SPOTLIGHT

Life Cycle Management of Cloud ServiceJohn Chan

Cloud Computing BackgroundOver the last 2 decades, CityU’s IT Infrastructure has undergone several major changes, from very discrete de-centralized to tightly centralized management, from using localized terminal lines to almost un-restrictive web-based access methods, and from large foot-print mainframe to highly compact high performance servers, all of these changes have made CityU become one of the best universities adopting the state-of-the-art IT technologies in supporting the University’s academic and administrative work. The Computing Services Centre (CSC), being the core Information Technology (IT) services and supporting department, is leading and taking up active roles in promoting and implementing the best suitable technologies to make all these happen.

All of these changes did not come easily without effort, especially in choosing the right paths. Back in the 1990’s, the CSC chose a major direction into which the whole IT infrastructure should go by adopting the IT Consolidation Strategy. It was proved to be the most appropriate and wise direction that the CSC has engaged into even as of today. Throughout all these years, this was exactly the strategy that the whole IT industry has been heading to and widely adopted in all IT sectors. Since then, various uses of consolidation have emerged in the form of different kinds of Virtualization techniques, ranging from servers to storage and to networking, and from hardware to software. Without all these, it will be extremely difficult to implement the best framework for offering IT

NEWSLETTEROCIOIssue 7 • Apr 2012

services with high user satisfaction nowadays.

With the increasing complexity of the computing services that are used today by the University for supporting both its academic and administrative daily activities, demand on the provisioning of these services and the frequent changes to adapt to business requirements have exceeded the limitation of the traditional methods that have been used for providing the services. There are at least two areas that need to be addressed. One is the lead time for the provisioning. The other is the large resources, or at least scalable resources, to be delivered. Activities in the University often require resources to be provided spontaneously. And this happens quite often both in the academic and administrative fields. For instance, a server needs to be set up for a particular event, or a specific server needs to add extra resources for a particular period of heavy usage, such as the student registration. Thus the CSC is often facing with the questions of: how fast can a server be set up or upgraded, and how powerful and large the resource can be provided. This is a huge challenge to the CSC in recent years, and in fact to the whole IT service industry.

Today, how efficient the provisioning method is will dictate how successful the provisioning will be. Traditionally, service provisioning has to be done manually. Normally, to set up a new service, the CSC has to go through the process of: getting the requirements from the users, procuring the hardware and software resources, installing and configuring the machines after they are delivered, performing the necessary tests to fine tune the systems, and finally delivering them to the concerned parties for service deployment. All these steps need to be repeated for each request in each service. And this is very time consuming and has a very unavoidable long lead time. Likewise, returning the resources of terminated

services for redeployment is also time consuming and hard to keep track of flawlessly. Fortunately, with the well established consolidation infrastructure that is in place over the years by the CSC, and with the maturity of the various virtualization techniques, it is now possible to fully implement the Cloud Computing Provisioning, which has been identified by the IT Industry to be the right direction to go for implementing the most efficient and effective service provisioning method and to manage their life cycles.

Cloud Computing OverviewThe Cloud Computing Provisioning is a new service that will be part of the IT infrastructure of the University and is considered one of the very important and indispensable services of the University. Cloud Computing provides “on-demand” computing resources very similar to a “utility” provisioning. It allows the University to share resources, software, and information across a controlled set of connected devices, enabling the University to carry out its academic and administrative activities more speedily and efficiently. It comes in many different forms. One of these is the Private Cloud which is the starting point for most enterprises. It is a solution in which all resources are set up in-house for the exclusive use of the University. This makes it easier to address security, privacy, compliance and other risks associated with other forms of Cloud Computing.

Other forms of the provisioning include the Hybrid Cloud and the Public Cloud. By Hybrid Cloud, extra resources on top of those provided for the Private Cloud will be provided by liaison with other public service providers. The other extreme is the Public Cloud, in which all service resources will be provided by the public service providers. Of course, the likelihood of implementing the Public Cloud within the University will be more of a policy matter rather than a technical issue.

Cloud Computing Roadmap at CityUThe CSC will implement the Cloud Computing Service in phases, according to the different usage needs and the necessity of adopting different types of Clouds as depicted above in different stages.

Phase 1 will involve the setting up of the Private Cloud and will be exclusively used for all the Central Services that are managed by the CSC. This phase acts as a very important stepping stone for evolving into other phases as it involves setting up the basic framework for the Cloud Computing, managing this framework including all the customizations and tuning, and operating the Cloud Computing Life Cycle Management including all of its support works.

Phase 2 will involve providing the Private Cloud for the departmental

Photo coutesy of Peter Mok (CSC)

OCIO NEWSLETTER2

uses. Normally, this kind of request includes providing resources for their administrative work, special projects, or for academic research work. At this stage, if the Private Cloud provisioning is stable and mature enough, it will be a good starting point of deploying the Hybrid Cloud. This will serve the purposes for those departments which require large amount of resources, which is especially the case for the academic research or teaching work, that can only be met by external service providers.

In the meantime, we are also reviewing some of our services for provisioning through the Public Cloud. A few of them have been adopted as pilots. This included the MS Live’s Live@edu from Microsoft and the Google Apps Education Edition from Google. Whether or not more services will be offered or replaced is not a technical issue, but rather a policy matter. Depending on the trustworthiness of the University on the Public Cloud service providers, in terms of security, reliability, flexibility, etc., the University can actually make use of this technology to open up new dimensions for offering resources to the user community.

Cloud Computing Life Cycle Management (CLM)Working behind the Cloud Computing Service is a framework, namely the CLM, for properly deploying the resource provisioning. To understand this, it

is best to follow the flow on how a particular service or resource is granted, used and then released for future use in the Private Cloud Provisioning Model. The following diagram will help explain this flow.

A typical Cloud Service Life Cycle involves the following major steps:- Defining the service and its

associated resources- Requesting the service- Creation of the resources- Activating the service- Releasing the resources

Each of these steps will be explained in more details below. However, before going into that, it is necessary to define the Types of Users that can use those resources:

Central users : normally, these are resources to be used by the whole University. The resources requested will be owned and managed by the CSC staff.

Departmental users: normally, these are resources to be used by that particular department or by individual staff of that department. For the former case, the resources will be owned by the department head or the departmental representative, while the latter will be owned by the individual staff.

External users: typically, these are resources requested by a particular

department for a specific project that is outsourced to external vendors that are engaged for their deployment or completion of that project.

Student users: normally, these are resources requested by an academic staff for their students to complete their project or research works.

Individual users: this type of users will be any staff member or student who has a genuine need for their work that are University related. Normally in this case, resources will be provided via the Hybrid or Public Cloud, with well defined University usage policy.

Defining the service and its associated resourcesBased on the needs of the University, in both the academic and administrative areas, the CSC will construct a pool of resources that can be shared by the whole University use, both for the central as well as departmental uses. Typical resources include virtual servers and/or storage. Associated with the resources are the attributes that will be well defined by the CSC. Typical attributes include defining WHO can see and select the service and thereby its resources, WHAT SERVICE LEVELS and/or CONSTRAINTS are tied to this service, and WHAT INTERNAL COSTS for this service will be used for charging back. All these services, together with their associated attributes, policies, and constraints, will be defined by the CSC in a Service Catalog.

Requesting the serviceWhenever a particular user wants to request a service, he/she does it through an organized Service Portal. This is the single point of access by the user for requesting or releasing a service. Once when

Issue 7 • Apr 2012 3

the user has gained access to the portal (via proper authentication), he/she will be presented with a list of service offerings. Depending on the roles and privileges of the users, the list might be different for each user as well as the selections that he/she can make around it. For example, the list for an academic department may be totally different from that for an administrative department.

Using the list, the user will select the service that is most appropriate for his/her work, together with the set of attributes, which are used to fine tune the service or resources to be allocated. Once the request is confirmed, the user will wait for the creation of the resources.

Creation of the resourcesWhen the Service Portal has received the request, it will initiate an Approval Process defined by the CSC. This process may be fully automated (for frequently-requested services like creation of a typical Windows server), or may involve manual approval. Different services can have completely discrete approval steps.

Once approved, the service is automatically provisioned. This provisioning will normally be in the form of a Virtual Server. However, depending on the specific requirements, other forms of provisioning may be possible such as storage, network, or even physical servers. In the case of Hybrid or Public Cloud, the provisioning will include other forms of Cloud services offered by external service providers. The provisioning is also dependent on the service attributes associated with the service chosen by the requesting user. For example, a user can select from a small, medium, or large server, depending on how much memory and disk spaces the user wants. Or, a service could be provisioned in different hosting location (e.g. a Private Cloud service vs. a Public Cloud service), depending on the service’s assigned

attributes, or depending on the user’s selection.

Activating the serviceOnce provisioned, the service enters its Operational phase. At this stage, the provisioning is considered completed in terms of the resources created. To the user, he/she will be able to use the provided resources. In the typical case of a Virtual Server, he/she will actually “see” and own the server just as the case of owning a physical server. That is, to the user, how the server comes into existence is totally transparent. However, just as in the case of a physical server, he/she still needs to properly manage the server in the normal daily operations. The user can have a choice of managing the server by oneself by going through all the Configuration Compliance Management and/or the Performance and Capacity Management processes, or the user can select to let the CSC handle all these system administration work.

While using the service, the user will also be allowed to modify the service requirements as time changes, depending on the unforeseen demands during his/her work-related activities. Options such as extending the service, requesting for more resources, etc. will be entertained usually.

Releasing the resourcesWhen the service is requested or created, a Retirement Date is normally

assigned to it. As that date approaches, the system will automatically notify the user as well as the CSC. At this point, the user and the CSC can jointly make an intelligent and informed decision about whether to decommission the service or to extend it. In case the former is chosen, the service will be stopped and its associated resources will be reclaimed to the central resource pools for other uses.

Working behind the scene is the existence of a CMDB database. Whenever a service or a resource is requested, the system will check against this CMDB database to see whether or not to grant the request. The system will also ensure that the Change Management and Asset Management processes are well kept in place so that at any point of time, the CSC has a complete picture of how the central resource pools are being used. For that particular requested service, the user and the CSC also will have the complete knowledge of how the service is actually being used, thereby avoiding the chance of misusing the service or accidentally retiring the service while it is still active.

Service Retirement is a very important function, which properly closes the lifecycle of the Cloud Service Provisioning.

