ICC Home  /  Members  /  Meetings  /  Peer Support  /  Documentation  /  Projects

Minutes of August 12th, 2010 ITAC-NI Meeting:


back to ITAC-NI minutes index

    Link to ACTION ITEMS from meeting

    AGENDA:

    1. Approve prior minutes
    2. Presentation on DHNet’s NAC solution
    3. CNS Wall-Plate and VoIP update
    4. Update on organizational changes in HealthNet
    5. Meeting schedule and call for new Secretary

    CALL TO ORDER:

    This meeting was scheduled in CSE E507 at 1:30 pm on Thursday, August 12th and was made available via videoconference with live-streaming and recording for future playback. Prior announcement was made via the Net-Managers-L list, so our broader audience should have been aware of the meeting. The meeting was called to order by ITAC-NI chairman, Dan Miller, Network Coordinator of CNS Network Services.

    ATTENDEES: Twelve people attended this meeting locally and there was one attendee via Polycom videoconference. There are no records of how many may have listened into the stream via a web browser using the web interface.

    Six members were present: Charles Benjamin, Dan Cromer, Steve Lasley, Chris Leopold, Tom Livoti, and Dan Miller.

    Eight members were absent: Ron Cigna, Clint Collins, Erik Deumens, Margaret Fields, Tim Fitzpatrick, Craig Gorme, Shawn Lander, and Handsford (Ty) Tyler.

    Seven visitors participated as well: Kathy Bergsma, Dennis Brown (via Polycom), Joe Gasper, Todd Hester, Derrius Marlin, Dave Pokorney, and John Sawyer.


    Viewing the recording

    You may view the recording via the web at http://128.227.156.84:7734. Currently, you will need to click on the "Top-level folder" link, then the "watch" link next to the "ITAC-NI Meeting_08Jul10_13.15" item. Generally these recordings are moved into the ITAC-NI folder shortly after each meeting, but that has not proved to be the case lately. Cross-platform access may not be available; on the Windows platform you will have to install the Codian codec.

    Audio archive

    An archive of audio from the meeting is available.

    1) Approve prior minutes

    No corrections or additions were offered and the minutes were consequently approved.

    2) Presentation on DHNet’s NAC solution

    Charles Benjamin had been asked to provide an overview on how the Department of Housing and Residence Education's network (DHNet was utilizing Network Access Control (NAC). Charles had previously talked about DHnet at the April ITAC-NI meeting in 2009. As he had done prior, Charles provided a PowerPoint slide set to accompany this talk.

    2-1) Network Security - Department of Housing and Resident Education

    Before getting into the security aspects Charles wanted to begin by giving a quick overview of the network itself.

    2-2) Resident Housing at UF

    Undergraduate housing includes forty-five buildings that students live in. The above picture was taken from the top of Beaty Towers. They also oversee graduate family housing as well, including Corry Village and Maguire/UVS. Across these, the housing network spans the entire campus.

    2-3) The Housing Network

    DHNet utilizes 90 thousand feet of 12-48 count fiber in the ground. They have some 90 switches one-third of which are Catalyst 6500 series.

    Charles explained that in the past he had worked at NERDC (now CNS) for almost twenty years before leaving to become a Cisco instructor for six years. Four years ago he returned to UF to begin working for Housing.

    When he got back to UF he was just amazed at the size of the Housing network which literally reaches across the entire campus.

    2-4) Cabling plant

    Housing has its own network maintenance group with its own cable shop and one of the things that really pleased Charles was the work those folks do. The wiring plant is a thing of beauty. The above is an example of two of the points of presence and how they have laid out the cabling structure.

    2-5) Server rack and emergency generator

    Charles quickly discovered, however, that much of this beauty was only skin-deep and that the network had some issues. Initially the network was flat and having a single broadcast domain across their entire network was a security concern. A worm, for example, could easily propagate throughout the entire network. Consequently, one of the first things Charles did was to enable routing.

