Office of Learning and Information Technology
UWS CIO Council
May 21, 2009
- E-mail and E-mail Management
- IAM Roadmap
- SIS Executive Committee update
- Security Update
- Stimulus Measure for Broadband Networks
- Microsoft Contract
- Service Center/UW System Portal Demo
- HRS update
- 2010 D2L Conference
- Next CIO Meeting
|CIOs and their Representatives||Guests|
Laura Dunek reported that the Records Officer Council has been concerned about the sheer volume of email, Twitter, IM, etc. within the UW System (UWS) institutions. In order to make these transmissions and the resources they consume more manageable, the Public Records Board has given permission to destroy "transitory" email communications and "routine" communications in support of projects six months after the project is completed.
Transitory communications are the types of public records that have short term business value, e.g., "the meeting is in room 206". Routine communications are typically from team members working on a project and show the decision making process.
These permissions are further explained in two webcasts that were developed in conjunction with UW-Extension. Included in the videos are links to the official schedules and narratives on the public records management website.
Jim Lowe would like to know if additional institutions are interested in a contract for the Identity Finder software. Lack of funds is prompting a close look at the tradeoffs between risks and rewards. The UWS Security Group will provide recommendations for mitigating risks where there are gaps.
At the April UWS ITMC meeting, there was a campus security breakout for those working on the PKI project for the Human Resources System (HRS). The group recommended that the creation of a systemwide PKI infrastructure be broken out as a separate project and presented to the Common Systems Review Group (CSRG) for funding. The group also recommended that additional certificates should be purchased to cover systems such as digital signatures and email encryption. Identity proofing would have to be done at the UWS institutions, similar to the way IRS I-9 forms are currently processed. The CSRG proposal will include training for the HR and IT staff at each UWS institution.
Ken Splittgerber reported that the archive of the second meeting of the new Campus Solutions Forum on May 15, 2009 will be made available via webcast. He would appreciate feedback on the scheduling of future forums vis-a-vis the WHEPSUG conference; perhaps November, February and May.
The SIS Executive Committee has five new members and there is a new representative from the UWS Office of Policy Analysis and Research (OPAR). Seven different UWS institutions are directly represented on the committee at the present time.
The committee is looking at each of the interfaces that are supported by the MILER team and guiding their work. The general ledger interface working group has determined that the interface can accommodate use of either cash or accrual systems by the various UWS institutions. The 1098T interface has similar flexibility regardless of whether an institution sends out statements that reflect when tuition is billed or when the bils are satisfied.
The MILER team could use help with respect to the scheduling of the PeopleSoft regulatory updates, which occasionally break interfaces. It would be better for the team if the regulatory updates were coordinated and the interfaces thoroughly tested via scripts at one of the UWS institutions before being applied at multiple institutions.
The UWS OPAR office has accepted ownership for the Central Data Request (CDR) interface and is now working with MILER through the SIS Executive Committee.
Keith Hazelton explained that a decision is needed from the CIO Council regarding the general approach to managing credentials and controlling access to system-wide applications. There are two alternatives:
- Centralized management of credentials in which authentication for system-wide applications would rely on central store of credentials
- Continued local campus management of
credentials in which authentication and authorization would be via a
hybrid of virtual and identity federation technologies
The timeline of the discussion to date has been:
- December CIO Council: Issue raised
- February CIO Council: Further discussion, presentation of possible technology architectures supporting the alternatives
- March: Conference call with campus technical advisory committee members
- April: Security and IAM breakout session at the ITMC meeting
The discussion has surfaced:
- Little or no support from the UWS institutions for centralized credential management
- Concerns over disruptive, costly technology changes
- Concern with risks of provisioning usernames and passwords from the central service to campus systems
- General acceptance (with some reservations) of the hybrid virtual directory and federation alternative
- Insulating the campus infrastructure from most major changes
- Some campuses are already implementing federated identity management
Today’s objectives are to:
- Illustrate possible evolutionary paths from the current infrastructure to a new virtual/federation infrastructure
- Ask the CIO Council to approve moving forward on the virtual/federation path
The current authentication and authorization for system-wide applications goes through an authorization hub (AuthHub) which goes back to the local campuses to vet a person's credentials. If additional personal attributes are needed, those are gathered from the IAA Person Hub.
