agenda it professionals committee · the peoplesoft security redesign project is a long term...
TRANSCRIPT
AGENDA IT Professionals Committee
January 18, 2017 (11:00AM-12:00PM) Technology Commons 1, Room 102B/C
Approval of December 14, 2016 Minutes (All) CIO Update (Joel Hartman) Transition Team (Joe Alcala) ServiceNow (Joe Alcala) Information Security Office (Chris Vakhordjian) Project Intake (Kris Benoit) Multimedia Support (Todd McMahon) Infrastructure Services (Bob Mello) Classroom and Lab Standards (Larry Jaffe) Application Delivery (Craig Froehlich) Project Wahoo (Chad Macuszonok) UCF IT Committee List (Larry Jaffe) Goals and Strategy for UCF Cloud Services (Jonathan White) The IT Professional Committee meeting schedule and location is posted on the IT&R IT2020 website. Everyone is welcome to attend and listen to the meeting.
IT Professionals Committee
Minutes
January 18, 2017
Committee Members Present:
Joe Alcala, Craig Anderson, Kris Benoit, Richard Caldwell, Michael Callahan, Craig Froehlich, Adiaak Gavarrete,
Bryce Jackson, Larry Jaffe, Chad Macuszonok, Bob Mello, Aaron Misiano, Tim Neubrander
Committee Members Absent:
Andrew Holloway, Andrew O’Mara, JP Peters
Others Present:
Adam Glover, Brian Graham, Joel Hartman, Todd McMahon, Joanna Rodgers, Brian Strickland, Chris Vakhordjian,
Jonathan White, Bob Yanckello
MINUTES
Larry Jaffe called the meeting to order at 11:02AM.
Larry asked everyone to review the minutes from the previous meeting.
Richard Caldwell voted to approve the minutes, Joe Alcala seconded.
Everyone agreed on approval of the minutes without any changes.
Joe Alcala gave an update on the Transition Team and ServiceNow
Cohort 2 is forming now and we are looking to kick that off in February.
The team met with the senior managers from CS&T and UCF IT to talk about the Mercer contract and
over the next two weeks we will be getting everything in place and preparing for the Mercer review.
The phase three migration of ServiceNow is currently forming and includes the rest of Cohort 1 coming
into ServiceNow.
Asset management is moving forward and we are primarily focused on desirables under $5,000.
The ServiceNow team is working on various integration points. Pinnacle is going to be moving forward
for the TRF form. We are also expanding our PeopleSoft integration.
We are looking to migrate the SLA process out of SharePoint and into ServiceNow.
Chris Vakhordjian gave an update on the Information Security Office.
Over the past weekend there have been phishing campaigns which we are investigating.
We are investigating some issues with our Shibboleth upgrade and diagnosing the problem.
The PeopleSoft security redesign project is a long term project. We are re‐architecting the security
model in PeopleSoft which will be based off of job function and role based security. This model will
hopefully prepare us to push the model down to Active Directory later on.
We are starting the process of implementing multifactor authentication.
The application firewall is an application that sits on top of PeopleSoft which allows you to have some
controls on PeopleSoft. We are hoping to implement these changes in the Fall of 2017.
Kris Benoit gave an update on the Project Intake process.
I had the opportunity to present to the application delivery leadership group and start to familiarize
them with the framework of this process and get awareness out there.
I have started to get together some folks to work as a team to start to work out the details of the
framework. For example, what do we use for the IT project review step and what will it look like from all
of the different types of projects that will go through the process?
We have our first meeting on January 27th to start to bring more detail and structure into the process.
Todd McMahon gave an update on Multimedia Support.
We have had a very smooth start to the semester. We have increased our number of work study
students to help accommodate for the increased number of rooms we are now supporting.
We have done over 200 out of about 300 room surveys. We are putting together a database of all of the
equipment and needs in each of the rooms so we are familiar with the spaces we are supporting.
