February, 2018 CIO Update
Happy Almost Spring! For this month’s entry, I would like to share updates on two services that are critical to how we access online resources at VCU. I would also like to continue providing more insight into the operational areas of VCU Technology Services with an overview of the University Computer Center.
eID Self-service Password Reset Update
In order to make access to VCU online resources both easy and secure, it is important that people have the ability to reset their password quickly and easily. The IT Support Center is available to help with password resets 24/7, 365 days a year but having a process available online to handle resets provides another avenue for our community to handle this task. In August of 2015, VCU Technology Services, as a collaboration between our Web Services and IT Support Center teams, debuted an online self-service option for VCU community members to reset their eID passwords online with no phone call or email at any time. The table below demonstrates that the eID Password Self-service tool has become popular.
|Year||Total Password Resets||IT Support Center||Self-service Tool||Percentage Using Self-Service Tool|
However, we believe this function can be even better and expect to improve the password reset process as a part of our Identity and Access Management (IAM) project, in which we are implementing a system that allows for more seamless flow and management of authentication and authorization rights across all VCU systems and services. We will provide more information as the project progresses.
Over the past 18 months, VCU Technology Services has integrated the VCU 2Factor authentication service into many of the core VCU IT systems and services in order to reduce the usability of stolen accounts and better safeguard sensitive institutional and personal information.
The VCU 2Factor authentication system is now fully integrated with the RamsVPN system for remote access to on-campus resources as well as with the VCU Central Authentication Service (CAS). CAS helps to protect access to our portal, Blackboard, and email as well as many other VCU systems. Faculty and staff are required to use the 2Factor authentication system when logging into university IT resources protected by CAS, while students are provided with the option to use 2Factor authentication to better safeguard their personal information. Since 2Factor authentication relies on more than just a username and password, it is more difficult for an attacker to assume a victim’s digital identity without alerting that victim. As such, the VCU information security team hypothesizes that attackers now have less incentive and interest in targeting systems and accounts protected by 2Factor authentication.
Over the course of the migration, the information security team has collected statistics that demonstrate a key benefit of implementing this technology. The following graph shows the number of compromised VCU accounts from December 2015 to December 2017 correlated with major milestones of the 2Factor integration project.
In addition to the reduction in compromised accounts, toward the latter half of the project, the VCU information security team observed little to no valid use of any compromised account. To learn more about the VCU 2Factor Authentication system, please visit http://go.vcu.edu/2factor.
VCU Computer Center: An overview
The mission of the University Computer Center (UCC) is to provide secured, reliable, and cost-effective computing power, data storage, and system backup and recovery services with 24 x 7 operations and systems support to the VCU community.
The UCC, located in the downtown Capitol Square complex at 900 E. Main St. in the secured Pocahontas Building, has a state of the art data center with keycard access, raised flooring, racks for mounting equipment, high-capacity air
conditioning, and power provided by redundant UPS units with battery/generator backup. The data center provides an alternative solution for departments that maintain their own equipment by offering a variety of services that can be tailored to meet individual needs. The UCC also serves as a major network hub for the University.
The UCC’s services include:
- Network Operations – The UCC maintains a Network Operations Center (NOC) that is staffed 24 hours/day, 365 days a year. The NOC is responsible for the management of all production operations in the center. Using various monitoring tools, their responsibilities are to monitor system/network status and perform initial triage and escalation as required. The NOC monitors the data center’s environmental conditions and maintains security. The NOC acts as an interface between the UCC and the technical staff from various groups throughout the university.
- Operating Systems Administration – The UCC has a team of engineers that provide total administration and management of servers, relieving the end department the burden and high expense of a dedicated engineer for these tasks. The UCC’s team of engineers is highly proficient in the complete management of various Operating System platforms currently supporting Windows and Red Hat Enterprise Linux.
- Server Hosting – The UCC can host (services provided via Service Level Agreements on university-owned equipment) server (physical or virtual) and data storage devices. UCC staff will work with you to determine your requirements, purchase, and manage a server for you.
- Server Housing – Is a service for equipment that is only housed at the facility but still maintained by the individual or department that owns the equipment. The benefits are physical security, temperature controls, secure network connections, and power for equipment that may be otherwise maintained in a less desirable environment. This attractive option is provided at no cost to the customer.
- Database Administration – UCC staff includes a team of database administrators (DBAs) who provide database administration for Oracle, MS SQL Server and MySQL databases on Linux and Windows operating systems. Services include installation of database software and patches, backup and recovery, security, and performance tuning.
- Storage Area Networking – The UCC has implemented a storage area network (SAN) to help meet large storage requirements, primarily for non-research applications. The UCC’s SAN currently provides hundreds of terabytes of storage capacity.
- Backup Solutions – The backup environment for server, database and SAN file data is managed by IBM’s Spectrum Protect (formerly known as Tivoli Storage Manager) software which provides advanced backup capabilities to clients for backup of disk and database storage. Currently 2.3 petabytes of data are maintained from 600 nodes that are in the computer center and across the university campus.
- Disaster Recovery – The UCC maintains a satellite hot-site facility that provides a place for hosting designated critical servers and storage so mission-critical systems are able to continue to function. There is a formal approval process to get equipment housed in the Recovery Center.
To request service: For servers, storage, database, SSL certificates or any other services offered by the UCC, please open a Service Desk ticket at: servicedesk.vcu.edu and select Servers and Storage from the panel on the left side of the page.
Visitors must be granted access to the building, and must provide photo ID and sign in with security staff before the NOC can escort visitors into the UCC. It is helpful to call the NOC first if you need to visit. Data center tours are available to VCU staff, and we have hosted sessions for graduate auditing classes and other appropriate students by Instructor request.
Thanks to all of those who make the above work possible every day!