SPOTLIGHT

A New Era for Data Centre Raymond Poon

The Data Centre (DC) supporting CityU was built in 1988 when the University moved to the existing campus at Kowloon Tong. At the time, it was one of the most advanced designs in Asia. Over more than 20 years, it has been the core for providing IT services to the University community. Despite a number of changes taken place including increasing power supply, upgrading UPS, performing server consolidation and storage consolidation, starting virtualization etc., the speed of growth in IT demand still far exceeded the pace of these changes. Shortage of space, power and air conditioning became the utmost priorities to resolve in order to maintain IT service at its quality and level. Feeling the need and urgency of a revolutionized modernization to tackle forgoing problems once and for all, the CSC has started to join force with the Campus Development and Facilities Office (CDFO) to work out the solution. Taking the chance of campus preparation planning to meet the 334 changes, we were able to request additional space for the expansion of the Data Centre. A Data Centre expansion plan has been worked out and submitted to the UGC for budget.

Thanks to the UGC, CityU has been granted HK$17M to complete the modernization of its Data Centre within the next 2 years. To help our readers understand the necessities, the architect, the challenges, the potential stumbling blocks, the solutions to critical problems or to mitigations of significant risks, and the progress of the DC modernization as well as how we will operate our DC and how it evolves when it becomes operational, a series of articles on our DC modernization will be

NEWSLETTEROCIOIssue 5 • Oct 2011

published in this Newsletter and below is the first one.

Why We Need to Modernize Our DC to Become a Next Generation DC?Enterprises do need to control IT spending as well as to improve business agility through IT in order to stay competitive. Data centre modernization or building a Next Generation DC offers the opportunity to achieve these goals while, at the same time, to address pressing issues such as explosion in number of servers and storage devices, space constraints, migration paths for legacy technologies, compliance with legal requirements, rising energy costs, etc.

What Are the Benefits to Be Brought about by the Next Generation Data Centre (DC)?Leading-edge next generation DCs are dynamic ones; they are designed:− For flexibility - to make business

agility possible by being able to meet the changing needs of service provisioning and support (i.e. service oriented and service on-demand) arising from high-density growth in IT infrastructure

− For efficiency - to utilize space and IT assets more effectively and to maximize the universities’ capacity to control DC spending, hence reducing both capital and operating expenses in the long run;

− For scalability - to enable services to span across physical, virtual and cloud infrastructures seamlessly as required by business changing

needs, and to allow different IT service levels or different IT availability (risk) levels, and different IT resource provisioning across heterogeneous platforms to be accommodated speedily;

− For providing Security As A Service; and

− To be environment friendly and for consuming energy efficiently

Way ForwardHowever, these benefits don’t come easy; modernization of DC, according to Gartner Group, “involves customizing Data Centre strategies according to business plans, regulatory requirements, skills availability and rapidly changing technologies”. Besides, other than the DC building work, a holistic data centre management solution must also be in place. “Such a management solution should combine proper data centre planning, committed management involvement, competent IT staff and usage of sophisticated management tools. Various hardening steps should also be implemented at environmental, physical, logical and procedural levels to reinforce the Data Centre security”. While modernizing the DC, we also

need to observe closely on the trend of services that will be outsourced to public cloud services, incorporating and balancing the effort in the DC future plans.

In view of the complexity and the inter-dependency in strategies and implementation plans at different component levels of the overall DC modernization plan, a structured approach in realizing the plan must therefore be adopted and will be shared with our readers in the coming issues.

Reference:1. Data Center Knowledge http://www.datacenterknowledge.com/2. Gartner Infrastructure, Operations & Data

Center Summit http://www.gartner.com/technology/

summits/apac/data-center/ 3. Computerworld & Virtualization Summit

2011 http://dcs.questexevents.net/2011/hk 4. Oracle Next-Generation Data Center http://www.oracle.com/us/technologies/

next-generation-data-center/index.html 5. CA Technologies Data Center of the Future http://www.ca.com/us/content/campaign.

aspx?cid=233176 6. Cisco Data Center and Virtualization http://www.cisco.com/en/US/netsol/ns340/

ns394/ns224/index.html7. CA Technologies, Building the Next

Generation Data Center – a Detailed Guide

OCIO NEWSLETTER2

BRIEF UPDATES

Readying SIS for the 334W K Yu

The changes brought about by the 334 curriculum reform to the Student Information System (SIS) are tremendous. It is pleasing to report that the progress of the development of SIS for the 4-year degree structure has been well and most of the project schedules kept.

As at the start of the academic year 2011/12, a few major systems or components have been launched for use by the nominated programmes piloting the 4-year degree curriculum in 2011/12. They include: • thenewlyintroducedacademic

advising software, DegreeWorks; • anewi-AssessmentSystemfor

the Faculty to propose awards to graduating students, and to record and process course results;

• declarationofminorandrelatedapproval processes, and

• OBTLProgrammeManagement.

Feedbacks and comments on the functionality and presentation of these systems are being gathered. The systems are expected to be further refined or enhanced during the year in preparation for full implementation in 2012/13.

Completed also are the fundamentals to support the development of the deliverables above and other systems are still under development. They include re-configuring the Banner Student System and an overhaul of the access control to student and applicant information for meeting the changes brought about by the new degree structure.

