Office of Learning and Information Technology
University of Wisconsin CIO Council
- HRS Project:
- IAM Roadmap
- Data Sanitization Decision
- Credential Assessment Framework
- WiscNet Network Participation Model
- Stimulus Measure for Broadband Networks
- Procurement Issues
- Common System Review Group Update
- Next CIO Council Meeting
CIOs and their Representatives
Ed Meachen introduced Mike Sherer, the new CIO of UW–Platteville, and Rob Cramer, the CBO from Platteville.
To date, the Human Resource System (HRS) project has:
- inventoried scope and assumption parameters
- developed the first draft of a high level plan and resource requirements
- confirmed the team structure
- defined alternative implementation options
- identified development sourcing approaches
The immediate next steps are to:
- confirm campus involvement
- staff and mobilize the project team
- confirm the scope and assumption parameters for 99 high level business processes
- update the project plan and resource requirements
- develop current and future state business processes
Without being specific about a particular year, the Peoplesoft 9.0 functionality could be deployed over 12 months in four releases:
- Release of base functionality during a January, including:
- Human Resources
- Base Benefits
- Time and Labor
- Absence Management
- Financial Integration
- Talent Acquisition - early adopters
- Base Enterprise Performance Management (EPM)/Reporting
- Release of additional business functionality during the following April, including
- Enterprise Performance Management initial functionality
- Self Service for Early Adopters with ePay
- Release of further functionality during the following September, including:
- Benefits Administration
- Talent Acquisition
- Release during the following January of:
- Enterprise Performance Management full functionality
- Full Self Service
The HRS project is organized in layers:
- Project leadership for garnering support, setting direction and allocating resources
- Project management for supervising the teams and managing scope and issues
- Three joint Huron/UWS teams
- Business process and applications team with sub groups for:
- Finance integration
- Technical team
with sub groups for:
- Technical architecture
- Security (aligned by process)
- Development (aligned by process)
- Reporting/EPM (aligned by process)
- Conversion (aligned by process)
- Change management team with sub groups for:
- Training (aligned by process)
- Support (aligned by process)
- Campus coordination (aligned by process)
- Business process and applications team with sub groups for:
- Testing group to prepare and conduct integration, systems, performance, parallel and user acceptance testing
- Campus representatives who:
- align campus processes and jobs with PeopleSoft
- provide configuration values and integration extracts
- cleanse and stage conversion data
There are some 64 applications across the UW System that help with talent sourcing. Therefore, the Talent Acquisition Management (TAM) team may be led outside of UW–Madison, perhaps at UWM. The team would do the configuration, process mapping, etc and be the primary owners of the system after it went live.
A Huron tool was used to estimate the number of hours of development effort that will be required. There are many legal reporting and compliance requirements which make the estimate resistant to downsizing. The major types of work are:
- Reporting for both PeopleSoft and EPM
- Interfacing for both PeopleSoft and EPM
- Enhancing online functionality, batch functionality, EPM, Time & Labor and Absence Management
- Converting PeopleSoft and Legacy systems
Perhaps the UWS institutions could undertake some 25% of the development work with their existing staff expertise and another 13% could be done offsite. The council was concerned that the CBOs will be nervous about the total cost and when the various costs might hit. On the other hand, Bruce Maas expressed interest in sourcing staff to a system-wide project in these tough budgetary times to keep them engaged should on-campus development efforts radically slow. Other UWS institutions may not have staff resources to hire out for more than a few months at a time.
Some of the development work that could potentially be performed by the UWS institutions includes:
- Human Capital Management online workflow modifications
- batch modifications
- PeopleSoft report development
- Hyperion report development
- interface development
- ETL development
- legacy conversion
In many cases, functional skills are more important than PeopleSoft technical skills. Staff from the institutions would not have to do all of their work in a common location, but it would be good if they could come together on a regular basis. Engagement of full FTEs for at least a year would be preferable to get the project over the major initial push. There may be some smaller, modular tasks that could be done on a half time basis, e.g., writing 20 reports over three months.
The next steps in this process are to:
- Decide on the type and level of campus involvement
- Identify the team members who have the desired skills
- Confirm the team member involvement
- Communicate the team involvement to the project team
- Staff the team members to the project
The team will have a meeting with the institutional site leaders on March 9th to talk about possible roles, responsibilities and data cleansing. Lorie Docken asked the council members to think about potential staffing options before the next CIO Meeting. The HRS Project would cover the cost of campus work on resourcing HRS.
Keith Hazelton reported that the common themes in the CIO responses to the Identity and Access Management proposal from the last council meeting were:
- not enough information to evaluate the alternatives
- no requirements across the UWS
- no high level architecture
- lack of implementation details
- lack of specific benefits for faculty, staff and students
Some of the concerns regarding a scheme utilizing common UWS IDs were:
- too many constraints on local campus abilities to tailor credential policies and practices
- resource commitments to restructure local campus information flows and interactions
- a systemwide common format for identifiers would be too constraining
- campuses would move toward federated access on their own
- no compelling benefits
Respondents also felt that the alternative based upon local credentials was not clear.
Steve Devoti clarified the different options with graphics. Option A for systemwide IDs would have the sourcing of credentials take place in the local campus student information and and ad hoc systems. The credentials would be passed on to a central UWS credential and core attribute store. Credentials and passwords would be replicated back to the campuses. It would be complicated to manage the namespace so there would not be ID conflicts between campuses. However, this approach would enable a central federation domain for the UW System between InCommon and other federations. Intra-system authentication, e.g., UWS Common Systems or shared services, would be supported by a central AuthNZ infrastructure.
Option B has two variations, a virtual directory overlay or campus by campus federation.
The virtual directory option would leave most of the components and practices as they exist today, but would bring them together into a virtual resource that looks like one directory. To outsiders, the directory would look like option A, but the data would not be brought together physically. There would be a central core attribute store that would be similar to today's Identification, Authentication and Authorization System (IAA), but no central credentialing. Replications would be sent to the central core attribute store as they are now sent to IAA. It would be possible to federate the virtual directory infrastructure into a systemwide domain for interfacing with InCommon and other federations. There could be problems if the individual campus directories were unavailable or the data latency too high. There would not need to be a common namespace, duplicate identifiers could be resolved through an identifier that people don't ordinarily see. Similar to option A, a central AuthNZ infrastructure could be created for the UWS Common Systems and the like.
Creating standards based federations campuses using SAML and Shibboleth would be a more radical approach. The sourcing and replication would look the same as the virtual directory option. However, to the outside world the UWS would not look like a single federation domain and each campus would need its own federation infrastructure such as CAS, Pubcookie or Oracle Access Manager. Each UWS institution would have to federate with InCommon and other UWS service providers, including the Common Systems. Every campus would have to implement this model in order for it to work for UWS business purposes.
Various hybrids of these models are possible, e.g., a virtual directory with individual campuses also doing their own federations. A systemwide implementation could morph from one model to another as it evolved.
Nancy Crabb noted that students and faculty from WTCS, and other non-UW persons of interest, need credentials and the ability to log into the UWS systems. Steve Devoti confirmed that could be handled by any of the options. Elena Pokot inquired about the various workloads that would have to be shouldered by the UWS institutions versus the central IAM project under the different scenarios. The presenters explained that the magnitudes of the different workloads are not clear, however option A has the most work overall. Ron Kraemer stressed that federation is in our future due to drivers from the vendor community and the organizations to which our institutions belong. Even with option A, there would be a federation overlay.
In response to a question from Dave Dumke, Steve Devoti explained that a lot more work would needs to be done to lay out what the vulnerabilities and operational considerations of the various scenarios would be, especially if the UWS institutions know that they are more interested in either of the B options. Kathy Pletcher suggested that the IAM team talk directly with the people at the UWS institutions who manage these services because they are the ones with the questions and concerns. On the other hand, the council members would not want their campus staff to dismiss a technology out of hand just because that is now how things are currently being done.
Ed Meachen expressed concern about going forward with option A at the same time as the HRS Project. Perhaps when the new HRS system is in place, option A would become more feasible because there would be a common point of identification for all of the UWS employees. The consensus was that the team should do more work on outlining the virtual directory option. The systemwide group that met on February 10th will be reconvened. The council expressed their appreciation for the clarity that Steve Devoti brought to the discussion via his graphics.
Stefan Wahe reported that the results of the third Credential Assessment Framework (CAF) survey were discussed at a UWS Security Summit and the seven findings were incorporated in the report that was distributed at the council meeting. There has been definite progress at most of the UWS institutions. In some cases where institutions downgraded their progress report it was because they had a better understanding of what was involved. The fourth annual assessment is planned for August 2009. Greater engagement across the UWS institutions is needed to fully address some of the items. The passing of Level of Assurance (LOA) attributes through the IAA system needs to be developed. There are not many external auditors who can do independent reviews of credential stores according to the CAF framework. The Security Summit attendees would like greater specificity for some of the requirements, such as logging. Lorie Docken will check with the HRS project team regarding when they need CAF compliance for testing purposes. The group that attended the Security Summit will continue to shepherd the compliance efforts at the UWS institutions.
Jim Lowe reminded the group that an SFS security assessment was conducted in June 2007 which recommended that credit card data, SSNs etc, be sanitized in non-production environments such as testing and development. The Common Systems Review Group has provided a certain amount of funds for acquisition and maintenance of data sanitation software. Upon the recommendation of the CIO Council at the January 2009 meeting, the RFP was evaluated from a systemwide perspective rather than just a common system perspective. An intent to award has been released to Applimation which was just purchased by Informatica. The options on the table are to either purchase a systemwide license, with contributions from the UWS institutions, that could be used at the campuses, or a license that only would cover the common systems (and the UW–Madison campus because of their involvement in hosting services) that would be paid for by the CSRG funding. The developers at some of the UWS institutions have expressed concern about the additional workload required for sanitizing data versus putting additional security controls in their test and development environments. There may also be higher security priorities than data sanitization at the UWS institutions. The council members will talk further with their DBAs and get back to Jim Lowe within a week.
Meanwhile, the UWS Endpoint Security Strategy Team has gone forward with an RFP for a data search tool to identify forgotten but sensitive data residing on PCs. A report on end-point security tools is also being prepared. A security event manager product is being investigated and an initial Hightower purchase has been made. Volunteers are needed to work on an RFP for vulnerability management tools during the summer with the support of some Common Systems funding. These efforts represent a learning process for the UWS institutions because the institutional staff have been accustomed to investigating and acquiring products on their own. The council complimented Jim Lowe on his leadership of these systemwide efforts. CIO's need to let Jim know by February 26th if they are interested in option A.
Since 2007, the WiscNet Grow Smart initiative has kept rates from rising without capping bandwidth. Although it was a good interim fix, the WiscNet board is proposing a new long term model. The principles behind the proposed fee model are:
- total fees = total costs for services, i.e., no cross-service subsidies
- treat members equitably
- usage insensitivity
- predictability by member history, demographics and service portfolio, i.e., no wild swings
- resilience to bandwidth supply/cost perturbations without wild swings
- model and fees are easy to explain
- fees are easy to compute
In the proposed model, fees are based upon:
- student population
- institutional "mission" as loosely defined by #4 above
The model encompasses all WiscNet members, not just the UW System. Proposed network participation fees were distributed to the council and are roughly equivalent to Grow Smart and are expected to remain so for a few years. If increases become necessary, fees will be increased by a percentage across the board.
Elena Pokot inquired about potential effects on UWS institutions that may oscillate back and forth between two fee bands. David Lois said the intent of the effort is to set the bands such that institutions do not fluctuate across them. David Dumke suggested that the bands be narrower so that there are not such wide fee increases going from one band to the next.
The WiscNet board will consider all feedback in March and present a final plan in May.
Dave Lois reported on the breakdown of the $790 billion federal stimulus package. The funds are being administered by NTIA and the Rural Utility Service of the Department of Agriculture. A large percentage of these funds are being directed to public projects without commercial tax incentives. There is an initiative to address the needs of the underserved without any broadband speed limits. There is funding for "broadband education."
To take advantage of these funds, the processes for giving and applying for grants need to be fleshed out. The funds are set to trickle out over three years, with the majority being released in the third. The Obama administration is expected to make additional funds available for broadband beyond the stimulus package. EDUCAUSE has been pushing for $100 billion in funding for the Blueprint for Big Broadband. Dave Lois and the CIOs discussed various way to take advantage of the federal stimulus package.
Ruth Ginzberg introduced Rich Lampey and Melissa Viken who were newly hired in the Purchasing Office. She reported that there is a governor's waiver for a 5 year D2L contract that is being circulated to the stakeholders. The eportfolio module will be attached as an addendum.
There is now a requirement to provide an Oracle contract true up using IPEDS data on an annual instead basis instead of every two years. The Peoplesoft division of Oracle has requested the same data.
The Microsoft Campus Select agreement is up for a renegotiation. Melissa Viken has contacted the volunteers for this year's committee. Additional volunteers should contact Ruth Ginzberg.
The Wisconsin Department of Administration has received the first disbursement of their Microsoft refund vouchers, but the UWS has not received any vouchers as of yet.
Address cleansing bid to replace First Logic is being worked on. The Midwestern Higher Education Compact contract use has been traditionally restricted by DOA but you can follow a procedure for requesting purchasing off it. A discussion of the need to get going on the Hyperion bid process for resolving the reporting environment issues. TIS contract renewal is being discussed but if staffing is not allowed this would be difficult to proceed with.
Bruce Maas sent the council a subset of the procurement information for a survey development tool hosted by a third party. The goal is release a bid shortly for either UWM to acquire a product independently or for the UWS to purchase a systemwide license with funding from the participating institutions. A decision will likely be made in the early April timeframe.
Bruce Maas reported that UWM has acquired the Xythos Enterprise Document Management tool (EDM) but has not been able to put it into production due to lack of staff resources. The campus has been skipping every other Xythos upgrade cycle to keep the workload manageable. EDM has been made available in a test environment at UWM for use by the records officer who is very enthusiastic about the capabilities for tagging various types of files. He is working with UWS Legal Counsel Laura Dunek on strategies for archiving email appropriately that would apply to both Xythos and other file storage solutions. Bruce Maas is willing to help institutions that want to negotiate with Xythos for additional capabilities. He is also willing to share information regarding the functionalities of non-EDM Xythos products. The UWM Division of Recruitment and Outreach will be doing a records management pilot. They have already been doing all their filing in Xythos for two years without EDM. Elena Pokot suggested that a presentation be done at the next ITMC meeting.
Ed addressed the group on the Common Systems budget proposal. The budget has been developed without knowing the cost of HR project and budget system interface. The financial plan to deal with the 14% net increase suggests rolling over FY10 contingency to the campus assessments. We are struggling with the overall increase of costs of the whole portfolio of products and projects. Need to get a solid base of funding to run production applications. Looking at a possible tuition hold back two years from now from a possible tuition increase.
The next meeting of the UWS CIO Council will be Thursday, March 19, 2009.