1 Computing Service Annual Report University of Cambridge Computing Service New Museums Site Pembroke Street Cambridge CB2 3QH 2013
2 Contents Contents 1. Executive summary 2. Online Services 3. Networks 4. User Services 5. Directorate 6. Personnel 7. Professional activities Statistical Appendix Contact University of Cambridge Computing Service New Museums Site Pembroke Street Cambridge CB2 3QH 2013 Director: Dr I.J. Lewis Phone: Fax: Service Desk: or
3 1. Executive summary Review The primary mission of the University Computing Service (UCS) is to maximise the productivity of teaching and research in the Collegiate University, and the services provided have continued to evolve to support this. Financial steps taken within the UCS during the prior academic year, and improved clarity of the financial outlook, have made funding uncertainties less of a concern during the academic year. UCS managed services are in the main, large, complex, robust and flexible. The aim is to serve seamlessly the needs of the Departments and Colleges, while providing the opportunity for institutions to take advantage of the services in the way that best meets their requirements. This typically requires an institutional ability to get their data into or out of a centrally managed system in a productive way, the provision of effective administrative controls in the system for federated institutional access, and the provision of systems that can be managed, upgraded or backed-up centrally while still allowing considerable capability for institutions to tailor their local provision. The UCS continues to maintain a healthy track record in this regard with core systems such as the Streaming Media Service, the University Training Booking System, the Falcon content-management system, the University directory (Lookup) and the University wireless system (Lapwing) all significantly extending their capabilities for federated institutional adoption during this academic year. Usage of the University wireless network has continued to grow. During the academic year the common usermanagement infrastructure was replaced in its entirety, and the ability for institutions to connect federated wireless networks was considerably enhanced. The end result has 1 been to support continued growth of the wireless infrastructure across the Collegiate University with 24,000 users per month now supported. The system supports both web-based authentication for casual users and visitors as well as settings-based authentication adhering to the international industry eduroam standards. Cambridge s usage of wireless networking is sector leading, and this has been achieved by providing a system with a far higher degree of flexibility in deployment and use than would be typical elsewhere. The Falcon content-management system has continued to attract institutional users, with over 100 sites now deployed or in development. The platform aims to give users as much control as possible over the management of their content while achieving the productivity and robustness benefits of central provision. Consistent with this aim, the underlying systems infrastructure was both expanded and upgraded to new software versions during the academic year without burdening the recipients of the service. The university is working towards a new web style with modern layout adjustments appropriate for mobile devices, and in the coming year support for these new layouts will be made available within the Falcon service. The University Map, which is linked to the main website as well as to many Departmental and College websites, has been replaced in its entirety with data sourced from the public OpenStreetMap. This means that not only can Departments and Colleges link to tailored versions of their local map as before, but federated institutions can now enhance the actual content displayed on their sections of the map and, if desired, access the map data directly.
4 Review Figure 1. The new University Map The academic year has seen an unprecedented number of targeted hacking attacks on the University infrastructure, in a few cases from unusually able and persistent attackers. The infrastructure has stood up well to these attacks with relatively minor breaches of security occurring on isolated computers around the university. The UCS continues to strive to optimise the balance between our provision of relatively robust central services while allowing considerable freedom for equipment or systems for local use around the collegiate University. In this regard the UCS provides a comprehensive Security Probing service that continuously seeks to expose potential vulnerabilities in any equipment connected to the University network, and has a CamCERT (Cambridge Computer Emergency Response Team) service that was assessed as being of the highest standard in a recent university audit. 2 It is important to make clear that our approach in support of world-class research and teaching at Cambridge requires an unusually sophisticated model, allowing flexibility while maintaining robust services. I am pleased to report that the UCS has continued its progress in meeting these requirements. Looking forward to the academic year, the UCS will continue to pursue similar objectives to those of in support of teaching and research. In the same period, the UCS will necessarily support an unprecedented number of centrally-driven infrastructure initiatives. These include the relocation of our main machine room, the move of the UCS to new offices in West Cambridge, planning for the new Data Centre, and major expansion of the Cambridge University Data Network in support of the significant development of Northwest Cambridge.
5 Review Online Services Falcon Content Management Service Falcon continues to grow in scale and now supports 60 live sites and 40+ sites in development or for testing. The service is pressing the idea that modern web content should be supported on a content management system and offers Falcon as its supported CMS. At the start of this year the History Department moved to Falcon and is now Falcon s largest academic site. Sites of all types are being set up and Falcon is proving popular with Departments, research groups, cross-departmental or cross-institutional groups, conferences and University research initiatives. The underlying platform has been upgraded to version 4.1 of the open-source Plone system, without disruption to the many existing sites. Two additional pairs of servers were commissioned to accommodate future growth. Project Light The UCS has been providing extensive input to Project Light, the development of new responsive HTML5 frameworks for the University s web presence that will adapt cleanly to mobile and other small format devices. This involvement is mostly because of the Service s extensive experience with the University s various web sites and with web issues generally but also, in part, to Figure 2. Example of an institutional home page on the new responsive University web templates Nine Falcon introductory courses have taken place and continue to be fully booked, suggesting no let-up in its popularity. A User Group meeting took place and was well received; feedback from that meeting led to planning for further advanced training in specific aspects of Falcon. 3 ensure that Falcon will be able to transition over to the new style. Currently, it seems that most of the effort will be in rearranging site contents to fit the assumptions made by the Project Light developers about how web sites should be. Workshops and courses will be available to introduce the new templates and writing guides.
6 Review Managed Web Service The MWS is a more traditional hosted web site service than Falcon. It offers PHP and MySQL and the ability for site administrators to install packages should they wish. The MWS is a free service and currently hosts 186 sites (at the end of July 2012) including Colleges, Departments, collaborative research projects with external institutions and academic websites that are managed and maintained by University staff but known by a non cam.ac.uk address. During the year 33 new sites were created, 20 sites were cancelled, and one was restored. A major upgrade of the application software (Apache, PHP, MySQL) was rolled out to all sites using a phased transition scheme to reflect the complexity of different groups of sites. Managed Wiki Service A wiki is a collaborative website which allows the creation and editing of content via a web browser. There are currently 89 wikis in the UCS Managed Wiki Service (increased from 62 over the reporting period). The Managed Wiki Service was launched as a full service in 2011, and runs on a virtual server installed on a shared-use Xen Enterprise cluster. Wiki managers can specify who has access (for reading or for editing) to the wiki, and have other devolved administrative powers, such as uploading a logo to customize the wiki pages. A wiki can be made publicly readable if wished, while restricting edit access to a specific group; twelve of the current wikis are publicly readable. Web authentication As part of UCS support for authentication around the University, the Shibboleth Identity Provider has been upgraded to the current software release, and assistance provided to those University client web sites that needed help with the transition. Shibboleth Identity Providers and Service Providers typically band together to form Access Federations with agreements on what data will be exchanged between providers. The Service has established a Cambridge Access Federation which benefits from liberal distribution of personal attributes for those sites that need Shibboleth but only for Cambridge users. It is also a member of the more tightly restrictive UK Access Federation. Search The University s new search interface launched in October 2010 was described in the last Annual Report After a period of overlap, the old search interface was decommissioned at the end of Work continued with a view to identifying a replacement for the web-crawling backend, and a specification of what needs to be demonstrated by any contenders was established. Analysis of three possible suppliers is to follow. Lookup Considerable work took place over the course of the year on providing a machineaccessible API for the University s Lookup service. The team developed a Web API which has proved very successful, and which provides programmatic read/write access to the Lookup databases with appropriate access controls. University Training Booking System The University training booking system has been developed to add a number of features requested by the CPPD and others. There have been three major releases over the past year. Changes this year include improvements to third party bookings and to the usability of the event timetable, implementation of provisional bookings and many new report columns, together with fixes for existing functionality. Details of use of the system are included in the Training section of this report. Other development areas The UCS was approached by the secretary to the Designated Individual for the University s work on human tissue, with a concern that the practice of ing around Excel spreadsheets amongst researchers was not adequate to meet the University s regulatory requirements under the Human 4
7 Review Tissue Acts. They had done a survey of commercial software for this purpose and found that none of it fitted the University s circumstances, and therefore approached the Service asking for some bespoke work. The service is now developing a web application to support this requirement. Members of Online Services were involved in the developments of MCS Linux described under User Services in this Report. The Development Group also developed a scheme for online payments (using the esales application provided by MISD) for the large numbers of individual graduation photographs ordered from PandIS. Managed Zone Service The Managed Zone Service was reimplemented with the control point for manipulating the contents of zones becoming a managed web site, thus dispensing with all hardware dedicated to the service. The new implementation was put into service in September The number of zones hosted on the MZS increased from 41 at the start of the accounting year to 48 at the end. Mail facilities This year saw the introduction of an auto-response service for departing users. This facility, requested by the ISSS, allows users before they leave to identify an address that will work after they leave. After their departure and the cancellation of their accounts, sent to address will trigger an automatic response quoting their chosen address. Over 1,700 users chose to take advantage of this facility at the end of the academic year and over 1,100 of these are now active (i.e. belong to departed users). The next phase of this work will support continued authentication for departed users so they can maintain this address into the future. Arts & Humani-es Humani-es & Social Sciences Physical Sciences Technology Biological Sciences Clinical Medicine Other GB Ins-tu-ons Council Ins-tu-ons University Miscellaneous Colleges Affiliated Ins-tu-ons Other External Ins-tu-ons Chart 1. Proportion of Hermes system users by institution 5
8 Streaming Media Service The Streaming Media Service saw extensive work done on its core job scheduler, permitting the use of transcoding engines other than the commercial and increasingly unsatisfactory Episode Engine. It is now possible to use an open source transcoder for many of the supported formats and this has allowed a dramatic increase in throughput. It has also allowed the Service to support new formats such as WebM which will, in turn, help with HTML5 deployments around the University in the face of decreasing support for Adobe s Flash player. The UCS is assisting many institutions to broadcast events live. The Service purchased a VBrick audiovisual mixing unit that encodes to a network stream, and has rented this out to a number of institutions including Central Site Services. On the back of their own experiences with the unit, both Trinity College and the Isaac Newton Institute have bought units for themselves. The UCS looks to expand the support for live streaming in the forthcoming year Review Streaming Media Service views per month University Map The year saw the development of the new University online map based on OpenStreetMap. Moving to this technology has provided the University with a stateof-the-art online map and also improved the quality of University data in the public OSM database. This in turn has improved the University s visibility in a large number of third party apps that also use OSM. The application itself was featured in a talk given to the Society of Cartographers in September. Hosting The UCS hosting service has continued to grow. Increasing numbers of data-intensive institutions are now requesting hosting for racks of kit rather than individual servers, and the service is providing an important off-site facility for these institutions. Currently the service is supporting eight racks with current enquiries for two more. Some of the requests coming in for racks full of discs have triggered floor-loading queries for the first time since the days of the IBM mainframe! Jul- 08 Oct- 08 Jan- 09 Apr- 09 Jul- 09 Oct- 09 Jan- 10 Apr- 10 Jul- 10 Oct- 10 Jan- 11 Apr- 11 Jul- 11 Oct- 11 Jan- 12 Apr- 12 Jul- 12 Chart 2. Streaming Media Service views per month 6
9 Review Scientific Computing In support of Scientific Computing in the University, the service has taken on the CamGrid Condor pool, and the member of staff responsible for supporting it, from the School Of Physical Science s Centre for Scientific Computing. An agreed system for the CamGrid users to fund service overheads has yet to be established and the Service is currently absorbing the additional costs. Elsewhere a number of CamGrid presentations have been given, often as part of institutional workshops on their specific use of scientific computing and the CamGrid cluster. The UCS has received requests for a C++ course for very many years. Following the advice of Bjarne Stroustrup (original author of C++) that it takes a solid year to learn the language, the Service has developed a course which runs over 13 weeks spread over a year will be the first year to run the course but preliminary signs are that it will be heavily subscribed. Information Group During the year, the Information Provision Group (IPG) updated a range of online content on including the Student Handbook, the Museum and Collections web pages and the Natural Sciences Tripos Committee web content, as well as moving the UCS web site from its long-term home at cs to a new location on Falcon. The group developed a new set of easily-transported roll-up banners publicising UCS services, for use at University staff induction days and other occasions such as the annual IT Exhibition. The IPG also updated and extended its portfolio of one page information flyers on the various managed services the UCS provides for institutions; while the UCS has always enjoyed good working relationships with Departmental and College IT staff, it is intended that the portfolio will continue to improve awareness of UCS services amongst senior managers in institutions. User administration User Administration s primary role is managing the lifecycle of UCS accounts for individuals as well as that of many UCS institutional services. Each new arrival at Cambridge is issued with a CRSid and their Raven, Hermes, Desktop Services, CamCORS and VPDN accounts are managed directly through the User Administration Database, Jackdaw. The Jackdaw servers were upgraded during Michaelmas 2011 and are expected to be in service until Summer There is a relatively high turnover of account holders each year, and this reporting year has seen a significant increase; new arrivals increased by 13.8% and returning users by 64%, while the number of leavers fell by 1.3%. Accounts for 10,079 new students were created automatically before they arrived in Cambridge. This has been possible by setting up a daily data feed from CamSIS, the student records system. New arrivals are encouraged to collect their accounts as soon as possible using an online interface to Jackdaw. Between 1st September and 1st November ,745 new students successfully collected accounts in this way. The online account collection significantly reduces pressure on front line staff in the Service Desk at one of the busiest times of year. In addition 3,347 new accounts were created for staff and visitors, triggered by data feeds from CHRIS, by pre-registration requests from institutions, and by individuals arriving at the UCS Service Desk with paper forms. Temporary visitor tickets for Internet access were also issued to 1,382 participants in Summer Schools. User Administration requests come from many directions. There were 5,292 User Administration RT tickets this year. Both the User Administration and Service Desk teams were involved in resolving these; their work in this area is tightly integrated so it is not practical to separate the 7
10 Review individual contributions of each team. Their work is so close in fact that the Deputy User Administration Manager took on the additional role of temporary Reception Manager on part-time detachment to the Service Desk for half of this reporting year. During the year the team also processed numerous and varied requests for services: mailing lists, Hermes storage quota increases, CamCORS registrations, changes to Lookup, access to the Streaming Media Service, SSL and TLS certificates, Managed Web Server and Managed Wiki queries, and requests for Falcon websites. Account cancellations are mainly handled through the Purge (departing cohorts of postgraduates and undergraduates) and Minipurge (departing staff and PhD students) processes. Information from CamSIS and from CHRIS is used to manage these cancellations smoothly, and warning messages are sent out on a regular schedule to those affected. The management of account cancellations for College staff, for whom there are no automatic datafeeds, is more challenging. College staff are currently subject to a triennial review cycle, which in the case of long- serving College staff can prove contentious. Many institutions request lists of purge candidates ahead of the purge warnings being issued to make it easier to manage the continuation of accounts. Regrettably, current staffing levels do not support adopting such an approach due to the additional volume of work this would entail. Consequently development on an alternative solution is underway to extend the existing pre-arrival registration scheme to provide a management interface for institutional COs. When completed this will provide a quick facility for institutional COs to review the records of any of their registered institutional users, see which users are candidates for a purge or minipurge, and request account continuations and cancellations as needed online. User Administration staff have also spent a significant amount of time this year assisting the Proctors office and external law enforcement agencies with a variety of enquiries relating to alleged misuse of computing resources. Such requests are intermittent and unpredictable. UCS s involvement can be both challenging and time- consuming, and a significant degree of discretion is required. CUDN College MISD Departments Security Other Chart 3. Ownership of GBN circuits 8
11 Review Networks The UCS maintains, manages and develops the core information technology infrastructure upon which Departments and Colleges implicitly depend to conduct teaching, research and administration. The UCS is constantly working to improve the functionality, resilience and efficiency of the infrastructure and the services that use it as well as developing new and existing services where possible to accommodate the needs of the Departments and Colleges. Granta Backbone Network (GBN) The Granta Backbone Network consists of over 40km of duct network and over 87 km of multi-core fibre optic cable stretched throughout the city. This jointly owned asset between the University and the Colleges is likely to be the most valuable of the computing assets owned by the University. The GBN allows the flexibility to provide high-speed connections to many locations without the need for the rental of expensive dark fibre from third party vendors. Its use enables the CUDN to be distributed throughout the city and enables the Colleges and Departments to extend their Local Area Networks to off-site locations. GBN extensions The GBN Manager has continued working with the Colleges to improve connectivity to some of their off-site student hostels. This work, along with plans for further expansion, will greatly improve data connectivity to a significant number of student rooms. Extensions completed over the last 12 months include 350m along Panton St for Queens, Pembroke and Sidney Sussex College hostels and 330m along Magrath Ave to connect a new Trinity College hostel. Two other GBN extensions currently underway will connect the Strangeways Research Laboratory on Babraham Rd to the CUDN at Addenbrooke s Hospital, and will connect College hostels on Selwyn Gardens and Grange Road for Pembroke, Selwyn and Newnham Colleges, as well as incorporating Tyndale House. 9 The new MRC building on the Addenbrooke s site has also had its new GBN node installed, and it is hoped that work to complete the second Addenbrooke s link to the Addenbrooke s site will be starting shortly, giving a physically diverse connection serving institutions at the hospital site for the first time. 74 new circuits have been delivered in the last year, although the total number of live circuits has gone down as some legacy circuits have been cancelled and University Security is migrating to IP-based video distribution rather than dedicated circuits. It is expected that the number of live GBN circuits will rise over the next 12 months, especially with the Colleges, as various GBN extensions are completed. Future Plans Demands for high-bandwidth services are increasing, and with it, demand for the GBN will increase. Future proposals to extend the GBN are underway around the Barton Rd/Grange Rd junction, to connect several College hostels, and there are further plans to encompass Needham Research Institute, Kettle s Yard and Westminster College into the GBN. Challenges The Northwest Cambridge Project will be a major challenge for the GBN in the coming years. Not only the work to ensure a new network is installed to support the flagship project, but to manage and protect the existing network running through the project site. The proposed Arup building refurbishment will be another major undertaking for the GBN because the existing GBN node for the New Museum Site is situated in the Arup building and is the busiest GBN node as it serves the whole site, supports the UCS machine room and is one of the core locations for the CUDN. The Arup building is also the existing entry point for the University s connection to JANET.
12 Review Arts & Humani-es Humani-es & Social Sciences Physical Sciences Technology Biological Sciences Clinical Medicine Other GB Ins-tu-ons Council Ins-tu-ons University Miscellaneous Colleges Affiliated Ins-tu-ons Other External Ins-tu-ons Chart 4. Proportion of JANET network traffic by institution Network Installations The Network Installation team offers network installation services to the Colleges, to University Departments and to the various external institutions that collectively use the University s data network (CUDN) for data, voice, security and building management services. A variety of specialised installation services are offered including wireless surveys and wireless access point deployment, campus network infrastructure and local area network implementations (Ethernet LANs). The physical infrastructure that supports the operation of the CUDN is based primarily on the use of the Granta Backbone Network (GBN). Private network connections using the GBN are also available to allow Colleges and multi-site Departments to create their own private institutional networks in Cambridge. The co-location services that are offered by the Computing Service (UCS) can be linked similarly to the relevant institutions using the GBN. 10 The significant expansion of the GBN described above has consumed much of the installation team s time. However, they have also been involved in several campus optical fibre upgrades, notably on the Old Addenbrooke s site and the Downing site, with the New Museums site still in progress. They have also worked with Trinity College and the Clinical Schools during their server room refurbishments. This has entailed migrating CUDN core equipment to new cabinets and also implementing new optical fibre infrastructure. Network Systems Network Systems plans, procures and maintains the active network equipment servicing the entire University. This includes the management of distributed core routers and over 160 institutional point-of-presence (PoP) switches. The group also manages networks traditionally run by Department or College IT staff, for example, several School offices in Mill Lane, allowing IT managers to concentrate on the necessary localised support. Additionally, this group
13 Review continues to provide support and advice to computing staff inside and outside of the UCS, a core activity for the team. Over the past year, Network Systems has focused on implementing the major redesign of the CUDN creating redundant links to all points of presence and redundancy amongst core routers. Around 90% of these have been completed, with the exceptions being special cases complicated by other issues. The team also manages around eight institutional networks (including, for example, Kettles Yard at 17 Mill Lane). Challenges The largest challenges faced by Network Systems over the coming academic year will be related to coping with the relocation of central services from the main data centre on the New Museums Site. These will include: Extending the data centre network to new physical locations and, eventually, moving the primary data centre router to a new location, all without breaking service Relocating the main Janet (internet) connection to a new communications centre Moving the New Museums Site area router to a new physical location Assisting Janet with the relocation of the SuperJANET 6 regional node to a new location within Cambridge, separating it from the EastERN regional network node Lapwing The Lapwing centralised WiFi system, delivering pervasive, protected access to the University Data Network for students, staff and visitors, has grown dramatically. Lapwing now hosts wireless access via more than 1000 access points spread across the University and Colleges - an increase of 25% over the year. In a peak period week Lapwing has hosted over 5000 distinct users using Raven authentication, over 2000 distinct visitors using tickets, over 8000 distinct University of Cambridge users using eduroam and over 2000 distinct external visitors using eduroam. These figures incorporate over 16,000 distinct devices and over 500,000 sessions. The service has been adopted by over 100 institutions to date. Arts & Humani-es Humani-es & Social Sciences Physical Sciences Technology Biological Sciences Clinical Medicine Other GB Ins-tu-ons Council Ins-tu-ons University Miscellaneous Colleges Affiliated Ins-tu-ons Other External Ins-tu-ons Chart 5. Proportion of Lapwing users by institution 11
14 Review The Lapwing web and authentication subsystems were completely re-developed and Lapwing was successfully migrated to the new system in April 2012, providing a more stable system with enhanced features, including eduroam tickets, full web authentication capability for ipads and similar mobile devices and improved reporting. Implementations of Lapwing by institutions are now possible; access to the central Lapwing visitor ticket database is available through the UCS RADIUS service. In addition, Lapwing tickets can be used more generally, as a method to authenticate visitors in College accommodation. A specification for institutional implementations has been published with the aim of maintaining a consistent, easy to use interface for visitors, as they move between systems provided by different institutions within the University and Colleges. The usage of Lapwing visitor tickets for authentication on the eduroam ESSID within Cambridge is now also supported, to make connection easier for visitors roaming between UCS-run Lapwing installations and institutional wireless services. IPv6 Over the past year, the CUDN completed the migration of its IPv6 address prefix to a new range, expanding the number of subnets available to the University and affiliated institutions and preparing them for the next generation of the internet protocol, becoming increasingly important as the world s supply of IPv4 address becomes exhausted. As the final IPv4 address blocks were allocated from the global pool in early 2012, institutions are strongly encouraged to begin the process of enabling their network and services for IPv6. The CUDN backbone is fully enabled for IPv6 traffic and information has been published for institutional system and network administrators. 