OUCS's mission, echoed in the University's Corporate Plan (§VI(d)), is to: 'foster and support excellence, innovation, best practice, and value for money in the use of IT in teaching, learning and research across the University'. This statement summarises the department's direction over the last year, which enjoyed growing use of its core services, exciting new developments, and the commissioning of new ICT activities.
The major core services continued to have increasing number of users and increasing use, the number of externally funded development projects has grown compared to the previous year, and helpdesk usage increased by 12% compared to 2003/4.
The number of academic staff who use ICT to facilitate their work is increasing, with a growth of 300% in use of the WebLearn Virtual Learning Environment over the last year; and development of new online teaching and research projects, especially with regard to user requirements gathering for virtual research environments and digital repositories.
OUCS's role in supporting and training users has continued to develop. There has been a new focus on the provision of support and information for users. Training course attendance risen to over 13,000, above the high watermark of the previous year, mainly as a consequence of the new flexible modular structure for courses. There has been substantial activity in the areas of high level security and virus protection, and once again OUCS developed a free CD for distribution to all new undergraduates to help protect their computers and the University ICT infrastructure.
OUCS has been the prime mover in the creation of an 'Enhanced Computing Environment' (http://www.ict.ox.ac.uk/team/) for University Central Administration, the Libraries and the Computing Services. The enhanced desktop service, developed for the three units initially, will be made available to the wider University on a cost recovery basis.
Following a recommendation made in a recent review of OUCS, senior staff in the department have been instrumental in initiating a new programme to develop an ICT Strategic Plan for the collegiate University (http://www.ict.ox.ac.uk/strategy/).
The following pages of this Annual Report give further information on some of the highlights of the year, and I commend them to you.
Professor Paul W. Jeffreys
2.1. Grid Computing in Oxford
The average desktop computer is more than powerful enough for the average user. It has more than enough CPU speed, disk capacity and network bandwidth for the general work for which it is employed. Moreover, since it is replaced after 3 to 5 years of service, the average desktop computer is actually increasing in capacity and capability over time. Yet, 90% of the time it sits idle. The hard disk space is generally less than half full. And the network that the computer connects to rarely reaches full utilisation. Given that the investment in both computers and networking hardware within the University is a not insignificant proportion of departmental and college budgets, the question arises: can the potential of all this equipment be realized? Could the under utilised computing resources within the University be better utilised?
Meanwhile, the questions being asked by researchers require greater and greater computing resources. This requirement will only get larger. Fortunately, the field of grid computing offers some approaches to this desire to match up computing resources with those who need them.
One approach has been the development of screensavers or agents which do useful work when the computer is otherwise idle. Examples of such projects include SETI@home and the World Community Grid. Within Oxford University there have been a number of such projects:
The Cancer Screensaver project (http://www.chem.ox.ac.uk/curecancer.html) is aiming to screen 3.5 billion molecules for cancer-fighting potential. Over 3 million computers have joined the project with over 410,000 years of CPU time contributed.
The climateprediction.net project (http://www.climateprediction.net/) aims to produce forecasts of the climate over the next century. The project does this by running state-of-the-art climate models many thousands of times with slight tweaks to the approximations that the models make. The models are run to simulate the earth's climate decades into the future. To date over 9 million "model years" have been simulated with over 120,000 simulation runs completed.
For this screensaver approach to be used for a research problem, the data and computation needs to be split up into "downloadable chunks". Over and above the effort of migrating code to fit into a screensaver, effort is required to foster a community of people who volunteer time on their computers. This is not a trivial amount of effort, but the benefits in terms of work done can be enormous.
Another approach is the development of grid "middleware", or software that enables the linking of computing resources into a grid. This has been an active of research across the world and within the UK e-Science Core Programme in the last few years. Within Computing Services there are two projects which are deploying grid middleware.
OxGrid is Oxford University's Campus Grid project. OxGrid will provide the infrastructure for researchers to submit work to computing resources within the University. Individual desktop computers will be pooled together to provide a set of resources to which computational jobs can be submitted. Various cluster installations (systems with "nodes" which are connected by faster interconnection hardware for running parallel computing jobs) around the University will also be part of OxGrid. Work on OxGrid began over summer 2005 and will shortly be launched.
Computing Services is also involved in the National Grid Service (NGS) which is a project providing grid infrastructure to UK academia. Over the past year, the Oxford node of the National Grid Service (http://www.ngs.ac.uk/) has been running as a production level service, having provided service to early adopters since April 2004. The 128 CPU high performance cluster at Oxford is one of a set of nodes across the country that have been used by many researchers within Oxford and across the country to run computations from a wide variety of fields including molecular dynamics simulations, heart modelling, bioinformatics. It is planned that the OxGrid interface will provide access to the NGS resources for Oxford users who are also NGS users.
Being part of a grid involves more than just installing grid middleware. Working across different administrative domains (between Oxford departments, colleges and other units, and in the wider national and international context, between universities and other institutions) can introduce additional difficulties, but also benefits.
Realising the power of grid computing is about more than just providing access to computing resources. Researchers should be able to have seamless access to wider resources without being bogged down by the overhead of doing work ?on the grid?. This has been a major focus of the UK e-Science programme. There are also a number of projects within Oxford investigating Virtual Research Environments (http://www.vre.ox.ac.uk/) which aim to provide integrated environments for the entire research process including providing access to grid resources.
Grid computing links together computing resources providing access to computing power that might otherwise be unused. Research problems which in the past might have been too large can now be considered and tackled. Grid deployments in Oxford aim to provide a common interface to the grid resources within the University and beyond.
2.2. The leading edge of advice and guidance
Setting up a national advisory service for UK further and higher education can be a daunting task. Tripling its size (from 1 to 3 staff) due to user demand and at the request of the funder in the course of its first year of operation is definitely a challenge. However, when the subject impacts every institution, and more particularly every institution's central computing service, it is only fitting that the University of Oxford is involved and that OUCS is where this effort is located.
