Navigating the Clouds with an Enterprise IT Strategy (178699088)
Transcript of Navigating the Clouds with an Enterprise IT Strategy (178699088)
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
1/41
Navigating the Clouds with anEnterprise IT Strategy
Should your university be a cloud services leader?
How do you balance the benefits and risks of strategic innovation?
What about identity management in the cloud?
Clayton BurtonJason LongFred Miller
October 17, 2013
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
2/41
Agenda(and obligatory cloud picture)
IT Strategic Planning and the Cloud
The Role of Various Cloud Models
Identity Management
Shibboleth in Detail
Lessons Learned & Future considerations
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
3/41
Do you...
1. Do you use cloud services beyond email
and calendar?
2. Have a strategy for what should be in
the cloud, versus on-campus?
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
4/41
About Furman University
Private liberal arts university
750 acres campus in Greenville, South Carolina
2650 undergraduates
96% live on-campus
Division 1 athletics
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
5/41
Furmans IT Strategic Plans
2007
II.24.2 Establish an efficient central system that serves as the
information window to Furman University Implement Single Sign-On (SSO)
2011
2. Champion scalable information technology innovationsand best practices.
Enable efficient operations using appropriate vendor,cloud, and open source solutions.
Supporting tactic:
Require SAML 2 SSO for cloud authentication
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
6/41
Consumers
Industry Govt. / Legal
Consortia
Higher Ed
Institution
Foundations
Our Environment
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
7/41
Investing in an IT project portfolio
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
8/41
Strategic Innovations
Infrastructure
Analytics
Transaction ProcessingIncreasing
Risk
Adapted from Ross and Weil, IT Savvy: What Top Executives Must Know to Go from Pain to Gain, Harvard Business Press, 2009, fig. 3-2.
Innovation within the IT Portfolio
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
9/41
Consumerization & cloud services
IT as a partner, not competitor
Technology contract approvals
Compliance reviews
Leadership agreement on a platform approach
Post-implementation reviews
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
10/41
Vision: One place for all your Furman stuff...
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
11/41
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
12/41
Models of cloud services & risks
Software As A Service: Cloud As A Kit
Infrastructure As A Service: Pay As You Go
Collaboration Opportunities
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
13/41
SaaSCloud as a Kit
Over 40 Software-As-A-Service contracts
PCI-DSS solutions
Office 365
Box
Risks?
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
14/41
Some Furman SAAS Vendors
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
15/41
IaaS - Pay as You Go
Amazon, Moodle & Mobile
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
16/41
edge.furman.edu
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
17/41
Questions
1. Are you using Infrastructure As A
Service? If so, for what?
2. Do you have campus single sign-on?
If so, do you use for cloud services?
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
18/41
Identity management
Identity strategy: provisioning and de-provisioning
The university portal: when is single sign-on appropriate
Shibboleth and federated identity
One place for "all your campus stuff"
Risks? Costs?
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
19/41
One identity, infinite services
Motivations
Consumerization-driven services expected
Centralization for better usability: fewer passwords, URLs
Easier provisioning and user access control
3
rd
party services never see passwords
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
20/41
One password, infinite access
Risks
Too much access: one password for (almost) everything
Social engineering weakness
Structural failure point
Less direct control
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
21/41
SSO choices
Interdependent, overlapping, standard-resistant choices
Not just services you plan on using
New technologies, rapid proliferation
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
22/41
Additional considerations
Moving from managing systems to managing services
Trust through contracts
Consultants vs. training
Wide net vs. standardizing support
Total cost of architecture
Redundancy of systems
Staffing: anchoring the cloud
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
23/41
Our original SSO setup
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
24/41
Future SSO setup
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
25/41
Furmans choices
Vendors used (SSO Easy, Fischer International) for speedof deployment
Consolidation of architecture in phases
Redundancy of key systems
Moving to shibboleth standard and in-house support
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
26/41
Question
1. Do you allow cloud vendors to store your
users passwords?
2. Are you using an Internet2 Net+ or other
Shibboleth-based service?
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
27/41
Where do Shibboleths come from?
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
28/41
SAML Core: data that's transmitted
assertions, requests, responses
Bindings: how the data's transmitted
ie: SOAP, HTTP POST,
HTTP Redirect (GET)
Profiles: describe use cases in detail
Web Browser SSO Profile
many others
SAML building blocks
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
29/41
SAML Flowchart - Phase 1
You request a resource
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
30/41
Here's the login!
(the Single sign-on)
SAML Flowchart - Phase 2
Login, if you havent already
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
31/41
SAML Flowchart - Phase 3
You get the resource
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
32/41
SAML FlowchartComplete
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
33/41
Where Are You From?aka "Discovery"
How the SP knows which IdP
inherent in the URL,ie: furman.SP.com
passed in the URL
ie: SP.com/furman
SAML 2.0 IdP Discovery Protocol
Just ask!
WAYF
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
34/41
usually maintained by yourFederation
adds security
SPs and IdPs specified
certificates
more maintainable
configuration stored inone place
simplifies process ofadding SPs
Don't mind me! I'm just the Metadata!
SAML Metadata
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
35/41
For InCommon:
https://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml
About 6 MB
Take care to configure servers properly using HTTPS!
Where's the Metadata?
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
36/41
Service Logout vs. Session Logout
Shibboleth IdP Clustering
Two factor authentication (cell phone?)
Additional Considerations
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
37/41
Lessons learned
Identify risks
Educate the community
Manage Change
Leadership support key
TRUST
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
38/41
Cloud services
for Innovation
On-Campusfor Security
Distributedsupport
Coordinatedsupport
Possible future scenarios
1 2
3 4
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
39/41
Questions?
How long before all campus servers are
in the cloud?A.Within 3 years
B. 35 years
C.510 years
D.More than 10 years
E. After I retire
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
40/41
Challenges & opportunities
More Mobile
Virtualization
Data center in the cloud
More collaborations
When to partner?
-
7/27/2019 Navigating the Clouds with an Enterprise IT Strategy (178699088)
41/41
Thanks
Clayton BurtonJason LongFred Miller