Bob Mello gave an update on Infrastructure services.
We are in the middle of a few major projects, the most visible being the builds for Office 365 which are
going well. The team is working on the QA environment and will finish within the next couple of weeks.
I am also starting up the cloud infrastructure group which is a group of eight to nine system
administrators. We are asking everyone in this group to dedicate 2‐3 hours per week to accomplish
some of the tasks related to this.
We are working on some Active Directory policies as well. We have reached out to Gartner to get some
feedback on some of the documents we are creating and that has been a very useful service which I
would recommend to everyone.
Larry Jaffe gave an update on Classroom and Lab Standards.
I reached out to Melody Bowden and asked her to email out a lyndaCampus link to all of the faculty to
assist with all of the new Windows 10 features. Several faculty members have watched the video and at
least two people have reached back to me indicating that it was a short and helpful video.
In terms of transitioning to Windows 10 in the classrooms and labs, four of the five colleges in cohort 1
have completely transitioned (COHPA, CEDHP, COS, CAH) and College of Business is transitioning over
during spring break. The transition has gone smoothly and we have not heard of any problems.
Craig Froehlich gave an update on Application Delivery.
We have three working groups that are meeting right now. The leadership group has been meeting since
the November time frame and working to frame out what this project looks like. One of the main things
that group has been working on is identifying staff that are a part of cohort 1, and we are working on an
interim organizational chart that we are about to propose from a day one perspective.
We are still aiming for the February 10th date to transition cohort 1 staff over.
We started up two subgroups that met for the first time last week. We have one group dedicated to
application support, which is basically support of SaaS, cloud base, package based applications on
campus, etc. The other group is focused on application development and all of the custom development
that is happening across campus.
The leadership group has come up with 4‐5 bullet points of tasks that we will task each of those groups
with, mostly starting with data gathering at this point.
We invited Kris Benoit to our last meeting to talk about the project intake process. We are asking each
of those subgroups to look at the process from their view to see what kind of information they need to
determine the feasibility of a project going forward.
Chad Macuszonok gave an update on Project Wahoo.
We had the Project Wahoo kickoff meeting with the consultants. We have had two years’ worth of a lot
of work and now the consultants are here and ready to get the project going.
The consultants are doing business process reviews with our business users, financials teams, and the
technical consultants met with Bob Mello and Felicia Kendall from the ERP side.
We are moving through with interviews right now and planning out the next four weeks.
Larry Jaffe gave an update on the list of UCF IT Committees and Work Groups.
In September I last updated the list of UCF IT Committees and Work Groups to try and get all of the
committees and work groups added. I know that since then other working groups have been created so I
am putting together a system to maintain the list more thoroughly.
The objective is to have the committee list available so everyone knows what committees exist and have
the opportunity to participate.
Larry indicated that Bob Mello had suggested a naming convention for committee distribution lists.
Joel Hartman gave a CIO Update.
The final transition in cohort 1 is imminent and the information that I get is that the transition of cohort
1 is going as well as could be expected. In that regard, I want to thank all of you for your collaboration,
cooperation, and spirit of moving forward.
We are in the process of forming a cohort 2. The Office of Research and Graduate Studies as well as the
Office of Undergraduate Studies are considering joining. Regional Campus is joining and we are bringing
in the remaining components of IT&R which are OIR, Library and CDL. The door is still open to join
cohort 2 for anyone interested. I have talked to the deans about either having a cohort 2A or cohort 3,
but I am committed to this until all applicable major units have had an opportunity to consider it.
Michael Sink will start on February 6th and he is wanting to map out his first 100 days. I know this group
and others have planned some welcoming activities and I think we ought to coordinate these activities.
This also raises the question of the transition from the CS&T organizational name to the UCF IT
organizational name and because of his transition and the transition of the work force, it would seem
that early February would be a good time to transition the CS&T organizational name.
We still have two MOU’s with the College of Sciences and College of Arts and Humanities that are out
under negotiation. We continue to inch closer and closer to the inevitable signature and the associated
transition of their workforce.
Karen Cobbs and I have a meeting with HR this afternoon to continue our dialogue with them on their
work with Simpson, the university’s compensation and pay plan, our progress on UCF IT, and my interest
and commitment to find a way to get professional credentials from our IT workforce into PeopleSoft so
they can be recognized. I think HR is certainly in favor of those initiatives, and we just need to continue
to synchronize what they are doing with what we are doing so we can proceed.
Jonathan White gave a presentation on the Goals and Strategy for UCF Cloud Services. His presentation is
attached at the end of the minutes.
I took some snippets from our mission statement, vision statement, etc., and you can see that the key
here is innovation. The cloud is innovation at this point, so if we really want to be an innovative
university, I think we have to embrace cloud services as the future for how we are going to manage our
infrastructure.
I heard that our PeopleSoft environment is scaled in such a way to get us through spring and fall, and
the rest of the time we have this huge environment sitting there doing nothing. It would be better if we
could take advantage of things like cloud bursting to handle that demand and not have this huge scale
sitting around doing nothing.
Everyone tends to think that if we switch to the cloud, people will lose their jobs. Every college that I
spoke with at Educause said that is not the case, staffing does not go anywhere, the roles simply change.
We need to sell this idea to people on our IT team who are resistant to the cloud and let them know
their job might change but they will not lose it.
After reviewing the presentation (see attached presentation), Jonathan indicated we need to continue
to further our mission and vision by embracing innovation and cloud services is innovation.
Cloud First does not mean Cloud Always. There are going to be cases where cloud first does not make
sense. Understanding this is a key component to moving to the cloud.
We need to break out of the silo mentality which is going to be difficult because all of the colleges have
worked separately for so long, but a lot of the schools that have been successful in the cloud have
broken down this mentality and begun working together as one team.
Bob Mello mentioned that we have set up two hardware VPNs, one at UCF and one at data site Orlando.
Bob indicated we have two VPN connections that go between the two campuses and then out to
Microsoft’s cloud in a crisscross pattern so we have two connections going from UCF to both their
central and east configuration and then data site Orlando going through their central and east
configurations. In each region we have essentially created redundant infrastructure.
Bob Mello also stated that Active Directory domain controllers trickle up from on premises across the
VPN connection to put all of our identities out in the cloud, those connect to AV connect servers which
sync Active Directory identities from Active Directory’s database to Azure’s Active Directory database.
This basically puts our identities out to Azure so they can be consumed by Office 365.
Bob Mello commented that UCF also has the ADFS service which is Microsoft’s version of federation and
that takes the synced identities and links them back on premises so that we never have to store
passwords in the cloud. StorSimple is up there as well which is a hybrid way of consuming Azure’s stored
accounts. Both AWS and Azure have the concept of keeping storage in the cloud that you pay for per
gigabyte. StorSimple is essentially an on premises version of that which holds 5‐30 terabytes that trickles
up to the cloud and gives you a virtual 200 terabytes of storage that can then be tiered up to the cloud.
StorSimple keeps a local cache of the most frequently used files and everything else that is older goes up
to the cloud.
Meeting adjourned at 12:05pm.
Goals & Strategy forUCF Cloud Services
Why Pursue Cloud Services• Does investing in cloud services align with UCF’s goals?
• “support the UCF mission by providing innovative IT services” – UCF IT Vision Statement• “providing innovative technology solutions and services” – UCF IT Mission Statement• “advancing UCF’s mission by developing innovative technology initiatives” – IT&R Mission Statement
• How do cloud services allow UCF to meet its goals and business needs?• Shorten delivery time for IT solutions by utilizing the economies of scale, resiliency, flexibility,
capacity, and agility of cloud computing• Lower the overhead for developing, prototyping, and staging IT environments• Transition from capital to operational spending to reduce large expenditures, freeing up
resources for multiple investments across the business • Eliminate guesswork to estimate future capacity needs for static hardware and software• Pay for only the capacity needed and scale as requirements change• Provide reliable and accurate chargeback to departments consuming IT services• Tap into private sector innovation and emerging technologies• Shift from managing infrastructure to providing services
ECAR Stages of Cloud Strategy
• Opportunistic Cloud• IT organization begins to actively seek out cloudsolutions that meet business requirements
• New services may remain as traditional on‐premisesdeployments
• Cloud solutions are considered and deployed whenreliability, scalability, and other benefits are perceived
Indiana University• Broad SaaS adoption (Box, Canvas, Qualtrics, O365, etc)• Comprehensive cloud storage solution (Kumo)• Communications‐as‐a‐Service experimentation• Broad IaaS/PaaS implementation within distributed IT
ECAR Stages of Cloud Strategy
• Cloud First• Places cloud at the top of the decision‐making chain• Default assumption is that cloud services will fulfill themajority of an institution’s computing needs
• Migration plans typically implemented to move legacyservices to the cloud
Harvard University• Harvard IT’s goal is to implement 100% of all new applications
and move 75% of all existing applications to the cloud over the next three years
• Network group focused on developing a network integration strategy for cloud‐hosted services that is secure, multi‐tenet, and functional with multiple cloud providers
• Multi‐pronged migration strategy leveraging DevOps and AWS as primary IaaS cloud: Re‐platform, Lift & shift, SaaS
• Significantly reduce on‐premises datacenter presence
Cloud First - University of Notre Dame• “Cloud First” 30‐member team goal of moving 80% of centrallymanaged services to the cloud by the end of 2017
• As of October 2016, over 60% of services have been migrated – over300 SaaS services and 300+ servers, 6TB data, 700+ storage volumesin AWS
• $60K/month in AWS, 40% cheaper than on‐site, based on TCO
• Half of central IT staff has gone through some level of AWS training
• Working with researchers to create an environmentin GovCloud for research involving export control data
• Leveraged savings from earlier cloud migrations topay for future migrations
• Staff has not diminished but roles have changed
• Cloud services should be the first option for new services or revisions to current services
• Identify reasons for not moving to the cloud rather than why you should move
• Choose applications or platforms that can be run on cloud infrastructure, even if the initial implementation will be run on‐premises
• Aim to select cloud services that run as high up the stack as possible (SaaS over PaaS and PaaS over IaaS) to enable effective use of IT staff resources as well as vendor architectures and support.
• Develop and apply rigorous data classification and security standards so that technical and legal safeguards can be established
• University counsel and procurement services should be involved in all cloud service agreements
• Consideration should be given to integration with existing on‐premises and other cloud services, including identity management, networking, storage, etc
• Decisions to not integrate should be made deliberately and preference should be given to systems that can integrate easily
• Advocate a cloud‐first strategy and build a multi‐year cloud maturity plan
• Encourage leadership to appoint someone to oversee the cloud strategy and to be responsible for tracking movements in the cloud industry
• SaaS should be the first consideration for all new software procurement decisions where the organization can relinquish a level of control
• Choose a strategic, blended IaaS and PaaS provider that you will maintain a relationship with for several years
• Start designing a hybrid cloud architecture that includes a strategy for integration of networks, identity, data and services with multiple cloud providers
• Consider virtual automation or hosted private clouds (hyper‐converged) as alternatives to difficult and expensive projects of building your own internal private cloud
• Maintain investments in server and desktop virtualization environments, and stay current with your hypervisor and virtualization management platform version
Summary
• Further our mission and vision by embracing innovation• Cloud First does not mean Cloud Always• Make SaaS the first option• Be prepared to fail and move on• Break out of the silo mentality• Staff is not reduced but roles will change – transform administrators into engineers
• Move UCF out of the datacenter business and into the business of service delivery