Office of Information Technology Information Technology Improvement Plan Progress Update IT Oversight Committee J.
Download ReportTranscript Office of Information Technology Information Technology Improvement Plan Progress Update IT Oversight Committee J.
Office of Information Technology Information Technology Improvement Plan
Progress Update IT Oversight Committee
J. Brice Bible Chief Information Officer Office of Information Technology September 21, 2007
Agenda
• • • Improvement Plan Updates – – – – Information Security Systems and Operations Network Modernization SIS Readiness Assessment – – – Black Board Pilot Project Critical Staffing Status Budget Update University System of Ohio Oracle Identity Management Insight
Update: Information Security
• • • Firewall Accomplishments
Status
– Upgraded the three border firewall operating systems (two main plus spare), and the corresponding Netscreen Security Manager (NSM) servers – Installed and configured 6 new data center firewalls (total of 17 physical firewalls) FY08 Firewall Plans – Expand the use of the border firewall which currently uses a minimal rule set and only 4% of the CPU – Install subnet (building level) firewalls around campus as part of the general network upgrade – Install data center firewall for sensitive data systems Music Down-Load Policy (P2P) – Selected Blocking Policy in Place (currently 115 th on RIAA list)
Update: Information Security
• • • • •
Status
HIPAA Compliance HIPAA compliance remediation completed for Hudson Health VPN , HIPAA policies, and hardened desktops resulted in restarting e health systems this Fall SSN Removal from ID Cards and Library and Ping Systems Security Assessment Services Tools available for evaluating system security Completing first customer assessment – Human Resources Responded to 1000 Email Requests and 2000 Log Issues since Spring New Information Security Director – Matthew Dalton Rochester Institute of Technology Deputy ISO Security Plans Initiate Regular Critical System Assessments Complete Policy Framework and Incident Response
Update: Systems and Operations
Systems Update *
• • Data Center and Operations – Conducting joint review of HVAC and electrical capacity with facilities staff – Targeting fall quarter consulting engagement to correlate findings from facilities and provide roadmap for CSC datacenter • Roadmap will be used for further discussion with facilities planning regarding funding needs for the facility – UPS upgrade targeted for this FY Storage Architecture – RFP Reviews Underway – – Largest infrastructure expenditure in FY 08 Vendor finalists presenting the weeks of 9/10 and 9/17 • Targeting magic quadrant partners identified by Gartner research – – Targeting week of 10/1 for vendor award Timeline important to meet other project needs and to mitigate backup risks
* Additional Information in Appendix
Update: Systems and Operations
Status Highlights *
• Systems – Majority of high availability architecture design decisions affecting ERP will occur in the 2 nd half of FY 08 – Fall and Winter decisions will focus on stabilizing existing commitments that will retain investment value • VMWare • AIX and Linux systems – Targeting OS reduction and a broad move from Unix to Linux • Requires some spending to validate design ideas • Vendor consultation on Oracle host designs – Plans include review of all hardware based hosting to assess the potential for migration to virtualization • Virtualization already used for many web and middle tier applications – Legacy Unix system retirement will not begin in earnest until FY 09 • Tru64 • Solaris – A strategic partner will be selected for host hardware similar to storage
* Additional Information in Appendix
Update: Student Information System (SIS) Update
Readiness Assessment
• • • •
Prepare for Readiness Assessment (Sep – Oct 07)
• • • • Ensure IT Improvement Plan Requirements Underway Purchase Necessary Peoplesoft Student Software Modules Prepare Hardware Environment (Collaborative options on hosting at OSU) Acquire and Prepare Project Team Staff (OHIO functional and technical, PS consultants)
Conduct Readiness Assessment (Nov 07 – Mar 08)
• • • • • • Conduct Fit/Gap Analysis Develop Project Charter (objectives, metrics, scope) Develop Master Plan for Communication, Scope & Risk Management Develop Resource Master Plan Develop Project Management Methodologies Develop Detailed Project Schedule and Costs
Continually Pursue and Develop Possible State Alliances
• Four State Universities Using Same SIS Solution • Three at Approximately Same Step in Implementation Process
Provide Detailed Funding Proposal for Board of Trustees in Spring 2008
• Determine Sources and Availability of Funding for Entire Project
Update: Network Modernization Update
Legacy Network
• • • •
Initial rollout: 1996-1998 Bandwidth to desktop: 10 Mbps Bandwidth to building: 100 Mbps Scope: Athens campus
Update: Network Modernization Update
Current Network Architecture (abbreviated)
` Computer ` Computer ` Computer ` Server Router Switch must be in off "O" position to Install/Remove power supply.
Fastener must be fully enaged prior to operating power supply.
INPUT OK FAN OK OUTPUT FAIL Switch must be in off "O" position to Install/Remove power supply.
Fastener must be fully enaged prior to operating power supply.
