Our Strategies and Initiatives (2022 - 2025)

(Please point and click in the blue boxes accordingly)

Cybersecurity ...

Strategies

  • To advance cybersecurity maturity of HKUST in par with commonly accepted standards of world-renowned research universities

    • Refining University cybersecurity policy based on risk-based approach

    • Engaging the University community to promote cybersecurity awareness and adoption of good practices

    • Regularizing preventive practices and exercises for cybersecurity

    • Strengthening campus cybersecurity by adoption of emerging technologies like cloud-related technologies

    • Supplementing in-house cybersecurity talents with external expertise through acquisition of professional services and participation in leading cybersecurity organizations

  • To adopt a Zero-Trust Security approach (borderless security strategy) based on the 3 guiding principles to prevent massive impact and protect high-value data (e.g. sensitive research data, intellectual property, personally identifiable information (PII), etc.) from any potential security breach:

    • Based on a design philosophy assuming a breach has already happened, or going to happen soon

    • Only explicitly verified (or authenticated) users and devices are allowed access to corporate resources

    • Restrict data on a least-privileged access (LPA) basis by applying conditional access control for different roles

  • To adopt a Passwordless authentication approach to most, if not all, IT services to facilitate a more secure and frictionless user experience in gaining access to IT services. This is in response to the fact that password is no longer a smart way for authentication, in view that passwords are difficult to manage, and may be phished or easily guessed if weak passwords are chosen.
  • To leverage more cybersecurity measures to protect our resources in view of the increasing frequency and sophistication of cybersecurity attacks

     

Initiatives

  • Consolidated Implementation of Cybersecurity Policy

    • Harden infrastructure by adopting a Zero-Trust Security approach

    • Streamline cybersecurity health checks and penetration tests with sandboxing based on virtualization such that scope and depths of checks can be increased

    • Engage CSC community to increase compliance to minimum security standards

    • Engage external experts to train and advise on cybersecurity topics

  • Threat Intelligence

    • Adopt emerging technologies based on AI and ML for detection of suspicious abnormal usage behavior often related to hacking, and increase on endpoint visibility via endpoint analytics
    • Collaborate with trusted organizations on sharing of cybersecurity threat intelligence
  • Cloud-First Strategy
    • Migrate on-premises services to cloud and leverage the strong protection services provided by the enterprise cloud providers
    • Leverage security tools on cloud to protect on-premises resources that cannot be migrated
    • Implement a Cloud Access Security Broker (CASB) solution serving as a security policy enforcement point as we are making use of more and more cloud services:
      • Higher visibility of cloud services in use, including those Shadow IT services
      • Gauge compliance and data security for cloud services in use
      • Provide threat protection capability
  • Deploy a cloud-based Endpoint Management solution (Microsoft Intune) to protect administrative desktops and mobile devices that handle confidential/sensitive data/information, or with a sensitive nature
  • Promote and implement Zero Trust Network Access (ZTNA) approach in our IT infrastructure:
    • Look into Secure Access Service Edge (SASE) solution for our perimeter-less IT environment with hybrid workforce, remote devices, and distributed endpoints
    • Implement microsegmentation at the network level where feasible to segregate traffic as far as possible
  • Passwordless Authentication
    • Passwordless authentication will first be introduced to all Microsoft 365 suite of applications that is based on Azure Active Directory (Azure AD) authentication
    • All current Central Authentication System (CAS) based IT services will also be extended to support passwordless authentication
  • Data Security for Disaster Recovery (DR)
    • Immutable backup mechanism will be adopted to safeguard our corporate data against ransomware attacks

User Services & Training ...

Strategies

  • To develop IT skills of HKUST staff in line with the staff development strategies of the University

    • Equipping staff with up-to-date IT knowledge and skills in the “new normal” of possible hybrid work as well as hybrid learning mode

    • Enriching professional skills among central and non-central IT staff

    • Developing comprehensive skills in using IT effectively for productivity

  • To develop and strengthen the cloud expertise for IT professional staff as deemed necessary for the ongoing cloud transformation journey

  • To provide on-job training for students interested in IT profession, and explore how to engage more student helpers in providing user services support
    • Developing student interns with professional IT skills that also match University’s IT needs

Initiatives

  • IT Skill Development for Administrative Staff

    • Provide training on:

      • Productivity Tools

      • Remote Workplace with Mobile Devices

      • Tools for Meeting and Presentations

      • Custom Training for Administration Offices (Department level)

  • IT Enrichment Program for central and non-central IT staff

    • Provide IT Service Management (ITSM) training for central IT professional staff through online self-paced, face-to-face as well as on-job training
    • Update technical skills of serving IT staff, especially in the area of cloud technologies and skills
    • Introduce emerging technologies that may be adopted by HKUST
    • Work out cloud expertise training program for central IT staff for different cloud-related roles
  • Developing Students for IT Profession in areas like software development, networking, service desk operations, digital A/V, leadership, etc

Teaching & Learning IT ...

