Enabling On-Demand Access for Mobile University Environments

1
Enabling On-Demand Access for Mobile University
Environments
2
University Environments Today

• Benefits / Draw
• Mobility
• University campuses are becoming mobile
  environments
• Mobility fosters collaboration, ad-hoc research
  and education, and flexible learning
• Mobility reduces the need for Universities to
  service and dedicate facilities to specific
  classes, enabling a more agile environment
• Remote Learning
• Students in the NYC metro area are commuting so
  learning cant stop at the University location
• Students often need access to information and
  tools at home in addition to on-campus
• Access to tools and resources can be a marketing
  tool

3
University Environments Today

• User / Support Management
• Too many userids and directories
• Weak passwords
• Secure access to networks and applications
• Rising help desk costs
• Server and Desktop Management
• Getting to standard configurations
• Application deployment
• Managing server and desktop settings
• Rogue applications on the desktop
• Keeping systems up-to-date (patches, updates)
• Resources

Campus IT organizations are being asked to do far
more with less resources in an ever increasingly
complex IT environment
4
Contents

• The Mobile Education environment
• Benefits
• Challenges
• The Solution
• Components
• Technologies
• Process
• Education / Communication
• Case Study
• Queens College
• Next Steps

5
Enabling On-Demand Access for Mobile University
Environments

• The Solution

6
Interoperability
NetWare
Services for NetWare - Groupwise
Exchange 5.5, databases, DSML, ERP systems, Lotus
Notes Novell NDS, XML, X.500
Macintosh
IPX
Servicesfor Macintosh
Kerberos
Active Directory
TCP/IP
LDAP
Windows 2003 CA Unicenter
DHCP
PKI
App services OLE DB, ADO, ODBC, XML, SOAP
HTTP
Host Integration Server
DNS
XML
SQL Server, Oracle, Informix, IBM DB2 XML/SOAP
web services
IBM, Hitachi
WBEM
BizTalk
Services for UNIX
Interix
Sun Solaris, HP/UX, Linux, Tru64, IBM AIX
7
Manage Large and Diverse IT Assets
Group Policy

• Manage configuration of servers, desktops
  groups of users
• Automate enforcement of IT policies
• Automate system updates application
  installations
• Consistently implement security settings across
  the enterprise
• Implement standard computingenvironments for
  users
• Manage a single campus or an entire enterprise
  with the same ease of use and centralized policies

Active Directory
IT Staff
Many Users
Many Desktops Servers
8
Smart Connections

• Connect users classes to share knowledge
• Provide just-in-time communication
• Enable end-user self-service
• Locate connect with experts
• Share contacts groups across geography
• Single sign-on enhances learning andproductivity
• Future connect users with tools and data from
  anywhere on any device at anytime safely and
  securely

Calendar
Members
Documents

LotusNotesActiveDirectory
OnlineMeetings
Discussions
Tasks
Contacts
9

• How do I get THERE from HERE?

10
The Solution

• Technology
• Directory Services
• Active Directory architecture
• Access management
• Federated identity management
• Asset Management
• Asset discovery
• On-going lifecycle management
• Security Management
• Process
• IT Service Management
• Project deployment methodologies
• Project Management Office
• Education
• Intellectual buy-in

TechnologyTools and Infrastructure that automate
the management of todays Enterprise IT
End-state Solution
Process Methodology and approach for
implementation and management of Enterprise and
Federated assets
EducationEmpowering a transition in end-user
perception of the features, benefits and tactics
involved in proper utilization of Enterprise IT
11
Solution Components

• Directory Services
• Unified user and resource management tool
• Logical user and resource organization
• Organization or individual-based permissions and
  access
• Application access and rights
• Mapped centralized storage and/or workgroup
  resources
• Shared access to educational / collaborative
  resources
• User security (audit trails, quotas, etc.)
• Standards-based organizational management
• Multiple logical domains and organizational units
  with central administration
• Disparate or unified directory services
• Unified reporting and querying tools
• Extensible environment for additional
  functionality

12
Solution Components

• Directory Services Total Cost of Ownership

13
Solution Components

• Asset Management

• Network Assets
• Routers
• Switches
• Hubs
• Printers
• PBX
• More

• Operating Systems
• Windows
• Proprietary UNIX
• Linux
• Solaris
• PalmOS
• PocketPC
• over 50 total

• Software Assets
• 100,000 SW applications recognized

• Storage Assets
• Storage Area Network (SAN)
• Storage Arrays
• Networked Storage
• Direct-attached Storage

