April 19, 2024
mist Mist 46 °F

Information Technology Services, winter 2022

January 18, 2023

In October, the Information Security Team (ITS) released its annual Cyber Security Awareness training utilizing “KnowBe4” cyber training in conjunction with helpful cybersecurity and tech-related information via campaigns, blogs, social media posts and more. More than 1,300 individuals completed the cyber training by early November. Unbeknownst to ITS, the timing was fortuitous because in early November there was an incident regarding an unintended University-wide ‘windows’ computer upgrade. A significant number of our users immediately contacted ITS inquiring if the upgrade was valid due to suspect messaging. In part due to vigilant users and IT staff; action was taken quickly to stymie and mitigate the impacts of this incident. Although the impact was felt across the University, the residual impacts were significantly less than they could have been. Since then, ITS has received additional requests to make similar cyber awareness and security training content available at different intervals. Because of the need/response, Information Security is developing a plan to make this training available in an ad hoc method.

The ITS Networking team recently launched a Wi-Fi Feedback Campaign to solicit user feedback on areas to improve ITS Wi-Fi services across all University locations. The survey is planned to run through the end of January 2023, with almost 100 respondents thus far. This is an excellent tool and data study for Networking to work with in its vision to upscale Wi-Fi coverage on the entire campus.

The Enterprise Systems and Applications (ESA) group made progress on the implementation of the new data storage infrastructure over the past few months. As part of bringing the new system online, ITS suspended all data storage activities for two days (during a noncritical period in the academic and professional calendars) to fully synchronize the data between the old and new systems. Once that was done, ESA brought the system online and has been meeting with success, testing mutually redundant backup and data recovery processes. The group has now begun to implement real-time production redundant backups. Over the next several months, all key systems will be migrated to this data storage infrastructure. This process will have real-time replicated data storage in two different locations, all under the guise of providing secure data storage and redundancy. The new data storage process is completely transparent to the end users. It’s highly resilient against cyber and ransomware attacks.

Over the past two years, ITS has made significant progress in educating our users about local data storage on personal work devices and the need to place all critical data and work files on network drives. These network drives are backed up regularly and enable users to recover their data due to unfortunate computer incidents. The November incident mentioned above highlighted ITS’ success in educating all users on the necessity of having a secondary data backup system. Overall, a very small percentage of users actually lost data from the afore mentioned incident. What affected users dealt with the most was system reconfiguration issues. The reconfiguration issues necessitated in-person assistance from IT staff who were able to resolve the majority of all reported problems within two weeks, which was a significant improvement in protection and recovery from the cyber incident in November 2020 that took significantly longer to recover from.

Enterprise Systems and Applications Group

The Enterprise Systems and Applications (ESA) team continued to complete regular system and security maintenance upgrades across multiple hardware and software systems:

  • Banner 9 SSB implemented to allow insight and configuration of the system, which enabled additional links to be placed on the Student Profile page.
  • Implemented the SUNY GlobalID as required by SUNY System Administration.
  • Assisted Course Building and Academic Space Management with releasing final exam schedule for the end of fall semester.
  • Updated the Evisions base system.
  • Completed the configuration of the new Infosilem servers and integrated Infosilem access into the IAM system.
  • Added views in Operational Data Storage to allow for better Human Resources lookups and searches for better integration with the new Identity and Access Management (IAM) system.
  • Installed a new Exagrid appliance in the main data center and upgraded code across the platform to allow for this data storage system to be added to the overall IT infrastructure.
  • Installed and configured Eyeglass software for Ransomware protection on the NAS.
  • Created a failover site and upgraded vCenter for the VMWare infrastructure.
  • Removed the Google Hangouts/Chat from Google access. Also, modified the Google Workplace for Education system to allow for a final Google Hangouts conversion to Chat or Takeout, since this service was reached end of life in November. The 763 users who still had active data were notified to move data or seek assistance well in advance of the end of service date.
  • Integrated the Advise system with our Google environment for automated emails and scheduling.

Other projects completed this semester included:

  • Second phase of online.binghamton.edu.
  • Created two virtual servers for Infosilem to replace aging physical servers.
  • Integrated research.gov with Binghamton University InCommon federated logins.
  • Worked with Comsource to create NFS mounts on the Powerscale system.
  • Worked with Ellucian on implementation and configuration of Ellucian Advise and Advancement.
  • Worked with SUNY and the inventor portal to update their authentication system for a more fluid authentication experience for researchers.
  • Worked with the Mathematics Department to convert outdated code to give them more accurate data.
  • Built a new Pinnacle development server.
  • Completed the transition to a hosted StarRez system, updated local access to the onsite system database.
  • Installed and configured RobeRegistrar and implemented the Parchment transcripts system as an upgrade and conversion from the older Credentials solution. These services provide transcripts for our students.
  • Completed the Touchnet to Nelnet conversion.