    2-6) Network Security

    The above is basically a chronological list of steps they took to improve overall security on their network. The second step they took was to add a Catalyst 6513 Firewall Service Module (FWSM) that connects to the backbone.

    The next adventure was installing IEEE 802.1X. At that point they did not have any wireless--they only had wired. The real problem with 802.1X is the supplicant configuration on the client machines. They discovered a product from Cloudpath called XpressConnect. This software is like a wizard that configures the supplicant on the client computers for 802.1X.

    Their first year before discovering this product they had printed out manuals explaining to the students how to configure their supplicant. All a student had to do was miss one step and they would end up at Housing's help desk. The Cloudpath product really alleviated that entire headache.

    The next issue they dealt with was DMCA violations. Red Lambda was not available when Charles came to Housing, and they eventually went with CopySense from Audible Magic, though they have tested Red Lambda out since. Charles had two goals. First he did not want to make too many changes on the network; he didn't want to have to change all their switches. Secondly, he wanted to allow P2P programs that were for legitimate purposes.

    CopySense maintains a database of over eight millions signatures of copyrighted material and looks for up-load of file sharing or download of copyrighted material. When one is discovered, a violation is created.

    Initially Housing only had one computer/data center/switch room. They subsequently added a second facility over at Hume. Currently they have multiple 10Gbps connections between the two locations. The switch rooms have UPS batteries and generators to provide high availability. They are running VMware's vSphere and have a stack of servers in both locations. Should a service go down in one location, vMotion will move that service over to the other location. They also have an HP SANS and all the data is replicated to both locations.

    2-7) Network Security (continued)

    Again chronologically, they added wireless. It was done in three phases with the last phase scheduled to be completed prior to Christmas of this year. Currently they have 241 Wireless Access Points and are adding 105. They have 4 WISMs and have also implemented the 802.1X on their wireless.

    They also installed a SourceFire 3500 IDS.

    Charles is particularly excited that they have now just implemented their own Network Operations Center (NOC), staffed by two people.

    They have also just purchased a product called StealthWatch from Lancope. StealthWatch takes in the NetFlow data from the routers and looks for events based on flows. They have started to configure this so that when there is an event it automatically notifies their firewall which blocks that event. For example, if they received an attack from some outside location, the attack would be automatically blocked based on the source. Charles is very excited about this as well.

    2-8) Computer Security

    About three years ago they implemented Websence web filtering on their employee computers. This prevents people from going to certain malicious sites; it also works against certain protocols such as P2P.

    They purchased Identity Finder which looks for things such as Social Security and Driver's License numbers. They ran it against both their servers and computers. They discovered that there is a practice within Housing that, when someone leaves, their files are passed off to their supervisor. If that supervisor should retire or leave all those files are taken and given to the next person. Embedded in some of those long disused files they discovered some of those Social Security numbers. This product allowed them to clean off this restricted data before it caused a problem.

    The last thing they installed for their employee computers was an antivirus product called Vipre. McAfee can cause slowdown issues and this product doesn't cause those problems.

    This brought Charles to why he was here today: Network Access Control, which they are implementing for their student computers via a product called SafeConnect from Impulse.

    2-8-1) Pause for questions

    How many employee desktops are involved? [Dan Cromer]

    Charles responded that within Housing there were about 500 employees, but they also support other departments such as Student Affairs. Student computer counts are somewhere around 8000 during our main terms.

    How are you using Websense? [Kathy Bergsma]

    Charles responded that Websense is a server that communicates with the Firewall Service Module and with Housing's Active Directory. It is able to tie the credentials of the employees to an IP address. Then, within the configuration of Websense, they have certain locations that no employee should visit. If the system traps that, the employee gets a web page indicating that the connection has been blocked.

    Have you considered using Websense for student computers? [Kathy Bergsma]

    Charles said that they are not considering implementing this for students. First of all the product would be prohibitively expensive for 8000 seats and secondly Charles sees it as a product more appropriate for employees.

