Office of Learning and Information Technology

UW System CIO Council

Thursday, June 17, 2010

Madison, WI

Attendees
CIC Proposed Contract for Lynda Software
Cloud Computing
Security Update
Data Security and Privacy Update
Person Hub Update
Supplemental Systems
Service Center Transition
UW-Madison’s Google Apps Service Pilot
PKI
Hyperion Update
SIS Executive Committee Update
Procurement Update
CIC Leadership Training Update
Executive Videoconferencing
November CIO Meeting
CyberInfrastructure Days
Next Meeting

Attendees

CIOs and their Representatives Guests

Nancy Crabb
Jack Duwe
David Dumke
Chip Eckardt
Marsha Henfer
John Krogman
David Lois
Bruce Maas
Erich Matola
Ed Meachen
Jose Noriega
Kathy Pletcher
Elena Pokot
Stephen Reed
Mary Schoeler
Ken Splittgerber
John Tillman
David Stack
Doug Wahl

Chris Ashley
Elise Barho
Brian Busby
Lorie Docken
Ruth Ginzberg
Chris Holsman
Darrien Jones
Kathy Konicek
Rich Lampe
Jim Lowe
Paul Moriarty

CIC Proposed Contract for Lynda Software

Kathy Konicek explained that UW–Madison uses lynda.com for online technical training for students. The 600+ training courses are video-based, rather than static text and screen shots. UW–Madison wants to expand coverage to faculty and staff and Konicek is assessing interest on the part of the CIC (Committee on Institutional Cooperation) institutions and the remainder of the UW System (UWS) institutions. Some UWS institutions already use lynda.com in some capacity. A CIC contract would allow for opting in on an institutional basis. UWS Procurement has not been involved in the discussions to date.

UW–Milwaukee has not experienced any use of the small number of licenses it owns. Usage at UW–Stevens Point is rather widespread. UW–Stout has experienced steady growth. UW–Superior has a license for Atomic Training. Kathy Pletcher suggested that each institution refer a local contact person to Kolleen Apelgren at DoIT.

Cloud Computing

Bruce Maas reported that the EDUCAUSE/NACUBO white paper entitled Shaping the Higher Education Cloud has been released. It is a good vehicle for CIOs to engage with chief business officers (CBOs.)

The white paper recommends publishing a guide for developing business cases for cloud computing which include looking beyond the purchase price to the total cost of ownership (TCO). CIOs and CBOs need a common language, vocabulary and audit guidelines. Some faculty are concerned because they have discovered that portions of their data no longer reside at their institution.

Institutions will likely need to work together in groups to aggregate their experiences with cloud services. Within the last week, ECAR has published an article by Melissa Woo and Beth Schaefer of UW–Milwaukee on Structuring the IT Organization for Cloud Services.

Within the UWS, Ruth Ginzberg's cloud procurement committee is a model for engaging different stakeholders. Calculating TCO is the most difficult piece of the procurement process and the committee would welcome additional, knowledgeable representatives. It is difficult to get purchasers to even complete the state Department of Administration's (DOA) basic cost-benefit analysis form.

A long list of potential questions has been compiled for asking vendors about their adoption of best practices and compliance methodology. The list of questions needs to be honed for the most common circumstances. The EDUCAUSE/NACUBO white paper recommends that purchasing/brokering units be larger than a single campus - perhaps a regional or national consortium - because it is inefficient and more costly for everyone if vendors must answer scores of questions from every institution.

Ed Meachen explained that is especially challenging to calculate the TCO for services that the UWS institutions already run in-house, which makes it difficult to compare costs with cloud services. Ginzberg explained that DoIT is already an internal cloud provider for the UWS. Internal clouds are emerging as one of the most effective models in the marketplace as compared to a plethora of "little" vendor-based services that cost tens of thousands of dollars for each institution. Perhaps institutions other than DoIT should function as internal cloud providers for some of the smaller services within the UWS.

Maas expects that various existing associations, such as the CIC, will take up the various recommendations of the white paper Kathy Pletcher recommended that the white paper be shared at the fall, in-person UWS CBO meeting.

Security Update

CIC Endpoint Contract

Jim Lowe explained that the CIC issued a Request for Proposal (RFP) for six categories of endpoint protection products for enduser computers. The RFP was scored and a proof-of-concept exercise held. None of the publishers could meet all of the requirements, most were about 95% effective. The Symantec contract is currently being renewed for a perpetual license, not including content updates. Negotiations are still underway with two other vendors. UW–Milwaukee does not have enough technical staff to consider switching vendors for a marginally lower price.

A budget allocation for assessing security vulnerabilities was received from the Common Systems Review Group (CSRG). Products are being procured in two categories:

  1. reporting on the vulnerability of endpoint devices
  2. reporting on the vulnerability of restricted data, such as Social Security Numbers

Vulnerability Endpoint Tool

An RFP was created and the Secunia Software Inspector product was acquired last week on a five year license for all UWS faculty and staff PCs that run Microsoft operating systems, including home use. The next step is to plan the best way to deploy the software at the UWS institutions.

All of the UWS institutions have been enrolled in a system-wide Cis membership which publishes best practices and configurations for a variety of machines.

Vulnerability Database Tool

Many vendors want to levy a charge for each database, which is not optimal for the UWS. An RFP was created and the Repscan product from Sentrigo was purchased and licensed for use by all UWS institutions for three years. The next step will be the creation of a technical team to develop an implementation plan which will include a consultant at each institution during the August timeframe.

Data Security and Privacy Update

Stephen Reed discussed the frustrations of the Data Privacy and Security Governance Committee regarding the lead time that are necessary to get CSRG funding for security and privacy initiatives. Some of the necessary deliverables include:

  1. Developing a UWS Privacy Statement
  2. Developing a UWS Confidentiality Agreement
  3. Developing training requirements and opportunities
  4. Setting UWS data privacy and security standards and policies
  5. Determining lines of authority or lines of responsibility for data and data types
  6. Developing role definition for the Information Security Officers (ISO) at the UWS institutions
  7. Developing awareness training and ISO training
  8. Developing an information security assessment program
  9. Developing a security risk management program

Although the UWS institutions have unique needs, the committee feels it is important that none simply opt out of system-wide guidelines. The CIOs will need to come to consensus.

Ed Meachen reported that a draft data governance document is circulating within the Human Resources System (HRS) team. The Division of IT (DoIT) at UW–Madison has a tool for masking data during HRS testing in non-production environments. Security procedures are being developed for systems that will work with production data. Elise Barho reported that internal auditors are being integrated into the HRS test execution exercises.

Person Hub Update

Chris Holsman described changes to PICH (the Person Hub/IAM/Campus HRS) data exchange process to leverage the identity and access management (IAM) infrastructure and middleware. The HRS system will require a campus username and email address in order to provision a base level account for an individual. The steps of the provisioning will be:

  1. Data on an individual is entered by the campus through the HRS system and gathered into the Person Hub
  2. Data is returned from the Person Hub to the campus for provisioning the individual with an account
  3. The individual's campus email address and username are returned to the Person Hub, which is similar to today's process
  4. The individual's data are provisioned to the IAM Oracle Identity Manager
  5. The individual's data are provisioned to the HRS, at which point an employee has access to HRS

This methodology is simpler than the originally proposed Java solution. The methodology can also be used to provision services other than, or in addition to, an institution's PeopleSoft Student System.

It will be a challenge to meet the HRS implementation schedule for the fall and the initial HRS testing in July. The contingency plan will be to continue using today's provisioning processes.

Brian Busby reported that the MILER team will communicate shortly regarding what the person data feeds will look like and what campuses need to do to get the data into their account provisioning systems.

A revised process diagram will be circulated.

Supplemental Systems

Elise Barho reported that the FAQ for the HRS supplemental systems is in the process of being updated. The data mapping from the legacy system to the HRS system is complete and has been shared with some groups already. The data dictionary will not be completed until August.

Service Center Transition

Bruce Maas reviewed the Powerpoint that he will share with the CBOs tomorrow. The objective of an engagement with Huron Consulting is to prepare a conceptual organizational design for the UW Service Center after the HRS go-live. Current state and future state assessments are currently in process. The next phase will be benchmarking with selected peer organizations and then developing recommendations to close the gaps. Bi-weekly updates are being provided to UWS Vice Chancellor Darrell Bazzell and other key stakeholders.

The summary of the current state of the Service Center shows a number of inadequacies in organizational structure, business processes, staff resources, infrastructure resources and performance measures. A majority of survey respondents report that they have adequate access to Service Center staff and support. The Service Center staff who are doing actual work are also the go-to people when individuals at the UWS institutions have questions, which is inefficient compared to a dedicated help desk. Verbose feedback from the staff at the UWS institutions is appreciated.