Network Administration Operations and Infrastructure

The Network Administration Operations and Infrastructure group completed, upgraded and completed projects in the following areas:

  • Upgraded the Ivanti VPN version, clients and certificates.
  • Upgraded the Bluecat DHCP/DNS hardware.
  • Worked with other ITS departments and fine arts to provide streaming and recording solutions for the 6th Annual Drawing Marathon event.
  • Configured/tuned environmental monitors in the Pharmacy Data Center for temperature alerts.
  • Assisted ESA with allocation and initial network configuration for Exagrids (data storage system) and media agents for pharmacy.
  • Installed over 300 fiber splices in Hillside and Hinman residence halls.
  • Telecommunications completed the moves of all calling queues to the new Mitel MCC server (a more advanced contact center platform that provides enhanced services).
  • Assisted Watson computing group providing network ports/configurations for three additional VDI hosts in the data center.
  • Replaced switches in the Events Center, Heating Plant, Physical Facilities garage, and Commissary.
  • Designed and finalized Library South third floor WLAN (wireless) design.
  • Upgraded Bartle Library with six new CCTV replacements.

Additional projects in progress, being put into production or are completed are:

  • Testing the AireOS code (wireless AP code) in the Tech Hub for stability, and will roll this code to production controllers during winter break.
  • Wi-Fi design and installations are progressing at the Binghamton Tennis Center, which includes nine cameras and one speaker.
  • Wi-Fi designs for Phase 2 of the Baseball Complex project continued with installations.
  • Coordinating with Juniper/Mist for a planned demo of their wireless access points, scheduled for January 2023.
  • The Physical Facilities Design Team devised plans for the front entrance for the Binghamton Tennis Center and will discuss this further with Auxiliary Services. Door access configuration will be determined by this decision.
  • Security and Infrastructure Support had two meetings with Indoor Robotics regarding its autonomous drones and analytics that would benefit operational processes by initiating critical response workflows.
  • Continued Old Rafuse renovation project planning with Physical Facilities.
  • Science 2 Tower access control system was recently activated.
  • braXos was engaged regarding Parking Services’ paid lot/garage Binghamton University ID card solution.
  • CCTV depreciation replacements required seven new Dell servers and adding cameras to Delaware residence hall, Dining Services and Physical Facilities.
  • Deployed #HomeOfTheBearcats in the Events Center for a branded guest Wi-Fi SSID (wireless network) for specific athletic event informational purposes, advertising, etc.
  • Deployment of the Root outdoor Wi-Fi access point to the co-rec playing field with the upcoming second mesh end access point deployment.
  • Planning, pre-stage and deployment of equipment for Ruckus Wi-Fi Proof of Concept project in a residence hall and classroom. Testing areas were deployed in the Lecture Hall and Saratoga Hall.
  • Moved University Downtown Center’s fiber optic shelves to a new multi wavelength system improving the receive network optical light levels between Engineering and Science and the Health Sciences Campus.

Information Security Group

Information Security and ITS Communications teams utilized social media and ITS blogs to communicate the focus on cyber awareness, not just during October Cyber Awareness Month, but throughout the fall semester. This resulted in a number of potential phish emails being reported to security@binghamton.edu.

ITS Information Security assisted in enabling the IAMBing tool to automatically deprovision/remove accounts and permissions when a person’s Binghamton University affiliation ends. The team assisted with implementation dates and documenting the change within ITS, and acted as initial communications lead with other departments along with the Alumni Association and central Human Resources. The team also assisted with answering questions while helping to engage other departments (i.e., Library teams) to coordinate their systems and policies to account for this deprovisioning.

The ITS Innovation team, the Help Desk staff, ESA leadership, and Information Security team were involved with the initiative to disable alumni single sign-on (SSO) and Interactive Login (the ability to log on to campus computers) service access. This effort reduces the potential for compromised account access to University services and helps avoid exceeding licensed service allotments. It also paves the way for the eventual deletion of Alumni Active Directory accounts. ITS manually secured 10 recently compromised accounts, a significant drop in compromised accounts from previous months.

The ITS Active Directory, the Help Desk, Innovation team and Information Security staff created a process for providing temporary OneDrive data access to alumni who recently lost access to that service based on recent ITS identity and access management (IAM) and security practices that deleted alumni BU Domain accounts. Information Security assisted in enabling IAMBing automated deprovisioning and enforced CAS and 2FA on Office 365. These actions help eliminate pathways into compromising existing accounts, blocking phishing messages, and comply with security-related policy and insurance requirements.

Other projects that Information Security worked on in the last three months were:

  • Addressed around 900 service tickets through TeamDynamix over fall semester.
  • Created virtual machines to host security scanning software to more effectively scan for and monitor University network risks.
  • Worked with TeamDynamix administrators and Information Security staff to configure, schedule, and enable service level agreement requirements and reminders for all ITS service request and incident support tickets. These help ITS comply with support contract obligations, assist technician time management and maintain a timeline of work within the platform.
  • Completed Knowledge Base article migrations from ServiceNow to TeamDynamix. The most utilized articles were Google 2-Step setup, Ivanti VPN Install/upgrade access and how to connect to print on campus printers (Taboo).
  • Assisted with Admissions, Ombudsman and the CCPA Dean’s Office to access critical data for department business from the accounts of former employees. Information Security retrieved the requested data needed so the departments could complete their necessary tasks.
  • Currently working with the Fleishman Center and International Student and Scholar Services to coordinate a phishing education campaign. If the recipient of the phishing test falls for it, it would then direct them to a phishing education platform hosted through Information Security.
  • With assistance from ITS network administrators, Information Security staff reviewed all current firewall rules and exceptions for validity and accuracy. Afterwards, Information Security provided recommendations for further review and/or removal of any invalid rules.

Technology Support Services (TSS) Group

The ITS Help Desk had a decrease in calls/incidents through the fall semester; interestingly enough the November incident did not significantly increase calls to the Help Desk. There was an average of about 2,000 incidents a month from the end of August to the end of November with about 43% being assigned to the Help Desk. An average of about 900 tickets were resolved this last semester, and 40% of the incidents were resolved at the first level (Help Desk staff) of support. The top five requested services in November consisted of:

  • HR new employee
  • 2FA or Google 2-step
  • Help Desk general requests
  • Computer assistance
  • Laptop loaner repair and requests

This fall, Client Services began with a normal and stable level of tickets with more requests for software assistance and computer issues, which in turn saw an increase in repair loaner laptop requests. The repair loaner service was one of our top 10 requested services in September, along with the re-emergence of Gradescope and Brightspace assistance as instructors began to schedule their first exams. For those with questions about the Brightspace gradebook, grading assignments, quizzes and discussion boards; there were continuous Zoom open office hour sessions to ask questions in November through the beginning of December.

The top 10 highest rated incidents count resolved by group were in order from highest to lowest:

  • Help Desk services
  • Technical Support
  • Information Security
  • Library systems
  • Brightspace/Gradescope support
  • Network Administration
  • Active Directory
  • EdComm
  • Google Administrative
  • Security Infrastructure and Support

The Help Desk ran an internal program, “Get to know the groups in ITS - What do we do?” in November and December. The focus was to help educate all ITS staff (new and existing) on what ITS does. This was a major success!

Innovation and Research Computing Support Group

The Innovation team has been working on Phase II of the IAM (Identity Access Management) project:

  • Several additional systems are now being managed by the core IAMBing framework including BComply (compliance training) and TeamDynamix.
  • Since the Nov. 1, the IAM System is automatically notifying individuals (via email) and deprovisioning accounts based on HR and SIS data. This completes the effort to fully automate management of Binghamton University (BU) Domain and Google Accounts, complimenting efforts that started with automated account creations in May 2022.

Change of Grade E-form and workflow

In collaboration with the Registrar’s office, an online workflow for automating the change of grade process was developed. Change of grades have historically been performed manually via paper forms, emails and tedious data entry. Starting in December 2022, grade changes will be initiated by faculty within myBinghamton via a web form that provides an electronic audit trail of changes, and will result in fully automated grade changes within Banner.

Faculty Sabbatical, Title F Leave and Sabbatical Leave Reports

In collaboration with the Provost’s Office, we have developed and updated the online workflows for Faculty Sabbatical and Title F leave processes, including electronic submissions and approval routing. This also includes the follow-up Sabbatical Leave Report, which is submitted by faculty at the conclusion of the sabbatical leave.

ITS staff promotions and new hires

ITS congratulates and welcomes new employees and promotions:

  • Ryan Sawicki was promoted to SG-12, Trades Generalist Oct. 13.
  • Sarah Napolitano Waldbaum was promoted to an SL4/Web Administrator/Systems Analyst Oct. 13.
  • Stephanie Butora was hired and started on Nov. 10, to fill a technical support analyst position within Technical Support Services directorate

ITS Training

  • Gary Dewey is certified as a CompTIA Cybersecurity Analyst+ (CySA+). This is an intensive course in cybersecurity.
  • Casey Parker is completing training to be a Healthy Campus Agent.

ITS Kudos

  • Kudos from the Office of the President (Martha Gahring) and The Link Foundation for ITS Communications Manager Steven Palmer and Systems Analyst Craig Houck for their efforts to maintain and update The Link Foundation website. Their work enables the Link Foundation to reach the next generation of scientists who apply for competitive PhD scholarships in energy, oceans and simulation. Link Foundation Chair Shelley Dionne responded, “It is terrific to know the Link website these individuals visit to begin their process is professional and is an excellent representation of the Link Foundation.”
  • Congratulations goes to Gary Dewey, information security analyst, who was one of the three members of a Cyber Security Team that competed in the national U.S. Cyber Challenge (USCC) Cyber Bowl competition. Dewey and his teammates ultimately won the competition and are the 2022 US Cyber Challenge champions.
  • Congratulations to Scott Geiger for being recognized by the School of Management for his excellence as an adjunct instructor for the school.

Posted in: