oit status fall 2007 - welcome to ohio university
DESCRIPTION
TRANSCRIPT
Office of Information TechnologyInformation Technology Improvement Plan
Progress UpdateIT Oversight Committee
J. Brice BibleChief Information Officer
Office of Information TechnologySeptember 21, 2007
Agenda• Improvement Plan Updates
– Information Security– Systems and Operations– Network Modernization– SIS Readiness Assessment– Black Board Pilot Project– Critical Staffing Status– Budget Update
• University System of Ohio• Oracle Identity Management Insight
Update: Information Security
• Firewall Accomplishments– Upgraded the three border firewall operating systems (two main plus
spare), and the corresponding Netscreen Security Manager (NSM) servers
– Installed and configured 6 new data center firewalls (total of 17 physical firewalls)
• FY08 Firewall Plans– Expand the use of the border firewall which currently uses a minimal
rule set and only 4% of the CPU– Install subnet (building level) firewalls around campus as part of the
general network upgrade– Install data center firewall for sensitive data systems
• Music Down-Load Policy (P2P)– Selected Blocking Policy in Place (currently 115th on RIAA list)
Status
Update: Information Security
• HIPAA Compliance- HIPAA compliance remediation completed for Hudson Health- VPN , HIPAA policies, and hardened desktops resulted in restarting e-
health systems this Fall
• SSN Removal from ID Cards and Library and Ping Systems• Security Assessment Services
- Tools available for evaluating system security- Completing first customer assessment – Human Resources- Responded to 1000 Email Requests and 2000 Log Issues since Spring
• New Information Security Director – Matthew Dalton- Rochester Institute of Technology Deputy ISO
• Security Plans- Initiate Regular Critical System Assessments- Complete Policy Framework and Incident Response
Status
• Data Center and Operations– Conducting joint review of HVAC and electrical capacity with facilities staff– Targeting fall quarter consulting engagement to correlate findings from facilities and
provide roadmap for CSC datacenter• Roadmap will be used for further discussion with facilities planning regarding
funding needs for the facility– UPS upgrade targeted for this FY
• Storage Architecture– RFP Reviews Underway– Largest infrastructure expenditure in FY 08– Vendor finalists presenting the weeks of 9/10 and 9/17
• Targeting magic quadrant partners identified by Gartner research– Targeting week of 10/1 for vendor award– Timeline important to meet other project needs and to mitigate backup risks
Update: Systems and Operations
Systems Update *
* Additional Information in Appendix
Status Highlights *• Systems
– Majority of high availability architecture design decisions affecting ERP will occur in the 2nd half of FY 08
– Fall and Winter decisions will focus on stabilizing existing commitments that will retain investment value
• VMWare• AIX and Linux systems
– Targeting OS reduction and a broad move from Unix to Linux• Requires some spending to validate design ideas• Vendor consultation on Oracle host designs
– Plans include review of all hardware based hosting to assess the potential for migration to virtualization
• Virtualization already used for many web and middle tier applications– Legacy Unix system retirement will not begin in earnest until FY 09
• Tru64• Solaris
– A strategic partner will be selected for host hardware similar to storage
Update: Systems and Operations
* Additional Information in Appendix
Readiness Assessment• Prepare for Readiness Assessment (Sep – Oct 07)
• Ensure IT Improvement Plan Requirements Underway• Purchase Necessary Peoplesoft Student Software Modules• Prepare Hardware Environment (Collaborative options on hosting at OSU)• Acquire and Prepare Project Team Staff (OHIO functional and technical, PS consultants)
• Conduct Readiness Assessment (Nov 07 – Mar 08)• Conduct Fit/Gap Analysis• Develop Project Charter (objectives, metrics, scope)• Develop Master Plan for Communication, Scope & Risk Management• Develop Resource Master Plan• Develop Project Management Methodologies• Develop Detailed Project Schedule and Costs
• Continually Pursue and Develop Possible State Alliances• Four State Universities Using Same SIS Solution
• Three at Approximately Same Step in Implementation Process• Provide Detailed Funding Proposal for Board of Trustees in Spring 2008
• Determine Sources and Availability of Funding for Entire Project
Update: Student Information System (SIS) Update
Legacy Network
• Initial rollout: 1996-1998• Bandwidth to desktop: 10 Mbps• Bandwidth to building: 100 Mbps• Scope: Athens campus
Update: Network Modernization Update
Current Network Architecture (abbreviated)
Router
1
2
3
4
5
FANSTATUS
6
Catalyst4506
WS-C4506
INPUT OK
FAN OK
OUTPUT FAIL
1300ACV
100-240 V~
12-5 A
50/60 Hz
Switch must be in off "O" position to Install/Remove power supply.Fastener must be fully enaged prior to operating power supply.
INPUT
INPUT OK
FAN OK
OUTPUT FAIL
1300ACV
100-240 V~
12-5 A
50/60 Hz
Switch must be in off "O" position to Install/Remove power supply.Fastener must be fully enaged prior to operating power supply.
INPUT
WS-X4013+ SUPERVISOR ENGINE II PLUS
STATUS
UPLINK 1
LINK ACTIVE
UPLINK 2
ACTIVELINK ACTIVE 1% 100%
UTILIZATION
CONSOLE
LINK
10/100MGT
FLASH
EJECT
RESET
UTILSTAT
DUPLEXSPEED
SYSTEMRPS
CATALYST 35503
4
5
6
7
8
9
10
11
12
1
2
15
16
17
18
19
20
21
22
23
24
13
14
1 2
WS-C3550-24-SMI
UTILSTAT
DUPLEXSPEED
SYSTEMRPS
CATALYST 35503
4
5
6
7
8
9
10
11
12
1
2
15
16
17
18
19
20
21
22
23
24
13
14
1 2
WS-C3550-24-SMI
UTILSTAT
DUPLEXSPEED
SYSTEMRPS
CATALYST 3550
2
1
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
WS-C3550-48-SMI
STATUS4 5 6 7 8 9 10 11 12 13 14 15321
1413
1211
109
87
65
43
21
WS-X4448-GB-RJ45
2625
2827
3029
3231
3433
3635
3837
4039
4241
4443
4645
4847
2019
2221
2423
1817
1615
48 PORT
BASE-T10/100/1000
16
MULTI-SPEED GIGABIT
MODULEETHERNET SWITCHING
313029282726252423222120191817 48474645444342414039383736353432 33
STATUS
WS-X4306-GB
1000 BASE-X SWITCHING MODULE1 2 3 4 5 6
STATUS
WS-X4148-RJ
37 38 39 40 42 44 45 46 47 4841 4325 26 27 28 30 32 33 34 35 3629 3113 14 15 16 18 20 21 22 2317 19 241 2 3 4 6 8 9 10 11 125 7
1112
910
78
56
34
12
1314
2324
2122
1920
1718
1516
2526
3536
3334
3132
2930
2728
3738
4748
3940
4142
4344
4546
STATUS
WS-X4148-RJ
37 38 39 40 42 44 45 46 47 4841 4325 26 27 28 30 32 33 34 35 3629 3113 14 15 16 18 20 21 22 2317 19 241 2 3 4 6 8 9 10 11 125 7
1112
910
78
56
34
12
1314
2324
2122
1920
1718
1516
2526
3536
3334
3132
2930
2728
3738
4748
3940
4142
4344
4546
`
Computer `
Computer
`
Computer`
Computer
`
Computer
`
Computer
`
Computer`
Computer
`
Computer
`
Computer
`
Computer`
Computer
`
Computer `
Server
`
Computer`
Computer
Router
10/100 Mbps Ethernet
Gig Ethernet
Update: Network Modernization Update
Next Generation Network (10 Gbps project)
• Initial rollout: 2007/08 (Pending Governance Review)
• Bandwidth to desktop: 100 Mbps or 1.0Gbps
• Bandwidth to building: 10 Gbps for Major Buildings (1 Gbps where appropriate)
• Core routers: Redundant links to distributed hub sites
• Distributed router hub sites: Redundant links to buildings
• Initial Scope: Athens Campus
Update: Network Modernization Update
Next Generation Network Architecture * (abbreviated)
10 Gig Ethernet
RouterHub Site 1A
RouterHub Site 1B
Router Router
RouterHub Site 2A
RouterHub Site 2B
Green 1 Green 2
Core
Data Center
Update: Network Modernization Update
* Additional Information in Appendix
New Recruitment Strategies and Initiatives for IT Positions
Update: Critical Staffing Status
• Proactive Recruitment of Passive Job Seekers- Post Job Vacancies on Monster.com- Search Monster Resume Database and Solicit Candidates for Current
and/or Upcoming Positions- Solicit Potential Candidates at national Educause Conference
• Post Positions on Several University Gateway Listservs• Develop Recruiting Brochure to Introduce Candidates to OHIO
and Southeastern Ohio• Post Vacancies with the Top 10 Colleges and Universities
producing African American Master's Degrees in Computer and Information Sciences
1st Quarter Mission Critical Posting Update
Position Status
Director of IT Security HIRED. Matthew Dalton. 9-1-07
Director of Systems and Operations Interviews currently underway.
Firewall Administrator Position currently posted.
Windows Administrator Search committee reviewing candidates.
Blackboard Apps Administrator Posting pending.
Update: Critical Staffing Status
2nd Quarter Mission Critical Anticipated Postings
Position Department
Director of Customer Services Customer Service
Unix Administrators (2 positions) Systems & Operations
Security Analyst IT Security
Database Administrator Application Information Solutions
Update: Critical Staffing Additions
FY 2008 Summary of ExpendituresDepartmentName
StaffingCosts
Operations, Licensing, Work Orders
Program/Project Funds
TelephoneOperations
TOTAL
Office of the CIO $514,790 $24,970 $3,120,216 $3,680,076
Academic Technology
$1,414,121 $156,561 $1,800,952
Customer Support Services
3,343,545 $645,222 $50,000 $4,100,544
Applications Solutions
$3,454,845 $645,999 $4,100,844
Information Security
$403,044 $26,263 $59,950 $489,217
Systems and Operations
$2,314,691 $1,566,541 $3,500 $3,884,732
Business Services $860,047 $577,352 $1,437,399
Telephone Auxiliary
$2,065,000 $2,065,000
TOTAL $11,844,598 $3,916,046 $3,247,754 $2,065,000 $21,073,398
Update: OIT Budget
Project Description OIT FY08 Base Funding
Black Board Enhancement Project $60,000
IT Business Continuity $5,000
Additional ID Card Costs $25,000
Apple Site License Renewal $59,000
Data Center Firewall $50,000
Network 10 Gb Upgrade Project (Year 1) $750,000
Blue Light Replacement $30,000
Security Monitoring and Compliance System $250,000
Storage Infrastructure (Lease) $500,000
SIS-OSU Disaster Recovery Services $83,100
VM Capacity Expansion $64,500
IronPort Expansion $70,000
Identity Management (Pilot) $300,000
Oracle e-Business Upgrade/SIS Testbed $366,000
E-Mail Replacement (Tru64) $143,200
Enterprise Architecture Test Environment $87,600
Available Funds
Deferred or Other Funds
FY 2008 Program/Project Expenditures
Update: OIT Budget
Inherited FY07 OIT Budget Challenges
Update: OIT Budget
• Mainframe Upgrade (stabilization until new SIS)
• Required Budget Reductions ($1,071,386)- Actual FY07 Reductions - $377,683- Cost-Savings Measures in FY08 - $274,800- Additional Reduction in FY08 Base - $418,903
• Increased Licensing and Service Cost - $275,000
• Unfunded Staffing and Salary Increases $294,000
• Increased Security Staff and Services - $120,917
University System of OhioStrategic Initiatives in Information Technology
HIGH POTENTIAL OPPORTUNITIESNear Term (One/Two Years):• Shared Emergency Notification Services• Co-Located Disaster Recovery / Backup• Common Admissions Application Portal• Consolidated IT Contracting and Procurement
– Central Licensing– Group Purchasing
• Statewide Policies and Procedures
Medium Term (Three Years):• Federated IdM Model• Course Management Toolkit (universal access) • Common Applications (help desk, email, anti-virus)• Central NOSC• Long Term (Three/Five Years):• VOIP / Unified Messaging / Advanced Applications• Shared State-HE Data Center• Common ERP
ISSUES• Lack of Central Contracting Authority
Hinders Collaboration• IUC Commitment To Collaboration
Model
Update: Statewide Discussions
Appendix
Data Center Facility Details
• Most systems same age as last renovation ~ 15 years ago– Door security – Fire Alarm– Fire Suppression– Cooling– UPS– PDUs
• Other Known Deficiencies– Door Cameras and monitors
• Non-recorded• No service contract
– Generator• Security questionable
Update: Systems and Operations
Systems Details• Systems by major service
– Blackboard instructional system• Hardware and OS components range 3-5 years old• Not on latest release of the product• High availability limited by one datacenter
– Web• Front end systems virtualized ~ 2 years old• Back end system ~ 5 years old• Legacy system still in use due to slow adoption rate; ~ 9 years old• No high availability
– Email• System hardware components range from 3-5 years old
– Has been through several design revisions• System OS and Hardware support end of life by manufacturer by 2011• Service will be reviewed in second half of FY 08 for future roadmap• High availability limited by one datacenter
– SIS• Product end of life• Newest of two mainframes only one year old• System required until new SIS comes on-line• High availibility limited by one datacenter
– Financial and HR Systems• Hardware 5 years old; development and test 7 years old• Current Oracle eBusiness solution requires upgrade that hardware cannot support• Requires new investment FY 08• No inherent high availability
Update: Systems and Operations
Systems Details• Systems by major service
– Calendaring• Hardware and OS less than one year old• Migrated from Unix to Linux to stabilize environment previously on 7 year old hardware• Second phase of project will bring better synchronization support• Service will be reviewed with email in second half of FY 08 for future roadmap• No inherent high availability
– Identity Management System• Core engine developed by OHIO staff• System OS and hardware support end of life by manufacturer by 2011• High availability limited by one datacenter
– ID card system• Hardware 6 years old• System operates as backend of point of sale systems for auxiliaries
– Directory Services• Active Directory in production since 2002• Hardware ranges from 3-5 years old• Improvements to user provisioning Fall 2007
– File Services• No commonly adopted solution; split between email system and Novell• Novell crippled by no strategy and inadequate staff• Novell hardware out of warranty• Email system storage not highly adopted due to poor user access methods• Targeting a solution tied to new Network Attached Storage offerings in new storage solution
– Targeting testing second half of FY 08
Update: Systems and Operations
Storage Details• Systems
– Storage Subsystems • 3-6 years of age• Disjointed fabrics due to old systems functional structure across departments• Management spread across staffSAN switches - anywhere from 7 to 2 years in production
– Tape Libraries• 4-8 years of age• Only backup method available on enterprise systems today• Over reliance on tape means slower restore times and risks of failed restores
– Current data• ~20 TB and 225 million files• Growth patterns in Oracle ERP, Email, and Blackboard instructional system
– This does not include a highly adopted central storage solution for personal storage
• Storage Initiative– Guiding principles
• Mitigate Backup/DR risk – Gain backup and recovery efficiency – Collaborate with OSU
• Establish a foundation for future growth needs – Acquire robust, fault tolerant, and scalable systems – Design for single site HA in the near term – Plan for future HA capabilities across sites
• Consolidation of storage sub-systems and networks • Storage management simplification
Update: Systems and Operations
Network Upgrade Status
• Gathered preliminary design requirements• Consulted with various vendors and outside
engineers• Completed the basic architectural design• Developed design options with associated
costs and time lines
Update: Network Modernization Update
Next Steps
• Seek high level design approval/option selection
• Seek high level deployment priority guidance• Identify additional requirements• Develop detailed deployment plan• Seek final approval (via ITAC)• Initiate deployment (Late FY08)
Update: Network Modernization Update