    2-9) Network Access Control: Evaluation

    They looked at the above three products. One of their goals was to keep it simple (KIS) and the Impulse product met that goal. Some of these products involved deploying applications or multiple appliances around the network; Charles did not like that because it gets into service agreements when the various appliances break.

    The real driving factor, however, was cost; of the products tested, SafeConnect was the least expensive.

    Charles was also looking for a solution that didn't involve having to change the configuration on all their 90 switches.

    He also looked at functionality. One feature of SafeConnect which they have not yet implemented because it still requires further tweaking involves emergency notifications. It would be nice to be able to send out emergency notifications to computers IF those could be targeted, say, to a particular floor of a particular residence hall. That might be possible as this feature improves.

    Charles also noted that Impulse is based in Florida. Though not a major selection criteria, it did please Charles to give business to a Florida-based firm.

    2-10) Impulse SafeConnect Components

    SafeConnect involves several components, the first of which is the Policy Enforcer appliance. Very little access is provided into this appliance but Charles does know that it is using MySQL for its database functions, Tomcat as its web server and Squid for its proxy.

    A second component of this solution involves the Management Console. This is an application you install on a computer which allows you access into the Policy Enforcer. This is only for configuration purposes as far as the setting up of policies.

    The third component is the Reporting Console. This piece provides statistics about who is being blocked or who doesn't have their operating system up-to-date.

    Finally there is the Policy Key component. This is the small program which gets installed on each student computer. This approximately 1 MB program doesn't show up in their system tray or anywhere else for that matter.

    This system does require some network reconfiguration, but of the border router only. You also need some type of authentication. Housing is utilizing their RADIUS server which they were already using in conjunction with their 802.1X deployment. SafeConnect also supports Active Directory, LDAP, and Shibboleth, though Charles has not tested those.

    2-11) Management Console.

    The above screen shot depicts the opening dialog of the Management Console.

    2-12) Reporting Console

    Above is a view of the Reporting Console. The idea is that this application provides some graphical information as to what is happening on your network including device statistics.

    2-13) Impulse Safe Connect Setup

    The first step was to configure the border router for NetFlow, Policy Base Routing, and also an SSH connection. The SSH Connection is between the Policy Enforcer appliance and the router.

    Basic routing is based on your destination IP address. Policy based routing is based on the source IP address. Charles had some concerns about Policy based routing because of previous experiences around 1995 where he noted CPU pegging while testing that feature. Consequently they have been watching their CPU utilization closely but have seen no problems so far.

    NetFlow configuration was necessary because the Policy Enforcer uses the NetFlow information to determine that there is a client out there and actually compares that information to the database in the clients.

    There was not much to do with the appliance component as the vendor does most of the work on that piece.

    The next thing they configured was their authentication server. The RADIUS server sends things like the source IP address of the client, the user ID (not credentials), and also the MAC address of the client up to the appliance. The appliance puts that information into a database and uses it to make decisions.

    Then they had to configure their different Policy Groups which is accomplished via the Management Console. There are several different kinds of Policy Groups: you have a Device Type and also a Location. Device Type might be "Windows" or "Mac". For Housing, Locations are "Undergraduate" vs. "Graduate Family Housing". Currently they using this for Maguire/UVS only; they have not turned it on for Corry or Diamond because those latter two are special cases.

    2-13-1) Pause for questions

    Why are Corry and Diamond Villages special? [Dan Miller]

    Charles responded that those locations only have a single Ethernet drop per apartment, so they are allowed to implement wireless access points of their own in their room. That situation gives DHNet a few more details to work though prior to implementation. They could turn this on in Maguire/UVS because everything there is managed wireless; they have no wired ports. This could be done rather seamlessly because they already had it turned on in the undergraduate halls.