UW-Madison’s Google Apps Service Pilot

Chris Holsman reported that UW–Madison has started a pilot project with Google for their Docs, Sites and Groups applications, but does not have plans to deploy gmail. About 200 people are in the pilot. Google Docs is already used by researchers for collaboration outside the university. Shibboleth is used for single sign-on to Google applications using UW-Madison credentials. DoIT will also contract for code to provision Google accounts upon first login rather than via a massive upload of data for everyone at the institution. The pilot won't go-live for the entire institution until this code is available. The three UWS institutions who are working with Google applications all have essentially the same license agreement.

The advantages to someone to use Google applications under the auspices of the university include:

  • intellectual property protections are in the contract, i.e., university users own their content
  • FERPA protections are in the contract
  • when in full production, the user directory will be populated so it will be possible to find other users from the same institution, which has value for collaboration and coursework

Sometime later this year, virtually all Google apps will be rolled into the suite, such as YouTube and blogger. Those individuals who have already created their own Google apps accounts will have their content rolled into the institutional site.

After individuals leave the university, their content can either be migrated from their institutional Google account to a personal Google account or downloaded.

PKI

Chris Holsman reported that a project team is being formed to create a UWS certificate authority for issuing personal Public Key Infrastructure (PKI) certificates.

Hyperion Update

Andy Taylor reported that two months ago the migration to the new Hyperion product was delayed somewhat due to load issues. There are still issues with peak volumes. A new version of Oracle Interactive Reporting is coming out in the fall that will officially support Internet Explorer v8. Therefore, the recommendation from the Business Intelligence Core Team is to wait for the availability of v11.1.2 in the fall. However, the Firefox and Safari browsers may not work well.

SIS Executive Committee Update

The SIS Executive Committee is losing two members and is interested in transitioning to a larger, more representative structure.

Ken Splittgerber reported that within the last month most of the UWS institutions have instituted Runner Technologies for address verification. Most institutions are using Runner as Software as a Services, but UW–Eau Claire is hosting Runner on campus.

There is now a working draft of a communications plan for engaging stakeholders in different venues. A Campus Solutions Forum meeting (similar to the former "Collaterals Group") will be held on the morning of July 22nd. Topics will likely include:

  • HRS data feeds and reporting
  • Implementation of PeopleTools 8.5
  • The UWS portal
  • Hosting Runner technology on campus
  • Federated identity management

Suggestions for additional presentations are welcome.

Ed Meachen explained that the HRS team is interested in learning how each UWS institution governs the data in its student system and how inter-campus data requests are governed. The SIS Executive Committee is interested in a redesign of the process for changing the Central Data Request (CDR) process, which will also raise questions of data governance.

The Perkins interface to the General Ledger that is used by several institutions will be replaced by the delivered interface. There will be a meeting with Perkins on July 22nd.

Chip Eckardt is interested in volunteers to make presentations in the WHEPSUG conference technical track in October.

Procurement Update

Ruth Ginzberg reported that the Microsoft contract negotiation group has been working for 18 months and a new Campus Agreement is near signing. The two top priorities are:

  • continuing the same discounts as previously
  • gaining remote access to software in computer labs when they are closed

For the latter, Ginzberg needs to know how many lab computers in the UWS will be available for remote access when the labs are closed. Some institutions have set up labs of computers that are never used in-person. The continuing discounts will be off of higher base prices. Potential additional academic reseller discounts will be re-bid by DOA.

There will not be a system-wide Gartner contract due to the lack of a procurement vehicle.

CIC Leadership Training Update

Ed Meachen reported that some 26 staff from the UWS institutions will participate in a year-long CIC leadership training exercise. The names of some of the participants still need to be forwarded to Ed Meachen.

Executive Videoconferencing

Next week, Ed Meachen will propose a high definition (HD) videoconferencing solution for use by the UWS chancellors. In the proposal, each UWS institution will be able to select its own equipment so long as it can interoperate in standard definition. Instructional Communications Systems (ICS) at UW Extension will acquire HD videoconferencing bridging equipment.

November CIO Meeting

Due to a conflict the November CIO Council meeting will be rescheduled from Thursday the 18th to 1:00 pm on Wednesday, the 17th.

Cyberinfrastructure Days

David Stack reported that the Wisconsin Cyberinfrastructure Day will likely be held on November 5th or 12th.

Next Meeting

If necessary, there will be a July CIO Council meeting via telephone from 9:00 - 11:00 am.

Meeting dates, the directory of the UWS CIOs and meeting summaries are available at www.uwsa.edu/olit/cio.