Instructional and Research Information Systems

IRIS Annual Report FY04-05

 

Huapei Chen

Director of IT, EECS

Aug 18, 2005

IRIS

• Concluded 12-month EECS security project:

§         Made policy and technical recommendations to mitigate EECS security risks based on the Risk Assessment report from PwC;

§         Conducted internal risk assessments for various groups, including ACG, ERL, BSAC;

§         Conducted EECS security scanning and shared these vulnerabilities with users;

• As a member of the campus wide Information Technology Architecture Committee (ITAC), worked on the UC Berkeley IT strategic planning proposal (also headed up a subcommittee in security area);
• Member of the campus Computing and Information Security Committee (CISC);
• Participated in the campus Security Scanning RFP team, evaluated proposals and made decisions for a campus wide solution; 
• Presented a talk on EECS security efforts and presented as a panel member on the UCB Min. Std. team in the 2004 UCCSC conference in Riverside.  Also presented the same security talk in the 2004 EduCause conference.
• Represented EECS and presented the EECS research and IT status to the Chinese educational and governmental representatives during the Sun’s Asia Education and Research Conference.
• Facilitated the EECS and Microsoft collaborations in upgrading the EECS Windows AD and the upgrade of the Exchange service for the dean of CoE.
• Explored the possibilities of leveraging campus’ new datacenter services as an alternative to CITRIS II planning team.
• Negotiated with Apple on behalf of Instructional and obtained an additional high end Mac G5 server and a laptop as part of the deployment of the Mac based instructional lab.
• Negotiated with Sun on behalf of Instructional in which Instructional purchased about ½ of the 30 necessary systems needed in 340 Soda and Sun donated the other 16 systems.  This allowed Instructional to phase out the old Intel based equipment and replaced with AMD opteron based workstations (v1100z) with flat displays, resulted in saving of over $18K.
• Assisted in the ERL/ERSO transition effort, especially in IT services:

§         Identified services needed;

§         Identified and recruit staff;

§         Initiated a project to develop an “automated purchasing system” that leverage existing applications, and ties into various backend databases and systems, including campus BFS, and allows finer control of reporting and reconciliation.  Efforts were made to enlist campus purchasing and BFS team for collaboration, with the initial sponsorship from BAS (business administration) office.

• Prepared and submitted recharge proposals for all IRIS recharge groups.  A mandate was issued by the campus recharge committee to fully recover CUSG’s outstanding deficit prior to Dec. of 2006 (over $208K).  Also worked on alternatives for recovering ESG deficit.

 

Instructional Support Group (ISG)

 

• Officially adopted the clustered NetApp with 1.5TB storage as main storage for all instructional student home directories;
• Launched an all-Mac instructional lab (349 Soda);
• Sponsored campus wide Apple MacOS X (tiger) training;
• Updated Instructional course web archive service; worked with campus to prepare for faculty training on e-grade and campus “courseweb”;
• Reviewed and updated the MOU for Instructional’s Windows AD management;
• Deployed V440 servers into Inst for computing and CAD tools;
• Upgraded Soda 330 hardware (with Sun/AMD 30 workstations);
• Deployed Intel donations into Cory 119;

 

Engineering Support Group (ESG)

 

• Assisted CNIL in the consolidation of Instructional labs (Cory 140 and Cory 125);
• Obtained and deployed hardware donations from NI (EE140), HP, and Intel (Cory 125);
• Supported Vodafone lab efforts;
• Assisted EECS150 in the development of CYG.NET board;
• Written an NSF proposal (but was not submitted);
• Reviewed and updated EECS AV agreement (added new rooms and new services, purchased 8 new systems, upgraded Woz and HP auditorium);
• Incurred a deficit in AV recharge (various proposals being made for FY05-06);

 

Helpdesk (help)

 

• Inventoried and distributed FYG laptops (Mac and IBM), including hosting orientation;
• Deployed inventory tracking and acknowledgement system (inventory management, notifications), over 650 items were checked from helpdesk (software, patches, OS, etc.);
• Provided support for over 6700 email (to/from help@eecs);
• Major effort in updating and maintaining IRIS FAQ and news postings;
• Helped in the clarification and streamlining of internal IRIS support and escalation procedures;
• Assisted in new IRIS service deployment (such as VPN, IMAP, spam);

 

Computing User Support Group (CUSG)

 

• Collaborated with Microsoft to upgrade Exchange server (Exchange 2003);
• Deployed AV request tracking and billing database;
• Imaged 150+ IBM laptops (win XP and IBM ThinkVantage software);
• Deployed 35+ FYG Apple G4 laptops with MacOSX;
• Major efforts in assisting contracted systems to meet campus Min. Std. requirements: tested and deployed firewalls (ipf, iptables, scs), upgraded email servers to enable authenticated relays, spam, and virus checking;

 

Information Management Group (IMG)

 

• Created mechanisms for IRIS website news posting and archiving;
• Assisted in the department's effort of the EECS website facelift;
• Participated in the EECS Security Scanning effort (email and web notifications);
• Assisted in the EECS security project to block service ports (created a web interface for users to opt in and transfer that data into backend databases);
• Deployed a system activation request tracking and auto-update mechanism for IDSG;
• Made enhancements to existing EECS/IRIS database/web/forms (this overall enable better procedural clarifications or increase efficiency);
• Deployed and enhanced IRIS admin purchasing request tracking system;

 

Infrastructure Development and Services Group (IDSG)

 

Enterprise/Security:

• Continuation of anti-spam effort in EECS;
• IMAP and LDAP servers upgrade;
• Year-long security project:

§                     Reviewed and established appropriate policies and procedures to comply with campus Min. Std;

§                     Submitted requests for exemptions to campus CISC;

§                     Conducted internal EECS all-node security scanning;

§                     Recommended implementation of security “zones”;

§                     Deployed EECS border service port blocking;

§                     Strengthened EECS border firewall policies;

§                     Upgraded EECS Windows AD to 2003;

§                     Increased Windows AD security by installing and transitioning services to use a best practice security templates;

§                     Strengthen EECS password management (Unix, Windows, LDAP);

• ERL transition to ERSO (establishing IT infrastructure; manage accounts; enabling “username@erso.berkeley.edu” email service; project storage and security; software licenses and distribution);
• Initiated the effort to provide department wide Mac OSX support;

 

Network:

• Collaborated with campus and deployed EECS Mesh (North campus, Memorial glade, CoE quadrant);
• Participated with campus in VOIP and Skype testing;
• Deployed EECS 802.11a service;
• Major Soda 5th floor switch failure;
• Major role in EECS effort in service port blocking;
• Deployed EECS wireless service in HMMB CITRIS headquarters;
• Phased out EECS VPN service, worked with campus to deploy EECS-centric VPN leveraging campus VPN;
• Participated in the EECS security scanning service;
• Initiated the NAC project;
• Active role in transition BWRC network into EECS;