OSS Watch (http://www.oss-watch.ac.uk/) is the national advisory service on open source software. Based within the Research Technologies Service of OUCS, and funded by the Joint Information Systems Committee (JISC), OSS Watch provides unbiased advice and guidance to senior IT decision-makers in universities and colleges across the UK. Virtually every institution has some use of open source software. In many cases it provides the secure, practical and cost-effective solution to infrastructure needs, as with the GNU/Linux cluster on which runs the Herald Webmail service at Oxford. In other cases, it is software developers who need assistance. They may be seeking best practice in open source development methodologies. Or they may be coming to grips with the challenges of intellectual property rights (IPR) and open source licensing and business models within an institutional environment where these are not yet well understood.
Oxford University Computing Services is both the host of and model for OSS Watch. Decisions concerning software deployment are best based on the technical requirements of the case in hand, be these security, interoperability, or robustness issues. The question as to whether the solution is proprietary or open source is secondary. What is needed is the right tool for the job. That's why Oxford settled on Bodington (known locally as WebLearn) as its centrally supported virtual learning environment (VLE). The potential for cost savings from this freely available open source solution is a pleasant bonus. But rational IT decisions need to be taken on the basis of the technical arguments and, of course, as in this case on the pedagogical arguments from potential users of the software.
It is this kind of good practice that OSS Watch promulgates across the UK, often pointing to Oxford as an exemplar. Working with stakeholders to promote appropriate institutional engagement with open source software is both a practical and policy matter. OSS Watch has worked closely with JISC to formulate an open source policy for JISC services and projects. This will impact ICT in universities and colleges across the UK. Equally important though is finding ways to work within existing university policy to enable participation in open source projects by staff and researchers.
2.3. Constant vigilance - security in the electronic age
Social engineering? The latest new degree course on offer at Oxford? No, it's the Machiavellian art of luring someone into committing a security breach such as handing over their password or credit-card details, or opening a virus-infected file. The trick is to make the request sound authoritative or as if it comes from some familiar trusted source, or preferably both. Many Oxford email users had first-hand experience of this in 2004 when they woke up one Saturday morning to find messages purporting to be from their local IT Support:
Subject: Your Account is Suspended For Security Reasons Dear Oucs Member, We have temporarily suspended your email account. This might be due to either of the following reasons: 1. A recent change in your personal information (i.e. change of address). 2. Submiting invalid information during the initial sign up process. 3. An innability to accurately verify your selected option of subscription due to an internal error within our processors. See the attached details to reactivate your Oucs account. Virtually yours, The Oucs Support Team
In this instance, the "attached details" contained the MyTob virus which turns off security applications, blocks access to anti-virus websites, and attempts to open a 'back door' onto the computer, allowing a hacker to access the system. Within hours of Mtyob's appearance, OUCS had set up mail blocks and by Monday, the anti-virus companies had produced protective updates. The majority of users were streetwise enough to spot the quirky wording and spelling mistakes, and did not open the message's attachments. However, some did fall for the beguiling message with over 200 machines being infected and needing help with recovery. In July 2005, MyTob variants were still accounting for 7 out of the top 10 reported viruses.
An unfortunate side-effect of the growth in social engineering is that it has become increasingly difficult for OUCS to use email for making genuine service-related announcements such as reminders about password expiry.
More conventional forms of attack on the University network continued unabated throughout the past year. External scans of the Oxford network, looking for vulnerable machines, averaged around 5,500 a month. The smarter scans try to avoid detection by drip-feeding their probes over several days but can still be detected by OUCS's sophisticated network monitoring equipment.
A favourite target continues to be password hacking. In the past year, around 200 password hacking attempts a month were detected on the Oxford network. Each attempt may try up to 10,000 different passwords from a large 'dictionary', highlighting the importance of choosing secure passwords. This has become even more crucial with the advent of single-sign-on (SSO) where a single login and password give access to a number of different services. Webauth, the OUCS SSO service for web-based applications, was this year extended to WebLearn, with Webmail and other systems soon to follow. SSO is a boon for users, but anyone who uncovers an SSO password immediately gains access to a multitude of resources. Hence the increasing need for passwords to be hard-to-guess and changed periodically - something that, unfortunately, is not always popular with users.
A compromised account not only allows a hacker access to confidential information, but is a highly valuable foothold into the system from which to initiate further attacks. The most subtle hacks don't do any immediate damage but stay quietly harvesting information for months on end.
Viruses, too, have continued to evolve in sophistication. In the case of the recent MyTob-AT attack, the virus periodically updated itself to a new version over the network so as to try to avoid detection. During the past year, preparations began for the rolling out of a major new release of Sophos, the University's site-licensed anti-virus product distributed by OUCS. Our negotiations with Sophos resulted in an agreement that all users of the new release would be able to receive automatic updates direct from Sophos, thereby much reducing the delay and effort involved with the current release. Sophos now offers protection against over 100,000 viruses.
It has been shown that a machine running the Windows operating system that lacks up-to-date service packs and patches can be compromised within a few seconds of connecting to the network. To reduce such vulnerabilities, 15,000 copies of the OUCS Windows patch CD were distributed in September 2004, with every new undergraduate receiving a copy in their welcome pack. Persuading users to keep their systems fully updated continues to be a challenge.
The University mail system continues to be a target for both emails containing viruses and for the inexorable rise in junk mail or 'spam'. During the past year, around 70% of all incoming messages were immediately rejected by our mail relay for various reasons, for example a non-existent address or containing a known virus. At peak times of virus activity, over 100,000 infected messages an hour have been intercepted by the mail system.
Of the 30% that were accepted into the system, around 47% were probably spam, as indicated by the spam ratings applied to each message by the SpamAssassin software used by the OUCS mail systems. In other words, for every 'good' mail you get, another one is filtered, and another 5 are rejected outright.
2.4. Healthy Growth for Virtual Learning
It's been a busy year for the University's institutional virtual learning environment, known locally as WebLearn. WebLearn is based on the Bodington software and is being developed by staff situated in the Learning Technologies Group with OUCS. This has been the first full year of large scale development and a large amount of external funding 1 has allowed the team to grow to five members meaning that the development effort has been greater than initially envisaged.
Over the last year we have focused on: integration with local systems and services (such as the student records systems and the Oxford single sign-on service ("Webauth")); updating the look and feel; the introduction of new facilities to improve usability (such as copying and timed-release of resources); the introduction of new tools (such as logbooks, reading-list and 'quick-links'); and general bug-fixing.
The availability of WebLearn has had a positive effect on learning and teaching at Oxford with a number of departments making heavy use of its facilities. For example, a programme which uses online learning to take Oxford University teaching to health professionals has won a University award for innovative use of WebLearn.
The University's OXTalent IT in Teaching and Learning Award 2005 was given to Oxford's Department for Continuing Education's Evidence Based Health Care (EBHC) programme, a part-time postgraduate course. The programme's use of a virtual learning environment means that the students, who are health professionals based all over the world, can study online whenever suits them.
The EBHC programme provides education and training in the principles and practice of Evidence Based Health Care for professionals working in all aspects of health service.
The WebLearn team wishes to encourage more innovative uses of the system. There are a myriad of facilities that can be used to add extra value to most courses and an active user community exists for tutors to swap ideas and tips for effective embedding within teaching or research. If you want to find out more about WebLearn then visit (http://www.weblearn.ox.ac.uk/) or contact email@example.com
2.5. Electronic access management in Oxford (and beyond...)
Access management to library, research and a whole host of other resources within the University began centuries ago. Originally this would have been achieved by the handing out of keys to buildings and rooms or by persuading the scary looking chap in the bowler hat outside the gate to let you in.
Today, such resources - from ordering a book, to reading email or accessing a genetics database - are largely provided electronically, often via a web browser. And the equivalent of the chap in the bowler hat is still necessary. The University now has licences with resource-providers that permit authorized staff and students to gain access to those resources. Each of these users also has personal information or data that may be held on a central database, data only the owner of which should have access to be able to change. Together these establish the two basic concepts involved in access management:
In many cases, the what can be more important than the who. Indeed, there are some cases where we might need access without needing to answer the what question. The right to read anonymously - even on line - is actively pursued in the USA, and is gaining interest here in the UK. Furthermore, researchers in 'sensitive' disciplines may need a guarantee that they cannot be traced easily in order to protect themselves from over-zealous activists or extremists.
To this end - and also to make other things a lot easier - many researchers in the UK are now working on implementing an access management architecture known as Shibboleth 2. Shibboleth will work with almost any authentication system, from usernames and passwords in Oxford's Webauth 3 to digital certificates 4, as used in the UK e-Science Grid 5. It also provides a means whereby important role information regarding the user may be passed securely to resources on the web so that they can make authorisation decisions.
Members of staff in the Systems Development and Support team have implemented the Webauth 6 system developed at Stanford University in the USA to provide single sign-on (SSO) facilities for web services. This has been available throughout the University since January 2004 and has been highly successful as more and more resources internal to the University become 'Webauth ready' and can be accessed after logging in via the Webauth interface. The University virtual learning environment (VLE), WebLearn, was also updated to allow Webauth logins in April 2005, and the Webmail service will follow suit later this year.
It is likely that, in future, the Webauth system may be used to access external resources via Shibboleth. In fact, developments to this end are about to be undertaken as a partnership between the Systems Development and Support team and the Shibboleth-enabled Portals and Information Environments (SPIE) project. The SPIE project is funded by the Joint Information Systems Committee (JISC) to demonstrate the effectiveness of Shibboleth in providing integration between institutional and national information environments, especially via enhanced portals and portlets. In addition to this ground-breaking research, long term benefits to Oxford researchers should become apparent.
Another Shibboleth research project being undertaken within OUCS - this time within the Learning Technologies Group - is the Guan Xi project, in partnership with the University of Highlands and Islands Millenium Institute. Also JISC-funded, the Guan Xi project is using the Shibboleth architecture to investigate ways in which to assist students and researchers to share resources within the Bodington VLEs based in UHI, Leeds, Manchester and Oxford. This should mean that learning objects and course materials in the VLE within one institution can be accessed by appropriately authorised users from another institution. In effect, a Weblearn user in Oxford, for example, could seamlessly create an account for him/herself in the Bodington VLE in Leeds, where the two institutions are collaborating.
Shibboleth is also being considered as an aid to accessing resources on the UK e-Science Grid. The Evaluating Shibboleth and PKI for Grids (ESP-GRID) project has naturally followed on from the work of the recently completed Digital Certificate Operation in a Complex Environment (DCOCE) project. Both projects arose within the Research Technologies Service, which is also home to the OUCS parts of the Oxford e-Science Centre. The Shibboleth system could mean that many grid users either do not need to use digital certificates or could minimise their exposure to them. The project is also re-appraising the suitability of the Public Key Infrastructure (PKI) technology and personal digital certificates and whether these are really necessary for grid computing.
OUCS is a leading centre in the research into access control methodologies, and their implementation. National initiatives towards improving the experience of researchers with respect to access management and in improving security are supported strongly by the work of OUCS. Oxford's Computing Services has a high national research profile in these areas. Such initiatives should result in a better experience for researchers and in increased security, both from the view of the resource providers and of that of the researchers in organisations such as Oxford.
3. Service reports
3.1. Backbone Network
The start of 2005 saw the final stages of the University backbone network upgrade completed when the 10 Gbps interface cards had a hardware upgrade to increase both their performance and network capabilities. A number of unit connections have now also been upgraded to 1 Gbps capacity. No major problems have been observed on the new network.
Traffic levels across the backbone are still rising (11.6% increase over previous year) and this trend is expected to continue, with a number of groups indicating that they expect their usage to rise substantially. Commensurate with this, the number of registered hosts connected to the network increases each year and has now exceeded 60,000 connections.
Although the total volume of traffic on our external link to JANET is still rising (31.7% increase over previous year), there are changes in the relative volumes of what is sent and what is received. Whilst the volume of data that we received has not risen by much, the amount of data that we sent out has risen substantially and, for the first time, exceeded the volume that we received.
3.2. Email Relay
Changes were made to the way that the email relays process incoming email messages during the course of this year so that unwanted (e.g. virus infected) or undeliverable messages were rejected before they fully entered the email relays. This had many advantages, including reducing the loading on the relays, and this is reflected in the message throughput figures.
The number of messages per day would appear to have dropped in the year but this is only because of the early rejection of messages that we now perform. To give an impression of the total volume and type of messages received at Oxford, a recent analysis showed that 70% were rejected immediately, 15% were marked as probable spam and the remaining 15% were thought to be genuine email messages. On this basis, the total number of messages arriving at the email relays approaches 2 million per day.
