Presentation is loading. Please wait.

Presentation is loading. Please wait.

Addressing Business Processes: Customer Needs and Choosing the First Applications Jack Suess, CIO, UMBC Copyright.

Published byBasil Arthur Edwards Modified over 10 years ago

Similar presentations

Presentation on theme: "Addressing Business Processes: Customer Needs and Choosing the First Applications Jack Suess, CIO, UMBC Copyright."— Presentation transcript:

1 Addressing Business Processes: Customer Needs and Choosing the First Applications Jack Suess, CIO, UMBC jack@umbc.edu http://umbc.edu/~jack/ Copyright Jack Suess 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 Base CAMP - February 5-7, 2003 2 What I Will Discuss –The business factors driving this initiative –The directory development team and process – Development and deployment of new applications using the directory service –Creation of a single sign on web authenticator –Future directory plans at UMBC –Applying the lessons learned - how to jumpstart a directory project –Questions

3 Base CAMP - February 5-7, 2003 3 UMBC Institutional Profile University of Maryland, Baltimore County. –Established 1966. Enrollment is 11,500 –Carnegie designation of Research/Extensive –Centralized administration and IT services with strong faculty governance structure –Heavy IT emphasis, about 25% of students in IT related majors. –Locally developed SIS and HR systems but now implementing Peoplesoft.

4 Base CAMP - February 5-7, 2003 4 Business Factors UMBC Needed to Address - Fall 1999 –Finishing up with Y2K. –UMBC decided we would begin discussions to replace our SIS, HR and Finance systems. –UMBC started two online graduate programs and began planning for a third program. We needed to add more web-based self-service applications, especially account generation.

5 Base CAMP - February 5-7, 2003 5 Business Factors - Continued Fall 1999 –We had successfully deployed our web portal, myUMBC and were getting requests to extend it to alumni, parents, and prospective students. –Fall 1999, we saw WebCT usage plateau, discussions with faculty pointed at need to make it “easier” to use course tools. Eliminate faculty handling of student account problems Make it easier to “enroll” students Eliminate the need to know HTML

6 Base CAMP - February 5-7, 2003 6 Business Requirements – Applications needed 7x24 access –The indecision over our SIS/HR plans made using those systems directly a mistake. –We needed to reduce transactions on our overloaded administrative systems. –We had reorganized support services and made our Helpdesk the focal point. We needed to empower them with ability to manage basic account functions. –To support alumni we needed to expand authentication services beyond solely using Kerberos

7 Base CAMP - February 5-7, 2003 7 Why Deploy an Enterprise Directory Hype- Directories were hot technologies in 1999, though not necessarily mature. UMBC has a large Unix infrastructure and significant Unix development experience We didn’t want the complexity or cost associated with using a DBMS We wanted to solve this in a way that would allow us to collaborate with other schools.

8 Base CAMP - February 5-7, 2003 8 Getting Started January 2000 –I2 was beginning to focus on the problem of middleware, I saw this as an opportunity for UMBC to be engaged in I2. –I2 was soliciting schools to participate in an Early Adopters program and UMBC applied. –I was the initial project sponsor for middleware at UMBC. –January 2000 we created our middleware project team

9 Base CAMP - February 5-7, 2003 9 Directory Project Team Created January 2000 –Worked closely with Internet2 Middleware group –A technical lead was identified and the project team created. Members represented all areas of IT I needed to get the team understanding what was meant by directory services Sharp differences on team over what directory platform to use I2 middleware group was very helpful in framing issues for consideration

10 Base CAMP - February 5-7, 2003 10 Directory Development - Engaging Non-IT Staff –I met privately with our Vice Provost for Academic Affairs and CFO to discuss the project and get their support –I worked through our IT Steering committee and discussed the project in terms of the business factors, not technology. –In hindsight we should of done a better job broadly communicating this to the campus.

11 Base CAMP - February 5-7, 2003 11 Selecting a Directory Product –This became contentious - we looked at NDS, AD, Innosoft, iPlanet and Oracle –Our process looked at initial cost, cost per entry, API, scalability, and availability. –We had concerns about directory products tied too closely to network LAN products. –iPlanet had the best product but cost was a concern. Opportunity struck - we purchased Innosoft - iPlanet then bought company and transitioned customers over to iPlanet :- )

12 Base CAMP - February 5-7, 2003 12 Defining Data Access Strategy –We initially focused on data needed for whitepages and account management. –We negotiated read access to SIS and HR. – Updates to demographic data would be done through our portal, myUMBC. –Where duplicate data exists in HR/SIS we used most recent entry as “current” –Broad IT support was critical here, we needed input from our analysts and DBA’s to fully understand what data was needed and get database triggers defined.

13 Base CAMP - February 5-7, 2003 13 Defining Data Update Strategy –Goal for account generation was that a PT student could register that day and get an account within 30 minutes. –We discussed merits of real-time, near real-time, and batch updates of directory. Realtime - triggers between DBMS tables Near realtime - triggers generate a changelog queue Batch - extract and update periodically –Selected near realtime to meet our goal for account generation but lessen dependencies

14 Base CAMP - February 5-7, 2003 14 UMBC Directory Architecture

15 Base CAMP - February 5-7, 2003 15 Directory Development Team March 2000 1 full-time directory architect 1 directory programmer (.75) PT access to an Oracle DBA (<.25) PT access to SIS and HR analysts (<.25) Allocated $75,000 in startup funding

16 Base CAMP - February 5-7, 2003 16 Development and Deployment- Phase 1 –Phase 1 – Generate new web-based account management system, go live August 2000 –Decided to load all students in SIS who have ever applied to UMBC to date, ~275000. This was a mistake, we should of limited it to active members only. –Challenge was how to provide different levels of access to the directory without complex ACL’s and grant this access to other web services. –We created a service we call webauth, which is similar to Shibboleth’s pubcookie.

17 Base CAMP - February 5-7, 2003 17 Development of Webauth –Goal was to provide a web-based single sign on (WebISO) that can authenticate across any web- based application. In summer 2000, nothing had been released that did this. We modeled our approach on Kerberos and each web service has a unique service ticket Created apache module Created Java and Perl interfaces –Available upon request but I would strongly suggest you consider I2’s Pubcookie.

18 Base CAMP - February 5-7, 2003 18 UMBC Directory Applications - Webadmin Created Webadmin, a web-based tool for accessing the directory, released 8/2000 –Allows delegation of control over different functions to groups or people based on roles and needs. Helpdesk group can now reset passwords and quotas. –Self-service - students can now select username and password, create email aliases, and forward mail without coming onto campus –Mistake - the user interface could have been better

19 Base CAMP - February 5-7, 2003 19 Delegating Authority Fall 2000 Goal - Let Helpdesk immediately handle basic account tasks on behalf of users without root access –Store user preferences in LDAP as attributes, wrote LDAP interface to Unix systems –Users must use Webadmin to update account –Helpdesk can reset passwords, quota, set forwarding address, and Unix preferences. –Fall 2000, delegation horror story. Student working Helpdesk stole class project from another student

20 Base CAMP - February 5-7, 2003 20 Directory Based Updates

21 Base CAMP - February 5-7, 2003 21 Integrating Course Management Tools with the Directory One of our initial goals was to simplify the faculty effort when utilizing course management tools. –Eliminate account management problems –Simplify enrollment of students into a course Purchased Blackboard Level 3 license, paid them to accept our Webauth credentials solving account management issue, 1/2001 We developed code for WebCT 3.1 to accept our webauth credentials but decided to drop WebCT

22 Base CAMP - February 5-7, 2003 22 Supporting Windows 2000 Spring 2001 Goal - Migrate our public labs from Windows NT to Windows 2000. All our labs provided common file access (AFS) and used our Kerberos authentication. Problem - Windows 2000 requires AD, how do we get our account information now stored in iPlanet into AD? Spring 2001, tested AD against existing Kerberos environment and got this working

23 Base CAMP - February 5-7, 2003 23 iPlanet to AD Integration Summer 2001 Summer 2001 began work on linking iPlanet directory to Microsoft AD Reverse engineered Microsoft AD account entries to identify what is needed for an account entry by looking at before/after. Wrote LDAP connector in Perl to update AD when iPlanet entries are created or change. Windows 2000 fully deployed in all labs January 2002 Metamerge now provides a connector for this

24 Base CAMP - February 5-7, 2003 24 Remedy Integration Summer 2001 Goal - Keep client information (phone, office, email) up to date in Remedy Developed a connector between LDAP and Remedy (Oracle DBMS) that updates Remedy whenever certain data elements are updated in LDAP.

