IT Stakeholders IAM Ops, Group Services, and EA January 11, 2017 Wednesday Lamont Forum Room 12:00 pm - 1:30 pm
Agenda Closing Out IAM Future State IAM Services Group Services Enterprise Architecture
Intended Objectives The purpose of this overview is to identify some key areas of focus for the Technology Office. The intended objectives are to: achieve a common understanding of what the program has completed and the value it provides discuss how IAM’s current program state maps to its future operational state summarize our final program feature, Group Services provide an overview of what’s happening in Enterprise Architecture
Identity and Access Management Program... has completed what we set out to do. Simplify the User Experience Enable Research and Collaboration Protect University Resources Facilitate Technology Innovation
Achieved Goals and Impact IAM Strategic Objectives Impact Simplify the User Experience Less passwords to remember... One login for life has replaced an average of over 6 logins per user across Harvard Enable Research and Collaboration Improved access to university resources... All schools across Harvard are integrated with common user identities that enable University email, HarvardPhone, and over 2,000 other applications Protect University Resources Better security... University-wide adoption of standardized and improved passwords with associated two factor authentication dramatically increases security Facilitate Technology Innovation Improved participation in higher education community... Improved sponsored guest accounts and external federation allow external researchers and university staff to collaborate quickly We set out to do these 4 things and we successfully achieved these thing and here are examples how we did that...
Before IAM - The bad old days “Onboarding” happened after you were already here You didn’t know your ID number or how to get an account Then you had to get your PIN in order to get your desktop login But first, we needed to give you your email, so you could get the PIN You had too many accounts, and never knew which one to use PIN, Desktop, Email , MeetingMaker, Sharepoint, Google You logged into accounts with different usernames & passwords The passwords had different rules and expired on different timeframes You had to call the SupportDesk in tears because you couldn’t make a password with the PIN system that worked. And while you were guessing what your password was, you locked yourself out. And as you walked off the stage with your hard-earned diploma, Harvard asked you to register for a new account. ? ? ?
IAM Services / Organization
Future State Services and Offerings Current Service # offerings End User Computing Collaboration Services 3 offerings Email and Calendars 6 offerings Field Support Services Network Services Phone Services IT Provider Services Cloud Services HUIT Support Tools and Systems Identity and Access Services 4 offerings Server Administration Web Hosting IT Security Information Security Education and Consulting Information Security Operations and Engineering Future Service # offerings End User Computing Collaboration Services 3 offerings Field Support Services Network Services Phone Services IT Provider Services Cloud Services HUIT Support Tools and Systems Identity and Integration Services Server Administration Web Hosting IT Security Information Security Education and Consulting Information Security Operations and Engineering 13 Services Offerings 6 Services Offerings FUTURE OFFERINGS Collaboration Services Account and HarvardKey Services Email and Calendar Groups and Guests Identity and Access Integration Services Identity Data and Provisioning Identity Repositories Authorization Services See Appendix A: Service Taxonomy for more details
Transition Plan Simplify Service Definitions (through March 2017) Communicate transition to customers and IAM partners Partner with ITSM to adjust service catalog for IAM services Align Organization (through June 2017) Transition to the service based structure (Collaboration Services and Identity and Integration Services) Adjust budgets to align with organizational structures Growing T-Shaped Professionals (through FY’18) Transition IAM teams from CTO Office to operating organizations Realign positions where necessary to address gaps Distribute specialized functionalities across team: DevOps/Support, Project Management, Product Management
Group Services
Define “Group” Active Access 4/16/2018 A group is a list of identities (subjects) who hold membership. Affiliation Services Employee VPN Member Student Intranet Active Access Alum Application Tenant Building
Why an IT Service for Groups? Because groups are an essential component of all other IT service delivery Groups Enable Everyday Business Objectives Access Control Enabling access for the right people Dissolving access when people leave Communication Emailing or texting messages to targeted audiences Collaboration Document sharing File sharing (individuals and groups) Online conferencing
Silos to Service Group Service Current State: Every app for itself Redundant, overlapping Managed manually, static Inconsistent Not trusted Future: IT service Institutional, integrated Updated automatically Consistent Trusted
Integration Required to Benefit from Group Services Service providers and application owners will need to plan for development to integrate with Group Services Options for Integration with Group Services include: Attributes/Authorization with HarvardKey RESTful API Using Directory Services LDAP Active Directory Direct provisioning of group data Key Takeaways: 1. App owners often have to do work to benefit from Groups. (Or register their application with HarvardKey). 2. Value to Harvard will grow over time as adoption increases.
Enterprise Architecture
Enterprise Architecture Vision Our Vision for Harvard’s Enterprise Architecture Articulate and drive to common solutions, standards, and opportunities for alignment in order to reduce IT complexity and cost across the University and enable local innovation. Strategic Objectives Articulate a set of Principles and Standards aligned to each architecture layer Organize existing and future reference artifacts and patterns in a library that aligns with the Principles and Standards Engage with University teams strategically to advance and support elements of the Enterprise Architecture Cultivate a Community of Practice for architecture Guiding Principles Allow real needs of working teams to drive EA focus Work across organizational units to find opportunities for alignment Evolve architecture with advances in technology Seek feedback broadly from University colleagues and peer institutions Key Performance Indicators Decrease in project delivery timeframes Increased use of common solutions Increase the number of projects that align to EA Principles Use of common data sources and ways of working with data Vision aligns with the “Why” articulated earlier. We think that the strategic objectives have been constant for a while - they remain so.
Framework Elements IF Anne calls this out, say “Resources” means “Patterns and Reference Architecture.”
Sample Framework Content Principle: Use and build shared APIs to move information between systems. Layer: Interoperation Standard: Publish APIs to a common repository for wider use Library of Resources, Patterns, and Reference Artifacts: ETAB Publication: Guidelines for API Development DMS program service: MuleSoft Code for existing APIs shared in common repo Checklist for vendor-managed APIs for COTS and SaaS solutions ...
Sample Framework Content
Thank You / Questions