We are pretty much down to where the server side is going or has gone to Windows 2000. We still are on NT 4.0. The rush is to get off of NT as soon as possible.
We aren't moving to Windows Server 2003 because when we started this project, Windows Server 2003 was an early unknown. We had some understanding of Windows 2000, so we decided to go to that and move up to 2003 over time. We are not risk-averse. If there is a certain application we need or want to try, then that will open up our risk-taking ability. But sometimes there is no value in the risk. We weren't going to exploit much of what 2003 has to offer, so it wasn't worth taking on the additional risk of stability.
At the desktop we are going over to XP. We were an NT desktop shop as well. So the whole end of life for NT has impacted us greatly. We have 4,000 desktops. For an institution, [a migration] is expensive and difficult. Does new software mean new hardware too?
It's a difficult investment for the institution to make. There are so many different priorities to outlay for new equipment to pretty much do the same thing you are doing today. It's tough to get behind that. How would you rate the job Microsoft is doing on security?
On one hand, as an IT professional they are not doing well enough because there are too many headaches just to do normal business. A lot of what we do [to keep up] has no value to the end user.
On the other hand, I know the complexity of what they are up against. I'm torn. You can blame it all on some of the assumptions in the way Windows was developed, on applications and how things should interact. Have faith in the end user and open all this stuff up. That worked for client/server and got us to a level of computing that maybe we would never have gotten to today.
The way people compute and what they use computing for has fundamentally changed. It would be interesting to [know] where we would be in technology if it weren't for Microsoft's ease-of-use, information-at-your-fingertips approach. With the NT desktop at the end of its life, and NT Server support ending in December, you must be concerned about staying secure.
We kicked off a secure computing initiative to dig into our infrastructure -- networks, servers and desktops -- to rethink the way we are. Things have changed radically so we are getting the staff to reanalyze how we can do things differently. It was unheard of several years ago that you would have several thousand kids move in and, as they plug in, bring viruses and download music and movies. When our residential network was set up, none of those things were considered.
So part of the thinking today is how do we have them connected, but separate. Part of the architecting is they can't really be inside [the network], but they need equal status and availability. We are also dealing with the fact that their desktops are not owned by us. It's one thing if you are a company to say, 'This is the corporate asset. We will scan it and you will have no choice.' It's another thing when a student brings their own laptop. Do you have blanket behavior policies?
We license antivirus software for them. We have an acceptable-use policy they have to sign that covers all sorts of things. For bandwidth, we have our 'top talkers' list. If you hit a threshold of bandwidth utilization for a period of time, you get visited by someone. This approach is typical at universities, right? It's not Draconian?
We decided to do traffic shaping, where we deprioritize that type of traffic on our Internet pipe. We don't want to be in the business of content monitoring. There may be some value in peer-to-peer sharing. We don't want to just not allow it, but it should not be at the expense of other university business.
We started traffic shaping -- deciding to give that type of traffic a 20 mbps connection -- and leaving the rest to e-mail. What tools do you have to protect your enterprise?
We just installed intrusion detection devices which check packets and signatures. We are trying to stop [problems] at the perimeter. A few years ago, you could do it at the server or service level, but now you can't even let it get into your environment. Having antivirus on the server is no longer the solution. Would you consider introducing Linux here? Would you test it on some of your servers where you want higher levels of security?
We try to go with what makes sense. We have Sun [Microsystems Inc.'s] AIX [IBM], etc., and we try not to have one thing be everything. We have started to look at Linux for some services, but we wouldn't be on the Linux bandwagon where it has to replace everything. Do you see any other trends?
Our latest customer satisfaction survey said we have to be more aware of the Mac [Apple Computer Inc.'s Macintosh]. The population of students bringing in Macs is increasing. Do you think we are seeing an overall resurgence of the Mac?
I don't know if it's a novelty or if Apple has done it right with OS X. I don't know if it's the right time because Windows is being exploited from the security side or if [Apple] is extending its development community. I don't know if it's the right product, a novelty or a small blip. It's been odd. In higher education there has always been a non-represented contingent of Macs.