A large number of systems are still under development. The Admissions System is an important one. The University is readily prepared in the processes defined by us, e.g. screening and selection criteria and the system development progress in this regard is on track. Nonetheless, the progress in building interfaces with the new Joint University Programmes Admissions System (JUPAS) is depending on that of the JUPAS development. System testing on this part hence has to be timely and focused whenever new JUPAS features are ready.

Another major development is to re-visit and re-design class scheduling. This is to ensure class scheduling meets the teaching and learning pattern of the 4-year degree curriculum, and copes with double cohort in 2012 and space constraints. Simulation will be done.

Other on-going developments include a revamped student enquiry, declaration of major, different kinds of listings to support Faculty members and academic departments in their teaching and related activities, transcript, application for credit transfer, graduation process, etc. Most of the system functions are to be ready for use some time in 2011/12, thus allowing contingency and time for further improvement before full launch in 2012/13.

In addition to system development, the SIS will undergo a system health check and a review of system capacity. Appropriate action will be taken to ensure the system is sufficient to handle the demand in 2012/13, should the result indicate such a need.

Issue 5 • Oct 2011 3

The IT services in the Academic 2 (AC2) building is in operation at the start of the academic year 2011-2012. Among other IT provisions, the classrooms, the lecture theatres, a number of PC-equipped teaching studios on Level 8 and a public access Computer Terminal Room on Level 3 of the AC2 have been set up with computer and network to facilitate teaching and learning.

In order to distinguish the teaching studios and the computing facilities in Academic 1 (AC1) building, a naming convention is assigned to the rooms in the CSC Teaching Studio Booking System (accessible from the e-Portal). In the Booking System, building prefixes of “AC1-“ and “AC2-“ have been added to the room specifications at AC1 and AC2 respectively. For example, Teaching Studio A in AC1 now becomes AC1-A and Teaching Studio 8506 in AC2 is named as AC2-8506. Such naming convention has been adopted in the University Timetable from Semester A 2011.

FEATURE

IT Service Arrangement for AC2Joe Lee and Joe Chow

Setup of Facilities Lecture Theatre and Classroom

TypeNo. of

RoomsWorkstation Configuration

(Lectern Only)OS Capacity Remark

Lecture Theatres• Instructorworkstation• MultimediaReady• LCDprojector• Projectionscreen• Wyteboard• DVDplayer

12

Intel Core i5-2500 CPU @ 3.30 GHz PC • 120GFastSSDHardDisk• 4GBRAM• 20”WidescreenLCDMonitor• DVD/CDWriterDrive• Front-sideUSBports• Front-sideHeadphoneJack• Front-sideMicrophoneJack

Windows 7/Windows XP

120, 160, 240, 320

Set up by the CSC

Classrooms • Instructorworkstation• MultimediaReady• LCDprojector• Projectionscreen• Wyteboard• DVDplayer

45

Intel Core i5-2500 CPU @ 3.30 GHz PC • 120GFastSSDHardDisk• 4GBRAM• 20”WidescreenLCDMonitor• DVD/CDWriterDrive• Front-sideUSBports• Front-sideHeadphoneJack• Front-sideMicrophoneJack

Windows 7/Windows XP

30, 40, 80Set up by the CSC

Photos courtesy of Peter Mok (CSC)

OCIO NEWSLETTER4

Teaching Studio

Type Name Workstation Configuration OS Capacity Remark

Public AccessComputer Room• 2FastPrinters

AC2-3600

Intel Core i5-2500 CPU @ 3.30 GHz PC• 4GBRAM• 20”WidescreenLCDMonitor• DVD/CDWriterDrive• Front-sideUSBports• Front-sideHeadphoneJack• Front-sideMicrophoneJack

Windows7/WindowsXP

144

SetupbytheCSC

Teaching Studio • Instructorworkstation• MultimediaReady• 2LCDprojectors• Projectionscreens• Wyteboard• DVDplayer

AC2-8506

39

AC2-8606

60

Teaching Studio • Instructorworkstation• MultimediaReady• LCDprojector• Projectionscreen• Wyteboard• DVDplayer

AC2-8500

Intel Core2 Duo CPU E6550 @ 2.33 GHz PC• 2GBRAM • Front-sideUSBports• 19”WidescreenLCDMonitor • Front-sideHeadphoneJack• DVD/CDWriterDrive • Front-sideMicrophoneJack

Windows7 30

SetupbytheCCCU

AC2-8501

Intel Core i5-2500 CPU @ 3.30 GHz PC• 4GBRAM • Front-sideUSBports• 20”WidescreenLCDMonitor • Front-sideHeadphoneJack• DVD/CDWriterDrive • Front-sideMicrophoneJack

Windows7 30

AC2-8502

Intel Core i5-2500 CPU @ 3.30 GHz PC• 4GBRAM • Front-sideUSBports• 20”WidescreenLCDMonitor • Front-sideHeadphoneJack• DVD/CDWriterDrive • Front-sideMicrophoneJack

Windows7 27

AC2-8503

Intel Core2 Duo CPU E8400 @ 3.00 GHz PC• 2GBRAM • Front-sideUSBports• 19”LCDMonitor • Front-sideHeadphoneJack• DVD/CDWriterDrive • Front-sideMicrophoneJack

WindowsXP 30

AC2-8505

Intel Pentium 4 CPU @ 3.00 GHz PC• 1GBRAM • Front-sideUSBports• 15”LCDMonitor • Front-sideHeadphoneJack• DVD/CDWriterDrive • Front-sideMicrophoneJack

WindowsXP 30

AC2-8601

Intel Core2 Duo CPU E8400 @ 3.00 GHz PC• 2GBRAM • Front-sideUSBports• 19”LCDMonitor • Front-sideHeadphoneJack• DVD/CDWriterDrive • Front-sideMicrophoneJack

WindowsXP 27

AC2-8604

Intel Core i5-2500 CPU @ 3.30 GHz PC.• 4GBRAM • Front-sideUSBports• 20”WidescreenLCDMonitor • Front-sideHeadphoneJack• DVD/CDWriterDrive • Front-sideMicrophoneJack

Windows7 27

AC2-8607

Apple Mac Pro (Instructor workstation).• 2.80GHzQuad-CoreIntelXeonprocessor • 6GBRAM• 27”WidescreenLCDMonitor • DVD/CDWriterDriveApple iMac (Student workstation)• 3.1GHzQuad-CoreIntelCorei5processor • 4GBRAM• 27”WidescreenLCDDisplay • DVD/CDWriterDrive

OSX10.6 30

AC2-8608

Intel Core2 CPU 6300 @ 1.86 GHz PC.• 2GBRAM • Front-sideUSBports• 17”LCDMonitor • Front-sideHeadphoneJack• DVD/CDWriterDrive • Front-sideMicrophoneJack

WindowsXP 26

Issue 5 • Oct 2011 5

Booking of Venue1) Lecture Theatre and Classroom Class scheduling is managed by Academic Regulations

& Records Office (ARRO), and individual class booking is available from e-Portal’s “Venue and Classroom Booking” system under the “Facilities Booking” of the “Univ. Services (Staff)” tab.

2) Teaching Studio/Computer Room Teaching staff can reserve the Teaching Studios/

Computer Rooms in the following ways:a) For timetabling purpose, staff members are invited

to send CRN information to the ARRO during the timetabling period. The ARRO will then schedule the room requirements according to resources. This schedule will be populated to the CSC Teaching Studio Booking System where staff and students can examine.

b) After the final University Timetable is released, if new room requirement is needed, staff can make ad hoc booking through the online CSC Teaching Studio Booking System in the e-Portal, under Univ. Services (Staff) / FACILITIES BOOKING.

c) Ad hoc bookings can also be made at the CSC’s Service Counter in person or through online CSC Work Request.

More information about CSC Teaching Studios and the guidelines of reserving them can be found at: http://www.cityu.edu.hk/csc/deptweb/facilities/terminal-area/teaching-studio.htm

General SupportSimilar to the support in AC1, users can request the service by raising an on-line CSC work request, or call the CSC Help Desk at 3442-7658 for urgent matters. Users will normally receive a reply from the CSC on the same day (normally within 1 hour) and on-site work will be scheduled as agreed by the users and the supporting engineer.1) Lecture Theatre and Classroom

a) Similar to the support in AC1, users can call the CSC Help Desk at 3442-7658 and request immediate on-site support.

b) In most cases, supporting engineer can arrive and provide necessary assistance in 5-10 minutes’ time.

2) Teaching Studio/Computer Room Since there is no CSC Service Counter in AC2, users are

required to call the CSC Help Desk at 3442-7658 for all supports and services. Besides the support from the CSC, some Terminal Rooms (8500, 8501, 8502, 8503, 8505, 8601, 8603, 8604, 8607, and 8608) are co-operated by the CSC and the CCCU, and the support services for these rooms can also be obtained from CCCU’s Help Desk at 3442-9821 during the following office hours:a) 9:00 a.m. to 5:30 p.m. (Monday to Friday)b) 9:00 a.m. to 12:00 noon (Saturday)

BRIEF UPDATES

Notebook Ownership Scheme for Students (NOSS) 2011Noel Laam

In view of the success last year, the University has decided to organize the Notebook Ownership Scheme for Students (NOSS) 2011.

For eligible students of the NOSS 2011 who purchase a notebook of one of the 32 models from the approved list of notebook models available for sale at the Digital Technology Festival 2011 (DTF 2011) organized by the Student Union (SU), they may apply for the subsidy amount of $1,000 for the notebook purchased.

EligibilityThe NOSS 2011 applies only to the students of the City University of Hong Kong, and is not applicable to the students of the Community College of City University.

The following categories of CityU students are eligible to apply for the subsidy in NOSS 2011:a) Students admitted in 2011 and are enrolled in a UGC-funded

Bachelor’s Degree (including those in their foundation year) or a UGC-funded Associate Degree programme, and are not in possession of any LLS notebook computer (obtained from the LLS buy-out exercise or currently still enrolling in the LLS), and have not received the subsidy from the NOSS 2010.

b) Students admitted in 2010 and are enrolled in a UGC-funded Bachelor’s Degree programme, and were not admitted as senior-intake and are not in possession of any LLS notebook computer (obtained from the LLS buy-out exercise or currently still enrolling in the LLS) , and have not received the subsidy from the NOSS 2010.

Application Procedure for Reimbursement Eligible students can apply for the reimbursement by completing the NOSS application form available from the AIMS, and submit it together with the necessary documents by hand to the drop-box of the Finance Office.

The application period is from 1 October – 30 November 2011, and the hard copies of the necessary documents must reach the FO no later than 15 December 2011, or the application will not be considered.

For more information of the NOSS, please refer to http://www.cityu.edu.hk/csc/deptweb/services/noss/noss2011/noss2011.htm

OCIO NEWSLETTER6

Display Name is one of the Microsoft Active Directory (or AD) attributes. This display name will appear in a number of Microsoft based LAN (e.g. when users log on to their office PCs) and applications including the Microsoft Exchange Email and the Microsoft SharePoint (CityUWiki) services. By default, a staff member’s Display Name is the same as the Preferred Name of a staff member’s choice as recorded in the AIMS, which is used for communication for administrative matters. As the Display Name is the primary lookup value in the Exchange Global Address List (or GAL), it will be revealed as a staff’s email name in the Microsoft Exchange/Outlook system.

After migrating to the MS Exchange email, some staff may prefer to have another choice for a name more commonly known to their friends in correspondence which is different from their Preferred Name. Accordingly, the Computing Services Centre (CSC) has devised a new function for staff to personalize their names in Exchange and AD based on one’s Preferred Name and Email Alias.The new function “Change Display Name for Exchange Email” can be found in the University e-Portal (https://eportal.cityu.edu.hk), in the “Quick Links” box located in the middle column under My CityU tab.

The same function is also provided as an option “Change Display Name” under “Management for @um (Exchange) Account” in “Account Management for Staff Email Services” after clicking “Account Management” in the Email Services home page http://email.cityu.edu.hk.

BRIEF UPDATES

Choose Your Own Display Name for Exchange EmailYeung Man

The “Change Display Name” function involves two steps.

The new chosen Display Name will be effective within three hours. It will be displayed, as a user identity, in Exchange Email and CityU Wiki (or any Microsoft products if applicable), or when a user logging on to the campus network through Staff LAN, Student LAN, Wireless LAN, or Virtual Private Network. Please note that the Display Name will not be displayed when a staff member is neither using the foregoing software, nor logging on to the campus network.

In step 1, staff can decide their display name and title by choosing the words from the drop-down boxes.

In step 2, staff can change the letter case ( upper or lower) in any combination by clicking on the letter. Finally, click ‘Confirm’ button to complete changing the Display Name.

Issue 5 • Oct 2011 7

FEATURE

CityUWiki Leaps from MS SharePoint 2007 to MS SharePoint 2010Maria Chin

To maintain the integrity of the CityUWiki and its interoperability with the advancing office applications, the plan to upgrade the CityUWiki from MS Office SharePoint Server 2007 (MOSS2007 hereafter) to MS SharePoint 2010 (SP2010 hereafter) started early this year. Please refer to the appendix for more information on the CityUWiki and MS SharePoint 2010.

As in-place1 upgrade from MOSS2007 to SP2010 is not recommended by Microsoft, a new load-balanced server environment was set up for the out-of-place2 approach where content from MOSS2007 had to be moved (migrated) from the old server to the new one. The new server farm was installed afresh with the most recently released operating system, database and SharePoint, namely MS Windows 2008 R2,MSSQL2008R2andMSSharePoint2010. In addition, to strengthen the integrity of user content stored in the CityUWiki, two server-side anti-virus3 tools were installed to protect user content from computer virus which might be unknowingly uploaded to the CityUWiki in user files.

The technical team in the Computing Services Centre (CSC) did an initial assessment on the upgrade efforts including content migration, service interruption, impact on site owners and their users. The findings suggested that the upgrade would be a strenuous process. Apart from migrating the 25GB of contents in the 80 sites, customized site templates and pages, workflows, survey results, site permissions, etc.

might need to be touched up after they were moved to SP2010, and this meant tedious manual work and considerable service downtime.

To verify our findings, external software vendors were invited to share their SharePoint upgrade experiences, and their views concurred with ours. In view of the complexity of the project, it was decided to partner with a software vendor with prior SharePoint upgrade experience, which led to the kick-off of the tendering process and the project in June finally. The selected vendor presented an attractive project plan that targeted at zero service downtime, and brought in a third party tool to help reduce the tedious content migration work.

The upgrade project was carried out in three phases, of course, with the new server farm already in place.1) July 2011 – Pilot Migration of User

Contents 25GB of user contents in MOSS2007

was migrated to SP2010 with the vendor’s migration tool. The project team then identified and fixed most master pages and templates. More importantly, common issues and fixes were worked out.

2) Early August 2011 - Site Owner Training and User Acceptance Test

Two training sessions on SP2010 were organized for site owners. Apart from highlighting enhancements of popular features,

site owners were asked to crosscheck the migrated contents with those on MOSS2007, and were trained to fix common issues in their sites. Two hotlines were set up to provide extra help to site owners.

3) 12-17 August 2011 – D-Day The time gap between phase 2) and

3) was kept short so as to minimize the chance of user contents being updated, hence reducing the data volume (also reduced time and error) that need to be synchronized from MOSS2007 to SP2010.

