IT Briefing

1
IT Briefing

• March 2007

2
IT Briefing March 15, 2007

• Announcements/Updates
• OIT/AAIT Organization
• VoIP Update
• Healthcare Exchange
• Emory Exchange Design
• University Exchange

• Karen Jenkins
• Karen Jenkins
• Paul Petersen
• Karen Jenkins
• James Reed
• Jay Flanagan

3
Announcements

• Remedy v7.0 working on bug with vendor
  (help.emory)
• Java TechTalk
• Tuesday April 3rd 130 230 NDB Room 225 -
  Kennesaw
• Security Conference
• March 28, 2007 830am 130pm, 3rd Floor
  Ballroom, Cox Hall
• Registration deadline 3/21 (register online)
• LDAP-Auth
• Need to register use will eventually limit
  access to registered hosts
• Send list of host(s)/IP(s) to ldapregistration_at_emo
  ry.edu by 3/30/2007
• Approved Governance Projects
• Google Search Appliance
• Desktop Management email to cts-config_at_listserv.cc
  .emory.edu

4
Office of Information Technology
5
Academic Administrative Information Technology
(AAIT)
6
Infrastructure Technology Services (ITS)
7
Client Technology Services (CTS)
8
(No Transcript)
9
VoIP at Emory

• Paul Petersen

10
Agenda

• VoIP at Emory
• Background
• Single Voice Platform Project
• Phase 1 Update
• VoIP IP Telephony in use
• Other Updates
• Firewall Migration Status
• Questions

11
VoIP at Emory - Background

• The Emory Clinic (TEC) Switch
• Platform Avaya
• Location TEC A Building
• Exchange(s) - 778
• Emory Crawford Long (ECLH) Switch
• Platform Avaya
• Location ECLH Peachtree Building
• Exchange(s) - 686
• University Switch (includes EUH)
• Platform Nortel
• Location Cox Hall Switch Room
• Exchange(s) 727, 712, 784, 251

12
VoIP at Emory Background

• Issues
• Some faculty, physicians, and staff have offices
  on different switches
• The complexity of maintaining three different
  switches
• Redundancy

13
Single Voice Platform

• Single Voice Platform
• Name given to the project which consolidates
  Emorys three phone switches to one
• This project also sets Emorys direction for
  VoIP/IP Telephony
• Project began March 2006 with a formal RFQ
  process
• Avaya was selected

14
Single Voice Platform

• Phase 1 Consolidate TEC ECLH Switches
• Upgrade to the latest Avaya switch
• Upgrade to IP Connect (provides redundancy)
• Consolidate the TEC ECLH switch databases
• All new buildings will use this new platform
• Completely Funded and Approved
• Phase 2 Convert the rest of EHC to new Platform
• Phase 3 Covert WHSC to new Platform
• Phase 4 Convert remainder of Nortel phones to
  the

15
Single Voice Platform

• Phase 1 Update
• VoIP core has been created to separate Voice
  traffic from data traffic
• Converting all of the remote cabinet switches to
  IP Connect
• Switch database consolidation has begun
• Project Deadline - August

16
VoIP/IP Telephony

• Gateways Trunks
• 6 remote (with 9 more coming this month)
• IP Trunk lines between TEC ECLH switches
• IP Phones
• IP Hard phones (NetCom, new SOM Bldg)
• IP Soft Phones (NetCom, Call Center Staff)
• Wireless IP Phones (EUH)
• Computer Telephony Integration (CTI)
• Call Center Applications
• Billing System

17
Firewall Update

• Academic Firewall Migration On-Hold
• Due to Resource Allocation issues
• Recent Steps
• New Lab setup
• Juniper Engineers on-site last week
• Continued Discussion

18
(No Transcript)
19
Healthcare Exchange Update

• Karen Jenkins

20
Approach

• Migrate all GroupWise users to Exchange
• Migrate SOM GroupWise users that also have Eagle
  mail into a single Exchange account
• Automate migration at server level to minimize
  disruption to individual desktops
• Provide dedicated support center during migration

21
Initial specifics

• 300MB high performance storage for all users,
  archiving available for all users
• Residents are in scope for the current rollout
• Email/calendaring options are Outlook on Windows
  or Entourage on Mac Will also provide IMAP-S
  option for other email clients
• We are still investigating the best way to stage
  the rollout for Eagle mail users
• Units that provide their own email services will
  be encouraged to migrate to the Exchange offering
  in the future
• Learnlink will remain for now, but we are
  investigating alternatives for FY09

22
Email addresses

• All users, both faculty and staff, that have
  multiple Groupwise and Eagle accounts, will be
  migrated to one Exchange account
• Incoming email aliases for _at_emoryhealthcare.org
  and _at_emory.edu will remain. Additional aliases
  will be added for firstname.lastname for both
  domains.
• Only one outgoing email address is possible. For
  faculty staff that have accounts in both
  emoryhealthcare.org as well as emory.edu, the
  latter will be set as the default outbound
  address.

23
PDAs and Smartphones

• There will be a variety of mechanisms for syncing
  PDAs and Smartphones with Exchange, although the
  age of the device may limit what is possible.
  Faculty/staff will be able to take advantage of
  these options, but will be billed if they choose
  a premium service.
• Options will include
• Cradle or WiFi sync using a product such as MS
  ActiveSync, MS Mobile Device Center or Palm
  HotSync Manager
• For those with a data plan on their SmartPhone,
  options will include
• Native MS Active sync for Windows XP (no charge)
• Native MS Mobile Device Center sync for Windows
  Vista (no charge)
• Blackberry Enterprise Server (premium service
  with monthly charge)
• Motorola Good Mobile Messaging (premium service
  with monthly charge)

24
Schedule

• Begin migration late May
• End migration early August
• Migrate users Monday - Friday
• Use (3) six hour migration windows per day
• Will not migrate during hospital and clinic shift
  changes
• Group and schedule each department sequentially
• Spread department users across migration windows

25
Communication

• Being discussed at executive leadership meetings
• General announcement via email, newsletter
  articles, internal press release, news item on IT
  website
• Full feature Emory Report Article in March
• Postcard mailing will be sent to all GroupWise
  users
• Posters will be displayed throughout EHC
  locations
• Frequent email reminders to each user regarding
  migration date

26
Training

• Multiple open house seminars at various sites
  offered throughout the migration period
• Multiple advanced seminars for super users such
  as administrative assistants
• Distributed tip sheets, identifying differences
  between GroupWise and OutLook
• Online information, user guide, FAQs, tip sheets,
  training locations and schedule, migration
  schedule
• Other Suggestions?

27
Migration Questions

• Website http//it.emory.edu/ehc-exchange
• Email ehc-exchange_at_emory.edu
• Project team member will respond to email within
  2 business days
• Phone 8-INFO(4636)
• Leave voicemail message
• Project team member will return call return your
  call the next business day

28
Exchange Design

• James Reed

29
General Specifications

• Exchange 2007
• Sized for the Emory Enterprise
• 24,000 users
• 13,000 Emory HealthCare accounts
• 11,000 Emory University accounts
• Designed to handle potential Eagle mail migration
  and potential relay server migration to Exchange
• Sized for 300mb high performance storage within
  Exchange databases
• Sized for average user load of 80 messages
  received / 20 messages sent per day / per user
• Sized for average message size of 60kb
• Archiving will be available more info coming
  soon

30
General Server Overview

• Total of 50 servers ordered for environment
• 7 AD Controllers for new Resource Forest
• 2 Dedicated for FSMO roles
• 5 Dedicated Global Catalogs for Exchange traffic
• 2 Mailbox Server Clusters (MS Exchange
  Clustering)
• Each cluster contains 4 Active Mailbox servers
• Each Active server will have 3,000 users per
  server
• Each Active server will have a minimum of 12
  Databases
• Maximum Database size will be 100GB each
• Each cluster contains 2 Passive Mailbox servers

31
General Server Overview (contd)

• 4 CAS servers
• OWA (Outlook Web Access)
• ActiveSync
• Outlook Anywhere (formerly RPC over HTTPS)
• IMAPS
• 4 HUB servers
• MTA (Mail Transport)
• SMTPs (requiring authentication)
• 4 EDGE servers
• Border Antivirus Hygiene servers
• Will be located in DMZ

32
General Server Overview (contd)

• 2 Mobile Device Servers
• GoodLink
• Blackberry
• Will be eventually using VMWare ESX
• ActiveSync will be provided via CAS servers
• 6 Servers GroupWise migration
• Repurposed post migration for dedicated Exchange
  testlab
• 2 Windows 2003 co-existence servers
• Will help provide Free/Busy data flow
• Will help replicate Public Folder data
• 3 Archiving Servers
• Vendor TBD
• 2 Monitoring Servers
• MOM
• HP Insight Manager