12 IPv6 access to UCS services is expected to expand greatly over the next academic year. The UCS RADIUS service gained IPv6 access in June 2012 and uses this to communicate with the Janet national RADIUS services. Security Both the numbers of hostile wide-scale probes from outside the CUDN and the numbers of distributed probes have risen, the former to 10,000 each month from March There are usually peaks for each service that coincide with release of information about a vulnerability in that service. Malware remains a constant issue, and this year saw MacOSX becoming a far higherprofile target than it has been in the past. Much malware now is formed of multiple components, with many variants. There has been a rise in drive-by infections caused by visiting compromised websites. The Managed epolicy Orchestrator service has proved beneficial and regular scanning is in place on the Managed Cluster Service systems and other Institution systems that have joined the service. Copyright infringement notices, mainly for films, continue to be received but the number was down on the previous year, as were complaints of abuse of e-journal terms and conditions. Other regular incidents involve reports of compromised passwords, and other account information, for both Cambridge systems and external sites where people have used their Cambridge address. The year has also seen further website compromises, and systems scanning for various services and/or being used as a tunnel to connect to other sites in an attempt to hide the attacker s real origin. One incident, an attempted Denial of Service attack and claims of compromise against failed to damage any UCS systems but took up considerable staff time, including liaison with police in connection with similar incidents elsewhere. More recently there has been a rise in Denial of
15 Review Service traffic against the University DNS servers. Investigation of this continues and the hostmaster team is liaising with both JANET CSIRT and other affected sites. Telephone Network and Systems Over the past year, the Telecommunications Office (Telecoms) has performed several upgrades to the phone system core, and is starting the planning process to replace the core servers in Telecoms are in the final stages of tendering for new contracts for all outgoing voice traffic, and for the supply of mobile phones, endeavouring to achieve savings as well as to improve service to staff across the University. Telecoms have launched a fax-to- service, though take-up has been low so far, and is about to launch a new conference call service, similar to BT s Meet-Me service, which should provide sizeable savings to the University for conference calls. Both of these new services are fully integrated into the admin.phone and my.phone websites. With the full support of Presentation Number across the system, staff can now choose, via the my.phone service portal, what number is displayed when they make an outbound phone call. A project has been started to replace the call logger software, with a view to getting a call logger that can be better integrated with existing UCS web-based systems, and to making it easier to get details on more complex call scenarios. Telecoms staff have also had considerable input into the DS-Connect project described elsewhere, in order to integrate it with the VoIP telephone system. 4. User Services The User Services Division covers a wide range of user-facing services, including training, the Service Desk, technical support and various more specialised services, in 13 addition to the portfolio of Desktop services which includes DS-Print, DS-Filestore, DS- Connect, and the Managed Cluster Service. Managed Cluster Service The Managed Cluster Service (MCS) exists primarily to deliver a large number of applications to designated desktop machines (Windows, Macs and Linux) found in classrooms and open access areas throughout the University and Colleges in support of teaching and research. Workstations in these clusters make use of the centralised filestore (DS-Filestore) and the printing service (DS-Print) described below, which are also available to users elsewhere in the University. During the year some 20,500 users logged in a total of more than 1 million times to the MCS, the filestore and the printing service. MCS Applications The programme of installation work arising from requests for new and upgraded MCS applications for the academic year was completed by the beginning of the academic year, with some 36 major application changes made for MCS Windows, 24 for MCS Linux and 32 for MCS Macintoshes. Software required for teaching accounted for nearly two-thirds of requests. Many of the MCS sites have moved to Windows 7, for which some applications were automatically ported from the Windows XP image and others are OS-specific. The list of changes planned to MCS application provision for the next academic year ( ) was published on the UCS website in May. There were some 43 responses to this year s call for requests; 15 requests were for new applications, the remainder for upgrades, and most were for two or three platforms. MCS Operating Systems and hardware The MCS Macintoshes were upgraded to OS X 10.7, and an updated Windows image was also deployed. The MCS Linux system was rewritten this year to base it on a more modern distribution, Ubuntu Linux, and
16 Review to use the CIFS file system rather than the Novell NCPFS file system. In the long term CIFS is better supported than NCPFS and, subject to ongoing development of the core file server, should allow for further improvements in functionality. As ever, a number of local packages were written or modified from originals to support specific teaching needs. Within the UCS s own Managed Cluster rooms, five new imacs have been deployed in the Phoenix User Area and the University Centre. The PCs in Titan Teaching Room 1 were also replaced with new Dell workstations, purchased via the latest University-wide desktop tender agreement. MCS Participation The number of institutions using the MCS increased during the year to 82, including 24 Colleges, and several institutions also increased the size of their clusters. Of the total of 1,752 managed workstations, about 9% are Macs, just over half are dual-boot Windows and Linux stations, and the rest are Windows only. MCS Power Saving During the reporting period, the MCS PC power saving service is estimated to have saved 248 MWh of power (based on an average PC power consumption of 50W/ hour) which at a typical 10p per unit gives a monetary saving to the University of 26,367 compared to 20,067 in the previous year. Desktop Services Infrastructure Infrastructure changes within Desktop Services included the removal of many Novell servers, which were primarily replaced by Windows servers. Reliance on the Novell edirectory was reduced as Microsoft Active Directory became the main provider for user accounts and authentication. The domain controllers were upgraded from Microsoft Windows Server 2003 to Server 2008 on new hardware. Desktop Services Filestore During summer 2011, the DS-Filestore was upgraded in order to provide expanded quotas, greater resiliency and faster performance. Based on Linux OES2 using the VMWare farm and IBM SAN storage, the system provided the opportunity to move selected MCS sites to Windows 7, as well as doubling of the user storage quota. Arts & Humani-es Humani-es & Social Sciences Physical Sciences Technology Biological Sciences Clinical Medicine Other GB Ins-tu-ons Council Ins-tu-ons University Miscellaneous Colleges Affiliated Ins-tu-ons Other External Ins-tu-ons Chart 6. Proportion of MCS users by institution 14
17 Review Building on the previous year s work, the system was further developed in July 2012 to be fronted by Windows Server. The improved system provides networkattached storage accessed by Common Internet File System (CIFS) as the common communication protocol for MCS clients (Apple, Windows, and Linux). It provides greatly increased storage capacity (so the user quota was again doubled), as well as ease of administration, reliability, resiliency and improved performance. We are currently storing, in a secure and fully backed-up system, some 27 million files for the staff and students of the University. A new resilient link to a secondary data site was started at Mill Lane, allowing for Filestore data to be backed up to a new InforTrend storage system using Zmanda Enterprise software. In conjunction with the current tape technology, this ensures a two-way avenue towards consistent data restore facilities for files and folders as well as total disaster recovery. Desktop Services Managed Print Service (MPS) The MPS provides print accounting and other functionality for participating institutions outside the MCS, as well as for all printing from Managed Cluster workstations. Eleven institutions took up this service during the reporting period, with ten more expected shortly after. Major new developments in the MPS include full support for a variety of multifunction devices (providing print, copy and scan to ). Charging is integrated with the DS-Print Common Balance scheme, and authentication is controlled by swiping a University Card at the copier device. The delegated management system (DMS), permitting institution administrative staff to manage their own environments, was enhanced to take advantage of printing alerts such as low toner status. The old iprint client which allowed users to print to local MPS/MCS printers from their own machines was withdrawn and replaced Chart 7. Growth of the Managed Print Service 15
18 Review by a PaperCut client, and infrastructure for new Papercut servers ensured added functionality for both MCS and MPS users (for example, Find Me printing allowing a print job to be physically released from a print device, thereby ensuring confidentiality during printing). Thirty-one institutions are now part of the DS-Print Common Balance scheme, which enables a user s print credit paid for at any participating MCS site, or through the MCS ecredit system, to be used at other participating sites. Service Desk During the reporting period the Service Desk team continued regular training and professional development activities and in June 2012 further consolidated the frontline customer interface to UCS support services and took responsibility for the provision of the University s Telephone Switchboard operation. Service Desk staff continue to resolve directly a significant proportion of the queries that come in, as well as passing on some to other UCS experts. They also act as a route for jobs handled by the Photographic and Illustration Service, the Print Room, Software Sales, Hardware Support and loan of self-taught training courses. A total of 13,186 recorded tickets were handled by the Service Desk during the reporting period, as well as a significant quantity of basic walk-in visits which are not recorded in the RT system. Of these, 6,165 tickets were resolved directly by the Service Desk, and another 5,292 RT User Administration tickets were also resolved, working with the User Administration team. Additionally 1,729 routing requests for the above services were handled. Videoconferencing and Desktop Collaboration (DS-Connect) The videoconferencing service continued to provide high quality on- and off-site hardware and software videoconferencing facilities and consultations for staff and students of the University and its related institutions. The studio was booked 112 times for meetings during the reporting period. Additionally, the studio has been used as a venue for presentations and as a recording studio for the Streaming Media Service. Arts & Humani-es Humani-es & Social Sciences Physical Sciences Technology Biological Sciences Clinical Medicine Other GB Ins-tu-ons Council Ins-tu-ons University Miscellaneous Colleges Research Councils Other External Ins-tu-ons Chart 8. Proportion of support calls by institution 16
19 Review Over the last year the University Computing Service has been running a project to investigate, test and establish a Web-based conferencing and collaboration system, for use by the University community. Adobe Connect was selected as most suitable from the various products considered and piloted; The UCS is developing its own service, based on Adobe Connect and offering integration with local authentication services and with technologies such as the UCS-run VoIP telephony system. Key features of Adobe Connect include that it is web-based (with each session having its own unique URL), it has good multiplatform and mobile support, it simplifies the sharing of screens (slides, whiteboards, video, interactive documents), it provides for chatting (text and audio, group and private, and breakout areas), and quizzes and polls, it enables session recording and playback, and it is highly customisable for ad hoc as well as regular use. DS-Connect is the named service being developed by the UCS to meet some of the day-to-day conferencing and collaboration needs of the University, from a variety of desktops (Windows, OS X, and Linux) and also from mobile devices. A few meeting rooms are being fitted with equipment to help demonstrate how DS-Connect can work well for groups. The current limited pilot DS-Connect service is due to expand toward a fuller service in the coming academic year, and an Adobe Connect course is available via the Training Booking Service. Assistive Technology Since becoming a formally trained workstation assessor in 2011 the AT Support Specialist has been able to visit University staff and students workstations, to offer advice and guidance on correct posture and good ergonomic set-up. There have been ten requests solely for formal Workstation assessments to be carried out on individual users and teams. The AT service can now provide documents in Braille format for the University at an affordable rate. We have supplied visually impaired users with course notes and documents and also supplied Departments and Colleges with course and seminar documentation, signs and information packs. In Lent Term 2012, to meet increasing referrals from the Disability Resource Centre, the AT Service developed a scheme to provide specialist AT software training to overseas disabled students. This means that students no longer have to negotiate with a variety of third party suppliers for their training needs to be met. Following user feedback, the AT service now provides shorter targeted sessions on voice activated software, note-taking software, mind-mapping software and literacy software. In addition, the AT Specialist continues to provide individual sessions in response to a variety of requests and referrals from Occupational Health and from individuals, for Upper Limb Disorders, visual impairment and other specific learning difficulties. Technical User Support The Mac Support, Windows Support and Hardware Support functions covered by the Technical User Support group continue to provide cross-platform third-line support across the University. The Technical User Support group continues to produce the annual Security Disk for distribution to Colleges and Departments at the start of the academic year as well as running University-wide WSUS (Windows Update Server Services) MacSUS and MacSUS Managed services and the KMS (Microsoft Key Management Service) servers. The group continues to run the popular Windows Active Directory and MacOS X Security courses, and also contributed to the Techlink seminar programme. 17
20 Review In line with the current contract with McAfee to provide the University with antivirus software, the Technical User Support group has released a McAfee epolicy Orchestrator (epo) Managed Service for institutions. In addition to the MCS PCs this service was being used by 17 institutions within the University as of July 2012 to manage the security of their desktop computers (Windows, Mac and Linux) using a range of third-party applications and utilities. Technical User Support also provides the MCS Macintosh service described in the MCS section of this Report. On-going specialist technical support has been provided to numerous institutions, and research groups. The Institution Support Service has grown substantially, with three permanent members of staff covering contracts from half a day per month at the Botanic Gardens up to full time network support at Gonville & Caius College. The service has also provided 50% cover for the Vet School since January 2012 during a period where they are reviewing their IT provision. Institution Support have also taken on one-off projects with some institutions such as server installation at Kettle s Yard. In addition to this Institution Support can now offer preferential pricing on central hosting of servers for contracted institutions. Hardware support continues to provide a warranty repair service for Dell, Avantek and Apple as well as an over-the-counter service. Language and Linguistics Demand for support of reference management software still continues to grow, and the service now provides numerous courses on EndNote, Mendeley and Zotero, in addition to individual consultations related to these programs. The service hosted a Mendeley advisor meeting in July As provision of reference databases and online access to research papers becomes 18 more sophisticated and competitive, interest in support for using online databases is increasing. The annual session on text encoding, markup and analysis of electronic texts continues as part of the Modern and Medieval Languages lecture series for their Certificate in Humanities Computing for Languages. The project to index the archives of St John s College was finally handed over to the College Computer Officer in August 2012, but low-level support to the Benjamin Constant Letters Project continues, as well as some support via individual consultations for use of foreign languages and scripts. Training Services The UCS Training Services group provides a wide-ranging programme of IT training throughout the year, including both instructor-led and self-taught courses, to support academic teaching, learning, research and administrative roles within the University. Several bespoke courses were also delivered during the year to various University institutions and IT Supporters. The Training group also manages the hire of teaching facilities and provides consultation, training and support for the University Training Booking System (UTBS). The number of courses offered and attendances recorded for the UCS programme was almost identical in to the previous year s statistics. Currently UCS course givers are working close to capacity but to keep the programme fresh, less popular courses were retired last year and were replaced with new courses that better reflect the training requirements of University and College staff and student cohorts; thirteen new courses were offered in We are pleased to note that feedback forms completed by course participants show an overall satisfaction rating that remains at 99%. Among the most popular courses by attendance figures were Web Authoring,