Fall 2019 – News Update

[section=Computer Replacement]

The quantity of computers replaced in a fiscal year is based on the available computer replacement budget.

Computers are replaced in the same order they were purchased with the following exceptions:

  • If a computer is deemed inoperable by the desktop support team and is outside of the manufacturer’s maintenance period (currently 3 years), it will be moved to the front of the replacement queue.
  • Staff workstations:  If the computers for a whole department meet the replacement year criteria and the majority of the workstations are next in the replacement queue, all workstations in the department will be replaced at the same time.

Mac, PC, Desktop, and Laptops are all in the same replacement pool.

The Budget:

  • For the last 10 years there has been a $150,000 budget per year for faculty and staff replacement computers.  (recently reduced by $6,750 as a result of low enrollment)
  • When computers were purchased in 2013 there was an additional $150,000 that was used to purchase additional computers, for a total of $300,000.
    • Because of the additional dollars provided in 2013, it has taken several years to replace the 2013 computers.
    • When all the general fund 2013 computers have been replaced, 2014 computers will go into the replacement queue.

New hire computers are purchased from the replacement budget.

The Standard: 

  • There is a standard configuration for each type of computer, such as PC, Mac, Desktop, or Laptop.
  • The current standard includes the OS, the Microsoft Office Suite, and 16 gigabyte of RAM, except 8 gigabyte for the Mac laptop.
  • If additional memory, peripherals, or software is required, the faculty or staff member’s department will pickup the difference between the standard cost and the overage.

Additional Notes:

  • A computer that begins with a 2013 inventory number will have been purchased anywhere between July 2013 and June 2014.  The larger the number, the later the equipment was purchased.
  • The budget includes 1 primary workstation per user per position at the standard configuration level.
  • Tricia Flaherty will contact you when your computer reaches the top of the queue.
  • If your computer is failing, please contact the Service Request Desk at 88925 and submit a support ticket.
  • Computer Specifications can be found here: 

[endsection]

[section=Cybersecurity Training]

Information Security Training will be offered, beginning 12/2/19.  This tool, released via Portal, will deliver a new 3-5min lesson every 2 weeks to everyone at WOU.  It tracks who has taken which lessons, how long it took, etc…
Michael Ellis expects to begin working with UTAC in the near future to solicit feedback, and improve the consumability of the material we deliver to campus.
Best of all, the application is fully responsive.  UCS wants employees and students alike to access it on the device that is best for them!
If anyone has questions about these projects, Michael is happy to answer them by phone (88629) or email: ellism@wou.edu

[endsection]

[section=DUO – multi-factor authentication]

As of 11/25 2019, 555 of our 908 Employees are using DUO!  Michael Ellis continues to send bi-monthly emails to Directors and Division Chairs, offering assistance to help with those not yet in DUO.  Overall, feedback has been very positive.  This is WOU’s first big step forward toward changing the culture and making us more secure.  We continue to listen to users’ experience, and work with them to minimize any impact to teaching/learning in the classroom.
As we draw to the close of the Employee signup process, I’m hopeful we can open up DUO to students during Winter Term.

[endsection]

[section=Windows 10]

As of November 26, 2019 there are 1,300 computers running Windows 10 and just under 200 machines left to upgrade to Windows 10 by 1/14/2020!
If you still have a Windows 7 computer, Michael Ellis will be emailing your department with a reminder, and he will work with you to coordinate upgrades.  The “upgrade in place” option (vs re-image at UCS) is simple, quick and hasn’t had many problems.
If you have a computer that is required to stay on Windows 7, Michael will be working with you on how to secure your computer.

[endsection]

 

Replacement Computers

[section=PC Desktop]

Dell OptiPlex 7060 Small Form Factor PC desktop & Monitor

  • Windows 10 Pro License 64 bit
  • Intel Core i5-9500 9thGEN(6 Cores/9MB/6T/3.0GHz)
  • 16GB (1X16GB) DDR4 2666MHz UDIMM Non-ECC Memory
  • 8X DVD+/-RW Drive
  • AMD Radeon R5 430, 2GB, HH (DP/DP)
  • 2.5 inch 500GB 7200RPM SATA Drive with 16GB Optane Memory
  • 3 Year Basic Hardware Service with 3 Year Onsite Service After Remote Diagnosis
  • Dell KB216 Wired Multi-Media Keyboard English Black
  • Dell MS116 USB wired Mouse
  • Dell P2418HZ(1920X1080) 23.8 inch monitor (with webcam and speaker)
  • Microsoft Office Pro Plus 2019 license(WORD, EXCEL, POWERPOINT and ACCESS)

[endsection]

