Issue 18 • JAN 2015 SPOTLIGHT Oracle Exadata for Banner/AIMS K C Cheung Online course registration each semester is a system activity that demands tremendous computer power. Processes, such as time-ticketing, have been in place for years to control the system demand at an acceptable level. On the software side, tuning was also done regularly to achieve optimum performance. As the student population and the number of courses increased over the past years, the hardware was also upgraded timely. However, hiccups occurred in Semester B for a few years since 2009. Owing to the new Academic Reform in 2012 in Hong Kong, the University expanded her system to allow open registration for more students to select more courses like Gateway (GE) courses. For the sake of fairness, it is required to schedule more than 3000 students to do on-line web GE course registration simultaneously. This further aggravated performance and capacity problem during student on-line web course registration, affecting not only course add/drop and registration service to students, but also the administrative offices using Banner. To address the problem, existing system architecture was reviewed. Although traditional server and storage upgrade was expected to get improvement, I/O performance would be limited by traditional storage system. We had applied this approach for years, but the course registration problem still prevailed. Inevitably other technologies needed to be explored. We started in early 2013 to explore if Oracle Exadata could be a possibility. It is an engineered based machine with hardware and software components integrated to improve performance and achieve high availability for Online Transaction Processing (OLTP) and data warehousing. In the evaluation process, we studied the literature of Oracle Exadata and IT report on the machine by independent technology and market research company. We also called references from INDEX SPOTLIGHT 1 Oracle Exadata for Banner/AIMS FEATURE 8 Staff Email – Reasons to Move Fast to MS Office 365 12 New CityU Portal 14 Flipped Classroom at City University of Hong Kong 18 Knowledge Management @ CityU BRIEF UPDATES 7 New Issue of Network Computing 20 Wow! Free Wifi!? (A Fictional Story) 21 New e-Learning Webpage on MOOC 22 CityU Supports HK Government’s Wifi Initiative FYI 3 Rights Management System for Information Protection on MS Office 365 IT SECURITY AWARENESS SERIES BY JUCC 10 Intellectual Property ITSM SERIES 4 ITSM Awareness Series (Part 1: Introduction) STATISTICS AT A GLANCE 23 Help Desk Monthly Statistics GLOSSARY CORNER 24 Shellshock & Poodle NEWSLETTER OCIO
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Issue 18 • JAN 2015 SPOTLIGHT
Oracle Exadata for Banner/AIMSK C Cheung
Online course registration each semester is a system activity that demands tremendous computer
power. Processes, such as time-ticketing, have been in place for years to control the system
demand at an acceptable level. On the software side, tuning was also done regularly to achieve
optimum performance. As the student population and the number of courses increased over the
past years, the hardware was also upgraded timely. However, hiccups occurred in Semester B for a
few years since 2009.
Owing to the new Academic Reform in 2012 in Hong Kong, the University expanded her system
to allow open registration for more students to select more courses like Gateway (GE) courses. For
the sake of fairness, it is required to schedule more than 3000 students to do on-line web GE course
registration simultaneously. This further aggravated performance and capacity problem during
student on-line web course registration, affecting not only course add/drop and registration
service to students, but also the administrative offices using Banner.
To address the problem, existing system architecture was reviewed. Although traditional server
and storage upgrade was expected to get improvement, I/O performance would be limited by
traditional storage system. We had applied this approach for years, but the course registration
problem still prevailed. Inevitably other technologies needed to be explored.
We started in early 2013 to explore if Oracle Exadata could be a possibility. It is an engineered
based machine with hardware and software components integrated to improve performance and
achieve high availability for Online Transaction Processing (OLTP) and data warehousing.
In the evaluation process, we studied the literature of Oracle Exadata and IT report on the machine
by independent technology and market research company. We also called references from
INDEX
SPOTLIGHT
1 Oracle Exadata for Banner/AIMS
FEATURE
8 Staff Email – Reasons to Move Fast to MS Office 365
12 New CityU Portal
14 Flipped Classroom at City University of Hong Kong
18 Knowledge Management @ CityU
BRIEF UPDATES
7 New Issue of Network Computing
20 Wow! Free Wifi!? (A Fictional Story)
21 New e-Learning Webpage on MOOC
22 CityU Supports HK Government’s Wifi Initiative
FYI
3Rights Management System for Information Protection on MS Office 365
IT SECURITY AWARENESS SERIES BY JUCC
10 Intellectual Property
ITSM SERIES
4 ITSM Awareness Series (Part 1: Introduction)
STATISTICS AT A GLANCE
23 Help Desk Monthly Statistics
GLOSSARY CORNER
24 Shellshock & Poodle
NEWSLETTEROCIO
other universities using Oracle
Exadata for Banner. Stephen F.
Austin University (SFA) in the
USA went live with Banner on
Oracle Exadata in April 2012
to solve its course registration
problem. SFA can now support
up to 2,000 concurrent users
enabling students to register for
classes more quickly. Several
conversations with their IT
specialists were made to
understand the considerations
of moving to Oracle Exadata and
we got assured that it would
be a solution for us too. We
further conducted a proof of
concept (POC) for confirming the
performance levels demonstrated
meeting the University’s
requirements. The POC result
was positive and showed that the
system can handle 3,000 students
to do course registration
simultaneously, and there would
be up to 100 times performance
improvement in SQL reporting.
After intensive study and
discussions, it was decided to
acquire an Oracle Exadata for
supporting course registration at
reasonable performance when
thousands of students add or
drop courses at the same time.
In late November 2014, Banner/
AIMS database was successfully
migrated to Oracle Exadata
X4-2 Eighth Rack to prepare
for the Semester B course
registration in December. In
this course registration, AIMS
performed extremely well, with
1.5 to 3 times more registrations
done than before (see Chart 1),10
times faster processing and less system
busy pages observed (see Chart 2)
in the peak of concurrent student
registration. System was found busy
only in the first one or two minutes in
the peak. The system demonstrated
that it can greatly enhance the
database performance in Banner
system and thus raise the overall user
satisfaction.
Snap shots of performance report
(Figure 1) in last Semester A and
this Semester B (Figure 2) were
taken on 22 August 2014 and 31
December 2015 respectively. Before
the implementation of the Exadata,
the CPU was fully consumed and this
status lasted for 20 minutes. After the
implementation, it lasted only for 2
minutes. Students should have found
the course registration process much
smoother and quicker.
In addition to improving the course
registration performance, the
performance of other AIMS functions
are also enhanced; users (staff,
students, alumni and offices) can now
get instant response in most functions
within a second. Furthermore, other
enterprise applications can still be run
as usual during the peak usage period.
Before, other application user offices
were requested to avoid submitting
CPU/time consuming jobs during the
course registration period. In short,
Oracle Exadata has great potential to
improve jobs that demand extensive
data retrieval, query and reporting.
Figure 1: Performance before the implementation of Exadata
Figure 2: Performance after the implementation of Exadata
OCIO NEWSLETTER2
FYI
Rights Management System for Information Protection on MS Office 365Maria Chin
Data security on cloud services for email, social networking, etc. has always
been a concern to users. With the University email system for staff being
migrated to the cloud Microsoft Office 365 (“O365”) featuring Exchange
Online, SharePoint Online, OneDrive, Team Site, etc., the University has
subscribed to the Right Management System (RMS) to provide extra
protection to staff email and files containing sensitive/confidential
information.
Currently under release preparation, the RMS will be
available to staff in their primary O365 accounts (same as
their CityU EIDs) where staff can encrypt email (message
and file attachments) with confidential/sensitive
information for email exchange.
The RMS can also be applied to the Library (folder) in the
O365 OneDrive and Team Site*. All files (MS Office and
PDF format) added to the Library with RMS enabled will
automatically be encrypted, hence sharing of files with
sensitive/confidential information amongst authorized
staff will be more convenient, and without the need
to encrypt file by file and for distribution of decryption password as
currently being done with the on-premises email systems and SharePoint
(CityUWiki). Further access restrictions to files, e.g. how long they can be
viewed by the targeted audiences, abilities for the targeted audiences
to print, download encrypted files etc. can be customized and applied
as desired to achieve optimal protection to files containing sensitive/
confidential information and in the meantime balancing their ease of
access and use.
The RMS is a Microsoft data encryption technology to assist users to secure
their data; nevertheless, staff should exercise care when using the RMS
by following closely the guidelines (to be available with the release of
the RMS). Departments/staff interested to pilot the RMS can contact the
Computing Services Centre (via the CSC Help Desk or email to csc@cityu.
edu.hk).
* Further read on O365 OneDrive and Team Site is available at https://support.office.com/en-nz/article/Start-using-your-team-site-OneDrive-for-Business-and-Newsfeed-to-share-documents-and-ideas-abeace23-ffb2-4638-944c-860a2484b4bb
ITSM Awareness Series (Part 1: Introduction)By Chadwick Leung
The University’s Paperless Office
Service, being a highly mission
critical system, was selected as
a pilot service to be managed
following the ISO/IEC 20000 IT
Service Management (ITSM)
Standard. It is to ensure that the
service is managed following the
international best practice (for more
information on the Paperless Office
Service, please refer to the article
“HRO Work Simplification through
Paperless Office” in Issue #17 of the
OCIO Newsletter: http://issuu.com/
cityuhkocio/docs/ocio_newsletter_
issue_17).
Wikipedia explains: “ITSM is process-
focused and has ties and common
interests with process improvement
frameworks and methodologies
(e.g., TQM, Six Sigma, business
process management, CMMI). The
discipline is not concerned with the
details of how to use a particular
vendor’s product, or necessarily with
the technical details of the systems
under management. Instead, it
focuses upon providing a framework
to structure IT-related activities
and the interactions of IT technical
personnel with business customers
and users.)” http://en.wikipedia.org/
wiki/IT_service_management
Many teams within the Central IT
have been collaborating to bring
the ITSM standards into operation
in CityU. For colleagues who have
not been involved in the ISO/IEC
20000 implementation or other
readers who may be interested
in this transformation, this article
is to share the basic concepts on
how the standard works.
Change is InevitableIn our modern world, IT change
is inevitable and constantly
happening. In fact, the pace
of change is quite exponential
as more and more aspects of
business now rely on IT as an
enabler and driver for business
value. Consequently, changes in
how we provision IT service are
also more frequent. In general,
changes to IT services are driven
by changes in business strategies,
business directions and business
needs. Almost never, is change in
IT service provisioning driven by
technology lifecycle alone. These
ITSM standards guide a service
provider in managing IT changes
against changing business
strategies and needs. The first
step in any change or new IT
service is what ISO/IEC 20000 calls
the Design and Transition of New
or Changed Services (DTNCS).
Design and Transition of New or Changed ServicesThe whole of ISO/IEC 20000
consists of a set of processes
(bolded in below diagram).
The overarching process is the
DTNCS (highlighted in blue in
the diagram). DTNCS helps
organizations manage the
requirements of introducing new
IT services or changes to existing
IT services in 3 main stages – (1)
plan, (2) design and development,
(3) transition. The main purpose
of the DTNCS process is to ensure
that proper considerations
are made to the financial,
organizational and technical
impact that can result from such
change.
DTNCS is related to the other
processes at different stages to
form a coherent (or holistic) view
to manage and govern new or
changed services. The following
diagram depicts the interfaces
between processes at different
stages of an ITSM project, and the
operation stage is adopted by
following the best practice of ITIL
(IT Infrastructure Library for ITSM)
to manage IT services after the
transition stage.
The following explains the tasks
within the 3 stages of DTNCS and
the operation stage, some typical
deliverables of each stage are
listed:
PlanDuring the planning stage, a
proposed new or change to IT
service is first evaluated against
The ITSM Awareness Series of articles aims to raise awareness among CityU IT provisioning units (both Central IT and departments) and interested parties of the current best practice in IT service management (ITSM).
OCIO NEWSLETTER4
ISO 20000 Design and Transition of New or Changed Services ITIL Service Operation
Plan Design and Development Transition Operation
Service Delivery
Service Level Management and Reporting
Service Continuity and Availability Management
Budgeting and Accounting for Services
Capacity Management
Information Security Management
RelationshipBusiness Relationship Management
Supplier Management
ResolutionService Request and Incident Management
Problem Management
Control
Change Management
Configuration Management
Release and Deployment Management
various aspects which generally include
business needs, user requirements,
available resources, financial and time
constraints, and technology limitation.
This evaluates whether the outcome
(new or changed IT services) can deliver
values to business or customers within
the timescale and budget. Agreed
change will be managed as “project”.
DTNCS process must be used to manage
a change when it is classified under
certain criteria that are organization-
specific. Some typical criteria are:
- All new services
- Changes with potential high risk/
impact or expected high value to
critical services
- Changes with high cost and/or benefit
- Changes with long interruption to
critical services
Other changes outside the
organization-defined criteria are simply
managed through traditional change
management processes.
Deliverables:
- New or changed IT Service proposal
- Service removal proposal
- Project plan
Design and DevelopmentService Requirements
The first step in the Design and
Development of DTNCS is to define
the service requirements. Details of the
requirements will be gathered through
the following processes:
- Service Level Management and Reportingo Service level and catalogueo Service hourso Service request agreed time
- Service Continuity and Availability Managemento Support hourso Availability requirement in
percentageo Time to restore service during
incident
- Budgeting and Accounting for Serviceso Capital Expenditure (CAPEX)o Operational Expenditure
Access Migrated Email and New Emails on O365 via OWAIt is worth noting that the email
migrated to the O365 and the new
email sent to you can always be
accessed conveniently from any web
browsers (via Online Web Access
“OWA”) at http://email.cityu.edu.hk/
notice/weblogon_o365um.htm (with
login instruction and URL to the O365).
The OWA enables staff to access their
old and new email right after email
migration even they have not yet
configured their email clients and
mobile devices to connect to the O365.
Issue 18 • January 2015 9
I. Background
Industry Story
Illegal downloading on campus can lead to hefty finesUnless the University of Oklahoma (“OU”) students are willing to fork over $750 for the latest Beyonce single, they might want to think twice before illegally downloading songs from the Internet via OU Wi-Fi.
The Recording Industry Association of America (“RIAA”) has been suing individuals for a minimum of $750 for each illegally downloaded song, according to the OU IT website.
OU IT is working with the RIAA by implementing the Affirmation of Compliance, a digital contract for OU users. When students register with the OU network, students agree to avoid copyright infringement while on the OU network, and in turn IT will investigate any questionable downloading through the network.
What is Intellectual Property?Intellectual property refers to a group of separate intangible property rights. It is a number of distinct types of creations and ideas for which a set of exclusive rights are recognised. These include trademarks, patents, copyright, designs, plant varieties and the layout design of integrated circuits.
Why is Intellectual Property important? Stealing a physical asset is obviously illegal. If you take an asset away without the owner’s permission, you are stealing his or her asset. In the other words, you try to take or use an asset without the ownership of the asset.
However, when it comes to any intangible assets stored in the information systems or shared on the Internet, such as e-books, graphics, software, it is usually not an easy job to identify their ownership. To protect such intangible assets or avoid unauthorised usage, it is important to understand the concept of intellectual property and the relevant regulations protecting it.
II. Management
Identification of Compliance Requirement on Information Security
Management should identify the following types of intellectual property before planning the strategy to safeguard intellectual properties.
• University-owned Intellectual Property
Many universities are now expected to interact more with industries as well as governmental and non-governmental organisations in consultancy, research contracts and commercialisation of inventions, innovations and research findings.
As a result, more collaboration between universities and external bodies increased the universities’ productivity of intellectual properties and their reliance on these properties as a source of income.
If the intellectual properties are stolen, the potential income from the properties will be deteriorated or even lost, which can lead to very high economic loss as well as reputation damage.
• Non-university-owned Intellectual Property
Non-university-owned intellectual properties may impose adverse impact on universities’ intellectual protection objective if the usage of such properties is not well regulated.
Some universities may run single-user licensed software on most of their computers. Some computer vendors may even sell hardware to the universities with software pre-installed but without appropriate licences.
Using unlicensed software without the permission of the vendors can pose the universities at a risky position to be sued and penalised. This can incur a very high compensation or litigation cost if universities fail to identify and rectify such violations timely.
Responsibilities of Management
• Establishing Intellectual Property Policy
The establishment of Intellectual Property Policy can protect both the rights of the students and researchers, and the intellectual property itself.
The policy should address how members in the universities should create, identify, maintain, safeguard and protect the intellectual properties owned by themselves or the universities.
• Implement Information Security Intellectual property protection
is part of the overall information security within the universities’ network.
IT Security Awareness Series by JUCCWith an aim to enhancing the IT security awareness of the CityU community, the KPMG was commissioned by the Joint Universities Computer Centre (JUCC) to prepare a series of articles on IT security and they will be adopted and published here for your reference.
Intellectual Property
OCIO NEWSLETTER10
The reason is that, in many circumstances, intellectual properties are part of the critical data held within the universities’ information systems. In other words, strong protection of intellectual property requires well-established information security policies and procedures.
A good example is the implementation of logical access controls. Management should make sure that the access to information assets with intellectual properties is only assigned to the staff members or students based on their specific job functions or study needs. This control is able to prevent intellectual properties from being used by unauthorised users.
Therefore, strong implementation of information security in the University is crucial to keep intellectual properties away from malicious thieves.
• Appoint Security Officer Any potential violation of the security
of intellectual properties should be reported to the right person in the Management group. A person, like an Information Security Officer, should be assigned to supervise the overall security status of the university’s information systems and assets, including intellectual properties. He or she should also be responsible for the governance and implementation of the information security policy.
• Asset Inventory Tracking The inventory of all information
assets such as workstations, laptops and CDs with student personal information owned by the
universities should be continuously tracked and maintained. An asset inventory should be created to record the asset details and the respective asset owners. This can help to prevent information assets involving intellectual properties from being accessed or possessed by un-intended personnel like ex-staff members of the universities.
• Promote Awareness and Education Management should consider
raising the awareness of intellectual property protection by organising trainings for its staff and students. This can align their expectation and help to better protect the universities intellectual properties.
On the other hand, the training should also put emphasis on the avoidance of using unlicensed software or unauthorised duplication of information assets with intellectual properties. Well-received trainings can effectively lower the possibilities of intellectual properties infringements and the consequent
litigations.
III. General User
Responsibilities of General Users
General users may not be aware that they are actually playing an important role with regards to the protection of the intellectual properties as well as prevent the corresponding infringements.
• Manage your intellectual property Any general users such as students,
researchers and faculty staff can be an owner of intellectual property. They should be aware of
their intellectual properties, and manage their rights relevant to their intellectual properties. For instance, they should consider reserve some or all rights to copy or republish their work, and transfer only those rights to the publisher whom you have agreed to use your work to conduct their
business.
• Do not use unlicensed software Staff members and students should
observe the universities’ acceptable usage policies by not installing any unlicensed software on campus workstations / laptops. In addition, universities may consider deploying Software Asset Management (“SAM”) solutions for monitoring any installation of unlicensed software.
• Do not illegally duplicate intellectual property
General users may duplicate intellectual properties like DVDs for personal use if they have purchased from the owners or universities have bought the licences for them. However, using the duplicated copies for commercial distribution or sharing with others who possess no valid licenses is not allowed.
• Do not use P2P software to share copyright material over the Internet
Although the use of P2P software provides an efficient way to search and exchange material over the internet, people often use the P2P software to download copyright material such as music, movie over the Internet. This kind of activities is illegal and may cause law suits with copyright owners or their agents such
as BayTSP, Inc.
Issue 18 • January 2015 11
With the University’s migration
from Blackboard to Canvas
as our unified learning
management system (LMS),
we have replaced the previous
e-Portal that was built on top
of the Blackboard platform
with a brand new “CityU
Portal” (www.cityu.edu.hk/
portal).
The new portal was designed
and coded in-house through
a collaboration of technical
staff from the three Central
IT units – the OCIO, the CSC,
and the ESU, and supported
by contribution of ideas from
content owners and users. The
project began in July 2014 and
Version 1 of the portal was soft
launched in early December
2014. The new CityU Portal
extended the functionality
of the previous e-Portal as a
one-stop information gateway
for staff and students. The
new portal totally replaced
the e-Portal starting from
January 2015 to align with
the full adoption of Canvas in
Semester B.
The project involved several
key development tasks –
enriching the user experience,
revamping the information
architecture, redesigning the
user interface, and designing
FEATURE
New CityU PortalK H Tam
a new .NET single-sign-on
module.
For example, the user
experience has been enhanced
by providing a more flexible
and controllable user interface
to consolidate the most useful
or popular services for staff
and students, categorized by
service types. In the portal
homepage, users have access to
our core IT systems, password
management services as well
as our news and the academic
calendar. The CityU Portal
search bar allows users to
quickly find any protected
CityU Intranet webpages and
CityU SharePoint “wikisites”
that the user has access rights
to view. Also, depending on
your role, you may access the
tabs specifically designed for
staff or students, where you
can find additional teaching
and learning services, facilities
booking services, and other
useful services provide by
various offices.
For the information
architecture, the project
team thoroughly analyzed,
rationalized, and re-
categorized the existing
content, and created a new
information architecture
design that is more intuitively
ConclusionWhile enjoying the benefit from the information technologies, universities should pay sufficient attention to the protection of intellectual properties by implementing adequate information security mechanisms. General users should follow the policies and procedures established by the universities when using the intellectual properties and be alerted on any possible infringements.
How May You Start Running Flipped Classroom?This table attempts to help you
flip your classes by identifying
the teaching and learning
activities.
TEACHING & LERNING ACTIVITIES
FACILITIES USED POSSIBLE ACTION(S) BY COURSE INSTRUCTORS
Pre-class Self-learning LMS • Distribute key reading materials• Search the web for video contents and
provide access to students
Echo360 • Record your own mini-lecture video and release to students via LMS
In-class Exercises LMS Online Quizzes Qualtrics QR Code / Short URL
• Ask students to bring their mobile devices with browser, LMS apps and QR code scanner installed
• Conduct classroom assessments to collect immediate feedback from students via LMS or QR code
• Adjust the progress of class based on feedback collected
• Include summative assessments to keep students engaged
DEC Labs GE Labs CityU Google Apps LMS Assignment Tool LMS Peer Assessment Tool
• Facilitate discussions and group work• Ask students to complete mini-group
projects and present their results• Recommend students to record their
findings by co-editing a Google document• Collect mini project artifacts and report via
LMS• Supervise students to peer evaluation
Echo360 • Capture class activities for reference
Post-class Assignments
Echo360 • Recommend students to review class capture or mini-lecture videos
LMS Mobile App Echo360 Video Booths
• Assign study projects to individuals or groups
• Request students to collect artifacts and store on LMS
• Recommend the use of mobile apps for field studies
• Request students to record their presentation at video booth in Library or GE Lab
• Enable peer assessments
Synchronous Virtual Classes
Virtual Classroom Tools
Echo360 Livecast
• Introduce virtual meetings with students to supplement physical meetings
• Enable guess lectures without the need of traveling
Social Learning Community Building
O365 SharePoint Online
Facebook WhatsApp
• Encourage students to build their own learning community
• Allow self-directed learning
OCIO NEWSLETTER16
Showcase of Successful Flipped Classroom Pedagogies With high success rate and
encouraging results across
different departments adopting
flipped classroom on our campus,
the learning and teaching process
has been made more fruitful and
meaningful. Professor Douglas
R. Vogel (retired Chair Professor
of Information Systems) has
been actively employing flipped
classroom to foster effective
student learning by time-shifting
student presentations. Professor
Lilian Virjmoed (two-time winner
of the Teaching Excellence Award)
formerly with the Department
of Biology and Chemistry (BCH)
has utilized mobile devices in her
courses to facilitate classroom
assessments and field studies.
Students with “outstanding”
grades in Commercial Law courses
have increased after Dr. Avnita
Lakhani’s integration of flipped
classroom since 2012.
Through the perspectives of
Professor Jane Prophet from the
School of Creative Media, flipped
classroom is an indispensable
pedagogical practice to engage
students’ view as extra effort
can be spent on discussions
and applying the knowledge
in tutorials. Alternatively, more
collaboration and classroom
interactions have been achieved
with flipped classroom in Dr. Bin
Li’s (Department of Linguistics and
Translation) courses. Dr. Terence
Cheung from the Department of
Information Systems, Dr. Ray C.C.
Cheung from the Department
of Electronic Engineering and
Dr. Sylvia Kwok Lai Yuk-ching
from the Department of Applied
Social Studies strongly adhere to
learning and collaborating around
the clock without geographical
boundaries. Details of their
successful implementation of
flipped classroom can be referred
to in previous issues of the OCIO
Newsletter at http://issuu.com/
cityuhkocio.
Issue 18 • January 2015 17
Thomas Davenport, a pioneer in
knowledge management (KM), defines
it simply as “the process of capturing,
distributing, and effectively using
knowledge.” At CityU, knowledge
management is encompassed in the
University’s Paperless Office Strategy,
which defines an overall architecture
and a set of technology platforms to
share knowledge online and reduce
paper consumption. For a university,
KM means providing effective means to
capture, organize and share knowledge,
such as university or departmental best
practices, guidelines, and procedures as
well as policies, and standards.
Central IT categorizes knowledge into
3 different tiers, depending on how
dynamic or ephemeral the knowledge
is, and provide appropriate set of
technologies to support KM activities:
• Archival Knowledge – the least
dynamic of the 3 categories,
representing permanent historical
records. This includes personnel
records and personnel decisions,
financial records, research
outputs, etc. At CityU, we use EMC
Documentum as our Enterprise
Content Management (ECM) system
to archive and manage knowledge
contents in a secured environment.
Currently, close to 2 million pages
have been archived into our ECM.
In addition, the University Library
maintains an Institutional Repository
(IR) as an archive of our intellectual
outputs, such as thesis, papers, and
reports.
FEATURE
Knowledge Management @ CityUOffice of the CIO
• Operational Knowledge – this
represents knowledge sharing
and knowledge management to
support daily operational needs.
For example, KM portals to collect
and share administrative policies,
guidelines, and practices as well as
documents, papers, and minutes,
etc. These knowledge portals can
be at the department, school,
college, or institutional level. For
day-to-day, knowledge management
needs, CityU has an Intranet Portal
for institutional-wide knowledge
sharing. The CityU Portal provides
single sign-on to all our enterprise
applications. In addition, the
University provides departments
with Microsoft SharePoint sites as
departmental KM portals. Most of the
University’s various committees also
have SharePoint sites for knowledge
management and paperless meetings.
For simple departmental sharing of
documents, the University provides
Office 365 SharePoint Online.
• Dynamic Knowledge – this
represents knowledge sharing that is
highly transient and dynamic, such as
knowledge sharing within a course
or team. This type of interaction is
best done using social media. At
References[1] Khan, S. (October 2, 2013). Why
Long Lectures Are Ineffective.
In Time. Retrieved August
4, 2014, from http://ideas.
time.com/2012/10/02/why-
lectures-are-ineffective/.
[2] 7 Things You Should Know
About Flipped Classrooms.
In Educause. Retrieved
August 4, 2014, from http://
www.educause.edu/library/
resources/7-things-you-
should-know-about-flipped-
classrooms.
[3] Flipped Classroom - The
Flipped Classroom Infograhic.
In Knewton. Retrieved
August 4, 2014, from http://
www.knewton.com/flipped-
classroom/.
[4] Flipped teaching. In Wikipedia.
Retrieved August 4, 2014, from
http://en.wikipedia.org/wiki/
Flip_teaching.
[5] Blended learning. In Wikipedia.
Retrieved August 20, 2014,
from http://en.wikipedia.org/
wiki/Blended_learning.
[6] Results of e-Learning Survey
for Students 2014 at City
University of Hong Kong.
Retrieved August 4, 2014, from
http://go.cityu.hk/q0ncwm.
[7] Results of e-Learning Survey
for Teachers 2014 at City
University of Hong Kong.
Retrieved August 22, 2014,
from http://go.cityu.hk/yjmpyl.
OCIO NEWSLETTER18
FEATURE
Knowledge Management @ CityUOffice of the CIO
CityU, our teachers and students
share dynamic knowledge through
social media capabilities found
in our learning management
system (LMS) as well as through
University-provided Google+ or
Office 365 Team Site, which provide
a Facebook-like interface.
Technology Platforms Based on the previous classification
and depending on the nature of
the data, content, information, or
knowledge being shared, different
technology platforms will be
leveraged to balance cost versus
functionality and security needs. The
following diagram highlights some
of the platforms CityU uses at the
institutional level to satisfy these
different needs.
In addition, CityU provides
technology platforms to various
departments and individual for
information or knowledge sharing
needs, such as paperless meetings
and departmental KM portals
for academic departments and
administrative units, or team-project
knowledge-sharing/collaboration
and document sharing for staffs/
students.
Overcoming Information SilosCityU overcomes information silos
between various departments
and units by providing them with
a standardized departmental KM
portal for KM activities, i.e. Microsoft
SharePoint. Central IT provides
individual SharePoint KM portal to
each school, college, department,
and administrative unit, so that
staffs within each of the dept/units
can share documents, practices,
procedures, guidelines, policies,
etc. internally within the dept/unit.
In addition, various committees
within the University each gets a
SharePoint portal as well. Since the
platform is standardized, staff with
membership in multiple SharePoint
sites can easily find documents
across sites through the built-in
search engine. Because of the search
capability across SharePoint sites
(provided user has access privilege)
even though knowledge is organized
according to organizational
structure and committees, they are
not separate “silos.” CityU has been
using MS SharePoint as its standard
departmental KM portal platform
since 2008.
KM in Central ITFor Central IT, besides the standard
Sharepoint KM portals, we have
other systems to support the
specific needs of managing our
IT best practices and knowledge
sharing. Firstly, our Paperless Office
service, which is the overarching
project for KM, has been ISO 27001
certified since early 2013, and
we are in the process of getting
it ISO 20000 certified as well.
Consequently, our best practices,
guidelines, procedures, and policies
relating to IT security and service
management for paperless office
service are comprehensive, well-
documented and shared within
our KM portal. In addition, our IT
security practices are implemented
as use cases in our SIEM (built using
HP ArcSight ESM) which was first
deployed in 2011, with subsequent
yearly enhancements to expand its
scope. Our service management
best practices and operational
knowledge are coded into our IT
Service Management (ITSM) system
and shared. The ITSM provides a
convenient means to capture, store,
and access knowledge to enhance
our user services, i.e. supports a KM
cycle.
Issue 18 • January 2015 19
Summer is here and many students,
faculty and staff would be going
on vacations and trips. What’s
more exciting than to find free wifi
in a foreign country, or is it? Here
is a fictional story of what might
unfortunately happen.
“Mike is a student at CityU and loves travelling. Being a Generation Z person, Mike loves to use social media to share photos and statuses. This year Mike decided to travel to Eastern Europe before his final year in the coming 2014/2015 semester. Mike knows from his CS-major friends that there are many hackers throughout Europe, so he is particularly careful within using free wifi while travelling.
Today Mike is in Moscow, Russia to see the famous and the Red Square. After taking loads of amazing photos, Mike was very eager to share them on facebook. It was his lucky day; Mike saw a Starbucks nearby. He was not sure if this Starbucks offered free wifi but was hopeful. Eagerly,
BRIEF UPDATES
Wow! Free Wifi!? (A Fictional Story) Andy Chun
he checked the list of network names. Sure enough, there was a “free Starbucks wifi” network! Since this is a famous brand, he was confident that the wifi was safe. He immediately connected to the network and logged into his facebook account. After sharing his photos and chatting with friends on facebook, WhatsApp, and other social media accounts, Mike decided to use the free computer terminals at the coffee shop to check his Gmail and CityU email on a larger screen.
Little did Mike know, but a young couple sitting in a dark corner of the cafe were actually hackers. They were watching his every move and grinning and laughing all the way, because they were also watching each and every one of his online activities. The network Mike logged into was not really from Starbucks. It was set up by the two hackers to impersonate a free wifi from Starbucks. This particular Starbucks actually did not offer any free wifi in the first place! Once Mike connected to the fake free wifi, the hackers injected a malware to his smartphone and took
control of it. They saw everything Mike did online and showed him some fake pages as well. The hackers quickly collected all Mike’s logins and passwords to the online accounts that he accessed. In addition, the computer terminal that Mike used to check his emails was previously hacked by the same couple earlier and had a malware installed. Each and every key stroke that Mike typed were logged and sent back to the hackers.
Upon returned home, to Mike’s surprise and shock, he found that payments worth tens of thousands were credited to his paypal account. Unfortunate for
Mike, he used the same passwords for most of his online accounts, including paypal and CityU accounts. His trip to Europe turned out to cost Mike a lot more than he expected. Sadly for Mike’s friends, they had been receiving fake mails in Mike’s name that contained viruses and malwares. Also sadly for CityU, since the hackers had Mike’s CityU password, they were able to breach our systems and opened up channels for future advanced targeted attacks.
Here are some hints to help you
safeguard yourself:
• Turn Off Auto-Connect to Wifi! Some smartphones or tablets
automatically connect to a wifi
hotspot if you have connected to
one with the same name before.
Unfortunately, hotspot names can
be faked. Make sure you turn off this
automatic feature when travelling.
Creative commons photo via Flickr user Bernt Rostad
OCIO NEWSLETTER20
• Use HTTPS and Private Browsing! Make sure you use HTTPS and activate
private browsing mode instead of
HTTP when using the web. HTTPS
encrypts your connection, while HTTP
sends plain text that any hacker can
see. In private browsing mode, your
browsing history and data are cleared
when you close the browser.
• Use Two-Factor Authentication! Some software, such as Gmail,
provides free two-factor
authentication. What that means is
that besides your password, it will
require another means to authenticate
BRIEF UPDATES
New e-Learning Webpage on MOOCE-Learning Team (OCIO)
To assist our colleagues in creating MOOC courses, the
e-Learning Team (OCIO) created a new webpage with
links to lots of useful online resource information from
what is MOOC to best practice in creating a MOOC
course. The webpage is located here:
http://www.cityu.edu.hk/elearn/mooc.html
Colleagues interested in offering a MOOC course should
contact Dr. Crusher Wong (OCIO), head of the e-Learning
Team.
you, such as a SMS message to your
phone. Even if hackers get hold
of your password, they will not be
able to access your account; unless
they also stole and hacked your
phone .
• Confirm the Network Name! When using free wifi, make sure
the name of the network is the
real one. Just because a network is
called “free Starbuck wifi” does not
necessarily mean it is real. Names
can be faked.
• Do Not Use the Same Password on Multiple Sites! This is obvious.
If one of your accounts is hacked,
then all your other accounts on
other systems will be vulnerable.
• Do Not Use Share Profile Between Sites! Some sites allow you to set
up an account using another site’s
authentication. For example, you
can set up an Instagram account
using your profile from facebook.
This increases your vulnerability,
because if any of those sites get
hacked, all your other accounts will
be vulnerable as well.
Issue 18 • January 2015 21
BRIEF UPDATES
CityU Supports HK Government’s Wifi InitiativeS K Tsui
BackgroundTo advance Hong Kong’s position as
a highly connected city in the world
by stimulating the development of
public Wi-Fi service in Hong Kong,
the Office of the Government Chief
Information Officer (OGCIO) of the
Government of the Hong Kong
Special Administrative Region has
officially launched the Common Wi-Fi
Brand “Wi-Fi.HK” in August 2014.
City University of Homg Kong (CityU)
has joined the scheme in December
2014 and the network ID (SSID)
“Wi-Fi.HK via CityU” is available at the
following locations to allow free Wi-Fi
access for visitors inside the CityU
campus.
Use Instruction1. Visit a venue that has joined the
“Wi-Fi.HK” scheme.
2. Check that the device you are
using is Wi-Fi enabled. Turn
on Wi-Fi function, select the
Network ID (SSID) with “Wi-Fi.HK”
at the beginning, and then click
“Connect”.
3. Open your web browser, read and
accept the “Terms & Conditions and
Disclaimers” displayed.
4. Start free surfing.
You may visit the web site http://
www.wi-fi.hk for more information
and search for the participating
organizations and hotspots available
in Hong Kong.
The Podium (4/F), Academic 1
The Podium (4/F), AC1
學術樓 (一), 4樓
Lecturer Theatre 1 - 18 演講廳 LT1 – LT18 4/F AC1
學術樓(一), 4樓
Lecture Theatre 401 演講廳 LT401 4/F Amenities Building
康樂樓, 4樓
Chinese Garden, University Circle
中式花園, 城大廣場
City Express, City Chinese Restaurant, and City Top
城大食坊, 城大中菜廳, 城峰閣
5/F, 8/F, 9/F Amenities Building
AC2 Canteen 3/F AC2
學術樓(二), 3樓
Delifrance
Store #1 Covered Terrace, 3/F Cheng Yick Chi Building
Covered Terrace,
鄭翼之樓3樓
Store #2 3/F AC3
學術樓(三), 3樓
Multi-media Conference Room
多媒體會議廳 4/F Cheng Yick Chi Building
鄭翼之樓, 4樓
Multi-Purpose Rooms 多用途活動室 4/F Amenities Building
康樂樓, 4樓
Multifunction Hall 1, 2 and 3, and common rooms at the ground floor of each Student Residence’s Hall
學生宿舍多用途禮堂及各大堂地下活動室
Best practice of Using Wi-Fi ServiceOnce your Wi-Fi device has
connected to any wireless
network, you are exposing
yourself to potential attacks.
Therefore, network security and
data protection is extremely
important, especially when you
are using public wireless hotspots.
You may want to visit the Infosec
web site of the Hong Kong
Government (http://www.infosec.
gov.hk/english/yourself/wireless.
html) for tips on using the wireless
network.
OCIO NEWSLETTER22
Call SupportSeptember to December 2014
Problem Type DistributionSeptember to December 2014
STATISTICS AT A GLANCE
Help Desk Monthly Statistics
Total calls
Total calls
Helped on Phone
Problem Type
Issue 18 • January 2015 23
Editorial BoxOCIO Newsletter Advisory Board Dr. Andy Chun (OCIO) Ms. Annie Ip (OCIO) Mrs. W K Yu (ESU) Mr. Raymond Poon (CSC) Mr. Peter Mok (CSC) Ms. Maria Chin (CSC)
Publishing Team Ms. Noel Laam (CSC) Ms. Annie Yu (CSC) Ms. Joyce Lam (CSC) Mr. Ng Kar Leong (CSC) Ms. Kitty Wong (ESU) Ms. Doris Au (OCIO)
Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet daemons, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system. Analysis of the source code history of Bash shows the vulnerabilities had existed since approximately 1992.
The first bug causes Bash to unintentionally execute commands when the commands are concatenated to the end of function definitions stored in the values of environment variables. Within days of the publication of this, intense scrutiny of the underlying design flaws discovered a variety of related vulnerabilities.
Attackers exploited Shellshock within hours of the initial disclosure by creating botnets on compromised computers to perform distributed denial-of-service attacks and vulnerability scanning. Millions of attacks and probes related to the bug were recorded by security companies in the days following the disclosure. The bug could potentially be used to compromise millions of servers and other systems, and it has been compared to the Heartbleed bug in its severity.
POODLE, attack (which stands for “Padding Oracle On Downgraded Legacy Encryption”) is a man-in-the-middle exploit which takes advantage of a clients’ fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered this vulnerability; they disclosed it in September 2014.
To mitigate POODLE attack, one way is to completely disable SSL 3.0 on the client side and the server side. Google is planning to remove support of SSL 3.0 from their products completely, and Mozilla will also disable SSL 3.0 in Firefox 34. Microsoft has published the security advisory to explain how to disable SSL 3.0 in Internet Explorer and Windows OS.
This article uses material from Wikipedia. The Author(s) and Editor(s) listed with this article may have significantly modified the content derived from Wikipedia with original content or with content drawn from other sources. The current version of the cited Wikipedia article may differ from the version that existed on the date of access. Text in this article available under the Creative Commons Attribution/Share-Alike License.