33
General Server Overview (contd)

• Storage Requirements
• Core exchange databases
• 3,000GB per server (8 active servers) for DBs
  and Logs
• 223GB per Store (DB)
• 28GB for logs per Store
• Public Folders 30 GB total (mostly replicated
  between servers)
• EDGE and HUB storage
• Archiving
• Estimated for 24,000 users, averaging 1GB each
  24TB
• Backups
• Exchange databases
• Using mirror clones
• 14 days up to 56TB for Exchange database data
• Snapshots (TBD)

34
High Availability

• Mailbox servers will user MS Exchange Clustering
• Two 6 node Clusters
• 4 Active nodes, 2 Passive nodes in each
• F5 Big IP Network Load Balancers (redundant)
• Application traffic hygiene
• SSL offloading
• Caching
• Will be used for
• CAS servers for OWA and IMAPS
• HUB servers for SMTPS
• Redundant SAN connections
• Redundant Network connections
• Redundant Power

35
(No Transcript)
36
(No Transcript)
37
AD Design

• Will use Resource Forest model
• Existing EU and EHC AD forests remain as is
• Provides best approach and potential for other
  shared applications / services
• Will require existing Exchange environment to
  migrate as well

38
(No Transcript)
39
Network Layout

• Because of security requirements and needs, will
  have most servers in HIPAA core
• Will be server only core
• Will be restricted access

40
(No Transcript)
41
Security

• Weigh Security vs Usability
• Emory HealthCare (currently using GroupWise)
• Provide solution for EHC to have a secure end to
  end email environment
• HIPAA data
• For existing email
• For new email
• Emory University
• Provide groupware functionality
• Shared Calendaring and Collaboration
• FERPA data

42
Security

• End to End encryption
• Exchange server to Exchange server connects with
  TLS connections by default
• Client to server encryption
• Outlook Anywhere for Outlook clients
• No MAPI / RPC calls from Clients to servers
• Formerly called RPC over HTTPS
• Only supports Outlook 2003, and Outlook 2007
• Macintosh connectivity
• Entourage uses DAV protocol (HTTPS)
• Next version of Entourage supposed to use pure
  HTTPS

43
Security (continued)

• IMAPS connectivity
• SSL Required
• SMTPS w/ Authentication required
• Limited functionality compared to Outlook or
  Entourage connectivity
• No server side rules
• Contacts will not be saved on server
• Calendaring will not be functional
• User will always show as Free when calendar
  viewed by others
• Outlook Web Access
• SSL only connections
• Full functionality with Internet Explorer
• Light Mode functionality with other browsers
• Message level encryption supported
• Supported at least in Outlook
• Configured per client basis, only supported by
  local departments

44
Security (continued)

• Hygiene
• Postini
• EU and now EHC
• Edge Role servers
• Placed in border environment to protect
• Only has very limited access to any AD and
  Exchange data
• Potential AntiSpam options
• Antivirus
• Will be running Antivirus on ALL servers for
  Email and OS
• Symantec Antivirus for OS protection
• Will be running Symantec Mail Security or MS
  ForeFront
• ForeFront was formerly known as Sabari
• ForeFront will be running multiple scan engines

45
IDM and ACM

• Identity Management and Account Management
• Parallel project working with Emory University
  and Emory HealthCare for Account provisioning
• Will have a Phase 0 for Exchange project to
  automate core functions
• Account Creation
• Account Disablement
• Name Changes
• NetID Changes (maybe)
• GAL (Global Address List like LDAP directory)
  data
• Phone Number
• Department

46
Mail Routing (University Only)

• Used to be known as Eagle Mail Forwarding
• _at_emory.edu will forward to netid_at_Exchange
  environment
• From Addresses will be default netid_at_emory.edu
  (least common denominator for campus)
• fn.ln_at_emory.edu (working on automation)
• Clinical Faculty TBD

47
How it works

• Outlook Anywhere
• Mobile devices
• Mail Flow (documentation coming soon)

48
(No Transcript)
49
(No Transcript)
50
Exchange Design
51
University Exchange Update

• Jay Flanagan

52
University Exchange Migration Update

• Proposal to IT Governance for approval
• Begin migrations in late May / early June
• Schools and Departments are already queued up
• Check web pages for updates

53
University Exchange