[section=Apple Desktop]

Apple iMac 21.5-inch, 4K Intel Core i5

  • 3.0GHz 6-core 8th-generation Intel Core i5
  • 21.5″ 4096 x 2304 IPS Retina 4K Display [ upgrading at time of purchase to 27inch Retina 5k is additional approx. $300.00 ]
  • 16GB 2666MHz DDR4 Onboard Memory
  • 1TB Fusion Drive storage
  • AMD Radeon Pro 560X with 4GB GDDR5 memory
  • NO CD/DVD Drive and no Retina display
  • Wired Apple Mouse  [wireless only upon request as set and may cost additional]
  • Apple Keyboard with Numeric Keypad (English)- (wired) [wireless only upon request as set and may cost additional]
  • macOS Mojave (10.14) with built-in iLife Apps
  • 3 yr Apple Protection Plan
  • Microsoft Office for MAC license (WORD, EXCEL, POWERPOINT)

[endsection]

[section=14″ PC Laptop]

Dell Latitude 5401 PC laptop

  • 9th Generation IntelCore i5-9400H Processor (4 Core, 8MB Cache, 2.5 GHz, 4.3GHz Turbo, 35W vPro) Windows 10/Linux only   
  • 14″ FHD (1920 x 1080) Anti-Glare Non Touch, RGB Camera & Microphone, WLAN/WWAN Capable
  • Integrated Intel UHD Graphics 630 with Thunderbolt3  for i5-9400H
  • Windows 10 Pro License 64 bit
  • 16GB, 1x16GB, DDR4 Non-ECC Memory
  • M.2 256GB PCIe NVMe Class 40 Solid State Drive
  • Intel® Dual Band Wireless AC 9560 (802.11ac) WiFi + Bluetooth 4.2
  • NO ON BOARD CD/DVD DRIVE( external USB version available at additional cost)
  • 130W E5 Type C Power Adapter
  • Primary 4 Cell 68Whr ExpressCharge Capable Battery
  • Monoprice Consul Series USB-C VGA Adapter with USB 3.0, USB-C 100W PD 3.0 
  • Dell 14in Professional Sleeve 14 Carrying Case 
  • starting at 3.37lbs; Dimensions- Width: 12.72”, Height: 0.80” front -0.90″ rear, Depth: 8.5”
  • 3 year hardware support warranty
  • Microsoft Office Pro Plus 2019 license(WORD, EXCEL, POWERPOINT and ACCESS)

[endsection]

[section=13″ PC Laptop – travel friendly]

Dell Latitude 7300 PC laptop

  • 8th Generation Intel Core i5-8365U Processor (4 Core,6MB Cache,1.6GHz,15W)
  • Windows 10 Pro 64bit English
  • M.2 256GB PCIe NVMe Class 40 Solid State Drive
  • 13.3″ FHD (1920 x 1080) AG, Non-Touch, SLP, 6.0mm Cam/Mic, WLAN/WWAN Capable, Carbon Fiber
  • Integrated Intel UHD 620 Graphics for i5-8365U Processor
  • 16GB, (1x6GB, DDR4 Non-ECC from DELL)
  • Internal English, single Pointing Backlit Keyboard

  • Intel Dual Band Wireless Driver 9560 (802.11ac)WiFi + Bluetooth 5.0
  • 65W E5 Type-C Power Adapter
  • NO ON BOARD CD/DVD DRIVE( external USB version available at additional cost)

  • 4 Cell 60Whr Battery
  • Dell Adapter – USB-C to HDMI/VGA 1 /Ethernet/USB 3.0
  • Dell Professional Sleeve 13in Carrying Case
  • 3 Year Basic Hardware Service with 3 Year NBD Limited Onsite Service After Remote Diagnosis
  • starting at 2.75lbs; Dimensions- Width: 12.06”, Height: 0.67” front – 0.73 rear, Depth: 8.14”
  • Microsoft Office Pro Plus 2019 license(WORD, EXCEL, POWERPOINT and ACCESS)

[endsection]

[section=MacBook Pro]

Apple 13″ MacBook Pro with Touch Bar: 1.4GHz quad-core 8th-gen Intel Core i5, 256GB – Space Gray 

 

  • 1.4GHz quad-core 8th‑generation Intel Core i5
  • 8GB 2133MHz LPDDR3 SDRAM  on board memory 
  • 256GB  SSD Storage
  • Intel Iris Plus Graphics 645
  • Force Touch trackpad, Touch Bar and Touch ID
  • Two Thunderbolt 3 ports(USB-C ports)
  • Backlit Keyboard (English)
  • 13.3″ LED-backlit display with IPS technology; 2560-by-1600 native resolution
  • external display – Supports One 5K or Dual 4K Displays
  • 802.11ac Wi-Fi & Bluetooth 5.0
  • 3.5mm Headphones Jack | Stereo Speakers and three microphones
  • macOS Catalina(10.15)
  • NO ONBOARD CD/DVD Drive
  • 61W USB-C Power Adapter & USB-C Charge Cable (2m)

