ASET 2006-07 Annual Report
Report Navigation
AIT is charged with the development, deployment, and management of a wide range of centralized computing services for the University. Services include authentication, authorization, distributed file services, Web services, networking, specialized applications, systems management, consulting services, and vendor software distribution and support. AIT also provides the academic computing community with services that support and manage Penn State's digital identity service, and it is responsible for maintaining records of acknowledgement from Penn State Access Account holders that they understand and agree to comply with University and ASET policies.
The Blogs at Penn State effort is a joint project between Education Technology Services (ETS) in Teaching and Learning with Technology (TLT) and ASET. The main purpose of this service, currently in its pilot phase, is to provide a blogging service for the entire Penn State community. The platform is based on the commercial product, Moveable Type. AIT made the modifications to Moveable Type to enable the product to work with Penn State's existing authentication and authorization infrastructure. During the fall semester, Blogs at Penn State will be released as a wider pilot, and is scheduled to be relased as a production service for the spring 2008 semester.
As of March 12, 2007, the Co-location Center (COLO) reached maximum capacity. As a result, new clients and requests have not been accepted.
The COLO, which is housed in the Computer Building, was created nearly six years ago to meet the University community's demand for machine room environmental conditions, since a number of systems are currently housed in unsuitable environments throughout the University. The COLO is a central-housing facility for computer systems available for use by Penn State departments and units for a monthly fee. The fee is based on the amount of needed and consumed resources, such as the volume of space required, network connections, and power connections. Environmental conditions provided include a raised floor, conditioned air, UPS power, and secured physical access.
UNIX, Linux, and Solaris consultants in AIT continued to provide internal and for-fee troubleshooting and planning assistance to ASET and the Penn State community, respectively. Client requests typically include assistance with diagnosing software errors, help with operating system patches, and/or designing custom hardware and software solutions to fit a specific need.
Staff in AIT also provided consulting support (hardware and software) for Macintosh users within ITS Financial Services. AIT also provides a secure and shared, but segmented, file server for ITS Financial Services (both Windows and Mac users). Multiple areas exist on the same server for different sub-groups of people who need to share specific files.
Digital identity management at Penn State continues to be a major and ongoing effort. The ITS Accounts Services Office, partly managed in ASET and partly managed in Consulting and Support Services (CSS), oversees the processes and policies associated with the Penn State Access Account. The Penn State Access Account, in tandem with the Penn State Online Directory (which uses Lightweight Directory Access Protocol (LDAP), a standardized method for providing directory information), provides the foundation for digital identity authentication (proving who one is) and authorization (what one has access to once authentication occurs). During the 2006-07 year, many activities related to digital identity management at Penn State, both day-to-day and new, occurred. The following list provides a detailed summary of some of the more prominent activities:
CACTUS (Central Accounts Coordination Tracking of User Services) provides the database that maintains the centralized identity management infrastructure at Penn State, and it supports automated data feeds for authentication and authorization mechanisms, primarily in the form of Access Accounts and Friends of Penn State (FPS) accounts. Currently, CACTUS is supported by Oracle Enterprise edition. Future plans include an upgrade to the latest version of Oracle, or to an alternative, open source relational database management system.
In addition, support continued for a DB2-supported Web application server for teaching and research. The Database course-related service, managed via the ITS Accounts Services Office, allows faculty to request database services for each student in a course. The database for general research and instructional services, also managed through the Accounts Services Office, provides faculty, staff, and researchers, along with any requested authorized users, with database services for research or instruction for as long as a user qualifies for an Access Account or until the user requests its termination.
Efforts have been underway throughout the year to enhance the stability and reliability of the hardware and software that support Penn State's e-mail services via mail.psu.edu and email.psu.edu. The goal is to implement enhancements by the beginning of the fall 2007 semester.
In early August 2006, a major upgrade was performed to the hardware and software that support ITS' Distributed File Backup Service, otherwise referred to as TSM (Tivoli Storage Manager). As a result, considerable increase in backup and restore capabilities were made available.
The number of data in backups/archives increased from last year's 224TB to 258TB this year. Of this 258, approximately 20TB are PASS backups. A total of 1,000 Penn State machines back up with TSM at least once a month.
The itunes.psu.edu project, a joint effort between ETS/TLT and ASET, is underway to provide course materials, lectures, seminars, and other information using Apple's iTunes store front. During the year, ASET provided support for the backend processes to perform user authentication and authorization to the Apple site. Efforts will continue through the 2007-08 year to further develop this project.
Work began this year on a "facelift" for the ITS Secure Server, otherwise known as "www.work". The intent of the makeover is to provide a more personalized user experience, with more convenient access to information associated with one's Access Account, such as directory entry information, PASS quota information, password expiration information, printing information (students), and more. The new version is targeted to be released as a pilot for users to test sometime by the beginning of the fall 2007 semester.
The Nagios service, an open source host, service, and network monitoring program, is AIT's proactive effort to automate the process for the constant monitoring of the systems that support the services this group delivers to the Penn State community. It serves as an internal "checks and balances" mechanism, whereby AIT staff are informed of any issues, so that they can produce timely ITS Alerts and/or other notifications as warranted.
This year, staff in AIT worked to develop a tool to meet the growing demands and need for restricting Personal Web space content. As a result, the Access Control Manager (ACM) Wizard, a Web-based utility, was developed.
For many years, Information Technology Services (ITS) has offered the Penn State community with the option to apply for Personal Web space via an online quiz at Personal Web space quiz. Once granted, a www folder is created in one's Penn State Access Account Storage Space (PASS). The www folder is publicly accessible by the entire Web, unless some extra steps are taken to restrict access.
The ACM Wizard offers users an enhanced option to protect/restrict specific Web content by using Protected Personal Web space. Protected Personal Web space provides a means by which users can restrict access to specific files stored in their respective Penn State Access Account (PASS) folders. Those who have www (Personal Web space) folders in PASS are automatically provided with an additional folder labeled www_protected within their respective PASS folders. Through the ACM wizard, users will be able to easily specify who should have access to specific files within his/her www_protected folder. Access may be restricted to Penn State Access Account userid, Friends of Penn State Accounts, and/or Access Account groups or roles. At this time, user access to www_protected content is read-only, but users can upload content via any of the existing PASS tools currently available.
Throughout the spring 2007 semester, the preliminary version of the tool was used and tested by users at Penn State Erie, The Behrend College, as well as other areas of the University. Enhancements were incorporated into the interface, and it will be released as a pilot by the beginning of the fall 2007 semester.
Throughout the year, AIT staff made considerable strides with implementation planning for the new file system that will support PASS in the near future. The functionality provided by DCE/DFS, Penn State's current authentication, authorization, and distributed file system middleware used to support the Access Account, needs to be replaced as IBM has discontinued normal support for DCE/DFS. While authentication and authorization could be replaced by Kerberos 5 and LDAP, they are not tied together with a secure remote procedure call and are not currently integrated with any secure, robust, scalable, heterogeneous, and easy-to-manage distributed file systems. Solutions based on open standards and open source are preferred to prevent vendor lock-in and to more rapidly adapt to the University's evolving needs. As a result, GPFS will be deployed as a replacement for DFS. Plans are underway to release a beta cluster for users to test.
On a related note, the Apple File Protocol was decommissioned earlier this summer. As a result, the mac.pass.psu.edu option for mounting PASS was decommissioned. Currently, Macintosh OSX users are still able to access PASS through several other file transfer options, including the Common Internet File System (CIFS), also known as Server Message Block (SMB). CIFS is the file service protocol native to Microsoft Windows. By use of Samba software, other platforms such as Mac OSX and UNIX/Linux systems can also connect to PASS.
Penn State WebMail has undergone significant changes throughout the last year. In response to WebMail2's issues with performance and speed, a "bare bones" WebMail client called WebMail Lite was developed to better suit and support users who have slower network connections. The client was beta tested for several months before going into production during the spring 2007 semester. Popular features from WebMail2, as well as features received from user feedback, have been integrated into WebMail Lite. Anyone who uses WebMail can choose between either client, as the two are fully compatible. Though WebMail2 is still available as an option, users are strongly encouraged to choose the "Login to WebMail" option on the Penn State WebMail splash screen at https://webmail.psu.edu/ (as of August 27), as this version will become the final version of Penn State WebMail. WebMail2 will be completely phased out and discontinued sometime during the spring 2008 semester.
AIT continued to provide programming support for this Teaching and Learning with Technology (TLT)-managed service.
This year, a "browse videos" feature was added to the interface via AIT's programming support for this service.This year, staff in AIT continued to provide programming and hardware support for the Office of the Vice Provost for Educational Equity's Report Hate Web site.
TrackITS continued to gain momentum this year as all units ITS began to use TrackITS for their respective purchases and aset tracking TrackITS, a joint effort between ITS Financial Services and Applied Information Technologies (AIT), provides order entry and asset tracking features, which allow ITS managers and employees to view vital statistics about any purchased hardware products by including basic information, as well as budget descriptions and contract information.
An enhancement is currently being developed within TrackITS to provide a web-based form for creating and updating pre and post travel request and support forms. Approving, routing and searching of travel requests will be included in this enhancement.AIT continued its evaluation of WebLion for use as an in-house content management and for possible Web hosting options. WebLion is based on the Zope Application Server and Content Management Framework (CMF), with Plone acting as a user-friendly way to manage the content on the system. AIT staff have helped to integrate WebAccess for authentication and LDAP roles for authorization, in order to assure that WebLion can operate with Penn State's existing infrastructure.
Development continued this year on the Web-based Role Assignment Tool (WebRAT). The Web-based Role Authorization Tool (WebRAT) supports the Penn State Workflow Project's requirement for role-based authorizations, assignment, and management. WebRAT provides a Web-based mechanism for managing authorization to various applications. It uses roles to group University faculty and/or staff together and specifies access restrictions via attributes.
Earlier this year, WebRAT entered a pilot for eBuy notification. The pilot is a joint effort between Penn State Housing, Food Services, and Residence Life, Administrative Information Services (AIS), and AIT.
Though WebRAT has been designed to accommodate Penn State's Workflow Project, its design is also flexible so that any role may be assigned through its interface. Furthermore, WebRAT will eventually be used for all University academic, research, and administrative areas. In the future, roles may be used to represent users' multiple affiliations within the University.
The primary goal is to better support the University's overall business, academic, administrative, and research transactions; WebRAT provides the interface to support this mission as well as the policies that support Penn State's operational infrastructure. The Workflow Project is overseen by AIS, while WebRAT is overseen by ASET.
AIT continued to offer and support the Windows Update Service (WSUS) this year. The WSUS at Penn State provides a means for safe installation of critical updates for Windows machines on Penn State networks. For more information, visit the Penn State WSUS Web site.
