Technology Uncategorized

Cloud 101: Tools and Strategies for Evaluating Cloud Services


  • Khalil Yazdi, CIO in Residence, Internet2
  • Andrew Keating, Director, Cloud Services Internet2,

Assets from this session (shared box folder):

I’m looking forward to this session because there are so many SaaS, PaaS and IaaS tools that I’m being asked to review by my colleagues. There is a box link that contains the notes from this session.  The Sample Security Clauses and Sample Data Handling Clauses were worth the price of admission, btw.

The EDUCAUSE app says about this session:

This seminar will introduce participants to the technical, legal, and risk management considerations important to evaluating and selecting cloud services for their campuses. Learn the key aspects of the Cloud Controls Matrix for security assessments as well as legal terms and conditions that make for successful cloud contracts.
OUTCOMES: Categorize the elements of cloud service assessment * Identify risks associated with cloud services and develop mitigation strategies * Distinguish how to engage campus stakeholders in evaluating cloud services

POLL:  What’s Attractive to You About Cloud Services?

  • Cost
  • Reduced overhead
  • Features
  • Functionality
  • DR / BC
  • Value-add functionality for staff
  • Scalability
  • Risk
  • Compliance

POLL:  What Concerns do you Have About Cloud Services?

  • SLA
  • Responsiveness
  • Integration of systems
  • Data and data analysis
  • What happens if your provider goes away
  • Security
  • Data location (regulatory)
  • Latency
  • Data ownership / retrieval
  • Manage cloud service, not our actual work
  • Funding / budgeting model CapEx > OpEx
  • Governance:  accessibility, PCI, FERPA, etc.
  • “Too easy” i.e. barrier to entry is very low
  • Billing
  • Enterprise vs. consumer purchasing

Items that are attractive and items that are concerns can (mostly) be argued either way!

Overview of Cloud and R&E Community Cloud

  • Internet2 founded 1996
  • National network
  • 300 member universities; 80 corps; 70 govt. orgs, etc.
  • Supports research and education

Goal for Today:  Informed Decision-Making About This Deployment Vehicle

  • It’s no longer an emerging technology

What Drives Us to Cloud Services?

  • Reducing costs
  • Realigning staff
  • Meet institutional goals
  • Help students learn more effectively
  • Aging infrastructure
  • Scalability & elasticity, simplicity, expandability (ebb and flow of normal campus activities)
  • Volume up; prices down (with these kinds of services, IT  is more like a portfolio manager of financial assets)

Business Drivers:  What’s Different?

  • Student Expectations
  • Faculty Roles & Requirements
  • Higher Education Business Needs
  • IT Services & Delivery
  • IT Procurement Strategies

Definition is Still Elusive & Amorphous

NIST definition: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction

In short:  it’s a shared experience.

Underneath it all, you need a network carrier; Internet2 has this.

We wanted to created a scalable community approach for the higher ed space to communicate with cloud providers.

The NIST framework is not perfect:  identity is missing, it has overhead, security lives in the “cloud provider” segment, etc.

EDUCAUSE Top Issues:  Four Strategic Priorities

  • Efficiency:  reduce operational costs
  • Effectiveness:  achieve demonstrable improvements in student outcomes
  • Relevance:  keep pace with innovations in eLearning, and use eLearning as a competitive advantage
  • Value:  Meet students and faculty member expectations of contemporary consumer technologies and communications

You have to be able to speak to the above issues if you want to be relevant when pushing cloud services on your campus.

Interactive Section

  1. What’s Your Role and why are you here?  I’m director for Web & Technology Services in the division of Student Affairs.  I’m here because I want to get a handle on the approaches needed to manage the adoption of cloud services beyond web site and web application hosting (i.e. – product purchasing, governance, security, etc.)
  2. What are the business drivers at your campus for going to the cloud?  Speaking for my own unit:  cost, better understanding of service utilization.
  3. What are the budgetary drivers motivating consideration of the cloud?  Changing from CapEx to OpEx model.
  4. What are the technical drivers for moving to the cloud?  Reduction of technical overhead in maintaining a web infrastructure, reliability, flexibility.
  5. Who are the champions for cloud adoption on your campus?  What are their expectations?  Often, those who can’t or don’t want to support the technology themselves, but typically people who want stuff we can’t deliver.
  6. Who are the detractors and resistant to moving to the cloud?  Not many detractors, but there are people who continue to retain latent suspicions of the technology.  Central IT itself is often resistant to moving to the cloud.
  7. What do you see as major challenges to cloud adoption?  Scalability within the organization; how do we approach adoption in a holistic sense.


Cloud Assessment Skills

Technical & Architectural

  • Aspirational view of the cloud:  simplify and obfuscate complexity
  • Responsibility and management model:  need to understand the vendor’s relationships on all the different components of what represents “their problem” versus “your problem.”
  • IaaS:  is all purely infrastructure.  Provider says:  “we’re just giving you hardware in the cloud.  Everything else is your problem.”
  • PaaS:  Provider says:  “we’re giving you everything EXCEPT your application.  You’re responsible for that.”
  • SaaS:  Provider says:  we’ll manage everything for you.”  However, it’s all about who owns your data.

Cloud Service Functional Assessment

  • Review current features and functionality
  • Discuss existing Service Provider product roadmap (under NDA)
  • Determine ways in which service needs to be tuned for research and education usage
  • Prioritize feature requests discuss prioritization with SP’s product team

Process and Deliverables:  understand current features, functionality, and future roadmap; determine how to request features and inform the roadmap as well as process for reporting bugs.

Cloud Service Technical Integration

Network:  test network performance or review 3rd party testing; determine service connectivity with the Internet2 R&E network and optimize for enhanced delivery.  Test the network to create benchmarks!

Identity:  review SP’s identity strategy and determine InCommon integration.  Net+ Identity Guidance for Services

Process and Deliverables:  assign technical team members on networking and identity; develop and review testing plans; and produce reference documents for service subscribers

Security & Compliance

  • What are the documents involved?
  • Definitions, CCM or Cloud Control Matrix (self-reported like a VPAT, not audited), SOC 2 (an audit report), ISO 27001 (an audit report pass/fail)
  • How to read and understand these documents
  • Security assessment:  customized version of the CCM developed by the Cloud Security Alliance
  • Accessibility review and roadmap commitment
  • Data handling:  FERPA, HIPAA, privacy, data handling

Process and deliverables:  SP to give review copies of 3rd party audit materials, and completes Cloud Controls Matrix for review; campus security officer review and assess service; accessibility engineers review service and communicate needs to SP.

Legal & Contracts

What are the key elements in a successful cloud contract?

  • Description of service components, features
  • pricing and business terms
  • Indemnification and limitation of liability
  • security
  • compliance and representations
  • Data & data handling (data retrieval on termination, data destruction, etc.)
  • “Exit strategy,” source code escrow
  • SLA
  • Insurance provisions

When Reviewing Sample Contract Materials

The following questions were based on sample templates in the Box share described waaaay above.

  • What does this contract language aim to do?
  • Who or what does it protect?
  • What are the risk considerations for the university?  For end users?  For the service provider?
  • Which would you sign and agree to?
  • Which would a commercial service provider sign and agree to?

Cloud Assessments:  Conclusions

  • Specificity matters
  • Consider whether it is more helpful to spell out what a SP will do OR what they will not do
  • Some flexibility is required:  if you want to use a commercial service, determine what is reasonable
  • Do not accept standard commercial terms or “click through”
  • Do not assume the worst of commercial SPs
  • Consider the future and ongoing relationship
  • Remember that both sides are managing risk and the overall aim is to to come up with something that both your campus an the SP can live with




Technology Uncategorized

Building an Emerging Technology and Futures Capacity in Your Organization

Presenter:  Bryan Alexander

Introductions:  Name, Institution, One Way I “Get at the Future”

This seminar was attended by folks from all over the world, and we had some great answers:

  • Colleagues
  • My system
  • My kids
  • Star Trek
  • Web searches, i.e. Robotic Brick Layers
  • Campus Innovation Store (touch screen tables, Oculus Rift, etc.)
  • My CIO
  • Twitter

Quote:  “The Web is general, podcasts and books are deep.  Podcasts and books are rarely used (by comparison to the web) and can give you a leg up if you’re using them to reach out.”


  • Add new habits of mind
  • Allow mental space to step outside immediate crises and routine
  • Reduce reliance on history, a kind of path dependency
  • Be social about it!


  • Futures world is small but deep; started in the 1960s
  • Horizon Report
  • Delphi method:  ask a group of professionals specific questions about the future and then rank them
  • Environmental scan:  trends identified, tested, projected.  What are the signals of the future to come?  You need to look through multiple sources…they’re easy to do but can be time consuming.
  • Trend tracking and analysis:  synthesize what you learn by looking at the signals and follow them.
  • Scenarios:  stories about the future.  Event/response, creativity, roles & times, emergent practices and patterns.  Give people a scenario like “how does my job change because of voice interaction?”  They’re very bad predictors, because the future is generated by many forces.  They’re playful and creative and elicit participation.
  • Consume the literature!  Tech writing, education writing, pop culture, sci-fi, design.  Mr. Robot television show was suggested as something to watch.

