Committee meeting - January 9, 2020

Carol Lu
Secretary to the Committee
January 9, 2020

Present: Steven Bourque, Erick Engelke, Trevor Bain, Lori Paniak, Andrew McAlorum, Pratik Patel, Don Duff-McCracken, Jason Testart, Bill Baer, Robyn Landers, Adam Savage

Regrets: Andrea Chappell, Paul Miskovsky, Daryl Dore, Greg Smith

Agenda

  1. Chair’s remarks [5 min.]
  2. Approval of the minutes of the meetings of Thursday December 12, 2019 [5 min.]
  3. WatIAM password reset process change - (Andrew McAlorum) [10 min.]
  4. O365 email recommendations - (Andrew McAlorum) [15 min.]
  5. Upcoming service changes - (Steve Bourque) [10 min.]
  6. Other Business [10 min.]
  7. Roundtable discussion – all [20 min.]
  8. Next CTSC Meeting
    [Will be held Thursday January 23 at 1:30 p.m., in EC2 1021.]

Chair's Remarks (Steven Bourque)

  • Happy new year and welcome back everyone

Approval of the minutes of the previous meeting

  • The previous meeting’s minutes were accepted as distributed.

WatIAM password reset process change (Andrew McAlorum) 

  • This discussion is in relation to the Student Name Change project
  • Legal names are now considered to be 'highly restricted' according to University policy
    • On the same privacy level as Social Insurance Numbers
    • Access to legal names is limited; no longer in WatIAM
  • The IST Service Desks receive at least a dozen password reset requests daily 
    • At the beginning of this week, there were ~50 password reset requests daily due to it being the beginning of the term
    • The Service Desk staff are no longer able to verify a requestor's identity using legal name; staff are asking clients to: 
      • Try resetting their password using WatIAM's self-service password reset
      • Verify their identity at The Centre if the clients WatCard name doesn't match the name shown in WatIAM
    • Predominantly an issue affecting students, minimal impact on faculty and staff

Comments and discussion

  • Does WatCard show legal name? 
    • Newly-issued WatCards will only show the preferred name 
  • What percentage of people are being redirect to The Centre to verify identity?
    • 25%-50% of people were being redirected at the beginning of the term
  • A deadline should be implemented for those who change their preferred name to update their WatCard so that all identification is consistent (e.g. Please request a new WatCard with your preferred name within 2 business days)
  • Does the WatCard office charge students who want a new WatCard with their preferred name? 
    • According to the WatCard website, the cost for a new WatCard as a result of a name change is $20

O365 email recommendations (Andrew McAlorum)

  • The email recommendation document was distributed yesterday, would like to start an initial discussion today
  • Document will be made public on the IST website
  • After thorough consultation, research and communication, the recommendation is to move majority of employees and students to Office 365 using a staged approach
    • Will maintain a small portion on-prem for special use cases; currently no timeline for how long this will be implemented
    • There may be other special use cases
      • Might only be open to faculties to request on-prem (will not include academic support units)
    • It is expected there will be at least 6 months before any migration is done

Comments and discussion

  • In addition to Thunderbird, there are additional mail clients that would not be supported
    • Thunderbird is mentioned because it is the main mail client being discussed with Computer Science
    • The entire school of Computer Science has asked for an exemption to stay on-prem
    • Thunderbird support is still to be determined
    • In regards to the plan to have mandatory 2FA for all email services in 2020: does this include Thunderbird? 
  • Is it possible to have 2FA disabled for devices on campus and enabled only for devices off campus? 
    • This might be possible
    • Pine will not be able to handle 2FA
    • 2FA would have to be enabled for all VPN connections in order to disable 2FA for on campus use
  • Does Office 365 mail have a web API? 
    • Yes, the API is really good
    • Can the API be promoted in the project communications? 
      • Maybe just mention that the API is available to keep it general and user-friendly for majority of the audience
  • Would this project result in changes for private devices (e.g. printers)?
    • No, the focus would be on user email inboxes, not devices for mail handling

Upcoming service changes (Steve Bourque)

  • Presentation made. Slides available upon request.

Comments and discussion

  • There will be an open RFP about reevaluating ProofPoint
    • ProofPoint alternatives: Microsoft, Cisco, Barracuda
    • Microsoft Antispam is also being considered
  • IST can provide a list of services using Shibboleth to departments 
  • There is no different in user experience when moving mail servers to Office 365
  • Can you add your own anti-spam service to Office 365?
    • Yes, you can use your own cloud product
  • ProofPoint is a hardware appliance
    • Would like to collect feedback about what users liked and did not like about ProofPoint

Other business

Ona 2 (Erick)

  • Any update on the project?

Comments and discussion

  • Project is going well
  • Some information was missing from the API, some processes had to be changed
     

Cisco switches (Lori)

  • Starting to see some in the Computer Science buildings, working as expected
  • There are some functions that can't be troubleshooted by the faculties and require submitting an RT to IST

Comments and discussion

  • For Cisco VLANs, all building VLANS are already configured on all switches and trunk ports; a request does not need to be submitted to IST
  • Please contact Steve Bourque (sbourque@uwaterloo.ca)

WatSAFE on Mac (Don)

  • WatSAFE desktop notifications don't work with anything later than High Sierra
  • Desktop notifications cannot open due to 'Apple cannot check for malicious software' pop-up message
  • There is currently an RT open with Paul Dietrich

Comments and discussion

  • Apple app certification is more complicated than PC; requirements are different
  • The pop-up message cannot be disabled for any OS beyond Mojave

Wi-Fi refresh (Robyn)

  • Will the Wi-Fi coverage improvements only be for high density areas on campus?

Comments and discussion

  • The project focus is to refresh all Wi-Fi, not just high density areas


Roundtable 

Client Services, IST (Andrew)

  • The IST annual report for 2019 is now available
  • Microsoft Teams for Linux is now available
  • Clarification regarding the Planner communication sent on January 8
    • Planner was previously only available for use through Microsoft Teams
    • Planner has now been reenabled for use outside of Teams
    • Clarification email was sent out on January 10
  • TeamDynamix license is not being renewed
    • The IST Project Management content will be migrated over to Jira
      • There are currently 500 active Jira users across UW
      • Jira is available for all campus community members
    • The IST Knowledge Base will be moving to Confluence
    • TeamDynamix content can be archived 

Information Security Services, IST (Jason)

  • Phishing simulation update
    • Will be running a third simulation this month
    • Interested faculties and departments can contact Jason Testart (jason.testart@uwaterloo.ca) for more information
    • Before running a simulation, the Associate Dean for the respective department sends out a message to faculty with instructions and a disclaimer than passwords entered into the simulation will not be stored
    • Goal is to raise awareness of phishing and to build support in the campus community for services that support cyber security best practices (e.g. 2FA, Single Sign On, etc.)
    • Free security courses are offered on LEARN via Self-Registration

WUSA (Pratik)

  • Any information about WatCard access for rooms in the SLC/PAC expansion?

Comments and discussion

  • Currently a work in progress with the WatCard office
  • WatCards with access control are currently being tested out
  • Will eventually be available for students and staff
  • Would like to facilitate safety training
  • Access control is being implemented during construction of the SLC/PAC expansion
  • IST manages access control in-house instead of using a vendor

Math (Robyn) 

  • Any update on the Nexenta project? 

Comments and discussion

  • Currently sorting out a bug with Nexenta