn State Web site.
Staff in AIT continued to monitor and evaluate the Westwood version of the Open Source Application Foundation's (OSAF) Chandler. Chandler is a Personal Information Manager (PIM), part of which is an open source calendaring system, geared toward academic institutions. For more information, visit the OSAF Web site.
ASET continued to upgrade and develop directory-enabled services at the University, in part to comply with the University's SSN conversion project. At the beginning of 2005, the Penn State Online Directory, which uses Lightweight Directory Access Protocol (LDAP), a standardized method for providing directory information, was upgraded to no longer permit the use of "nicknames" for the delivery of e-mail. The change affected only a small population of users, who were notified directly via e-mail prior to the update. A FAQ page was provided for those users, outlining instructions designed to prevent disruption of e-mail delivery. In addition, the directory entry fields and descriptions noted in the "Edit your online directory information" utility via the ITS Secure Server were updated to reflect the way in which directory information is displayed through directory services, eliminating any references to the former PH directory fields. For more information about directory fields, please visit the Directory Field Descriptions Web page.
The Oracle Collaboration Suite Calendar (formerly CorporateTime Calendar) and scheduling client continued as a service to the Penn State community. This networked calendaring system allows users to create meetings and events, compare schedules with others via the group agenda, as well as manage the scheduling and use of high-demand resources such as conference rooms and equipment. While clients are available for UNIX, Linux, Macintosh, Solaris and Windows, users can easily access and update their calendars via the Calendaring Web server, http://www.cal.psu.edu/ provided that he/she has a valid license.
During the fall 2004 semester, the calendar server was pruned (all calendar, to-do, and other entries older than two years were deleted from the backend database), and the database and software were upgraded to help the service run more efficiently and as preventative maintenance to ensure better performance. As a result, scheduled, monthly maintenance on the calendar service began the first week of August 2005.
Currently, 1,900 user licenses are in use, with 300 resources and 43 public groups. In addition, current versions of the software clients are available for the latest operating systems via the new and improved downloads.its.psu.edu Web site.
The Penn State Portal continued as a major University initiative, gaining momentum and popularity. Usage numbers steadily rose throughout the year among the student as well as faculty and staff population. In addition, several new channels and new features were added and/or enhanced, such as a newly designed version of the Portal's built-in file transfer tool, the PASS Explorer. This year, the Portal enrolled in Penn State WebAccess in tandem with Penn State WebMail's enrollment, providing users with the ability to take advantage of Web Single Sign-On. As a result, a WebMail channel was developed, allowing users to check their respective e-mail messages directly from the Portal.
Another new Portal development was the design and implementation of a new and much improved PASS Explorer. This application has been a major and well-used feature of the Portal for several years, but was in need of a facelift. A considerable amount of time was put into developing the PASS Explorer's "under the hood" functions, including the addition of a new file sharing feature. In addition, the interface has been completely redesigned to provide users with a more intuitive and friendly experience. Some of the new features include:
A major feature is the File Sharing Feature, which allows users to set up "shares" (areas of PASS space), where information can be exchanged with other users. Users can set permissions for Read/Write (view and edit), Read/Only (view), or Write only (a dropbox feature for depositing files) for a particular group of users. Users can be added quickly and easily at any given time, to/from any given share. Links also may be sent to items in the share, via the Send Link(s) feature, to a new share.pass.psu.edu server. This enables authorized users to obtain the share files through a Web browser. In addition to the sharing feature in the PASS Explorer, a new Web server was created, share.pass.psu.edu. This server allows users to retrieve documents via a Web browser from a share to which he/she has access.
AIT continued to maintain the Google Search Appliance as Penn State's search engine. This year, a new, Web-based tool was created to assist Web developers with invoking the search engine via their respective site designs for search results. The tool is available at http://aset.its.psu.edu/cgi-bin/googledocs_custom_xslt.cgi and can be used by anyone in the Penn State community.
The search engine currently indexes over 900,000 Web pages and performs between 5,000 and 25,000 queries per day.
Penn State WebAccess continued to gain interest and momentum this year, as several, popular sites that require authentication enrolled in this service: the Penn State Portal, Penn State WebMail, Penn State Web-Based Training, the ITS Secure Server (https://www.work.psu.edu/), downloads.its.psu.edu, eLion (https://elion.psu.edu/), and the NFS to PASS Gateway.