These six days were intense; the CityUWiki was set to read-only mode providing view access to users. User contents were synchronized from MOSS2007 to SP2010, followed by applying its Service Pack 1 for SP2010, import user profiles, finalized system and network settings.

Normal CityUWiki service running on MS SharePoint 2010 SP1 was released to users at noon on 17 August 2011. Minor fixes to sites and contents continued after the upgrade.

The upgrade prepares the CityUWiki for the future incorporation of information rights management to support user contents requiring extra security and tracking of sensitive information wherever it is used and disseminated, for example, via email and website. It

OCIO NEWSLETTER8

also set the footsteps for the upgrade of the University’s public facing MOSS2007 service, wikisites.cityu.edu.hk, which is hosting the NewsCentre, the President’s Blog and various departmental public wikis and blogs.

AppendixBackground:The CityUWiki was released in June 2008, and it is a portal based collaboration and document management service based on Microsoft SharePoint. The usage of CityUWiki grew from 10 sites in 2009 to 80 sites in 2011 supporting closed-group sharing, for example, members of committees, departments, research and project teams.

Information on MS SharePoint 2010 available at:http://technet.microsoft.com/en-us/sharepoint/ee518662http://office.microsoft.com/en-us/sharepoint-server-help/what-s-new-in-microsoft-sharepoint-server-2010-HA010370058.aspx

1 In-place upgrade refers to the method of software enhancement where the new version of software can be applied atop of the existing one.

2 Out-of-place upgrade refers to the method of software enhancement where the new version of software has to be installed afresh in another location and old content be copied to the new location.

3 McAfee VirusScan Enterprise and MS Forefront Protection 2010 for SharePoint

Microsoft sets up the DreamSpark program in 2008 to provide free professional developer and design tools to students around the world to help them improve their learning and skills through technical design, technology, math, science, and engineering activities. The only restriction on the use of these tools and software is self-explained.

Getting your student status verified CityU has participated in the DreamSpark program, and therefore, relevant students are eligible to gain the benefits. As DreamSpark is for students only, proof of student status is required before downloading the available Microsoft software tools from the DreamSpark site. Microsoft provides an online verification program to do this and the only information required for verification is the Windows Live ID. If students have already applied for the CityU’s Windows Live account (Ref 1, the Live@edu cloud service offered by the Microsoft), they can simply use it in the Windows Live ID sign-in process at the DreamSpark site. Doing so will allow the student status to be verified at the very beginning, bypassing the verification step for future visits to the DreamSpark site. All students remain verified for 12 months and will have the optiontorenewafterevery12months.Fordetails,pleaserefertotheFAQsthere.

Downloadable Microsoft ProductsDreamSpark includes many free products for learning purposes (please refer to the Terms of Use for details) and students can see the complete list by visiting the DreamSpark site (Ref 2). The products provided are the same as those commercial products that professional developers can buy and use. All products are listed with links for students to download easily. Basically, students will be able to download ALL the products but they can only install and use one copy of each product.

Students can view their download history from DreamSpark. A list of the software that they have downloaded is available for viewing on DreamSpark’s My Download History page. They can just click the My Download History link located in the navigation panel to check it out.

Technical AssistanceIf students encounter problems when downloading or accessing the software at the DreamSpark site, they can contact the DreamSpark Technical Support for assistance or visit the Student Lounge Forum to get help from the student community.

Reference:1. Application for a CityU Windows Live account: http://www.cityu.edu.hk/csc/deptweb/services/

email.htm 2. DreamSpark site: https://www.dreamspark.com/Default.aspx

3. DreamSpark privacy policy: https://www.dreamspark.com/policies/Privacy.aspx

FEATURE

Microsoft DreamSpark ProgramJoe Lee

Issue 5 • Oct 2011 9

i-Assessment, a new web-based tool for course and programme management, was launched on 22 August 2011 for staff use from Semester A 2011/12. It is developed using the latest J2EE technologies and running on JBOSS (Java EE-based application server).

The new tool is designed to cope with the student record management under the 4-year degree structure where students are admitted into Colleges/Schools with an undeclared major upon entry to the University and then select their major by the end of the first year of studies. It will also provide enhanced functionalities to capture student data on double majors, multiple minors as well as double degrees. In addition, the following main features are introduced:

- easy access to different student summary lists on a single page

- additional information on cohort, major, minor, stream and expected graduation term

- enhanced sorting functions- enhanced e-mail functionalities for

communication- direct link to Class List in AIMS for

more comprehensive information

To provide users with an overview of the new tool, two briefings were held in September 2011. More than 120 staff members attended the briefings

and they gave valuable feedback on the new functionalities.

i-Assessment will replace the i-CMS (Internet-based Course Management System), which has been used by staff members for more than 10 years, in October 2011. In the meantime, both systems will run in parallel with Semester A 2011/12 data available in

BRIEF UPDATES

Launch of i-Assessment Danny Law

i-Assessment is available under ‘Useful Links’ of the e-Portal’s University Services (Staff) and ‘My Courses’ menu in AIMS

i-Assessment and Summer Term 2011 data in i-CMS.

