A Retrospective of the 2018 ELUNA Conference

 

The Ex Libris Users of North America (ELUNA) hold an annual meeting for the regional user group of Ex Libris in the United States and Canada. Steelsen Smith, Technical Lead for Client Services and IT Operations, attended the conference this past in May and has written about the sessions and news from the conference.

Continue Reading A Retrospective of the 2018 ELUNA Conference

Announcing the Voyager 10.0 Upgrade

The Voyager User Group and Library IT, are planning to move Yale University Library to Voyager 10.0 in December 2017.  The software vendor, Ex Libris, released Voyager 10 this past May. Ex Libris will still assist us with system outages, bugs, and other issues as they arise. To ensure the upgrade will be as seamless as possible, the upgrade is targeted to happen during the Winter Recess. The goal is to have everyone upgraded to Voyager 10 within a day of returning to work in 2018.

Continue Reading Announcing the Voyager 10.0 Upgrade

Two Buildings, One Workflow – Multi-Site Delivery for Beinecke Materials

The Beinecke library’s major renovation will impact all areas of service as the historic building is shuttered between May 2015 and September 2016. Both patrons and staff depend on reliable access to the unparalleled rare materials collection, and therefore need a reliable requesting mechanism to get offsite materials delivered to either the temporary public reading room (located in SML) or the new Beinecke Technical Services space at Science Park.

Special collections stored at the LSF have historically only been deliverable to the owning collection – further movement is handled by the collection’s staff. Changing this to allow for two formal delivery locations required a change to Aeon, the software used by special collections to manage requesting, and to the scripts used by the LSF to process incoming requests. Working with Beinecke and LSF Staff, Enterprise Systems and Services personnel were able to identify an unused field in the Aeon application and use it to store the desired pickup location. The Aeon and GFA applications responsible for integration were then modified to recognize this field and use it to represent a new “drop code” for Beinecke materials. Staff can now populate this field from a radio button in the web request form or through direct entry in the staff client – no other changes to the request are necessary.

Patron requests are automatically designated for the public reading room without staff intervention. With the first test requests processed successfully, Beinecke’s staff at the new technical services headquarters will be ready to continue work uninterrupted after their move. This solution also opens the door to requesting across special collections – allowing readers to view materials at the reading room most convenient for them. While there are many policy, safety, and preservation concerns to be addressed, this project has helped to ensure continuity of service for Beinecke patrons while opening the discussion for more convenient material access for special collection patrons in general.

Security and Sharing

Over the past month Steelsen Smith from the Enterprise Systems and Services group had the opportunity to attend two events related to work we do in Library IT a NERCOMP sponsored security conference and the ILLiad international resource sharing conference.

The first was Boston College’s annual “Security Camp” – a free one day event for IT professionals. The 2015 agenda included lots of timely material, including presentations on identity and access management, docker (a software packaging and containing system), security scanning, DDOS attacks and more. The full agenda is here.

For anyone who manages the deployment of information systems, it has been impossible to avoid docker. In a nutshell, this technology allows users to bundle all of the interrelated parts of an application into a “container” that can then be run on a physical or virtual server. The advantage is that many code packages can share the same server without the overhead of a full virtual machine per application. The platform has proven to be robust, and the presenter (from MIT) made a great case for docker having applications in the classroom or enterprise. The greatest strength of the solution is that applications dependencies, e.g., Java version, can be updated individually without affecting their co-hosted peers. The software can also run on a hardened read-only OS (CoreOS as an example). Docker should not be trusted as fully secure for hosting potentially hostile containers, however. The main vulnerability of the platform comes from its strength – allowing direct hardware sharing. This means that if an application is carefully written to monitor hardware activity it can learn something about the containers it resides with. Also, if an application is able to successfully compromise the kernel it will have access to all other containers on the machine whereas in a dedicated VM it would require a few extra steps.

Another interesting talk focused on handling distributed denial of service attacks (DDoS) effectively. A DDoS is a very basic attack – it drowns out legitimate website requests by triggering an overwhelming number of invalid requests (like shouting in a room where people are speaking) and has become surprisingly easy – there are sites that will let you control their “botnets” of slave machines for a small fee. These attacks are also effective because they rely on the internal operation of fundamental internet protocols (e.g., SNMP or exploiting the TCP handshake) making them hard to protect against. In fact, the two best defenses (note that firewalls are not at all helpful in a DDoS attack) involve using outside providers to manipulate the internet to deflect traffic away from you. For web requests a CDN (content distribution network) can host your website and split it among datacenters around the world which are collectively able to withstand an attack. For attacks based on amplification (requesting a long answer with a short question) a provider like Incapsula or NeuStar can actually intercept internet traffic for you and scrub it – for a sizable fee. While universities generally do not need to worry as much as banks, if the blogosphere takes issue with something done by your institution then a DDoS attack becomes a real possibility.

A few weeks later came the ILLiad International conference in Virginia Beach, VA. Mostly attended by librarians with presentations focused on resource sharing there were a number of interesting talks that applied directly to work in IT both with our support for interlibrary loan software and discovery.

Linked data was one of the unexpected highlights of the conference with the vendor Zepheira giving talks on how relationships between assets as exposed by linked data can drive use. The theory is that discovery necessarily leads to increased use – therefore the easier it is for search engines and link aggregators to discover your content the easier it will be for users to discover it. The natural extension is that, once discovered, your resources should also be easy to request. Consolidated requesting – having your users register once and search and request through a single interface – is one of the ideal outcomes of a library’s analysis and enhancement of its web presence.

Another useful presentation topic addressed how medical libraries handle requests from independent medical researchers and physicians. A service, loansome doc, allows physicians to affiliate themselves with a library to request medical articles. The library then procures those materials on their behalf. There are more differences than similarities, however, when it comes to how these materials are filled. Some libraries have a nearly automated process while others still provide highly individualized service. Some libraries allow electronic delivery to be automatic while others require approval and payment. While it was fascinating to learn about what different medical libraries are doing it was also interesting to think about how article requesting might work as a general service to the public – allowing the “visitor privilege” to be extended to folks elsewhere on the internet. There are no doubt serious legal considerations, but how this could be safely done is a topic of considerable interest.

In both securing information and sharing information IT systems can help the university and the library within it meet institutional goals (or even just comply with regulations). These two events provided great insight into what our peers are doing (or not doing) and the results in their institutions. Although there was far too much covered for a single blog post, please feel free to email me if you’re interested in notes or to talk about any of the agenda topics.

Library IT in Dublin

Every year the Online Computer Library Center (OCLC) hosts and funds attendance to the Developer House, an intensive week-long dive into OCLC services and APIs. This year’s December event was centered on discovery, in particular, the new discovery API and software library.

Yale’s Steelsen Smith, from the Enterprise Systems and Services group, was selected by OCLC to attend, and had the opportunity to work alongside 11 technologists from libraries across the country as well as OCLC staff and developers. As a specialist in the library’s various fulfillment systems Steelsen brought with him to the event questions about the applications of discovery in requesting and delivery and how to more fully use member services available to the Yale University Library.

Besides learning about available web services, as well as new programming techniques and languages, the event served as an opportunity to speak directly to product managers in Dublin. Of particular value was the ability to speak about Yale’s fulfillment workflows and areas where current services work less than optimally.

The week was primarily aimed at producing usable projects in discovery in a short period of time. Open source and available to the community, some of these applications are ready to use and are downloadable from GitHub.

By taking advantage of training opportunities and development events outside of Yale, Library IT is working to build relationships and knowledge that can help to improve services to staff and patrons without incurring new costs. This is in addition to the library’s commitment to contributing to various open source projects and communities, keeping Library IT active in the larger field of library and academic technology.