The WebAccess production system production system was enabled for multi-realm support (support for authentication against both Penn State Access Accounts and Friends of Penn State accounts) on May 11, 2005. The changes to support multiple realms are not be visible users of the system. In the previous system, the WebAccess server only checked an account against the Access Account Kerberos realm. For support of multiple realms, the server first checks the Access Account realm. If the account name and password are not a match, then the FPS realm is checked.
WebAccess, which uses the University of Michigan's CoSign technology (a development effort that is funded by the National Science Foundation's National Middleware Initiative-Enterprise and Desktop Technologies program), provides an environment in which users authenticate/login once with their respective Access Account userids and password to a central server in order to access multiple services protected with WebAccess without needing to re-authenticate.
Whether a user reaches the WebAccess login page directly or via a protected service, the authentication process is the same. Users must enter their respective Access Account userids and passwords in order to authenticate and gain access to a particular service if they haven't already done so via another WebAccess-enrolled service. For example, a user may authenticate via Penn State WebAccess and then access services such as the Penn State Portal and Penn State WebMail without needing to authenticate again to those or any other WebAccess-enrolled services. Likewise, if a user first authenticates to the Penn State Portal and then needs to use the ITS Secure Server, he/she will not need to re-authenticate in order to do so. If the WebAccess login page is first accessed via a protected service, the Web browser will redirect the user back to the service once he/she successfully authenticates. If the WebAccess login page is first accessed directly via https://webaccess.psu.edu/, the user will be presented with a list of WebAccess-enrolled services. Likewise, users should logout via WebAccess or the logout function provided by the service. For details, please visit the WebAccess Help Page.
During 2004 - 2005, Penn State WebMail underwent several performance upgrades; upgraded its version of GMime, which provides a core library and set of utilities to create and parse messages using the Multipurpose Internet Mail Extension (MIME); and added a filter for spam scoring. The mail is analyzed and flagged as spam per the rules used for WebMail's servers. This feature is active by default; however users may choose to deactivate it via WebMail's built-in "Options" screen. This mail filter inserts a mail header in order to explain the spam filtering results. In addition, WebMail enrolled in WebAccess.
Penn State's Web-based e-mail client, which is similar to Yahoo! Mail, provides users with anytime, anywhere secure access to your Penn State e-mail via a Web browser. The easy-to-use interface lets users: create and organize mailboxes; access directory services; create and add personalized signatures; change settings; and much, more. Though the client is often used by faculty members on sabbaticals, students studying abroad and staff members who frequently travel, many use it as their primary/only e-mail client. There are approximately 49,100 per and 63,600 per week.
Adoption of Shibboleth as an infrastructure for inter-domain authentication and authorization is rising at Penn State as well as nationally, both within higher education and in the corporate marketplace. Services such as WebAssign access (online Physics course management) and Napster renewals are currently being handled by Shibboleth. AIT also is working toward implementing solutions for the Office of Student Aid (online loan processing), the World Universities Network (WUN), online GIS course management, and Federal government eAuthentication FastLane grant proposal applications.
While the Emerging Technologies (ET) group in ASET is responsible for most of the "research and development" arm of Shibboleth, AIT is responsible for the bulk of the production and implementation. AIT also serves as the lead with the WUN, ANGEL, Napster, and other areas either considering or using Shibboleth for inter-domain authorization and authentication.
Throughout 2004 - 2005, AIT continued to support as well as generate and accommodate interest in the SSL Server Certificate Group Purchase Program.
During the 2003 - 2004 year, AIT entered into an arrangement with Thawte Technologies for the bulk purchase of SSL certificates for servers within pre-authenticated sub-domains of psu.edu. In addition to considerable cost savings, this relationship positions ITS to provide a quick turnaround of less than three hours within a normal business day to deliver a signed certificate, for a nominal, reduced fee, for those who wish to take advantage of the service. Though this service is not "public" information to date, several organizations within the University already are participating and feedback has been very positive. Higher demand gives ASET the opportunity to offer lower prices, so ASET hopes to continue to "grow" the program during 2005 - 2006. In addition, this program is in the process of transitioning to the Penn State Computer Store as one of its products/services. Information about this program is available via the Penn State SSL Server Certificate Group Purchase Program Web site.
ASET participated in the Social Security Number Project. The goal of this project was to remove all references to the SSN and replace them with a new number called the PSU ID. As part of the conversion, SSNs for Access Accounts and FPS accounts were changed to PSU IDs. In addition, software was developed to request new PSU IDs for both Access and FPS accounts.
ASET continued its partnership with the Division of Student Affairs to support the Student Organizations Web Server (a.k.a the Clubs server). During the fall 2004 semester, ASET and Student Affairs increased student organizations' Web site space from 50MB to 500MB. This increase mirrored the increase allocated to users' Penn State Access Account Storage Space (PASS) storage space, marking the first opportunity in a new commitment to provide the same amount of disk space to student organizations as is provided to individuals' PASS.
The Student Organizations Web Server interface, developed by programmers in AIT, gives Student Affairs staff the ability to create space for properly registered student groups, alter access controls to Web space and update the individuals who are allowed to use an organization's Web space based on records maintained by Student Affairs. An agreement between ITS and the Division of Student Affairs offices at all Penn State locations allows employees to manage this space. Agreements are currently in place with several Penn State locations and several more are in the works.
AIT staff, in collaboration with staff in Teaching and Learning with Technology (TLT), have been working on the IBM VideoCharger project to provide a Web interface for faculty to maintain multimedia content on the VideoCharger Server. Initially, an administrator component was developed to allow select staff in TLT the capability to assist faculty with maintaining their content and adding users to access to the interface. Recently, it was decided that the interface will be used with a new QuickTime Streaming Server run by Education Technology Services in TLT; therefore, AIT will no longer provide the interface to use with VideoCharger. Penn State WebAccess will provide authentication and AIT staff plan to assist TLT with this aspect of the project.
Staff in AIT and TLT have partnered to develop the WebLion Content Management System at Penn State. WebLion is based on the Zope Application Server and Content Management Framework (CMF), with Plone acting as a user-friendly way to manage the content on the system. AIT staff have helped to integrate WebAccess for authentication and LDAP roles for authorization, in order to assure that WebLion can operate with Penn State's existing infrastructure.
During 2004 - 2005, Dr. Stanley Aungst, assistant professor of Information Sciences and Technology (IST), Penn State Mont Alto, continued his partnership with AIT in ASET and CSS. Stan, who has worked with AIT for several years, continues to work with this group on projects related to DB2E, wireless computing, cryptography and hand-held wireless devices. This year, a good portion of his focus has been dedicated to Mobile Public Key Infrastructure (M-PKI). M-PKI allows for data and voice encryption from a handheld device to another handheld device, a computer, a Voice Over IP (VoIP) phone, an enterprise server, etc. The main goal is to develop an identity module (SIM) system on a chip application (I-SIM) for end-to-end data, voice encryption, and anonymous use of digital signatures. The project is currently in Phase II (data encryption) and Phase VII (voice encryption) of a nine phase strategic plan. During fall 2004, M-PKI research was presented to J. Gary Augustson,Vice Provost for Information Technology and ITS senior management, as well as Dave Robertson, who is the University's primary Technology Licensing Officer. In January 2005, the M-PKI research was presented to the National Security Agency (NSA) and the United States Secret Service. Later during the spring 2005 as phase II of the project was underway, the secure e-mail client and digital signing (S/MIME) for handheld devices and its integration with Penn State WebMail to IST Faculty at University Park. In summer of 2005, part of Phase VII (VoIP/ Cellular) was successfully demonstrated by compressing and encrypting a voice stream from PC-to-PC using the 256 bit encryption AES algorithm. Phase II continues with certificates and the digital signing of voice packets. Eventually, ET's SIP server will be used to ensure full voice integration for cellular and VoIP.
In addition, Dr. Aungst teaches six different IST course at Penn State Mont and also teaches a community project course for the Pennsylvania Governors' School for Information Technology (PGSIT) on Mobile Databases.
Text Only Version | Site-Index | Privacy and Legal Statements | Copyright | © 2005 The Pennsylvania State University
This site maintained by Academic Services and Emerging Technologies, a unit of Information Technology Services.
Comments and suggestions may be directed to asetcomm@psu.edu.
Last revised: Monday, August 15, 2005.