Further briefings focusing on entering of course grades and decisions on academic awards will be arranged in November 2011. Staff members will be notified of the arrangements in due course.

OCIO NEWSLETTER10

BRIEF UPDATES

University-wide Web Redesign Project ProgressWeb Redesign Team

The CityU website redesign project is probably the largest Web project the University has undertaken since its establishment. It benefits all central and departmental websites, covering close to a hundred websites and hundreds of thousands of web pages. It is the result of the collaboration of over a hundred IT and non-IT staff across all departments and units. The project is part of our continued effort in improving online user experience, user friendliness and accessibility as well as search engine optimization; strengthening our online branding and providing a consistent look-and-feel throughout all our websites. Using the latest Web technology, the new websites support modern mobile devices, such as smart phones and tablets.

In the previous OCIO Newsletter, we highlighted the background of our University-wide web redesign project and its main objectives. In this issue, we would like to provide some update on the progress of this project.

In the past few months, Central IT finalized a set of standard website guidelines and templates and made them available to everyone to follow (http://www6.cityu.edu.hk/redesign/). The templates greatly simplify the work needed by colleges, schools, departments and units to port their websites to the new design. Using the templates, for departmental websites, redesign can be a matter of days to a few weeks. The templates also ensure

that all the applicable Web standards and best practice are followed.

Several Web redesign workshops were held in August and September 2011. In these workshops, we went over the project scope of the Web redesign project as well as the expected milestones and timeline. Step-by-step instructions were given to show how our templates can be used to simplify porting efforts. Following that, additional in-depth technical workshops were giving to further guide IT staff in development work.

To help kick start departmental Web redesign efforts, Central IT has been providing various related consulting services in all departments and units. This included drafting tender specification and/or vendor selection for departments that plan to outsource the Web redesign work as well as a hotline for any Web redesign technical questions.

The University has been working quite aggressively on the project since early this year. The redesigned University homepage was recently launched on 3 October 2011. Since then, roughly a dozen other redesigned departmental websites were launched as well. The other remaining departmental websites

The above shows the new design of the CityU homepage (http://www.cityu.edu.hk/).

The above shows what the CityU website looks like on an iPhone and iPad.

will be launched within the coming one or two months.

With our modern HTML5/CSS3-compliant templates, all the new CityU websites will automatically be mobile-enabled and will display properly in all the popular mobile devices and smart phones.

Issue 5 • Oct 2011 11

I. Background

Industry Story Sony Hack Reveals Password Security is Even Worse than Feared

A million Sony users’ password / username IDs and 250,000 Gawker login credentials, each stored in plain text, were exposed via separate hacks.

An analysis by security researcher Troy Hunt revealed that two-thirds of users with accounts at both Sony and Gawker used the same password on both sites. Half the password sample from the Sony hack used only one character type and only one in a hundred passwords used a non-alphanumeric character, much the same as revealed by the earlier Gawker hack. Only 4 per cent of these passwords had three or more character types. In addition, around 36 per cent of the passwords used appeared in a password dictionary, a factor that would leave them wide open to brute-forcing attacks.

The data gleaned by Hunt from the Sony hack shows that this is unlikely to be some sort of statistical quirk. On the contrary, by any metric, consumer password security revealed via the Sony hack is dire.

See the article:(http://www.theregister.co.uk/2011/06/08/password_re_use_survey/)

Password Management OverviewPasswords are secret strings of characters that are used for authenticating users and gaining access to information resources. As the authentication method used by most of the universities’ information systems today, an appropriate management framework of passwords plays a significant role in sustaining information security within universities.

The objective of password management solutions is to reduce the risks of passwords being compromised due to inappropriate user behaviours or security threats caused by malicious activities. Typical components encompass processes and technologies that regulate the provision and storage of user account IDs and passwords across the information systems within organisations such as universities.

II. ManagementIn general, management should ensure that formal policies and procedures have been established to govern the allocation of passwords to authorised personnel and the strong password requirements in accordance with industry standards. Such policies and procedures should be consistently implemented, either through manual processes or automated controls, across all academic / administrative divisions and information systems to enforce general users’ compliance with the common practices (please refer to Section III General Users for recommended password requirements). In addition, the implementation

can be further enhanced through implementing various password management technologies.

Three common practices are employed by most of the password management solutions today: 1) single sign-on technology; 2) password synchronisation; and 3) local password management.

These practices are designed to minimise the risk of password compromise because of human factors, such as passwords being written down in clear text, passwords being logged when typed at keyboards, or weak passwords created for the ease of use.

Nevertheless, these practices may also cause other security risks to which the management should pay attention during implementation.

Single Sign-On Technology• ImplementationSingle sign-on (“SSO”) technology allows a user to be authenticated once and gain access to all information resources that he or she is authorised to use. The user is only required to enter the user account and password to SSO software, which performs authentication to individual resource using unique and strong passwords, and meanwhile keeps this process transparent to the user. The benefit of using SSO is that users are not required to remember multiple strong passwords for individual resources. Instead, the SSO software will enforce it automatically for them.

IT Security Awareness Series by JUCCWith an aim to enhancing the IT security awareness of the CityU community, the KPMG was commissioned by the Joint Universities Computer Centre (JUCC) to prepare a series of articles on IT security and they will be adopted and published here for your reference.

Password Management

OCIO NEWSLETTER12

There are different possible architectures for SSO technologies. One common example is to have a Kerberos-based authentication service for user authentication and a centralised database or directory service (e.g. Lightweight Directory Access Protocol Server) for the storage of authentication information for individual resources.

• SecurityConcernThe nature of SSO brings a single point of failure to users at the centralised servers hosting users’ authentication credentials of individual resources. The availability of the centralised server affects the availability of all the resources which rely on the SSO services for authentication.

The security of the centralised server is particularly important since any compromise of the server will lead to the compromise of credentials for many resources. Management should harden the centralised server and encrypt the transmission of authentication credentials to prevent this single point of failure from exploitation.

Password Synchronisation• ImplementationPassword synchronisation is similar to SSO from users’ perspective. The user is only required to remember one password to gain access to all the authorised resources.

However, no centralised directory or authentication server is required for using password synchronisation to perform authentication to individual

information resources. Instead, their passwords are automatically synchronised to the same password as the one typed in and remembered by the user.

Although using password synchronisation does not reduce the number of authentications required to gain access to individual resources, its implementation is easier and less expensive than SSO technologies since no centralised server is required to store authentication credentials.

• SecurityConcernThere is a major security disadvantage of password synchronisation. Since the passwords to all resources are the same, the compromise of any instance of the password, especially the low-security resource, will lead to the compromise of the entire resources under the same password synchronisation solution. Prior to implementing password synchronisation solutions, management should establish additional controls that enforce users to choose strong passwords.

Local Password Management• ImplementationLocal password management utility allows users to remember only one master password to gain access to the usernames, passwords and account numbers of other information resources. Users usually select an account from a list, giving command to the utility to copy the corresponding password. The password can then be pasted by users onto the authentication field of

the target information systems or applications.

Local password management software can be installed on users’ computers. Some software also supports the storage of passwords on a removable media instead of local storage, which introduces an extra layer of protection enforced by the ad-hoc connection of the password storage and the computers. For example, Kaspersky password manager can be installed on mobile device. Once the device is removed, the password database is automatically locked and any trace of the password data is removed from the host machine.

• SecurityConcern The security of the passwords stored within local password management utility is highly dependent on the security enforced on users’ computers or devices because they are installed locally.

Management is recommended to choose local password management software that have timeout feature to automatically lock the stored passwords from being copied after certain period, such as five minutes. The buffer (used for copy and paste passwords) should also be cleared automatically by the software after the password is pasted onto the authentication fields by users.

Issue 5 • Oct 2011 13

III. General Users Common Practices to Be Followed by General Users• UseStrongPasswordsFrom the users’ perspective, it is essentially important to develop the awareness on the use of strong and complex passwords. The following is an example of password strength recommended by the Centre of Internet Security (“CIS”) for a Windows XP desktop computer:

Password Parameter

Password Strength Requirement

Minimum Password Length

Create a password of minimum 8 characters

Maximum Password Age

Change the password every 90 days in maximum

Password Complexity

Create a password with an uppercase character, a lowercase character, digits and non-alphanumeric characters

Password History

Do not reuse the previous 24 passwords

Force first time password change

Change temporary passwords at the first log-on

• NeverWriteDownYourPasswordsDespite the implementation of SSO or password synchronisation, there are still plenty of passwords required to be remembered by the user. However, users should never write down their passwords for the ease of use. This will increase the risk of passwords being compromised, which may result in sensitive information being accessed by unauthorised personnel or even

the information systems / networks of universities being attacked.

• DoNotDiscloseYourPasswordstoAny Third Party

Users should be aware that their individual passwords must not be shared with other users to gain access to resources or applications. This is because the original use of password is to facilitate identification and authentication so that relevant resources can only be accessed by authorised individual users based on their identity. Disclosure to third parties not only compromises the confidentiality of passwords but also imposes serious security risks on the information resources affected. Users should change their passwords immediately if there is any evidence.

Nevertheless, there are also industrial best practices and users are advised to:• avoidkeepingarecord(e.g.paper,

software file or hand-held device) of passwords, unless this can be stored securely and the method of storing has been approved;

• notincludepasswordsinanyautomated log-on process, e.g. stored in a macro or function key;

• notshareindividualuserpasswords;• notusethesamepasswordfor

business and non-business purposes; and

• changepasswordswheneverthereisany indication of possible system or password compromise.

ConclusionThe protection of password-based authentication system requires the commitment of both the management

and the general users in universities. Password management solutions are available for centralising the management of passwords to minimise the risk of compromise. Nonetheless, users should also be responsible for the security of their passwords and raise their awareness to password protection on top of operational convenience.

Reference:1. http://csrc.nist.gov/publications/

drafts/800-118/draft-sp800-118.pdf 2. http://www.ogcio.gov.hk/eng/prodev/

download/s17.pdf 3. http://www.kaspersky.com/kaspersky-

password-manager4. http://benchmarks.cisecurity.org/tools2/

windows/CIS_WindowXP_Nenchmark_

v2.01.pdf

Copyright Statement All material in this document is, unless otherwise stated, the property of the Joint Universities Computer Centre (“JUCC”). Copyright and other intellectual property laws protect these materials. Reproduction or retransmission of the materials, in whole or in part, in any manner, without the prior written consent of the copyright holder, is a violation of copyright law.

A single copy of the materials available through this document may be made, solely for personal, noncommercial use. Individuals must preserve any copyright or other notices contained in or associated with them. Users may not distribute such copies to others, whether or not in electronic form, whether or not for a charge or other consideration, without prior written consent of the copyright holder of the materials. Contact information for requests for permission to reproduce or distribute materials available through this document are listed below:

copyright@jucc.edu.hkJoint Universities Computer Centre Limited (JUCC),Room 223, Run Run Shaw Building,c/o Computer Centre, The University of Hong Kong,Pokfulam Road, Hong Kong

OCIO NEWSLETTER14

AIMS Login Counts

Statistics at a Glance

Internet Bandwidth

AveragedMonthlyInternetBandwidth(Jul 2010 - Jul 2011)

MonthlyAIMSLoginCounts (Jul 2010 - Jun 2011)

Issue 5 • Oct 2011 15

OCIO NEWSLETTER16

Blackboard Login

Monthly Spam StatisticsSep 2010 - Aug 2011

LLS Computer UsageSep 2010 - Aug 2011

(Distinct LLS Computer)

Issue 5 • Oct 2011 17

Spam Statistics

LLS Computer Usage

DLS Computer UsageSep 2010 - Aug 2011

(Distinct DLS Computer)

DLS Computer UsageSep 2010 - Aug 2011

(Total Login)

DLS Computer UsageSep 2010 - Aug 2011

(Distinct User)

OCIO NEWSLETTER18

DLS — Student Notebook Computer Daily Loan Scheme

WLAN Connection ChartSep 2010 - Aug 2011

(Distinct Staff and Student)

WLAN Connection ChartSep 2010 - Aug 2011

(Total Login)

WLAN Connection ChartSep 2010 - Aug 2011

(User Type)

Issue 5 • Oct 2011 19

WLAN – Wireless LAN

IT Concepts from WikipediaAndy Chun (ed.)

Google+ (pronounced and sometimes written as Google Plus, sometimes abbreviated as G+) is a social networking and identity service, operated by Google Inc. The service was launched on June 28, 2011. Google+ integrates social services such as Google Profiles and Google Buzz, and introduces new services Circles, Hangouts, Sparks, and Huddles. Google+ is available as a web site, and will be available as a desktop application, and is already available as a mobile application, but only on the Android and iOS operating systems. Sources such as The New York Times have declared it Google’s biggest attempt to rival the social network Facebook. On July 14, 2011, Google announced that Google+ had reached 10 million users just two weeks after it was launched in a “limited” trial phase. After 4 weeks in operation, it had reached 25 million unique visitors.

Features:• “Circles”enablesuserstoorganizecontactsintogroupsforsharing• “Hangouts”areplacesusedtofacilitategroupvideochat(max10people)• “Huddle”isafeatureavailabletoAndroid,iPhone,andSMSdevicesfor

communicating through instant messaging within circles.• “InstantUpload”isspecifictoAndroidmobiledevices;itstoresphotosor

video in a private album for sharing later.• “Sparks”isafront-endtoGoogleSearch,enablinguserstoidentifytopics

they might be interested in sharing with others; “featured interests” sparks are also available, based on topics others globally are finding interesting. Sparks helps to keep users posted on the latest updates on the topics of their interest.

• Inthe“Stream,”usersseeupdatesfromthoseintheircircles.Theinputboxallows users to enter a status update or use icons to upload and share photo and videos. The Stream can be filtered to show only posts from specific Circles.

• “Games”(SocialGaming)had16gameswhenlaunchedonAugust11,2011.Unlike Facebook games, Google+ games are located under a games tab which gives games less visibility, with notifications that are separate from the rest of a user’s notifications.

• Google+hasa“+1”buttontoallowpeopletorecommendsitesandpartsofsites similar in use to Facebook’s Like button.

• SimilartootherGoogleapplications,Google+providesintegrationwithother Google applications like Gmail, Calendar, Documents, etc.

• A“DataLiberation”optionprovidestheabilitytodownloadone’scontentfrom Google+.

This article uses material from Wikipedia. The Author(s) and Editor(s) listed with this article may have significantly modified the content derived from Wikipedia with original content or with content drawn from other sources. The current version of the cited Wikipedia article may differ from the version that existed on the date of access. Text in this article is available under the Creative Commons Attribution/Share-Alike License.

Glossary Corner

Editorial Box

OCIO Newsletter Advisory Board Dr. Andy Chun (OCIO) Ms. Annie Ip (OCIO) Mr. Raymond Poon (CSC) Mr. Peter Mok (CSC) Mrs. W K Yu (ESU)

Publishing Team Ms. Noel Laam (CSC) Ms. Annie Yu (CSC) Ms. Joyce Lam (CSC) Mr. Ng Kar Leong (CSC) Mrs. Louisa Tang (ESU) Ms. Doris Au (OCIO)

For Enquiry Phone 3442 6284

Fax 3442 0366

Email cc@cityu.edu.hk

OCIO Newsletter Online http://issuu.com/cityuhkocio

OCIO NEWSLETTER20