3.3. Herald Email Service
The Herald system provides mail storage for approximately 30,000 registered users, with access via POP, IMAP and Webmail.
Access patterns in a typical day are shown below for a 24-hour period commencing 06.25 on 2005-11-07
Insecure login methods (as represented by the plain IMAP and POP rows above) are planned to be phased out over time. Users are encouraged to enable SSL encryption in their email clients for greater security. The GSSAPI (Generic Security Services Application Programming Interface) which a few users are using on an experimental basis offers Kerberos-based authentication.
The daily volume of messages delivered to Herald continues to grow with notable peaks as shown below:
Daily volume of messages delivered (MiB) 2004-08-25 to 2005-07-31
Finally, the chart below shows the message disposition (number of messages delivered to inbox, saved to junk-mail folder, discarded by junk mail filter, error messages) for the same period (2004-08-25 to 2005-07-31):
Disposition of incoming messages on Herald:
Figure disposition.png [number of messages delivered to inbox, saved to junk-mail folder, discarded by junk mail filter, error messages during 2004 - 05]
3.4. Remote Access
Access through the dial-up service continues to decline as broadband connectivity becomes available in ever more locations. This is expected to drop further in future but there is clearly still a demand for the service.
Usage of the VPN service has increased greatly (by over 200%) in this year. This is probably due to two main factors; the rise in broadband availability to residential properties, and the introduction of the wireless VPN service in parts of the University. Both of these are expected to continue growing and the VPN service was substantially enhanced this year to cope with the current and expected future demands upon it.
The OWL (Oxford Wireless LAN) service for wireless networking was introduced this year with access available to both University members and their guests. As this is a new service, there is only limited availability currently (10 sites in 7 units), but a similar number is already planned and will be available shortly. Interest has been high and it is expected that the number of sites where OWL is available will continue to rise.
3.5. Hierarchical File Server
The HFS service provides large scale central filestore services to the University community. The HFS runs IBM's Tivoli Storage Manager (TSM) software and supports both a backup service for desktops or departmental and college servers and a long-term data repository service for the university's digital assets.
There has been approximately 25% growth in the desktop backup service over the year, measured in TB of data held on the server; the following graph shows this broken down by division.
Server backup data has grown by nearly 40%, as shown below, similarly broken down by division.
The following graph shows the growth in terms of files and TB data since 1996. The HFS backup service holds backups for about 3,000 desktop systems and 850 departmental/college servers.
Major activities for the HFS team this year focused on expanding backup capacity, improving client data restore performance, and housekeeping enhancements:
The past 12 months have seen a number of large incidents within the University, most notably the MyTob outbreak which infected 200 machines within 48 hours. Later in the year the BTBot infection had a much smaller population to infect (as it only spread through Windows 2000 machines) yet it still managed to infect 60 machines in 24 hours. There has only been one web defacement recently, but a number of web servers have been used as potential launch pads for denial of service attacks.
Over the last 12 months, there have been a number of changes within the security team with one member leaving and two joining. The security team has developed tailor made systems to help detect new outbreaks, along with procedures to deal with them.
In October 2005, the availability of manpower, coupled with the OUCS patch CD and continued user education meant that only 150 machines were blocked access to the network, as compared with 250 machines in October 2004. The downside of this, is that the attacks we are detecting are getting more complex and tailored to our network.
3.7. Help Centre
A primary focus of the Help Centre this year has been on changes in account management and authentication. As OUCS's initial point of contact for all front-line user services, the Help Centre was closely involved in the Michaelmas 2004 introduction of automatically created Oxford accounts with security questions. This new system has improved the handling of forgotten passwords, as users can now perform the reset via a web interface. Where this fails, a rescue code can be emailed to the user's or their IT support staff's university email address. In addition the Help Centre has reduce the number of passwords per user by switching its PCs to the single sign-on regime in June 2005, thus allowing logins using Oxford account details.
Software provided in the Help Centre has seen a few additions and some changes in the license management. The most prominent changes are:
The help desk is now logging phone calls and in person queries according to topic, which reveals that over 50% of the queries concern registration issues (account opening, extending etc.) or email problems, followed by difficulties with VPN.
Help desk usage continues to rise, with an email volume increasing of 12% over the 2002-2003 numbers and an 18% rise in the number of appointments booked. Staff continue to send the highest number of email queries, although less than in 2002-2003, while the number of emailed queries from students, particularly undergraduates, has risen sharply and retired staff are now sending in twice as many questions. Postgraduates are still the chief customers of the PC Consultancy appointments, although numbers are down compared to a rise in most other group.
3.8. Registration Services
From September 2004, new Herald/Single-Sign-On (SSO) accounts were created with an Authorization code instead of initial passwords. Working with the OUCS Systems Development team, the Registration section developed new account creation procedures, updated printed material sent to users, and provided facilities for the Help Centre to issue or extend activation and rescue codes. Lists of unactivated accounts are now generated weekly for IT Support Staff.
Other significant activities during the year included:
3.9. Information Services
Information Services manages the OUCS website and a number of related sites (e.g. e-Science, WelcomeToIT, ICT etc.). The OUCS site caters for staff, students and IT support staff in the University. It covers subjects as diverse as how to set up an email client to finding out about our courses or even the technicalities of the University network itself. The most popular pages, apart from the homepage, are the course booking system pages. Priorities in development over the past year were:
Information services also supports students who make use of Braille. This service saw a considerable increase in its use during 2004-05, supplying Braille versions of lecture notes, course work and past exam papers to aid students in their studies.
Wikis are an increasingly popular way to share information around specific groups of people in an organisation. Wiki technology was investigated with a view to implementing this system into the OUCS work flow. It was decided that the MoinMoin wiki software would be the best solution for use within OUCS. There are now number of wiki sites established across OUCS including the Help Centre to IT Support Services, e-Science, and OSS Watch.
Information Services developed a new site for the University ICT, http://www.ict.ox.ac.uk/ , which has shared ownership between OUCS, Administration and OULS. This involved setting up outside systems for partners to access the OUCS hosted site, as well as training and support of administrative staff in the use of both XML and system and client programs used to manage the site.
