IT Briefing Agenda 12/15/05

1
IT Briefing Agenda 12/15/05

• MS Campus Agreement
• Exchange Update
• VeriSign Certificates
• Remote Access (f5)
• it.emory.edu update
• NetCom QA

• John Ellis
• John Ellis
• Jay Flanagan
• Jay Flanagan
• Karen Jenkins
• Paul Petersen

2
Emory Email Strategy

• Draft
• 12/2/2005

3
Rationale for Current Direction

• EmoryLink report and related discussions revealed
  the following themes
• Learnlink and enterprise email/calendaring serve
  different purposes
• Strong student affection for Learnlink driven
  mostly by conferencing features no products that
  can currently replace Learnlink at comparable
• Desire for a more enterprise quality email
  solution for the administrative layer of the
  institution
• Preference for freedom of choice in email
  clients by faculty

4
Recommendation

• A robust Learnlink offering for all students and
  for those faculty that wish to use it
• For those faculty that only want email, the
  freedom to choose any email client (e.g., Eudora,
  Thunderbird, Outlook Express) on multiple
  platforms (e.g., PC, Mac, Unix, Linux) by taking
  advantage of the exposed IMAP or POP services on
  an Exchange server
• For faculty that want email and scheduling, a
  variety of centrally supported, feature rich
  clients
• PC Outlook, Outlook Web Client (Explorer,
  Firefox)
• Mac Entourage, Outlook Web Client (Safari,
  Firefox)
• Linux Evolution, Outlook Web Client (Firefox)
• For administrative staff, a mandated set of
  options
• Outlook (PC) or Entourage (Mac) for local access
• Outlook web client for offsite access
• For faculty/staff that spend time in the
  Healthcare setting
• A HIPAA/PHI certified Exchange/Outlook solution
  that is offered on the Healthcare Virtual
  Desktop (VDT)

5
Learnlink
6
A Robust LearnLink -Initial Steps

• Infrastructure will be hardened to support growth
  (need more specifics here)
• LearnLink will be considered a Tier I enterprise
  application
• LearnLink will continue to be accessible via a
  client, web interface, POP, or IMAP
• Migration of content from Eagle Mail clients will
  be accomplished by client-side action

7
A Robust LearnLink - Longer Term Changes

• Move infrastructure to a highly available Blade
  Architecture
• Evaluate options for linking Learnlink with
  Universitys standard directories (LDAP/AD)
• Streamline backups with EMC Replication Manager
• Move core server gateways from Windows to Linux
• Adopt upcoming Releases
• 8.1 Enhanced workflow, customization, and
  application support
• 8.2 Enhanced User Interfaces (client web)
• 8.3 Enhanced Mobility Support (BlackBerry,
  PocketPC, Symbian, SyncML)
• 9.0 Compliance and Archiving

8
(No Transcript)
9
Exchange
10
Why MS Exchange?

• Despite the real and/or perceived issues with
  Microsoft, there is significant demand for the
  feature rich, widely utilized Exchange/Outlook
  combination. If we dont offer this service
  centrally, units will continue to adopt it and
  will be forced into supporting it locally, at
  higher cost
• Market leader, and growing in market share (57
  in 2005)
• Messaging server most supported by 3rd party
  vendors (mobile devices, unified messaging,
  compliance, retention, archiving)
• The licensing costs of Exchange and Outlook are
  already covered as part of our new Microsoft site
  license
• Although security is a valid issue, we believe it
  can be managed with an appropriate design and
  mix of 3rd party products

11
Exchange Security

• All client communications restricted to Front End
  Servers
• RPC over HTTPS communications (SSL Encryption)
• OWA (SSL Encryption)
• IMAP / POP3 / SMTP (authenticated / SSL / TSL)
• ISA (Internet Security and Acceleration) Proxy
  Servers
• Protects Front End server services
• Moving from ISA to an appliance-based firewall
  solution
• Outlook 2003 native support for personal key
  individually encrypted messages
• Native Microsoft Database Encryption
• Symantec Antivirus protecting servers and
  Symantec Mail Security protecting Exchange Mail
  and Databases
• GFI Mail Essentials marking Spam

12
Expansion Plan

• Current Exchange infrastructure will be expanded
  to support 6,000 Outlook email/scheduling clients
  9,000 email only clients (IMAP, POP, Web)
• Hardware upgrades
• Staffing changes
• Phased, prioritized migration plan
• Content migration accomplished by client-side
  action

13
Future Architectural Changes

• Enhance spam scanning
• Implement faster backup solution
• Implement email archiving
• Minimize necessity for quotas
• Appropriately match requirements to storage
  technologies
• Evaluate Exchange 2003 SP2 mobile push features
• Link Exchange with HealthCare GroupWise servers
  so calendar data can be shared

14
Features Funding

• Finalize feature set and policies
• Finalize cost/funding model
• Goal is to stay cost neutral compared to current
  centralized offerings so no additional
  allocations will be necessary

15
Digital Certificates

• Jay D. Flanagan

16
Digital Certificates

• Utilizing VeriSign SSL Global Certificates
• Manage our own certificates via the VeriSign
  control center
• Went from 10 to 50 over a 4 year period
• Pushed all access for SSL up to 128 bit
  encryption
• Cost 594.00

17
Digital Certificates

• Moving to VeriSign SSL Standard Certificates
• Manage our own certificates via the VeriSign
  control center
• Purchased 75 certificates
• Cost 175.00
• Ordered 25 additional certificates and saved 20k

18
Digital Certificates

• More affordable for schools and departments
• Easy to request and implement
• Request via the following URL
• https//onsite.verisign.com/EmoryUniversityInforma
  tionTechnologyDivisionGlobalServer/server/index.ht
  ml
• This URL can be found on the digital certificates
  web page at
• http//it.emory.edu/showdoc.cfm?docid1384fr1025

19
ClientlessSSL VPN F5 Firepass

• Jay D. Flanagan

20
Clientless SSL VPN

• Remote Access to the Admin Trusted Core
• Checkpoints Secure Remote Client
• Limited number of Operating Systems that can be
  used with
• Does not have Linux or Solaris client
• Limitations and issues with MAC clients
• Problems with other applications on user machines
• Problems with ISPs (Bell South)
• Manual installation of new clients
• Reports of poor performance

21
Clientless SSL VPN

• Current VPN architecture has single points of
  failure

22
Clientless SSL VPN

• Customer Friendly tool
• Easy to use with little or no manual intervention
  from customer
• Usable with multiple operating systems and
  browsers
• Scalable to meet future expansion

23
Clientless SSL VPN

• Reviewed and evaluated three vendor products to
  replace Secure Remote
• Aventail SSL VPN
• Checkpoint Connectra
• F5 Firepass
• Chose F5 Firepass

24
F5 Firepass SSL VPN

• Architecture for new Firepass SSL VPN

25
F5 Firepass SSL VPN

• Go to https//vpn.emory.edu for access to the
  tool
• Use network id and password for access

26
F5 Firepass SSL VPN

• After logging in the user will be presented with
  two options

27
F5 Firepass SSL VPN

• Admin Core Remote Access Only From On or Off
  Campus
• This option should be chosen by those users only
  accessing the Admin Core
• Specifically if the user is on campus
• This option can also be chosen if the user is off
  campus and only needs access to the Admin Core
• Emory University Remote Access INCLUDING Admin
  Core From Off Campus
• This option should be chosen by those users who
  need to access both the Admin Core and the
  Academic Core
• Specifically if the user is off campus

28
F5 Firepass SSL VPN

• Once an option has been chosen
• First time users will have a plug-in loaded
• For windows users, this will be an ActiveX
  control
• The plug-in is only loaded on the first login and
  will not be seen on future logins
• May have to download the plug-in again for
  upgrades or when new features are added to
  Firepass

29
F5 Firepass SSL VPN

• Once the plug-in has loaded users will see the
  following connection screens
• After completing authentication this screen will
  automatically minimize
• Users can now do their normal remote access work

30
F5 Firepass SSL VPN

• Firepass supports the following browsers
• Dell Axim, Version 4.21.1088 - Windows Mobile
  2003, Second Edition
• Firefox 1.0.x
• HP iPAQ 4155, Version 4.20.0 - Windows Mobile
  2003, First Edition
• i-mode phone
• Microsoft Internet Explorer, version 5.0, 5.5,
  or 6.0
• Microsoft Pocket PC 2003 and Microsoft Pocket
  PC Phone Edition 2003
• Mozilla version 1.7.x
• Netscape Navigator, version 4.7x or 7.x
• OpenWave WAP browser
• Mozilla version 1.7.x on Apple Mac OS X 10.2.x
  systems
• Safari version 1.2 on Apple Mac OS X 10.3.x
  systems
• Safari version 2.0 on Apple Mac OS X 10.4.x
  systems
• Toshiba E800, Version 4.20.1081
• Windows Mobile2003, First Edition
• XDA II, Windows Mobile 2003 First Edition

31
F5 Firepass SSL VPN

• Additional Benefit
• Specific checks on user machines before allowing
  access
• Checks include
• Windows Antivirus Checker - Enforces antivirus
  protection and checks endpoint for viruses
• Windows Firewall Checker Checks presence of
  firewall
• Other Checks include
• Extended Windows Information Gets extended
  information about Windows OS
• Internet Explorer Information Gets extended
  information about Microsoft Internet Explorer
• Admin Console

32
F5 Firepass SSL VPN

• Reviewing use of tool to replace current Nortel
  VPN
• Working out the details with NetCom
• vpn.service.emory.edu
• Still several months away
• More details in future Briefing

33
(No Transcript)
34
it.emory.edu

• Karen Jenkins

35
Goals

• Provide a new combined IT website for all three
  divisions
• Links to other campus IT units
• Work with FA on common template/approach for all
  FA divisions
• Leverage existing content management system for
  near term improvements
• Research and evaluate long term enterprise scale
  CMS solution

36
Schedule/Milestones

• New it.emory site with new look and combined
  services
• Add NetCom services
• Add Healthcare services
• FA template
• New CMS

• January
• February
• TBD
• TBD
• TBD

37
Manage IT

• User Group Meetings
• Jan. 4th 200pm330pm Kennesaw gt Reporting
• Jan. 17th 930am1100am Kennesaw gt Training 101
• Suppress notification now available
• Purchased Dashboard module can now create more
  than 5 dashboards
• Close on Resolution capability
• Getting consultant beginning of January to bang
  out some of the customization requests
• Healthcare update
• Initial broad meeting (yesterday) went well
• Getting quotes for licenses and consulting

38
(No Transcript)
39
NetCom QA

• Paul Petersen

40
NetCom