• Desktop Assets
• Desktop
• Laptop
• Wireless, wired
• TabletPC

• Server Assets
• Partitioned
• Blades
• Virtualized
• Traditional

14
Solution Components

• Security
• Viruses
• Malware
• Spyware
• Trojan Applications
• Key loggers
• Scanners
• Intrusive Access
• Internal (trusted)
• External
• Identity Management
• Data Integrity
• Service Continuity

15
Solution Components

• Security
• Comprehensive centralizedanti-virus protection,
  optimallybehavior-based as well as
  signature-based
• Comprehensive malware detection and removal tool
• End-point, perimeter and network vulnerability
  detection andmanagement (incl. IDS/IPS)
• Robust end-user security policies and AUP
• Integrated Identity and Access management
• Centralized administration and management
• Regular assessments and policy review

16
Solution Components
Process
CobiT
IT/SPM ITIL
IT Service Management
Systems Management Tools
Organizational Design
People
Technology
17
Solution Components
18
Solution Components
Conduct a TCO study and/or ROI to calculate the
costs and benefits
Envision
1
Conduct a moderated workshop to assess
operational efficiencies opportunities
Evaluate
2
Create a deployment plan - identify
outcome,people, time frame outline
requirements. Leverage MCS other plans and
best practices
Plan
3
Leverage tools and processes for creatingimages
application packaging
Build
4
Follow the prescriptive guidance and
bestpractices of solution accelerators and
service offerings
Deploy
5
Leverage MOF to integrate the solution with
yourexisting operations environment
Operate
6
Train users to use new features, streamline
management processes and realize overall value
Adopt
7
19
Solution Components

• Education and Communication
• Benefits
• On-demand access to resources
• Enhanced support
• Safer and better computing experience
• Importance of Authentication
• Security
• Identity Management
• Access to Resources
• Social Engineering
• Security Concerns
• Support Expectations

20
Enabling On-Demand Access for Mobile University
Environments
Case Study
Queens College
21
Queens College Active Directory Pilot Solution

• Business Challenge
• The Office of Converging Technologies at the
  university had chosen to deploy Microsofts
  Active Directory as well as an Asset Management
  and Software Delivery solution in order to
• Extend versatility and flexibility
• Streamline IT Management
• Increase dependability (reduce downtime)
• Simplify and automate asset management and
  software delivery
• Increase security through centralization
• Solution
• The solution incorporated both Microsofts Active
  Directory (WinSrv2003) and CAs Desktop Managent
  Bundle to discover, integrate, standardize and
  manage the Universitys IT environment
• The Active Directory Design and Implementation
  Process was as follows
• Needs Analysis - Windows 2003 Interoperability
  Assessment
• Issue Resolution
• Design
• Implementation
• Training Support

22
Queens College Active Directory Pilot Solution

• Result
• After the pilot testing process was completed,
  Queens College now has an established Active
  Directory domain structure and CA toolset that
  provides the University with an integrated
  management solution incorporating computing
  assets and campus users.
• Specific accomplishments within this project
  includes
• Single robust authentication and user management
  solution via a fault-tolerant domain server
  deployment model
• Production Active Directory deployment that is
  fully integrated into the existing IT environment
• Granular access, security and policy management
  for users and computers via Active Directory
• Automated patch and software distribution through
  CAs Software Delivery
• Integrated with Directory Services
• OS Deployment provisioning
• OS and Application Patch distribution
• Software packaging and management
• Provided security management via user policies,
  malware / anti-virus deployment, segmented domain
  model and folder redirection for data integrity
  and centralization
• Wireless authentication and security via Active
  Directory and Bluesocket integration
• Fully developed processes, mentoring, knowledge
  transfer and procedures for subsequent full
  campus deployment including post-project
  support

23
Queens College Active Directory Pilot Solution
24
Enabling On-Demand Access for Mobile University
Environments

• Next Steps

25
Next Steps

• Where are you now?
• What services do you provide to the University?
• What are your users asking for?
• What strategic initiatives are you currently
  reviewing?
• What benefits do you see from this solution?
• Next steps
• Assess your current environment
• Explore potential solution value within your
  organization

26
In Summary

• On-Demand Access for Mobile University
  Environments
• Tremendous benefit for Universities
• Attracting students
• Meeting instructional goals and objectives
• Significant considerations
• Directory-based Solution
• Directory Services
• Federated Identity Management
• Security
• Queens College Case Study
• Next Steps
• Understand what services youre currently
  providing
• What are your users asking for
• How could this solution add value

27
Thank you!
Questions