  • cabling for connecting to DP displays – USB-C to DisplayPort Adapter #13234
  • cabling for Ethernet and USB X 3- Monoprice USB-C to 2x USB-A 3.0, Gigabit Ethernet & USB-C (F) Adapter #15250
  • cabling for connecting to HDMI or VGA in Smart Classroom/projectors or external monitor- MonoPrice USB-C to 4KHDMI, DVI, VGA adapter #21607
  • Height: 0.59 in, Width: 11.97 in, Depth: 8.36 in, Weight: 3.02Lbs 

  • AppleCare+ (3yr warranty) 

  • Microsoft Office 2019 for MAC (WORD, EXCEL, POWERPOINT)

  • Basic 14 inch laptop bag

[endsection]

[section=Options]

The cost of optional items must be covered by your department.

  • Dell Ultrasharp 27″ monitor:  ~ $510 as second monitor ~$295 as an upgrade [4K 3840 x 2160 at 60 Hz, & LED-backlit LCD monitor / TFT active matrix, with 99.9% sRGB color gamut, 99.98% Rec 709 color gamut]
  • Mac desktop: ~$300 [ upgrading at time of purchase to 27″ Retina 5k 
  • Mac laptop: ~$180 [ upgrading at time of purchase to 16GB ]

[endsection]

eduroam – Global WiFi roaming for Academia

What is eduroam (“educational roaming”) and where can I use it?

  • It is a secure, encrypted, Wi-Fi network that utilizes 802.1X technology to provide unified access across campus. It also allows users from WOU to securely access the Internet from any eduroam-enabled institution throughout the world.
  • In addition, eduroam provides visitors from participating institutions access to WOU’s wireless network and the Internet, without needing guest credentials or additional configuration by the user.
  • Eduroam is available at more than 12,000 locations worldwide, including more than 450 colleges, universities, and research facilities in the United States.
  • Additional information about eduroam can be found here.
  • A list of participating subscribers can be found here

How do I connect to eduroam at WOU?

  • Go to your wireless configuration page.
  • Select eduroam from the list of available SSIDs.
  • Enter your WOU e-mail address in the userid field.  example@wou.edu
  • Enter your Pawprint password in the password field.
  • If you are from a visiting university, use your universities login credentials.
    • If you previously configured your device at your home university, no further configuration will be required to connect to eduroam at WOU.

Connection tool:

  • The eduroam connection tool can be downloaded here.

Password Compromise Report

Many of you will find a new channel in your Portal labeled “Password Security”.

This channel will include a list of sites where your password has been compromised.

You may have placed your WOU credentials at risk under the following conditions:

For example:

  • your WOU account is johnDoe, with an e-mail of johnDoe@wou.edu and a password of theSaltShaker
  • your Amazon account is johnDoe and your password is theSaltShaker

The Portal report displays all sites where you have compromised accounts, resulting in your userid and password being published on the Dark Web.  Even though your password wasn’t initially compromised at WOU, you run the risk of someone picking up the userid/password pair and trying it at WOU.

It is suggested that you have a separate userid/password pair for each authenticated service you utilize.

What should I do to increase my level of security?

  • You will notice that in a recent blog tilted “Digital Identity Guidelines“, you now have the ability to enter up to 64 character passwords at WOU.   I would take advantage of the longer password ability.
  • For each site you login to, I would have a separate userid/password pair.
  • Never share your credentials.

Digital Identity Guidelines

The National Institute of Standards and Technology (NIST) provided updated guidelines for memorized secrets (passwords) in June, 2017. (special publication 800-63B)

The new guidelines include the following language:

“Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).

However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.”

“Verifiers SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length.  Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length.”

“When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.  For example, the list MAY include, but is not limited to:  Passwords obtained from previous breach corpuses, dictionary words, repetitive or sequential characters (e.g. ‘aaaaa’, ‘1234abcd’), or context-specific words, such as the name of the service, the username, and derivatives thereof.”

The account lookup code will be changed to bring WOU credentials in alignment with the new NIST standards.

Forcing users to change their password frequently could actually make systems less secure.  In most cases, passwords are exploited immediately.  It is typical for a user to use a weaker password if they are required to change it often.

A long password is stronger.  A 6-character password can be cracked in 11 hours, while a 9-character password takes 10 years, based on using the ASCII character set.  The new account lookup system will contain the ability to use UNICODE characters also, making a password virtually impossible to break in a lifetime.

Account lookup will be modified during January / February, bringing it in compliance with the current NIST guidelines.

February 5, Banner will be production in the cloud.  Banner authentication will be via SSO, which aligns Banner access with the memorized secrets set with account lookup.

Banner in the Ellucian Cloud

Banner is currently hosted at University Shared Services Enterprise (USSE) on the Oregon State University campus.

Eastern Oregon University, Oregon Tech, Southern Oregon University, and Western Oregon University have all made the decision to move to the Ellucian Cloud (EC).  Ellucian is the company that owns Banner.

EC is hosted on Amazon Web Services (AWS).  WOU’s instance of Banner will be hosted on an Oregon AWS site.

Why move Banner to another hosting site?

  • Oracle and Ellucian are no longer supporting Banner 8, effective December 30, 2018.  EC resources are sufficient to successfully implement the Banner 9 infrastructure that is required to meet the deadline.  (more on Banner 9 in a future post)
  • EC provides us with a Disaster Recovery plan that includes failover to one of two other Oregon AWS sites.  If all three Oregon AWS sites are inoperable, then WOU Banner will be failed over to one of the Virginia AWS sites.

When will WOU go production on EC?

  • Access to Banner at USSE will be terminated at 5:00pm on Friday, February 2, 2018 and WOU will be live on Banner at EC at 7:00am on Monday, February 5, 2018.

How will I access Banner on EC?

  • Both WolfWeb and Banner INB will continue to be accessed though the Portal.  UCS will change the links to each system during the go-live weekend.
  • WolfWeb can be accessed from any browser, while Banner INB requires Internet Explorer (IE) or Firefox ESR (extended support release)
  • In an effort to strengthen security, off campus access to Banner INB will be available only through VDI.  (https://wouvdi.wou.edu)  There will be no changes to off-campus access to WolfWeb.
  • If you have shortcuts saved to your browser, those will no longer work, post migration weekend.

How is the migration going?

  • The migration effort includes modifying many integrations and job submission server parameters.  A team of technical and functional staff have been working with Ellucian on the cloud migration project since the third week of August.  All this effort is coming together and we expect a successful transition.

Schedule for functional testers:

  • Another test export of both Degree Works and the Banner database will occur on December 19, 2017.  Ellucian will have the refresh ready for us the following morning, December 20, 2017.
  • The final test export will be performed January 12, 2018.  Ellucian will have refresh completed the following morning, January 13, 2018.
  • A code freeze will occur on January 12, 2018 and will be in effect until go-live weekend.

Schedule for go-live weekend:

  • Friday, February 2, 2018 at 5:00pm, Banner will become unavailable.
  • Friday, February 2, 2018 at 5:30pm, Degree Works exported and sent to Ellucian Cloud for import
  • Friday, February 2, 2018 at 7:30pm, Banner exported and sent to Ellucian Cloud for import
  • Saturday, February 3, 2018 at 9:00am, UCS technical team work through checklist and perform initial testing.
  • Saturday, February 3, 2018 at 1:00pm, Functional team begins their testing and UCS technical resolve any outstanding issues.
  • Sunday, February 4, 2018 at 9:00am, Functional and technical teams complete outstanding issues.
  • Monday, February 5, 2018 at 7:00am, Banner production is available in the Ellucian Cloud

Where do I find additional information for Banner Cloud?

Two-Factor authentication

Account security can be enhanced with 2-factor authentication.

 

Why would I want to use 2-factor authentication?

If you use the same password for many of your accounts, your credentials are probably published on the dark web.   Several years ago, I was approached by a questionable vendor that provided me with many of your passwords.   I alerted campus when this occurred. My password was included on the list.

Lessons learned:

Use a different password for each of your accounts.

Change your password frequently.  (https://dev.wou.edu/accountlookup)

Use a long password.

Utilize 2-factor authentication when it is available.

2-factor authentication provides an extra layer of security.  After you successfully enter your userid and password, the system will ask you for some type of token.  Google Authenticator is a great place to get your token.  You can run Google Authenticator on your iPhone or Android device, providing you the token.  New tokens are produced every 30 seconds.

Google Authenticator can be found here:

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8

Amazon, Amazon AWS and Google all provide support for 2-factor authentication.  That means you can turn on 2-factor authentication for all your Google Apps.

Google help can be found here:

https://support.google.com/accounts/answer/185839?hl=en

Amazon help can be found here:

https://www.amazon.com/gp/help/customer/display.html?nodeId=201962420

 

 

Phishing and other e-mail traps

Always view e-mail suspiciously!