3.10. Research Technologies Service
The Research Technologies Service (RTS) provides a centre of expertise supporting the development of research e-infrastructure, which it primarily undertakes through grant-funded projects and services (described more fully within the Project Reports). New funding in this period was successfully obtained to enable a collaboration with other University departments on the development of virtual research environments (VREs); to investigate Shibboleth as a viable access management protocol within grid computing and institutional portals; to increase the range of activities providing advice and guidance about open source software; and to develop XML-aware indexing and retrieval software. The RTS also launched a production-level compute cluster as part of the National Grid Service and assisted with the submission of a successful bid to the EPSRC for continued funding for the e-Science Centre (under the aegis of the new Interdisciplinary e-Research Centre (IeRC)). In June 2005 the RTS published a briefing paper and co-organised a workshop, on behalf of the University's Digital Archiving Group, to investigate the issues surrounding digital repositories for research.
3.11. WebLearn VLE Service
WebLearn, the University's Virtual Learning Environment (VLE), was launched on a pilot basis in January 2003 and became a production service in May 2004. Usage of WebLearn has grown steadily. The number of accesses has trebled the past two years. The amount of data transmitted has trebled year on year. There are now 65 units (departments, institutes, or colleges) with floors in WebLearn, compared with 50 units a year ago. Together, they are sharing 33,040 resources, compared with 19,464 in the previous year.
WebLearn does not currently record login sessions, so access statistics are based on general web access logs. About 90% of accesses are from Oxford. As all but a very few Oxford users have accounts, the figures below offer reasonable estimates of logins. What is particularly notable is that the use is gradually balancing out among the academic divisions.
3.12. IT Learning Programme
In Michaelmas 2004 a more flexible modular structure was introduced for OUCS courses. This was very successful and enabled us to substantially increase bookings and offer a wider range of subjects. The programme now consists of over 100 titles each term; with 13,030 attending all OUCS courses and events.
The team worked closely with a number of departments to develop tailor-made courses which have since become part of their academic programme. In the academic year 1,350 students attended these courses as part of their formal training, an increase on the 950 in the previous academic year.
Apart from the formal teaching and the European Computer Driving Licence certification programme, the ITLP team was proactively involved with a number of specialist projects, staff and student inductions and informal drop-in sessions.
The main lecture room was transformed during the year into a cutting-edge and flexible environment offering a range of teaching methods from traditional to e-learning. The ITLP has now four lecture rooms equipped to a high standard including dual projectors and interactive whiteboards available to the University and other academic organisations.
3.13. LTG Services
The group worked closely with departments on projects as diverse as the evaluation of the LAMS software and the development of the Ruskin Teaching Collection (in collaboration with the Ashmolean Museum). Funding was received from JISC to run the ASK, CLIC and MDC projects which were set up to investigate digital repositories, sharing of image collections, and provision of electronic reading lists, respectively. Through these projects (described more fully in separate entries) OUCS's work on interoperability standards was advanced, and there was sufficient external funding to take on a part-time system administrator.
The group organised two events in the long standing and popular conference series, Beyond... and Shock of the Old (http://www.oucs.ox.ac.uk/ltg/events/) which attracted delegates from around the world. Closer to home, the group co-ordinated activities in support of OxTALENT, promoting good teaching practice within Oxford. These activities included the lunchtime seminar series Digital Projects in Oxford, the annual IT in Teaching and Learning competition, which recognises the efforts of students and staff to promote education via the internet, and other ICT workshops and talks.
3.14. Academic Computing Development Team (ACDT)
This year saw the ACDT's annual Call for Proposals restructured to a more accessible, two-stage process. By encouraging initial enquiries via a simple on-line form, the number of expressions of interest came to 98, with a 47% rise in enquiries in the core ACDT development areas of technology to support teaching and research. The most promising suggestions received were then invited to submit a full application, decreasing the overall amount of University staff time spent on writing unsuitable proposals, and making better use of the expertise of the ACDT Project Review Group.
During the year, the ACDT completed the nine projects listed below, as well as advising on numerous others. Note that these projects varied significantly in ACDT time commitment and duration.
The OUCS shop offers a range of computers, printers, consumables, software and related IT products. In addition, the Shop accepts payments for chargeable services offered elsewhere within Computing Services.
Michaelmas Term 2004 witnessed a high value and volume of sales, particularly of ethernet cards. However, the increasingly standard provision of network connectivity by computer manufacturers casts doubt upon the future sales of this item.
Counter sales of all goods available from the Shop remained buoyant, although falling prices, particularly of computers, mean that profits are lower. Sales volumes of Apple products have risen; Dell, Toshiba, and HP products also continue to sell well. The appeal of Viglen products appears to be declining.
The variety of software products available from the Shop has risen, with a number of new products available from the major manufacturers.
3.16. Software Site Licensing
OUCS manages a number of software agreements for commonly requested software packages used on personal computers. The University is thus able to make considerable savings against the individual purchase cost. A total of 16,363 software licences were issued in this year.
The Microsoft Campus agreement is for the annual rental of the most popular products, for example, Windows upgrades and Office Professional. Work-at-home rights are also included in this agreement. 4,173 licenses were added this year; the rental charge was £250,000.
The Microsoft Select agreement, which is administered via the Computing Services Shop allows for the purchase of other Microsoft products. 1,435 licences were recorded this year.
The budget for other site-licensed software used throughout the University currently stands at £90,000. 2,930 Sophos and 3,016 VPN licences were recorded this year.
OUCS also manages a number of software contracts on behalf of groups of departments in order to gain more favourable pricing; this year £57,000 worth of software was purchased and subsequently paid for by contributing departments.
3.17. Personal Computer Maintenance Service
The maintenance service continued to provide a valuable service to the University. OUCS monitored call-outs and reports of unsatisfactory service, and for the most part, the service (offered by an external company) has been exemplary. There are over 4,800 items of equipment currently registered.
Table 2: Range of equipment and their ownership registered with the maintenance scheme
3.18. Printing Services
OUCS offered a number of different types of printing service during the year:
3.19. Upgrade and Repair Service
A total of 201 devices were successfully dealt with during the year 2004-5, of which 192 were computers. These figures do not include a number of machines which were not repaired due to either the non-availability of spare parts or the high cost of the required part relative to the value of the machine.