The Delphi Method

Which developments in tech are most likely to have the largest impact on education over the next five years?

  • Mobile
  • Active learning methods
  • Predictive analytics
  • Scaling (i.e. industry)
  • Bring your own network
  • Adaptive online delivery
  • Internet of Everything
  • 3d printing
  • Virtual Reality
  • Cloud Services

When the attendees voted on which of these items they considered most important (every attendees had two votes to cast):  Cloud Services, Data Analytics, and the Internet of Everything came out on top.

What are the most significant challenges facing education and tech?

  • Funding
  • Agility
  • Flexibility
  • Deliver education in a useful, predictable, cost-effective manner
  • Public value of higher education
  • Net.generation
  • Faculty lack of competence in teaching with new technology; failure to embrace technology
  • Diversity, i.e. accessibility
  • Business value of IT to institution
  • Student economic struggles
  • Political infighting within the institution
  • Consumerization of expectations (especially in the US), i.e. residence halls, recreation centers, etc.

Environmental Scanning

STEEP:  Social, Technological, Economical, Educational, Political

  • Social:  this is where most of the issues come from, i.e. pop culture.
  • Technological:  Kurzweil, TWiT, Slashdot, etc.
  • Economical:  The Economist, Naked Capitalism, Marketplace
  • Educational:  Inside Higher Ed, Chronicle of Higher Education, Dan Cohen, University World News
  • Political:  memeorandum

Educational Technology:  Stephen Downes, Audrey Watters, eCampus News, Steve Hargadon, Alan Levine, edSurge

Venues:  blogs, Twitter, list serves, podcasts, videos, journals, books, meetup, conferences, repetition, hashtags, RSS, mainstream and marginal sources

Environmental Scanning Exercise

ID a story over the past couple of months that suggests the future; one story from professional life, one story from personal life.

Professional Life

  • Story or event:  Team WikiSpeed modular car
  • Source:  scrum training
  • Implication:  infusion of agile methodology into every field

Personal Life

  • Story or event:  use of Google Docs for class projects
  • Source:  kids
  • Implication:  collaboration


Great quote:  “Facebook is dead.  It has over a billion users…I want that kind of dead!”

To-Do:  set up a continual environmental scan via a Wiki page or a meetup or a periodic campus event to keep these ideas flowing!

Trend Analysis Discussion Notes:  What Trends do You See In These Observations?

  • Agile methodologies:  complete business transformation
  • Google Docs:  collaboration built into every tool (along with seamless interfaces to other systems)
  • Alternate delivery methods for instruction:  learning anytime
  • Access to high-quality information for learning
  • Driverless cars
  • User interfaces
  • Personal/private life convergence
  • Changing role of the faculty
  • Unconscious bias
  • Changing role of campus physical space and resources
  • Focus on student success, rather than BiTs
  • Growing importance of analytics and data
  • Growing concern about data privacy – governance
  • Increased importance / danger of data security
  • Physical / virtual convergence

Scenario Creation Exercise:  You Can Do This at Home as a Planning Exercise

Take two trends we talked about above and push them to their limits, and then drive them to their logical conclusions.  Which one is the most unpredictable / hardest to think about?

Physical / Virtual convergence / divergence

  • Deeper humans
  • Distanced people

Campus physical space/resources changing

  • There is no campus
  • “Mega campus” full of specialized equipment

We then placed these two trends into X/Y axes in opposition to each other and discussed what situation would occur within each quadrant.  Great conversation!  This is a great exercise, but you need to make sure that you choose trends that are UNPREDICTABLE.

Practical Actions

  • Dig down into different organizational layers to get more information:  local community, professional networks, world at large
  • Use methods in-house
  • Nudge staff into becoming method practitioners
  • User methods in campus community, looking for expertise
  • Check for institutional interest and support
  • Use resources created by Futurists, i.e. ELI publications
  • Observe humans and their use of technologies
  • Share observations internally and externally




2015 Kurogo Conference Mega Post

This post is the culmination of all the live blog posts I made at the 2015 Kurogo Higher Education Conference…a practice I have that I like to call a “MEGA POST.”  Like any other conference I attend, I make it a point to document the sessions I attend.  This keeps me engaged at all times (often difficult in post-lunch sessions), gives me notes I can refer to later on, and provides a source of information for others who could not attend.