 

E-mail security infrastructure  (On-campus and off-campus)

  • Every day, the WOU anti-virus, anti-spam filter stops 200,000+ e-mails from being delivered  (true for both on-campus and off-campus viewing of e-mail)
  • When the WOU intrusion protection system detects “Ransom-ware”, it sends a note to the border firewall and tells it to no longer allow the “Ransom-ware” intruder onto the campus network, thus protecting your computer.
    • The one case of “Ransom-ware” that was not stopped by the IPS this year, encrypted the users local computer and 70,000 files on his departmental drive.
    • We had snapshots of all the files on the departmental drive and were able to recover the encrypted files.
  • When reading your e-mail outside of WOU, if you were to click on a bad link that connects you to “Ransom-ware”, you are no longer under the protection of the IPS.
    • A member of the local Monmouth community was asked to pay $1,000 to un-encrypt his files after being hit by “Ransom-ware”.
  • Another common scheme is to ask you do perform some task, posing as someone you know and trust.

Recommendations:

  • Don’t click on URLs before you know where they will lead.
    • Shortened URLs can be dangerous  http://goo.gl/fPKDds
      • unshorten.it can be used to expand a shortened URL, also providing the site’s trustworthiness
      • Best practice is to:
        • Hover over the link and verify the link is legitimate OR
        • Type the link in manually
        • Never click on the link, the URL that is displayed, may not be the underlying URL
    • Watch for slight differences in URLs  (ex:  www_wou.edu instead of wou.edu
  • UCS will not ask you for your password or SSN in an e-mail
  • When in doubt about the source of an e-mail, full headers will provide you further data in regards to the legitimacy of the e-mail  (partial headers)
    • To display full headers:
      • Google mail: open message, select the icon that provides you with the option to reply-all.  Select “Show original”
      • Thunderbird:  open message, select view, select headers, select all
      • Outlook:  open message, select tags. The Message Options dialog box is displayed. The internet headers are shown in the Internet headers field at the bottom of the dialog box.

Additional references:

Virtual Desktop Infrastructure — (VDI)

What is VDI?

  • Virtual desktop infrastructure (VDI) is a collection of desktop operating systems, hosted on a collection of virtualized servers.

What does the VDI infrastructure look like?

  • There is a collection of 400 virtualized Windows 7 desktops ready to be accessed
  • Current utilization is 100 – 130 concurrent users
  • If desktop utilization becomes greater than 350, then 25 additional Windows 7 desktops are automatically built, giving us 425.  This will be repeated as concurrent user demand increases.  Build time for the 25 additional desktops is 15 – 20 minutes
  • When you logout of a desktop, the image is destroyed and rebuilt from the golden image  (no more virus worries!)
  • There are 7 virtual servers dedicated to VDI.
  • VDI runs on Solid State Drives
  • VDI is load balanced across two gateways
  • VDI servers are located, both in the Data Center and DeVolder

How can VDI be accessed?

  • At various locations on campus, including the Hamersly Library, Wyse terminals are directly connected to VDI.
  • IMG_0217
  • VDI can be acessed with a web browser
    • https://wouvdi.wou.edu
      • Select the icon on the right side of the screen labeled, VMware Horizon HTML Access
      • Use your Pawprint login credentials to authenticate
      • Select the “Lab Stations” icon to connect to Windows 7

Will I have access to my network drives?

  • Yes, H:, I:, J:, P:, etc are all accessible

What software is available on the Windows 7 virtual desktop?

  • Microsoft Office Suite, Chrome, Internet Explorer, Firefox
  • ArcGIS, BlueJ, eclipse, Fathom, Foxit Reader,Geo Gebra
  • GS View, Ghostscript, Green Globs, Escape!, GSP
  • SPSS,Kinovea, LEGO Mindstorms, Maple, MatLab, TeXworks
  • Printkey, Python, QuickBooks, QuickTime, RealNetworks Suite
  • Subversion, VLC,  WinDirStat, WinEdit, WinRAR

Additional Functionality?

  • Select the down arrow in the top middle of the screen.
    • This will display a down arrow.  Select the down arrow to display menu options
      • Options include
        • Send control-alt-delete message to Windows
        • Toggle to full screen
        • Paste text
        • Disconnect
        • Help
  • Transfer data to and from USB drive attached to local computer
    • Install VMware Horizon Client on your local computer  (an alternative to the web client
    • Select Connection, then USB from the VMware Horizon Client menu
      • Select Automatically connect when inserted (you will now be able to copy files to / from networks drives from / to local USB storage