Technology of the Month

Looking around University Relations and Admissions or on the desks of student workers in Student Activities and Residential Life, one sees the desktop replaced with a small, lightweight thin client. Computing veterans recall the days of “dumb” terminals and ponder the idea that technology has come full circle.  However, many users are confused by this new trend. Indeed, thin clients have a bad reputation in various corners on campus.  The goal of this article is to clarify misconceptions, and, hopefully, remove any apprehension should one find itself on your desk.

What is a Thin Client?

Wikipedia’s definition is rather technical: A client computer which… depends primarily on the central server for processing activities, and mainly focuses on conveying input and output between the user and the remote server.

Simply put – the user’s desktop environment – wallpaper, preferences, shortcuts – all reside on a central server that is hosting numerous desktop machines.  Those servers are hosting virtualized desktops.  There are applications designed to maximize performance of hardware to allow those servers to host many instances of a computer on a single machine.  Processing and memory are all distributed and used in an efficient manner to give each virtual computer what it needs at any given moment.  At Wesleyan, we have been working with virtual technologies for over three years.  Virtualized servers are commonplace and allow us to minimize hardware costs by having a few powerful machines host multiple servers.

Only one year ago did we begin to look at this as an option for desktop computers. The replacement of desktops is laborious and expensive. In response to economic demands, we have lengthened the replacement cycle to 4 years.  Many administrative users have not had their machines replaced in longer than that. The prospect can be daunting for a user. Replicating the environment and data takes time.  Users don’t often have the time to give to that process and prefer to wear their machine out before having to go through the transition to a new one.  While desktop costs have come down considerably in recent years, there are still associated costs including electricity and proper hardware disposal.

Pilot Testing the Virtual Desktop

ITS began testing Virtual Desktop Infrastructure (VDI) to determine its feasibility for specific groups of end users.  Good candidates are users who use standard applications or web-based applications, don’t have intense graphic design needs, and don’t depend on a large number of external devices.

Initial results internally were promising enough that we developed a pilot group of users who had badly aging desktops.  Those users received thin clients in replacement. In a VDI environment, each user has his/her own virtual desktop. This machine looks and acts like a physical computer desktop. The user can perform all the same takes he/she did on the physical desktop including customizing wallpaper, creating shortcuts, and saving data locally to the C drive.   When powered on, the thin client immediately connects to this machine and the user sees the standard Windows login screen.  If there is any problem with the thin hardware itself, it can be swapped in minutes and setup to connect to the user’s desktop with almost no downtime.

In spite of the internal results, once the testing went into the pilot group, there were performance problems.  These problems were significant enough that we did not expand the pilot until we researched and ultimately addressed the underlying causes.  Our success in doing so has afforded us a more solid understanding of the VDI environment. Consequently, we focused our effort on building a more robust infrastructure that can sustain expansion.

Lab and Common Area Connections

Another common application for thin clients is in labs or common areas where computers are available for very limited applications. In this case, a user will login to a Terminal Server session with access to applications such as email, web browsing, or Microsoft Office.  This is a good solution where multiple users will be logging into a machine and will not be saving data locally.  This differs from the Virtual Desktop described above because users do not have flexibility over their desktop environment.  There is limited access to a pre-defined set of programs.  Individual users cannot add or change the configuration.  Examples of this include McNair lab, Career Resource Center, email kiosks in ST Lab and PAC lab, and various student employee work areas on the campus.  This is a cost effective way to provide all the function necessary without older hardware and slower boot times.

Virtual Desktop Fact or Fiction

A thin client is a watered down version of a computer and doesn’t do all the things my old computer can do. – Fiction

The thin client connects to a virtual computer with a full installation of Windows that is the same as one installed on physical hardware.  Thin clients can support USB devices, printers, and even dual monitors.

ITS can see what I am doing while I am working on my computer. – Fiction

ITS staff cannot see what a user is doing any more than on a physical machine.  What ITS can see are performance issues on the virtual computer (memory or processor problems) and this allows us to respond much more quickly to potential issues that may interfere with the user.

Thin clients rely completely on the network. – Fact

Thin clients connect to virtual computers (or Terminal Servers) that reside in the data center.  They depend entirely on network connections.  Wesleyan enjoys a high availability network and downtimes are rare.  Since so many services are now delivered via web applications and other central services, network downtime affects both thin client users and those on physical machines alike.

If I have trouble with my thin client, there is nothing that can be done to make it better. – Fiction

Not only are there several configuration options, making virtual hardware changes is much easier than making physical ones.  Additional memory and processing can be added to a virtual computer rather easily.  At times, simple configurations within Windows will resolve issues in the same way it does on a physical machine.

In Closing…

We now have 27 virtual desktops throughout campus in both academic and administrative offices.  An additional 19 are in labs and kiosks.  While certainly not all users are candidates for this technology, it is working well where feasible and is an environmentally friendly solution with the potential to have long-term savings without sacrificing productivity.

In light of the recent tragedy at Wesleyan, we feel that this is a very appropriate topic to talk about. About three years ago, we contracted with a service called Connect ED for our Campus Emergency notification. Blackboard now own this service and it is being referred to also as “Blackboard Connect”. We activated this service during the recent campus emergency and what follows is a brief description of this service as well as the other ways in which we communicate during the campus emergencies.

Continue Reading »

Wireless networking has been become increasingly prevalent in public places and our own homes over the past few years, and many of us have begun to rely on its availability. At Wesleyan, wireless coverage is available in more than 90% of the campus, and we continue to improve coverage.

We are often asked – “Why is it that the public wireless hotspots at places like Starbucks offer a very simple wireless access, while Wesleyan wireless requires a more elaborate login procedure?” The answer lies in the differences in the services provided. Public hotspots are typically providing only a connection to the Internet; the network is not connected to private file or Web servers that contain sensitive data, so there is much less need to require authentication.

At Wesleyan, however, access to our wireless network potentially grants access to servers with private data, therefore we require authentication and also ensure that machines connecting to our network do not represent a threat to our data.

Continue Reading »

In the nearly two years that have passed since Wesleyan ITS launched its Web 2.0 initiative, the expression “Web 2.0″ has lost some of its former currency, but the infrequency of the phrase does not mean that the attendant technologies have fallen out of favor. On the contrary, “2.0″ tools, including blogs and wikis, have simply become familiar to the point that they are no longer “remarkable.”

Of course, even people who have heard of blogs and wikis might still be uncertain about just what they are and — more importantly — how to use them effectively. In what follows, I will touch on both of these questions and also offer some practical advice on how to get a Wesleyan blog or wiki that will suit your needs.
Continue Reading »

If you maintain a website, you may have wondered at times why you are unable to find them through searches or that they are way below in the result set. The reasons for this are very complex. Different search engines employ different algorithms for finding the websites that best match the search term. Many of them do not reveal the exact algorithm because, website owners can then easily manipulate their sites to satisfy the algorithm to bubble their sites up.

Web search engines crawl the web using “spiders” at some unspecified intervals, start at the home page of a website and traverse a set of pages that are linked from there. Then they traverse links in each of those subsequent pages until they run out of links. When they examine the content of each of these pages, they perform “indexing” (a process that helps the search proceed faster) based on the algorithms that are proprietary. You can read more about how a Web Spider or Crawler works at Wikipedia.

The website owner can also use a facility that is honored by all search engines to protect a portion or the entire website from being indexed. You can read about how to do this at the Web Robots Page .

As you can imagine, trying to do this on literally millions of pages takes a very long time and this is why some pages may not be indexed for some period of time. Here, we provide some simple tips on how you can improve the searchability of your websites.

The common theme that will emerge from below is that as a content provider, you need to anticipate how the visitors to your website are likely to search for information contained in your web pages. As a first step, you can use your own search experiences in preparing your pages. So, avoiding terminology that is understood only by a small section of the readers is very important. For example, very Wesleyan-specific terms and highly technical lingo should be avoided if you want to attract a wide range of audience to your site.

Continue Reading »

Spam has become a fact of life for us all. Children now ponder why a meat product would be named after junk e-mail. Addressing the issue of spam, also known as unsolicited commercial e-mail (UCE), is a complex task. Ideally, we would block all spam without ever interfering with legitimate e-mail, all with minimal effort. In reality, however, spam fighting is a constant cat-and-mouse game between e-mail administrators and spammers seeking to circumvent the latest antispam technologies. This TOM endeavors to clarify Wesleyan’s approach to controlling spam and provide guidance on how to use our anti-spam tools most effectively.

Wikipedia offers this definition of spam:

Spamming is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages . . .

Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming is widely reviled, and has been the subject of legislation in many jurisdictions.

(http://en.wikipedia.org/wiki/E-mail_spam)

When configuring our antispam tools, ITS frequently hears from users who are concerned that our system may reject legitimate e-mail. Our anti-spam system allows users to have significant control over how aggressively spam is filtered. At conservative settings (which is the default), the risk of rejecting a legitimate e-mail is extremely small.

So how does filtering work? Every mail message that comes through our mail servers is evaluated by our spam filtering system, called SpamAssissin. Most spam mail messages have certain identifying characteristics. SpamAssassin looks for the presence of these and assigns a score. Some characteristics are scored higher than others. For example, a message with “Viagra” in the subject line is likely to receive a relatively high score on that criterion alone. Other criteria might be an abundance of non-alpha characters or the prevalence of capital letters in the body of a message. Each criterion has a value associated with it. Each message ends up with a total score based on these criteria. We have found this system of using blended criteria to assess spam probability is highly reliable.

Users can tell the system how to handle messages based on the total spam score. The system can perform three actions on suspected spam: tag, move, or delete. Tag simply means that it appends the subject line to inform the user that the message is suspected to be spam. Move will tag the message and move it to a junk email folder. Delete means the message is removed from the system.

Until recently, Wesleyan users had the option of declining Spam filtering entirely. For security reasons, we now require minimal spam filtering for all accounts, but users still have significant control over how aggressively to act on suspected spam.
The default setting tags messages at a score of 9, moves them to a junk folder at a score of 15, and deletes them at a score of 20+. These settings have been tested by users in the community and ITS and have been successful. In spam terms, a score of 20 or higher is virtually guaranteed to be spam. If more proactive filtering is desired, users can select from two additional presets which will cause the system to tag, move, and delete messages at lower spam scores.

Users on Exchange will see their “moved” email in their junk email folder. Cyrus users will see a junk email folder in their Web Mail where they can look at the messages. Eudora users will need to login to Web Mail to see the Junk Email folder.

To look at individual spam settings, users can go to EPortfolio, Tools & Links, SpamAssassin Configuration http://quicklink.wesleyan.edu/SPAM. From here you can set your level of filtering as well as add addresses to the whitelist or blacklist. A whitelist is a list of known good addresses that Spam Assassin will always allow. A blacklist is a list of addresses that are always junk.

Within your email client (Outlook, Eudora, etc), you also have the ability to set Junk Mail settings. This can work in conjunction with your SpamAssassin settings, although often you may find that it is not necessary to have both.

In Outlook, Junk Email settings are under, Actions>Junk Email>Junk Email Options.
For more information:
http://tech.yahoo.com/gd/changing-the-junk-e-mail-settings-in-outlook-2007/200314

For setting local spam settings in Eudora:
PC
http://www.yale.edu/its/email/howdoi/eudora/junkmail-filtering.html

Mac
http://www.it.iastate.edu/pub/gag341/gag341.html

A word of caution: local junk email settings are more likely to tag legitimate email and are easier to mis-configure. In an effort to combat that and prevent false positives, users may allow all messages from a domain (such as Wesleyan.edu). In doing so, they may be opening themselves to more spam since spam messages usually masquerade their source. The best course of action is for users to evaluate their flow of email and determine if anything more than SpamAssassin settings are needed.

Spam filtering is far more of an art than a science. Applications have to learn and re-learn as the sources of spam modify their methods to bypass new filtering technologies. A minimum level of spam filtering is both wise and necessary to protect the Wesleyan user community from being inundated with unwanted, and often harmful, messages.

Tags: filtering, junk email, spam, SpamAssassin

Thin clients are computers that rely on servers on the network to run all applications and store your data while providing you essentially the same user experience as the desktop or laptop that you currently use. They are analogous to the terminals that one used to run applications on a mainframe computer prior to the arrival of PCs and Macs in the late ’80s, but today’s thin clients are a lot more sophisticated. Each thin client costs somewhere between $100 and $300 depending on features,, and uses much less electricity than a desktop or a laptop, even when accounting for the servers that support the thin clients. Furthermore, supporting these devices is far simpler than individual PCs and Macs. Despite their considerable advantages, there are a few limitations to thin client technology, and we discuss here both the advantages and the disadvantages to help you decide if a thin client might be right for you.

Continue Reading »

Most of us by now have received at least one email message where the original attachment is missing and the subject line preceded with {Filename} tag. It is usually accompanied by an attachment called Wesleyan-Attachment-Warning.txt that shows the name of the file that was removed. Some of the most common attachments that are removed .EXE files and files containing double dots (mostly created by Mac users) such as my notes.january.doc

We explain here the reasons why certain E-mail attachments are blocked and offer alternatives to receiving these.

E-mails, especially files attached to them, may contain dangerous viruses or worms. We use software to electronically scan e-mails and take appropriate actions to protect the computers of our users as well as the Wesleyan network from the viruses and worms.

All e-mails addressed to Wesleyan users are electronically scanned by a program called MailScanner. If the e-mail contains attachments, MailScanner first consults a table containing potentially dangerous file name extensions such as .zip and simply removes them from the e-mail as a safeguard. It informs the recipient that it removed the attachment, but does not send the same information to the sender of the email.

If the attachment is not one of the potentially dangerous ones, it is then passed on to the virus scanner. At Wesleyan, we use software on the mail servers called ClamAV to remove any files that are infected with a virus or worm.

Administrative staff, administrative assistants and a few faculty members have been converted to Microsoft Exchange Server. They use Microsoft Outlook or Entourage for accessing their e-mails. All e-mails that are sent by a Wesleyan Microsoft Exchange user to another goes through a similar procedure for file blocking and virus scanning, but using different software.

The list of extensions that are not allowed as attachments can be found here.

We offer two suggestions on how to bypass the file blocking if you really trust the sender and the file that is being sent to you.

1. When you receive an e-mail indicating that a file has been blocked, open the Wesleyan-Attachment-Warning.txt file that is attached to the mail to note the name of the file that was blocked. You should send an e-mail to the original sender explaining that a file he/she sent was blocked, that he/she should rename the file by removing the extension, such as .zip, replacing the extension with any three characters not on the list of blocked attachments (“aaa” works fine) , and resend the attachment. If this renaming has been done correctly, and the attachment is in fact virus free, you will see it in your e-mail. Now you should save the attachment (rather than double clicking on it to open it) and rename it with the proper extension on your computer so it can be opened.
2. If you are a WesFiles user, you should use the sharing option explained in detail here: https://wesfiles.wesleyan.edu/xythoswfs/static/en/sharing.jsp. You can create a folder and share it via a ticket that you send to the original sender. By clicking on the ticket link in your email, the sender will be directed to a web folder to which he/she can upload one or more documents and notify you. If you have any questions on how exactly to do this, please contact your desktop support staff or the ITS Helpdesk.

Wesleyan Events Calendar is the central repository for events that are held at Wesleyan. As you know, the campus is alive with many exciting events every day. We describe here how you can choose to receive a custom email listing of the events in the calendar.

These events are submitted to the system by clicking on the Submit an Event link found in the events calendar page. Submitting an event requires a valid Wesleyan email address and password. The events can be categorized into one or more categories that are available in the system as well as marked as “Wesleyan only” (Only computers on campus network or those connecting from outside using VPN will see these events). The events calendar interface provides various ways to look at these events – either by date or by categories. In addition, we provide basic and advanced search of the calendar.

Once the event is submitted, the Events & Scheduling office verifies that the event’s location has been reserved and the Public Affairs office proofreads the text. When these two offices approve the event, it appears immediately in the events calendar. If the on-campus location has not been reserved or if the Public Affairs office finds errors in the description, the event request will be returned to the requestor for further action. Continue Reading »

Phishing refers to the technique used by criminal elements to “fish” for personal information by pretending to send official E-mails.

Wikipedia describes it as “In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.”

Continue Reading »