The vast majority of machines were PCs from Toshiba, Dell, Compaq. Data recovery, hard disk replacement, and re-installation of operating system accounted for most of the work. The most unusual device supplied was an inverter to supply 240 volts AC from a Land Rover's battery. It was required to power a laptop in the African bush.
3.20. Computer Room Operations
A Konica Minolta C350 colour copier/printer was installed at the beginning of the year replacing the Fiery copier/printer, which was removed in 2003. With a resolution of over 600dpi, PostScript RIP, duplex unit, and oversize A3 capacity, the unit serves as a useful proofing device for our large-format poster printer.
The success of the poster printing service (OXPRINT) continues again for a fourth consecutive year with over 1,300 posters printed up to A0 size on matt paper stock and on the more popular satin media. The experienced operations staff aim to offer a 24-hour turnaround for most jobs, and use their expertise to solve most problems from, mainly, PowerPoint slides.
We still offer an image-setting service for high resolution printing.
The section is now responsible for typesetting many of the in-house publications, including design work for promoting and publicising the TSM Symposium, Courses Booklets, Bodington CD cover, and the OUCS termly newsletter.
3.21. Desktop Services and Development (DSDS)
This year saw significant changes for DSDS. Extra staffing and the help of visiting Professor Joe Doupnik enabled the team to enrol in beta projects with Novell, Sophos, Altiris, Apple and Condry Consulting. The unusual step of working directly with product vendors not only raised Oxford's external profile, but also ensured that the final releases were more compatible with the Oxford environment. Some projects which benefited directly from these collaborations are:
There were also major changes in DSDS's exposure to the IT community, with the team providing dozens of talks, seminars and courses in subjects ranging from authentication and Directory Services to cross-platform desktop management. Last, but not least, the team was proud to assist in the design and installation of the new state-of-the-art facilities in Lecture Room 2.
3.22. Network Systems Management Services (NSMS)
NSMS provided services to a large number of departments, colleges and associated institutions around the University.
The IBM Blade system which was purchased during the year is now in service and is already in need of expansion. All services running on this system are running in a VMware ESX virtual machine environment and this is proving to be very effective as the basis for a utility computing environment. A new Windows or Linux server can be set up in minutes, ready for configuring to meet a specific project requirement.
Over this last year, NSMS has been supporting:
This group includes the Finance and Accounts, Personnel, and Buildings Management sections.
Many of the earlier report-generating difficulties that were experienced with the ORACLE Financial Systems have been remedied and more accessible financial reports were provided to line managers. Further training on the new financial systems was encouraged to give more managers access to ORACLE.
Major building projects this year included the refurbishment and upgrading of Lecture Room 2, which now provides one of the most up-to-date facilities of this type in the University. During the year, OUCS also occupied additional office space in Keble's Acland Annexe and Felstead House, which has enabled us to relocate the UCISA administrative function and the Oxford e-Science Centre.
Other buildings works included a new hardware repair workshop and the refurbishment of an office space into the open-plan collaboration area for the Enhanced Computing Environment team. Additional works were undertaken throughout the year to improve internal security. A strategic review of our occupancy needs over the next 5 years is now being undertaken and its findings will be incorporated into OUCS's main strategic plan.
Recruitment was an important activity this year, with 13 new posts being recruited. The staffing was 122 FTEs at the start of the year and 137 at the end.
Training and staff development continued to feature highly in our activities, including working closely with IAUL in introducing the Certificate in First Line Management to OUCS section managers.
4. Project reports
4.1. Accessing and Storing Knowledge
This was the first full year of the JISC ASK project that is building repository services for the university community. These services will enable learners, researchers, administrators and librarians to control the sharing of resources or academic artefacts within an internationally recognised interoperability framework.
The software is primarily designed to integrate with WebLearn so that the services that are required by learners and researchers can be coupled tightly with those provided by the libraries.
Our main activities this year were to:
4.2. Community-Led Image Collections
http://clic.oucs.ox.ac.uk/ (out of date)
The JISC-funded Community-Led Image Collections (CLIC) project is investigating how best to promote the use, and sharing of digital images within the educational community. The affordability of capture devices such as scanners and digital cameras has led to an increase in the creation of image collections by educators. CLIC is seeking to determine how these collections could be made more useful and accessible. Efforts by individuals to share their material are often thwarted by issues such as copyright, intellectual property and cataloguing information ? not to mention the technical difficulty of building a robust Internet resource. CLIC will be making recommendations for a proposed national network of community-led image collections that should help to overcome these obstacles.
The main activities of CLIC have been:
CLIC will be submitting its final report in January 2006.
4.3. Digital Certificate Operation in a Complex Environment
The Digital Certificate Operation in a Complex Environment (DCOCE) project was a two-year Joint Information Systems Committee (JISC) funded project that completed in February 2005. The main aim of the project was to look into the use of digital certificates by end users in higher and further education (HE/FE) for authentication to services and also to look at the methods of issuing certificates to users and how to manage the accounts. DCOCE developed code and rolled out to several sets of pilot users and evaluated feedback from over 80 people. Despite some current Linux and MacOS implementation issues, we believe that the use of cryptographic tokens is highly attractive for a scalable PKI for HE/FE institutions.
In general, the use of the client digital certificates was quite straightforward for most users. However, there were many minor problems regarding usability of the certificate issuing mechanism. There were no showstoppers that could have meant that the widespread use of client certificates was infeasible in a HE/FE context. Nevertheless, many of these minor problems have been in existence for some time and show no progress in being resolved. In short, the use of certificates should not be difficult, but for the time being, remains that way. The project final reports may be found at http://www.dcoce.ox.ac.uk/docs/.
4.4. JISC/NSF Digital Libraries in the Classroom: Tools Evaluation
This study looked at four projects funded under the JISC/NSF Digital Libraries in the Classroom scheme. Specifically it was asked to look at the e-Learning tools developed or used in the projects, their availability, functionality, accessibility, applicability, and adherence to the emerging JISC IE (Information Environment) guidelines.
The evaluation consisted of document analysis (including project plans, biannual reports, presentations, published articles, evaluation so far, etc.), on-line surveys, structured interviews, and benchmarking against the IE Standards and Guidelines and the JISC e-Learning Framework.
