Ohio State Enterprise Infrastructure One University Update

1
Ohio State Enterprise Infrastructure One
University Update

• Office of the Chief Information Officer
• September 2, 2008
• Mount Hall Auditorium

2
Agenda

• Welcome Kathy Starkoff
• Carmen and Digital Union Joanne Dehoney
• IT Service Desk Todd Wulfhorst
• Enterprise Security CIO IT Security
• Enterprise Identity and Access Management Greg
  Niemeyer
• SIS Project Danny Williams
• NAC Deployment Charlie Clay
• OSUNet and Internet 2 Charlie Clay
• Voice Mail and Messaging Charlie Clay
• QA

3

4
(No Transcript)
5
Improvements

• Self-registration. . . for community sites
• Chat. . . Auto-refresh, improved search
• Classlist. . . Group administration e-mailing
  Search by role, flags, online status, last login
• HTML editor. . . Improved accessibility
  spell-check, resizable editing field

6
On the Horizon for Winter 09

• Deeplinking . . . To course or homepage
• Homepages . . . At any organizational level
• Tools as homepages . . . At any organizational
  level

7
Other Updates

• Learning Collaboration Studio
• http//digitalunion.osu.edu/lcstudio/
• MS Surface Table(s)
• http//www.microsoft.com/surface/index.html
• TELRport in SecondLife
• http//telr.osu.edu/secondlife/

8
IT Service Desk
9

• Move to IT Service Desk
• Combined walk in services
• All customer facing walk in traffic to OIT in
  one location.
• Central Classroom Bldg Lower Level

10
Expanded Support Initiatives

• Creation of ExpertLink Website
• http//expertlink.it.ohio-state.edu
• A central place for many common links
• Launch pad for distributed IT support staff to
  access security reports, system status, training
• Collaboration and communications
• New Second Level Queue
• Implementation during Fall Quarter 2008
• Provides an escalation path for first level
  agents to send more advanced incidents
• Creation of System Status Page Alerts
• Get an e-mail alert when the the System Status
  Page updated

11
Enterprise Security
12
Enterprise Security

• BuckeyePass Update
• Installed infrastructure installed, tokens
  deployed and operational for use with OIT VPN
• Business and support processes development
  underway
• Upon completion of process design and testing
  BuckeyePass will be rolled out to central
  applications where it makes the most sense to
  impact risk

13
Enterprise Security

• OSU Security Day 2008
• October 9th, 2008
• Schedule will be both technical and non-technical
  in nature

14
Enterprise Security
15
Enterprise Security
16
Industry standard tools (ISO 27001 and 27002)
will enable the identification and prioritization
of future security work
17
(No Transcript)
18
Next Steps complete a holistic IT security
risk assessment in order to understand and
prioritize further mitigation work
19
Enterprise Security

• Network Vulnerability Scanning
• Resuming OSU-wide scanning for network
  vulnerabilities
• Using Tenables Nessus scanner
• Scan reports sent to the registered contacts for
  each address range
• Testing done the week of September 8
• OSU-wide scanning commencing the week of
  September 15

20
Enterprise Identity and Access Management
21
What is Identity Management?

• Identity Management (IdM) is a combination of the
• business processes and supporting infrastructure
  required
• to create, maintain, and use digital identities
  throughout
• their lifecycle within an organization.
• Digital Identity The unique representation of a
  person or object and associated attributes
• Enabling a world class relationship between the
  University and our affiliates

One Identity, many roles
22
Strategic Vision

• Provide a world-class identity management
• infrastructure to meet growing security,
  service,
• and compliance requirements of the University
• Increase security and reduce University risk
• Provide infrastructure for growing service needs
• Improve end user experience
• Unified digital identities
• Provide insight on organizational relationships
  with identities

Identity lifecycle management
23
Software RFP and Selection Process

• IdM committee met and developed requirements
• RFP draft developed by subcommittee and reviewed
  by Burton Group Consulting
• RFP finalized and scoring guideline developed

24
Software RFP and Selection Process

• RFP issued December 2007
• RFP responses received January 2008
• RFP responses evaluated, scored finalist selected
• Four finalists invited to OSU for proof of
  concept (POC) demonstration in May 2008
• Representatives from across campus scored the POC
  demonstrations based on RFP requirements
• Scores tabulated and primary vendor was selected
• Reference checks preformed in June 2008
• Software vendor selection presented to OSU
  purchasing for review June 2008
• Finalization of approval and purchase underway

25
Integrations

• Central Systems
• PeopleSoft ERP systems and Data Warehouse People
  Tools
• BMC Remedy (Service desk application)
• Carmen (University on-line learning environment,
  provided by Desire2Learn Version
• RSA SecurID Deployment
• Other initial technology integrations
• Microsoft Active Directory Services
• Novell LAN NDS
• LDAP Directories ( SUN 5.2 Patch 2, SUN 5.2 Patch
  3)
• Oracle Internet Directory
• Kerberos
• Shibboleth
• Medical Center
• Across Campus
• Federations

26
NAC Deployment
27
Network Access Control

• Objective
• Deploy NAC pilot within the Office of the CIO to
  evaluate MCSS effectiveness
• Status
• All NAC equipment is deployed and PC migration is
  underway
• TNC (100 complete)
• Baker Systems Central Classrooms (90 complete)
• KRC access switch upgrades in progress, PC
  migration by November 15
• Mode monitor only reporting enabled