Strategies

  • To leverage IT as a powerful tool for supporting pedagogical goals

    • Supporting Active Learning through enhancing interactivity among students and teachers, inside or outside class, using IT on premises or on the cloud

  • To keep on updating our teaching and learning facilities in teaching venues to migrate to a fully digitalized audio-visual (AV) infrastructure to better support the “new normal” of hybrid learning and remote learning so as to:

    • Cope with the changing needs

    • Provide more flexibility in configuration and remote management

    • Enhance user experience

    • Reduce the time and efforts to troubleshoot and remedy a support case

  • To support the use of big data for T&L innovations

    • Developing data connectors for T&L systems to submit data for meeting University’s institutional research requirement

    • Supporting development of IT platforms for learning analytics and student-centric portfolio

  • To support the collaborative teaching and learning between Clear Water Bay and Guangzhou campuses

    • Developing seamless integration for T&L systems to enhance the collaborative experience

Initiatives

  • Digitalization of all central classrooms and lecture theaters with latest audio-visual (A/V) technologies

    • Enhance the collection and use of equipment usage data for analytics

    • Equip selected classrooms with videoconferencing for remote teaching

    • Gradually deploy AVoIP (AV over IP) approach (aka AV 3.0) in the transmission and distribution of AV signals over IP data network

  • BYOD to Learn

    • Leverage cloud-based Desktop as a Service (DaaS) to provide virtual desktop and virtual application service to supplement on-premises VDI, thus allowing cloud elasticity to meet sudden or seasonal demand

      • Consider to leverage cloud-based solution (e.g. VMware Horizon Cloud) to provide hybrid VDI solution

  • Learning Management System (LMS)

    • Explore the future direction of our LMS system to determine if a new replacement solution is needed

    • Implement a cloud-based solution to replace the existing home-grown Student Feedback Questionnaire (SFQ) system

    • Assist Center of Education Innovation (CEI) on the implementation of the Competency Framework for student assessment

    • Revamp SIS-LMS integration to support multi-campus teaching & learning operation

Research IT ...

Strategies

  • To leverage IT as a powerful tool for research

    • Facilitating HKUST researchers to take full advantage of research IT including high-performance computing, storage and networking technologies

    • Assisting in optimized sourcing of research IT facilities

    • Managing the operations of shared research IT facilities and promoting effective sharing of resources where beneficial

  • To collaborate with external research IT organizations

    • Expanding the connectivity to other NRENs, particularly those serving the majority of our research collaborators (e.g. CERNET of China, Internet2 of US, TEIN for trans-Eurasia, etc.)

    • Developing the e-infrastructure for the local R&E community together with counterparts in other local higher-education institutions

  • To further develop and enhance our High Performance Computing (HPC) cluster which is based on the “Community Cluster” model

  • To tap in HPC resources in our Guangzhou campus to support computational needs in HKUST, and at the same time explore building a new HPC Data Center based on liquid-cooling technology for long-term sustainable research computing, or leveraging HPC facility in external data centers if cost justifiable

Initiatives

  • Engagement of research community

    • Solicit and consolidate needs for research IT

    • Identify strategic procurement of research IT

    • Optimize sharing of expensive research IT resources

    • Organize seminars and training sessions for researchers to use new research IT facilities and try out emerging research IT technologies

  • R&E network development: HARNET R&E Node by JUCC

    • Develop the R&E connectivity to external R&E networks via the HARNET R&E Node
    • Meet exceptional bandwidth requirement for research projects by collaborating with relevant NREN (National Research and Education Networks) partners
  • Enhancement of Existing HPC Cluster Management

    • Fine tune the job scheduling system (Slurm) for more effective sharing of HPC resources with respect to the contribution of computational resources by respective contributors

    • Enhance the HPC cluster availability by building redundancy in the core HPC cluster component

    • Provide HPC cluster utilization report to gauge the need for expansion as well as more effective resources utilization

    • Automate routine manual process and system monitoring

  • Feasibility Study and Proposal of Setting Up A New HPC Data Center for Long-Term Computational Need

    • Explore Direct-Liquid Cooling (DLC) solution for more effective and energy-efficient cooling of a green HPC Data Center with increasing heat dissipation associated with growing deployment of GPUs, and achieve lower carbon footprint

    • Consider the feasibility and cost implication to deploy HPC servers that supports direct liquid cooling

    • Work on a proposal on building a future HPC Data Center on campus based on latest HPC and cooling technologies

    • Explore how to leverage the HPC resources in our Guangzhou campus

IT Infrastructure and Basic Services ...

