Office of Learning and Information Technology
UW System CIO Council
Thursday, October 21, 2010
HEUG/Alliance Attendance Numbers
Endpoint Security – Common Tools vs. Common Rules
SIS Executive Committee Update
HRS Endpoint Security Inventory Update
IAM, Shibboleth & Learn@UW
Campus Back-up Data Centers
Broadband Grant Update
Wisconsin Cyberinfrastructure Day
|CIOs and their Representatives||Guests|
Ed Meachen announced the hiring of Felice Maciejewski as a library consultant working out of his office. In addition to her library background, she has experience as interim CIO at St. Norbert College.
Ed Meachen reported the tally of desired attendees from the UW System (UWS) institutions at the HEUG/Alliance conference.
Ed Meachen reported that the IT security and privacy committee has discussed the challenges of governing systemwide security initiatives. The volunteer committee is still in the process of defining goals and the mechanisms for their implementation. There is no obvious authority for systemwide IT security policies because the traditional approach has rested upon having policies at each institution. If every UWS institution chooses to use different security tools, there needs to be overarching policy mechanisms for defining and ensuring systemwide compliance.
Meanwhile, the ad hoc security breakout group that gathers at the semi-annual UWS IT Management Council (ITMC) meetings has been getting more organized and created a draft charter. However, they are not a policy group. Steve Reed noted the valuable role played by the the ITMC group in getting policies implemented at the institutions.
Jim Lowe reported that some background survey work has already been completed in terms of institutional cultures, practices and risk tolerances. Several council members recommended the establishment of systemwide goals and methods for tracking institutional compliance because it is the institutional executives who are ultimately responsible for the risks. One approach would be to start with a discussion of the critical data elements that need protecting and the mechanisms for doing so. An ad hoc group will meet at next week's ITMC conference.
Ken Splittgerber reported that the Student Information System (SIS) Executive Committee has three new members:
- Steve Hahn from the UW–Madison Graduate School and the HEUG Board
- Mick Viney from Student Affairs at UW–Platteville
- Scott Menke, the controller at UW–Parkside
The people on the list of institutional SIS contacts that was created after the last CIO Council meeting will be invited to attend a meeting with the executive committee in the spring followed by more frequent communications.
During an informal meeting at the WHEPSUG conference, it was reported that beta testing of data conversions at UW–Milwaukee, UW–Parkside and UW–Whitewater for the IRS 1098T interface has generated errors that have not been widely communicated. Consequently, the beta data conversion code is now open for all UWS institutions for test and subsequent contribution of corrections. As of yesterday, many UWS institutions reported that they are still expecting to use the legacy MILER interface which is no longer supported. The council agreed that frank discussions need to be held at the UWS institutions to accomplish the necessary data conversions in the November timeframe. UW–Green Bay has already converted their data tables and successfully run the delivered PeopleSoft-supplied product for two years.
Chip Eckardt reported that Board of Regents has asked for semesterly institutional reports on student financial aid and each UWS institutions is responding to the request in its own fashion. He suggested that the reporting be done centrally through the Central Data Request (CDR) process. Within the next month, the group that is in the process of redefining the CDR will look at the principles outlined in the annual budget narrative and define requirements in terms designed to garner financial support from the Common Systems Review Group (CSRG).
One SIS Executive Team member is advocating for allocating funding to the remaining five UWS institutions that still need to convert to the general ledger interface. The executive committee would also like to have a contingency fund to help direct the priorities of MILER. There is a common contingency fund for all CSRG projects that could perhaps be used for this purpose.
Lorna Wong, Lorie Docken, Ed Meachen and others met with the ORACLE programming team and its sponsors as well as the D2L programming team and its sponsors regarding the Student Administration Integration Pack (SAIP) pilot project which has been slow to get underway. A new action plan with deliverables was outlined for providing class rosters and e-grading through SAIP by June 1, 2011. A pilot project at UWS institutions will be started in the summer for the fall 2011 term. There is also interest in these capabilities from non-UWS institutions.
Elise Barho provided the council with the slides that were shown to the HRS Executive Committee last week.
The overall HRS Project Phases are:
Currently the project is about 1/3 of the way through the testing phase. Meanwhile data collection, data conversion, security, and training activities are also underway.
