The Other Side of Middleware: Working with Policy Makers, Data Owners and Campus Constituents - PowerPoint PPT Presentation

Loading...

PPT – The Other Side of Middleware: Working with Policy Makers, Data Owners and Campus Constituents PowerPoint presentation | free to download - id: 243935-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

The Other Side of Middleware: Working with Policy Makers, Data Owners and Campus Constituents

Description:

28 October 2002 Internet2 Fall Member Meeting. A Bit About Middleware ... 28 October 2002 Internet2 Fall Member Meeting. Topics Not Covered. Business Case ... – PowerPoint PPT presentation

Number of Views:32
Avg rating:3.0/5.0
Slides: 76
Provided by: electronic54
Learn more at: http://www.internet2.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: The Other Side of Middleware: Working with Policy Makers, Data Owners and Campus Constituents


1
The Other Side of Middleware Working with
Policy Makers, Data Owners and Campus
Constituents


2
Panelists
  • Joseph Lazor Florida State University
  • Lesley Tolman Tufts University
  • Dave Tomcheck University of California, Irvine
  • Art Vandenberg Georgia State University
  • Ann West EDUCAUSE/Internet2/Michigan Tech

3
A Bit About Middleware
  • Middleware makes transparent use happen,
    providing consistency, security, privacy and
    capability
  • Identity - unique markers of who you (person,
    machine, service, group) are
  • Authentication - how you prove or establish that
    you are that identity
  • Authorization - what an identity is permitted to
    do
  • Directories - where an identitys basic
    characteristics are kept

4
Map of Middleware Land
5
Topics Not Covered
  • Business Case
  • Long-term Value
  • Technology details

6
Themes
  • Middleware is not just a technology project
  • Implementation challenges are a reflection of
  • Institutional culture and needs
  • Installed technology, requirements, and available
    resources
  • Leadership

7
  • Middleware Politics

8
Topics
  • Project Methodology
  • Stakeholders
  • Challenges
  • Lessons Learned

9
Whats unique about middleware?
  • Its like an ERP project
  • Cross institutional impact and value
  • Changes the way business is done
  • Leverages the crown jewels, our data
  • Its not like an ERP project
  • Rare for non-IT to lead the way
  • Costs less
  • Rare for the IT-data staff to implement it
  • Difficult to communicate the benefits
  • Transparent

10
Project Methodology
  • Three project approaches
  • Stealth
  • Application-based
  • Strategic

11
Stakeholders
  • Contributes to or benefits from implementation
  • IT (supplies/oversees data offers services)
  • Telecommunications
  • Campus-wide (email, calendaring, video, etc.)
  • Administrative
  • Academic
  • Student Services (supplies/oversees data offers
    services)
  • Registrar
  • Financial Aid
  • Advising
  • Admissions
  • HR (supplies/oversees data offers services)
  • Finance (supplies/oversees data offers
    services)
  • ebusiness (vendors)

12
Stakeholders
  • Library (supplies/oversees data offers
    services consumers)
  • Research services (supplies/oversees data
    offers services)
  • Advancement (supplies/oversees data offers
    services)
  • Alumni (supplies/oversees data offers services)
  • Athletics (supplies/oversees data offers
    services)
  • Academia (faculty/departments)
  • teaching (supplies data/consumer)
  • on-campus
  • distance ed
  • research (supplies data/consumer)
  • Facilities management (supplies/oversees data
    offers services)
  • Students (supplies/oversees data)

13
Challenges and Pitfalls
  • Misjudging readiness of environment
  • Business needs are not obvious
  • Aim, fire, ready
  • Going too slow is a problem too.
  • Lacking leadership and support
  • IT trusted?
  • IT on board?
  • Where are the weak spots?
  • Failing to plan up-front
  • What could go wrong/right?
  • Just-in-time opportunities
  • Not setting boundaries, short and long term
  • Leaving out key participants
  • Do they lose control?
  • Do they need control? Do you?

14
Challenges and Pitfalls (cont.)
  • Incurring legal or PR risks
  • Your president gets a call
  • Educating campus
  • What have you done for me lately?
  • Why should I care again?
  • Best practices
  • Passwords are like underwear
  • Were never done
  • Resourcing the project
  • Missing one or more function architect,
    implementer, project manager, communicator
  • Do this in your spare time
  • Lets go for the big bucks
  • Moving the on-going cost to the infrastructure
    category
  • Moving the operations to data-knowledgeable staff

15
Suggestions
  • Plan up front
  • Educate IT well before the external campaign
  • Assess weak spots
  • Allocate resources
  • Consultants, Training, Creative management?
  • What are the boundaries?
  • Be flexible and allow for opportunities
  • Overall architecture and tenets
  • Go for the easy wins to set up a track record
  • Include ability to iterate, pilot, and fail
    iterate, pilot, and succeed
  • Identify ways to measure benefits ahead of time
    for later flag waving
  • Consider opportunities taken, productivity gains
    through self-service

16
Suggestions (cont.)
  • Include key stakeholders early
  • Dont promise what they want offer reality
    instead
  • Bring them inside and develop strategy together
  • Develop your story early
  • Decide if middleware should even be mentioned
  • Tie the implementation to culture and business
    needs
  • Use stories and words your audience can relate to
  • On-going communication is critical
  • Find IT staff who can talk to the campus
    constituents
  • Include web/hard copy/personal communications
  • Consistency and constancy of message
  • Use the informal network
  • Dont do what you shouldnt do

17
If you build it
  • They will
  • Want it before you know they want it.
  • Want it before the pilot is done.
  • Want it right after its done because department
    A wants it.
  • Wait and see until department A B weigh in and
    then want it.
  • Wait until they are required to want it and still
    not want it.

18
  • Case Studies

19
  • Enterprise Directory Service A Case Study
    Florida State University
  • Joseph A. Lazor Office of Technology
    Integration jlazor_at_fsu.edu

20
Florida State University Highlights
  • 58,000 students, faculty, staff.
  • Main Campus, London, Puerto Rico, Panama City
    Campuses.
  • 10th largest in research royalties.
  • 17th most wired 1st in Florida.
  • 1200 Distance Learning courses.
  • Largest University owned supercomputer
    configuration in the U.S.
  • Bobby Bowden

21
Highlights
  • Centralized Finance Administration.
  • Centralized Information Technology Office of
    Technology Integration.
  • AVP-CIO Provost VP FA
  • Administrative human resources, financial,
    student, administrative services.
  • Academic Network, Labs, E-mail.
  • User Helpdesk, CBT training.
  • Office of Distributed Distance Learning
    Blackboard.
  • Data Center
  • Colleges, Schools operate with great deal of
    autonomy.

22
Enterprise Directory Service
  • Mission
  • Provide FSU and Our Constituents With Secure
  • Web Delivered Information Services that are
  • Personalized
  • Access to Many System Services with ONE
    Password
  • Easy to Use
  • Easy to Support
  • Available World-wide
  • Based on Progressive Industry Standard
    Technology
  • Positioning FSU for Integrated Systems with a
    Single Login.

23
Enterprise Directory Service
  • Expanding Community of Constituents
  • Expanding with Lifelong Relationships,
    Distance Learning, and Enrollment Management,
    etc.
  • Students on Our Four Campuses plus
  • Remote Learning Centers and Distance Learners
    Worldwide
  • Special Education Relationships (e.g.. Navy,
    Army, IRS)
  • Faculty and Staff
  • Prospective Students

24
Enterprise Directory Service
  • A Complex Community of Constituents
  • Students and Alumni sharing information
  • Family, Friends and Potential Employers
    Delegation of Access
  • Alumni Access to Services after they leave FSU
  • Academic
  • Business Partners i. e. Technology Transfer
    Partners
  • Research Partners i. e. Mag Lab, Internet 2,
    JA-SIG, Weather Service
  • Administrative
  • Potential FSU Employees
  • Oversight Relationships i.e. Purchasing,
    Accounting, Travel
  • Vendor for Business Services i e. Bookstore,
    Food Services
  • Complexity - Invisible to people using
    Integrated Web Security

25
Enterprise Directory Service
  • Security with an LDAP
  • A technical word for - Progressive Industry
    Standard Technology
  • Strong Password Encryption Worldwide
  • Reliable 7/24 Access to Services
  • Selective Access Control with User Roles
  • Limit Number of Invalid Login Attempts
  • Password Change Lost Password Processes
  • No Password Retrieval
  • Position Ourselves to Phase out the SSN and Move
    to Self-selected Webname for Web Identification

26
Enterprise Directory Service
  • Usability/Drivers
  • Single Login to Individualized Set of FSUs
    Systems
  • Privacy Security
  • Ease of Use, Familiar Look
  • Personal Choice of Favored Login Method
  • User Friendly Procedures (e.g. Lost Password,
    Secure Q/A) ? Help Desk Relieve
  • Personalized Services Environment (Real Name)
  • Fast and Easy Setup for First Time Users
  • Scalable to Larger Communities (Roles!)

27
Enterprise Directory Service
  • Rollout
  • Step One Business needs Campus wide. Web
    enabling legacy systems as foundation for
    Integrated Web Security was Implemented for
    Faculty and Staff Fall 2000.
  • Personalized Web names

28
Enterprise Directory Service
  • Rollout Continued
  • Step Two Personalized User Account Service and
    the Integrated Authentication Process
  • Conduct training Sessions for Key Business
    Offices.
  • Implement the User Account Service and the
    Integrated Authentication Process (using LDAP)
    for Faculty and Staff while Retaining the
    Current Menu and Applications.

29
Enterprise Directory Service
  • Rollout Continued
  • Step Three Students get Personalized Web
    services
  • Implement the New User Friendly Menu of Services
    including the Services for Enrolled Students.
  • Add Enrolled Students
  • Step Four - Implement Common Security and
    Password for ACNS and AIS Services - using LDAP

30
Enterprise Directory Service
  • Rollout Continued
  • Proceed to Integrate Additional Services and
    Communities
  • Blackboards Teaching and Learning Services
  • FSUs Web Based E-Mail
  • Alumni and Foundation - with our Shared Login
  • Admitted but not Enrolled Students
  • People applying for jobs at FSU
  • Student Support Service Toolkits for Staff
  • Students Delegation of Access - Family
    Employers

31
Enterprise Directory Service Outputs/Results
  • Integrated Web Security, and the Services
    Accessed through it, will Position FSU as an
    Integrated Web Services Leader in Higher
    Education.
  • FSU will be Positioned to Continue that
    Leadership with the Future Implementation of
    Digital Certificates which will Provide a
    technique for electronic signatures - an even
    Higher Level of Security.

32
  • Enterprise Directory Service Case Study
  • This concludes my first presentation and now Art!

33
  • Georgia State University Case Study 1
    Middleware Working with Policy Makers, Data
    Owners, and Campus Constituents
  • Art Vandenberg
  • Director, Advanced Campus Services
  • Information Systems Technology
  • Georgia State University
  • Avandenberg_at_gsu.edu

34
Culture, Business Needs Project Methodology
  • CIO - top level sponsor of eUniversity
  • Analogous to eCommerce, higher ed needs
  • Directory services (not limited point solutions)
    for id, authN, authZ per application
  • Seamless interfaces to applications libraries,
    email, calendaring, eLearning, room/resource
    access, etc.
  • Reduction of multiple electronic identities
  • Specific commitment, assignment charge for
    Advanced Campus Services - broad coordination

35
Specific Direction Action Plans
  • Feb 2000, ACS charged with
  • University-wide directory, metadirectory
  • Universal account creation (namespace)
  • Universal email solutions
  • Interface to other electronic domains (one card,
    library)
  • Public-private key infrastructure
  • NOTE Georgia States ERP domain
  • Peoplesoft financials, Student SCT begun, WebCT

36
Stakeholders
  • CIO and IT directors
  • Steering Group, scope doc, charter
  • Data Stewards for Person Working Group
  • registrar, hr, financials, card office, person
    registry
  • LDAP Technical Working Group
  • Application domains
  • WebCT, student email, Rec Center, one card office
  • University System - discussion, promotion
  • CIOs, Vice Chancellor, Technical staff

37
Pitfalls/ Missed Opportunities?
  • Misjudging readiness
  • Competing ERP deployments
  • Not ready for prime time PKI
  • Business needs not obvious
  • Hard to engage ERP teams focused on their core
    tasks
  • But we can already do that! (finding a killer
    app)
  • Well do that later, as soon as finished with
    priorities.
  • Lack of trust from data custodians?
  • Not really, but challenges withtechnical
    custodians

38
Opportunities?
  • Re Bringing in key stakeholders
  • Deference to ERP teams (hindsight is 20/20 but)
  • Howeveraircraft carriers need room (time) to
    turn
  • Changes the way we do business
  • Easier for new applications to embrace change?
  • WebCT, student email, Rec Center
  • Major event horizon (inevitable)
  • First stop is person registry, then HR
  • Change process, not business
  • University System - a necessary engagement

39
Legal Risks with Data
  • Limit initial issues (but be aware)
  • If risky, leave data behind ERP wall (cf. bank
    accounts)
  • Person registry actually inserts level of
    protection
  • Publishing/provisioning can have appropriate
    limits
  • Registry remains behind access controls
  • White pages print directory (Registrar/HR)
  • Core principles
  • Authoritative sources remain ERP systems
  • Data Stewardship Access Policy governs all data

40
Silos and Fortresses?
  • What about aircraft carriers?
  • Major ERP implementations already underway
  • Production and operations culture vs. RD
  • Technical debates can be ltinvigorating/debilitati
    nggt
  • Tactical versus strategic
  • Just do it (works well initially)
  • Iterative process, that keeps focusing on
    strategy
  • Remember, were part of a state system
  • Keeping one eye on national initiatives in
    middleware

41
Communication Model
  • Enterprise Directory Infrastructure Steering
    Group
  • CIO and IT directors
  • Start biweekly, phase toward monthly end year 2
  • Level setting, resource identification,
    priorities
  • University System
  • Burton Group directory/PKI seminars (1999-2000)
  • Directory Working Group (3 research, system
    office)
  • Establish vocabulary, concepts, general consensus
  • Recommendation to ACIT (CIOs V.Chancellor)
  • Directory of directories/system-wide id/ERP
    integration

42
Communication
  • Conferences
  • University System Rock Eagle, CUMREC
  • Focus-IT newsletter, campus contacts
  • System Committee on policy for SSN
  • Internet2 Middleware working groups
  • Support group, sanity check, best practices
  • Consider as retreat renewal for more
    evangelism
  • Technical staff (listen, be patient, leverage)
  • Work it until its part of the IT vocabulary

43
The Sales Pitch
  • Focus on application areas
  • Middleware may be too arcane, except for
    initiates
  • Printed Directory as a metaphor
  • Provisioning - as it impacts colleges/depts
  • Automatic course rolls for WebCT
  • Universal email(and for admitted students)
  • New staff hires (get them online day one)
  • Account management - as it impacts technical
  • User X has what accounts? Who is in application
    Y?

44
Hot Buttons Internal Pressures
  • Doesnt everyone use same email? (No!)
  • President Why cant I send email to all
    faculty?
  • I want to choose my own unique ID
  • New hire online day one
  • Group email, paperless office, email check advice
  • Too many ids, too little management
  • Operational/production missions take priority
  • Resources staff, time, money (in that order)

45
Wormholes Strategic Goals
  • Goose gander (student email policy staff too)
  • Aha! (Metamerge NMI-R1 for dynamic groups)
  • Just do it! (Forgiveness negotiable)
  • Involve faculty students (competitive edge)
  • Support teaching learning mission
  • Integrate with ERP systems (Campus Pipeline)
  • 3 years but directory services on VCs plan!

46
Carrots Sticks
  • Well do this app for you if
  • vs
  • We can do this app better if
  • Involve from beginning?
  • Advantage sometimes, sometimes not
  • Good for us research faculty students
  • Find customer app that sells WebCT,
    demographics
  • The problem you want middleware advisors!
  • Youve really arrived!