    Are there configuration rules for those client-managed WAPs in married student housing? [Kathy Bergsma]

    Charles said that students are required to lock those down. If they don't and Housing discovers someone else using it then they issue a violation. They use those instances as a teaching moment. Charles would prefer to be able to offer everyone an Ethernet connection. Housing has over 10,000 Ethernet connections currently in the undergraduate residence halls.

    2-14) Impulse Safe Connect: Examples of Windows Policy

    The first check is for whether or not the device has the Policy Key--the software which gets installed on each client computer.

    The second check is to see if the computer is running P2P software.

    Then it looks for whether or not the computer is running antivirus software and whether or not it has the latest signatures.

    Next it checks to make sure the computer has current Windows updates and finally whether or not the computer is running an antispyware application.

    That is the posture assessment for Windows devices. For Macs, all they look for is whether or not the computer is up-to-date with OS patches. There is no Policy Key available for Linux machines.

    2-15) Impulse Safe Connect: Go Live with Housing NAC

    Charles had budgeted for a NAC because he knew one was needed. Malware has skyrocketed over the last year and via his interaction with ACUHO-I he had noted that other educational institutions were utilizing posture assessment. They did their initial evaluation and decided on SafeConnect for the reasons mentioned. During that time they did some internal testing.

    Charles wanted to implement this in incremental phases and the rather sparsely populated Summer A term allowed for a suitable beginning. The test went beautifully. There were a few issues, but they were worked through.

    The next step was Summer B, which involved more students. While there were a few more issues, overall it went well. The countdown is now on for the big Fall Term.

    2-16) Impulse Safe Connect: Installing Policy Key

    There are three ways to install the software on each client computer. They burn "DHNet CDs" which have the SafeConnect and XpressConnect installations.

    Another method is to use wireless--and this is perhaps the preferred method. Housing has an SSID out there call "dhwInstructions" which is on a very limited VLAN as far as access; it brings up a web page from which students can install the XpressConnect and SafeConnect components.

    If someone wants to configure the 802.1X on their own, they can certainly go to DHNet's web page for instructions. Initially they would then be directed to the Policy Enforcer via Policy Base Routing and could install the Policy Key component from there.

    2-17) Impulse Safe Connect: Connection Process

    The student runs XpressConnect via the DHNet CD or the wireless SSID as mentioned. What happens then is that the XpressConnect configures the 802.1X supplicant and also installs the Policy Key from SafeConnect. When the 802.1X is being configured, information is passed to the RADIUS server; then the RADIUS server sends what they call an "accounting packet" up to the Policy Enforcer for storage in its database. The RADIUS server is a client on UFAD and so it actually uses GatorLink credentials. They can also setup guests as well; they typically do that during the summer for conferences.

    2-18) Impulse Safe Connect: Connection Process (continued)

    When the student connects to the Housing network, the router sends the NetFlow information to the Policy Enforcer appliance. That provides it with the source IP address from that client which it then compares to its database. It also compares it to the Policy Group to see if that IP address is listed in the subnet of the Policy Group.

    2-19) Impulse Safe Connect: Connection Process (continued)

    In the policy there are different items and if the item specifies "Quarantine" then the Policy Enforcer sends the Policy Enforced Routing information via SSH over to the router. Then the student's flow is directed over to the Policy Enforcer. At that point the student is "Quarantined"; they can't go anywhere else on the Internet except for what's up on the web page. Part of the configuration of the Policy Enforcer is configuring web pages that inform the client about how they are out of compliance and provide links on how to fix those issues.

    2-20) Impulse Safe Connect: Connection Process (continued)

    If the item in the policy specified "Warning" then the policy key on the computer will instruct the browser to display the warning page. Again, these are pages that Housing configures.

    At this point the Policy Base Routing is not in effect. It only uses that when the traffic actually has to be redirected to the Policy Enforcer. The student still has full Internet access.

    2-21) Web page warning for out-of-date virus definitions

    The above and following are examples of the web pages Housing has configured via the Management Console which are saved on the appliance. It is done with Housing's branding and done according to UF standards. You can see the detail of the assessment which is done--though the complete pages would not fit on these slides. Remediation links are supplied to assist the student with compliance.