The scope of the testing includes system, integration (with converted data), performance, parallel and user acceptance testing phases. Data conversion has been successful. Performance testing will simulate interacting with large volumes of data from some of the UWS institutions over the network which is not expected to be problematic. The larger challenge will likely be the amount of overnight batch jobs that need to be tested. Parallel testing will be a penny-to-penny reconciliation for some 2,000 employees. User acceptance testing will happen at the UWS institutions to build user confidence in how the system works.
Exit criteria were defined before each phase of testing. In September, all exit criteria were met for system testing, but the staff had their standards set even higher for specific processes like furloughs and FICA. Therefore, system testing was extended for a week to further consider those issues, which overlapped with integration testing. There will be a hard stop in the efforts right before the holiday break and the subsequent preparations for cutover.
The third round of the mock conversion effort was completed on September 24 and the data used for subsequent integration testing. Details for each UWS institution can be found on the project intranet site. All of the goals for round three were met and the UWS institutions are doing well with regard to the data collection and cleanup. The data cleanup effort has had a few ups and downs over the last couple months because some UWS institutions haven't distinguished clearly between organizational departments and funding departments in their coding.
The project is creating two sources for generating reports:
- HCM (Human Capital Management) is the live production system that contains transactional data. HCM is the data source for reports delivered with the PeopleSoft system.
- The EPM (Enterprise Performance Management) Data Warehouse will extract data from HCM on a nightly basis. EPM will be the source for most custom reporting needs, since most reports do not require "up to the minute" data.
The EPM Data Warehouse will simplify the difficult tasks of finding, consolidating, and preparing information for distribution. It will serve not only as a platform for basic queries and reports, but also as a data feed for supplemental systems. Access to EPM is provided through EPM data views. For the initial release, the HRS Data Warehouse team is developing between 60-70 data views that will simplify ability to access HRS data. The data views offer a number of advantages over querying the database table structures directly because EPM (and HCM) contain complex relational database structures. The EPM data views also perform complex joins and supply code/description data pairs from lookup tables. EPM data views will be available for HRS "current data" as well as "historical data" There are separate EPM data views for secure vs. non-secure data.
The EPM Data Dictionary details the EPM data views and the data that they contain. Although developing the Data Dictionary was a bit of a struggle, it will be invaluable for understanding the data views and how to utilize them in queries and reports. There is an entire data dictionary section on the project intranet.
In November, there will be road shows designed to get the HRS project team in front of institutional staff to demonstrate the modifications made to the system and to communicate critical information in preparation for implementation. The road shows will be held November 9-10 at UW–Oshkosh and November 16-17 at UW–Eau Claire. Additional sessions will likely be scheduled during February. At the road shows, people will learn that requests for data from HRS will be reviewed by the HRS data governance group. If the requested data is intended for an institutional supplemental system, there must be a justification of why that system needs to remain in place after HRS go-live.
Project concerns at the level of the steering and executive committees include:
- Retention of key staff members who are uncertain about their future roles after go-live
- Re-staffing to meet deliverables in the wake of staff attrition
Ed Meachen reported that there was a good discussion about the project at the Board of Regents meeting this month. The next report to the board is due in December.
John Kotolski distributed a draft spreadsheet containing the results of the HRS endpoint security survey that provided an environmental scan of institutional capabilities for setting minimum standards. It details which institutions have controls and policies for different endpoint levels of assurance (LOA). The status levels are
- purchased but not necessarily rolled out
- available but not necessarily rolled out
- implemented across the institution
An effort will begin tomorrow to identify the current minimums for LOA-1. Short and long-term goals for higher levels of assurance for certain types of data also need to be identified.
Ed Meachen reported that the UWS institutions were asked to recommend products to support high definition (HD) videoconferencing for the chancellors. Meanwhile, the ICS organization at UW Extension has worked on specifying a multipoint control unit (MCU) and back-office equipment. There has been testing of HD interconnectivity between the products of different vendors. A basic set of requirements for administrative conference rooms have been determined and it is up to each institution to provision its own HD equipment. In Madison, there will be HD conference rooms at both Van Hise Hall and 780 Regent Street.
Chris Holsman discussed the system logical architecture for access to web applications. The authorization hub will be decommissioned on December 2011. The hub is currently used by about three dozen applications including the Shared Financial System (SFS) and Learn@UW. All of the necessary components for future authentication processes are already in production and used today by those who log in to the UWS portal for payroll and benefits information. There will be two authentication processes going forward. For certain systems, especially those based upon PeopleSoft products, there will be a webgate process in which login messages are sent to the local institutional infrastructures for real time credential verification and authentication. A second, lighter weight method using the Shibboleth federation technology based upon SAML will be used for other systems.
Counts of the number of missing employee email addresses, including student employees, for each UWS institution were distributed. Every employee needs to have a credential to access the UWS portal. MILER is engaged with helping technical staff at the institutions investigate the missing data. In some cases, a student employee may have an employment credential in addition to their student credential. If credentials are not available for a student, they will not be able to log in to Learn@UW.
Council members expressed concern that in the future students who use multiple computers to connect to Learn@UW will have to go through a two-step process. The first step will be to answer a "where are you from" (WAYF) query before entering personal credentials at the start of each session. There are currently no plans for an automated mechanism that would identify where students are coming from.
Jeanne Blochwitz reported that all students and faculty are currently using the authorization hub to connect to Learn@UW. UW-Green Bay and UW–Whitewater will be migrated to Shibboleth federation as soon as possible. As institutions move to federation, their Learn@UW login screens will need be modified. In the current login scheme, if someone's credentials are not found in the authorization hub they are automatically checked against IDs that are created within D2L. This is not possible to to do with federation, so the login screens will need to provide places to enter two separate sets of depending upon whether they are part of the Wisconsin federation or the local D2L database.
A Service Level Agreement will be developed for the infrastructure that will encompass the UW–Madison DoIT operations team as well as each UWS institution.
Kate Sullivan and Greg Wanat from the UWS Administration Capital Planning and Budget Office reported that as the UWS institutions upgrade their aging data centers there are also looking to establish space for file backups and disaster recovery. Meanwhile, major master planning efforts are going on at several UWS institutions so now is a good time to look at these issues. One question for discussion is whether each campus should have its own backup center or if those capabilities could be shared among institutions. The council members discussed the state of their data centers as well as new and upcoming renovation projects.
Capital projects are proposed from within the UWS institutions and the process presumes that local campus administration and facilities staff are involved in setting their own priorities. Fiber connections between campus buildings are funded out of All Agency Maintenance funds. If the UWS institutions need to procure additional strands of single mode fiber, those requests need to be prioritized within their overall maintenance needs. The council would like to see a segretaged fund for fiber and other infrastructure components. It is not widely known that the systemwide Classroom/IT funds can be used to upgrade wiring closets. Institutions that would like to go this route should consider making proposals that encompass a number of closets.
Concerns were expressed regarding the quality of the work done by some contractors on campus wiring projects due to the lack of staff to oversee and review the work. Kate Sullivan suggested that it may be possible to request supplementary construction observation for a given project.
Ruth Ginzberg will give a procurement update at the ITMC conference next week.
Ed Meachen reported that the environmental assessment for the stimulus fund broadband project is getting underway and the project team is on the verge of hiring key individuals. Four community area networks (CANS) and five sustainability projects are underway along with the establishing of middle-mile connectivity. David Lois explained that some of the fiber will be held by a private vendor and resold to the private sector. The Wisconsin Department of Transportation has been an excellent partner and will accrue 12 strands. More strands will also be available for public sector purposes. UW System lawyers will help the community area networks determine the legal entities that will manage the strands they receive. A kickoff meeting for the CANS will be held next week in Eau Claire.
David Stack reported that the Wisconsin Cyberinfrastructure Day will be November 5, 2010 and have an in-person venue at UW–Milwaukee, videostreaming of selected sessions and dedicated receive sites at UW–Eau Claire, UW–La Crosse and UW–Madison. Information and registration are available at wisconsin.cidays.org.
The November CIO Council meeting will have a lunch and an afternoon meeting at Lowell Hall at UW–Madison on Wednesday, Nov. 17th.
Meeting dates, the directory of the UWS CIOs and meeting summaries are available at www.uwsa.edu/olit/cio.