If there’s anything I took away from this conference, it’s that higher education institutions have EXACTLY the same kinds of needs.  The differences between solutions are simply variations on a theme.  Whether it’s transactions like course selection and tuition payments, MarCom needs like campus tours and micro sites for alums, or student life needs like safety escorts, the needs are the same.  Only the implementations differ.  What differentiates the Kurogo platform is that it’s open source, and campuses are actively contributing to it.  A great example of this is was Matt Willmore’s announcement of Notre Dame’s contribution of several open-source modules to the Kurogo community (see my post on Student/Citizen Development with the Kurogo Platform below).  This is a welcome gift to the community, and should be encouraged.  By the way, Notre Dame was a wonderful host…thanks Matt!

With that, here’s my list of posts.  I hope you find them useful.

Monday, April 27

Tuesday, April 28


Technology Uncategorized

Why email is the devil

Email is the devil, I’m sure of it.  Unfortunately, it’s the official form of communication for many institutions, including my own.  I’m inextricably tied to it, and somewhere over the last few years, it turned me into something I never thought I’d be:  a hoarder!  Well, the devil doesn’t work alone, you have to give him the power.  Let me explain the whole sordid tale, and what I did after I saw the light…


  • Gmail is awesome
  • Saving every email you get is a terrible idea
  • There are better tools than email for most work-related communication tasks
  • My email “rules of engagement”

I like to keep my communication organized; always have.  Over the years, I’ve used a range of email programs including Outlook, Mac Mail and Thunderbird.  Of course, I’ve used web clients for almost as long, but I always found it comforting to store everything locally.  No matter which program I used, I carefully created folders to neatly store everything for future reference.  And I do mean EVERYTHING.  I had literally hundreds of folders that broke things down by project, organizational affiliation, function, you name it.  It got to the point that my folders were so granular, it became a more-than-once daily conundrum about which folder to store my email in…not to mention the mileage I was putting on my trackpad!

Several months ago, one of my staff members introduced me to a better way of managing Gmail that literally changed my life.   Yes, literally.  The article that describes “the way” is here:  In simple terms, it takes advantage of the multiple inbox extension, activation and actual use of keyboard shortcuts, filters and labels.  While I got used to doing things this way, I kept my Mac Mail client running for a couple weeks.  After only three days, I knew there was no turning back.  I was able to fly through my email in minutes per day, not hours.  This was the nice “clean break” I needed.  However, I still had about seven years of email I felt obligated to do something about.

While I used Mac Mail for my work email account and Thunderbird for my personal email account, thankfully I did not have to worry about manually exporting and importing .mbox files.  Way back in 2007, I created a Gmail account that I used exclusively as a repository for both my personal and work accounts.  After seven years of forwarding from two accounts, I had over 75,000 emails stuffed in that account.  I had to figure out the best way to move it all into the Gmail account I use now.  I found a great article that explained how to do exactly that here:  Once set up, the transfer process happens automatically (that took about four days, in case you’re wondering).  Of course, none of THAT email was organized, so I had a ton of email sitting inside an “archive” label to sort through.  This was a challenge, even with my newfound Gmail-fu.  A number of custom filters – some of them used only once and then deleted – eliminated about half of the mail I knew I didn’t need, leaving me with about 40,000 emails.  I’m committed to going through these, 1,000 per day until they’re all gone.

Digressing briefly, I have to mention some of the other work-related communication tools I’ve been using a lot recently.  What these tools have in common is fitness of purpose:

  • Basecamp:  an extremely popular online project management and communication tool.
  • Pivotal Tracker:  an agile project management tool used by software development teams.
  • Slack:  this is the tool that really helped me see the light and redeemed me.  Slack aggregates all communication associated with a project.  It combines the best parts of instant messaging with twitter, and – most importantly – has integration hooks into literally thousands of tools that developers use, like github, basecamp, errbit, pretty much every bug/feature tracker, and more.  There’s no better tool out there that lets teams clearly see who’s doing what and when.  It’s amazing and I can’t imagine working without it.

Anyway, as I was going through those 40,000 emails last weekend, I had an epiphany:  the vast majority of this email just doesn’t matter anymore.  Many were critically important at the time they were written, but they’re basically worthless now.  This fact doesn’t change the reality that I still have to go through all that mail, but it made deleting things so much easier.

It’s now painfully obvious to me why storing every email is a bad idea:

  1. Not every email is equally useful (duh)
  2. Finding important stuff gets harder over time
  3. “Inbox zero” becomes more elusive
  4. It’s a liability (maybe even legally)
  5. It’s a heavy psychic weight to carry

Here are my new not-quite-perfected email “rules of engagement:”

  1. Use email only for official communications that have a shelf life greater than one month.  This includes:
    • Budgeting
    • Contracts
    • Staffing, i.e. hiring, firing, merit increases
    • Strategic things that directly affect the bottom line
    • CYA (we all have our unique reasons)
  2. Delete everything more than one year old, unless it fits into rule #1 (even then, it’s probably less important than you think).  I’m shocked at how few of my precious old emails contained any information worth keeping.
  3. Inbox zero, ALL THE TIME.  There’s no good reason to keep anything in your inbox.  Waiting on an answer from someone? Tag it and archive it.  Need to schedule a bill payment on the 24th?  Tag it and archive it.  Delegated a task to your staff?  Tag it and archive it.
  4. Use the right tool for the job.
    • Got a sensitive topic?  Pick up the phone!  Or better yet, pay that person a visit.
    • Collaboratively riffing on an idea in real-time?  Use Google Hangouts, Skype, Face Time, or GoTo Meeting.
    • Need to communicate with a project team?  Use Basecamp, Pivotal Tracker, Slack, etc.
    • Got to write something short for the world to see?  Use Twitter, Facebook, Tumblr, RSS, etc.
    • Got to write something long-form for the world to see?  Use a blog or an old-fashioned web site.
    • Editing a document with colleagues?  Use Google Drive (docs, spreadsheets, presentations) or Box.  There are lots of options in this space.

Email is still a great tool when you want to send someone the equivalent of a memo, but for most of the work I do today, email is the wrong tool for the job.  Don’t let email steal your life!


Accessibility Technology Uncategorized

The (not so) Surprising Parallels Between Responsive Design and Accessibility

This is my third session from the first day at the CSUN conference.  This session is hosted by my friend George Zamfir, who I met at this conference last year.  The session guide describes George’s session like so:  “Responsive design has borrowed principles & best practices from accessible design.  Learn about both and how to apply them to your projects.”

Presenter:  George Zamfir (@good_wally)




In this post, I’m going to dispense with my normal slide-by-slide narrative structure.  George’s presentation moved way too fast and had lots of builds. 😉


George discovered that responsive design was a great way to build accessibility into his projects.  He showed us some of his previous work on the Scotiabank web site.  This ended up being TWO projects:  first for the desktop version of the site, then the mobile responsive version of the site.  He also worked on the mobile version of the bank’s credit card application.


What do all assistive technologies have in common?

  • They don’t care much about design, and they care to change it for the user (a lot like RSS readers)
  • Content trumps design, regardless of screen size
  • RWD is not about the design, it’s about updating the design to bring out the content



Visual, Auditory, Mobility, Cognitive & Speech.  Don’t measure people through the disability lens – which automatically focuses on what people are NOT able to do.  We now measure disability by what people CAN do.


Accessibility is contextual, so we should cater to users’ context.  You’re not necessarily engaging with someone working on a desktop computer with a large monitor, keyboard and mouse anymore.  He referred to a study of how people hold their phones and also the W3C’s BAD (Before After Demo) page.

  • One simple tip:  adding padding around text links increases the “hit size”
  • Keyboard accessibility translates well into touch-friendly interfaces.
  • Use native controls wherever possible.  On the bank side, they used <div> instead of <select> control, which was a problem when they went mobile.


Design for the edge cases (mobile first design)

If you start with a small screen, prioritization really matters. A variation of this model is designing for edge cases.  If you design for the harshest conditions first, the in-between cases are much easier to work out.  Consider accessibility as one of your edge cases!


RWD is a champion for A11Y, we have common goals for our users.


Question:  how do you handle navigation in RWD?  I target the simplest possible device and design progressively.

Question:  Do you do anything special about device orientation changes?  Answer:  why would you change the content?  Perhaps you change the layout, but you should not change the content.

Question:  What is your process when you have the luxury of a “clean sheet” design…how do you handle the lowest common denominator?  I like to start with everything besides the content.  We built the framework, and the content just fits into that framework.

Question:  what about hiding content based on context?  How do you handle that? Well, that’s probably not the best way to go…you’re probably doing it wrong if you’re doing it that way.



Foundations of RWD:  fluid foundation, media queries, responsive images.  In short:  Make your layout flexible!

  • Use ratios (ems) and percentages instead of absolute values (px).
  • Adapt to the size of the viewport:  width = device-width, initial-scale=1
  • What apple does is assume that the normal viewport size is 960 pixels, so if you don’t add the viewport declaration, you can get pages with text that’s very small-looking on a small screen.
  • Media Queries in CSS:  start with smallest screen first, and then the larger screens are additive over that definition.
  • Responsive Images:  for simplicity’s sake, start with this: use max-width:100%, height: auto;