Photo coutesy of Peter Mok (CSC)

OCIO NEWSLETTER4

BRIEF UPDATES

Starfish Retention Solution – Student AdvisingLilian Vrijmoed and Crusher Wong

Student advising is essential to the whole person development of students when both academic and co-curriculum issues are involved. Back in 2009, IT solutions to support student advising were examined and one name was identified – Starfish.

Starfish Retention Solutions (http://www.starfishsolutions.com/) provides an online system for advising with the capability to integrate with Learning Management Systems (such as Blackboard Learn) and Student Information Systems (such as Banner). At the time, the system consisted of three main features: (1) managing student appointments, (2) alerting students with poor academic performances and (3) tracking students based on course assessments, grades and advisers’ notes. Relying on a limited integration to CityU’s Blackboard system, Professor Lilian Vrijmoed in the Department of Biology and Chemistry (BCH) piloted Starfish with the BCH student cohort 2009 between January 2010 and September 2011.

In 2009, the BCH established a student advising Blackboard Organization to facilitate communication with all undergraduate BCH students in three different BSc programmes on issues of common interest. Starfish was embedded in this organization through Blackboard Building Block integration.

One of the biggest advantages was the minimal work involved in scheduling appointments with students during the pilot. Advisor marked the time slots on the Starfish calendar when he/she would be available to meet with

the advisees, say every Thurs afternoon in 30-min slots. Students in the system could then assess this calendar online and marked their intended time slot for an appointment. An email would be sent to the advisor and to the advisee for confirmation when the appointment would be entered in the OUTLOOK calendar at the same time. The particular time-slot would appear to be blocked to other students checking the appointment calendar. These automated procedures could save a lot of staff time in scheduling and tracking appointments via telephone calls and emails.

Starfish offers a different capability compared with DegreeWorks, the academic advising system adopted by the ARRO. The latter helps advisors to audit a student’s academic fulfillment of ALL the University requirements to attain his/her degree award. Starfish provides a platform to interact with students for a whole range of activities; their academic performance, their participation of co-curricular activities such as overseas exchange, internship, student organizations, their career choice etc. or their adjustment issues, especially with first year students. One can make notes of the meeting with students which can be shared (by choice) with the student, or any other staff member involved with advising of the student, e.g. program leader/staff mentor/ staff academic adviser etc. This

tracking of a student’s progress is of great importance, especially with the new College-based admission when the students’ academic advisor will be changed from the College system to a Department system in their promotion from Year 1 to Year 2.

Another very useful facility yet to be tested is the early warning system if a student is not performing well mid-way in the semester. This is enabled by collecting scores from the GradeCenter in Blackboard course sites of all assessment activities of the advisees. Starfish will flag students with poor performance and alert the staff concerned, i.e. academic adviser / staff mentor / program leader that extra support may have to be provided to the students. Our current system does not have this fore-warning facility and it is usually at the Assessment Panel meeting that these students surface. Help may be a bit too late then!

With new interest to student advising system emerging from the College of Business (CB), Starfish will return to CityU soon. New integration technique is being examined by the Computing Service Centre and the e-Learning Team to facilitate the process of students advising.

Issue 7 • Apr 2012 5

As members of different communities and the society, we are always protected by laws, regulations, policies and standards, and here is the good news for the CityU Community: we intend to commit ourselves to two additional families of standards to further improve our quality of IT service and information security:• BSISO/IEC20000Information

Technology Service Management System (ISO 20000 itSMS or ISO 200000 SMS interchangeably) [1, 2]

• BSISO/IEC27001InformationSecurity Management Systems – Requirements(ISO27001ISMS)[3]

Similar to other Quality Management System (QMS), both standards emphasize on ensuring the consistency and continuous improvement of services, focusing on different areas though.

To start with, we will focus on certifying the CityU Paperless Office Service (Paperless Service) against the standards. Subject to the lesson learned, we will then consider applying the standards to the other services.

The StandardsISO 20000 itSMS is aimed at ensuring the efficiency and effectiveness of services.Ontheotherhand,ISO27001ISMS governs the management of information security risks. They are not identical, but they share some overlapping concepts, and very often, organizations certify their services against the two standards together.

The “Information Security Updates” by JUCC on page 8 to 10 of OCIO

FEATURE

ISO 20000 and ISO 270001 Are Coming To CityU Vincent Yiu

Newsletter Issue 6 presented a thorough description of ISO 27001ISMS[4],andwearegoingto discuss more about ISO 20000 itSMS here.

Back to BasicsThe “Plan-Do-Check-Act (PDCA)” cycle is the core concept, on top of which ISO 20000 itSMS and many QMS are built. The PDCA cycle emerged in the 1960s and quickly became a popular management methodology. It is widely recognized as an adaptive cycle, which can be employed by any organizations regardless of their size and nature.In the context of ISO 20000 itSMS [1], PDCA is considered as:

Plan: establishing, documenting and agreeing the SMS. The SMS includes the policies, objective, plans and processes to fulfill the service requirements.

Do: implementing and operating the SMS for the design, transition, delivery and improvement of the services

Check: monitoring, measuring and reviewing the SMS and the services against the policies, objectives, plans and service requirements and reporting the results.

Act: taking actions to continually improve performance of the SMS and the services.

ISO 20000 itSMS FrameworkThe itSMS Framework is designed

to cover all the processes required in delivering and managing the concerned IT Services. Generally speaking, ISO 20000 itSMS requires the organization to implement an itSMS with the following components and features [1, 2].• Managementresponsibility• DocumentManagement• ResourceManagement• Establishandimprovethe

itSMS

The itSMS must also define and govern the following processes [1, 2]:• Designandtransition(or

Planning and implementing) of new or changed services

• Servicedeliveryprocesso Service level managemento Service reportingo Budgeting and accounting

for serviceso Capacity managemento Information Security

Management• Relationshipprocesses

o Business relationship management

o Supplier management• Resolutionprocess

o Incident and service request management

o Problem management• Controlprocesses

o Configuration managemento Change managemento Release and deployment

management

The above processes should sound familiar to most for the IT professionals, and these even may

OCIO NEWSLETTER6

be part of their day-to-day activities. In reality, there must already be some form of service management systems running in an organization whether ISO 20000 itSMS is applied or not.

Certification processesMentioned above, we already have a functioning service management system, and the certification processes can be considered as a task to shape our current system to meet the requirements of ISO 20000 itSMS. As we also intend to certify the PaperlessServicesagainstISO27001ISMS, an Integrated Management System (IMS) which covers both standards will have to be designed, implemented, and certified. The following tasks will be carried out:1. Evaluate Current Status This is also widely-known as

“gap-analysis”. The objective is to study the current system and understand the discrepancies between the current situation and the requirements of the standards.

2. Design and Implementation of IMS Based on the result of “gap-

analysis”, it is required to design and adjust our current systems to make it conform to the standards.

3. Training The goal of training is to help

the practitioners understand the requirements of the standards and acquire the techniques and knowledge necessary to operate and maintain the IMS. We shall organize awareness and implementation training to the practitioners. Some key members

will also be trained to obtain the Internal Auditor or even Lead Auditor qualifications of ISO 20000 andISO27001.

4. InternalandExternalAudit When the IMS is matured and

operated for at least 3 months seamlessly, audit will be conducted. Internal Audit is an internal checking to ensure the conformity to standards before a Certification Body is invited to assess our IMS. External audit will be conducted by a Certification Body, which will issue the certificates if our IMS meets the requirements of the standards.

Tentative ScheduleTentatively, it is hoped that the IMS can be implemented and certified about six to eight months after the Paperless Service is launched. However, a practical schedule can only be determined after the gap-analysis is done.

Final Remarks If you have read through this lengthy article and reached here, thank you and you have my highest respect. The ISO standards are not interesting to read, but going through the process will benefit both the University and the practitioners in many ways. If you want to discuss more about the topics, please don’t hesitate to leave me a message at infosec@cityu.edu.hk.

Reference[1] BS ISO/IEC 20000-1 – Information

Technology, Service management – Service Management System – Requirements

[2] BS ISO/IEC 20000-1 – Information Technology, Service management – Service Management System – Code of practices

[3]BSISO/IEC27001–InformationTechnology, Security Techniques – Information Security Management Systems – Requirements

[4]JUCC(2012),InformationSecurityUpdates – IT Security Awareness Series by JUCC, OCIO Newsletter, City University of Hong Kong, Issue 6, 8-10.

Issue 7 • Apr 2012 7

FEATURE

CityU Awarded a 2012 CIO AwardWeb Redesign Team

CityU was awarded a prestigious 2012 “CIO Award” from CIO Asia, which recognizes the top 5 organizations in Asia that have made innovative use of ICT. For CityU, the CIO Award was presented for our “University-wide Web Redesign Project” and the innovative mobile web technology and platform that we created right here at CityU.

The “University-wide Web Redesign Project” is the largest Web project the University has undertaken since its establishment, covering close to a hundred websites and hundreds of thousands of web pages. Through the joint efforts and collaboration of over a hundred IT and non-IT staff across all departments and units, the new websites were gradually launched in October 2011.

The newly revamped CityU website not only brought a fresh new and modern look but also greatly improved usability, information architecture, and user experience. It also strengthened our brand consistency and brand image. Most importantly, it allowed all our hundred websites and hundreds of thousands of web pages to be mobile friendly – displaying properly on all types of modern mobile devices such as smart phones and tablets; as well as accessible to the disabled including those with low-vision or the blind.

This major accomplishment was recognized in the 12th annual CIO 100 Index and CIO Awards ceremony recently held at Singapore, 9 March 2012.

The awad was organized by CIO Asia, a leading IT publication. The annual CIO 100 Index highlights the top 100 regional enterprises and organizations that have excelled through creative and innovative ICT projects. This year, the CIO Index included projects from many regional economies including Singapore, China, Hong Kong, Macau, Taiwan, India, Thailand, Indonesia, Laos, Malaysia, Vietnam, the Philippines, Korea and the United Arab Emirates. For the Greater China region, Mainland China had 11 projects,HongKonghad7projects,Macau had 1 project, and Taiwan had 2 projects selected for the CIO Index. The CityU web redesign project was oneofthe7HongKongprojectsselected.

Out of the 100 projects in the CIO 100 Index, a panel of independent judges then selects the top 5 most outstanding projects to further receive the prestigious “CIO Award.” CityU was the only organization in the Greater China region to receive the “CIO Award.” Other winners included the Housing and Development Board (Singapore), Inland Revenue Authority of Singapore and Global Blue Pte Ltd. (Singapore), Integrated

Health Information Systems Pte Ltd (Singapore), and the Standard Chartered Bank (Thai) PCL (Thailand). According to CIO Asia, the award winners “made exemplary use of technology to derive strategic value and maximum returns for their businesses... a role model for our IT community through its effective use of ICT to generate a competitive advantage.”

Dr. Andy Chun, CityU’s CIO, commented: “We are extremely delighted to win this award. The CIO Award is a particularly special honor because it represents recognition from fellow peers in the IT profession across the Asia region. The award is further affirmation of CityU’s continued leadership in the use of technology to support higher education mission.” In the past 12-year history of the CIO Award, CityU is the only University in the Greater China region to have ever received the “CIO Award,” and one of the very few in Asia.

Dr. Andy Chun, CityU’s CIO, received the 2012 CIO Award on behalf of the University.

OCIO NEWSLETTER8

CityU was conferred the CIO Award in recognition for its innovation in creating a unique mobile web technology platform that allowed the University to revamp its entire websites to work seamlessly across any device, using the same source code. This unique technology, created at CityU is based on the latest HTML5/CSS3 technology and allows the University to leverage the same webpage to support multiple devices, saving the University tens of millions of dollars in development cost.

CityU is probably the first and only University in the world to have successfully transformed its entire websites to be mobile-friendly. In addition, our framework automatically ensures all websites follow a basic set of accessibility standards so that anybody with disabilities, such as low-vision or blindness, can still easily and conveniently browse our web pages. The University embarked on this project in response to the increased usage of smart phones and tablets throughout society and our commitment to social responsibility.

CityU has been sharing educational and event videos and audios on the Internet for public use since 1999 via the CityVoD service, http://www.cityu.edu.hk/cityvod, and later the YouTube via the CityUtube service, http://www.youtube.com/CityUHongKong.

CityU iTunes U is an additional channel where video and audio contents can further reach out to audiences in the Apple iTunes arena. Videos and audios posted on CityU iTunes U can be downloaded and viewed on PC, Mac, iPhone, iPod and iPad with the free iTunes and iTunes U app installed.

Departments with video and audio recordings of seminars, lectures, lab demonstrations, student presentations, visits, field trips, etc. that wish to share them with the global learners via CityU iTunes U can contact the CSC (csc@cityu.edu.hk), and we can assist departments to put them up on CityU iTunes U and, as needed, provide maintenance accesses so that departments can manage their materials thereafter.

As recommended by Apple iTunes U, videos and audios materials with continuity will be most appropriate, e.g. seminar and lecture series, quarterly and annual activities, so as to build up the institution’s branded collections to retain and attract new audiences. Many overseas and local universities and colleges have iTunes U present, and CityU iTunes U is inviting more video and audio content contributions from departments for it to reach the collection volume required by Apple for it to go life.

BRIEF UPDATES

CityU iTunes U – Invites Your ContributionsMaria Chin

A preview of CityU iTunes U

Related articlesApple iTunes U, http://www.apple.com/education/itunes-u/what-is.htmlOCIO Newsletter Issue 6, Video on Demand – CityVoD, http://issuu.com/cityuhkocio/docs/ocio_newsletter_issue_6

Issue 7 • Apr 2012 9

I. BackgroundIndustry Story University of Kentucky Research Group Controls Costs with Centralised IT Management Software

The University of Kentucky’s Research Information Services group, which serves a 300-plus staff of research administrators facilitating $300 million in university grants, has realised dramatic savings by consolidating from five network support software tools to a single system. Administrative tasks handled by the new software suite include inventory management, software updates and patches, and new application deployments, which used to take weeks to complete when a technician must be on site to manually perform the maintenance.

See the article: http://campustechnology.com/articles/2009/12/10/u-kentucky-research-group-controls-costs-with-centralized-it-management-software.aspx

Software Asset Management (SAM)SAM is an organisational practice designed to manage and optimise the purchase, deployment, maintenance, utilisation and disposal of software applications. By implementing SAM, universities should be able to achieve the following benefits:• ReducedITcostbyacquiringrightnumberoflicensesand

reducing redundancy • QualitydecisionmakingandresponsivenesstonewIT

requirements through better identification of software needs

• Increasedemployeeproductivitybystandardisingsoftwareversions and eliminating conflicts caused by discrepancies

However, universities also face with constraints and challenges when implementing SAM within their IT infrastructure, such as:

• LackofITresourcestoimplementandmaintaineffectiveSAM

• Trackingsoftwareinventoryandusageseemsimpossiblefor decentralised IT functions or increased proliferation of mobile workers

• Requirementonsoftwarelicensescannotbeproperlyestimated in the absence of proper tracking of software inventory

• Complexlicensingduetoinfinitesoftwaremodelswithnewschemes continuing to emerge and involve

II. ManagementNowadays, software is a critical enabler that encompasses almost all core processes in various organisations, including universities. With the intention to maximise the IT functions and optimise the IT investment, management needs a clear picture of how their software needs are managed, procured, developed, tested, released, maintained and retired in accordance with the overall IT and organisational strategies. A typical SAM include the following key component that require the involvement of both universities’ management and IT functions:

IT Asset LifecycleAs the fundamental component for a SAM solution, IT Asset Lifecycle provides the baseline process flows for universities to maintain its software asset inventory. The IT Asset Lifecycle contains the following stages:

IT Security Awareness Series by JUCCWith an aim to enhancing the IT security awareness of the CityU community, the KPMG was commissioned by the Joint Universities Computer Centre (JUCC) to prepare a series of articles on IT security and they will be adopted and published here for your reference.

Software Asset Management

OCIO NEWSLETTER10

Assessment on Current SAMThe “SAM Optimisation Model” is a framework to assess the efficiency and effectiveness of software asset management procedures currently established by universities. The universities can evaluate the maturity level of its SAM and categorised into following four models.• Basic SAM - management has little/ ad-hoc control over

software asset; in addition, no policies and procedure are established to specify the requirement and standards for SAM

• Standardised SAM - SAM processes and tools are in place to keep track on software used by universities; however, the information recorded for SAM purpose may be obsolete and usually not used for management decision making

• Rationalised SAM - Active management of software is performed within universities. In addition, defined policies, procedures and tools with reliable software asset information are in place for management decision making

• Dynamic SAM - Optimised management of software is achieved by universities to “real-time” cope with changes to strategic needs

Based on the assessment results, universities can identify the gap between their current SAM levels and the most optimised status (i.e. Dynamic SAM), and determine the required improvement areas.

While the above model provides a useful roadmap, management may still need to translate these ideas on improvement areas into practical attributes and actions items. The following practices illustrate the key steps toward optimising the SAM within the universities:

1. Policy and Procedures Policies and procedures are the major components of a SAM solution. When universities understand their current SAM levels after using the “SAM Optimisation Model” missing requirements or mechanism should be addressed by formulating specific policies or procedures. For example, to transform from “Standardised SAM”to “Rationalised / Dynamic SAM” universities should establish procedures requiring regular update of information on software assets. Furthermore, universities should also appoint designated IT administrators to

enforce the execution of policies / procedures. Periodic review and audits are also required to detect any process-level defects or changes in universities’ IT environment.

2. Change the Culture Proper use and management of software needs to be ingrained in the universities’ culture. Simply enforcing the policies and procedures and targeting on shifting to the higher levels of SAM is merely sufficient. Negligence of intellectual property and the importance of SAM among universities’ senior management, members or students can easily render the policies and procedures ineffective. In order to change the universities’ culture towards SAM, tailor-made awareness trainings should be delivered to all university members and facilitate their recognition of the need to actively manage of their software assets and understand software is no different from other products or servers that requires to be paid for.

3. Gain Control of the Environment Another important step in the drive to optimised SAM is controlling the access to software deployment. The easiest way to roll out a new server is often to copy an existing software image that is known to be effective. But infrastructure teams all too often forget they need to acquire additional licenses for the extra deployments. Servers can run high-ticket software, and can be used to deploy, inadvertently, hundreds or even thousands of unlicensed copies. So gaining control of what gets placed on servers becomes a critical step in the road to SAM.

4. Implement the Right Tools Process and culture is critical, but universities also need to implement suitable technologies to realise the SAM solutions. In today’s market, many SAM products provide SAM capabilities ranging from software metering, patch management, software deployment and software discovery. Popular SAM products are IBM Maximo Asset Management, HP Asset Manager, Novell ZENworks Asset Management, to name a few.

III. General Users Users’ Obligations in SAM1. Software Installation Universities’ staff members, students and contractors must only

Issue 7 • Apr 2012 11

install the software obtained through the IT departments on the desktops, laptops or other information systems owned by the universities. If users wish to install non-universities-owned software, they must seek advice from the IT management for assessment on potential compatibility issues and compliance with licensing requirements. Furthermore, users are prohibited from installing any software containing malicious components or virus.

2. Policy Awareness Regarding the software management policy of universities, staff and students should pay attention to every detail on the security requirements on the usage of software. Any security patches and hotfixes should be installed when they are initiated by IT management.

3. Termination of Use At the termination of employment or study with the universities, all university-owned software should be removed from the users’ personnel computer or laptops.University-owned software installed on non-University owned computers should be removed if it is no longer required, if the license has expired, or if the person who owns the machine terminates employment with the University.

ConclusionSAM is an integrated approach to understand software needs and the ways in which software can contribute to the maximum efficiency and effectiveness of organisations including universities. To implement an effective SAM requires a fundamental shift in culture, as well as incorporating the values of software to boarder business objectives and future planning. Nevertheless, by understanding purchase, deployment, maintenance and removal of software asset lifecycle, SAM can lead to lower costs, reduced risks and an overall greater return on this technology investment.

Reference:Software Asset Management, Mitigating Risk and Realizing Opportunities - KPMG Publicationhttp://www.ipd.gov.hk/eng/promotion_edu/seminars/20080123/pp_ada_kong.pdf http://www.dell.com/content/topics/global.aspx/services/saas/software_inventory_challenges?c=us&l=en

Software Asset Management, Mitigating Risk and Realizing Opportunities - KPMG Publicationhttp://www.microsoft.com/sam/en/ca/optmodel.aspxhttp://www.windley.com/docs/Asset%20Management.pdf

Software Asset Management, Mitigating Risk and Realizing Opportunities - KPMG Publicationhttp://www.ipd.gov.hk/eng/promotion_edu/seminars/20080123/pp_ada_kong.pdfhttp://www.microsoft.com/sam

Copyright Statement All material in this document is, unless otherwise stated, the property of the Joint Universities Computer Centre (“JUCC”). Copyright and other intellectual property laws protect these materials. Reproduction or retransmission of the materials, in whole or in part, in any manner, without the prior written consent of the copyright holder, is a violation of copyright law.

A single copy of the materials available through this document may be made, solely for personal, noncommercial use. Individuals must preserve any copyright or other notices contained in or associated with them. Users may not distribute such copies to others, whether or not in electronic form, whether or not for a charge or other consideration, without prior written consent of the copyright holder of the materials. Contact information for requests for permission to reproduce or distribute materials available through this document are listed below:

copyright@jucc.edu.hkJoint Universities Computer Centre Limited (JUCC),Room 223, Run Run Shaw Building,c/o Computer Centre, The University of Hong Kong,Pokfulam Road, Hong Kong

OCIO NEWSLETTER12

Over 70 participants turned up in the City University of Hong Kong Blackboard (Bb) User Group Forum 2012 in the afternoon of 6 March 2012. While the event was primarily for colleagues at CityU to share their e-learning practices, professionals from other local tertiary institutions, IT solution providers and publishers also joined our sharing. The forum ran in parallel with the e-Learning Fair which showcased good e-learning experience in a poster exhibition. Both events were co-organized by the Office of the Chief Information Officer and the Office of Education Development and Gateway Education.

Dr. Andy Chun, the Chief Information Officer, and Prof. S H Cheng, the director of the Office of Education Development and Gateway Education, inaugurated the forum together by welcoming

the crowd. The first talk entitled “Pioneering m-Learning and e-Assessment Using iPad/Mobile Technology” was delivered by Dr. Avnita Lakhani, Assistant Professor from the School of Law. Even the e-Learning Support Team members were amazed by her application of cloud service “Scribblar” for virtual whiteboard in additional to the institutionalized tools such as Blackboard Learn and Qualtrics. The importance of pre-class preparation, in-class discussions and post-class review and e-assessment for students was also emphasized.

Inviting speakers from another institution had been a tradition in the CityU Bb User Group event. This year we welcomed Ms. Judy Lo from the Information Technology Service Centre at the Chinese University of Hong Kong

BRIEF UPDATES

CityU Blackboard User Group Forum 2012Crusher Wong

who leads e-learning support there. Blackboard Learn had been selected as the new unified e-learning system at the CUHK after a long term deployment of WebCT and Moodle. Judy illustrated the platform evaluation process and the implementation plan of the new system.

In response to the challenge from CityU and other Bb-equipped institutions, collecting artifacts from Bb course sites to evaluate outcome achievements had finally become a reality. Representative from Blackboard Inc. Mr. Vivek Ramgopal demonstrated the new Bb Outcome System which could harvest assessment related files and data inside Bb course sites to generate reports on the attainment of outcomes in all levels, from course to institution. Hence, providing evidences on the achievement

Dr. Avnita Lakhani (SLW) delivered topic on “Pioneering m-Learning and e-Assessment Using iPad/Mobile Technology”

Dr. Andy Chun (CIO) and Professor S H Cheng (Diector of EDGE)

Miss Judy Lo (CUHK) talked about CUHK’s implementation of new e-Learning system

Issue 7 • Apr 2012 13

of students/graduates to course instructors, programme leaders, upper management and the general public would not require duplicated work in student assessment. The possibility of an Outcomes system pilot is being discussed.

Miss Bilands Dy from the English Language Centre revealed how GradeMark by Turnitin saved her time and space by facilitating a practical online marking environment for her courses. Thousands of pieces of paper were no longer necessary when comment bank and inline marking tools were available to deliver feedback to students. In addition, she took advantage of PeerMark feature on Turnitin to permit peer assessment on the web, eliminating the need to generate more hardcopies for distribution and collection like the old times. Hopefully all staff and students can engage in teaching, learning and office work in such green approach.

A quick scan on the Blackboard Mobile Learn Analytics was performed before the end of the forum. On a busy day in semester B 2011/2012, login to Bb Learn via mobile apps from different platforms could reach 10,000 which accounted for around 30%

Dr. Crusher Wong (OCIO) performed a quick scan on the Blackboard Mobile Learn Analytics

One of the poster display by Dr Ray Cheung (EE)

Mr. Vivek Ramgopal (Blackboard Inc.) demonstrated the new Blackboard Outcome System

Participants exchanged ideas actively during the Forum

of logins by any means in the same time frame. Comparing to below 200 logins daily by app one year ago, the rise in demand on mobile access for learning is skyrocketing. Colleagues are recommended to attend m-learning workshop to prepare for a new generation of students grown up with mobile technologies.

OCIO NEWSLETTER14

BRIEF UPDATES

Supporting Mobile Learning with iPad2 in School of Law Patrio Chiu

iPads, iPhones and iPods are usually regarded as gadget items for the young and the trendies; on the other hand, the School of Law (SLW) is often seemed as a traditional and serious place for lawyers and professionals. It looks that the two are from different worlds and cannot be mixed together. But with the mandate of enhancing teaching and learning, mobile learning joined the two extremes together. The SLW has launched the Mobile Learning Scheme in October 2011, and the Scheme aimed to equip the SLW faculties and students with the latest mobile device, in this case iPad2 from the Apple Computer, for teaching and learning. Around 1,000 units of iPad2 were distributed in semester A 2011. The objective was to provide an innovative learning environment in a traditional law programme to help stimulate the students’ motivation in learning by providing an efficient mobile device and related technology that students love to use.

SLW colleagues welcome the new technology available to them; however, most of them have not use mobile devices in a classroom setting before, not to mention the latest gadget from the Apple Computer. In response to the issue of using the mobile devices in teaching and learning, the Office of Chief Information Officer (OCIO) joined the Office of Education Development and Gateway Education (EDGE), with the support from the Apple Computer and the Computing Services Centre (CSC) to conduct a Mobile Learning workshop

tailored for the SLW. It is a true inter-office collaboration workshop to support faculty teaching. The division of tasks in the Scheme was: the OCIO provided IT support, the EDGE provided eLearning pedagogy, Apple Computer supported the devices and the CSC oversaw the IT infrastructure. The workshop was held on 13 October 2011, and SLW Associate Dean Mr. GU Minkang and other SLW staff members attended the workshop. The workshop began with Ms. Christine Chow and Mr. Gilbert Ho from the Apple Computer to give a brief introduction of the basic functionalities of iPads. Meanwhile, SLW colleagues became familiar with the devices and began to set up iTunes accounts with the help provided by the presenters during the workshop. Colleagues discovered that iPad is not just another miniaturized computer, but a convenient device with its unique characteristics. Generic Apps* used in educational area such as Dropbox, Doc to Go and iAnnotate etc. were presented so that colleagues had a basic idea of functional Apps to use in class. Dr. Crusher Wong (OCIO) then presented the Blackboard Learn mobile App for iPads. He demonstrated the functionalities of the App using a demo course, showed colleagues the App’s abilities and discussed about its limitations. He also showcased some of the mobile learning activities conducted in other Colleges and Schools in CityU. His

demonstration inspired colleagues on what can be done using mobile devices in teaching and learning. After that, Dr. Patrio Chiu (EDGE) demonstrated the use of iPads to access Law database and resources within and outside CityU. He also gave a brief overview of Law related Apps including Law codes, references and dictionaries. Case studies of mobile learning activities in other Law schools were also presented.

The workshop lasted for two hours and was packed with lots of resources and materials related to mobile learning. Questions and issues on the use of iPads were raised by SLW faculties and answered by the presenters. Mobile learning resources were set up online on the elearning team web site and law specific materials are posted on the EDGE web site. At the end of the workshop, SLW colleagues discovered that the latest gadget from Apple Computer can also be a very useful tool in teaching a traditional discipline.

* Generic Apps: Docs to Go, Dropbox, Soundnotes/Voice Memo, GoDocs, DocAs,

Good reader, iAnnotate, Sundrynotes and Flipboard

Issue 7 • Apr 2012 15

Statistics at a Glance

DLS — Computer Usage Report From Apr 2011 to Mar 2012

DLS Computer Count

DLS Login Count

OCIO NEWSLETTER16

DLS Distinct User

Issue 7 • Apr 2012 17

WLAN User Count

WLAN – CityU WLAN Usage Report From Apr 2011 to Mar 2012

LLS Login Count

OCIO NEWSLETTER18

WLANTotal Login

WLAN – CityU WLAN Usage Summary From Apr 2011 to Mar 2012

LLS — Computer Usage Report From Apr 2011 to Mar 2012

LLS Distinct User

LLS Computer Count

Issue 7 • Apr 2012 19

IT Concepts from WikipediaAndy Chun (ed.)

Android is a Linux-based operating system for mobile devices such as smartphones and tablet computers. It is developed by the Open Handset Alliance led by Google. The Open Handset Alliance is a consortium of 86 hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices. Google releases the Android code as open-source, under the Apache License. The Android Open Source Project is tasked with the maintenance and further development of Android. Development is based on the Java programming language.

iOS is Apple Inc.’s mobile operating system. It is derived from Mac OS X, with which it shares the Darwin foundation, and is therefore a Unix operating system. Originally developed for the iPhone, it has since been extended to support other Apple devices such as the iPod Touch, iPad, and Apple TV. Unlike Windows Phone and Android, Apple does not license iOS for installation on non-Apple hardware. Development is based on the Objective-C programming language.

Windows Phone is a mobile operating system developed by Microsoft, and is the successor to its Windows Mobile platform, although incompatible with it. With Windows Phone, Microsoft offers a new user interface with its design language, Metro, integrates the operating system with third party and other Microsoft services, and set minimum requirements to the hardware on which it runs. Development is based on the C# programming language with other .NET languages to follow.

This article uses material from Wikipedia. The Author(s) and Editor(s) listed with this article may have significantly modified the content derived from Wikipedia with original content or with content drawn from other sources. The current version of the cited Wikipedia article may differ from the version that existed on the date of access. Text in this article available under the Creative Commons Attribution/Share-Alike License.

Glossary Corner

Editorial Box

OCIO Newsletter Advisory Board Dr. Andy Chun (OCIO) Ms. Annie Ip (OCIO) Mr. Raymond Poon (CSC) Mr. Peter Mok (CSC) Mrs. W K Yu (ESU)

Publishing Team Ms. Noel Laam (CSC) Ms. Annie Yu (CSC) Ms. Joyce Lam (CSC) Mr. Ng Kar Leong (CSC) Mrs. Louisa Tang (ESU) Ms. Doris Au (OCIO)

For Enquiry Phone 3442 6284

Fax 3442 0366

Email cc@cityu.edu.hk

OCIO Newsletter Online http://issuu.com/cityuhkocio

OCIO NEWSLETTER20