CSG: Meeting Summary: May 22, 2007

Common Systems Group (CSG)
Meeting Summary
Tuesday – May 22, 2007

CSG Attendees: Julie Austin, Ross Bollens, Paul Craft, Carmela Cunningham, Jim Davis, Scott Dicks (for Tom Phelan), Bill Jepson, Carol King, Max Kopelevich, Kathleen O’Kane, Sean Pine, Terry Ryan, David Snow, Mike Van Norman, Kent Wada, Don Worth

Guests: Karen Ribback, Tom Trappler

The meeting was called to order at 2:09 p.m.

Agenda Item 1: Overview of e-Discovery

Kent Wada requested that members send topics identified by each group for local policies to Susan Mangel at smangel@conet.ucla.edu. A UC campus-wide survey will be conducted at UCLA in June to collect data on local policy issues to be included in the survey. It is anticipated that the sessions will be scheduled in three hour blocks of time and will be used to define policy requirements specific to UCLA. Members were requested to make the information sessions a priority.

Agenda Item 2: IP3 Security Seminar

UCLA will be co-hosting IT Security: From Strategy to Reality, a two-day security seminar conducted by IP3, Inc., on July 17-18, 2007. The seminar will present strategies and solutions to address security concerns, policies and compliance, cost and risk factors; it will address issues pertinent to managers at all levels of the University.

As part of the incentive to host the seminar, 20 free seminar slots are available to UCLA staff; these will be assigned to the first twenty UCLA staff members who respond. After the first twenty slots have been filled, UCLA staff interested in attending the seminar are being offered a reduced registration fee of $100. In order to register for the seminar, use the url being developed for UCLA staff member registration; Kent Wada will send the link as soon as it becomes available. Jackie Reynolds is the contact person on campus.

Agenda Item 3: Renewal of Sophos Agreement

Tom Trappler advised the members that the Sophos renewal included a two-day on-site training. The training is to be defined by the University’s needs, so the members were asked to go back to their respective organizations to obtain feedback on the best use of this training. In addition, an email will be sent to CCC requesting feedback. Requests are to be emailed to Tom Trappler at trappler@ats.ucla.edu. It is anticipated that the training will be scheduled for July/August.

Agenda Item 4: Campus Domain Name Service Update

Mike Van Norman presented a report on the campus domain name service update. The plan to update the campus domain name infrastructure is scheduled to be completed by December 31, 2007. The updated service will provide for three authoritative servers and three campus recursive servers, and will give the campus greater direct control. There will be no impact on clients; however, for the servers IP addresses of authoritative secondaries will change and access control lists will need to be updated. The update will improve the University’s position for disaster recovery/business continuity and will bring UCLA in line with emerging best practices for domain name services.

Agenda Item 5: Routing RFC1918 Addresses Update

Mike Van Norman presented three routing plans to address requests to route private IP addresses that are functional across the campus backbone and addresses for devices that have no need for direct off-campus access.

192.168.0.0/16
Address space will not be routed.
172.16.0.0/12
Begin routing between departments during summer.
Network Operations Center will allocate space to departments, controlling and enforcing use of address space as with public campus space.
10.0.0.0/8
No immediate plan to route on backbone.
Network Operations Center will coordinate address use across departments to avoid future conflicts.

Although campus IPv4 address space is largely depleted, most allocated space is highly underutilized and most requests to return unused space have been declined. ARIN has passed a resolution tightening the allocation of IPv4 space which effectively prevents us from obtaining any more large blocks. In light of this, a policy has been implemented in which no more space will be allocated to departments unless they meet an established threshold; the threshold was established at a level in which only those who are most efficient will meet it and be able to expand. Per Mike Van Norman, based on a 7 day sample, there is 12% utilization for 50% of the space; he is collecting additional data to conduct a more comprehensive analysis. When the additional data is available, the CSG will return to the issue of reclaiming unused space.

Agenda Item 6: TIER Fund Use Principles

Mike Van Norman reviewed recommended additions/revisions made to the TIER Fund Use Principles and Process document at the ITFOC meeting on April 27, 2007.

Item #1: Independent networks that move to consolidate networks within a building or within a geographical or functional region should be a priority of the TIER program and funding.

Item #9: All TIER funded equipment will be maintained at current (up-to-date with the current manufacturer supported) operating software levels.

Item #9 discussion focused on the financial and practical implications.

The impact of applying this principle to equipment funding options was addressed. Maintenance should be a priority where it makes sense not as a blanket coverage for all equipment.
TIER does not want to fund equipment that cannot be legally updated due to obsolescence due to lack of maintenance.
Many departments will not be able to pay for maintenance year to year. The question of enforcing departments to maintain equipment was raised.
It was agreed that the principle of maintenance is an important and responsible decision that should be addressed. Currently, the decision should be made in terms of functionality and security. There is a need to clarify which and to what extent equipment investments, their functionality and feature sets, and security are maintained to avoid vulnerabilities due to obsolescence.
Item #9 needs to be expanded to more specifically define the acceptable level and coverage of current maintenance.

Added to Item #10: …such that authorized individuals with operational accountability or responsibilities for a UCLA network will have access to information and tools to enable them to diagnose, troubleshoot, and solve network problems across UCLA networks.

The meeting was adjourned at 3:14 p.m.