25 Base CAMP - February 5-7, 2003 25 Extending Webauth to 3rd Parties Spring 2002 –Spring 2002 - provided linkage to one-card vendor (DieBold/JSA) for eCommerce. We provide a link from our portal to our JSA. –We provided JSA with a webauth service ticket for their server and webauth client code to request validated campus-id when presenting a webauth cookie. –I’d love to do with with other 3rd Parties such as Sallie Mae Solutions

26 Base CAMP - February 5-7, 2003 26 Blackboard Course Auto-Enroll Summer 2002 –Added course containers to LDAP that track enrollments to courses (add/drop) –Wrote a Java servlet for Blackboard that is updated by LDAP connector –Fall 2002 students are auto-registered into their Blackboard course. –We use course containers for other services like limiting lab access to students in particular courses, mailing lists, etc.

27 Base CAMP - February 5-7, 2003 27 VPN Access Fall 2002 Goal - Rollout VPN services in fall to secure wireless and provide remote access to administrative applications Driven through LDAP group membership –Due to limitations in VPN users can only be in one group, we had to be creative in how we defined groups to meet needs of different users. –Most users automatically defined into a group but some people have to be managed manually

28 Base CAMP - February 5-7, 2003 28 Short Term Plans AY 2002-2003 The following are project proposals under consideration –Peoplesoft 8.0 integration with LDAP –Automated account deletion/deactivation –OS/X Netinfo and Novell 6 integration –Shibboleth –Alumni access –PKI

29 Base CAMP - February 5-7, 2003 29 Peoplesoft Plans Goal - Use LDAP to manage access to Peoplesoft. Bringing Finance 8.4, HR 8, EPM 8.3 in July 2003. SA development will then start with deployment done by 8/2005 Recently begun testing of using LDAP for authentication and managing user profiles in Peoplesoft 8 with good results.

30 Base CAMP - February 5-7, 2003 30 Automated Account Deletion Currently we have the ability to quickly deactivate an account via LDAP with the exception of Novell. We are working with our IT Steering committee to get deletion procedures defined. Approach will be to deactivate accounts, then based on the group the user belongs to delete accounts at some point in the future. I2 has recently put up a discussion paper on account management and deletion

31 Base CAMP - February 5-7, 2003 31 OS/X Netinfo and Novell 6 Integration Transitioned to Novell 6 summer 2002, goal is to look at integrating Novell 6 and iPlanet so we can manage accounts through iPlanet Goal is to transition Macintosh labs to OS/X over summer 2003. We would like to utilize LDAP and Kerberos for managing OS/X in the labs.

32 Base CAMP - February 5-7, 2003 32 Shibboleth Shibboleth provides inter-institutional authorization service where the person controls what information is released to whom. We will be demonstrating this to our USM library directors in the fall as a possible solution for inter- campus (USM) access to library databases. We hope to have webauth working with Shibboleth sometime this fall

33 Base CAMP - February 5-7, 2003 33 Alumni Access to our Portal An original goal of the directory project was opening our portal to alumni. To support this we developed an authentication routine that supports both Kerberos and LDAP. Members will use Kerberos and affiliates use LDAP. We’re working with our Alumni group on whether to release this now or when we complete our new Portal next summer.

34 Base CAMP - February 5-7, 2003 34 PKI I’m on the fence on this one. I’m looking for a problem that implementing PKI would solve at UMBC. We are following the I2 HEPKI work and want to let others do the heavy lifting on this. If a problem is identified we think we could implement this fairly quickly.