The steps in migrating to an architecture that incorporates a virtual directory are:
- Put Oracle Virtual Directory between the existing AuthHub and the local campus credential stores making the UWS institutions look like they are all one.
- Replace the AuthHub with the Oracle Access Manager so that authorization policies can be implemented.
An alternative architecture would be to disconnect the system-wide applications from the IAA Person Hub and connect them to the Oracle Virtual Directory
Layering on support for federated identity and access management could be accomplished by connecting the infrastructures of external federated service providers to the Oracle Access Manager. UWS institutions that have their own federated identity infrastructure could also get connected directly to the external federated service providers, probably as members of InCommon. If every UWS institution had its own federated identity infrastructure, all could get connected to external federated services providers as well as federated system-wide applications. This would provide a single mode of access to all external and system-wide applications. However, it leaves open the question of how applications would gain access to person identity attributes that are not typically stored at the UWS institutions.
The CIO Council voted for the hybrid approach that uses virtual and identity federation technologies. There will be regular IAM Roadmap updates at future CIO meetings.
Ed Meachen and Dave Lois explained that considerable work has been done on a broadband stimulus proposal with a coalition of potential providers and community leaders state-wide. Meanwhile, the BadgerNet Converged Network is also working on a proposal.
Currently, libraries, communities, university research and health care are all underserved. The vision, known as is Go-Gig, strives to think big and think differently in terms of:
- dark fiber assets, which would be
- held by the public sector
- made available to the private sector for telecommunications and entrepreneurs
- community area networks, which would include:
- community anchor institutions, which are typically already WiscNet members
- dark fiber assets to large institutions
- EBS spectrum (ITFS) signals carrying high speed Wi-Max
- public spectrum for educational purposes
- private spectrum for services and entrepreneurs
- a model of effective public sector management, such as WiscNet
Building a dark fiber network according to such a model would provide jobs and economic development across the entire state. Once the technology is in place, the stage is set for long term entrepreneurship within Wisconsin. The NTIA is looking for proof-of-concept test beds; not trying to blanket the entire populace with broadband.
Conversations are underway with:
- UW Colleges
- UW Extension
- Rural health care associations
- UW System
- WiscNet and its 400 members
- Nascent community area networks across the state
- Cable contractors
- State agencies
A grant writer has been engaged. The grantee is being determined. The www.recovery.gov website has metrics for broadband success which include:
- job creation over time
- expansion of broadband access
- stimulation of private sector investments
- access to strategic institutions
- encouragement of broadband demand
Lorie Docken reminded the Council that the UWS is using Hyperion v 8.5 which is no longer supported. The question is whether to stay with this version or to move to v 9. There are current performance issues on v 8.5 that tuning has not improved. UWS Hyperion users are not happy with the small font used in PDF reports.
A UWS business intelligence (BI) requirements process is underway, but any solution is a couple years out.
If the UWS stays with v 8.5, additional consulting resources will be needed to help stabilize it. Version 9 is slated to be supported through July 2013. Version 9 would also provide a smoother transition of the reporting base to a future BI solution.
The Oracle "enablement fee" to move to v 9 is being negotiated with the the participation and advice of the CIO Council. This fee would be on top of the current maintenance fees.
Additional costs to move to v 9 include:
- Hardware and staff upgrades to the FASTAR platform
- Consulting assistance to expedite the upgrade, tune the performance of the application/environment, and redo user management/authentication
Impacts on the administration of the Hyperion include:
- Additional shared services
- Services administered separately
- Separate service controls, groups and users
- Delegation of administration in shared services
- Delegation of rights is completely different in shared services
- Multiple application instances of Interactive Reporting under shared services
- Sharing content across application services probably not possible
- Central administration still has the ability to manage all objects
- Authentication system needs to be re-written
The impacts on End Users, which would result in indirect costs to the UWS institutions would include:
- Query users will need some training/familiarization with new Hyperion Foundation
- Campus administrators will need training, particularly in user/group/privilege provisioning
- End users will need to participate in testing, debugging
- Publishers (authors) of Hyperion documents will need to alter and republish most documents after they have been migrated to the new version.
Impacts on UWS institutions, as reported by the Business Intelligence Core Team discussion on May 12, 2009 include:
- Bqy (stet) document migration
- Reports developed in v 5 or v 6 and migrated to v 8 are likely to have problems with scripting
- No likely problems with reports developed in v 8
- Advice from UC Berkeley is to conduct an inventory of documents and determine how many were developed in a version prior to v 8 and how many in v 8
The CIO Council came to a consensus on the contract terms they'd like to see. If the negotiations are successful, the next steps are to present a recommendation to the CSRG on May 28 for:
- contingency funding to cover:
- the enablement fee
- consulting to support the migration
- FASTAR platform & staffing costs
- additional maintenance for migration would be calculated into campus maintenance chargeback schedule
Ruth Ginzberg reported that HRS Requests for Proposals (RFPs) have been released for:
- address management
- foreign national taxation
The South Central Library Service delivery contract negotiation is also underway.
D2L contract renewal negotiations are almost complete.
Responses to a Midwest Higher Education Consortium (MHEC) RFP for desktop, laptop and server hardware is likely to be extremely competitive.
Procurements for Studio Abroad (study abroad management) and Maxient (student judicial system) at certain UWS institutions have generated a lot of discussion. Some UWS institutions have signed software as a service (SaaS) contracts for one or the other of these products without working in a system-wide fashion to leverage costs. When people other than CIOs procure software there is often a lack of awareness of FERPA, privacy, data recovery and business continuity issues. Ruth Ginzberg recommends that the UWS institutions set policies regarding the procurement of software as a service.
Vendors often tell campus offices that they don't need to involve campus IT in running these types of systems. As a result, such systems are not integrated into campus identity services and there is no guarantee that that data is being entered for the appropriate individuals.
Bruce Maas reported that UWM went through a full requirements process for the procurement of Maxient. UWM's Legal Affairs office is currently looking at the contract language.
The Council discussed the difficulty in having everyone on a campus understand the need to coordinate technology purchases through their CIO.
Elena Pokot recommended investigating a per user license for anti plagiarism software that could integrate with D2L.
Ruth Ginzberg appreciates campus assistance with system-wide procurements, however no one at any UWS institution has the authority to sign a document that obligates another campus. If a "system-wide" procurement is conducted by a UWS institution, it will have to be signed by UWS Procurement, which may take a long time because UWS Procurement wasn't in the loop. Involving UWS Procurement up front will make the purchase go more quickly at the time of signing.
John Krogman would like comments on a system-wide survey he has developed to asses interest in a VMware contract.
John Krogman reported that the Microsoft settlement negotiations are being handled by UW System Legal Counsel and UWS Procurement. A policy for how credits would be distributed within the UWS is also being determined. Negotiations for the next Microsoft contract are scheduled for early June
Jim Helwig demonstrated a proof of concept website which any UWS employee could log into via the AuthHub and to a portal that provides them with earning statements, W-2 statements, leave statements, benefits statements and ETF statements. UWM is already running a similar-looking service through its portal, but would be happy to turn the function back to a systemwide service.
The tentative plan is to do a soft rollout of such a service in the fall for feedback from the HR and IT staffs at the UWS institutions.
The Council expressed the desire to have newsletters and other system-wide emailings also put into the portal.
Lorie Docken reported that last week the site leaders from each UWS institution met with the HRS team leaders of:
- change management
- business processes and applications
- technical aspects
Of particular interest to the attendees was a breakout session that mapped out a timeline of all of the tasks, testing and training activities that will take place over the next couple years.
Brad Krause, the change management lead, has put together a list of the HRS team structures and who from each UWS institution is engaged.
Kathy Pletcher explained that the project is trying to sponsor purposeful engagement activities for stakeholders without overwhelming them or providing information too far in advance of its practical use.
Kathy Pletcher reported that planning has begun with the D2L corporation about the possibility of hosting the 2010 annual conference in Wisconsin. Space is not available in Madison or Milwaukee. Green Bay is still being considered as a possible venue.
The next meeting of the CIO Council will be June 18, 2009 in Madison.
Meeting dates, Directory of UW CIOs, Meeting Summaries: