Mar 27 2019 FACCUS meeting minutes

Minutes

Location: AHS 1686

9:30-11:30am

  1. Approval of minutes from last meeting - approved
  2. Anything to add to today's agenda? - any new items will be in the roundtable section
  3. Various projects/initiatives/updates - Information Systems & Technology (IST) (Also see https://uwaterloo.ca/information-systems-technology/about/projects) - *Noted that projects are available for review
    1. Grouper update/demo (Sean M) (15-20 min)
      1. Sean M: Reviewed Grouper and how it works and announcing it is now available for IT Group usage across campus.
        1. Forced somewhat ahead by SailPoint and Workday switch and the need to find a reliable method for creating and managing Active Directory Security Groups
          Why use Grouper? Allows distributed management of Security Groups without giving direct AD management access.
          Grouper has access to campus data that can be referenced to aid in automatic filtering and assigning of users to groups. This is rather useful for populating AD Security groups for example for IST. And then Grouper allows for adding and removing additional members based on other criteria – for example a group may be all employees that show as assigned to IST via Workday SuperOrgs – and then remove specific employees on a case by case basis.
      2. To use Grouper Contact Sean Mason and setup and training will be provided.

    2. Exam Management System update (Andrew M)

      1. Andrew updated on the process to use multiple choice exams and automated/managed creating, scanning and marking of exams. In progress and new system or systems will be in place. Updates to come. Timelines not fully confirmed. SOON!
        End goal is to improve self-serve and ability to handle small courses to very large courses.

    3. O365 email – Assessment and Planning project update (Andrew M)

      1. Short presentation on project to access moving email to cloud via our Microsoft Tenant(s). Objective is to simplify and reduce our costs.
        Cloud email has previously been reviewed and approved by our Privacy Officer and our Security Team. Potential changes will be reviewed again, and recommendations made.
        This will change the way we work for the better!

    4. 2FA update (Matt H)
      1. -as of this morning, 382 users have opted in to 2FA; we have 564 total Duo users

        -2FA has been enabled for some privileged users in Quest, Workday and WatIAM, among other systems

        -IST service desks are the front-line support for Duo 2FA; if you have groups of users in your faculty or department that you would like to provide support for, we can accommodate distributed support for different groups of users

        -roll-out of 2FA to protect su/sudo access to Linux systems has started with IST staff

        -department-wide roll-outs are in progress for Finance and Police Services

        -a project is underway in IST to prioritize high-risk systems for 2FA protection and to further develop communications related to 2FA

        -get in touch with Andrew Ward if you have a system that you would like to integrate with Duo for 2FA, for an introductory session about the value of 2FA protection for users you support, or to answer any other 2FA questions you might have.

    5. Guest wireless update (Matt H)
      1. IST NS is actively working on this and it should be available within weeks (or less).
      2. It will provide access to Web (80,443), Mail, and VPN(Our cisco anyconnect (IPSEC/SSL)); all other services will be blocked.
      3. It will be called something similar to uw-wifi-setup-no-encryption. When chosen, the captive portal page will then appear: https://ns-webapp-b.private.uwaterloo.ca/wifisetup/index.php. Guests will then click a different "Here" link for "UW Guest access". They will then need to read and accept an Acceptable Use Policy. Once accepting the AUP they will be granted wireless access for 24 hours. After that time they will be forced to re-authenticate by repeating the process.
    6. Adobe Acrobat Pro Licensing model (Sandra L)
      1. Currently we license Adobe Acrobat Pro 2017 on the Webstore for $110.00/copy – this is a perpetual model and there are no additional costs until users move to next versions. Sandy has ordered another 250 copies  of this version that should take us to the end of 2019. This version has an expiry date of 2022-06-06.

      2. Acrobat Pro DC (next version) is a subscription based model paid yearly, the same as Creative Suite.

        1. Subscription model: $15.00 US plus tax a month (180.00 US yearly) and the responsibility is with departments to pay and renew.

      3. IST is working on an Knowledge Base article to help people determine if they need Acrobat Pro, or if they can perform their business functions using MS Office or another application (that they already have or could obtain for a lower cost)

      4. Questions/concerns can be directed to Sandra Laughlin

    7. Collaboration Tools and Options (Stephen M) (15 min)

      1. Overview of IST’s O365 page and account activation

      2. SharePoint and OneDrive

    8. Office 2016 replacement (Office 365 desktop deployment project) (Lisa T)
    9. Other short updates (Lisa T)
      1. DTR Inventory project
      2. IST Knowledge Base
        1. (linked to from Help and Support page)
      3. WCMS intro courses in Learn
        1. SEW099 WCMS for Content Maintainers [LEARN]
        2. SEW100 WCMS for Site Managers [LEARN]
        3. SEW101 Web Form Creation [LEARN]
  4.  
  5. Skype/Skype for Business/MS Teams (Chris R)
    1. MS Teams is currently independent of Skype (Microsoft plans to integrate or combine them later but now they are completely independent, with different features, etc.)

    2. Skype for Business 2016 is the version that is being deployed (to many managed machines on campus), and is connected to our campus GAL (and phone system for some areas)

  6. Content storage solutions (Lisa ) - https://uwaterloo.ca/information-systems-technology/services/microsoft-office-365-education/matrix-content-storage-solutions

    1. Review of where and how files are stored

  7. Windows 7 EOL Jan, 2020 (Lisa)
    1. There have already been issues with non-SP1 (e.g. can't connect to the campus VPN; non-SP1 hasn't been supported for a while)

    2. If there's a critical issue that comes out that MS doesn't patch, IST Security will look for and actively remove vulnerable machines from the network

    3. Compromised machines are removed from the network, as well (typically without warning)

  8. Faculty/area updates (all)
    1. Introductions for any new members
    2. Various updates:
      1. AHS – mostly business as usual. Researchers concerns with highly secure management of sensitive data. Working with IST on best practices.
      2. SCIENCE: Looking at using Grouper.
        Office of Research: Business as Usual
      3. Library: Update on VDI and moving desktop to virtual.
      4. MFCF: Math 4 building on its way! Some student lab computing being decommissioned for other space.
      5. ACO: Business as usual. Keith retiring. Focusing on moving Win7 to Win10.
      6. MAD: Business as usual – moving Win7 to Win10. Partial Lab upgrade. Arduino kits for students. And Marko is retiring! What????
        And spoke about Teams and use of Teams for various tools and monitoring.
      7. IST-SD: Update on user expiring accidently from WatIAM and Nexus. Reviewed various services and booking processes for handling services that are via EC2 location.
      8. Coop – Business as normal
      9. St Jeromes: 90% of systems  now on Windows 10.
      10. CSCF: Spoke about various projects and adaptions of various shared campus services and leveraging unified services.  Machine room space project and taking over some computing lab space.
      11. Pharmacy -
      12. Engineering: Business as usual
      13. Security: Update in tools to use Compromised Search: email address and not require strict WatIAM username. Working with EngComp for a vulnerability review tool and scan of devices and what needs fixing - Pilot for larger tool for campus
      14. Psychology: Spoke to AD Security Group management

         
  9. Review from May 2018  brainstorming (Lisa T)
    1. Reminder all are invited to:
      1. Report on new projects
      2. MS Teams channel?
        1. Informal communications for emerging issues
          Should we have one for our group? - yes

           
      3. Reach out to FACCUS/IST Account Reps when planning new initiatives
  10. Who to host next FACCUS meeting? (env) - maybe libary/university colleges next