47
  • Policy and Data

48
Overview
  • Technical Implementation of Institutional Policy
  • Pitfalls
  • Suggestions

49
Institutional Policy
  • Defining and Maintaining Policy, e.g. Parking
    Permits
  • Business Rules Derived from Policy
  • Implementing Technical Triggers of Policy
  • Applications enforce business rules and policy
    definition, e.g. SAA
  • Middleware glues applications via messaging and
    transaction services

50
Challenges
  • Data Owners and Control Issues
  • Policy Framework out of Sync with Reality
  • New Culture of Staff/Faculty/Students
  • New Mobility
  • Increased Regulatory Environment
  • Greater Concern over Privacy


51
Challenges (cont.)
  • Managing Policy Change
  • Implementing Technical Triggers
  • Policy Conflicts with Stakeholders, e.g. password
    expiration
  • Directory Management with Middleware
  • Role Definition data comes from disparate
    systems and can overlap
  • Need Group Role Management e.g. LDAP

52
Challenges (cont.)
  • Data Access
  • FERPA for Students
  • Application Level Security
  • New Concern for Privacy e.g. SB1386
  • New Definition and Role for Data Owners

53
Challenges (cont.)
  • Security Issues
  • Level of Granularity
  • Build vs Buy - Software that scales to
    Enterprise-wide Implementation.
  • Non-repudiation
  • Risk vs Cost e.g. Ph vs Payroll
  • Robustness, Redundancy for Business Continuity

54
Suggestions
  • Communication
  • Understand the policy process well
  • Have executive management support
  • Develop a cross-functional campus committee for
    resolution of conflicts
  • Include annual review of process and
    applications/data use

55
Suggestions (cont.)
  • Applications have to be owned by a stakeholder
  • Data integrity responsibility owned by
    appropriate stakeholder
  • Process for identity reconciliation, e.g. married
    name vs professional name
  • Spend time getting educated about middleware

56
  • Case Studies

57
  • Enterprise Directory Service A Case Study
    (Continued) Florida State University
  • Joseph A. Lazor Office of Technology
    Integration jlazor_at_fsu.edu

58
Coke or Pepsi Recipe (Lessons Learned)
  • Understanding authentication versus
    authorization. Ldap is not a security protocol.
    Solid, Comprehensive communication plan.
  • Two (2) ldaps There can be more than one
    Joseph Lazor Network ldap Directory services
    (e-mail, phone book). (Academic)
  • Application ldap directory enabled
    applications. (Administrative)
  • Distance Learning Application.
  • Data sources multiples dbs.
  • Costs mainframe legacy versus client server.
  • Enterprise reach consensus on design summary
    early on, multiple ldaps with different
    functions/services.
  • No Bridges/interfaces inherent in design
    methodology

59
Coke or Pepsi Recipe (Lessons Learned)
  • People single project manager, dedicated
    resources, project design.
  • Policy - Common schema eduPerson 1.0/1.5,
    fsueduPerson 1.0
  • Policy - Common user account generation and
    naming conventions.
  • Policy - Common security standards.
  • Policy - Enterprise - Unique user ID
  • Policy - Open standards solution Active
    Directory, Metadirectory

60
Coke or Pepsi Recipe (Lessons Learned)
  • National Science Foundation Middleware
    Initiative (NMI) Integration Testbed
  • Eight (8) Higher Education Institutions working
    together with SURA, EDUCAUSE, Internet2, and the
    GRIDS Center to share and solve research and
    education technology initiatives - integration
    with middleware.

61
Enterprise Directory Service
  • And so where are we?
  • NMI
  • ERP
  • Enterprise LDAP/Active Directory Integration.
  • Better design and integration/bridge efforts.
  • Metadirectory
  • Portal

62
Enterprise Directory Service Case Study
  • This concludes my presentation and now Art!

Joseph A. Lazor Office of Technology
Integration jlazor_at_fsu.edu
63
  • Georgia State University Case Study 2
    Middleware Working with Policy Makers, Data
    Owners, and Campus Constituents
  • Art Vandenberg
  • Director, Advanced Campus Services
  • Information Systems Technology
  • Georgia State University
  • Avandenberg_at_gsu.edu

64
Technical implementation of institutional policy
  • Data owners and control issues
  • Data Stewardship Access Policy. Very helpful
  • Consensus source systems retain authority
  • There is control and there is control. Do
    technical staff know functional needs?
    (Careful)
  • Who drives project? (Remember Organization is
    the winner Strive for consensus)
  • End users are data owners too!
  • Person registry has data steward

65
Implementingpolicy
  • Policy Framework from the 1990s management
  • FERPA Based on printed directory (annual,
    static), not directory services (online, dynamic)
  • Was Name, title, address, phone Now email,
    uid, URL, pager, cell, mobile, jpeg
  • Now multiple roles overlaid with privacy issues
  • Now lifetime CRM pre- post-relationship
  • Publication of employee info Were lucky (I
    think) being public institution
  • Know your institutional policy process

66
Implementing policy
  • Implementing triggers of institutional policy
  • ERP policy in person registry be specific, be
    careful
  • Current, active student? 25,000 vs 61,000
  • If student elects FERPA suppress, what about
    directory entry?
  • Definition of privileges application by
    application
  • Do not ASSUME agreement on definitions (spell it
    out)
  • Technical staff defer to functional nothing is
    simple
  • Be careful how you change business process (cf.
    payroll doesnt/cant/shouldnt initiate identity)

67
Implementing policy
  • Role definitions faculty, staff, affiliate
  • Hey cool! Im faculty at the Library!
  • More student employees than faculty
  • Are student employees covered by FERPA?
  • When does (can) an employee start?
  • Concept of provisional hire (need date
    triggers)
  • Hierarchy payments out trumps fees paid in
  • Retirees, survivors passed away
  • Vendors, affiliates require sponsor, date limits

68
Suggestions
  • Communication is good, and builds buy-in
  • CIO, IT Directors, data stewards, technical
    staff, campus
  • System peer institutions, Internet2 Middleware
  • Aim high,but focus on application specifics
  • Iterative development. Iterative review
  • Dont underestimate group organizational
    dynamics
  • Allow stewardship to work
  • Identity management is shared
  • Think metadirectory services (value add, not
    replace)

69
  • Questions and Wrap-up

70
Wrap Up
  • Middleware is
  • A strategic infrastructure
  • 50 technical and 100 political
  • Dont reinvent the wheel
  • Each implementation is different
  • Big picture process and requirements are the same
  • There are resources that can help
  • Assess strengths and weaknesses
  • Plan accordingly
  • Communicate and manage relationships
  • This is key

71
Enterprise Middleware Educational Opportunities
  • Workshops
  • Pre-conference Seminars at EDUCAUSE Regional
    Meetings
  • Campus Architectural Middleware Planning
    Workshops
  • Base CAMP (Orientation) 5-7 February 2003
  • CIO and Technical staff
  • Getting started topics
  • Advanced CAMP July 2003
  • Highly technical
  • Research topics

72
On-line Resources Available
  • Introductory Documents
  • Sample Middleware Business Case and corresponding
    Writers Guide
  • Identifiers, Authentication, and Directories
    Best Practices for Higher Education
  • Identifier Mapping Template and Campus Examples
  • And more.
  • See resources page of www.nmi-edit.org

73
Websites and Email Lists
Websites and Discussion Lists
  • http//middleware.internet2.edu
  • http//www.nsf-middleware.org
  • http//www.nmi-edit.org
  • http//www.grids-center.org
  • Middleware information/discussion lists
  • http//mw-announce_at_internet2.edu
  • http//mw-discuss_at_internet2.edu
  • NMI lists (see websites)

74
Contacts
  • Joseph Lazor jlazor_at_admin.fsu.edu
  • Lesley Tolman lesley.tolman_at_tufts.edu
  • Dave Tomcheck tomcheck_at_uci.edu
  • Art Vandenberg avandenberg_at_gsu.edu
  • Ann West awest_at_educause.edu awest_at_internet2.edu

75
www.internet2.edu
About PowerShow.com