Mike Roch Esym09 Final
18
© University of Reading 2009 www.reading.ac.uk/ITS IT Services A View from the Intersection Mike Roch Director of IT Services 21 May, 2009 Conducting at the Piazza Venezia
description
Transcript of Mike Roch Esym09 Final
© University of Reading 2009 www.reading.ac.uk/ITS
IT Services
A View from the Intersection
Mike RochDirector of IT Services
21 May, 2009
Conducting at the Piazza Venezia
© University of Reading 2009 www.reading.ac.uk/ITS
IT Services
3
• Extension college of Christ Church 1892
• Royal Charter awarded 1926
• 13,000 undergrads; 5,000 postgrads
• 3,000 staff (700 researchers)• 87 % of research is of
International Standing• Turnover £200M; Research
income £30M
IT Services - Responsibilities
• Data networks– 4 x switched Gb Ethernet
campus networks– 2 x 1Gb connections to
JANET via TVN MAN– 5000 room ResNet
• Voice networks• Infrastructure
services– Infoblox DNS/DHCP– MS Active Directory– 2 x 50TB NetApp Filers
• Classroom technology
• Corporate systems– MS Exchange email (staff)– MS IIS/CMS webhosting– Agresso Finance– Trent HR– SITS SR– Blackboard VLE
• Research support– Infrastructure– Hardware– Software– Help and advice 4
IT Services – Partnerships• Communications – PTS Consulting • Networks – Data Integration• Windows – Microsoft Educational Support
Centre• Virtualisation – VMware• Disaster Recovery – Sungard• Offsite backup - Recall• Student Email – T.B.A.• Identity Management – Oxford
Computing Group• Access Management – Eduserv 5
IT Services - Culture• Services more important than IT• We work for them - ‘Can-do’, ‘Here to
Help’• Good value for money - £270/fte user/yr • Standards and working practices
– Service desk & workflow - ITIL– Change management - ITIL– Project management - PRINCE-lite– Information security management - BS7799/ISO27002
• Pragmatism – ‘Utility not ideology ’• Risk management – proportionality
6
7
Risk Management
Prevent
ReduceImpact
Plan
Accept
Research Support• Computational resources
– Thames Blue IBM BladeCenter– 600 node Campus Grid & NGS Affilliate
• Storage resources– Mirrored NetApp Filers & Enterprise Vault– Institutional Repository - ePrints
• Software– ArcGIS, Matlab, SAS, SPSS, ATLAS-ti, NVivo, …
• Support– Advice, documentation, certification, AccessGRID,
Globus g/w– Partnerships – Oxford eResearch Centre, eResearch
South, NGS8
Identity Management - background • Mainframe s and UNIX minis from 1970s• Distributed UNIX workstations + NFS filestore -
1988– TCP/IP, PC-NFS for PCs, CAP etc for Macs– Yellow Pages/NIS directory services
• Common University Username (= email LHS for students)
• Active Directory synched with NIS from 2001
9
s p u 0 3 c h 3
Science Faculty
Physics Dept Undergraduate
Registration Year
Initials + serial
Identity Management - update
• New format usernames for accounts from Oct 2008– 2 random letters followed by 6 digits– New format email addresses for students
• Microsoft Identity Lifecycle Manager service summer 2009– ADAM (Active Directory Application Mode) to replace
NIS– Parallel running from launch
• Remote authentication and authorisation– OpenAthens subscription for 3 years from 1/8/08– Eduroam for visitors and working away– Digital Certificates for accessing research computing
resources
10
So, is IdM Utopia Builded Here?
11
SQL
PostProcessing
SQL
ILM
SQL
GroupPopulator Delayed
Action
SQL
Home Drive/File Storage
Communications Directory
ADAM
RISIS (Students)
SQL
Students XMA
Midland Trent (Staff)
SQLEmployees XMA
ADAM MAActive Directory & Exchange 2003
ADStudent Active Directory MA
Post Processing Drive Creation
User
HR
Students at Registration
Unix Mail
ADAM
Student ADAM MA
User
Communications Directory Interface
Remedy
SQL
Employee External XMA
SQL
Actions Logging
Message Delivery
Trent Users XMA
Tutors Delimited File
NIS Export
File
NIS Export
Employee/Xternal Active Directory MA
Student XMA
Employee/Xternal ADAM MA
UCISA Top Concerns 2008
12
Rank Concern
1 Funding and sustainable resourcing of IT2= IT strategy and planning
2= Organisational change and process improvement4 Business systems to support the institution5 "Environmentally friendly" computing / energy efficiency6= IT/IS service quality6= Service availability and resilience8 Governance of IT9 E-learning10= The development of an architected, enterprise-wide IT Infrastructure10= Data centres12 Mobile computing, anytime, anywhere computing, home working13 Identity & access management
Transatlantic Top Concerns
13
EDUCAUSE ISSUE EDUCAUSE UCISASecurity 1 >13
Administrative / ERP Information Systems 2 4Funding IT 3 1Infrastructure 4 10Identity / Access management 5 13
Disaster recovery / Business Continuity 6 >13
Governance, organisation and leadership 7 8Change management 8 2E-learning / Distributed teaching and learning 9 9Staffing / HR management / Training 10 -
http://www.ucisa.ac.uk/members/surveys/tc
Challenges to IdAM in HEIs
• Porous boundaries and fluid structures– Open campuses, open libraries, open access– Open resources – research & T&L outputs– Re-organisations, mergers, spin-offs, closures– Nomadic academic careers
• Individual behaviours - PBSK– Serendipitous discovery ignores boundaries– Research collaborators identified and trusted by
personal estimation not external validation – Web2.0 take-up - *FREE* of cost/authority/bureaucracy – Sharing and trading identities
14
Project FLAME – London School of Economics
• Technical Strand – investigated systems supporting: – Delegated Authority Management (DAM)– Attribute Release Policy (ARP)– Virtual Organisation Management (VOM)
• Social study - large scale studies of typical user attitudes, exploring:– the extent to which users (students and staff) value
and manage their personal data – their understanding of what data is held by service
providers – the extent to which this data is exchanged
15
Project FLAME – Social Study Experiment
16
• What is your LSE username?• What is your LSE library
number?
• What is your Facebook password?
• What is your LSE logon password?
• What is your term-time address?
• What is your date of birth?• What is your mobile
number?• What is your credit card
number?
91 %
63 %
40 %
14 %
90 %
73 %
67 %
30 %
Risk, Identity and Access Management
• Vital to mitigate risks:– Resource misallocation– Breaches of contractual obligations– Breaches of confidentiality, integrity and availability– Quality assurance failures …
• Mitigation must always be proportional to risk:– Big risks need strong controls– Small risks less so …Else– Excessive costs– Inflexible processes– Missed opportunities …
17
Links • JISC Project FLAME
https://gabriel.lse.ac.uk/twiki/bin/view/Projects/Flame/WebHome
• UCISA Top Concernshttp://www.ucisa.ac.uk/members/surveys/tc
• Reading eResearch pageshttp://www.reading.ac.uk/e-research
• Piazza Venetzia Traffic Cophttp://www.youtube.com/watch?v=wBJa0W49ayI
18
