The Information Technology (IT) Syndicate advises the General Board on all matters concerned with the use of IT for academic purposes and, through members nominated by the Bursars' Committee and the Senior Tutors' Committee, it advises the Colleges. Liaison is maintained with other major IT providers in the University through the Director of the Management Information Services Division (MISD) and the Chairman of the Joint Telecommunications Management Committee (JTMC). The Syndicate has representatives from the staff of the University Computing Service and from the Graduate Union. In addition to its general role in advising the University, the Syndicate oversees the work of the University Computing Service.
This Report consists of a section describing the main items of policy discussed by the Syndicate and some highlights from the activities of the University Computing Service in the past year. This is followed by a list of the main services and facilities provided by the Service and a statistical annex giving details of their use. A more detailed breakdown of these statistics is available on the World Wide Web at http://cam.ac.uk/cs/itsyndicate/annrep/stats03.04.pdf.
The Syndicate discussed the consultant's report to the JTMC on the proposed replacement of the University's telephone network and agreed with the JTMC that the suggested wholesale introduction of voice over IP (VoIP) technology was too risky to recommend at this time. The Syndicate believed that the time for this technology would come and recognized that some major telecommunications links carrying voice traffic were already being carried successfully over the fibres of the Granta Backbone Network (GBN).
Further integration of the telephone network with the University network (CUDN) which would be required by the introduction of VoIP would require the University Computing Service and hence the Syndicate to take a wider role in the provision of infrastructure for the support of non-academic purposes than they do now. It was recognized that the Computing Service is already providing major infrastructure services such as the University network and electronic mail which are equally as important to the administration of the University as they are to its academic work. The Syndicate considered that it could better serve the University in helping to oversee the development and maintenance of these services if it reported to the Council as well as to the General Board. The Chairman of the Syndicate wrote in this vein to the Vice-Chancellor, who asked the Registrary to take forward the process of consultation with the Council and the General Board leading to a change in Ordinances.
The Syndicate were concerned that not all University employees and students were covered by the Syndicate rules as presently constituted, since Departments had to opt in, rather than being included by default. The guidelines on the use and misuse of computers issued by the Personnel Division also differed from the Syndicate's rules in some important details. The Academic Secretary agreed to amend Ordinances as necessary recognizing that a convenient time would be when they are revised to show the Syndicate reporting to the Council as well as to the General Board. The Personnel Division and the Computing Service are working on harmonization of the guidelines on misuse.
Following the recommendation from the Audit Committee, the Syndicate established an IT Purchasing Group to pool experience from Departments and from the University Purchasing Office and to publish recommendations for the purchase of IT equipment. It is expected that this group will help Departments continue to get value for money in future IT purchases (http://www.admin.cam.ac.uk/offices/purchasing/groups/it/).
Following a request from the Audit Committee, the Syndicate approved an addition to the University's Software Policy which sets out clear guidelines for Departments in respect of the acquisition, control, and record keeping for software licences. The new policy makes it clear that the responsibility for control of software licences within a Department rests with the Head of Department. This extended policy (http://www.cam.ac.uk/cs/sales/softwarepol.html) was agreed by the General Board and the Council and published as a notice in the Reporter.
In conjunction with the Personnel Division and the University's contacts in the Police Service, guidelines for staff investigating illegal activities were drawn up and approved by the IT Syndicate (http://www.cam.ac.uk/cs/itsyndicate/illegal/). This work was essential for the protection of staff, since unauthorized investigation of matters such as child abuse and pornography can itself be illegal.
The Syndicate published guidelines (http://www.cam.ac.uk/policies/accessibility/) for Web authors showing what is required to comply with new disability legislation. This particularly affects access by the partially sighted. There is further information about accessibility and references to courses given by the Computing Service available at http://web-support.csx.cam.ac.uk/access/. General guidelines for Web information providers are available at http://www.cam.ac.uk/cs/itsyndicate/wwwguidelines.html.
There is great pressure to provide wireless accessibility and many institutions are tempted to install quick off-the-shelf solutions without much regard for the regulations regarding who is permitted to access the CUDN and JANET. The Computing Service, with the approval of the IT Syndicate's Technical Committee, has issued recommendations (http://www.cam.ac.uk/cs/netdiv/wireless.html) on the minimum steps which need to be taken to set up the necessary security to limit access to authorized users, to protect traffic from eavesdroppers and to give some chance of successful analysis when faults or misuse occur.
Following the almost instant penetration of several financial and security (door-lock) systems as soon as they were connected to the network, it was realized that many external contractors fail to take seriously the vulnerability of their systems to attack. Salesmen may not even be aware that the systems they are marketing depend upon network connectivity. Some guidelines have been produced (http://www.cam.ac.uk/cs/security/consultantsguide.html) and approved by the IT Syndicate, but it is still sometimes difficult to explain that the University network needs to be open rather than isolated like many commercial networks. Connected systems need to be well-maintained with respect to operating system updates and security patches.