INPUT OK FAN OK OUTPUT FAIL INPUT 100-240 V~ 12-5 A 50/60 Hz Catalyst 4506 1300ACV INPUT 100-240 V~ 12-5 A 50/60 Hz 1300ACV 1 WS-X4013+ SUPERVISOR ENGINE II PLUS UPLINK 1 UPLINK 2 STATUS WS-X4448-GB-RJ45 LINK ACTIVE 10 LINK ACTIVE 11 12 ACTIVE 13 14 15 16 2 STATUS 17 18 19 20 21 22 CONSOLE 1% 23 24 UTILIZATION 25 26 27 28 100% 29 30 31 32 LINK 33 34 EJECT 35 36 37 38 FLASH 39 40 41 42 43 44 RESET 45 46 47 48 10 11 12 13 14 15 16 10 48 PORT 10/100/1000 BASE-T 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 MULTI-SPEED GIGABIT ETHERNET SWITCHING MODULE 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 3 STATUS STATUS 1000 BASE-X SWITCHING MODULE WS-X4148-RJ 10 11 12 10 11 12 13 14 13 14 15 16 17 15 16 17 18 18 19 19 20 20 21 22 23 24 21 22 23 24 25 26 25 26 27 28 27 28 29 29 30 30 31 31 32 32 33 34 35 36 33 34 35 36 37 38 37 38 39 40 41 39 40 41 42 42 43 44 45 46 47 48 43 44 45 46 47 48 4 STATUS 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 5 FAN STATUS 6 WS-C4506 Router SYSTEM RPS STAT UTIL DUPLEX SPEED 11 10 12 13 15 17 19 21 23 14 16 18 20 22 24 WS-C3550-24-SMI CATALYST 3550 SYSTEM RPS STAT UTIL DUPLEX SPEED 11 10 12 13 15 17 19 21 23 14 16 18 20 22 24 WS-C3550-24-SMI CATALYST 3550 SYSTEM RPS STAT UTIL DUPLEX SPEED 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 33 35 37 39 41 43 45 47 CATALYST 3550 1 2 34 36 38 40 42 44 46 48 WS-C3550-48-SMI ` Computer ` ` Computer Computer ` Computer ` Computer ` Computer ` Computer Computer ` Computer ` Computer ` Computer Computer 10/100 Mbps Ethernet Gig Ethernet
Update: Network Modernization Update
Next Generation Network (10 Gbps project)
• • • • • •
Initial rollout:
2007/08 (Pending Governance Review)
Bandwidth to desktop:
100 Mbps or 1.0Gbps
Bandwidth to building:
10 Gbps for Major Buildings (1 Gbps where appropriate)
Core routers:
Redundant links to distributed hub sites
Distributed router hub sites:
Redundant links to buildings Initial Scope: Athens Campus
Update: Network Modernization Update
Next Generation Network Architecture *
(abbreviated)
Core Router Router Data Center Router Hub Site 1A Router Hub Site 1B Router Hub Site 2A Router Hub Site 2B
* Additional Information in Appendix
Green 1 10 Gig Ethernet Green 2
Update: Critical Staffing Status
New Recruitment Strategies and Initiatives for IT Positions
• • • • Proactive Recruitment of Passive Job Seekers Post Job Vacancies on Monster.com
Search Monster Resume Database and Solicit Candidates for Current and/or Upcoming Positions Solicit Potential Candidates at national Educause Conference Post Positions on Several University Gateway Listservs Develop Recruiting Brochure to Introduce Candidates to OHIO and Southeastern Ohio Post Vacancies with the Top 10 Colleges and Universities producing African American Master's Degrees in Computer and Information Sciences
Update: Critical Staffing Status
1
st
Quarter Mission Critical Posting Update
Position
Director of IT Security Director of Systems and Operations Firewall Administrator Windows Administrator Blackboard Apps Administrator
Status
HIRED. Matthew Dalton. 9-1-07 Interviews currently underway. Position currently posted.
Search committee reviewing candidates.
Posting pending.
Update: Critical Staffing Additions
2nd Quarter Mission Critical Anticipated Postings
Position
Director of Customer Services Unix Administrators (2 positions) Security Analyst Database Administrator
Department
Customer Service Systems & Operations IT Security Application Information Solutions
Update: OIT Budget
FY 2008 Summary of Expenditures
Department Name Staffing Costs Operations, Licensing, Work Orders Program/Project Funds Telephone Operations TOTAL
$3,120,216 Office of the CIO Academic Technology Customer Support Services Applications Solutions Information Security Systems and Operations Business Services $1,414,121 3,343,545 $3,454,845 $403,044 $2,314,691 $860,047 Telephone Auxiliary TOTAL $514,790 $11,844,598 $24,970 $156,561 $645,222 $645,999 $26,263 $1,566,541 $577,352 $50,000 $59,950 $3,500 $2,065,000 $3,680,076 $1,800,952 $4,100,544 $4,100,844 $489,217 $3,884,732 $3,916,046 $3,247,754 $2,065,000 $1,437,399 $2,065,000 $21,073,398
Update: OIT Budget
FY 2008 Program/Project Expenditures
Project Description
Black Board Enhancement Project IT Business Continuity Additional ID Card Costs Apple Site License Renewal Data Center Firewall Network 10 Gb Upgrade Project (Year 1) Blue Light Replacement Security Monitoring and Compliance System Storage Infrastructure (Lease) SIS-OSU Disaster Recovery Services VM Capacity Expansion IronPort Expansion Identity Management (Pilot) Oracle e-Business Upgrade/SIS Testbed E-Mail Replacement (Tru64) Enterprise Architecture Test Environment
OIT FY08 Base Funding
$60,000 $5,000 $25,000 $59,000 $50,000 $750,000 $30,000 $250,000 $500,000 $83,100 $64,500 $70,000 $300,000 $366,000 $143,200 $87,600
Available Funds Deferred or Other Funds
Update: OIT Budget
Inherited FY07 OIT Budget Challenges
• Mainframe Upgrade (stabilization until new SIS) • Required Budget Reductions ($1,071,386) Actual FY07 Reductions - $377,683 Cost-Savings Measures in FY08 - $274,800 Additional Reduction in FY08 Base - $418,903 • Increased Licensing and Service Cost - $275,000 • Unfunded Staffing and Salary Increases $294,000 • Increased Security Staff and Services - $120,917
Update: Statewide Discussions
University System of Ohio Strategic Initiatives in Information Technology
HIGH POTENTIAL OPPORTUNITIES
• • • • • Near Term (One/Two Years): Shared Emergency Notification Services Co-Located Disaster Recovery / Backup Common Admissions Application Portal Consolidated IT Contracting and Procurement – – Central Licensing Group Purchasing Statewide Policies and Procedures • •
ISSUES
Lack of Central Contracting Authority Hinders Collaboration IUC Commitment To Collaboration Model • • • • • Medium Term (Three Years): Federated IdM Model Course Management Toolkit (universal access) Common Applications (help desk, email, anti-virus) Central NOSC • • • Long Term (Three/Five Years): VOIP / Unified Messaging / Advanced Applications Shared State-HE Data Center Common ERP
Appendix
Update: Systems and Operations
Data Center Facility Details
• Most systems same age as last renovation ~ 15 years ago – Door security – Fire Alarm – Fire Suppression – Cooling – UPS – PDUs • Other Known Deficiencies – Door Cameras and monitors • Non-recorded • No service contract – Generator • Security questionable
Update: Systems and Operations
•
Systems Details
Systems by major service – Blackboard instructional system • Hardware and OS components range 3-5 years old • • Not on latest release of the product High availability limited by one datacenter – Web • • • • Front end systems virtualized ~ 2 years old Back end system ~ 5 years old Legacy system still in use due to slow adoption rate; ~ 9 years old No high availability – Email • • • • System hardware components range from 3-5 years old – Has been through several design revisions System OS and Hardware support end of life by manufacturer by 2011 Service will be reviewed in second half of FY 08 for future roadmap High availability limited by one datacenter – SIS • • • • Product end of life Newest of two mainframes only one year old System required until new SIS comes on-line High availibility limited by one datacenter – Financial and HR Systems • Hardware 5 years old; development and test 7 years old • • • Current Oracle eBusiness solution requires upgrade that hardware cannot support Requires new investment FY 08 No inherent high availability
Update: Systems and Operations
•
Systems Details
Systems by major service – Calendaring • Hardware and OS less than one year old • • • • Migrated from Unix to Linux to stabilize environment previously on 7 year old hardware Second phase of project will bring better synchronization support Service will be reviewed with email in second half of FY 08 for future roadmap No inherent high availability – Identity Management System • Core engine developed by OHIO staff • • System OS and hardware support end of life by manufacturer by 2011 High availability limited by one datacenter – – – ID card system • Hardware 6 years old • System operates as backend of point of sale systems for auxiliaries Directory Services • Active Directory in production since 2002 • • Hardware ranges from 3-5 years old Improvements to user provisioning Fall 2007 File Services • No commonly adopted solution; split between email system and Novell • Novell crippled by no strategy and inadequate staff • Novell hardware out of warranty • Email system storage not highly adopted due to poor user access methods • Targeting a solution tied to new Network Attached Storage offerings in new storage solution – Targeting testing second half of FY 08
Update: Systems and Operations
• •
Storage Details
Systems – Storage Subsystems • 3-6 years of age • Disjointed fabrics due to old systems functional structure across departments • Management spread across staffSAN switches - anywhere from 7 to 2 years in production – Tape Libraries • • • 4-8 years of age Only backup method available on enterprise systems today Over reliance on tape means slower restore times and risks of failed restores – Current data • • ~20 TB and 225 million files Growth patterns in Oracle ERP, Email, and Blackboard instructional system – This does not include a highly adopted central storage solution for personal storage Storage Initiative – Guiding principles • Mitigate Backup/DR risk – Gain backup and recovery efficiency – Collaborate with OSU • Establish a foundation for future growth needs – – – Acquire robust, fault tolerant, and scalable systems Design for single site HA in the near term Plan for future HA capabilities across sites • Consolidation of storage sub-systems and networks • Storage management simplification
Update: Network Modernization Update
Network Upgrade Status
• • • •
Gathered preliminary design requirements Consulted with various vendors and outside engineers Completed the basic architectural design Developed design options with associated costs and time lines
Update: Network Modernization Update
Next Steps
• • • • • •