28
Network Access Control

• Key Elements of OIT NAC Implementation
• Load-balanced N1 redundancy for out-of-band NAC
  Appliances
• Cisco Access switches and Dynamic VLAN assignment
• NAC Profiler used to identify and exclude
  un-managed devices
• Persistent Clean Access Agent (Windows and Mac)
• Next Steps
• Pilot desktop posture assessment, policy
  enforcement and remediation
• Deploy in-band NAC for all remote access VPN
  users
• Pilot in-band NAC for wireless data networks

29
OSUNet I2
30
OSUNet

• Uptime goal 99.999
• Core Routers - 99.995
• DNS/DHCP - 99.999
• osuwireless uptime 99.99
• Projects completed (six months) 63
• I1/I2 OSU - OARnet Peering Upgrades
• Redundant peering routers and 10 Gig Links in
  place
• 850 Mbps dedicated to I1 150 Mbps Intra-state
• 9 Gbps dedicated to I2
• 10 Gbps CIC OmniPoP connection in place
• Big Ten Network peering

31
OSUNet

• GigE Upgrade
• West Campus 100 Complete
• Central Campus and South Campus in progress
  Target June 09
• BLUECAT DNS/DHCP
• Distributed Zone Management Training scheduled
  September 16-18, 2008 10 Seats
• Pilot Distributed Zone management January 09
• Other Projects
• Bldg. Aggregation Switch UPS
• Bldg. Aggregation switch to Core redundancy

32
OSUNet - osuwireless

• Over 4,100 access points have been installed,
  including over 175 dedicated air monitors
• 220 buildings have osuwireless connectivity
• More than 38,300 active lastname.w accounts
• 6,000 peak concurrent users
• FY07-08 950 APs installed per 69 requests
• Over 90 customer requests in process
• 34 Mobility Controllers installed

33
Recent Accomplishments

• Complete coverage in Veterinary Medicine campus
  with the installation of 216 access points and
  air monitors
• VoWLAN service osuvoice replaces 900 MHz
  Spectralink
• Guest wireless osuguest see
  http//wireless.osu.edu/osuguest.html
• Merged engineering team with OIT Enterprise
  Networking
• Hosted major events
• Senator Clinton Rally - February 14, 2008
• Senator Obama Rally - February 27, 2008
• Molecular Spectroscopy Symposium - June 15, 2008
• Worked closely with Apple, Inc on iPhone and
  osuwireless compatibility

34
Future Work Planned

• Implementation of Airwave Management Platform
  (AMP) replacement of Aruba Mobility Management
  System (MMS)
• SIP-based VoWLAN and Fixed Mobile Convergence
  (FMC)
• Emergency Notification
• 802.11n Draft 2.0 testing
• Intrusion Detection (IDS)
• OSU Athletics ticket scanner network
• AP aggregation switch upgrade
• 2008 Farm Science Review

35
OSU Voicemail - Messaging
36
Current Voicemail Environment

• OIT maintains voicemail service for main campus
  totaling an estimated 10,500 mailboxes and 250
  auto attendants
• OSU Medical Center (OSUMC) maintains a separate
  voicemail service for the medical center complex
  totaling an estimated 8,500 mailboxes and 700
  auto attendants

37
Voicemail replacement project

• Overarching goal to deploy a unified messaging
  solution to address the immediate business,
  productivity and collaboration needs of the
  university community including the Medical Center
• The solution must be capable of expanded
  functionality to support an overall unified
  communications strategy

Based on extensive research with end users and
vendors, the working definition of a unified
messaging solution is one that integrates
multiple communications media, allowing users to
retrieve and send voice, fax and e-mail messages
from a single interface, whether traditional
phone, wireless phone, PC or internet-enabled PC.
38
Benefits of a Unified Messaging Solution

• Address our major business challenges
• Improving business communications and
  collaboration between OSU and OSUMC faculty and
  staff
• Improving reliability and functionality in
  support of mission critical business operations
  (internal and customer-facing)
• Aligning communication services with the ONE
  UNIVERSITY vision
• Positioning for a future Unified Communications
  environment

39
OSU Voicemail Product Roadmap 2008-2012
Enhanced Unified Communications Unified
communications extended to include integrated
business processes and communication-enabling
applications

• Sources Roadmap was compiled based on industry
  research of various vendor solutions, end user
  feedback, assessment of our current environment
  and high level strategic planning discussions.

39
40
Other Voice Projects

• Voice over WiFi osuwireless
• Fixed Mobile Convergence (FMC) - Pilot
• Dual-mode (WiFi/Cellular) integration
• Expanded VoIP Services (campus and remote sites)
• CS2100 Main Telephone switch upgrades
• Interactive Intelligence - Call Center solutions

41
SIS Project
42
SIS Project Purpose Timeline

• Single authoritative data source for
  student-related data
• Provide consistent information sharing among
  faculty, administrative
• and student users
• Remove Social Security Numbers as the main
  identifier for students
• Planning began in 2004 and continues over a
  five-year period
• The new system fully implemented late 2009

43
Getting More Information

• SIS Project Team will work with technical
  contacts in each area on the following
• Connectivity
• Desktop Workstation Configuration
• Technical Contacts Session
• March 2008
• Will include details about system technical
  requirements and specifications
• SIS Project Website http//oaa.osu.edu/sis/
• E-mail the Project Team sis_at_osu.edu

44
Questions?