Response to “Open Letter: Students Facing a Systematic Disadvantage at UMass Boston”

By By Vice Provost Anne Scrivener Agee and Assistant Vice Provost Wil Khouri | April 18, 2013

Anne Agee is the Vice Provost for Information Technology and Chief Information Officer at UMass Boston

This is a response to an open letter titled Students Facing Systematic Disadvantages At Umass Boston, published online on March 28, 2013. Anne Agee is the Vice Provost for Information Technology and Chief Information Officer at UMass Boston.

The open letter recently published in The Mass Media has highlighted some frustrating network access issues experienced by some of our UMass Boston students. I appreciate that frustration and want to assure the university community and our students in particular that all of us in the Information Technology Services Division (ITSD) sincerely want to provide our students with the best possible experience that university resources will allow.

First, let me address what has already been done to mitigate these issues. Although our efforts in the infrastructure area have been somewhat restricted by several key vacancies in ITSD, including the Assistant Vice Provost for Communications and Infrastructure, we have now hired Wil Khouri into that leadership position. He brings a wealth of experience with higher education IT, and we are looking forward to his fresh perspective on our work.

We have also been able to hire a systems administrator to assist us in virtualization efforts, and we are recruiting a new security engineer position and a new IT Project Manager position to help in coordinating our many infrastructure projects. We are also recruiting a new staff person specifically to expand our support for the research community.

As many in the University community are aware, UMass Boston is in the process of replacing and enhancing its entire network infrastructure and replacing its existing data center as part of the campus Master Plan. ITSD has spent a good part of the last several years analyzing the campus future needs and planning an appropriate infrastructure to meet those needs.

This includes the ongoing planning and redesign of the campus wireless network, a new data network backbone as part of the Utility Corridor and Road Relocation project (UCRR) and the upgrade of our Ethernet backbone hardware and topology. Also included is the purchase of new building distribution layer Ethernet hardware, the replacement of all Ethernet edge switches with Power over Ethernet (PoE) capability, the completion of our category 6 cable upgrade in all buildings.

There are ongoing efforts to justify and secure funding for our on-campus data center relocation, the ongoing testing and planning for the replacement of our digital phone system with Voice over IP and the ongoing planning and maintenance of both the wired and wireless network.

While many of these projects take place behind the scenes and don’t get a lot of public visibility, they provide a critical foundation to address bandwidth, reliability, and accessibility issues for all of our campus clients.

As to access issues, we recently purchased and deployed a VPN hardware solution to provide for the needs of our graduate students requiring remote access to on-campus technology resources. We continue to evolve this offering to meet the needs of our students.

And, while the open letter indicates that “more money is not the problem,” all of these projects require significant investments of financial and human resources. They have sometimes proceeded much more slowly than we would have liked because we lacked one or both of those resources to implement the project. An additional complexity has been the increasing emphasis on security at the UMass System level, protecting the university’s information resources, including students’ personal information.

Like all our sister institutions of higher education, we continue to try to find the right balance between access and security.

I recognize that at least part of the frustration articulated in the open letter could be alleviated by better communication on our part about ITSD’s progress in achieving its goals. Our website includes annual revisions of our strategic plans as well as annual assessments of our work and updates on changes in campus technology. (See www.umb.edu/it/about/reports).

Going forward, we will increase our efforts to make the university community aware of our projects and plans and to work more closely with our campus advisory groups for feedback on strategic direction.

As I mentioned earlier, Wil Khouri has recently come on board as the new Assistant Vice Provost for Communications and Infrastructure. Since many of these issues fall into his area of responsibility, I have asked him to bring his expertise to bear on the issues raised in the open letter. His comments are below.

Comments from Assistant Vice-Provost Wil Khouri:

A recent open letter by Mr. Cohen brought problems of network access at UMass Boston into the limelight and thoroughly discussed various aspects of the existing obstacles. We certainly understand the frustration and we recognize those problems are not new. It is my hope that we maintain the focus on resolving these difficulties while preventing them from happening in the future.

First, let me explain that, as an organization, we are facing serious challenges; some have to do with broader issues that are “chronic” in nature and thus need to be addressed at a different level, and others can be solved in a timely manner provided that we can secure the resources to fix them.

