Instructional and
Research Information Systems
IRIS Annual Report
FY04-05
Huapei Chen
Director of IT, EECS
Aug 18, 2005
IRIS
- Concluded 12-month EECS
security project:
§
Made policy and technical recommendations
to mitigate EECS security risks based on the Risk Assessment report from PwC;
§
Conducted internal risk assessments
for various groups, including ACG, ERL, BSAC;
§
Conducted EECS security scanning
and shared these vulnerabilities with users;
- As
a member of the campus wide Information Technology Architecture Committee
(ITAC), worked on the UC Berkeley IT strategic planning proposal (also headed
up a subcommittee in security area);
- Member
of the campus Computing and Information Security Committee (CISC);
- Participated
in the campus Security Scanning RFP team, evaluated proposals and made
decisions for a campus wide solution;
- Presented
a talk on EECS security efforts and presented as a panel member on the UCB
Min. Std. team in the 2004 UCCSC conference in Riverside. Also presented
the same security talk in the 2004 EduCause conference.
- Represented
EECS and presented the EECS research and IT status to the Chinese
educational and governmental representatives during the Sun’s Asia
Education and Research Conference.
- Facilitated
the EECS and Microsoft collaborations in upgrading the EECS Windows AD and
the upgrade of the Exchange service for the dean of CoE.
- Explored
the possibilities of leveraging campus’ new datacenter services as an alternative
to CITRIS II planning team.
- Negotiated
with Apple on behalf of Instructional and obtained an additional high end
Mac G5 server and a laptop as part of the deployment of the Mac based instructional
lab.
- Negotiated
with Sun on behalf of Instructional in which Instructional purchased about
½ of the 30 necessary systems needed in 340 Soda and Sun donated the other
16 systems. This allowed Instructional to phase out the old Intel based equipment
and replaced with AMD opteron based workstations (v1100z) with flat
displays, resulted in saving of over $18K.
- Assisted in the ERL/ERSO
transition effort, especially in IT services:
§
Identified services needed;
§
Identified and recruit staff;
§
Initiated a project to develop an
“automated purchasing system” that leverage existing applications, and ties
into various backend databases and systems, including campus BFS, and allows
finer control of reporting and reconciliation. Efforts were made to enlist
campus purchasing and BFS team for collaboration, with the initial sponsorship
from BAS (business administration) office.
- Prepared and submitted
recharge proposals for all IRIS recharge groups. A mandate was issued by
the campus recharge committee to fully recover CUSG’s outstanding deficit
prior to Dec. of 2006 (over $208K). Also worked on alternatives for
recovering ESG deficit.
Instructional Support Group (ISG)
- Officially adopted the
clustered NetApp with 1.5TB storage as main storage for all instructional
student home directories;
- Launched an all-Mac
instructional lab (349 Soda);
- Sponsored campus wide Apple
MacOS X (tiger) training;
- Updated Instructional
course web archive service; worked with campus to prepare for faculty
training on e-grade and campus “courseweb”;
- Reviewed and updated the
MOU for Instructional’s Windows AD management;
- Deployed V440 servers into
Inst for computing and CAD tools;
- Upgraded Soda 330 hardware
(with Sun/AMD 30 workstations);
- Deployed Intel donations
into Cory 119;
Engineering Support Group (ESG)
- Assisted CNIL in the
consolidation of Instructional labs (Cory 140 and Cory 125);
- Obtained
and deployed hardware donations from NI (EE140), HP, and Intel (Cory 125);
- Supported Vodafone lab
efforts;
- Assisted EECS150 in the
development of CYG.NET board;
- Written an NSF proposal
(but was not submitted);
- Reviewed and updated EECS
AV agreement (added new rooms and new services, purchased 8 new systems,
upgraded Woz and HP auditorium);
- Incurred a deficit in AV
recharge (various proposals being made for FY05-06);
Helpdesk (help)
- Inventoried
and distributed FYG laptops (Mac and IBM), including hosting orientation;
- Deployed inventory tracking
and acknowledgement system (inventory management, notifications), over 650
items were checked from helpdesk (software, patches, OS, etc.);
- Provided support for over
6700 email (to/from help@eecs);
- Major effort in updating
and maintaining IRIS FAQ and news postings;
- Helped in the clarification
and streamlining of internal IRIS support and escalation procedures;
- Assisted in new IRIS
service deployment (such as VPN, IMAP, spam);
Computing User Support Group (CUSG)
- Collaborated with Microsoft
to upgrade Exchange server (Exchange 2003);
- Deployed AV request
tracking and billing database;
- Imaged 150+ IBM laptops
(win XP and IBM ThinkVantage software);
- Deployed 35+ FYG Apple G4
laptops with MacOSX;
- Major efforts in assisting
contracted systems to meet campus Min. Std. requirements: tested and
deployed firewalls (ipf, iptables, scs), upgraded email servers to enable
authenticated relays, spam, and virus checking;
Information Management Group (IMG)
- Created mechanisms for IRIS
website news posting and archiving;
- Assisted in the
department's effort of the EECS website facelift;
- Participated in the EECS
Security Scanning effort (email and web notifications);
- Assisted in the EECS
security project to block service ports (created a web interface for users
to opt in and transfer that data into backend databases);
- Deployed
a system activation request tracking and auto-update mechanism for IDSG;
- Made enhancements to
existing EECS/IRIS database/web/forms (this overall enable better
procedural clarifications or increase efficiency);
- Deployed and enhanced IRIS
admin purchasing request tracking system;
Infrastructure Development and Services Group (IDSG)
Enterprise/Security:
- Continuation of anti-spam
effort in EECS;
- IMAP and LDAP servers upgrade;
- Year-long security project:
§
Reviewed and established
appropriate policies and procedures to comply with campus Min. Std;
§
Submitted requests for exemptions
to campus CISC;
§
Conducted internal EECS all-node security
scanning;
§
Recommended implementation of
security “zones”;
§
Deployed EECS border service port
blocking;
§
Strengthened EECS border firewall policies;
§
Upgraded EECS Windows AD to 2003;
§
Increased Windows AD security by
installing and transitioning services to use a best practice security templates;
§
Strengthen EECS password
management (Unix, Windows, LDAP);
- ERL transition to ERSO (establishing
IT infrastructure; manage accounts; enabling “username@erso.berkeley.edu” email
service; project storage and security; software licenses and distribution);
- Initiated the effort to
provide department wide Mac OSX support;
Network:
- Collaborated with campus
and deployed EECS Mesh (North campus, Memorial glade, CoE quadrant);
- Participated with campus in
VOIP and Skype testing;
- Deployed EECS 802.11a service;
- Major Soda 5th floor switch
failure;
- Major role in EECS effort
in service port blocking;
- Deployed EECS wireless
service in HMMB CITRIS headquarters;
- Phased out EECS VPN
service, worked with campus to deploy EECS-centric VPN leveraging campus
VPN;
- Participated in the EECS
security scanning service;
- Initiated the NAC project;
- Active role in transition
BWRC network into EECS;