Enterprise IT Update August 3, 2012

Introductions AIT Personnel –Mike Alani: Senior Network Engineer –Jay Carper: Exchange & Active Directory Administrator –Gene Curtiss: Senior Systems Administrator –John Willis: Chief Architect Department IT Managers -New: RPTS: David Burdette -New: TIGM/PlantGeno: Michael McCleod

Information Technology Today IT State of Affairs

Rules and Procedures Rules and Procedures Progression IT Managers accountable for maintaining all Rules and ProceduresIT Managers accountable for maintaining all Rules and Procedures IT Managers should be up to date and highly awareIT Managers should be up to date and highly aware Approved by AdministrationApproved by Administration If unsure of rule/procedure ask AIT for clarificationIf unsure of rule/procedure ask AIT for clarification

AgriLife Enterprise Service Status Deployed Services –4176 mailboxes, 293 distro groups and 16 domains Domain managed systemsDomain managed systems –2453 computers in domain –All centers and urban centers fully joined/some departments fully joined –Advantages: Acct. Mgmt, Policy Application, SUS, Enterprise File Services Managed Network Hardware (Regional Centers)Managed Network Hardware (Regional Centers) –99 WAP –125 Switches (approximately 3000 ports) –22 Firewalls SophosSophos –5490 computers protected –Upgrade to version 10 completed –Review estate; if not upgraded turn on computer or perform manual install –New single installer model requires that you move any new installed PC’s in console from “NewUnassigned” folder to unit folder in Sophos Console –New Domain enabled console uses domain credentials

AgriLife Enterprise Service Status Deployed Services – continued NessusNessus –Feature of the Server Management Program –Report sent once a month during first week of month –Recommend addressing critical/high alerts asap Recently or Soon to be Deployed Services Windows System Update Service (WSUS)Windows System Update Service (WSUS) –Deployed to all centers and urban centers –Improves bandwidth utilization for centers –Provides snapshot report of update status of domain workstations or windows servers –Report addresses requirement by system policy to represent unit’s efforts in maintaining patch management of workstations/servers CentrifyCentrify –Centralizes Linux or MAC server account management to AGNET Domain –Brings server into compliance with certain required policies

AgriLife Server Management Program (SMP)Overview Who developed the program?Who developed the program? –AIT working in conjunction with system auditors Why was it created?Why was it created? –Clearly outline all required tasks and documentation specified for a server to be TAC/SAP compliant in a consolidated location a server to be TAC/SAP compliant in a consolidated location Where should you be now (a month after program release)?Where should you be now (a month after program release)? –Read program documentation –Formulated any questions and requesting answers from AIT to resolve –Preparing to review servers within your department to determine if they are fully compliant with program requirements i.e. TAC/SAP compliant Next StepsNext Steps –Create updated comprehensive listing of servers and define type –Perform all required tasks and documentation efforts WhenWhen –By December 2012 –In preparation for system audit starting as early as January 2013

AgriLife SMP What does it include?What does it include? –Monthly automated Nessus scans –Access to Centrify Licenses –Recommended baseline templates –Centralized document management system Document Management SMP requires a number of documents (see baseline templates)SMP requires a number of documents (see baseline templates) Centralized document management system to maintain required SMP documentation ()Centralized document management system to maintain required SMP documentation ( ) Common location allows ease of access for IT personnel and audit purposesCommon location allows ease of access for IT personnel and audit purposes

AgriLife People Management (APM)Overview Centralized web based portal to manage the onboarding and off- boarding of employees across the entire organization Developed per input from representatives of IT managers, departmental business and HR coordinators Usage of the portal is required by ALL centers and departments/groups within Ag Account request form no longer accepted beginning September 1stAccount request form no longer accepted beginning September 1st Inactive account report responsibilitiesInactive account report responsibilities Account deactivation automationAccount deactivation automation –120 day deactivation : August 20 th –150 day deletion: September 1st

University Student Domain Offering –Paul Greer –Bill Cochran

Take Aways –Initiate Server Management Program Efforts –Review and familiarize all Rules & Procedures –Review and assess all inactive accounts –Assess workstation Domain Join Status with Department –Implement WSUS integration –Implement Centrify (mac or linux platforms) IT Management Repository

Questions ?