Choosing a Replacement Email System For a University? 485
SmarkWoW writes "The university I attend is currently looking to change the way in which is provides its students with an email service. In the past they used a legacy mail system which can no longer fit their needs. A committee has narrowed the possibilities down to three vendors: Google, Microsoft, and Yahoo. Representatives from these three vendors will be coming to our college and giving a presentation on the advantages of their systems. We're looking at other services these companies provide such as calendaring and integration with existing software that our university runs. What questions would Slashdot readers ask during these Q&A sessions? Which of these three companies would you recommend? Why? What advantages would each have that college-level students would take advantage of? What other aspects should we consider when making our decision?"
3 choices? Ramifications? (Score:2, Insightful)
Google: least harm
microsoft: most lock-in
Yahoo!: possible lock-in
If Possible (Score:2, Insightful)
Specific questions (Score:5, Insightful)
Find out which one has the least lock-in (Score:3, Insightful)
You may end up w/ an in-house system.
Let your CS dept run it.
Horde (Score:1, Insightful)
If your university is going to dump a load of cash on a different company to manage and maintain the system, they should instead drop the cash on their own employees to do the same
Use the Horde project.
Which service integrates best? (Score:5, Insightful)
I would be be asking either of these rep's is what service integrates best with your existing student directory service(AD, OpenLDAP eDirectory etc), and how do they go about managing mass account creation, recipient policies, group membership.
Its one thing to bring in a new mail service, but ongoing management and maintenance of users and mailboxes, it and how it interacts with other internal systems would be the most important thing to me from an administrative point of view.
Student and Faculty Privacy (Score:5, Insightful)
I would be concerned about the privacy implications of using Yahoo Mail, Hotmail, or GMail for your student and faculty email. Now, granted, a lot of college students will be using one of those three for their personal email accounts *anyhow*, but for faculty in particular, and even some students, there could be some real downsides to using a third-party email provider.
For example, I don't know what Uni you're from, but a lot of Universities have faculty and students who are involved in research which might be of a nature where it might not be good to have them sending emails through a third-party. For example, professors and/or students working on Defense dept, Energy department, or CIA/NSA research (although, it might be that in such a situation, they would be using a more secure email system run by the government agency they are collaborating with, instead of the University email, anyhow, so maybe that's not such a concern).
Still, in general, I don't like the privacy implications of using Yahoo, Microsoft, or GMail for university email systems.
You might ask the representatives what guarantees of privacy they are willing to make to the University and it's students, faculty, and staff. I think I would hold them to a higher standard than what the normal Yahoo, MSN, or Gmail privacy statements offer.
Wrong question -- need good network file system (Score:2, Insightful)
Think Collaboration - (Score:2, Insightful)
Re:Missing option: (Score:3, Insightful)
Re:Find out which one has the least lock-in (Score:5, Insightful)
Missing the point - can save money (Score:5, Insightful)
The university in question will NOT be dumping a load of cash on this, and in fact will probably be saving some. Microsoft. Yahoo and Google all provide this free of charge to Universities - in exchange for getting their stuff and services used by a new bunch of students each and every year, some of whom will continue to use the service even after they graduate. In some ways the students are a commodity, who are being traded to the external provider in exchange for an externally-hosted service.
Senior management may not care about lock-in - they'll be looking at what they can offer students for the least amount of money. If it all works on paper over the next three to five years they may not care about anything else.
Sure, you need to pay someone to provision the accounts, but you don't have a box that sucks down power to run and cool and that needs to be patched and backed up. You have someone else to yell at if things break, too.
My workplace outsourced student mail to one of the larger players, over my initial objections, but I have to admit that overall it seems to be working out quite well.
Novell Groupwise with LDAP (Score:3, Insightful)
You need a professional IT staff with real experience with LDAP and Novell Groupwise. If you are a big university, don't fuck around with Exchange. Universities have serious IT Needs and require elite administrators.
Be very careful about intellectual property rights (Score:5, Insightful)
I looked over a contract between Google and a large university and found it to be very dangerous to the intellectual property rights of the university and to the privacy rights of students, faculty, and staff.
For example, because email is being disclosed to a third party, such as Google, it could affect the dates of disclosure (publication) of information and could, thus, cause a patent application to fail because of an excessive time lapse between publication and the application. It is necessary to bring the provider into the tent of protection so that patent rights are not harmed.
And in these days of litigation, consider who will get subpoenas, the university or the provider, and who will get notice in time to go to court to contest the delivery of the materials.
The terms in some of these contracts make the provider the copyright owner, or at least give a perpetual non-revocable license to the provider, even beyond the lifetime of the agreement. That can lead to some rather unhappy faculty who find that their publications, and their notes and discussions, have been licensed away, forever.
Also consider whether the university can get the email back at the end of the contract. There is a good chance that it will not be able to do so.
And consider whether you think it is a good idea for students, who tend to experiment with life's options, to begin to build a lifelong dossier that contains their university life emails.
The number of issues of this type is huge and most university lawyers are either not equipped to comprehend them or don't care to do so.
Most people I know who have deeply considered these things tend to find it a really bad idea to outsource university email without very, very strong contractual protections that think through the issues of now and the issues that might arise in the future, particularly when the university wants to terminate the agreement or move to another provider.
Re:what happens if... (Score:5, Insightful)
Ask how their system complies with FERPA. (Score:5, Insightful)
Ask them two questions (Score:4, Insightful)
Does your service support encrypted protocols?
Does your service support a standards based access for sending and receiving email (IMAP, POP3, SMTP)?
Hint: only GMail supports these two crucial features.
Re:As much as Microsoft is hated here (Score:3, Insightful)
Re:Use Blackboard (Score:4, Insightful)
Re:Find out which one has the least lock-in (Score:5, Insightful)
Don't. The CS department is interested in education and research. They may come up with an innovative solution and write a few papers about it - then abandon it, leaving it with poor documentation, a bad interface, hundreds of bugs, and idiosyncratic and non-standard elements.
IT is not CS. IT is a service.CS is a discipline. Asking the CS department to run the academic IT systems is like asking the English department to run the library. It's a non-starter.
This is all totally wrong (Score:2, Insightful)
What it sounds like this university is doing, or trying to do, or may end up doing out of foolishness, is simply outsourcing. I can tell you from experience you will simply never be satisfied by outsourcing a crucial function like email. But it sounds like this is a "low technology" school that is unwilling to invest in, and deploy, their own network facilities to do email. Are they afraid they cannot acquire the technical skills to accomplish this? It sure sounds like a school I would not recommend anyone go to for any kind of science or engineering education. May it would be fine for some other fields not related to technology.
So why not just let the students each, individually, pick their own service provider? They don't have to have email addresses with the school's domain name on it. And by picking their own outside the school's domain, they get an address they can keep once they graduate (or transfer out of desperation).
In addition to the above, the school should still run an internal-only email system. This email system would have no access to the internet. It would not accept SMTP connections from outside. It would not attempt to make email connections to the outside. All email would be within that system alone. Then the only spam people would get would be from someone they can suspend, kick out, demote, or fire (or in the case of tenured faculty, lock them out of the internal system). Let everyone use their outside email for outside communications (reaching it through the campus LAN/WAN is OK), and their inside email for inside communications.
Teachers will want to be able to do bulk communications with students in their classes, for example. That can get troublesome on an outside provider, because this can appear to be spam because of the duplications and/or large lists. Doing such academic specific email only on the internal system ensures control, and academic specific policies can be enforced (such as how to determine what is spam). Also, research faculty may need greater levels of security than outside vendors should ever be trusted with. If an outside vendor is used, many departments will still end up setting up something of their own, anyway.
Re:3 choices? Ramifications? (Score:5, Insightful)
Oh god... not Sharepoint. Seriously the worst fucking system on the planet for it's intended purpose. I've seen a whole Sharepoint system rendered useless purely from some tool techie connecting with an updated version of Office. The entries become useless after that unless you upgrade the whole network to the latest version of MS Office.
As for Zimbra, never used it, but it sounds like a nice system. I'd be going between that and Google (I already run a domain bar the web presence via Google docs).
Re:Ask them two questions (Score:1, Insightful)
Are you kidding? Exchange has had security and IMAP/SMTP/POP3 since before GMail existed.
Re:3 choices? Ramifications? (Score:5, Insightful)
I am fond of Google-based solutions, but I think it bears noting that both Gmail and Google Docs are still tagged as "beta" by Google. I don't know if it's because they have impossibly high standard for a release, or because the "beta" flag indemnifies them, but at the end of the day, you'd still be hitching your star on something that the vendor has technically described as not completely ready for prime-time.
Re:The most important question... (Score:4, Insightful)
tie Exchange into your PBX(...) pretty nifty
and useless... its a pretty thing to show off... but then you realise that
only 0.1% of the users might have use it and even then in extreme cases...
its complex solution that is just a money/work hole, that management
like to brag to friends ("yeh, i can listen to my emails!!"), although
they only used it to twice and dont know what to do with it
Re:Must be a pretty crappy university. (Score:4, Insightful)
Sounds more like you were a guinea-pig for ZFS, which maybe wasn't the super best choice for a filesystem to host Cyrus. I'm sure everyone else who now can use Cyrus with ZFS thanks you, but it definitely wasn't the most cluefull move. But hey, ZFS is neat-o, I can understand the attraction.
Re:3 choices? Ramifications? (Score:5, Insightful)
Google least lock-in? No way - they'll own your calendars, your email accounts, your social networking, your website if you let them... Try shifting your online identity away from Google once you've been with them for a bit. I'm still waiting for the day someone loses their job because their Gmail account is suspended and the person has all their work stuff run through Google. I see some businesses trusting all their data to Google's external servers sometimes! And if the institution is considering Google, they need to ask serious questions about where its hosted, privacy and marketing, etc.
Shifting from one solution to another will always be a substantial piece of work, but if you own the data, it's under your control, it's going to be more viable than a setup where you don't.
Re:Student and Faculty Privacy (Score:2, Insightful)
Re:what happens if... (Score:3, Insightful)
Agreed outside of saving the mail logs and bodies. This is a college, not a corporation. At mine, they preferred to log nothing to avoid getting pulled into legal disputes. AFAIK, it isn't required by law, so it's all headaches for no gain on their part.
This argument won't hold water for long. 2 reasons:
1. The university is most likely also a corporation (or even more likely a set of may corps). The set of rules the are subject to are WAY to broad (state, federal, union, blah blah blah) to be summarized into a single line document retention policy ("log nothing to avoid getting pulled into legal disputes")
2. Choosing not to archive on an ongoing basis doesn't remove the need to have a "legal hold" when an organization learns about pending litigation. Being able to not centrally manage this is no longer an excuse that any court in the US will accept