    2-22) Web page warning for improperly configured Windows Update settings

    2-23) Web page warning for having no antispyware software installed

    2-24)Impulse Safe Connect: Example of Windows Policy

    The above listed items are evaluated sequentially from the top down. The NAC first ascertains if the computer has the Policy Key; if not the computer is immediately quarantined. The Policy Base Routing kicks in and they are taken over to the appliance so they can install that.

    Once they have a Policy Key it checks whether or not they are running P2P software. If so, they are immediately quarantined.

    If they are not running P2P software it checks for antivirus. At this point, if they are not compliant they are given two consecutive 1-day warnings; if the problem is not fixed after 48 hours they are quarantined. Similar checks are then made for OS updates and anti-spyware.

    About one-third of the students come with everything up-to-date, which is pretty good. SafeConnect does support the evaluation of third-party applications as well, but Charles has currently not implemented such checks.

    As you can see from the flow here, it doesn't check for everything at once. It checks top down and lets the student deal with it.

    2-25) Management Console

    The Management Console communicates with the appliance. What you do initially is you download the default data. Then you configure your policies accordingly. Once you are finished configuring it then you upload the data to the appliance. To be able to configure the actual web pages you select the "Custom Messaging" button.

    2-26) Reporting Console

    Charles realized this slide is too small to see in detail, but this console is useful to pull up on a daily basis in order to check the status and functioning of the system.

    2-27) Real Time Reporting

    Above is an example of summary statistics.

    2-28) Anti Spyware

    One may also drill down into details on a particular user. Above is detail from a user having a compliance issue regarding the lack of anti-spyware software. You can tailor what is displayed via the checkboxes.

    2-29) Anti-Virus

    A different icon is used for various compliance checks; this one is for anti-virus.

    2-30) Open Access Per user

    Should you run across a situation where you need to open access for a particular non-compliant user, you can use the above displayed page to do that on an ad hoc basis. That will override the policy for that particular user for X number of days or whatever the situation requires.

    At the bottom of that page is a "History" button which displays the following:

    2-31) SafeConnect History

    The above report details the history of what a particular user has gone through in meeting compliance over time. The blue terminals are what you want to see. That means they have passed all the assessments and life is good. This history is checked and updated every 2-10 minutes depending on how many clients there are; it automatically scales via the load.

    This NAC implementation has been very successful so far. What they are waiting for is next Wednesday when the students begin arriving for Fall Term. They will be watching things like the CPU utilization very closely during that time.

    One main impetus for Housing to implement this NAC was to cut down on the Help Desk load assisting students whose machines were brought in loaded with malware. The motivation was to be proactive rather than reactive. Ultimately that will save DHNet time and be good for the student as well--it is a win/win situation.

    2-31-1) Final questions

    What is the cost of this NAC solution? [Dan Cromer]

    Charles said that they purchased 10,000 licenses but he did not have the cost numbers with him. He was unable to provide a ballpark per user price off the top of his head. He did indicate, however, that this was the least expensive solution they had found.

    Is there any flow control to prevent DoS? [Dan Cromer]

    QoS flow control is something which is on Charles's wish list, but they have been fortunate to come this far in the last four years and they have not been able to get to that aspect yet. John Sawyer pointed out that StealthWatch could address DoS attacks.

    Regarding DMCAs for P2P, the XpressConnect looks for P2P but it must be running at the time they install XpressConnect. SafeConnect now looks for P2P but only every 2-10 minutes. They have the CopySense which places computers into a restricted VLAN when a violation is detected. Now they have StealthWatch which can look for P2P as well.

    How are Linux clients handled? [Kathy Bergsma]

    Charles responded that there is no Policy Key for Linux currently and the only way they manage such clients is to manually add them to a restricted VLAN should a violation occur.

