Our Strategies and Initiatives (2022 - 2025)
(Please point and click in the blue boxes accordingly)
Cybersecurity ...
Strategies
-
To advance cybersecurity maturity of HKUST in par with commonly accepted standards of world-renowned research universities
-
Refining University cybersecurity policy based on risk-based approach
-
Engaging the University community to promote cybersecurity awareness and adoption of good practices
-
Regularizing preventive practices and exercises for cybersecurity
-
Strengthening campus cybersecurity by adoption of emerging technologies like cloud-related technologies
-
Supplementing in-house cybersecurity talents with external expertise through acquisition of professional services and participation in leading cybersecurity organizations
-
-
To adopt a Zero-Trust Security approach (borderless security strategy) based on the 3 guiding principles to prevent massive impact and protect high-value data (e.g. sensitive research data, intellectual property, personally identifiable information (PII), etc.) from any potential security breach:
-
Based on a design philosophy assuming a breach has already happened, or going to happen soon
-
Only explicitly verified (or authenticated) users and devices are allowed access to corporate resources
-
Restrict data on a least-privileged access (LPA) basis by applying conditional access control for different roles
-
- To adopt a Passwordless authentication approach to most, if not all, IT services to facilitate a more secure and frictionless user experience in gaining access to IT services. This is in response to the fact that password is no longer a smart way for authentication, in view that passwords are difficult to manage, and may be phished or easily guessed if weak passwords are chosen.
- To leverage more cybersecurity measures to protect our resources in view of the increasing frequency and sophistication of cybersecurity attacks
Initiatives
-
Consolidated Implementation of Cybersecurity Policy
-
Harden infrastructure by adopting a Zero-Trust Security approach
-
Streamline cybersecurity health checks and penetration tests with sandboxing based on virtualization such that scope and depths of checks can be increased
-
Engage CSC community to increase compliance to minimum security standards
-
Engage external experts to train and advise on cybersecurity topics
-
-
Threat Intelligence
- Adopt emerging technologies based on AI and ML for detection of suspicious abnormal usage behavior often related to hacking, and increase on endpoint visibility via endpoint analytics
- Collaborate with trusted organizations on sharing of cybersecurity threat intelligence
- Cloud-First Strategy
- Migrate on-premises services to cloud and leverage the strong protection services provided by the enterprise cloud providers
- Leverage security tools on cloud to protect on-premises resources that cannot be migrated
- Implement a Cloud Access Security Broker (CASB) solution serving as a security policy enforcement point as we are making use of more and more cloud services:
- Higher visibility of cloud services in use, including those Shadow IT services
- Gauge compliance and data security for cloud services in use
- Provide threat protection capability
- Deploy a cloud-based Endpoint Management solution (Microsoft Intune) to protect administrative desktops and mobile devices that handle confidential/sensitive data/information, or with a sensitive nature
- Promote and implement Zero Trust Network Access (ZTNA) approach in our IT infrastructure:
- Look into Secure Access Service Edge (SASE) solution for our perimeter-less IT environment with hybrid workforce, remote devices, and distributed endpoints
- Implement microsegmentation at the network level where feasible to segregate traffic as far as possible
- Passwordless Authentication
- Passwordless authentication will first be introduced to all Microsoft 365 suite of applications that is based on Azure Active Directory (Azure AD) authentication
- All current Central Authentication System (CAS) based IT services will also be extended to support passwordless authentication
- Data Security for Disaster Recovery (DR)
- Immutable backup mechanism will be adopted to safeguard our corporate data against ransomware attacks
User Services & Training ...
Strategies
-
To develop IT skills of HKUST staff in line with the staff development strategies of the University
-
Equipping staff with up-to-date IT knowledge and skills in the “new normal” of possible hybrid work as well as hybrid learning mode
-
Enriching professional skills among central and non-central IT staff
-
Developing comprehensive skills in using IT effectively for productivity
-
-
To develop and strengthen the cloud expertise for IT professional staff as deemed necessary for the ongoing cloud transformation journey
- To provide on-job training for students interested in IT profession, and explore how to engage more student helpers in providing user services support
-
Developing student interns with professional IT skills that also match University’s IT needs
-
Initiatives
-
IT Skill Development for Administrative Staff
-
Provide training on:
-
Productivity Tools
-
Remote Workplace with Mobile Devices
-
Tools for Meeting and Presentations
-
Custom Training for Administration Offices (Department level)
-
-
-
IT Enrichment Program for central and non-central IT staff
- Provide IT Service Management (ITSM) training for central IT professional staff through online self-paced, face-to-face as well as on-job training
- Update technical skills of serving IT staff, especially in the area of cloud technologies and skills
- Introduce emerging technologies that may be adopted by HKUST
- Work out cloud expertise training program for central IT staff for different cloud-related roles
-
Developing Students for IT Profession in areas like software development, networking, service desk operations, digital A/V, leadership, etc
Teaching & Learning IT ...
Strategies
-
To leverage IT as a powerful tool for supporting pedagogical goals
-
Supporting Active Learning through enhancing interactivity among students and teachers, inside or outside class, using IT on premises or on the cloud
-
-
To keep on updating our teaching and learning facilities in teaching venues to migrate to a fully digitalized audio-visual (AV) infrastructure to better support the “new normal” of hybrid learning and remote learning so as to:
-
Cope with the changing needs
-
Provide more flexibility in configuration and remote management
-
Enhance user experience
-
Reduce the time and efforts to troubleshoot and remedy a support case
-
-
To support the use of big data for T&L innovations
-
Developing data connectors for T&L systems to submit data for meeting University’s institutional research requirement
-
Supporting development of IT platforms for learning analytics and student-centric portfolio
-
-
To support the collaborative teaching and learning between Clear Water Bay and Guangzhou campuses
-
Developing seamless integration for T&L systems to enhance the collaborative experience
-
Initiatives
-
Digitalization of all central classrooms and lecture theaters with latest audio-visual (A/V) technologies
-
Enhance the collection and use of equipment usage data for analytics
-
Equip selected classrooms with videoconferencing for remote teaching
-
Gradually deploy AVoIP (AV over IP) approach (aka AV 3.0) in the transmission and distribution of AV signals over IP data network
-
-
BYOD to Learn
-
Leverage cloud-based Desktop as a Service (DaaS) to provide virtual desktop and virtual application service to supplement on-premises VDI, thus allowing cloud elasticity to meet sudden or seasonal demand
-
Consider to leverage cloud-based solution (e.g. VMware Horizon Cloud) to provide hybrid VDI solution
-
-
-
Learning Management System (LMS)
-
Explore the future direction of our LMS system to determine if a new replacement solution is needed
-
Implement a cloud-based solution to replace the existing home-grown Student Feedback Questionnaire (SFQ) system
-
Assist Center of Education Innovation (CEI) on the implementation of the Competency Framework for student assessment
-
Revamp SIS-LMS integration to support multi-campus teaching & learning operation
-
Research IT ...
Strategies
-
To leverage IT as a powerful tool for research
-
Facilitating HKUST researchers to take full advantage of research IT including high-performance computing, storage and networking technologies
-
Assisting in optimized sourcing of research IT facilities
-
Managing the operations of shared research IT facilities and promoting effective sharing of resources where beneficial
-
-
To collaborate with external research IT organizations
-
Expanding the connectivity to other NRENs, particularly those serving the majority of our research collaborators (e.g. CERNET of China, Internet2 of US, TEIN for trans-Eurasia, etc.)
-
Developing the e-infrastructure for the local R&E community together with counterparts in other local higher-education institutions
-
-
To further develop and enhance our High Performance Computing (HPC) cluster which is based on the “Community Cluster” model
-
To tap in HPC resources in our Guangzhou campus to support computational needs in HKUST, and at the same time explore building a new HPC Data Center based on liquid-cooling technology for long-term sustainable research computing, or leveraging HPC facility in external data centers if cost justifiable
Initiatives
-
Engagement of research community
-
Solicit and consolidate needs for research IT
-
Identify strategic procurement of research IT
-
Optimize sharing of expensive research IT resources
-
Organize seminars and training sessions for researchers to use new research IT facilities and try out emerging research IT technologies
-
-
R&E network development: HARNET R&E Node by JUCC
- Develop the R&E connectivity to external R&E networks via the HARNET R&E Node
- Meet exceptional bandwidth requirement for research projects by collaborating with relevant NREN (National Research and Education Networks) partners
-
Enhancement of Existing HPC Cluster Management
-
Fine tune the job scheduling system (Slurm) for more effective sharing of HPC resources with respect to the contribution of computational resources by respective contributors
-
Enhance the HPC cluster availability by building redundancy in the core HPC cluster component
-
Provide HPC cluster utilization report to gauge the need for expansion as well as more effective resources utilization
-
Automate routine manual process and system monitoring
-
-
Feasibility Study and Proposal of Setting Up A New HPC Data Center for Long-Term Computational Need
-
Explore Direct-Liquid Cooling (DLC) solution for more effective and energy-efficient cooling of a green HPC Data Center with increasing heat dissipation associated with growing deployment of GPUs, and achieve lower carbon footprint
-
Consider the feasibility and cost implication to deploy HPC servers that supports direct liquid cooling
-
Work on a proposal on building a future HPC Data Center on campus based on latest HPC and cooling technologies
-
Explore how to leverage the HPC resources in our Guangzhou campus
-
IT Infrastructure and Basic Services ...
Strategies
- To further strengthen the use of cloud computing technologies for developing a cloud-native IT environment conducive for teaching, learning, research and business operations, and in particular, to fit into the “new normal” scenario, with the aim to improve efficiency and reduce infrastructure/support costs
- Uphold the “Cloud-First Strategy” for our cloud transformation journey
- Providing the option of a cloud-based “digital workspace” so as to achieve the “work from anywhere” objective
- To move to a software-defined IT infrastructure and, where feasible, leverage the concept of Infrastructure as Code (IaC) to automate the management and configuration of our IT infrastructure
- To keep on modernizing our on-premises core central IT infrastructure including our central data centers (e.g. by deploying cloud-native infrastructure, or hyper-converged infrastructure, etc.) to achieve higher service availability, enhanced security, configuration flexibility and agility, and ease of management, and to further improve our DR (Disaster Recovery) capability
-
To support and facilitate the development of a Sustainable Smart Campus (SSC)
-
Integrating Internet-of-Things (IoT) technologies with the campus IT infrastructure
- Utilizing big data from IoT for improved campus experience and service
- To work with telecom service provider to equip the campus with indoor 5G antennae facility
-
- To modernize our Identity and Access Management (IAM) architecture by deploying cloud-based authentication service (Microsoft Azure Active Directory) to serve as a central component in the IAM strategy, supporting multilateral federation to access research services and applications
- To support API-Driven and microservices infrastructure to streamline, guide and improve University business operations and enable students’ creativity
- To embrace IT Automation and streamline IT Operations (ITOps) as far as possible to attain higher “IT Operational Efficiency”:
- by leveraging latest IT operations management approach and tools, and introduce IT automation and orchestration techniques where appropriate
- AIOps (AI for IT Operations) – combines machine learning, big data, and other advanced analytics to automate IT management processes, including event correlation, anomaly detection, and causality determination
Initiatives
-
Cloud Transformation related:
-
Desktop as a Service (DaaS)
-
Provide cloud-based virtual desktop and virtual application service to supplement on-premises VDI for teaching and learning; such capability provides us cloud elasticity to meet sudden or seasonal demand
-
On end-user computing for staff especially those working on sensitive data, implement the so-called Cloud PC to provide secure virtual desktop for staff that require high desktop availability anytime anywhere without the need to go back to office for physical desktop PC access
-
-
Cloud Data Backup & Disaster Recovery as a Service (DRaaS)
-
Implement an off-site cloud data backup for the purpose of disaster recovery (DR)
-
Evaluate the best DRaaS model to leverage the cloud backup to resume essential University IT services in the event of a disaster
-
-
Application Containerization, Orchestration and Modernization
-
Pack applications into containers executable on new platforms for lower TCO (Total Cost of Ownership) - Container and Kubernetes (K8S) are the preferred technologies for application delivery format and deployment platform
-
Transform selected applications (e.g. Drupal web hosting on cloud) to apply DevOps practices for development and deployment
-
-
-
Revamp of Primary Data Center (PDC)
-
To revamp our PDC to provide more power and cooling capability to support hosting of more HPC servers
-
-
Software-Defined Infrastructure
-
Evolve existing virtual server infrastructure (private cloud) to be extensible for tapping into public cloud
-
Migrate to software-defined IT infrastructure, including cloud servers, storage and networking
-
Apply Infrastructure as Code (IaC) where feasible for cloud infrastructure to achieve fast and consistent provisioning of production and testing environment
-
Implement a software-defined data center networking architecture using an overlay approach (using Ethernet VPN and multi-protocol BGP technologies) based on a spine-and-leaf fabric, with the merits of:
-
Higher resiliency and scalability
-
Streamline network provisioning and automation
-
Facilitate workload mobility across data centers, as well as workload segmentation
-
Ease fault isolation
-
Achieve a programmable data center network fabric through applying the Network as Code (NaC) concept
-
-
-
Wireless Infrastructure
-
Gradual migration to a wireless infrastructure based on Wi-Fi 6 technology supporting higher network performance and good at serving high-density of Wi-Fi clients like teaching venues
-
Undergo a 3-year student halls network equipment refresh exercise to upgrade the Wi-Fi network of our student halls from Wi-Fi 4 or Wi-Fi 5 to support the latest Wi-Fi 6 standard
-
Leverage the centralized Wi-Fi management platform to provide better Wi-Fi client visibility to gauge end-to-end client performance, and facilitate troubleshooting of Wi-Fi issues with the help of AI and ML technologies
-
- Modernization and Unification of User Authentication Infrastructure
-
Improve sign-on user experience for all online applications and strengthen the security with the use of passwordless technology
-
Ease R&E collaborations across institutions, locally and globally
-
-
API Gateway Platform
-
Promote API-first methodology for IT services and application design
-
Advocate the use of OpenAPI in application design and system integration
-
- Explore cloud-based and on-premises ITOps and AIOps management and monitoring tools so as to:
- Streamline network operations workflows
- Cut down on arduous troubleshooting and speed up fault isolation time
- Help automate operations and improve productivity
- Allow teams to focus on strategic business-driving initiatives
- Monitor cloud applications usage, performance and security, and provide visibility of those Shadow IT apps
-
Sustainable IT
-
Implement best practices for green IT according to sustainability plan
-
With the help of DCIM (Data Center Infrastructure Management) tool, aim at operating our data centers at a higher temperature to achieve a lower PUE (Power Usage Effectiveness) for energy saving
-
-
IoT infrastructure for Smart Campus
-
Further develop campus IoT infrastructure by extending existing LoRaWAN gateway network
-
Extend our Open IoT Data Platform to ensure proper security control in place while facilitating data sharing as deemed appropriate
-
Collaborate with CDO and CMO to deploy IoT applications in building development and facility management areas
-
- Migration to VOIP
-
Explore the integration of VoIP network to Microsoft Teams
-