Questions about Box.com via Net+

Key to answers:
Blue answers are by Andrew Keating from Internet2/Net+.
Scarlet Answers are by Glenn Donaldson and Brant Thomas from Ohio State
Maize answers are by Kris Steinhoff and Bill Wrobleski from Michigan

 Questions about how Box is used

• Are you providing it to your students?
  • Nearly every university that has signed up for NET+ Box ultimately provides accounts to their students as well as faculty / staff. The pricing for the service is based on the whole institution size, so there is no way to purchase accounts only for a sub-set of the campus. Conversely, the cost if you purchased on a per-set basis directly from Box would be far more than the Internet2 NET+ Box pricing for the whole university. One of the reasons the program was set up this way was to encourage collaboration and sharing between all members of the campus community.

• How are you using box as a service on your campus?
  • Primarily as a collaboration/sharing tool for faculty/staff/students.

• Do you use Box as collaboration software? If so, how?
  • Yes, BuckeyeBox is designed to provide better and easier collaboration. If so, how?  Many of us are already using it for sharing/collaborating on documents, etc. with our staff or colleagues.  Being used for project documents, file management, etc.

• Do you use Box as a replacement of AD file shares? departmental shares? If so, how do you manage workgroup membership?
  • Box can be used in this capacity. Since shared folders are owned by a specific user, that user’s quota is affected by the storage used. This makes Box less appealing for this use. Workgroup management is another challenge. The access would need to be manually maintained by the owners of the shared folder
  • We are not asking for Departments to replace their AD file shares with Box but I am sure some are going to be doing so to some extent.

• Do you use Box as an archive/backup of files stored on your devices
  • I know of several users who rely on Box to back up their content
  • Likewise, however, this was not the intent. We are stressing that BuckeyeBox is NOT the final resting place for files.  It is a collaboration service, but again people are doing this.

• Do you have any rules about what kind of data can be stored on Box?  E.G. HIPAA, PCI, grant data
  • Each institution has been assessing Box for sensitive data based on their existing standards. Some are permitting FERPA data in Box, while others are still holding back on that. Internet2 and Box have not yet signed a BAA, although we are pursuing one aggressively and hope to have it wrapped up soon, so I don’t know of any institution permitting HIPAA data in Box currently.
  • No “restricted” data.. we have guidelines in our Knowledgebase.  Only thing at this time allowed is FERPA data.

• Do you use it for Teaching and Learning?
  • Several instructors at Michigan have used Box to share content with their students. No integration yet with our CMS (Sakai)
  • Internet2 has done an informal survey on LMS integrations and presented the results to Box. They are interested in providing some LMS integrations in the near future, targeting first the open source LMSes (Canvas, Sakai). Nothing definite yet but it’s on the horizon, and certainly as more universities sign up for the service there will be increasing demand. There are quite a few use cases of Box for teaching and learning across the institutions currently using it, and spanning many disciplines (a music instructor, for instance, is making files available for listening only through Box’s preview function; faculty in seminar courses are setting up folders for each of their students and collecting written assignments and giving feedback through there; etc)
  • We are working through some ADA compliance acceptance issues with our ADA compliance Team.  Right now we state that they cannot do so.  Professors cannot make a class utilize Box for their classes until ADA is cleared.

Questions about support

• How is it supported?
  • The university should provide front-line, Tier 1 support; Box provides Tier 2 / 3 support (and there is a support escalation document outlining the process on this that can be review). We are not hearing from any of ~32 universities that there are very many end-user, Tier 1 support tickets being generated (on the level of less than 10 per week, even at universities with 1000s of users
  • 1st tier is 8Help then passed to Enterprise Messaging staff.  They then would call Box Support if needed.

• What happens when a user leaves the university?  Does their account/data get deleted, does it roll over into a free consumer version?
  • Box has just finished up a new set of ‘deprovisioning’ APIs that will let universities roll users out of their enterprise instance into free accounts. Box is allowing users to keep their university-granted storage quota when they are rolled out (so instead of a ~5GB free quota, a student with a 50GB university Box account would get to keep that when he/she graduates)
  • We disable their account.  Files are not deleted.  Unit Leads can request that folders from these accounts be moved to another user if needed.  Soon there will be guidance from our Legal and Archivist on how long we can keep the actual data associated with the Box Account.  Right now it is not being deleted.

• Are there admin tools to report on these users for cleanup?
  • Box’s admin console does have several reports that provide information about users (last login, etc.)
  • Not built in.  We use our Identity Management solution for provisioning/de-provisioning.

• How much time/administration does an instance take from a school?
  • I believe we’re running with less than 1 FTE at this point
  • After initial setup not much.  About 10 Incidents/request a week.  We have not though officially rolled out to all Students yet even though there are a lot of them using it.  Approximately 3,000 accounts at this time.

• Are there existing materials that were used to help technicians support end users?
  • Several schools have FAQs on their Box sites (here’s Michigan’s: http://www.itcs.umich.edu/storage/box/faq.php), but I don’t think there’s a central repository at this point
  • KB(Knowledgebase)  Articles on central landing page site of http://box.osu.edu

• How are different policies handled for different types of users?
  • We have tried hard to handle all of our users with the same policies (quotas, etc). We’ve done this in an effort to reduce the complexity of the service and the effort it takes to run it.
  • No different

• Is it just-in-time provisioning for accounts or does there need to be some kind of a load?
  • Box does allow just-in-time provisioning (they refer to it as “auto-provisioning”; it is done via the SSO process). Users can also be bulk uploaded with Box’s admin interface. Michigan is using auto-provisioning.
  • Just in time via Box API Calls from our end user portal service.

• How are accounts activated and deactivated?
  • Users are activated when they login for the first time (auto-provisioning). We are still working on the details for deactivation and deprovisioning. (See “What happens when a user leaves the university?” above.
  • User can do it and also Identity management solution will deactivate account when the affiliation for the user changes to be one that is not eligible for an enterprise Box account.

• How is the user authenticated?
  • Users are authenticated using Shibboleth. For some mobile applications that don’t support SSO, users must set a Box password to access the service from those applications. (The mobile applications that Box provides support SSO.
  • Shibboleth/SSO

• What information is passed to Box by the IdP?
  • Full name, and email address (used as Box username).

Questions about  initial implementation/roll out

• Any issues with getting it adopted across campus?
  • Box spreads virally once it gets going (if I have an account and share a file with you, you’re invited to join, prompted to create an account, etc). So universities like Michigan, Indiana, and others in the Early Adopter group are seeing tens of thousands of accounts after having rolled out for a semester. Still, there is a certain amount of marketing and promotion necessary when the service launches on campus, mostly to ensure campus constituencies are aware the service is available 
  • Adoption was done by major Departments/Colleges.  They actually were the first to ask for such a service to help eliminate all the different cloud based sharing services that they have to support.

• Did you transition to Box from an existing web file management system?  If so, what lessons learned did you take away from the migration?
  • We launched Box in parallel with our legacy services, so didn’t do any data migrations
  • Not a central one.  Everyone used what they wanted.  They would be responsible for moving the data to Box.

Other Questions

• How is Box currently funded?
  • Department/College contributions based on number of FTE

• What happens when we bump against the overall storage limit?
  • I’m not aware of any institution that has hit their storage limit, if anything, the universities are finding that they can increase quotas on individual accounts even more than originally anticipated. If a university does require additional storage it can be purchased as an add-on. If a university has an overage within a given year, they are covered by the Internet2 storage bank (the community covers the overage). At the agreement anniversary date the university would be expected either to purchase additional storage or to reduce its usage
  • You will have to make the decision to purchase more

• Which of the different Box clients are they using?  Any issues?
  • We have enabled all of the Box applications for our users. We haven’t encountered any issues.
  • Long answer.  The only currently Box Apps we enable are the ones listed as Official Box Apps.  So far the one giving most of the incidents are the Box Sync apps for Windows and Macs.

• Do you have an issue with eppn (username@nnn.edu) when it doesn't equal the user email address?
  • There is a process and documentation for addressing this that Box has developed for some of the institutions currently signed up. The new email alias support in Box makes this less of an issue and it has been in the past.
  • Right now they have to match.  There just was some released update that does talk about the use of some proxy addresses but we will not look into that.