2017 Spring CIT Extension (CITx)
CITx is a half-day extension event connected to the Continuous Improvement in Technology (CIT) conference, typically held in winter.
The 2017 CITx event was held on Tuesday, March 14, 2017, in the State Farm Hall of Business. The goal of CITx is to empower Illinois State's IT professionals by providing them the latest IT news from around campus, opportunities for social networking with their colleagues, and round-table discussions.
IT News
The IT News session featured several speakers, updating the ISU IT community on topics such as the enterprise portal, ReggieNet, Account Refresh, ITSM, and updates from WEB and TechZone. Check out the slides here: IT News Powerpoint.
Round-table recaps
Drive encryption of university devices as a standard
Facilitated by Dan Taube and Jason Ross
As the University moves forward on multiple fronts with providing better technology security for end users, IT units around campus have begun to configure and implement encryption solutions for deployed laptop and desktop Windows-based computers. AT Endpoint Support and the College of Business have been encrypting deployed computers using Windows Bitlocker for a little over a year using Microsoft’s SCCM (System Center Configuration Manager) and MBAM (Microsoft BitLocker Administration and Monitoring) products.
The primary goal of making Bitlocker encryption standard on deployed Windows computers was to prevent data loss/theft on units that were lost or stolen. If a computer (or just its hard drive) becomes lost or stolen, encryption prevents any unauthorized user from accessing the data stored on the device or even using the device altogether in its distributed form. Because Bitlocker is a product that comes preinstalled with the Windows OS, enabling/disabling encryption and remote management can be handled with Microsoft’s SCCM/MBAM toolset. Configured using a task sequence through SCCM, the Bitlocker encryption key can be stored automatically to an Active Directory server. This automated backup allows IT support or an administrator to access the data/device in cases of emergency or if data retrieval without the user is necessary. MBAM is the toolset for simplifying deployment and key recovery as well as centralized compliance monitoring and reporting, and is the basis for which encryption deployment recommendations are made by Microsoft. Dell also publishes a toolset called Command and Configure that can remotely configure BIOS settings to support encryption and has the ability to run as part of an SCCM task sequence. For those encrypted drives that may be damaged or defective, Microsoft offers the DaRT (Diagnostics and Recovery Toolset) toolset for data recovery as long as the correct encryption key is provided.
While these remote and automation toolsets are readily available, deploying encryption has some requirements and potential pitfalls. Bitlocker requires the computer to have a TPM chip built-in to the unit; while most newer enterprise-level (ex. Latitude) computers ship with a TPM as standard, consumer-level (ex. Inspiron, XPS) and older computers most likely will not. For these units without a TPM chip, Bitlocker To Go is an encryption option but is also a feature that cannot be automated or remotely managed; the encryption key is either saved as a text file or stored on a provided USB flash drive, which is not as convenient or secure as Bitlocker. Modern systems, particularly those equipped with an SSD instead of a traditional HDD, won’t see a noticeable difference in performance during day-to-day operations for a normal user. However, older systems or those systems using higher-bit encryption may experience some slowdowns. Remotely managing Bitlocker also requires correctly configured GPO’s (Group Policy Objects) that are crucial for automating the process, which can require a lot of guess-and-check work. If the TPM chip on a computer is defective, it can cause issues with Bitlocker or remote management and can be particularly difficult to troubleshoot. Non-graceful computer restarts or shut-downs can trigger the anti-intrusion features of encryption on a drive or trigger false incompatibility errors.
As the process of configuring and deploying encryption becomes easier for Windows OS computers, these IT units look to expand the types of devices being supported and remotely managed. While encryption solutions exist for Mac, iOS, and Android devices, they do not meet the same level of automation and remote management required for mass deployment. ISU will continue to experiment with MDM (Mobile Device Management) solutions throughout the next year with the Airwatch product.
ReggieNet Upgrade/Integration with Office 365
Facilitated by Charles Bristow
As Illinois State continues to leverage ReggieNet the opportunities to update the system have become increasingly constrained due to expanded winter and summer session classes and schedules. These constraints made it necessary to roll out the latest ReggieNet update (11.3) during Spring break (literally the day prior to this round table). Considering the aforementioned short time frame and schedule for the update (which also happens to put it in the middle of a semester…) it’s important to highlight the major differences in this latest implementation.
Some of the major changes include an improved site grid at logon to ReggieNet that makes it easier to manage your ReggieNet sites. Breadcrumbs are now full operational and clickable where as previously they were not. “View site as” was moved to the top of the tool bar with intent of providing better visual cues about which view you happen to be using. The site layout is more responsive and should better adapt to differently sized windows or display options. The lessons tool was also updated with additional options. Additionally, there are new options for tracking and accountability including a user activity log that can track student activity and assessment ID’s.
However, the single largest difference that students and faculty may encounter is an improved gradebook. There are options for tracking total points and it’s now possible to exceed the total points for an item which makes extra credit and other scenarios easier to execute. The student name pane also freezes as you scroll so you can better track scores. Currently, there appears to be an issue with the Gradebook’s import and export tools that they hope to correct in the near future.
In addition to the recent feature updates Charles underscored that protected video content can be linked to ReggieNet via the Office 365 Video service available as a tile in Office 365. To request a channel from which to post videos contact the TSC. You can also request that the channel be set with custom permissions (for example you could provide a list ULIDs so only students in a particular class can view the content.
Looking forward to Sakai 12.0 and other future developments, there are plans for being able to set custom or exception timeframes for students on quizzes and assignments. Additionally, there are hopes that authentication between Office 365 and ReggieNet can be federated in order to minimize login prompts when jumping from resources in one service or the other.
Office 365 Innovations and Controls
Facilitated by Craig Jackson and Mike Regilio
The group viewed a brief demo of the management portal the AT Infrastructure Apps uses to manage our Office 365 presence. It has been a challenge for them to learn how to manage the applications (AKA "tiles") available to us through Office 365. Microsoft is pursuing a very rapid development cycle, and releases different applications in different ways. Some applications are released without notice, some made available to all users by default, some require a separate license to use. Some of the most attractive apps, such as Groups, lack naming conventions, which makes implementation in an enterprise environment problematic. In addition, there are many versions of Office 365 - we utilize the education version, but many apps are released to other environments, such as Small Business, before being available to education.
A governance group has been established for Office 365 with cross-campus representation. The group is trying to help set ourselves up to handle the quirks of Office 365 and use it to our advantage, moving beyond the obvious benefit of outsourcing email and calendaring. The technical staff that manage Office 365 will bring concerns and decision points to this group.
The group discussed a few issues that arise in the Office 365 environment due to Microsoft's rapid delivery. Applications are being released and available to customers faster than we can develop support for them, forcing us to focus on core applications and provide tiers of support (i.e., full or limited support, see details at http://at.illinoisstate.edu/office365/overview/). There is also concern over the longevity of the apps in Office 365 in this model, making IT staff sometimes hesitant to recommend that customers place reliance on the apps for critical functionality beyond email and calendaring.
Campus Communications, Mediums, and Platforms
Facilitated by Ryan Christie and Ed Vize
IT units are using many different communication solutions to communicate specific things to specific audiences under specific situations. Eleven solutions were listed by the group as in use or under consideration, including Jabber, Slack, Skype for Business, Office 365 Teams, Office 365 Groups, Yammer, IIRC, Cherwell, email, text messaging, and face-to-face conversations. There were many different reasons for using separate communication channels, but they all related to a combination of the intended audience of the communication (your own team, other IT teams, supported users), the scope what was being communicated (getting the right information to the people who need it), and the intent of the communication (work discussion, planned/unplanned outage alerts, news).
Using multiple solutions has created the challenge of knowing a conversation occurred but being unable to find where it happened. Charley Edamala, Chief Technology Officer and Associate Vice President in AT, noted that in many circumstances “in person communication is hard to beat” but that time and availability often work against being able to have these types of discussions. While some individuals have given up on email as an effective communication tool because of over communication, others see email as a universal tool that everyone has access to and see other communications platforms as things dividing their attention and time. It was also noted that often email is used as a historical record and documentation of decisions and agreements that occur inside and across teams.
There was agreement that finding a one size fits all solution is difficult because of the various audiences we communicate with on a daily basis, what information they need, and at what point is it most valuable to send the communication to the intended audience. Features that were deemed most important when selecting an ideal communication tool included persistent and searchable communication history, ease-of-use, cross platform and multi-platform support, filtering and subscriptions to different discussions, rich media support for graphics, links and files, and video conferencing. It was agreed that moving forward it would benefit everyone to more formally define what types of communications are problematic, what the challenges are, and who the owner of those problems would be so that a scope and strategic solution can be created and used to work towards creating a more standard, structured, and attractive solution to these challenges.