Strategies

  • To further strengthen the use of cloud computing technologies for developing a cloud-native IT environment conducive for teaching, learning, research and business operations, and in particular, to fit into the “new normal” scenario, with the aim to improve efficiency and reduce infrastructure/support costs
    • Uphold the “Cloud-First Strategy” for our cloud transformation journey
    • Providing the option of a cloud-based “digital workspace” so as to achieve the “work from anywhere” objective
  • To move to a software-defined IT infrastructure and, where feasible, leverage the concept of Infrastructure as Code (IaC) to automate the management and configuration of our IT infrastructure
  • To keep on modernizing our on-premises core central IT infrastructure including our central data centers (e.g. by deploying cloud-native infrastructure, or hyper-converged infrastructure, etc.) to achieve higher service availability, enhanced security, configuration flexibility and agility, and ease of management, and to further improve our DR (Disaster Recovery) capability
  • To support and facilitate the development of a Sustainable Smart Campus (SSC)

    • Integrating Internet-of-Things (IoT) technologies with the campus IT infrastructure

    • Utilizing big data from IoT for improved campus experience and service
    • To work with telecom service provider to equip the campus with indoor 5G antennae facility
  • To modernize our Identity and Access Management (IAM) architecture by deploying cloud-based authentication service (Microsoft Azure Active Directory) to serve as a central component in the IAM strategy, supporting multilateral federation to access research services and applications
  • To support API-Driven and microservices infrastructure to streamline, guide and improve University business operations and enable students’ creativity
  • To embrace IT Automation and streamline IT Operations (ITOps) as far as possible to attain higher “IT Operational Efficiency”:
    • by leveraging latest IT operations management approach and tools, and introduce IT automation and orchestration techniques where appropriate
    • AIOps (AI for IT Operations) – combines machine learning, big data, and other advanced analytics to automate IT management processes, including event correlation, anomaly detection, and causality determination

Initiatives

  • Cloud Transformation related:

    • Desktop as a Service (DaaS)

      • Provide cloud-based virtual desktop and virtual application service to supplement on-premises VDI for teaching and learning; such capability provides us cloud elasticity to meet sudden or seasonal demand

      • On end-user computing for staff especially those working on sensitive data, implement the so-called Cloud PC to provide secure virtual desktop for staff that require high desktop availability anytime anywhere without the need to go back to office for physical desktop PC access

    • Cloud Data Backup & Disaster Recovery as a Service (DRaaS)

      • Implement an off-site cloud data backup for the purpose of disaster recovery (DR)

      • Evaluate the best DRaaS model to leverage the cloud backup to resume essential University IT services in the event of a disaster

    • Application Containerization, Orchestration and Modernization

      • Pack applications into containers executable on new platforms for lower TCO (Total Cost of Ownership) - Container and Kubernetes (K8S) are the preferred technologies for application delivery format and deployment platform

      • Transform selected applications (e.g. Drupal web hosting on cloud) to apply DevOps practices for development and deployment

  • Revamp of Primary Data Center (PDC)

    • To revamp our PDC to provide more power and cooling capability to support hosting of more HPC servers

  • Software-Defined Infrastructure

    • Evolve existing virtual server infrastructure (private cloud) to be extensible for tapping into public cloud

    • Migrate to software-defined IT infrastructure, including cloud servers, storage and networking

    • Apply Infrastructure as Code (IaC) where feasible for cloud infrastructure to achieve fast and consistent provisioning of production and testing environment

    • Implement a software-defined data center networking architecture using an overlay approach (using Ethernet VPN and multi-protocol BGP technologies) based on a spine-and-leaf fabric, with the merits of:

      • Higher resiliency and scalability

      • Streamline network provisioning and automation

      • Facilitate workload mobility across data centers, as well as workload segmentation

      • Ease fault isolation

      • Achieve a programmable data center network fabric through applying the Network as Code (NaC) concept

  • Wireless Infrastructure

    • Gradual migration to a wireless infrastructure based on Wi-Fi 6 technology supporting higher network performance and good at serving high-density of Wi-Fi clients like teaching venues

    • Undergo a 3-year student halls network equipment refresh exercise to upgrade the Wi-Fi network of our student halls from Wi-Fi 4 or Wi-Fi 5 to support the latest Wi-Fi 6 standard

    • Leverage the centralized Wi-Fi management platform to provide better Wi-Fi client visibility to gauge end-to-end client performance, and facilitate troubleshooting of Wi-Fi issues with the help of AI and ML technologies

  • Modernization and Unification of User Authentication Infrastructure
    • Improve sign-on user experience for all online applications and strengthen the security with the use of passwordless technology

    • Ease R&E collaborations across institutions, locally and globally

  • API Gateway Platform

    • Promote API-first methodology for IT services and application design

    • Advocate the use of OpenAPI in application design and system integration

  • Explore cloud-based and on-premises ITOps and AIOps management and monitoring tools so as to:
    • Streamline network operations workflows
    • Cut down on arduous troubleshooting and speed up fault isolation time
    • Help automate operations and improve productivity
    • Allow teams to focus on strategic business-driving initiatives
    • Monitor cloud applications usage, performance and security, and provide visibility of those Shadow IT apps
  • Sustainable IT

    • Implement best practices for green IT according to sustainability plan

    • With the help of DCIM (Data Center Infrastructure Management) tool, aim at operating our data centers at a higher temperature to achieve a lower PUE (Power Usage Effectiveness) for energy saving

  • IoT infrastructure for Smart Campus

    • Further develop campus IoT infrastructure by extending existing LoRaWAN gateway network

    • Extend our Open IoT Data Platform to ensure proper security control in place while facilitating data sharing as deemed appropriate

    • Collaborate with CDO and CMO to deploy IoT applications in building development and facility management areas

  • Migration to VOIP
    • Explore the integration of VoIP network to Microsoft Teams