The Syndicate became concerned that the new grading methodologies adopted by the Personnel Division were making it very difficult to reward Computer Officers for exceptional performance in their role where that role had not changed substantially. The Syndicate thought there were cases where an officer's skill and experience had developed to the point where he or she should be upgraded even though the description of the job was much the same. It was recognized that this problem was made more acute because of the absence of discretionary points on the Grade II and III scales.
The Syndicate returned to this topic after the new Pay and Grading Report was published and the Director and Deputy Director, together with the Director of MISD met with the Pro-Vice-Chancellor for Personnel and the Director of the Personnel Division to discuss proposals for creating a new set of IT Support posts to replace the present Computer Officers and for adopting a set of grading descriptors tailored to the particular qualities required for these posts. General agreement was reached to move forward in this way.
The Syndicate accepted that it would need to understand the finances of the Computing Service if it was to discharge properly its governance function in the context of the Resource Allocation Model (RAM). At the May meeting, the Syndicate considered papers from the Director explaining the structure of the Computing Service and the facilities which it provides for the University and a companion paper giving a summary of income and expenditure for the year 2002-03. The Syndicate was concerned that the Service appeared to be underfunded in relation to the facilities it was expected to deliver by about £250,000 a year. The Syndicate noted that the Service, which provides facilities and services to the whole University and the Colleges, does not obviously fit the funding model developed for academic schools. The Syndicate expected to consider the first real 'RAM' budget in the Michaelmas Term 2004. An analysis of expenditure for 2003-04 is shown in table 1 of the Statistical Annex.
The Computing Service runs a full programme of meetings to bring University and College computer support staff together with each other and with Computing Service staff to explore technical issues and to disseminate best practice. In the past year a new group, the Colleges IT Management Group, has been set up to bring together the managers of College IT facilities and a lot of effort has gone into supporting the activities of the IT Purchasing Group which led to the successful European tender exercise for PCs. The Computing Service continues to provide advice and support to Departments and Colleges in all aspects of the recruitment and selection of IT support staff.
The University network (CUDN) has benefited from a major upgrade by courtesy of the HEFCE SRIF programme. The core network of CISCO switch-routers has been replaced with higher throughput models which are capable of providing gigabit links to Departments and Colleges. The core network itself has been upgraded by the installation of 10 Gbps links between the main routers. It is hard to measure the growth in the use of the University network but the Statistical Annex shows that the total connected nominal bandwidth increased from 42Gbps to 51Gbps (table 2A) and the number of allocated IP addresses (number of devices connected) from 52,300 to 56,700 (table 3) whilst the total JANET traffic increased from 244TBytes to 324TBytes (table 4A).
There has been considerable growth in the number of Virtual Private Networks (VPDN) which the CUDN supports. These are used typically to provide virtual networks for particular projects and to provide connections to the University network where the route is physically through a network provided by another vendor or organization. Thus it is possible to connect securely from home to the University network through networks provided by BT or NTL. Work is proceeding on using this technology to provide a means for secure access to the CUDN from wireless access points, see http://www.cam.ac.uk/cs/netdiv/withincamremoteaccess.html.
Successful pilot use of the University fibre optic network (the Granta Backbone Network or GBN) for links between the central University telephone network switches and their remote peripheral equipment in Colleges and Departments resulted in a large order for additional GBN circuits. This has required considerable additional investment in cable. There has also been a good deal of activity on the GBN resulting from diversions necessary to allow building works in the University and Colleges.
The Hermes message system has been redesigned and takes advantage of the latest design and technology, and rivals any commercial offering for throughput, capacity, and reliability. The e-mail switch which front-ends Hermes and other e-mail systems in the University provides the latest technology for filtering spam and detecting and cleaning viruses. It is instructive but depressing to note that 80% of the e-mail reaching the University is discarded as spam or virus infected. Authenticated e-mail submission has been added to Hermes so that mail from registered users can now be sent from outside the Cambridge domain. The Statistical Annex shows that the total number of messages handled by Hermes increased from 40m to 52m and the number of users from 16,605 to 21,860 (table 5A).
At the heart of Hermes is the message transfer agent (MTA) called Exim which has been written locally by Dr Philip Hazel. Exim, which is distributed under the General Public Licence of the Free Software Foundation is now one of the top five MTAs in use in the world and Dr Hazel is in demand to address conferences on five continents.
The Public Workstation Facility (PWF) provides a common file store and software application servers for the use of students and others. The Computing Service provides three classrooms for group teaching on the New Museums Site and one on the Sidgwick Site whose workstations are connected to the PWF. The Service also manages, through the Managed Cluster Service (MCS) 1,500 workstations located on 36 sites in Departments and Colleges. The PWF and MCS combined provide the major centrally managed teaching facility in the University and currently support 17,000 active users. There are now 22 servers in the PWF together holding over 10m files and with a total capacity of 2.6 Terabytes.
The PWF/MCS provides a Microsoft Windows environment for PCs, a Macintosh OSX environment, and now has more than 500 PCs in 11 Departments and Colleges equipped with a dual boot option so that they can also offer Linux. The Macintosh operating system was upgraded during the year to OS X 10.3 and the Windows workstations to Windows XP.
During the past year the file store has been completely replaced with modern high capacity Storage Area Network (SAN plus fibrechannel) equipment and using Novell's eDirectory software. As a result the system is now able to handle in excess of 500 concurrent logged in users. Tables 8-11 of the Statistical Annex show the usage of the PWF/MCS in 2003-04.
It was necessary to do an OJEU tender for the replacement of workstations in the Oriental Studies Basement and the opportunity was taken with the help of the University's Procurement Office to make the agreement available to any Department or College wishing to purchase workstations at a very attractive price.
Raven is a new authentication service developed within the Computing Service which provides a mechanism for Cambridge users to safely authenticate themselves to websites whilst having only to quote a password once to a secure central server. Raven provides an authentication service for 30,000 staff and students. Using Raven, webmasters can now provide information restricted not just to users within Cambridge but to authenticated Cambridge users wherever they may be anywhere in the world.
The University's Web servers are the main conduit for the distribution of University information to the world. The search facility on the University's main Web server is powered by a product from Ultraseek which now indexes 400,000 documents spread throughout 450 servers and satisfying 7,000 searches a day. Over half of these searches are from outside Cambridge. Work is well advanced on splitting the search engine to allow a search on pages internal to the University and one on externally visible pages.
The Statistical Annex shows that in the single month of May, chosen to be representative of the traffic during terms, the main University Web server received 16m requests as against 13.5m in May 2002-03 (table 6). More than half the requests came from outside Cambridge. As the performance of JANET has improved, the University Web cache has been less heavily used but nevertheless handled 406M requests in May 2003-04.
Automation has been put in place to allow the Admissions Office Web editor to manage the Undergraduate Prospectus and the other Undergraduate pages on the central Web server. Systems are being introduced to manage Web content and reduce manual maintenance of data. Templates for the University Web page house style have been updated and the style sheets developed to allow better printing of information and reduce the need for print versions of documents - this work is on-going.
In Michaelmas 2003, incoming postgraduate students were registered on two Computing Service systems as usual, but for the first time, the students collected the passwords using a Web form. Within a few weeks, more than 80% of students had collected their passwords and it was clear that we were unlikely to go back to printing, distributing, scanning, and filing 7,000 forms every year. Undergraduates will be registered similarly in Michaelmas 2004.
While the number of systems compromised by deliberate attack, or reported for copyright violations, has remained similar, the year saw a huge rise in Windows systems falling prey to network-borne 'worms'. These systems then start scanning to see if they can enter other systems and some may subsequently be used as part of a 'botnet' for more targeted attacks on systems. The rise in these worms was also reflected in the increase in the number of wide-scale probes from systems outside the CUDN recorded by CERT's traffic analysis system.
A security update and anti-virus CD was produced for Colleges to clean and secure students' machines before being connected to the CUDN. The CD image was made available to College computer support staff through the Web and as a result of its widespread use at the start of term there were many fewer incidents reported. Also, since we now have a Software Update Server which carries the latest service packs and updates for Microsoft Windows, there was a good take up of the new Service Pack 2 for Windows XP.
The Computing Service has taken a more active role in the support of e-Science in Cambridge. The Technical Director of the Cambridge e-Science Centre is now a member of staff of the Computing Service and a new post in the Service has been filled by a specialist in the technology underpinning the e-Science initiative. As a result it has been possible to progress a project to use free processor power in the PWF workstations to form a large GRID cluster using CONDOR software. This will provide a major new processing resource for Cambridge scientists.
The Computing Service continues to support the Cambridge High Performance Computing Facility (HPCF) through providing a senior member of staff (Nick Maclaren) as the Manager and providing a fully serviced computer room with operational cover. In the past year much effort (with EMBS support) has been expended in obtaining and installing a new fire protection system.
For the first time, the Computing Service has been able to source Macintosh spares directly from Apple which has resulted in a much faster turnaround. For PCs, an agreement has been signed with Dell which pays us to make warranty repairs to University-owned machines.
Higher available bandwidth on international connections available through JANET has allowed most videoconferences to take place over IP rather than ISDN with the result that the quality is better and the session is cheaper. During the year a local record was broken with a nine-hour session to the USA for an international scientific committee.
The Computing Service has equipped an Assistive Technology room where RSI sufferers and the disabled can be trained in the use of voice input devices. A site licence has been obtained on advantageous terms for the commonly used Dragon Naturally Speaking software. This technology is becoming more widely used by those who find it easier to dictate than type even though they may not have any disability.
For some time it has been apparent that the HEFCE-sponsored bulk software purchasing scheme for universities (CHEST) is not always able to provide the best deal on some specialized software packages which are used by the research community here. The initiative has been taken to collaborate with Oxford and University College London to investigate the supply of some software on more advantageous conditions than those generally available to higher education.
The CMI-sponsored digital archiving project, DSpace, which is led by the University Library, has made good progress during the year and the Service now has a secure mirrored archive server into which Departments are beginning to put some of their valuable material. Much work has been done to improve the software supplied by Hewlett-Packard and MIT to enable non-specialists to ingest and access the information.
The Photography and Illustration Section (PandIS) of the Computing Service has run a number of very successful photographic exhibitions where members of the University have exhibited their work to a wide audience.
The Service is organized into five Divisions, whose responsibilities are described briefly below. This list is followed by a diagram which shows the relationship between the activities.
Granta Backbone Network
Management, operation, maintenance, and extension
Cambridge University Data Network (CUDN)
Management, operation, maintenance, enhancement
Installation of new or upgraded connections
Future strategic planning
Support and advice for Departments and Colleges
Virtual Private Network (VPDN) services for secure connections through broadband or wireless
Modem and ISDN access
Public Workstation Facility (PWF)
17,000 active, mostly student, users
2,600 GB of managed storage
Managed Cluster Service (MCS)
36 Department and College clusters including 1,500 workstations
Computer Emergency Response Team
Responds to IT security threats against the University and Colleges
Computer Operations Team
Electronic mail (Hermes) service
20,000 active University and College users
Handles 3,000,000 messages per week
Spam and virus filters
WWW Servers and Web cache
Main University server
Document indexing service for search facility
Managed Web servers for Departments and societies
Raven authentication service for secure remote access
Infrastructure Servers
News server
DNS server
FTP server
Pelican (Archive service) and Jackdaw (user database)
Unix system support for Unix system managers in Departments and Colleges
Fast response in cases of security penetration and hacking (CERT)
Unix distribution and update service
Unix systems administration training
Pro-active probing for security weaknesses of systems connected to the CUDN
E-Science support
Grid clusters utilizing overnight time on PWF/MCS clusters
Support for Cambridge E-Science Centre
Software development
Database and archiving
PWF Linux
DSpace
Electronic mail server software (Exim)
Central Unix Service
Linux on PWF/MCS
Technical support, fast response service for security breaches (CERT), advice and consultancy for Windows and Macintosh systems
Windows distribution and update service.
Anti-virus product distribution, update, and advice
Technical support for applications
Technical training
Help Desk for all Computing Service facilities
Support for College and Departmental computer officers through the Techlink service.
Hardware maintenance and advice for PCs and Macintosh
Warranty repairs for Dell and Apple
Videoconferencing service for individuals and groups
Advice for Departments on equipment and installation of video conference facilities
Infrastructure servers
WINS server, FTP server, Web documentation server
ERL server (for the University Library)
Speech-assisted technology advice and training
Information provision (Web and paper)
Software Sales, software site licences, Reception and Print room
Photography and Illustration Service (PandIS)
Literary and Linguistic Computer Centre (Sidgwick Site)
Investigation of security breaches, liaison with Police, dealing with complaints of harassment. Liaison with Colleges on undergraduate disciplinary matters
Administration of user accounts.
Advice to Departments and Colleges on IT strategy
Liaison with Departments on future needs
Support for Departments and Colleges in IT staff recruitment
Regular programme of meetings for Departmental and College IT staff
HPCF System Management, operations, and environmental support
e-Science Technical Director
DSpace System Manager, operations, and hardware (for the University Library)
| M. S. LONGAIR Chairman | P. K. FOX | M. D. SAYERS |
| S. J. BARTON | R. C. GLEN | C. A. SHORT |
| D. J. BATES | M. F. HEATH | N. S. SMITH |
| J. S. BELL | A. HOPPER | R. D. H. WALKER |
| A. G. BUCKLEY | M. R. JONES | E. R. WALLACH |
| T. A. CARPENTER | J. K. MILNER | S. J. YOUNG |
| A. L. R. FINDLAY | B. K. OMOTANI |
UCS Services and Facilities [47Kb PDF]