The major outputs from this evaluation were:
4.5. Oxford e-Science Centre
The Oxford e-Science Centre (OeSC) is a collaboration between OUCS and the Oxford University Computing Laboratory providing the Grid infrastructure within the University and supporting over twenty five e-Science projects across departments. A good proportion of the original e-Science projects have now been completed successfully (e.g. e-Diamond, Remote Microscopy, VideoWorks), to be replaced by a number of new projects (e.g. Integrative Biology, CancerGRID and Evaluation of Shibboleth and PKI for GRIDs). OeSC continues to have representation both at the national level (through representation on various UK e-Science Programme committees and task forces), and at the international level (through representation on the Global Grid Forum Steering Group).
OeSC has recently purchased a number of portable machines which can be loaned out for using AccessGrid (an advanced video conferencing environment). The e-Science Centre is currently transitioning to the newly formed Interdisciplinary e-Research Centre (IeRC) under the direction of the newly appointed Executive Director, Anne Trefethen. One of the first outputs from the IeRC will be the developed of OxGRID, a campus Grid for using idle cycles of desktop machines.
4.6. Evaluation of Shibboleth and PKI for Grids
The Evaluation of Shibboleth and PKI for Grids (ESP-GRID) project is funded by JISC to investigate whether and how Shibboleth offers solutions to issues of grid authentication, authorization and security. A further general aim is to investigate the requirements of grid security and whether (and how) the acceptance of Shibboleth assertions for access controls could be used within existing PKI based grids. Another focus is whether Shibboleth can contribute towards an interface between existing information environments and grid computing environments. The project began in August 2004 and is due to complete in March 2006.
Up to July 2005, the project focused mainly on future requirements for grid computing with respect to security and access management. The project attempted to capture previously documented requirements and drew up a newer set, bearing in mind the need to expand the use or benefits of grid computing wider than highly technical computer scientists. The next phase of the project is to produce a working demonstrator of grid use mediated via Shibboleth.
The Guanxi project addresses the problem of controlling access to shared resources in inter-institutional collaborations, particularly in the e-learning context. Guanxi uses Shibboleth, which makes use of user attributes passed between the institutions participating in the agreement to determine access permissions. Guanxi project partners are University of Leeds and the UHI Millennium Institute, and because the Bodington VLE is in use at all three institutions, is an ideal candidate for demonstrating the application of Shibboleth.
Over the past year the project has added Shibboleth capability to Bodington, and Bodington can now be used out-of-the-box as a Shibboleth IdP (Identity Provider) and SP (Service Provider). The Guanxi component can also be used independently of Bodington. Other developments included enabling the VLE to use Webauth. This work was completed and went live successfully in April 2005, and there is now one-click access to the VLE after having logged into the Webauth system.
4.8. Humbul Humanities Hub
The Humbul Humanities Hub, based within the Research Technologies Service, is a national service which employs a distributed network of subject specialists to find and review web sites suitable for research and study within a wide range of humanities subjects. Humbul forms part of the Resource Discovery Network and receives funding from the JISC and the Arts and Humanities Research Council.
Achievements during 2004-2005 included:
4.9. British National Corpus (BNC)
The BNC is an internationally famous 100-million word language corpus, representing the state of the English language as of the end of the twentieth century. OUCS has been responsible for its maintenance and distribution since 1994.
Work on converting the corpus from its original SGML format to a more up to date XML format was carried out this year. To test this process, a new sampler CD, containing just 4 million words together with the newly developed Xaira software, was produced, and proved very popular. This CD, named BNC Baby, was adopted by the Open University for an introductory course on corpus linguistics.
The BNC is distributed on CD and during this year, about 470 copies were sold, rather less than half of these being copies of BNC Baby. This covered the costs of distributing the corpus, and also funded some further developments of the Xaira software.
4.10. Learning Design Projects
The LTG has been involved in four JISC-funded investigations into learning design during 2004-5:
The recommendations which we have made regarding future technological innovations have been enhanced by rich insights into the cognitive aspects of designing for learning, and our work has already attracted interest at two international conferences and within JISC.
4.11. Middleware for Distributed Cognition
OUCS is building federated search software that can be embedded into WebLearn. The software will allow learners, researchers and librarians to compile and share reading lists according to an internationally agreed interoperability framework.
The main activities so far have been:
4.12. National Grid Service
The Oxford e-Science Centre (OeSC) is funded by JISC to host one of the core resources of the National Grid Service (NGS). The compute cluster was delivered in December 2003 and entered early adopter production phase in April 2004. In September 2004, the NGS was launched as a production service. Since production launch, the Oxford NGS cluster has been highly utilised (accounting statistics indicate average utilisation of 75%). The NGS user community includes researchers from UK academia, as well as international collaborators of various e-Science projects within the UK. There has been steady growth of the NGS user community. A table of the number of NGS users is given below.
Table 3: Number of NGS users 2004-2005
The National Grid Service has grown with other institutions donating resources to the Grid. In the past year, 3 new partner sites have joined the original 4 core nodes. The joining of new partner sites has been handled by OeSC on behalf of the NGS. There are currently 2 other sites being taken through the joining process and a number of other sites that have expressed interest. The rate of partner growth is currently limited by lack of staff effort.
4.13. OSS Watch
OSS Watch is a JISC-funded national advisory service on free and open source software. In 2004, JISC requested that OSS Watch substantially increase its offering as a result of user demand. The staff complement increased from 1.25 FTE to 3.2 FTE with a corresponding increase in materials published, events organised and presentations given across the UK, Europe and further afield.
OSS Watch organised two national conferences during this period: Open Source: National Frameworks and Building Open Source Communities. A series of open source roadshows was organised specifically for further education colleges. OSS Watch also participated in numerous conferences and workshops, notably the AURIL spring conference, the EUNIS conference, and the Coimbra Group workshop on eLearning Quality and Open source/Open standards. In May OSS Watch made a series of presentations at Australia universities.
More than 20 briefing notes were published on the OSS Watch website during the year. Of special note is Open Source Development - An Introduction to Ownership and Licensing Issues, which was featured by JISC and received notable mention in the open source media. During the spring OSS Watch investigated wikis (reader-editable websites), eventually settling upon the MoinMoin wiki software launched later in the year.
