IT BriefingSeptember 18, 2014North Decatur Building4th Floor Auditorium

IT Briefing Agenda Office 365 UpdateEmory Commons & SAM KioskSPOK Mobile UpdateBack to School ReviewMonitoring ProjectTrusted Storage MigrationsSecurity Update Jay FlanaganMarc OvercashJay FlanaganDawn Francis-ChewningTony DawsonSteve SiegelmanDerek Spransy218-Sep-14

Jay FlanaganManager, Messaging Team, InfrastructureOffice 365 Update318-Sep-14

O365 Moves Coming Soon Finance and Administration– 1599 Building– 1762 Building– Admin Building Yerkes Campus Life Reviewing for other groups thatmay have been missed418-Sep-14

Additional Updates Engagement with Microsoft– ADFS Implementation– Review of options for moving EHC to 365 Postini to EOP Transition– Engagement with CDWG to handle518-Sep-14

Archiving Archives move as yourschool / departmentmoves Only EAS user archivesare moved Archive Policies beginworking on current mailin mailbox Global Policy is for allmail over 15 months tobe archived Users can set individualpolicies that will overrideglobal policies618-Sep-14

Archiving All groups that havemoved to 365 havehad archives movedexcept for CarterCenter EHC IS moving toExchange on premiseArchiving – started onMonday Will start moving restof EHC once EHC ISmoved and tested718-Sep-14


Office 365 Update?Questions18-Sep-149

Marc OvercashDeputy CIO and SOM Assistant Dean for ITEmory Commonsand SAM Kiosk1018-Sep-14

Topics Quick Overview Demo Future Versions1118-Sep-14

Objectives We want to make it easier for investigators toknow the status of their proposals and awardinformation1218-Sep-14

Pre-Award Workflow Analysis (Clinical Trials Only)1318-Sep-14

Pre-Award Data Flow (Clinical Trials Only)1418-Sep-14

Recommendation Investigator portal that contains:– Real-time updates on proposals (EPEX &eCOI)– Common language for Facilities and Other Info– Certification information (CITI)– Awards Establish connections so we can dosystem-to-system information exchange1518-Sep-14



SAM Kiosk1818-Sep-14

Scope 21 of the most frequently used forms for preaward and post-award Online forms to enter data Dashboards to track where in the process theyare Administrative dashboard for OGCA/OSP tomanage the work Holly Sommers, Evelyn Balabis1918-Sep-14

Emory Commons and SAM Kiosk?Questions18-Sep-1420

Jay FlanaganManager, Messaging Team, InfrastructureSPOK Mobile Update2118-Sep-14

What is SPOK Mobile? SPOK Mobile is a paging app used on youriPhone or Android device Used to be Amcom Mobile Connect (AMC) Receive pages for emergency alerts, monitoringalerts, on-call type services, etc. Alert pops up on your phone, but must accessthe app to see the actual page Encrypted and secure – HIPAA compliant2218-Sep-14

Current State New version came out on Sept. 2 No specific notification from Vendor about the upgrade User must sign in to the app after the download beforereceiving pages again If app was automatically downloaded then user wouldnot receive pages unless they opened the app andsigned in Additional versions came out for Android on 9/8 andiPhone on 9/15 to fix different issues within the originalapp that came out on 9/2 iPhone update release on 9/15 had update for IOS 8 Users should download iPhone app update prior todownloading IOS 82318-Sep-14

Additional Updates Have begun a concerted communicationcampaign to users about any new updates Asking users to turn off automatic app updatesuntil further notice while new versions continue tocome out As noted, this is where the major problem is asthe app gets downloaded without the userrealizing it and doesn’t receive pages until theyopen the app and sign in2418-Sep-14


Dawn Francis-ChewningEducational Analyst III, Student Services ITFreshman Arrival Weekend andBack to School 2014 Got NAC?2618-Sep-14

By the numbersEmory College Class of 2018 1375Oxford College Class of 2016 46648 states and 45 countries are representedTotal enrollment: Fall 2013?Fall 2014 numbers will post after 9/17 (date of record)2718-Sep-14

The Arrival WeekendWhat does it look like?Going from 0 to 5000 in a weekend’s time?More like 300 to 14,500 in 2 weeks’ time!New Students, Returning Students, Parents, Siblings,Grandparents, U-Hauls, giant storage containers, oneway traffic, high humidity, lines everywhere - except . . .2818-Sep-14

No lines at Residence Hall check-insFor the very first time, our Back to School Staff wasworking entirely out of the Computing Center atCox Hall!Residence Life was thrilled to get their lobby realestate back and their check-in process was greatlyenhanced.What about us?2918-Sep-14

Business at the Computing CenterOur Staff – 20 strong!Our combined total Saturday and Sunday2014: 3962013: 3758/23-9/5 – Students needing technical assistance:2014 – 15802013 - 17393018-Sep-14

Multiple Mobile Devices?For Emory and Oxford - by Sunday afternoon 1345 unique NetID’s on ResNet and 3868 devices About 3 devices per User3118-Sep-14

ResHalls onlyBTS 2014 Devices 27-Aug28-Aug29-Aug30-Aug3218-Sep-14

Wireless Usage for Saturday 8/243318-Sep-14

What was new?We got NAC’ed!Bradford was rolled out in ResNet right aftergraduation and this was the first full ‘production’implementation.The Academic network rollout was rolled back andprompted some exciting load bearing adjustmentson the wireless controllers for ResNet and the podsfor Bradford.3418-Sep-14

NAC and McAfeeAnother load bearing improvement was to useBradford as a channel and not a landing pad.If your scan failed because you lacked the EmoryMcAfee AV you were directed to Software Express,make your selection, download it and then ReScan.Not bad BUT our returning Mac Students living oncampus had a bit of a wakeup.3518-Sep-14

Counter measure: CommunicationNew webinar went live and was recorded for allnew students featuring LITS.Messaging – emails to all students and thenresident students emphasizing McAfeerequirement.Signage – present at Orientation and in every Res.Hall, the DUC and WML telling everyone how to geton the network AND how to find us if needed.3618-Sep-14

Communications tooWe had some great stories to tell!3718-Sep-14

It takes a Team!Student Services Team:Tony, Alex, Tara, Haynes, Derek, Robert, Robin, Michael & DawnStudent Technology Support (STS)11 intrepid students!And . . . The Village:––––––––Alan White (NAC) and Keith Foster (NAC project PM)Chad Street (Wireless)Tom Armour (McAfee)Michael Fowler (CATV)Erin Mooney (1st year Librarian)Steve Savage (OUE)Bob Hamilton (Housing)Pat Murdock (Software Express)3818-Sep-14

Summary New: NAC, McAfee AntiVirus for all, singlelocation base, less staff, more communication!– Space Reno – Learning Commons & BYOD! Same: Camaraderie and excitement atwelcoming & connecting our new students! Result: continued improvements and success!Questions?3918-Sep-14

Thank You!4018-Sep-14

Tony DawsonTOC Engineer IV, Technical Operations CenterMonitoring Project4118-Sep-14

Onboarding PeopleSoft Tools Upgrade – May2014 Ares (Library) – May 2014 DNS/Infoblox – Sept 2014 Emory Commons (UIT) – In progress REDCap (UIT) – In progress IPAM (DNS/DHCP) – almost complete4218-Sep-14

Application MonitoringWeb Checks Running into issues when monitored applications havechanges made to their web site content, eg MySoft andShibbolethDifferences between web check server environmentand end user systemsOnly IE browser support possible with current NetIQResponse Module.Web checks options not as flexible as we would likeNeed app and element owners to be our partners andrecord more than just “false alarm” in tickets4318-Sep-14

Application MonitoringTicketing and Paging Ticketing and paging on application failures Ticketing only on elements Element paging still being worked on Developing NOC automation script to handle somescenarios where we either don’t want a page or wewant pages to go to other support groups.4418-Sep-14

DashboardDNS servers relative to each application’s webchecks are part of the current elements’ dashboard4518-Sep-14

DevelopmentDevelopment Systems Development system for Operations Center Allows us to test patches, upgrades, andconfigurations before deploying to production AppManager development system is on the way4618-Sep-14

TrainingNetIQ provided training NetIQ advanced training course for TOC MonitoringEngineersInternal training NOC introduction classes provided by Steve Lee for TOCstaffWorking group/forum Outstanding issues Training opportunities/Q&A Sharing infrastructure information on applications as weonboard them4718-Sep-14

Challenges Web check environment robustness Shortcomings with vendor support forAppManager4818-Sep-14

Next steps Application owners monitoring groupUpdate NOC patch base (new base in September)ERMS, AMP, and WebSphere monitoringAdd more web check monitoring serversAppManager development systemTechnical services dashboard (which will includeIPAM)4918-Sep-14

Monitoring Project?Questions18-Sep-1450

Steve SiegelmanManager, Systems EngineeringTrusted Storagev2 to v3 Migration5118-Sep-14

Current (Legacy) version: TSv2 Service is supported and maintained by the LITSSystems Team 2-node Windows Cluster Data Auditing by vended software calledStealthAudit Did not scale well TSM backups & restores were cumbersome Hardware is EOL Cost: 0.20/gb per month - 2.50/gb per year5218-Sep-14

New Version: TSv3 Service is supported and maintained by the LITSStorage Team Isilon Storage Platform Enhanced auditing by a product from Varonis; alsosupported by Security Team Encryption at Rest 10Gb Network Connectivity 35 Daily local backups at NDB Offsite replicated backup to White Street Data Center– 3 Daily's– 3 Monthly's – Taken on the 1st of each month Cost: 0.07/gb per month - 0.85/gb per year5318-Sep-14

Net New TSv3 Requests Submit a request for a new Trusted Storageshare by filling out a MySoft request Storage Team will fulfill the request New pricing will take effect immediately Cost: 0.07/gb per month - 0.85/gb per year5418-Sep-14

TSv2 to TSv3 Migration The Systems Team will reach out to current TSv2customers to begin the migration conversationand coordination The Systems Team will coordinate who will beperforming the copy of the data The customers will submit a MySoft TrustedStorage - TSv3 request in the amount of theircurrent storage allotment plus any growth theywould like to request The customer will not be billed for the TSv3storage until the migration has beencompleted you will not be doubled billed5518-Sep-14

TSv2 to TSv3 Migration Please put into the notes of the MySoft requestthat this is for the V2 to V3 migration The Systems Team will work with the StorageTeam to create the new share Please note that there will be a new hostnameassociated with the share name so during thecutover the end-users share mapping willneed to be updated Cutover: After the final sync of data, thecustomer will be responsible to remap their usersto the new share name5618-Sep-14

TSv2 to TSv3 Migration The final step is for the customer to confirm thattheir users are now using the new shares After successful completion to the new TSv3infrastructure, the new pricing will take effect5718-Sep-14

Storage Requests to Expand TSv2 Shares Our preference is to migrate and expand the newTSv3 storage if at all possible. If the customers storage usage is critical, we willexpand with what is needed– Additional storage on TSV2 will not be charged– We ask the customer to add the additional storagethey need to the base on the TSv3 request.5818-Sep-14

When Can Migrations Begin Immediately!5918-Sep-14

Trusted Storage v2 to v3 Migration?Questions18-Sep-1460

Derek SpransySr Information Security Specialist, Information SecurityIT Security Update6118-Sep-14

Disk Encryption Policy 5.12 Update The disk encryption policy now requires that allportable systems be encrypted regardless of thedata they store Don’t forget desktop encryption requirements aswell Personal computers are prohibited from storingEmory sensitive data An implementation guide will be coming soon6218-Sep-14

Enterprise Password Policy 5.15 Published Minimum Password Length: 9 Characters Maximum Password Length: 30 Characters Password Complexity: Passwords must containat least two alphabetic characters (A-Z, a-z), atleast two non-alphabetic characters (spaces,numerals, punctuation and/or special charactersappearing on a standard U.S. PC keyboard) Password Constraints: The userid/netid cannotbe part of the password, and the passwordcannot contain more than 2 consecutivecharacters that are identical6318-Sep-14

Enterprise Password Policy 5.15 Published Maximum Change Interval: 365 Days (90 daysfor system/network administrators and individualswith access to cardholder data or cardholder datasystems) Minimum User-Initiated Change Interval: 1 Day Password Rotation History: 24 Passwords6418-Sep-14

Enterprise Password Policy 5.15 Published Lockout Threshold: 10 Unsuccessful loginattempts Lockout Duration: 30 Minutes6518-Sep-14

Enterprise Password Policy 5.15 Published There are requirements for IT personnel. Noncentral IT systems must also meet the policyrequirements unless an exception is granted– Additional details on that will be forthcoming Existing systems must be in compliance withinthe next year Warning banners are required to be added tologin pages where possible6618-Sep-14

PhishMe We will soon begin using the PhishMe serviceagain to raise awareness of phishing attacksamong Emory users Those who respond will be redirected toawareness materials Please do not warn users about the messages6718-Sep-14

MIR Sweeps We have begun a series of small MIR sweeps asa dry run before performing more intensive ones You and your users shouldn’t notice any impactfrom these sweeps We will communicate our schedule beforeperforming more intensive sweeps of theenvironment6818-Sep-14

Security Update?Questions18-Sep-1469

Thank you for coming!7018-Sep-14

What is SPOK Mobile? SPOK Mobile is a paging app used on your iPhone or Android device Used to be Amcom Mobile Connect (AMC) Receive pages for emergency alerts, monitoring alerts, on-call type services, etc. Alert pops up on your phone, but must access the app to see the actual page Encrypted and secure - HIPAA compliant