35 Base CAMP - February 5-7, 2003 35 Results –After Kerberos and DNS,the directory service has been our most reliable service, at least 99.99% uptime. –These self-service applications have revamped the way we support users and the services we provide. –Automated Blackboard connections were well received by faculty. –Using a directory allowed us to utilize our institutional data in an academic context. The staff that did this would never be able to directly access and update our legacy SIS tables.

36 Base CAMP - February 5-7, 2003 36 Lessons Learned 1.CIO leadership is important 2.Building support for the project inside and outside of IT is critical 3.This will be a new service that must be continually supported. 4.Managing expectations is important 5.The benefits exceed the costs 6.Don’t reinvent the wheel

37 Base CAMP - February 5-7, 2003 37 Lessons Learned: CIO Leadership Unlike ERP, a CIO can’t expect other executives to “sponsor” middleware. A CIO must make the business case for middleware and find the money Identify the tangible benefits from middleware that matter to your campus Look at Middleware Business Case on the CD, it identifies 24 possible applications

38 Base CAMP - February 5-7, 2003 38 Lessons Learned: Developing Campus Support Laying the groundwork: Meet privately with key leaders and explain middleware and discuss what it means to their unit. Include faculty leaders in this Use the opportunities a CIO has to discuss the project with faculty, staff, and executives Don’t forget to build consensus inside your IT organization for the project.

39 Base CAMP - February 5-7, 2003 39 Lessons Learned: Planning For Support Treat this as a formal application development project Don’t skimp on hardware or redundancy Be prepared to redefine responsibilities of people as workload changes Initial development team might not be the best to support this once it is in production Look for ways to make IT services easier and better as a way to build internal support

40 Base CAMP - February 5-7, 2003 40 Lessons Learned: Managing Expectations is Important Middleware development is an on-going process: A well-written project plan with quick wins defined at appropriate intervals is key to managing expectations and budget Life-cycle funding needs to be identified Middleware’s benefit is often found in productivity gains or through self-service. Identify ways to measure this ahead of time.

41 Base CAMP - February 5-7, 2003 41 Lessons Learned: The Benefits Exceed the Cost Problems related to accounts - account generation, forgotten passwords, and disk quota represented 1/3 of our helpdesk requests, we can now handle 90% of these over the phone. This essentially freed 1.5 sysadmin positions. Infrastructure projects by their nature usually provide many unintended benefits. In our case we never expected to use this system for our one-card or VPN. I’m sure over the next few years we will find many other benefits

42 Base CAMP - February 5-7, 2003 42 Lessons Learned: Don’t Reinvent the Wheel –UMBC started this process 2.5 years ago. Many of the technical issues we found difficult now have solutions - WebISO, Blackboard, and AD. –I2, NMI, and Educause now have a wide array of material on their web sites that will help you get started. –NMI is running middleware camps, my suggestion is for any campus considering this to take their team to the camp, learn from others, and plan your strategy

43 Base CAMP - February 5-7, 2003 43 NMI-EDIT Consortium Funded out of the NSF Middleware Initiative (NMI) Enterprise and Desktop Integration Technologies Consortium –Internet2 – primary on grant and research –EDUCAUSE – primary on outreach –Southeastern Universities Research Association (SURA) – primary on NMI Integration Testbed Higher-ed, government, corporate, research, and international participation

44 Base CAMP - February 5-7, 2003 44 NMI-EDIT: Goals Much as at the network layer, create a ubiquitous common, persistent and robust core middleware infrastructure for the R&E community In support of inter-institutional and inter-realm collaborations, provide tools and services (e.g. registries, bridge PKI components, root directories) as required

45 Base CAMP - February 5-7, 2003 45 NMI-EDIT: Core Middleware Scope Identity and Identifiers – namespaces, identifier crosswalks, real world levels of assurance Authentication – campus technologies and policies, inter- realm interoperability via PKI, Kerberos Directories – enterprise directory services architectures and tools, standard object classes, inter-realm and registry services Authorization – permissions and access controls, delegation, privacy management Integration Activities – common management tools, use of virtual, federated and hierarchical organizations

46 Base CAMP - February 5-7, 2003 46 Enterprise Middleware Educational Opportunities NMI-EDIT Workshops Pre-conference Seminars and track sessions at EDUCAUSE Regional Meetings Campus Architectural Middleware Planning Workshops –Base CAMP, Tempe AZ, 4-7 February 2003 CIO and Technical staff Getting started topics http://www.educause.edu/conference/nmi/camp031/ –Advanced CAMP– July 2003 Highly technical Research topics

47 Base CAMP - February 5-7, 2003 47 On-line Resources Available Introductory Documents –Sample Middleware Business Case and corresponding Writer’s Guide –Identifiers, Authentication, and Directories: Best Practices for Higher Education –Identifier Mapping Templates and Campus Examples –And more…. See resources page of www.nmi-edit.org

48 Base CAMP - February 5-7, 2003 48 Websites middleware.internet2.edu - middleware research activitiesmiddleware.internet2.edu www.nsf-middleware.org – NSF Middleware Initiative Sitewww.nsf-middleware.org www.nmi-edit.org – introduction to middleware and implementation assistancewww.nmi-edit.org Middleware discussion/announcement lists mw-announce@internet2.edu – Internet2 and NMI-EDIT announcements of events and resourcesmw-announce@internet2.edu mw-discuss@internet2.edu – Discussion topics related to middlewaremw-discuss@internet2.edu NMI lists (see Participation page on www.nsf-middleware.org) – NMI project announcements, discussion, and informationwww.nsf-middleware.org For more information, contact Ann West awest@educause.edu Websites and Email Lists

49 Base CAMP - February 5-7, 2003 49 CDROM Materials I’ve created PDF files from a number of presentations, papers, and web sites that I think are useful to look at when starting a directory project.

50 Base CAMP - February 5-7, 2003 50 Questions and Discussion

Download ppt "Addressing Business Processes: Customer Needs and Choosing the First Applications Jack Suess, CIO, UMBC Copyright."

Similar presentations

WebISO PanelEducause SAC 2003 1 Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ.

WebISO PanelEducause SAC Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ.
Administrative Data and Curricular Support: The Sum is Greater Than the Parts NERCOMP 2004 Copyright Bret Ingerman, Daniel Green, and Beth DuPont, 2004.

Administrative Data and Curricular Support: The Sum is Greater Than the Parts NERCOMP 2004 Copyright Bret Ingerman, Daniel Green, and Beth DuPont, 2004.
Copyright Ann West 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Ann West This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Copyright Dickinson College 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Dickinson College This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Effective Involvement of Shareholders in Key Activities SACRAO 2009 February 10, 2009 Session T1.10.

Effective Involvement of Shareholders in Key Activities SACRAO 2009 February 10, 2009 Session T1.10.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
1 Collaborators at the Gates of Troy: Extending eServices at USC.

1 Collaborators at the Gates of Troy: Extending eServices at USC.
1 Extending Authenticated Online Services with Friend Accounts at Washington State University Brian Foley Technology Architect/Application Developer.

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
1 The Evolving Definition of Student: Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.

1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
Copyright Jill M. Forrester 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Spark Web 2.0 Tools for Communication and Collaboration David Grogan Manager, Curricular Technology Group UIT Academic Technology Tufts University What.

Spark Web 2.0 Tools for Communication and Collaboration David Grogan Manager, Curricular Technology Group UIT Academic Technology Tufts University What.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
The Homegrown Single Sign On (SSO) Project at UM – St. Louis.

The Homegrown Single Sign On (SSO) Project at UM – St. Louis.
Copyright Statement © Jason Rhode and Carol Scheidenhelm. 2006. This work is the intellectual property of the authors. Permission is granted for this material.

Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.
Copyright Dong Chen, 2006. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Dong Chen, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
1 sm Using E-Business Solutions to Meet Management Challenges: Interoperability & Flexibility Bring Success to the Implementation of Specialized Components.

1 sm Using E-Business Solutions to Meet Management Challenges: Interoperability & Flexibility Bring Success to the Implementation of Specialized Components.

Similar presentations

Ads by Google