Transcript IT Briefing Agenda 9/16/03 - Emory LITS: Information
Information Technology at Emory
IT Briefing Agenda 12/15/05
• MS Campus Agreement • Exchange Update • VeriSign Certificates • Remote Access (f5) • it.emory.edu update • NetCom Q&A • John Ellis • John Ellis • Jay Flanagan • Jay Flanagan • Karen Jenkins • Paul Petersen
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Emory Email Strategy
Draft 12/2/2005
Information Technology at Emory
Rationale for Current Direction
• EmoryLink report and related discussions revealed the following themes: – Learnlink and enterprise email/calendaring serve different purposes – Strong student affection for Learnlink driven mostly by conferencing features; no products that can currently replace Learnlink at comparable $ – Desire for a more enterprise quality email solution for the administrative layer of the institution – Preference for freedom of choice in email clients by faculty
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Recommendation
• A robust Learnlink offering for all students and for those faculty that wish to use it • For those faculty that only want email, the freedom to choose any email client (e.g., Eudora, Thunderbird, Outlook Express) on multiple platforms (e.g., PC, Mac, Unix, Linux) by taking advantage of the exposed IMAP or POP services on an Exchange server • For faculty that want email and scheduling, a variety of centrally supported, feature rich clients: – PC: Outlook, Outlook Web Client (Explorer, Firefox) – Mac: Entourage, Outlook Web Client (Safari, Firefox) – Linux: Evolution, Outlook Web Client (Firefox) • For administrative staff, a mandated set of options – Outlook (PC) or Entourage (Mac) for local access – Outlook web client for offsite access • For faculty/staff that spend time in the Healthcare setting – A HIPAA/PHI certified Exchange/Outlook solution that is offered on the Healthcare Virtual Desktop (VDT)
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Learnlink
Information Technology at Emory
A Robust LearnLink Initial Steps
• Infrastructure will be hardened to support growth (need more specifics here) • LearnLink will be considered a Tier I enterprise application • LearnLink will continue to be accessible via a client, web interface, POP, or IMAP • Migration of content from Eagle Mail clients will be accomplished by client-side action
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
A Robust LearnLink Longer Term Changes
• Move infrastructure to a highly available Blade Architecture • Evaluate options for linking Learnlink with University’s standard directories (LDAP/AD) • Streamline backups with EMC Replication Manager • Move core server & gateways from Windows to Linux • Adopt upcoming Releases – 8.1 Enhanced workflow, customization, and application support – 8.2 Enhanced User Interfaces (client & web) – 8.3 Enhanced Mobility Support (BlackBerry, PocketPC, Symbian, SyncML) – 9.0 Compliance and Archiving
Academic and Administrative IT
Client Technology Services
LearnLink IMAP Mail Client (imap.learnlink.emory.edu) Web Client Interface (www.learnlink.emory.edu) ` ` ` POP Mail Client (pop3.learnlink.emory.edu)
INTERNET WWW
IM A P 4 ` Connects via TCP/IP Internet/Local Networks LearnLink Internet Services Web Gateway (HTTP, IMAP4)
LearnLink (FirstClass) Infrastructure Emory University
EMC SAN Storage Mail Relay Server (InBound) LearnLink Internet Services SMTP Gateway (SMTP, POP3)
Academic and Administrative IT
Client Technology Services
(smtp.services.emory.edu) LearnLink Core Server (FirstClass 8.0)
Information Technology at Emory
Exchange
Information Technology at Emory
Why MS Exchange?
• Despite the real and/or perceived issues with Microsoft, there is significant demand for the feature rich, widely utilized Exchange/Outlook combination. If we don’t offer this service centrally, units will continue to adopt it and will be forced into supporting it locally, at higher cost • Market leader, and growing in market share (57% in 2005) • Messaging server most supported by 3 retention, archiving) of 3rd party products rd party vendors (mobile devices, unified messaging, compliance, • The licensing costs of Exchange and Outlook are already covered as part of our new Microsoft site license • Although security is a valid issue, we believe it can be managed with an appropriate design and mix
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Exchange Security
• All client communications restricted to Front End Servers – RPC over HTTPS communications (SSL Encryption) – OWA (SSL Encryption) – IMAP / POP3 / SMTP (authenticated / SSL / TSL) • ISA (Internet Security and Acceleration) Proxy Servers – Protects Front End server services – Moving from ISA to an appliance-based firewall solution • Outlook 2003 – native support for personal key individually encrypted messages • Native Microsoft Database Encryption • Symantec Antivirus protecting servers and Symantec Mail Security protecting Exchange Mail and Databases • GFI Mail Essentials marking Spam
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Expansion Plan
• Current Exchange infrastructure will be expanded to support 6,000 Outlook email/scheduling clients + 9,000 email only clients (IMAP, POP, Web) – Hardware upgrades – Staffing changes – Phased, prioritized migration plan – Content migration accomplished by client-side action
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Future Architectural Changes
• Enhance spam scanning • Implement faster backup solution • Implement email archiving – Minimize necessity for quotas – Appropriately match requirements to storage technologies • Evaluate Exchange 2003 SP2 mobile push features • Link Exchange with HealthCare GroupWise servers so calendar data can be shared
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Features & Funding
• Finalize feature set and policies • Finalize cost/funding model – Goal is to stay cost neutral compared to current centralized offerings so no additional allocations will be necessary
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Digital Certificates
Jay D. Flanagan
Information Technology at Emory
Digital Certificates • Utilizing VeriSign SSL Global Certificates
– Manage our own certificates via the VeriSign control center – Went from 10 to 50 over a 4 year period – Pushed all access for SSL up to 128 bit encryption – Cost $594.00
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Digital Certificates • Moving to VeriSign SSL Standard Certificates
– Manage our own certificates via the VeriSign control center – Purchased 75 certificates – Cost $175.00
– Ordered 25 additional certificates and saved 20k
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Digital Certificates
• More affordable for schools and departments • Easy to request and implement • Request via the following URL: – – https://onsite.verisign.com/EmoryUniversityInf ormationTechnologyDivisionGlobalServer/ser ver/index.html
• This URL can be found on the digital certificates web page at: http://it.emory.edu/showdoc.cfm?docid=13 84&fr=1025
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Clientless SSL VPN F5 Firepass
Jay D. Flanagan
Information Technology at Emory
Clientless SSL VPN
• Remote Access to the Admin Trusted Core – Checkpoint’s Secure Remote Client • Limited number of Operating Systems that can be used with – Does not have Linux or Solaris client • Limitations and issues with MAC clients • Problems with other applications on user machines • Problems with ISP’s (Bell South) • Manual installation of new clients • Reports of poor performance
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Clientless SSL VPN
• Current VPN architecture has single points of failure
Border-a Firewall Load Balancer VPN FW FW Firewall Load Balancer Admin Trusted Core Academic and Administrative IT
Client Technology Services
Firewall Load Balancer DMZ
Information Technology at Emory
Clientless SSL VPN • Customer Friendly tool
– Easy to use with little or no manual intervention from customer
• Usable with multiple operating systems and browsers • Scalable to meet future expansion
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Clientless SSL VPN • Reviewed and evaluated three vendor products to replace Secure Remote
– Aventail SSL VPN – Checkpoint Connectra – F5 Firepass
• Chose F5 Firepass
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
F5 Firepass SSL VPN
• Architecture for new Firepass SSL VPN
Internet (InterNap) Internet2 Firewall Load Balancer FW FW Firewall Load Balancer Academic Core Border-a VPN P VPN F Firewall Load Balancer
F5 Firepass SSL VPN
FW Firewall Load Balancer FW Firewall Load Balancer Admin Trusted Core DMZ Academic and Administrative IT
Client Technology Services
Information Technology at Emory
F5 Firepass SSL VPN
• Go to https://vpn.emory.edu for access to the tool • Use network id and password for access
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
F5 Firepass SSL VPN
• After logging in the user will be presented with two options
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
F5 Firepass SSL VPN
• Admin Core Remote Access Only – From On or Off Campus – This option should be chosen by those users only accessing the Admin Core • Specifically if the user is on campus – This option can also be chosen if the user is off campus and only needs access to the Admin Core • Emory University Remote Access INCLUDING Admin Core – From Off Campus – This option should be chosen by those users who need to access both the Admin Core and the Academic Core • Specifically if the user is off campus
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
F5 Firepass SSL VPN
• Once an option has been chosen – First time users will have a plug-in loaded • For windows users, this will be an ActiveX control – The plug-in is only loaded on the first login and will not be seen on future logins • May have to download the plug-in again for upgrades or when new features are added to Firepass
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
F5 Firepass SSL VPN
• Once the plug-in has loaded users will see the following connection
screens:
• After completing authentication this screen will automatically minimize • Users can now do their normal remote access work
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
F5 Firepass SSL VPN
• Firepass supports the following browsers: – Dell® Axim, Version 4.21.1088 - Windows® Mobile 2003, Second Edition – Firefox® 1.0.x – HP® iPAQ 4155, Version 4.20.0 - Windows® Mobile 2003, First Edition – i-mode phone – Microsoft® Internet Explorer, version 5.0, 5.5, or 6.0 – Microsoft® Pocket PC 2003 and Microsoft® Pocket PC Phone Edition 2003 – Mozilla® version 1.7.x – Netscape® Navigator, version 4.7x or 7.x – OpenWave® WAP browser – Mozilla® version 1.7.x on Apple® Mac OS® X 10.2.x systems – Safari® version 1.2 on Apple® Mac OS® X 10.3.x systems – Safari® version 2.0 on Apple® Mac OS® X 10.4.x systems – Toshiba® E800, Version 4.20.1081 – Windows® Mobile™2003, First Edition – XDA® II, Windows® Mobile™ 2003 First Edition
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
F5 Firepass SSL VPN
• Additional Benefit – Specific checks on user machines before allowing
access
• Checks include: – Windows Antivirus Checker - Enforces antivirus protection
and checks endpoint for viruses
– Windows Firewall Checker – Checks presence of firewall • Other Checks include: – Extended Windows Information – Gets extended
information about Windows OS
– Internet Explorer Information – Gets extended information
about Microsoft Internet Explorer
•
Admin Console Academic and Administrative IT
Client Technology Services
Information Technology at Emory
F5 Firepass SSL VPN • Reviewing use of tool to replace current Nortel VPN
– Working out the details with NetCom • vpn.service.emory.edu
– Still several months away – More details in future Briefing
Academic and Administrative IT
Client Technology Services
Information Technology at Emory Academic and Administrative IT
Client Technology Services
Information Technology at Emory
it.emory.edu
Karen Jenkins
Information Technology at Emory
Goals
• Provide a new combined IT website for all three divisions – Links to other campus IT units • Work with F&A on common template/approach for all F&A divisions • Leverage existing content management system for near term improvements • Research and evaluate long term enterprise scale CMS solution
Academic and Administrative IT
Client Technology Services
Information Technology at Emory
Schedule/Milestones
• New it.emory site with new look and combined services • Add NetCom services • Add Healthcare services • F&A template • New CMS
Academic and Administrative IT
Client Technology Services
• January • February • TBD • TBD • TBD
Information Technology at Emory
Manage IT
• User Group Meetings – Jan. 4 th 2:00pm–3:30pm Kennesaw => Reporting – Jan. 17 th 9:30am–11:00am Kennesaw => Training 101 • Suppress notification now available • Purchased Dashboard module … can now create more than 5 dashboards • Close on Resolution capability • Getting consultant beginning of January to bang out some of the customization requests • Healthcare update – Initial broad meeting (yesterday) went well – Getting quotes for licenses and consulting
Academic and Administrative IT
Client Technology Services
Information Technology at Emory Academic and Administrative IT
Client Technology Services
Information Technology at Emory
NetCom Q&A
Paul Petersen
Information Technology at Emory
NetCom
Academic and Administrative IT
Client Technology Services