4.14. Oxford Text Archive
The Oxford Text Archive (OTA) hosts the Literature, Languages and Linguistics subject centre of the Arts and Humanities Data Service which is funded by the Arts and Humanities Research Council and JISC. In this capacity, the OTA plays a key role in advising academics in literary and linguistics subject areas on the technologies and methods involved in creating electronic resources.
Successful workshops and symposia were held in alliance with major associations and conferences including the British Association of Applied Linguists, the Poetics and Linguistics Association, EUROCALL, Digital Medievalist, the International Medieval Conference, and the Corpus Linguistics 2005 conference. The OTA is now also represented in the Text Encoding Initiative, the Open Language Archives Community, and EUROCALL, an association focusing on computer-assisted language learning.
The OTA embarked on a new European project to develop corpora of spoken language data for language teaching purposes, and a project with Lancaster University funded by the Leverhulme Trust to create a corpus of texts from the first decade of the twentieth century. The latter is to be compared with similar corpora from the 1930s, 1960s and 1990s. Researchers in Amsterdam are working with the OTA to identify and categorise metaphors in language corpora. Agreements have also been made to archive materials collected by the Endangered Languages Archiving Program at SOAS, and by TRACTOR, an archive of Central and Eastern European Language Resources.
4.15. Remote Authoring of Mobile Blogs for Learning Environments (RAMBLE)
As part of JISC's E-Learning Tools programme, the RAMBLE project investigated mobile weblogs and their integration into Learning Environments. The gathering of requirements was conducted with small groups of undergraduates in Medical Sciences and Chemistry for the off-line authoring of weblog entries on PDAs and subsequent upload to a weblog server. This informed the development of a new blog/newsfeed component for the Bodington VLE that allows Weblog content to be incorporated through the reading and configurable display of syndicated newsfeeds (RSS and Atom). WebLearn has been upgraded with the new version, which in turn has helped drive investigations into a central newsfeed system.
RAMBLE has boosted the understanding of mobile learning - both in the practicalities of working with hand-held devices, and the potential offered for personalised learning. Findings have been disseminated in various publications, including issue 44 of Ariadne, published by UKOLN.
4.16. Shibboleth-aware Portals and Information Environments (SPIE)
Over the past year, SPIE has deployed a pilot Shibboleth environment at Oxford in a proof-of-concept project providing access to local and remote protected resources belonging to different federations, namely the Athens UK and the SDSS Development federations. The SPIE team liaised closely with Eduserv, EDINA, and the OUCS Registration services to formalise this joining process.
SPIE has developed web-based applications which, in conjunction with Shibboleth, enable users (typically, staff and students) to authenticate against Webauth and access a protected resource, without the need to re-authenticate when accessing other protected resources within the same federation. These applications enable users to decide which information about themselves they are happy to release, and allow resource owners to decide which information they want to know about the users before they are given access to local resources.
uPortal is being used as the front door for this environment. The integration of Webauth with uPortal, and the employment of institutional LDAP user attributes for authorisation, are being undertaken in conjunction with the OUCS system development team.
4.17. Text Encoding Initiative (TEI)
Oxford is one of the four host organizations of the TEI Consortium, an international project creating detailed guidelines and XML schemata for the encoding of texts.
Our main role in the last year has been maintenance and development of the TEI Guidelines, development of workflow tools, provision of a UK web site, and teaching courses. The following staff from the RTS have worked on the TEI:
http://www.tei-c.org.uk/Roma/), and teaching
TEI development takes place on SourceForge (http://tei.sf.net/), and the first public release of a major new revision was made there in February 2005. Part of this release also forms part of an ISO standard on feature structures.
4.18. Tools Integration Project
The JISC TIP project was completed during the year. This was a collaboration between OUCS, Macquarie University in Sydney, Australia and the JISC TOIA project.
The goal of the project was to build interoperability points between WebLearn, the TOIA assessment system and the LAMS activity management software. This is a first step towards providing an integrated suite of software that supports core learning and teaching activities.
The major outputs from the TIP work were:
4.19. VLE Development
The VLE team are responsible for maintaining and developing WebLearn. By attracting considerable external funding, 3 new full-time staff were employed in November 2004, bringing the total to 5 FTE. Funding was also secured to implement the ASPIRE PDP (Personal Development Plan) system, the pilot due to go live at the start of Hilary 2006.
Development has been far-reaching. Numerous bugs were fixed and new features added, including RSS/Atom display, visual access rights display, text and image resources, embedded WYSIWYG HTML editor, and a resource creation wizard (EasyBuilder). In addition, WebLearn was the first University-wide service to incorporate the Webauth single sign-on service.
The VLE team has managed two open source communities, organised four Bodington Buzz seminars, and presented at a number of conferences including JA-SIG UK, CETIS Enterprise SIG, and e-portfolios 2005; staff also teach on the MSc course in e-Learning.
4.20. Virtual Research Environments
In the summer of 2005 the RTS, in collaboration with the OeSC, the Oxford University Computing Laboratory, and the Humanities Division started work on a number of Virtual Research Environment (VRE) projects under the JISC VRE Programme. The Building VREs for Humanities project is establishing how VREs can aid research in the Humanities. Led by the Humanities Division, with technical assistance from the RTS, the project is currently interviewing researchers to collate their requirements, and building upon a Humanities ICT survey conducted in 2003. The Integrative Biology VRE project is working to embed in silico experiments for heart disease and cancer into the research process of computational and mathematical biologists. The SAKAI VRE project (in collaboration with CCLRC, Portsmouth and Lancaster) is developing a demonstrator VRE and low level tools for authentication and data retrieval. All three projects are working closely together to share the results of their investigations and technologies, within the general aim of providing VREs within other disciplines.
4.21. Xaira Project
XAIRA (XML Aware Indexing and Retrieval Architecture) is a software system developed at OUCS, initially for use with the British National Corpus project. In Sept 2004, one year's funding was received from from the Andrew W Mellon foundation to rewrite the system as an open source library, supporting a range of APIs for the indexing and retrieval of very large amounts of XML-encoded textual data.
The first open source version of the package (release 1.12) appeared on SourceForge (http://tei.sf.net/) in April. There were three further incremental releases during the year, with more planned as the software undergoes further testing.