While I understand Mr. Cohen’s frustration, I would like to clear the way by stating my firm objection to a couple of comments that Mr. Cohen made in his open letter against the institution as a whole. Mr. Cohen stated, and I quote, “I feel more money is not the problem. I feel it is the mindset and mission of directorate and management of UMass Boston’s information technology that must be changed in order to save students from future systematic disadvantage.”

I beg to differ…

This department is in dire need of more resources, human and cash. Some are needed for accomplishing long-term projects without which I am afraid we will find ourselves in the same situation we are in now; and other resources are critically needed immediately for speedy actions.

One of the challenges I allude to above is leadership in flux, which Vice Provost Agee addressed aggressively. We are hiring an ISO (Information Security Officer) and creating a security unit to focus on campus security issues, which includes reviewing our access policies to all campus technology resources. This will free up the Network Group to concentrate on network design, build and expansion.

With regards to the second challenge presented around our current blocking of certain ports on the student network, we are compelled to strike a balance between conflicting priorities. When those ports were available, we received numerous complaints from different sources, in one case from the Department of Defense who notified us that their servers were being SSH attacked (someone from our IP address space was trying to hack into their system using port 22).

The university was “black-listed” on a regular basis when SMTP (Simple Mail Transfer Protocol) was widely available. That translated to major email providers (Gmail, Yahoo…) dropping any email sent from our IP address space. Our Institution’s reputation was at stake. Most of those issues would be resolved with a robust Firewall appliance, which we have setup for faculty and staff.

For a variety of reasons, the portion backing the Student-802.1x plan was postponed. By the time the student portion was approved and configured to allow modern technologies to be “appended” to our network, implementation of the comprehensive plan fell behind considerably.

The third challenge was much larger than anticipated and can be attributed to growth and expansion (i.e. 35% increase in wireless usage) as well as new projects being elevated to level-one priorities. Due to the dynamic nature of technology, and the ever-changing priorities in the overall plan as well as a department operating in a reactive mode, certain projects take a back seat. Again, and you will get tired of hearing this, lack of resources and in this case, human resources hampers us.

For the past six months, before I was hired, the Security and Networking groups have been working diligently configuring both the new wireless and new security appliances to meet an aggressive time line. Under this initiative, wireless will use private address space and NAT (network address translation) for communication to the Internet.

The growth in wireless student connectivity, feedback from our clients, as well as the addition of new buildings coming online, redirected our plans to redesign our wireless infrastructure and meet those growing needs. NAT will particularly address the growing need to conserve public IP address space.

Some of the benefits of the future wireless design include:

More open ports and access for students;
Agentless Network Access Control;
Network Address Translation for reclaiming public IP space; and
More visibility into security issues to prevent complete user shut down

We have had 802.1x enabled on the staff / faculty wireless network for a year now quite successfully. There is an extra process I would like to make clear at this juncture. As you know, every technology comes with its own set of challenges and 802.1x has its share. For instance, the majority of current devices can connect to the 802.1x network without additional configuration changes. Windows 7 on the other hand, requires a complex set of configuration steps.

The Network Access Control utility polling showed us that Windows 7 make up the majority of the university’s student client base. On any given week we anticipate a lot of help desk visits and open tickets for setup and troubleshooting tickets resulting from failed setups. I will not elaborate any further and would leave the rest to your imagination. In short we need to plan this carefully and be ready for it.

As for the technology piece, and to move more rapidly, we will need specialized supplemental staff for Firewall setup (security), RADIUS setup (authentication) and knowledge transfer, and a Wireless Switch (with 12 months maintenance). We are currently seeking the funds to have the student-802.1x available widely by fall 2013.

As I settle into my role, reviewing and auditing the communications and infrastructure division, I am at awe at the many remarkable past year achievements made by the staff of this department. I am looking forward to working with them to serve the goals and mission of the university and to strengthen our connection with the students, the staff and the faculty, while providing an unparalleled IT infrastructure to support teaching, research, and administrative services.”

The entire welcomes suggestions and feedback. The ITSD is committed to providing excellent instructional, research and administrative resources to the entire university community.