Office of Learning and Information Technology
UWS CIO Council, 12/11/2008
University of Wisconsin CIO Council
December 11, 2008
- Campus IT Plans Update
- UW Budget
- Security Controls for Endpoint Computers
- Common Systems Review Group Update
- IAM Update
- Address Cleansing: National Change of Address NCOA/SSPAR
- Procurement Update
- D2L and ePortfolio Update
- SIS Executive Committee Update
- HRS Project Update
- Employee Information Distribution
- Fall ITMC Meeting
- Next CIO Council Meeting
CIOs and their Representatives
Ed Meachen welcomed Steve Reed, the new CIO of UW–River Falls
Ed Meachen reported that about half of the UW System (UWS) institutions have turned in their IT plan templates to the Office of Learning and Information Technology (OLIT). The statute says that the plan templates must be submitted to the Board of Regents. The regents are not required to formally accept the submissions, but they have until June to get back to individual campuses with questions. Kathy Pletcher clarified that these templates are high-level outlines of the institutional IT plans, not the actual IT plans. It is acceptable to submit IT plans in addition to the templates. The templates are due to the OLIT office in early January.
The UW System can expect budget slowdowns and rescissions over the next two years. The second year may be more challenging than the first. In addition to local budget challenges at the UWS institutions, UW System Administration's (UWSA) funding for Common Systems may be impacted. However, the Common Systems payback model has already been spread out over a multiple years. Various UWS institutions have been modeling cuts of up to 8%. Other institutions are waiting to see what happens. The council recommends that cuts be publicly acknowledged so that stakeholders don't get the misconception that there are surplus funds available. Revenue options, such as new fees and chargebacks, are being considered at some institutions. Outsourcing of student email is also being considered by some as a way to reduce costs. The budget situation is driving centralization and/or reductions in the number of distributed services to reduce duplication, but that can be a hard sell to academic departments. Some institutions have hiring reviews, slowdowns or freezes, but others are not holding back on IT hiring for the time being. John Krogman suggested that the UWS institutions consider examining the number of courses they are offering that enroll less than 20 students.
Jim Lowe proposes the creation of a system-wide process sponsored by the CIO Council to look at endpoint security controls for desktop computers. Anti-virus software prices are increasing and encryption products are expensive when purchased on a campuswide basis. A system-wide approach for a comprehensive suite of endpoint security products might make more sense than each institution pursuing its own best of breed approach. Policies alone do not prevent people from receiving confidential information from others on their computers and handheld devices - which are often purchased with personal funds - so technical controls are needed where possible.
The first draft of a proposal for creating a system-wide group to identify different models and costs was distributed. Ed Meachen recommended that the group develop parameters for a request for information (RFI). Even if nothing is ultimately purchased, there would be value in inventorying what products all of the UWS institutions are using and learning what is available in the market. An initial meeting for representatives from each UWS institution is scheduled for February 10, 2009 in Madison. Nancy Crabb forwarded the names that are on the UW Security email list to the CIO Council for review.
Ed Meachen reported that the all day Common Systems Review Group (CSRG) meeting at the Fluno Center included a good discussion with Don Norris of Strategic Initiatives that was aimed at updating the Common Systems Roadmap based upon the events of the last 12 to 18 months. The Roadmap will be part of the IT Planning report submitted to the Board of Regents. The meeting verified that the UWS is going in the right direction with regard to Common Systems funding and has a reasonable model for smoothing the path through budgetary ups and downs. The executive administrations of the UWS institutions appear to understand the Commons Systems budget well. The budgets of the various Common System projects will be closely scrutinized this year.
Chris Holsman and Keith Hazelton presented an update of the status and the first decision point for the Identity and Access Management (IAM) project. Phase 1 of the implementation was begun in early December using the Shared Financial System (SFS) as the initial candidate application. After two weeks of requirements gathering, the project is in the midst of two weeks of designing for the use of Oracle Identity Manager. The goals of the 12-week project are to implement some of the IAM infrastructure and produce a demonstration prototype of a portion of the SFS business processes. The major staffing impacts will be on the DoIT security and middleware teams, not the SFS functional staff.
The IAM project presents opportunities for business process changes based upon stakeholder input. The IAM steering committee has recommended bringing choice points to the CIO Council as they surface. Some choices will call for investments of resources by the UWS institutions. The first choice point is the methodology for assigning login identifiers in a multi-campus system. The basic choices are to stick with the status quo of campuses assigning their own identifiers, or to assign system-wide identifiers. Currently, the authorization hub allows people to use their local campus credentials to gain access to the major system-wide resources, but not the legacy payroll system.
Use of a system-wide identifier would ensure that no two individuals would have the same login identifier. The credentials would be provisioned back to the campuses for use in their local systems.
The pros for a system-wide credential management system are:
- it would be as easy to roll out a new IT system to the entire UW System as to a single campus
- students, faculty and staff could access resources across institutional boundaries
- the stage would be set for a possible replacement of the authorization hub (AuthHub) with a simpler service, i.e., people would not have to specify which campus they were from during the authentication process
- after the migration, additional resources would be freed up at the UWS institutions
- possible future enhancements would include:
- more efficient provisioning
- the possibility of two-factor authentication where needed, e.g., SFS and HRS
- potential federation between institutions for easy access to library and other licensed resources
- improved auditability
The cons are:
- local resource impacts during the migration phase would include:
- institutional participation in system level planning
- coordinated system and campus infrastructure deployments
- some existing identifiers would have to be changed, e.g., if there was a jsmith at more than one UWS institution at least one of them would have to change their identifier
A central system would delegate much of the policy and control of the credentialing process to the UWS institutions. Each UWS institution would still have a local store of their local credentials. Members of the CIO Council expressed their concerns regarding:
- the disabling of the password change capability on local Windows computers
- potential delays in account provisioning, which now takes less than a minute. Some UWS institutions currently feed their Active Directories from their PeopleSoft systems. There is an Oracle product that can feed Active Directories from a central store, but not necessarily the other way around.
- extensive rewriting of local code for account provisioning
- changing the format of IDs at most, if not all, the UWS institutions
- resetting forgotten passwords at centrally instead of locally
- reaching system-wide agreement regarding when credentials are provisioned, e.g., at application versus at matriculation, and for how long they are kept.
- achieving system-wide agreement and definition for the various roles are, e.g., applicant versus student
- individuals having different roles at different UWS institutions, e.g., employee at one institution versus student at another
- propagating name changes across roles and institutions
- the migration could take considerable time and local staff resources and thus delay both local and UWS system deployments
- development of a mechanism to handle temporary campus guests.
The council agreed that a single credential could potentially simplify matters for students who take courses at multiple campuses. Jack Duwe suggested that a new system-wide ID could be rolled out over time on a system by system basis. However, there would be difficulties when passwords were changed in some systems but didn't propagate through to the others.
If was suggested that if the entire firstname.lastname@example.org strings were the system-wide identifier, there would be no need to change the identifier of any current user.
David Lois reported that WiscNet is paying attention to the discussions on the EDUCAUSE STATENETS list regarding the creation of statewide IDs instead of university system IDs. The higher ed institutions in some states that don’t have a strong university system are considering this approach.
The timeframe of the IAM infrastructure implementation to replace the current AuthHub is on the order of nine months. Smart design decisions need to be made now to avoid extensive rework down the road. An initial draft of requirements, pros, cons and policies will be sent to the UWS institutions. The institutions will then have until the February 19, 2009 CIO Council meeting to add to the lists and make estimates of the amount of local work required . The goal is to make a decision by the March 19, 2009 CIO Council meeting. Steve Reed explained that the majority of the work would be done locally, but the benefits would be system-wide in enhanced collaboration. Elena Pokot noted that local institutional buy-in would have to go well beyond the IT division.
Brian Busby explained that the SSPAR is a national change of address service that reconciles and corrects addresses. It is run by the MILER team as an add-on to the FirstLogic address cleansing in PeopleSoft. The US Postal Service has strict requirements regarding the sending of bulk mail. Five UWS institutions use SSPAR for their bulk mailings, and a couple more may be interested. In the last year, it has been used for cleaning up 3,000 lists.
The SSPAR license is being fully funded by UWSA. It is a UWS production system, but with very limited support resources. MILER is a development group, not an operations group, and there are vendors who handle the outsourcing of bulk mail address cleansing. The council is comfortable with shutting down the SSPAR service at the end of the fiscal year. Brian Busby will send out information regarding alternative services that the institutions can procure.
Ruth Ginzberg reported that David Dumke has contacted ImageNow and is working on a 10% additional discount on top of the UW–Madison contract for volume purchases of more than 50 seats. Licenses can be aggregated across UWS institutions. Once the total number of additional seats across all the UWS institutions is ascertained, she will place the order.
The Department of Administration (DOA) approved the new D2L contract but it has been subsequently stalled while a very old Request for Purchasing Authority letter is being located.
The long term HRS PeopleSoft implementation contract is in the works. Meanwhile, five weeks of temporary contracts are being used.
A bid has gone out for an Academic ADL Co-Lab project to engage developers to work with the Florida Virtual School to create educational game software.
Computer support vendor MPC is still in chapter 11. UW–Platteville has recently received back a couple items that were out for repair.
Ruth Ginzberg has been named to the Midwest Higher Education Consortium’s MechTech committee that is working on bids for contracts that cover 12 states and thousands of participating institutions.
UW–Platteville has hired a consultant off of the statewide PeopleSoft contract. The three finalists all looked good. In the current economy, high quality consulting resources are more readily available.
Some Oracle price holds are expiring in February and negotiations are underway.
Lorna Wong reported that D2L performance has gone well this semester. There was one outage due to a problem at one of the UWS institution authentication services that caused the AuthHub to drag down D2L.
Downtimes have been scheduled for upgrading to version 8.3.1 during the first two weeks in January. The local site administrators are aware. The upgrade is mainly for bug fixes and a few new tools, including an attendance module.
Oracle has a new series of SAIP interfaces that link the Student Information System with course management systems. Today, MILER maintains nightly course and roster mappings from PeopleSoft and the e-grading process. Because these interfaces are costly to maintain, the MILER group and Learn@UW are investigating SAIP. A proposal to the CSRG to fund an investigation is being prepared.
A Shibboleth solution has been implemented at UW–Madison that allows single signon to D2L via the Madison portal. UWM is investigating a similar solution. Such solutions would enable campuses to get away from using the temporary solution via the AuthHub.
The D2L eportfolio pilot project will begin on January 20, 2009 and be hosted on the Learn@UW production environment. It will be integrated with the course management system so student work can be easily moved into eportfolios. The D2L competence and rubric features will be turned on at the same time. Any UWS institution can participate during the first year for a one-time cost. In the second year, there will be per user license costs.
Ken Splittgerber reported that the Student Information System (SIS) Executive Committee has had five meetings since July, during which the committee:
- came together, reviewed a draft charter and decided to work on a vision statement
- organized a visioning session and contracted a facilitator
- held a visioning session that generated tasks including the development of a communication plan, a budget and the selection of the right things to do
- developed a vision statement to maximize individual campus flexibility while reducing system wide implementation variance. Various groups subsequently provided input on the statement. In general, technical groups wanted to reduce implementation variance while functional staff wanted to maximize the individual campus flexibility.
- addressed and resolved the points of conflict in the draft charter. The committee will communicate, not oversee, major business process changes that have a system-wide impact related to the Oracle/PeopleSoft implementation. The vision and mission statements were also finalized.
Ed Meachen reported that prior and during the current budget difficulties, all of the chancellors expressed support for the HRS project. If the project were delayed, the result would be high risks and no cost savings. The HRS project will have the benefits of risk avoidance, a new value proposition and a return on investment. Many of the staff who have the skills to work on the legacy payroll system are either near retirement or are returning annuitants. Discussions of assessment measures are taking place before the HRS project plans are composed and presented to the Board of Regents. There are already hundreds of shadow systems running across the UWS institutions that pertain to HR, payroll and benefits. If the project is delayed, that number will grow as the UWS institutions purchase additional software to meet their interim needs. Elise Barho has begun documenting the value proposition of the HRS project.
Lorie Docken reported that the HRS Steering Committee met last week. Given the complex nature of the HRS Project, it is taking time to negotiate a final contract with Huron Consulting Group. UW System Procurement Office has negotiated a short term, five week contract to get Huron staff on site. The Huron company has been engaged and is reviewing the work done to date in the fit-gap sessions and examination of business processes. Key milestones for finalizing the implementation budget and project plan have been scheduled through the end of January 2009. The plan will be vetted with numerous governance groups. Meanwhile, the project team has been conducting inventories of technical and business process flows.
A joint project management group will be created to look at touch points with other projects, including:
- budget system
- legacy systems
- Infrastructure Systems
Monthly meetings will be held with the managers of these other projects. The HRS Steering Committee will sponsor the management group. Ron Kraemer noted that significant costs will be incurred in interfacing HRS with the other systems, especially SFS. The HRS finance team is engaged in planning with the SFS team.
Andy Taylor explained that the HRS team is also working on documenting the costs of the current environment, including all the shadow systems at the UWS institutions. The effort is based upon responses to a questionnaire that was circulated in May. Analysis of the survey results revealed that perhaps half of the supplemental shadow systems could be absorbed within the HRS system. Costs were assigned to each of the supplemental spreadsheets, simple databases, relational databases and web-based systems to come up with estimated costs for the shadow systems at each institution. Given the difficulty of accurately surveying the institutions, the costs are most likely underestimated. Combining these data with the annual costs of the legacy system and the Kronos system gives a conservative estimate for running the current environment. This figure can feed into ROI calculations.
Jack Duwe reported that DoIT has put together an estimate for an instance of uportal that UWS Human Resources could use to distribute personally targeted information to UWS employees as well as newsletters and other system-wide information broadcasts. The PeopleSoft self-service module could either be inserted into an existing campus portal or at a standalone URL . Presumably the costs would be absorbed into the UW Service Center's budget and funded by a reduction in postage costs.
The proposed dates for Fall 2009 ITMC meeting dates are Monday and Tuesday, October 26th and 27th.
The next meeting of the UWS CIO Council will be Thursday, January 15, 2009.