Skip to content Skip to navigation

Announcements

Blue Jeans Browser Plugin Update Required On and After March 8

March 4, 2016

As of March 8, if you use Blue Jeans with a browser, you are required to update the browser plugin if you are using version 2.125.24.5 or below. This requirement is due to a new browser security certificate that Blue Jeans is deploying.

Updating the plugin is quick and intuitive. When joining a meeting in a browser* (Internet Explorer, Firefox, or Safari), and you're using plugin version 2.125.24.5 or below, you will receive automated prompts to update your version. 

To see the Blue Jeans plugin version you are using, check your browser preferences or settings. 

Note to system administrators:  If you deployed the browser plugin to multiple users using the MSI file, they are not affected.  Those using plugin versions above 2.125.24.5, are also not affected.

If you have any questions, please contact Blue Jeans Support at support@bluejeans.com.

*Chrome is exempt from this update as it does not use a plugin for Blue Jeans.

Stanford IM (Pidgin/Adium) - March 1 Migration

February 22, 2016
Dear Stanford colleague,
 
Stanford's Instant Messaging service (Stanford IM) is enhancing to the new Cisco Jabber platform on March 1.  As a Stanford IM service user, you will initially notice some minor changes but can continue to use your existing client (Adium/Pidgin). 
 
With the new Cisco Jabber platform, you’ll still see your buddy lists, and you’ll have access to all the same people. (Those who participated in an earlier Jabber pilot may have to do a little cleanup to their buddy lists.)
 
One difference you will notice is that you won’t have to first log in to Kerberos with your SUNet ID and password to get your Adium or Pidgin application started. Instead, you can enter your SUNet ID credentials directly in the Adium or Pidgin dialog box that appears on startup. 
 
The new Cisco Jabber platform allows for many more features, including chat rooms, integration with telephone services, video, and more. We’ll be sending you more information introducing these features in the coming weeks. In the meantime, feel free to visit getjabber.stanford.edu for the latest information.
 
If you have questions about this change or need additional support, please submit a HelpSU request.
 
Stanford University IT

Zimbra Going Away Dec. 31

November 23, 2015

Zimbra, our legacy email and calendar system, will be sunsetted on Dec. 31, 2015. If you are using Zimbra and have not received email from us regarding the December 13-14 migration, please submit a HelpSU request immediately so that we can migrate your email and calendar data.

December Holiday Schedule for Mobile Device Services

November 19, 2015

All orders need to be placed no later than Monday, Dec. 14. This will ensure that your order will be delivered before winter closure (Dec. 21- Jan. 3).  Normal ordering timelines will resume Monday, Jan. 4.

Now Available: iPad Pro 128 GB

November 19, 2015

The new iPad Pro 128 GB is now available with AT&T and Verizon in space gray, silver, and gold. 

The Apple Pencil for iPad Pro is $99. (When ordering, please include it in the special instructions field. Currently, there is not a drop down option.)

The Apple Smart Keyboard for iPad Pro is $169.99. (When ordering, please include it in the special instructions field. Currently, there is not a drop down option.)

November University IT Newsletter Available

November 3, 2015

University IT is a collaborative partnership of the three IT units within Stanford’s Business Affairs organization, all dedicated to delivering world-class service and technological solutions in support of research, teaching and learning, administration, and healthcare.

The November issue of the University IT newsletter is now available.

iPhone 6s or 6s Plus Shipping Updates

November 2, 2015

Shipping for the iPhone 6s and the iPhone 6s Plus (all colors) is 7-35 business days after your order has been placed with the carrier.

Shipping confirmations will be sent to the department contact as soon as we receive information from carriers. We will not have order status information prior to confirmation.

  • Upgrade orders for non-eligible wireless numbers will require further approval before processing due to the higher cost.  To check a user(s) eligibility status, please submit a HelpSU ticket as soon as possible, providing the wireless numbers.
  •  Request category: Mobile Device, Request Type: OrderIT - check device discount eligibility. 
  • A Transfer of Liability (TOL) is a wireless number transfer from a Personal Service Plan Account to Stanford University within the same Carrier.  This may cause a delay in shipping.
  • A Port is a wireless number transfer from one Carrier to a different Carrier.  This type of order may cause a delay in shipping.
  • Ensure that an accurate street and building address is provided.
  • Ensure color selection and size selection are accurate.
  • Given the limited supply of devices and the high volume of orders, any Rush Orders will be processed as Standard Orders.
  • Each Carrier (AT&T, Sprint, and Verizon) receives different inventory levels directly from Apple, therefore shipping timeframes will vary across Carriers.
  • There may be a  unforeseen delays with all other orders due to the overwhelming demand of the new iPhone. 

As of August 1, 2015 AT&T has increased the upgrade fee to $45.00  for smartphones and tablets

As of September 25, 2015 AppleCare+ has increased the one time purchase price to $129.00 for the iPhone 6s and 6s Plus

Next Phase of Stanford's Encryption Initiative

October 16, 2015

Dear Colleagues,

As you are all aware, information security remains a shared concern and plays an important part in protecting university assets and personal privacy. To strengthen this protection, in January 2014 the university established a requirement to verifiably encrypt all employee Windows and Macintosh laptops/desktops used on the campus network by May 31, 2015 (with limited exceptions for special research equipment). More than 24,000 of these computers are now encrypted, and I deeply appreciate your participation in this effort.

The theft and loss of devices has been (and will continue to be) a common occurrence, and if these devices are not encrypted, the consequences to the university can be highly time consuming and expensive. Fortunately, modern encryption technology provides robust protection for both Stanford data and personal information, with virtually no downside.

What's new?

We are now entering the next phase of the encryption initiative where we are: 1) requiring verifiable encryption of Apple and Android mobile devices that are used by employees on the campus network; and 2) restricting access to the campus network from unencrypted laptops, desktops, and mobile devices that are subject to the requirements. This phase will be rolled out over the next few months. With more than 12,000 employee mobile devices already verifiably encrypted using AirWatch (Stanford's mobile device security solution), we are well on the way to completion on the mobile front.

What should you do first?

As an important first step, please visit our new "My Devices" website (mydevices.stanford.edu) to see a list of the computers that Stanford's records indicate are currently associated with you, along with their compliance statuses. If you see a device that is no longer in use or no longer associated with you, simply click the "Remove" button. You can find more information about each device by clicking on the link in the Model column.

What happens next?

On October 20, we will begin a rolling deployment of the mobile device encryption requirement and the unencrypted laptop/desktop/mobile device network restrictions, progressively including all employees over several months. When your time comes, we will notify you by email, and you will have a 30-day grace period to encrypt any non-compliant devices. A 30-day grace period also applies to any new devices as well as those that fall out of compliance. We will send you weekly reminders listing these non-compliant devices and the remaining grace period days for each. The emails will refer you to My Devices and our Encryption website (encrypt.stanford.edu) for instructions explaining what to do and how to get help if needed.

What's not new?

Visitors to Stanford and employees with personal devices not used for Stanford business can use the guest wireless network without having to meet the encryption requirements. Meanwhile, the long-standing University policy to verifiably encrypt all devices storing HIPAA and other High Risk data (dataclass.stanford.edu), regardless of ownership or where they are used, remains unchanged. In special cases where specific research computing systems cannot be encrypted and no High Risk data is involved, exceptions can be requested.

The tools provided to assist you in the encryption process and subsequently periodically verify the compliance status of your devices have long been in use at Stanford, and we are committed to full transparency regarding the operation of these systems. VLRE, one of the newer tools developed in-house, is an encryption verification option for laptops and desktops where High Risk data is not involved. To validate its functionality, the source code was reviewed by Stanford's Computer Science department. You can find information about what data is collected by SWDE/BigFix, VLRE, and AirWatch. We specifically do not collect user content (email, calendar events, contacts, instant messages, personal files, etc.), passwords, or GPS location information from devices using these tools.

Where can you find more information?

Your starting point for information security is security.stanford.edu, where you can quickly find links to the My Devices and Encryption websites along with a copy of this memo.

Thank you for supporting this important privacy and security initiative.

Sincerely,

Randy Livingston
VP of Business Affairs

AT&T Buyer's Remorse Policy

October 15, 2015

Cancel service or return/exchange equipment (cellphones, iPads, data cards) for a full refund, less any applicable restocking fee, within 30 days of ship date.

AT&T Upgrade Fee, AppleCare+ Increases

October 15, 2015

AT&T has increased the upgrade fee to $45 for smartphones and tablets.

Also, as of Sept. 25, AppleCare+ pricing for the iPhone 6s and 6s Plus has changed.

AppleCare+ for iPhone 6s and 6s Plus is now $129, with a service fee of $99.

AppleCare+ for iPhone 6 and earlier models is $99, with a service fee of $79.

AppleCare+ can be purchased when ordering all AT&T, Sprint, and Verizon devices through OrderIT.

Accounts Application, Sponsorship Manager Offline on Oct. 15

September 29, 2015

The Stanford Accounts application and Sponsorship Manager will be unavailable from 5 p.m. on Thursday, Oct. 15 until 8 a.m. on Friday, Oct. 16, while the underlying system is being updated.   

During this planned outage, users will need to contact the IT Service Desk at 650-725-4357 (5-HELP) for assistance with resetting their SUNet ID password or generating a one-time use two-step authentication code. 

Round II of Microsoft Office 365 migrations complete

July 21, 2015

On Sunday, July 20, University IT completed round two of the Zimbra email and calendar migration to Microsoft Office 365. 1,882 accounts were migrated to the new email and calendar service. The departments and units that were migrated include:  Business Affairs; Dean of Research; SE3 (and postdocs); and a small group of other Stanford affiliates.  

To find out when your area migrates to Office 365, visit the Office 365 service page.

University IT Monthly Rates to Hold Steady in FY16

June 24, 2015

We are pleased to let you know that all monthly rates will hold steady through FY16 for services we provide to university departments and organizations!

Many factors impact the rates we charge — usage volumes increase and decrease, staff salaries rise, and advances in technology and operational improvements often result in cost-saving  efficiencies, just to name a few. As we looked at these factors this year, we found that those resulting in increased expenses could be offset by others where we could achieve cost savings. The result is that we will not raise any of our monthly service rates in FY16. Since monthly service rates affect the bulk of your University IT charges, we hope this is welcomed news. 

A few one-time rates will change beginning September 1, 2015. You can always see our current rates at the rates section of our website.   
 
A note for those departments and administrative units that consolidate their University IT-provided telephone, network, and video services into a single Converged Communications fee: While the FY16 Converged Communication rate will remain the same, we will be conducting our annual review in the coming weeks to account for any volume increases or decreases that may impact your charges. We will share FY16 Converged Communications fee updates via a separate email communication. 
 
Everyone in University IT is committed to providing you with the highest value services possible. We hope this rate information is helpful as you plan your next year's budget. 
 

Sam Steinhardt joins the Office of the CIO

June 11, 2015

In forming University IT just over a year ago, our goal has been to provide the most seamless experience that we can for clients across campus. To further increase our operational effectiveness, efficiency, consistency, and integration, I am creating a University IT Shared Services unit to provide non-technical shared support. 

I’m pleased to announce that Sam Steinhardt will become the Assistant Vice President for University IT Shared Services, effective Monday, June 15, 2015. Sam will report to me, and will join the Office of the CIO.  

The University IT Shared Services organization will include:

  • Finance, led by Molly Reynick
  • Vendor Management, led by Tracy Yuan
  • Business Partners, led by John Freshwaters
  • Communications, led by Jim Knox
  • Service Management, led by Kathy Pappas Kassaras

Combining the Financial and Vendor units will create greater efficiencies with respect to the management of University IT financial resources. Bringing the Business Partners and Communications units together will continue to develop a single voice to the Stanford community. Service Management will help create consistent systems and processes across University IT. The University IT Finance function will continue to have a secondary reporting relationship to Noel Hirst, Assistant Vice President for Business Affairs Finance and Facilities.

Sam has worked closely with clients to simplify business operations and to consolidate campus spending. He recently led a team of eight leaders from across University IT to better align the three organizations of Administrative Systems, the Information Security Office, and University IT. To this new role, Sam brings business savvy, strategic perspective, and a dedication to continuous improvement.  

Please join me in welcoming Sam to his new role. 

 

Randy Livingston
Vice President for Business Affairs and CFO

Issues accessing email and calendar from mobile devices

May 22, 2015

Dear Stanford mobile device user community,

During a planned upgrade to Stanford’s Mobile Device Management system (AirWatch) on the morning of May 22nd, your mobile device may have been disconnected from Stanford email, calendar and contacts. We apologize for this, and we assure you that no data has been lost.

You will need to re-enter your Stanford password in order to reload the data to your mobile device. It may take a while to fully resynchronize your data, so we recommend connecting to a WiFi network to expedite the process. You can re-enter your password on Apple devices under: Settings --> Mail, Contacts, Calendars --> Stanford Mail --> Account --> Password.

If you need additional assistance, please contact the Service Desk at 725-HELP (4357) or submit a help request at helpsu.stanford.edu.

Certificate warnings in Chrome 42

April 20, 2015

Google released Chrome 42 last week, and as users have upgraded, they've seen a warning about the SSL certificates installed on a number of Stanford websites. A red X and line appear in the lock icon and "https" of the URL.

This warning is displayed for certificates that are signed with an older encryption algorithm. It is not an indication that there's a current security problem with the site or certificate—this is Chrome's way of encouraging more rapid adoption of stronger encryption.

While new certificates that Stanford issues are signed with stronger encryption methods, issues with some older operating systems and applications prevent University IT from deploying newer certificates across all sites right now.

In the meantime, this specific warning in Chrome 42 and later versions can be safely ignored. For more information about this warning and the reasons behind it, please see this post from Google's security blog.

If you have any questions, please submit a HelpSU request.

Blue Jeans and Google Chrome v42 and higher

April 13, 2015

Important!  The new Google Chrome browser version 42 and higher will no longer work with live Blue Jeans meetings.  If you try to join a Blue Jeans meeting in Chrome v42 and higher, Blue Jeans will redirect the meeting from your Chrome browser to your operating system's pre-installed browser (Mac=Safari, Windows=Internet Explorer, or Linux=Firefox). Click here for more details.

 

Important! Upgraded version of Google Chrome will impact Blue Jeans Users

March 17, 2015
In an upcoming version of Google Chrome -- possibly version 43, expected on or around April 1st -- Google is expected to make changes that will impact Blue Jeans users. 
 
Although you can continue to use Chrome as your default browser to access My Meetings, pair with room systems, and conduct scheduling, administrative, and reporting tasks, this upcoming version of Chrome will no longer support the live "in-meeting" experience in a browser window. Google has postponed this change in the past, so Blue Jeans is watching closely for additional news about Chrome 43.

 Meanwhile, Blue Jeans is preparing to release a new Blue Jeans application to support the live in-meeting experience for Chrome users. Please read the Blue Jeans FAQ for information on how to minimize any inconvenience for those who use Chrome with Blue Jeans.

Moving from Drupal 6 to Drupal 7

March 9, 2015

Drupal community support for Drupal 6 is expected to end soon. For information security reasons, University IT strongly recommends migrating Drupal 6 sites to Drupal 7 as soon as possible rather than waiting until support for Drupal 6 ends.

Migrating your site to Drupal 7 is not an automated process and could take up to several weeks or months, depending on the size of your site. Read more information on how to migrate your Drupal 6 site to Drupal 7.

March University IT Newsletter Available

March 3, 2015

University IT is a collaborative partnership of the three IT units within Stanford’s Business Affairs organization, all dedicated to delivering world-class service and technological solutions in support of research, teaching and learning, administration, and healthcare.

The March issue of the University IT newsletter is now available.

Access to Restricted Library Journals From Off-Campus

December 19, 2014

Stanford University Libraries (SUL) is updating the method by which authorized community members access restricted journals from off-campus.

Rather than using Stanford's VPN (Virtual Private Network),  SUL wants community members to use its EZProxy service:

http://library.stanford.edu/using/connect-campus/ezproxy-alternative-campus-access

The community is encouraged to use this new method immediately.

Two-Step Authentication Service Enhanced

December 18, 2014

 

Stanford University IT

Two-Step Authentication Service Enhanced

Last weekend, University IT rolled out the new Two-Step Authentication service powered by Duo Security. With this enhancement to the service, you have new options for two-step authentication, including:

  • Duo push notification — A push notification is sent to your smartphone or tablet. No more typing in codes!
  • Duo passcode — A six-digit authentication code is generated on your smartphone or tablet and you simply type the code in WebLogin to authenticate. Internet or cellular access is not required.
  • Phone call — You receive an automated phone call to a number you designated earlier. After answering, you press any key to confirm your identity and authenticate.

You can still use SMS text message, Google Authenticator (if you had already set it up prior to this service upgrade) and Printed List (though this will be phased out in 2015 and replaced by a hardware token that generates authentication codes).

A couple of other great features of the new service are:

  • a backup option that allows you to use a secondary two-step authentication device if your primary device is not available; and
  • a self-service "one-time-use" passcode option that allows you to generate an authentication code when you don't have access to your primary or secondary two-step authentication device (e.g., you left your smartphone at home). You must have your Stanford ID card available to complete the passcode.

Additionally, with the university now using Duo, faculty, staff, or students who have a dual affiliation with Stanford Children's Health can use the Duo app to authenticate in the same way with either institution's systems by simply adding an account to the Duo app. Stanford Health Care is currently testing Duo. When it goes live, Stanford community members can add the SHC account to their Duo app as well.

Please go in to accounts.stanford.edu and try any of the new methods and set up your backup device. Encourage your staff and colleagues to do the same. The instructions are available from the new Two-Step Authentication service site.

You may also notice that University IT updated the look of WebLogin. The new screens now align with Stanford's latest identity guidelines.

We hope you find the new Two-Step Authentication service and the new WebLogin screens make it easier for you to help us protect Stanford's data and resources.

If you have any questions, please submit a help request.

 

Drupal 6 on the Collaboration Tools Installer retiring

December 17, 2014

This is a notification that the Drupal community will stop releasing updates for Drupal 6 sites about three months after the release of Drupal 8, which is likely to be released in the next year. University IT will continue to test and provide updates to Drupal 6 sites through the upgrade tool as long as the Drupal community releases them. While University IT will not support any new Drupal 6 installs through the Collaboration Tools Installer, University IT will not take down any existing Drupal 6 sites.

University IT strongly recommends upgrading to Drupal 7 soon and not waiting until after Drupal 8 is released. Stanford faculty, staff, and students who are interested in starting a Drupal site are encouraged to use Stanford Sites, a self-service tool for building Drupal 7 websites.

For more information on navigating to Drupal 7, see Moving From Drupal 6 to Drupal 7.

MediaWiki on the Collaboration Tools Installer retiring

December 17, 2014

University IT no longer supports installs and upgrades for MediaWiki through the Collaboration Tools Installer and Upgrader. You may continue to run your existing site; however, you are responsible for keeping MediaWiki software for that site up-to-date (see https://www.mediawiki.org/wiki/MediaWiki for more information) and adjusting settings to make it compatible with Stanford's web infrastructure.

As an alternative, University IT offers Confluence, a more supported wiki environment, which allows any authorized user to add, delete, or revise content via a web browser. Confluence is available to Stanford users only.

If you are using MediaWiki as the foundation for a website, a better Stanford option is Stanford Sites, a self-service tool for building and managing websites. Stanford Sites is available to current faculty, staff, and students free of charge.

WebEx Retirement

December 5, 2014

Effective December 5, 2014, University IT will no longer support or offer WebEx licenses. Current WebEx users are encouraged to use BlueJeans, which is provided at no cost to all faculty, staff, and students.

After December 5, 2014, the Stanford University WebEx site will no longer be accessible.

Please contact Gino Piccardo at WebEx if you want to obtain a department license.

University IT support coverage for winter closure

November 26, 2014

Stanford University suspends operations, where feasible, during the winter holiday season, 5 p.m. Friday, December 19, 2014 through Friday, January 2, 2015. Accordingly, many University IT offices will close or provide limited support during winter closure. We will resume full support on Monday, January 5, 2015 at 8 a.m.

More information about service orders, support, and system outages is available at itwinterclosure.stanford.edu.

Note: Monitoring and support for critical services will be maintained throughout winter closure.

Two-Step Authentication SMS Text Message Codes Update

November 14, 2014

On Sunday, November 16, 2014, the SMS text message codes you receive for your Two-Step Authentication will increase from 6 digits to 7 digits.  Additionally, you will receive the message from a 313 area code (previously 650). 

November University IT Newsletter Available

November 3, 2014

University IT is a collaborative partnership of the three IT units within Stanford’s Business Affairs organization, all dedicated to delivering world-class service and technological solutions in support of research, teaching and learning, administration, and healthcare.

The November issue of the University IT newsletter is now available.

lynda.com Online Training Available at No Charge

November 1, 2014

University IT is tremendously excited to let you know that the lynda.com service is now available for free at Stanford.

Thanks in part to the generous support of many campus partners, Stanford faculty, staff, and students can start using this highly-respected service to spur their learning and development, as well as get just-in-time help on subjects that include business, design, digital media, web development, and so much more. There are over 3,000 titles "chunked" into short topic-based videos that your colleagues can access at their convenience, 24x7.

To get started, faculty, staff, and students to go to:

Those already using lynda.com will have the option of merging their existing account information into their Stanford account. New users can simply create their Stanford account. Any additional support is available easily from the lynda.com resources available at the site.
 

University IT Website and Newsletter Launches

October 1, 2014

University IT is a collaborative partnership of the three IT units within Stanford’s Business Affairs organization, all dedicated to delivering world-class service and technological solutions in support of research, teaching and learning, administration, and healthcare.

University IT has just launched a new website and newsletter.

Amazon Web Services (AWS) Enterprise Agreement

September 3, 2014

In early September 2014, current Amazon Web Services (AWS) account holders should have received an email directly from AWS, on Stanford’s behalf, informing them of the new Enterprise Agreement negotiated between AWS and Stanford University as of May 2014. Learn more.

Free Video Conferencing (BlueJeans) now available!

September 2, 2014

As part of the Converged Communication package, BlueJeans audio/video conferencing service is now available to all current faculty, staff, and students at no cost.  To access your BlueJeans account, go to stanford.bluejeans.com and log in with your Stanford SUNet ID. Upcoming training sessions are available. See the BlueJeans training schedule for more information.  For more information, visit:  videoconferencing.stanford.edu.

Encrypting Employee Laptop and Desktop Computers

August 5, 2014

Dear Colleague:

Proactively encrypting your laptop and desktop computers is the single most important step you can take to protect your information and the University's data in the event the device is lost or stolen. The University has established a goal of verifiably encrypting all faculty, staff, and postdoc Macintosh and Windows computers by May 31, 2015, and we are asking you to begin now using one of three options presented below. This requirement applies to both Stanford and personally owned computers that will continue to be used for Stanford activities on the campus network, other than those granted exceptions due to special research requirements. Anyone who stores, transmits, or accesses High Risk Data information as defined under the Risk Classifications should have all data encrypted now and not wait until the May 31, 2015 deadline.

As you may know, an Ad Hoc Faculty Committee on IT Privacy met last spring on a wide variety of information security issues and affirmed the importance of encrypting employee computers used for Stanford activities. When these systems are lost or stolen, it often leads to months of follow-up and remediation effort that could have easily been prevented if the systems had been encrypted. More than 16,000 University employee laptops and desktops are already encrypted (thank you!) via the Stanford Whole Disk Encryption (SWDE) service, which turns on the built-in encryption capabilities of both Macintosh and Windows computers. SWDE includes the University's systems management utility called BigFix, which also periodically verifies encryption status and collects other information regarding the device.

On rare occasions during the encryption process, we have seen disk failures occur. For this reason, as well as being a general best practice, you are strongly encouraged to back up your files before starting to encrypt. CrashPlan PROe provided by University IT is the recommended backup service and is widely used within Stanford, but your local IT group may provide other options. CrashPlan encrypts your backups for secure storage and also provides the option of setting a secondary password to ensure that only you can restore the files. 

For encrypting your computer, there are currently three options:

  1. To make rapid progress toward the May 31, 2015 deadline, we are presently focused on encrypting the more than 15,000 computers with BigFix already installed that have native encryption capability but are not yet encrypted. For those SWDE-ready computers, users will soon be requested to initiate the encryption process, beginning with a short "(Stanford Device Identification") questionnaire that will appear on the screen as early as Aug. 12, 2014. In the subsequent days or weeks, the SWDE installer will ask to initiate encryption, which can be postponed until a convenient time. Campus IT support staff are familiar with the SWDE installation process and will assist as needed.
  2. Users can download and run the SWDE installer at any time on their systems. SWDE will begin by checking the operating system and hardware configuration and will indicate if any update is needed. 
  3. For those who would like to encrypt now without using BigFix or SWDE, you have the option of checking to see if your system is encryption-ready and activating the native encryption on your own. As a reminder, we strongly recommend backing up your files prior to encrypting.

On Macintosh systems, native encryption is entirely transparent once enabled. On Windows systems, the only noticeable difference will be the need to enter another password of your choosing upon booting. Some older Macintosh and Windows systems may need to be upgraded to be encryption-capable, and your local IT staff can help you in those cases. The Information Security Office has a process for you to request an exception from the encryption requirement for research computers that are not yet capable of efficient encryption. 

In the coming months, further communications about the University's encryption initiative will be sent, and utilities will be made available to easily attest the encryption statuses of your computers. More information about encryption is available at encrypt.stanford.edu, and help is available by submitting a HelpSU request. I urge you to encrypt soon as a supplement to the other information security best practices we have been recommending, including regularly patching your operating system and applications, backing up your fileschoosing strong passwords and remaining vigilant for phishing attempts. Thank you for your continuing partnership in these efforts to protect Stanford's data as well as your personal information.

Kind regards,

Michael Duff
Chief Information Security Officer

ReportMart1 Officially Retired

July 31, 2014

ReportMart1 users take note: A new reporting tool is now available for data reporting and analysis.

As part of the university’s initiative to modernize business reporting on campus, the ReportMart1 reporting system was retired on July 31, 2014. All reports currently run out of the ReportMart1 portal have been migrated to Stanford's Oracle Business Intelligence (BI) reporting portal.

The Stanford BI portal provides a full range of reporting and analysis tools in an easy-to-use interface. In addition to published reports, users have access to interactive dashboards, ad-hoc queries, and dynamic search tools.

Getting Access to the BI Portal

Access to the BI portal is authorized via the Authority Manager application by the respective department stakeholders.  ​

Go to the BI portal and use your SUNet ID and password to login. Mac users will not need to use Connect/Citrix to access the BI portal. See the Browser Recommendations page for more information about supported browsers.

Training

AS offers an Introduction to the Stanford BI Portal (AS-6005) class via STARS monthly.

For those unable to attend a BI portal training class, a quick start guide is available.

Getting Help

If you require assistance or more information about the BI portal, please submit a HelpSU request.

Stanford ID cards get new look

July 30, 2014

New look for Stanford ID cards

Effective Aug. 1, the university will begin issuing Stanford ID cards with a new look. While the change will not affect those with existing cards, IDs issued to new employees and new students arriving this fall will look distinctively different. The changes have been made to ensure that the cards conform to Stanford's updated wordmark and visual identity system.

“Because this card appears slightly different from existing cards, we would like to make sure all campus departments and services are aware of the change, to limit confusion over the legitimacy of the new cards,” said Jay Kohn, director of card services.

For those who are eligible for the Go Pass, the new design accommodates space on the front of the card for that sticker.

ID cards with the old design remain in effect unless the card is lost or stolen. Replacement cards will continue to cost $20. When a replacement card is issued, it will reflect the new design.

ID Cards are issued by the Campus Card Office. For more information, visit the Campus Card Services website or call (650) 498-CARD or (8-2273).

Is Stanford Affected by Heartbleed?

April 17, 2014

The Internet is abuzz with news of the "Heartbleed" bug that affected the security of the majority of web servers in the world, as well as other computer systems that rely on OpenSSL code. This bug is serious, but its immediate impact at Stanford is not cause for alarm.

Apple Update Required for OSX and iOS

March 31, 2014

Apple Inc. has released updates for Mac OSX 10.7, 10.8, and 10.9 to address a critical security problem. Stanford's Information Security Office recommends that you update your Mac OSX systems and iPhones, iPads, and iPod Touch devices as soon as possible to protect your personal privacy and security, as well as to protect the university's data.

On April 4, 2014, Mac OSX systems that are not up-to-date will have the update pushed to them automatically. Please restart the system to complete the installation. For instructions and additional information, visit the Secure Computing web site.

On April 14, 2014, compliance rules in MDM will be updated to no longer allow insecure versions of iOS 6 and iOS 7. Please update your device today.

For more information, go to securecomputing.stanford.edu.

On the Information Security Front Lines

March 16, 2014

In an era of identity theft and cyber crime, information security is one of the most pressing issues facing higher education institutions today. The eNews recently sat down with Armand Capote, senior director of Infrastructure and Architecture in Administrative Systems, to discuss what measures AS is taking to fortify and protect Stanford’s administrative application infrastructure. Below are selected highlights from the conversation.

On a department level, AS is responsible for managing the systems that run the business of the university. How does AS secure these systems and the data they contain?

System security is one of the highest priorities of our organization. We work closely with the Information Security Office (ISO), business offices, and application vendors to deploy systems according to well-established security guidelines and best practices.

That being said, hackers are only getting more advanced and brazen. New system vulnerabilities and exploits are constantly being discovered, and this requires constant vigilance on our part. AS routinely monitors for these types of events across all of our systems, and typically addresses them within a week or less of discovery.

Last summer’s system security breach highlighted the need for heightened IT security across Stanford. Did AS implement any new security procedures as a result?

Prior to last summer’s event, access to most Stanford systems simply required entry of a SUNet ID and password. That model left systems vulnerable to stolen passwords; there was no way to tell if the person typing the password really WAS the person who owned it. As an immediate measure once the security breach became known, AS implemented and enforced new internal SUNet password requirements; all AS staff were required to establish longer/more complex passwords, and to change them on a very short schedule.

Once Two-Step Authentication for WebAuth accounts became standardized across the university, the stolen password risk was greatly mitigated; however, WebAuth Two-Step does not cover direct access to network hosts and database systems— the kind of access we regularly use in Administrative Systems. To address this vulnerability, AS deployed an additional internal two-step authentication layer for all AS staff who manage application infrastructure.

We also convened an ongoing task force to perform a comprehensive security review of our application infrastructure. The team meets weekly to examine both technology and process improvements aimed at further strengthening our long-term security posture. One of the important best practices that this group is proposing across Stanford IT is the idea of keeping privileged account credentials separated (i.e., not using privileged credentials and normal user credentials on the same machine). That means that if a system is compromised, it is much less likely to be used as a "pivot" to gain access to other, more secure systems.

Have there been any challenges implementing these new security procedures? What has the implementation process been like so far?

Implementing new security procedures is always a challenge at the organizational level; you have to weigh the security risks against the financial and/or operational costs of managing them. Finding the right balance between the two is tricky, and this is something that we routinely discuss at length with our business partners and system owners.

In light of recent events, there is a heightened awareness on campus regarding information and/or computer security. This has made it easier to implement new security procedures, since everyone at Stanford has a vested interest in protecting our systems and information.

Many departments on campus are looking for ways to strengthen application infrastructure and/or desktop security. Is there anything in particular that you would recommend?

The Information Security Office (ISO) has put together a wealth of security information and resources on its website. I urge departments to use the ISO recommendations as a guideline.

For those looking to further enhance desktop security, I recommend that departments consider leveraging our virtual desktop infrastructure. A virtual desktop has substantial security advantages over a traditional desktop because it is physically located on a remote central server rather than on the user's local computer. A virtual desktop cannot be lost or stolen in the same manner as a laptop, which means the data is at a much lower risk of “walking away.”

Several departments (Financial Management Services, the Office of Sponsored Research, Research Financial Compliance & Services, and the Graduate School of Business) have already adopted this technology for their user bases. I’d be happy to discuss virtual desktops with any department interested in learning more.

SLAC Payroll Integration Success

March 15, 2014

The SLAC National Accelerator Laboratory (SLAC) has a unique relationship with Stanford University. Operated by the university under the programmatic direction of the U.S. Department of Energy Office of Science, SLAC is effectively an independent entity with its own governance, directives, and administrative infrastructure.

Over the last few years, SLAC has been looking to update its central administrative systems. As part of this effort, a project was undertaken in 2013 to integrate SLAC's payroll function into the central university payroll system. The goal: consolidate SLAC’s payroll administration and management of external benefits into Stanford’s PeopleSoft-based system.

The complex technical project involved months of careful planning and development, with close collaboration among AS, the Controller’s Office (Payroll), Human Resources Information Systems, and SLAC. The SLAC/Stanford payroll integration went live in December 2013.   

As a result of the project, SLAC takes advantage of the university’s more up-to-date implementation and standardized processes, while also eliminating the risks associated with operating its own in-house payroll. And SLAC employees now use the Axess portal to view pay statements and manage their direct deposit and W4 elections.

Contact Sameer Marella if you'd like to learn more about the SLAC Payroll integration.  

Meet the Team: Middleware and Integration Services

March 10, 2014

There’s one thing that all Stanford’s administrative applications have in common, and that's Registry data. Regardless of an application’s size or purpose, it's almost certain to require Registry data (people, organization, account, course, workgroup, and/or authority information) in order to function.

Enter the Middleware and Integration Services (MaIS) team!

MaIS is among the unsung heroes of IT at Stanford, quietly working behind the scenes day after day to support the collection, maintenance, and distribution of university Registry data.

As you can imagine, Registry data is updated quite frequently across campus. Thousands of changes are recorded in the Registry daily, and these updates must be propagated to the myriad of applications that use this data. 

The MaIS team manages the system infrastructure (middleware) that enables Registry data to flow from one application to the next. MaIS essentially serves as the middleman facilitating data communication between applications—no small task!

In addition to providing middleware support, over the years the team has developed several custom applications that expedite the collection and distribution of Registry data. These self-service applications include Authority Manager, Organization Manager, Workgroup Manager, and StanfordYou.

The MaIS team often partners with external campus groups on data integration projects. To learn more about MaIS and the Registry, contact Manager Maria Inciong or visit the MaIS website.

Have You Experienced the New OrderIT?

March 4, 2014

Ordering IT equipment and related services on campus got a lot easier in late 2013. That’s when IT Services (ITS) and AS rolled out a new IT ordering, fulfillment, and billing system.

Serving the Stanford community at large, the new OrderIT system significantly streamlines the IT ordering process with a user-friendly online portal.

With a simplified user interface, the new system drastically reduces the time (and training) required to place and process requests for IT equipment and related services.

Integration with Stanford’s financial systems and ITS order fulfillment systems ensures a seamless workflow for OrderIT transactions. Billing reports are available in Oracle Business Intelligence (OBI).

The mobile version of the new OrderIT, currently in development, will enable ITS technicians to complete work order assignments on the go. About 25 technicians are expected to use the system when it goes live in May 2014.

Curious about the new OrderIT? Visit the Ordering IT Services page for more information.

Tracking Research Dollars: eCertification Payroll Distribution System

March 1, 2014

Prompted by new federal regulations, AS is collaborating with the Dean of Research and Research Financial Compliance and Services on a new system to support certification of payroll charges for research projects.

The eCertification Payroll Distribution system will create an annual online report that displays the payroll distribution for each employee whose salary is charged wholly or in part to a project subject to federal regulations.

School/department administrators and Principal Investigators (PIs) will go online to review and formally certify the payroll distribution report for their associated research projects. In all, about 2,000 PIs and administrators are expected to use the system.

Development on the project began in Summer 2012, and the team successfully wrapped up a short pilot with a handful of users across campus in late 2013. The new system will be rolled out university-wide in phases beginning in early 2014.

To learn more about the eCertification Payroll Distribution system, visit the DoResearch website.

Urgent Update to iOS

February 24, 2014

Apple has issued a security update for all iOS devices including the iPhone and iPad. University IT recommends that you apply this update. First, back up your device using iCloud or iTunes. Then go to Settings>General>Software Update and download and install to update your device.

Faculty Committee Formed to Discuss Information Security

February 13, 2014

Vice President for Business Affairs Randy Livingston announces the formation of a faculty committee to assess the information security challenges facing Stanford and help chart institutional strategies for addressing them. Several elements of the information security mandates announced on Jan. 15 for Stanford employees will be suspended in the meantime.

Dear Colleagues:

On Jan. 15, I sent you a communication outlining new information security mandates for University employees. Since that time I have heard from a number of faculty expressing their concerns about the potential impact of the mandates on individual privacy and research productivity. While all of us share the goal of containing and mitigating information security risks, we want to respect and protect individual privacy, and avoid impairing the University's research efforts.

On Feb. 11, I met with the Faculty Senate Steering Committee to discuss faculty concerns. I proposed formation of a special faculty committee to assess the information security and privacy challenges facing Stanford, help chart an institutional strategy that reflects the diverse needs of University stakeholders, and partner with the administration in revising the mandates. The faculty committee will be formed within the next two weeks and will be led by Andy Fire, Professor of Pathology and Genetics, and co-chaired by David Palumbo-Liu, Professor of Comparative Literature and English, who are also members of the Faculty Senate Steering Committee.

While the committee undertakes its review, all agree that we should suspend several elements of the mandates as described below:

1. Windows XP - The mandate to migrate from Windows XP laptops and desktops will be suspended for devices that manage scientific instruments or run unique software applications that cannot be easily upgraded. The April 8 deadline will remain for laptops and desktops used as standard business systems.

2. BigFix - The deadline for installation of BigFix will be suspended for systems that do not store or access personally identifiable information (PII), such as Social Security and credit card numbers or protected health information (PHI). BigFix must be installed on University and personally owned systems that store or can access PII/PHI no later than May 28.

3. Identity Finder (IDF) - This tool, which scans computer files to identify PII that a user may have downloaded unwittingly, will not be used except with specific consent of the individual whose files are being scanned.

4. Encryption - The requirement to encrypt laptop and desktop devices will remain with the following deadlines:

  1. New University-owned laptops and desktops must be encrypted immediately following purchase.
  2. SWDE encryption must be in place on all University-owned and personally owned devices that store or can access PHI in any manner by Feb. 28.
  3. SWDE must be in place on all devices storing more than 500 PII records by July 31, and with more than 10 PII records by Nov. 30. PII belonging to the device user and family members, such as would be found on copies of an individual's tax return, will not be counted under this requirement.
  4. With the exceptions of the devices that manage scientific instruments without PHI/PII, we will pursue a goal of having encryption in place on all laptops and desktops by May 31, 2015.

5. Encryption for Mobile Devices - The requirement to install Mobile Device Manager (MDM) is suspended for those individuals with no access to PHI. However, for those with access to PHI, the original mandate to install MDM on University-owned and personally owned mobile devices by Feb. 28 will remain.

6. File Backup - Frequent and secure file backup is highly recommended for all systems and all members of the Stanford community. We are suspending the requirement to use a University or department managed file backup service, but these services remain available to all members of the Stanford community.

Once the faculty committee is formed, we will communicate its membership and encourage all of you to provide input to them.

We also will be issuing additional communications soon providing tips for maximizing your own computer security and answering common questions we have been receiving from the Stanford community. Strengthening our information security is an imperative for the University, but we intend to do so in a manner that is consultative and using transition processes that are as simple as possible for everyone to implement. Thank you for your partnership in these efforts.

Regards,

Randy Livingston
Vice President for Business Affairs

New Security Requirements for University Employees

January 15, 2014

In a letter to the Stanford community, below, Vice President for Business Affairs Randy Livingston provides an update on information security at Stanford and outlines new requirements for University employees. Deadlines are provided for implementing each of the new requirements.

Dear Colleagues:

Over the past several months, we have undertaken several initiatives to improve the security of Stanford's IT environment and protect the privacy of information stored on our systems. Thank you for your support in changing passwords and adopting two-step authentication.

To further improve information security and privacy, we will be requiring several additional steps for all University employees. These requirements apply to all University-owned laptops, desktops, smartphones, and tablets ("devices"); personally owned devices used on the Stanford Network; and personally owned devices that could be used to access Protected Health Information (PHI) or other High Risk Data. Other personally owned devices used at home or on the wireless Stanford Visitor network are encouraged to follow these mandates, but not required to at this time. Your organization may impose additional security requirements that you are required to follow. Exceptions to the mandated requirements are outlined at the end of this communication.

  1. Windows XP Migration - Windows XP will no longer be supported by Microsoft after April 2014, and as a result, represents a significant security vulnerability. Approximately 2,500 Windows XP systems are currently used by University employees. Employees with Windows XP laptops or desktops must migrate to Windows 7 Enterprise or Ultimate, or Windows 8 Pro or Enterprise no later than April 8, 2014. The University now has a site-wide license with Microsoft whereby employees can download the latest operation system and application versions at no cost.
  2. BigFix - BigFix is a program that ensures operating systems and other applications are patched with the latest security updates. More than 80 percent of employee laptops and desktops already have BigFix installed. All desktop and laptop computers are required to have BigFix installed no later than May 31, 2014. BigFix can be downloaded from the University IT website and installed directly by any Stanford employee.
  3. Identity Finder - IDF is a program managed by BigFix that scans your computer files for personally identifiable information (PII) such as Social Security numbers and credit card numbers, and provides you or your IT support team with a report that allows you to delete PII that is unneeded. In a broad pilot program last spring, 15 percent of scanned systems had more than 500 PII records, and an additional 15 percent had between 100 and 500 records. Starting on Feb. 28, 2014, BigFix will install IDF and occasionally run in the background on your system, similar to a virus scan or file backup. No action is required on your part to run the program, but you will be notified if PII is found on your system, and you should then delete unnecessary files. Your technical support team will be able to assist you to ensure permanent deletion.
  4. Encryption - All laptop, desktop, and mobile devices must be encrypted. If a device is lost or stolen, encryption ensures that a third party cannot access protected information, such as PII or Protected Health Information (PHI) that may be stored on the device. In addition, it provides the University a "safe harbor" with respect to legal requirements to report a breach of information stored on the device. We have learned that a stolen device may be determined after the fact to have PII/PHI even when the user believed there was none. Given this understanding, and the high incidence of PII found by IDF scans, we are requiring all devices to be encrypted with the following deadlines:
    1. All new laptops and desktops purchased with University funds must be native encryption capable and install Stanford's Whole Disk Encryption (SWDE) service immediately. Operating systems supporting native encryption currently are: Mac OS X 10.7 or later, Windows 7 Enterprise or Ultimate (TPM chip required), or Windows 8 Pro or Enterprise. Replaced systems must be relinquished upon receiving the new one.
    2. All iOS and Android mobile devices must install Mobile Device Manager (MDM) to encrypt the device no later than Feb. 28, 2014.
    3. All laptops and desktops that store or can access PHI in any manner must install SWDE no later than Feb. 28, 2014.
    4. All remaining laptops and desktops will be required to install SWDE by a specified date based on the number of PII records found by IDF. Systems with more than 500 PII records must install SWDE by July 31, 2014; systems with more than 10 PII records must install SWDE by Nov. 30, 2014; and all remaining systems must install SWDE by May 31, 2015.
  5. File Backup - All documents, files, and custom programs relating to University activity must be backed up on a regular basis by a University or department managed service. File backup capability should be in place before SWDE is installed, and must be implemented for all devices no later than May 31, 2015. Stanford laptops and desktops typically store many years of important work products and enable our daily work. When devices are lost, stolen, or otherwise compromised, critical data can be irretrievably lost. When they are backed up, lost data can be readily recovered.

Your technical teams will receive additional details to aid in the implementation of these requirements by the dates specified below. In some instances your School or Department may have established earlier deadlines for completing the tasks outlined in this memo. Further communication will be forthcoming to department IT groups regarding security requirements for servers, and to student and postdoc populations regarding requirements for their devices.

Mandate Deadline Summary

File Backup Prior to Encryption
Encryption — New Laptops/Desktops Today
Encryption — Mobile Devices Feb. 28, 2014
Encryption — Existing Laptops/Desktops that Store/Access PHI Feb. 28, 2014
Identity Finder Scans — All Laptops/Desktops with BigFix Installed Feb. 28, 2014
Windows XP Migration April 8, 2014
BigFix Installation — All Laptops/Desktops May 31, 2014
Encryption — Existing Laptops/Desktops with >500 IDF Records July 31, 2014
Encryption — Existing Laptops/Desktops with >10 IDF Records Nov. 30, 2014
Encryption — All Laptops/Desktops May 31, 2015

EXCEPTIONS - A handful of laptop and desktop devices are used for complex computation purposes where these management tools might interfere with their effective operation. In addition, some devices are used to control scientific instruments and cannot be upgraded at this time. For these situations, you should request an exception. In addition, Linux systems, BlackBerry mobile devices, and Windows Phones are temporarily exempted until SWDE and MDM are available for these platforms. Until they are available, these devices should not be used to store, process, or transmit PHI or other High Risk Data without a formal exception.

Thank you for the steps that you and your organizations have already taken to increase our security standards. I appreciate your understanding and cooperation as we work together to protect both University data and personal information through the implementation of these best practices.

Sincerely,
Randy Livingston
Vice President for Business Affairs

Winter Close Information for University IT Clients

December 19, 2013

Stanford University has decided to suspend operations, where feasible, during the winter holiday season. In support of this decision, most groups within University IT will be closed from end of day Friday, December 20, 2013 through Friday, January 3, 2014. Normal business operations will resume on Monday, January 6, 2014 at 8 a.m.

Services to both hospitals and the clinics (SHC and LPCH) will continue as normal during this time, and staff will be available to provide the expected levels of support.

The majority of University IT offices will be closed. A small number of staff will be on hand to support university offices that must remain open. These staff members will provide operator services, monitor and support critical applications, process high-priority service orders, and provide priority response to urgent HelpSU requests. Please note: You may experience longer-than-normal response times during this period.

For University departments needing work orders to be completed before winter close, please submit your request no later than December 9, 2013 for Data Center orders or December 11, 2013 for telephone orders. We will make every effort to complete orders received by those date on or before December 20, 2013. Orders received after those date may not be completed until on or after January 6, 2014.

Complete details regarding University IT support and staffing plans during winter close are available at: itwinterclosure.stanford.edu

Verizon Bills One Month in Advance

September 25, 2013

Verizon customers: Verizon charges customers one month in advance for all services. For new lines of service, your first month's bill will be higher than future bills because Verizon includes both the current month's and next month's charges.

Activating Two-Step Authentication

September 24, 2013

In a letter to the Stanford community, below, Vice President for Business Affairs and Chief Financial Officer Randy Livingston provides an update on information security at Stanford and announces that two-step authentication will be required for SUNet users. The process allows users to choose one of three methods -- a printed list of codes, text messaging, or a smartphone app -- to provide a second level of identity verification when logging into Stanford systems.

Members of the Stanford Community:

I am writing to notify you of additional steps to enhance the security of Stanford’s information systems and protect against the pervasive threat of online attacks. In addition to the initial password changes we required over the summer, we now ask all University community members with a SUNet ID to activate two-step authentication, a simple and highly effective security mechanism already adopted by many organizations.

Starting this Thursday, we will begin requiring anyone with a SUNet ID to have two-step authentication enabled in order to access web-based services. The community will be added on a rolling basis, so your prompt to enroll may occur anytime over the next several weeks. Already more than 10,000 SUNet ID account holders have voluntarily elected to use this enhanced security.

Two-step authentication substantially reduces the ability of would-be intruders to access your account by requiring a second login code in addition to your password. Commonly, this is a random numerical code generated by a smartphone application or sent via text message to your phone. You will be prompted for this extra code at least once a month for each computing device and browser that you use.

I encourage you to go to the Accounts page and enroll now, if you have not already. Once at the Accounts page, click “Manage,” then click “Two-Step Auth” and follow the instructions.

We will be taking additional measures over the next few months to further safeguard our information systems. Your technical support teams and University IT will be working with all campus units to upgrade or replace older Windows XP operating systems and to encrypt all employee laptops and mobile devices. We also intend to require longer or more complex passwords.

I will continue to provide updates on our progress. Thank you for your understanding and cooperation as we work together to protect both University data and personal information through the implementation of these information security best practices.

 

Sincerely,
Randy Livingston
Vice President for Business Affairs
Chief Financial Officer

Update on Attack of Stanford's IT Systems

August 19, 2013

In a letter to the Stanford community, Vice President for Business Affairs and Chief Financial Officer Randy Livingston provides an update on the recent breach of Stanford's information technology systems and offers recommendations for maximizing one's own computer security.

Members of the Stanford Community:

I’m writing to you today to outline steps that the University is considering to make our network more secure in light of the attack on Stanford’s information systems infrastructure that occurred last month.

Background

In late July, Stanford discovered that an unauthorized party or parties gained access to a portion of its information systems infrastructure. The attack appears to have been launched from an overseas location and was similar to foreign state-sponsored attacks reported in recent months by many large organizations in the United States. The purpose of the attack remains unclear, although data security experts suggest that these kinds of attacks are aimed at capturing intellectual property that could have commercial and economic value to the intruders' country. The intruders may also be interested in tracking activities of their overseas citizens. Universities are increasingly the focus of these intrusions, as reported by The New York Times in its July 16 article, “Universities Face a Rising Barrage of Cyberattacks.”

Upon discovery of the attack, as a security measure we sent a notification to all employees and students directing them to immediately change their passwords. While our investigation is continuing, we believe the attackers gained access to all Stanford SUNet ID account usernames and a “hashed” version of the passwords. The hashing algorithm converts a password into a different string of characters. While this hashing of passwords disguises the original password, hackers have the capacity to decipher simpler and shorter passwords. Though Stanford has no evidence that the hashed versions of the passwords were deciphered, Stanford is notifying all SUNet ID account holders of that possibility.

At the present time, we have no evidence that personal information — other than usernames and hashed passwords — has been accessed, but this is an ongoing process and we are continuing to investigate. Stanford has retained experts to assist us in this investigation, and we continue to work with law enforcement as well. As the Times and others have pointed out, cyber-intruders are persistent in their attempts to gain access to information systems and are very good at covering their tracks. We will continue to update the community and take action as information develops.

New security measures underway

To better protect Stanford assets and our information — including University data as well as personal information — additional security protections are being adopted to meet the ever-increasing threats of attacks. These safeguards will result in some inconvenience to users, but please be assured they are being implemented to improve our overall security.

One of the first measures will be to implement two-step authentication. When logging into certain Stanford applications like Axess or Oracle, in addition to their user names and passwords, users will need to input a second factor or means of identification. Users can learn more about two-step authentication and voluntarily begin using it by going to the Accounts page on the Stanford website. Click “Manage,” then click “Two-Step Auth” and follow the instructions. To date, more than 3,000 SUNet account holders have begun using this security feature. In the coming weeks, two-step authentication will become mandatory for accessing certain critical applications.

In addition to two-step authentication, Stanford is also taking steps to improve and enhance the security of its core infrastructure systems.

It is important to recognize that the hackers of today are very sophisticated. We cannot assume that new procedures, passwords, and security enhancements fully eliminate their continued presence. It may take several iterations of security improvements over some period of time to regain confidence in the security of the network.

Cooperation from users is essential

While we have no evidence that personal information — other than usernames and hashed passwords — has been accessed, the University is encouraging all users of Stanford’s computer network to be increasingly vigilant regarding their online activities. Cooperation from the University community will be essential, and everyone — staff, students, and faculty — will need to take more personal responsibility for the security of user devices and confidential information.

Users should, at a minimum, take the following steps to protect themselves and the University:

  • Change passwords regularly, both for University connectivity and for personal use — financial, health, etc. For any personal accounts, use passwords  that are different from your SUNet password.
  • Follow protocols to make passwords more difficult for an unauthorized user to determine, including using capital and lower case letters as well as numbers and symbols. The longer and more complex the password, the safer it is.
  • Be aware of efforts by outside parties to gain access to passwords and personal identification information. This begins with understanding and recognizing “phishing” attempts. A phishing attack is the practice of attempting to obtain your user name and password or other confidential information, typically by sending an email that looks as if it is from a legitimate organization but contains a link to a fake website that replicates the real one. Phishing attacks have been increasing and are more sophisticated than ever.
  • Turn on the native encryption capability provided by recent versions of Mac OS X (versions 10.7 and newer) and Windows 7 (Ultimate or Enterprise edition) or Windows 8 (Professional or Enterprise edition) and through Mobile Device Manager (MDM) for iOS devices (versions 5.1 and newer) and compatible Android devices (Android OS version 4.0 and newer). Talk to your department’s IT contact for guidance as to the procedure for turning on that capability.
  • View the information security awareness video on the Accounts site referenced earlier.

As many employees have multiple devices that are linked into the Stanford system, use best practices for securing not only your University-issued devices but also your home computer and personal mobile devices.

Moving forward

Further investigatory work — systems diagnostics, intensive activity monitoring, and working with law enforcement — is helping us understand more specific details of the attack on our system. Much of this work must remain confidential as it is helping to identify further steps that the University can take to protect and ensure the security of its systems and data.

As has been the case with other organizations that have experienced similar intrusions, efforts to ensure that Stanford’s infrastructure is free from compromise will be measured not in days or weeks but in months. The sophistication and persistence of these kinds of intrusions, combined with the complexity of the University’s data and information systems, create challenges that make the securing of those systems a painstaking process.

Thank you for your support and understanding. We will keep you updated on our progress.

Sincerely,

Randy Livingston
Vice President for Business Affairs
Chief Financial Officer

Proposal to Closeout: SeRA Supports Research

August 5, 2013

Launched in 2010, the Stanford Electronic Research Administration System (SeRA) is the enterprise-wide application that supports research administration at Stanford.  

As the institutional system of record for sponsored projects, SeRA tracks the various stages of the sponsored research project lifecycle from initial proposal to award closeout.

AS has continued to build key functionality into the system since its initial launch. The latest enhancement, Award Reporting and Closeout (ARC), was released in early July.

Developed in conjunction with the Office of Sponsored Research, ARC enables research administrators to actively monitor and manage research award reporting and closeout requirements directly in SeRA. This replaces the COFR (Closeout & Financial Reporting) database, significantly streamlining the complex award closeout phase.

Following up on this major release, several usability and feature updates are on tap for later this summer. 

To learn more about SeRA and the latest releases, visit the SeRA section of the new DoResearch website.

All Systems Go: Ensuring Commencement Success

August 4, 2013

Stanford's 122nd Commencement in June launched more than 3,300 graduates into the world, ready to make their mark and make a difference.

While students prepared for the Wacky Walk, they were likely unaware of the frenzied work going on behind the scenes to make it happen.

The weeks leading up to commencement are an intense period of feverish activity for the entire university as faculty and administrators rush to process final grades and transcripts.

This work puts a significant load on the university’s information systems, and during this period AS works around-the-clock to keep these systems humming.

Staff from several practice areas within AS provide extended on-call coverage, with employees standing by evenings and weekends to address any potential system issues or questions. Daily standup meetings and hourly email check-ins with key business office stakeholders ensure consistent awareness of current systems status.

These efforts, combined with standard operating procedures, ensure a stable computing environment to support a smooth Commencement (and a happy Wacky Walk).

Contact Sameer Marella for more information.

When Disaster Strikes ...

July 30, 2013

Here's the scenario:  An earthquake or fire cripples the Stanford Data Center, and no one can access core business applications. How long will it take to get the systems that run the university back up and available for use?

The annual AS/ITS Disaster Recovery drill seeks to answer this critical question. Each summer AS and other IT-related organizations on campus participate in an exercise to simulate a major disruption to Stanford’s main data center on campus. The drill enables participants to test their backup systems and emergency procedures in a real-time disaster scenario.

This year's drill, which participants were told could launch at any time between June 19 and Aug. 2, kicked off without warning (just like a real disaster) a little after 3 p.m. on July 18.  

The target recovery time for AS to restore core administrative systems (PeopleSoft and Oracle Financials) in the event of a disaster is two business days. So how did we do in the drill? The AS infrastructure teams had both systems up and running in Stanford's remote auxiliary data center in less than three hours. Reporting components for each system were restored and functional shortly thereafter.

In the event of a real campus disaster, the most immediate priorities will obviously be human safety and security; however, information systems can play a critical role in enabling authorities to identify, communicate with, and support affected populations. The results of this year's Disaster Recovery Drill indicate that Stanford has the ability to quickly bring its core business systems back online, ensuring continuity for administrative operations and support for general campus recovery efforts.

Contact Armand Capote to learn more about AS infrastructure and system recovery.

Payroll & Labor Expense Reporting Made Easy

July 30, 2013

Ready for the next-generation reporting tool at Stanford?  

The Payroll and Labor Expense Management (PLM) reporting system is preparing to make its campus debut.

The multi-phased PLM project seeks to create an ad hoc payroll and labor reporting environment in OBIEE (Oracle Business Intelligence Enterprise Edition) that combines data from both PeopleSoft and Oracle.

This represents a significant accomplishment. End users gain the ability to create and manage their own custom reports in payroll and labor areas such as leave, timecard reporting, labor schedules, payroll adjustments, etc.

 More than 20 interactive reports will be released to end users campus-wide in early August. Similar to the reports generated in ReportMart3, the new reports will feature area-specific security to facilitate distribution to a wider campus audience. 

Contact Vijay Gandra for more information about the PLM project.

Meet the Team: Administrative Systems Customer Support Group

July 29, 2013

You've just clicked "Submit Help Request" in HelpSU; now where exactly does that request go? If your question pertains to a core administrative application, it's on its way to the Administrative Systems Customer Support Group (ASCSG).

The ASCSG serves as a single point of contact for end users seeking help with Stanford’s administrative systems (OBIEE, Oracle Financials, PeopleSoft, etc.).

Led by Manager Peggi Polen, the team is comprised of five analysts, each assigned to support specific applications. Support responsibilities are regularly rotated so that each analyst develops competency across the AS application portfolio.

As the administrative systems evolve, the team constantly absorbs and assimilates new information, quickly building sufficient knowledge of new systems and processes to be able to support the end user population. 

Day to day, the ASCSG actively monitors the HelpSU ticket queue and begins processing tickets as soon as they are received. From initial ticket triage to in-depth analysis, analysts work closely with end users and business offices to ensure that tickets are resolved as quickly as possible.

While the number of HelpSU tickets varies month to month depending on the business and/or academic cycle, the ASCSG typically handles several hundred tickets each month. In June 2013 alone the team processed 772 tickets — that's nearly 38 tickets per day!

The ASCSG further supports the administrative community by holding weekly open labs on campus for distributed end users every Friday morning. The team answers questions, gives demonstrations, and provides help for the full scope of administrative applications at Stanford.

So next time you’re having trouble processing that journal transfer, know that the ASCSG is standing by and ready to help.

Contact Peggi Polen for more information about the ASCSG.

Please Update Your Password!

July 25, 2013

As a precautionary measure in the wake of an apparent breach in its IT infrastructure, Stanford University is asking all SUNet ID holders to update their passwords. Go to accounts.stanford.edu and click Manage, then select Change Password. We also encourage your to turn on Two-Step Authentication, available on the same page on the Two-Step Auth tab. This will require a single-use code in addition to your password for access to campus systems. Also, please be vigilant for unusual activity in systems that may signal unauthorized access. The investigation is ongoing and we will keep you updated as new information is available.

TIPS Celebrates 25 Years on July 10

July 8, 2013

The Team for Improving Productivity at Stanford (TIPS), coordinated by University IT, is celebrating its 25 year anniversary.  Join us for the celebration on July 10 at 9am in Paul Brest Hall!  For more information, visit:  tips.stanford.edu

Transforming Reimbursement: Expense Reports

May 1, 2013

Submitting expense reports can be time consuming. From entering receipts to selecting the proper expense type, users wading through the reimbursement request process may often find themselves mired in minutia. To simplify and streamline the experience, Strategic Payment Services is working with AS to develop a customized implementation of Oracle's iExpense module.

Named simply "Expense Reports," the new application will significantly improve and shorten the reimbursement process (currently performed in iOU) with a simplified interface for submitting and reviewing expenses.

The application was initially rolled out as a pilot to the Business Affairs organization in April 2012. Phase two went live on Oct. 1 with a pilot in the Department of Athletics, Physical Education and Recreation (DAPER).

Expense Reports will be rolled out across campus in parallel with a new Payment Requests Solution.

The Payment Request Solution project is underway, and the solution will be designed to best support payment types other than reimbursements (e.g., honoraria, royalties, human subject payments, petty cash replenishment).

Contact Randy Durante for more information about Expense Reports.

Streamlining Faculty and Academic Staff Appointments

May 1, 2013

The current model for faculty and academic staff appointments at Stanford might be described as inconsistent — and also perhaps a little bit archaic. Seeking to streamline and automate the faculty and academic staff appointment process, the Faculty Affairs Office has joined forces with Administrative Systems to collaborate on an integrated appointment management system for use by all the schools. 

The centralized system will help reduce appointment processing time, improve accountability and compliance with University policies, and facilitate coordination with Faculty Affairs and Human Resources.

The first phase of this 12-month project is underway to build the necessary platform and processing for the Professorial Amendments process, which will allow users to make changes to professional appointments online.

AS is partnering with the Dean of Research and several schools on the business requirements for the project, including the professional schools (Business, Law, and Medicine) and the Schools of Earth Sciences, Engineering, and Humanities.

Technical design and development are in progress, and the first phase is expected to go live in Spring 2013.

Contact Sameer Marella for more information about this project.

The Scientific Facilities Management System: Optimizing Research Assets

May 1, 2013

What if locating and reserving lab equipment and facilities was as easy as booking a hotel room online? The Scientific Facilities Management System (SFMS) seeks to make this vision a reality by creating an online centralized "storefront" for research equipment and lab services available on campus.

Research labs and facilities will be able to use the SFMS to offer services or equipment they would like to make available. Fellow researchers may then find and reserve services/equipment directly online. Once a service has been rendered, the provider allocates and bills for the service directly through the system — a great improvement over current manual processes.

By providing a single resource listing of all facilities and equipment available, the SFMS will reduce redundant purchases of equipment already owned by Stanford.

For example, researchers will be able to easily locate and reserve high-powered microscope systems currently available at the Cell Sciences Imaging Facility instead of searching for and potentially purchasing the same (expensive) equipment on their own.

The High-Throughput Bioscience Center (HTBC) was the first research facility to go live on the SFMS in late October. In the very first month that the SFMS was active, the HTBC had 19 customers (including customers external to Stanford) use the system to reserve lab equipment and services.

The Cell Sciences Imaging Facility (CSIF) will be the second facility to transition to the SFMS in January 2013. Additional labs and facilities will come on board in subsequent waves throughout 2013.

Contact Nirmala Balasubramanian for more information about the Scientific Facilities Management System.

GSB Applications Now Running on AS Infrastructure

April 30, 2013

In Summer 2012 AS worked with the Graduate School of Business (GSB) to virtualize and migrate many GSB application services (including both administrative and academic applications) to the AS virtual farm.

AS leverages virtualization and low-cost, high-performance storage solutions (based on VMware and NetApp technologies) to provision and manage the servers that run AS (and now GSB) applications.

Moving to this infrastructure enabled the GSB to both modernize its systems and reduce associated maintenance and support costs.

"The biggest thing is that we migrated several of our hardware systems to virtual servers," said David LeVine, Information Technology Operations Services Manager at the GSB. "That was a big win for us because a lot of these systems were end-of-life or approaching end-of-life."

The technology also enabled AS to migrate the GSB systems "as-is"— no additional application reconfiguration required — and with minimal downtime. 

"It was a fairly seamless transition," LeVine said. "There is always a hiccup here and there, but overall we are satisfied with the end result."

Based on the success of this project, the GSB and AS have moved forward with a second phase to deploy new applications and transform the recently migrated "as-is" systems to more fully leverage AS infrastructure.

Contact Armand Capote for more information about AS infrastructure and virtualization.

Enhanced Conflict of Interest Reporting with OPACS

April 30, 2013

Faculty members are required to disclose any outside professional activities and financial interests that could potentially influence their work at Stanford.

They must provide this information annually (via an online certification), as well as each time they engage in transactions such as sponsored research, submitting human subject and animal protocols, technology licensing arrangements, etc.

Prompted by new federal regulations, AS worked with the Dean of Research and other major stakeholders in FY12 to redesign the system used for this process — the Outside Professional Activities Certification System (OPACS).

Last Spring AS migrated the annual certification to a custom-developed application on the Oracle Application Express (APEX) platform.

This change enabled OPACS to store all prior conflict of interest (CoI) reports, making them available for faculty to reference when completing subsequent annual certifications. Since much of this data remains unchanged from year to year, this addressed faculty frustrations with having to re-enter the same information manually each year.

Following up on the spring release, AS integrated OPACS with eProtocol and the Stanford Electronic Research Administration (SeRA) system in August.

The result is a seamless interface with OPACS for both systems. Faculty are now able to leverage their previously entered annual disclosure data when completing their research-required disclosures.

Contact Nirmala Balasubramanian for more information about OPACS.

Reporting Simplified with the HR Metrics Dashboard

April 28, 2013

The Human Resources Metrics Dashboard, an online tool that tracks HR data, was launched last fall for senior leaders and HR managers.

The dashboard presents HR data in a consolidated view that includes dynamic displays such as charts and graphs.

The visual presentation of this complex data streamlines workforce planning and analysis by allowing users to drill down on the displays to their desired level of detail.

The dashboard represents the first phase of an effort to move HR data and information delivery to Stanford's new Oracle Business Intelligence Enterprise Edition (OBIEE) reporting environment.

Further enhancements to the dashboard are planned for FY13, and will include the conversion of HR's ReportMart1 reports to OBIEE, and the creation of an ad hoc report/query tool. These reports will feature area-specific security, facilitating their distribution to a wider audience.

Contact Vijay Gandra for more information about the HR Metrics Dashboard.

Virtual Desktops: Frequently Asked Questions

April 27, 2013

Many Stanford departments are making the switch to virtual desktops to realize gains in flexibility, scalability, and security. 

What is a virtual desktop?
A virtual desktop is a computing environment physically located on a remote central server rather than on the user's local computer.

How does a user access the virtual desktop?
Users log in to their virtual desktops via a local client installed on any capable device, such as a traditional personal computer, notebook computer, smartphone, or thin client.

What are the benefits of virtual desktops?
Virtual desktops as a centrally managed service offer several immediate advantages over traditional desktops:

  • Faster Provisioning: Deploying virtual desktops simplifies and speeds up the process of provisioning new desktops for users. Applications and other tools are standardized and centrally maintained, facilitating both initial deployment and ongoing maintenance.
  • Reduced Costs: By offloading processing to central servers, local desktop hardware costs can be reduced, and their refresh cycles extended.
  • Better Security: Data is readily available on virtual desktops but cannot accidentally leave the data center.  

What sort of user is a good fit for a virtual desktop?
Those who primarily use standard administrative applications (Word, Excel, web-based applications, etc.) are excellent candidates for virtual desktops. Less suitable candidates would include users of high-end graphics or other similarly resource-intensive applications.

Where can I go to learn more?
To learn more about virtual desktop technology and whether it might be a good fit for your department, contact Armand Capote.

AFS Quotas Have Increased!

January 26, 2013

AFS disk quota has increased to meet campus needs. Individual user quota went from 2 to 5 GB, group quota from 500 MB to 4 GB, department quota from 2 to 4 GB, and class quota from 1 to 2 GB.

Learn More About the New OrderIT

December 19, 2012

The New OrderIT was launched on December 3rd and is available to all current OrderIT users. The December 14th Tech Briefing was recorded to give you everything you need to know about the new ordering portal.