    Is there still a policy to allow exceptions for running services like web servers? [Kathy Bergsma]

    Charles said that servers are not allowed period and he had never heard of that being allowed during his tenure here.

    What is the situation with the Greek Houses currently? [Kathy Bergsma]

    Dan Miller responded that he has been waiting for a CIO and the creation of a governance organization before addressing that situation.

    There is a project waiting to get chartered and moved forward for wired WIPA. CNS is finally getting around to replacing the Bluesockets with Cisco NAC, so that will be a chance to at least begin to address the Greek issues. Dan said there are a number of issues with the Greek Houses, including non-managed WAPs, and CNS is going to begin looking for rogues as well. There is a lot of work to do there yet.

    What does Housing do about game consoles? [Dan Miller]

    Charles related that in the past students have had to implement Internet port sharing via two Ethernet connections in their computers; this was due to the lack of true compliance in these devices for 802.1X protocols. They are now evaluating a switch configuration which may allow them to handle the game consoles. They are going to evaluate that through one-on-one testing as students begin to ask how to connect those devices this Fall.

    3) CNS Wall-Plate and VoIP update

    Todd Hester was on hand to provide an update; the last such update had been made at the October 2009 meeting.

    3-1) Current status

    Over 41,000 ports have been deployed and of those about 31,000 are currently activated providing a roughly 76% utilization of the equipment. 5,800 VoIP phones have been deployed. CNS is currently finishing up with the SW Recreation Center, Hough Hall, and the New Engineering Building. Big projects on the horizon include Turlington Hall, Rolfs Hall, SSRB, the McCarty group, CSE and the Harn Museum of Art. This year's schedule will be posted shortly.

    3-2) Looking ahead

    Hopefully, this year will finish up what they have termed the "Wall-Plate Project" and they will transition to the "Wall-Plate Program" wherein the facilities will all continue to be refreshed on a five-year cycle.

    3-3) What about the many buildings not in the project?

    Dan Cromer asked about the many IFAS buildings that have not yet been targeted for Wall-Plate. Todd responded that Dan can keep asking and CNS will keep trying to connect to them. Todd estimated that there are approximately 200 building that have less than 10 occupants. If they have fiber, CNS will continue to get to those as they can. Buildings without fiber will be a bigger issue due to the costs involved per user. Wireless could potentially bridge that gap.

    3-4) Is Wall-Plate now funded under RCM?

    Dan Cromer inquired as to the current Wall-Plate budget situation. He recalled that the initial funding was for 25,000 ports and noted that we now have considerably more than that. Todd responded that he had not heard the discussion on how Wall-Plate would be plugged into the RCM calculations. He added that it would be nice if their funding was increased to match the number of ports they are supporting, but through very creative work they have been able to survive on the allotted budget to-date.

    4) Update on organizational changes in HealthNet

    Tom Livoti was on hand to provide some information about recent organizational changes "down the hill".

    4-1) UF & Shands are undergoing organizational changes

    A little over a year ago a new Senior Vice-President for Healthcare, David Guzick, was hired who was tasked by President Machen with bringing the Health Science Center and Shands closer together. Dr. Guzick then hired a CIO, Kari Cassel, who has been on board for about four months. Her goal has been to bring IT within the Health Science Center and Shands under one type of governance. The majority of that reorganization will be complete within a year though they are looking at three years overall for that transition.

    4-2) Colleen Ebel assuming new responsibilities

    Currently Colleen Ebel is still in running security at the Health Center but her real new job involves research support for groups like CTRIP and Mike Conlon's group CTSA.

    4-3) Tom Livoti now over both UF & Shands

    Tom himself has been promoted to Director of Networking and Voice at both the Health Science Center and Shands (formerly his direct role was over HSC only). Jan van der Aa is really doing what he did previously but he is now the IT liaison to academics, including such things as training (Randy Graff) and the Testing Center. Handsford Tyler is now the Business Manager for the entire organization of UF & Shands with both budgets now residing under him.

    Tom is still trying to get a handle on the overall Shands infostructure. Currently Shands is using NEC for VoIP and Tom is trying to come up with a plan for moving ahead. Tom has worked with Shands Network Services group under Sherry Massmann previously, however; he knows that group well and there is no real change anticipated with that aspect.

    4-4) Reporting structure under Kari Cassell starting to take shape

    Alyson Widmer is a direct report to the CIO handling all applications; this includes things like EPIC and their PeopleSoft backend. Joining that with UF's PeopleSoft is being investigated.

    Ron Cigna who is currently the Director of IT for the College of Dentistry is moving into the position of Director of Customer Support for the combined UF & Shands.

    4-5) UF CIO and Health Center/Shands CIO to be a collaborative relationship?

    Kathy Bergsma asked how all these changes are planned to work in with the campus side of things. Tom responded that it appears that the association between Elias Eldayrie and Kari Cassell will be collaborative rather than one where Kari is a direct report to Elias. Kari apparently will report directly only to Dr. Guzick who has given her direction and carte blanche.

    4-6) The UF Security Office is looking to keep their contact database current

    Kathy clarified that she was really referring to things at a lower level. The UF Security Office has had a perennial problem of identifying contacts and maintaining their database of individuals "down the hill". Tom responded that for some things Kathy could go through his office. Kathy said that Net Services maintains a contact database and it would be very helpful if Tom's group could consider updating that as these changes roll out. Additionally, she hopes that this could be worked into employee procedures so that future changes get relayed as well. Kathy said that UF Security relies on that database very heavily and she knows that Net Services relies on it as well.

    4-7) How will the new UF ISO interface with UF & Shands?

    Dan Cromer expressed interest in how Rob Adams, the very recently hired Information Security Officer for UF, will fit in with these new changes that Tom was mentioning. Kathy Bergsma responded that Colleen will no longer have to fulfill her duties as the Security Officer at the Health Science Center when Rob Adams arrives. How Rob will organize the Health Center with the UF Security team is yet to be seen. The budgets are already combined, however.

    Tom added that negotiations are still ongoing about how that relationship will work even with Rob here.

    5) Meeting schedule and call for new Secretary

    4-1) Steve Lasley stepping down from the Secretary position after nearly three years

    Dan Miller noted that Steve has served the committee well as secretary for the past nearly three years and he will be sorry to see him leave that role.

    4-2) Replacement sought

    Dan is looking for a replacement and asked for assistance with that. He said that it is pretty obvious that we should not continue to meet without a secretary and good notes. If he doesn't hear any suggestions or volunteers he then plans to refer the matter to whatever governance structure he can find to see if someone might be assigned.

    Dan had hoped to keep meeting approximately every month or every other month as topics arose, but we will have to see what happens with the secretary position.

    4-3) Interim status of this committee

    Tom asked if Elias has said anything about this committee. Dan responded that Elias knows about it but is currently focused on the governance within the bigger committees. Dan relayed that Tim Fitzpatrick regrets that he was unable to attend today to speak on the governance issue, but it is still probably a little early to say much about that anyway.

    Kathy volunteered what happened with the Security Committee--it no longer exists. That committee had just been formed a few months ago and is already history. It will be reformed, perhaps with some of the same people, but under whatever governance Elias organizes.

    Dan Cromer commented that the Data Infrastructure committee under Steve Pritz has fallen somewhat to the wayside. Yet, whenever Dan speaks to Elias about the Microsoft Applications Group he says "keep on doing what you're doing". Consequently, Dan believes this committee should continue on as before until instructed differently.

    The meeting was adjourned on time at approximately 2:30 PM.

    Action Items

    1. Continued follow-up of the proposal for a UF centralized service for web certificates (from previous meeting)
    2. Arrange for Dave Pokorney to speak regarding "telepresence" (from previous meeting)

     

    Next Meeting

    September 9, 2010

last edited 16 August 2010 by Steve Lasley