Office of Learning and Information Technology
UWS CIO Council
August 20, 2009
- Demonstration of UWM’s Calendar Subscription Center
- Security Strategy EndPoint Team Report Discussion
- IAM Architecture
- Stimulus Measure for Broadband Networks Update
- UW System Procurement Update
- HRS Project Update
- Learn@UW Utility Pandemic Guidance Document
- Alliance Conference
- ITMC Meeting
- HEUG Membership Fee
- VMWare Survey and Contract
- Next CIO Council Meeting
|CIOs and their Representatives||Guests|
Bruce Maas explained that the calendar Subscription Center is a part of UWM's strategic initiative to shrink the size of the campus for incoming students by helping them to be better organized. The theory is that this will help them stay in college and not drift away during the first six weeks. Other initiatives that are part of this effort include enhanced tutoring and mentoring services and an early warning system within Peoplesoft that encourages faculty members to flag freshmen who appear to be struggling
Michael Hostad of UWM is leading the effort that is bringing the Higher Ed Web Association conference to Milwaukee on October 4-7. He explained that the Subscription Center is functionality that UWM has added to their PantherLink service, which is an implementation of Zimbra for email and calendaring. People can subscribe to various organizational or theme calendars which are then included as a layer on their personal calendar and automatically kept up-to-date when the calendars are modified. The subscription center was developed as a "zimlet," and includes a collection of public calendars that are:
- categorically organized
- managed within personal Pantherlink accounts
- created in .ics format whether by the University or another organization, e.g., weather, sports, movies, Facebook events
- published in both html and .ics format for distribution beyond the institution
The Subscription Center features:
- ease of use
- a consolidated calendar of important University dates and deadlines from the Registrar, Financial Aid and Financial Services
- metatagging of events, e.g., "diversity" or "free food"
- integration with Facebook so students can merge their academic lives with their personal lives
- subscription tracking, e.g., the number of people who are using the various calendars created by different campus units
- Phase 1 - launches tomorrow with 50 academic and social calendars and the functionality for:
- finding calendars
- subscribing to calendars
- bringing in Facebook events
- Phase 2 - fall/winter 2009
- event tagging
- integration with the institution's content management system
- dragging and dropping between subscribed calendars and personal calendars
- Phase 3 - spring 2010
- faculty taking control of the calendars for their classes that are automatically generated from PeopleSoft data
The creation and entry of data into custom calendars is done by the departments using the regular calendar tools. The departments share the special purpose calendars with the web developers who make them available to everyone via the Subscription Center after approval by appropriate steering committees. If a department is already using another tool to create a calendar that can be exported to an .ics file it can be pulled into the Subscription Center, e.g., the .ics file on brewers.com.
The CIO Council would like to see a list of the sources of interesting, publicly available, .ics files
Ed Meachen explained that although Jim Lowe was unavailable today, he will be invited back in September for further discussion of the report of the Security Strategy EndPoint team. John Krogman noted that the goals of the report are laudable but funding will be a challenge in the current economic times. To be successful, a proposal will likely need to be prepared for review by the Common Systems Group for both educational and funding purposes.
David Lois said he would prefer to see recommendations for standard practices, e.g., desktop encryption, rather than recommendations for procuring specific products. This approach was used for developing the Credential Assessment Framework and was preferred by several of the CIOs, especially those from the institutions that are successful in setting and enforcing standards. The institutions that have more difficulty in setting campuswide standards may prefer to raise issues through the mandatory purchase of a product.
Bruce Maas stressed the importance of the report's recommendation for establishing a governance group. However, a question was raised regarding the relationship between such a group and the existing Identification, Authentication and Authorization (IAA) governance group which also looks at issues of data stewardship and release. Elena Pokot explained that the purpose of IAA governance is to ensure that campus data is handled appropriately at the UWS level. It does not look at how data is stored at the institutions. The IAA group is more involved with policy and compliance, not the technical issues of storing data on systems. However, data custodianship is an issue that is common to both groups.
Steve Reed noted the value of having a system level approach that is realized at the institutional level. He will share some information regarding the Minnesota State Colleges and Universities System (MNSCU) approach which can then be compared with the existing IAA governance documents.
John Krogman noted the urgency of addressing these issues in light of the Human Resource System rollout which will give some 2,000 people broader access to personnel data. Chip Eckardt pointed to the rise of insecure netbooks, as opposed to full fledged PCs, as tools for accessing this data. Nancy Crabb indicated that some people will use even less secure mobile devices, such as iPhones. Bruce Maas noted the difficulty in getting some data custodians to step up to the responsibilities of their roles.
Ruth Ginzberg reported that almost every day a UWS institution wants to enter into a software as a service (SaaS) contract with a vendor that would result their storing the personal data of students or staff. The terms of many of these contracts are laughable.
A working group will be chartered next month when Jim Lowe is available and Steve Reed has had a chance to ask MNSCU for copies of their materials.
Chris Holsman and Keith Hazelton distributed a handout showing an overview of the proposed integration between HRS and the Identity and Access Management (IAM) system. The relationship between the two systems is two fold:
- HRS is an authoritative data source for IAM for demographic data for UWS employees for UWS systems (as the Integrated Appointment Data System (IADS) is now for IAA). The more data that can be sent from campuses through the HRS system, as opposed to supplemental sources, the easier it will be to provision accounts and authenticate individuals across the UW System.
- IAM provides entitlements and user data, i.e., account provisioning and de-provisioning, to HRS via rules or role requests and approvals. IAM also protects access to systems through authorization, authentication and single signon using local campus credentials.
Most of the components are already working in a test environment. The IAM provisioning architecture (the identity component) has two workflows:
- For account creation and user data flows (the red lines on the handout), an HR staff member first creates or updates an employee record. The data then goes into Peoplesoft HRS where it is staged and linked to existing users in the person hub (currently called IAA) and then sent to the Oracle Identity Manager (OIM) via a trusted reconciliation. Every time something changes in the person hub the OIM needs to be kept up to date. Based upon the information it receives, the OIM pushes out updated role and account information for individuals back into Peoplesoft HRS.
- For approval based account provisioning (the black lines on the handout), a faculty/staff person, or their supervisor, logs into the OIM via the Oracle Access Manager (OAM) and requests access to a given HRS role. The affected person is sent an email confirmation of the request. The person who approves the role (the linking between staff members and the appropriate individuals who can approve their roles need to be defined) does so in the OIM. The role changes are pushed into Peoplesoft HRS. A separate security process audits the updates.
These provisioning processes can also work for systems other than HRS.
The access controls for UWS applications, i.e., the replacement for the Authorization Hub, has two data sources, (1) the existing person hub (currently called IAA) and (2) directories at the UWS institutions, for the actual authentication processes. Oracle Virtual Directory (OVD) technology is used to virtualize the IAA data for authentication purposes. Additional sources of person data could be added down the road without putting the data into the person hub. The OVD then becomes the source of data for the Oracle Access Manager which is the hub of policies, rules and access controls to protect applications and resources. The OAM communicates to applications via webgate agents that sit on the servers for the given application.
On the back end there is a federation among the UWS institutions that allows use of local campus credentials. The Oracle Identity Federation (OIF) manager serves as an interface between local campus Shibboleth identity providers (IDPs) and the OAM. This allows for a straightforward join to external providers who use Shibboleth without the need to go through the OAM.
John Krogman noted that the UWS portal is on track for providing employee access to informational functions that used to be handled via email, e.g., pay stubs, newsletters, leave reporting forms and the dual choice enrollment booklet. A few institutions will be asked to test it.
Both the IAM provisioning and access management pieces of this infrastructure should potentially be leveragable by the UWS institutions for local solutions. There is a connector for Active Directory so campuses could pull data from the person hub via provisioning workflows. Although the infrastructure could possibly be used to provide authenticated wireless access for people who travel between UWS campuses, the system is designed for access to web applications, not access to network devices.
The UWS institutions may experience a chicken-egg problem when sending email addresses to the HRS system because email addresses cannot be created without a certain amount of HR data. Perhaps an option can be provided to use the HR system as the primary data provider from central systems of record, which interests a number of the UWS institutions.
Person hub information could also be abstracted via web service calls to the OAM or via LDAP with the OVD or via SQL. All of the Oracle components are licensed for use by all of the UWS institutions for their local infrastructures. Discussions are still underway regarding whether the UWS OAM could also be used to protect local campus applications.
Institutions can set up their local systems as Shibboleth applications via the Shibboleth identity provider rather than going through the OAM. This method can be used to share applications across institutions.
The IAM team is open to hearing additional campus needs and requirements and to consider pilot projects. However, the initial focus is the HRS rollout. Technical staff need to be made aware of the capabilities, perhaps at the next ITMC meeting.
Ken Splittgerber explained that the Student Information System (SIS) Executive Committee has discussed the challenges in explaining the new system-wide enterprise architecture to the Wisconsin Higher Education Peoplesoft Users Group (WHEPSUG) without using terminology that doesn't sound relevant to them. Resolutions of the policy issues and the license agreements need to lead the technical implementations.
David Lois thanked the CIO Council for all of their work in planning for the possible submission of a broadband stimulus proposal focused around community area networks (CANs). WiscNet believes that it succeeded in reminding the community about CANS and GrowSmart as part of the stimulus discussions. It also provided an opportunity to remind constituencies that WiscNet is not an Internet Service Provider (ISP), but a statewide research and education network. Some 460 people came to dozens of regional meetings across the state, many of whom were new to the discussions of CANs and a statewide backbone.
Ultimately, after two months of discussion with the Wisconsin Department of Administration (DOA), the decision was made to not submit a stimulus proposal that was distinct from the state's proposal. Then, for 1.5 months, grant writers worked on a common approach. Despite the productive working relationship between WiscNet and DOA, ultimately state government decided that there should not be a specific WiscNet/UWS component to the proposal.
Ed Meachen explained that the next step is for Andy Richards to schedule a meeting with the Wisconsin Office of Recovery and Reinvestment to discuss future strategy.
John Krogman commended Ron Kraemer's Superhighways of the Future presentation to the Council.
Ruth Ginzberg reported that there is a Microsoft Select agreement in place for the next three years. The old agreement was renewed with a few new provisions, including that student licenses under the Select agreements can be used by parents. The license fees are down from last year. Mary Paulson is again Microsoft's representative for the UWS account.
The Microsoft Campus Agreement is up for negotiation. The priority for the UWS is for legitimate users who are off-campus to remotely connect via terminal server into student labs to virtually occupy vacant lab seats, especially as lab hours are decreasing due to the budget situation. Chip Eckardt has an email request to the CIOs asking for estimates of the number of lab computers at each institution.
Runner Technologies has received the award for address management services (formerly known as address cleansing). Their product has impressive integration with PeopleSoft .
Requests for Proposals (RFPs) have been released for time clocks and foreign national domestic taxation calculation services.
Negotiations are underway with Huron, the HRS implementation partner, regarding their fees.
The AutoDesk contract has been renewed, but the key has changed.
The contract with the Southcentral Library System for delivering library materials between institutions is almost ready for signing.
Several institutions are interested in emergency notification services. UW–Madison is currently doing an RFP and the contact person is Crescent Kringle.
A systemwide procurement for software as a service to administer study abroad programs will be done in the fall. Interested institutions can participate on the RFP evaluation committee.
The UWS Procurement Office is expecting an increase in their staffing level shortly.
The Procurement Office has snippets of appropriate contract language for software as a service procurements. If there is a need to protect personally identifiable information on the outsourced service, it is important that the server/warehouse be physically located in the United States because there are not contracts with each nation.
Ed Meachen provided an update on the HRS Project. The Common System Review Group (CSRG) held a special meeting on August 18th to review the HRS Project Plan, the project budget and the funding model. At the meeting there was a lengthy discussion with good tough questions about the project’s implementation plan and its funding. At the end of the meeting, the CSRG gave unanimous support to move the HRS Project forward.
In response to a question from Chip Eckardt about possible elimination of the interface between SIS and HRS which would create the need for double entry of information, Ken Splittgerber indicated that this issue is being looked at by Cathy Caya. There was also a discussion of the issue of HRS needing an e-mail address but that the credential source is at the local campus. Once the HRS Project receives approval, DoIT at UW–Madison will need to begin to build an operational budget. The HRS Project plan, budget, and funding model will be presented to the Board of Regents at their September meeting.
Lorna Wong reviewed the document “Learn@UW Utility Pandemic Guidance” prepared by the Learn@UW utility to provide guidance during a pandemic. This document was also discussed by the UWS CBOs during their meeting earlier in the day. The paper was prepared by the Learn@UW Utility task force and was reviewed and endorsed by the Learn@UW Steering Committee at the end of July. The focus is to outline the planning required for surge capacity in order to continue instruction during an incident. Currently there are approximately 12,600 activated courses hosted by Learn@UW in a typical semester and to accommodate all courses offered throughout the system, an additional 5,400 new course shells would need to be created. Learn@UW has adequate surge capacity if courses are brought up in a minimal and meaningful way. In addition, other applications, such as social networks, can also be used for instruction. The utility’s recommendations to campuses are included in the document. John Krogman indicated that it is critical to manage expectations and that it takes a lot of preparation to bring up an online course. Ed Meachen recommended that the issues in this document need to go to the provosts at their September meeting. It was agreed that the use of D2L is just one of the options available to faculty.
The CBOs asked about the proposed 2010 D2L conference in Green Bay and what the campus commitments would be. It was suggested that 120 to 150 attendees from Wisconsin would be a realistic number. D2L has not yet decided if they will host the conference in Wisconsin or not.
There was a brief discussion of the Alliance Conference that is being held in San Antonio this year. Each CIO indicated the number of staff from their campus who would be interested in attending, typically between zero and two. Kathy Pletcher noted that given the number of UW PeopleSoft systems, bursars, controllers, HR, IT and student system staff members will also be interested in attending.
Brian Remer reminded the CIOs that the fall 2009 ITMC meeting will be October 26th and 27th at the Heidel House in Green Lake. Although the Council of University of Wisconsin Libraries (CUWL) will wait and meet in the spring, the other groups that may attend include Lab Managers, Security and Identity Management group, and possibly the Educational Media Technology Council (EMTC). The Wisconsin Technical Colleges’ IT staffs will be meeting at the Heidel House at the same time and there will be a joint meeting with ITMC on Tuesday morning. There was a brief discussion of possible topics for the joint meeting, including a speaker of interest to both groups, IT cost savings, and green IT. It was also suggested that perhaps brief campus updates from each UW and Technical College campus would be a way to begin to engage in a discussion. CIOs are encouraged to let Brian Remer know of other topics they recommend, both for the Monday morning general session and the Tuesday morning joint session with the Technical College staff.
There was a very brief discussion of the proposal to charge a Oracle Higher Education User Group (HEUG) membership fee. Ed Meachen noted that the economic downturn had affected the user group’s financial situation and the HEUG was exploring new revenue sources. No decision has been made and it is not clear yet what services and/or registrations might be included with an annual fee.
John Krogman reminded the CIOs that UW–Madison is negotiating an enterprise software license for VMWare and 80% of the UW license needs are on the Madison campus. He has conducted a survey of the UWS institutions to determine which might be interested in using the contract. Any institution whose VMWare license is expiring and wants to purchase off of this contract should contact him.
The next meeting of the CIO Council will be September 17, 2009 in Madison.
Meeting dates, Directory of UW CIOs, Meeting Summaries: