Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group Services CIO Council Update

Published byCecil Kennedy Modified over 6 years ago

Similar presentations

Presentation on theme: "Group Services CIO Council Update"— Presentation transcript:

1 Group Services CIO Council Update
Jan. 9, 2017 Monday 3:10 – 3:30 p.m. Smith 561

2 Purpose and Intended Outcome
Describe the strategy for delivering Group Services Intended Outcome: Validation of the need for a formally managed IT Service for groups Feedback on the proposed phased strategy

3 Why an IT Service for Groups?
Because groups are an essential component of all other IT service delivery Groups Enable Everyday Business Objectives Access Control Enabling access for the right people Dissolving access when people leave Communication ing or texting messages to targeted audiences Collaboration Document sharing File sharing (individuals and groups) Online conferencing

4 4/21/2018 Define “Group” A group is a list of identities (subjects) who hold membership. Affiliation Services Employee VPN Member Student Intranet Active Access Alum Application Tenant Building

5 Silos to Service Group Service Current State: Every app for itself
Redundant, overlapping Managed manually, static Inconsistent Not trusted Future: IT service Institutional, integrated Updated automatically Consistent Trusted

6 4/21/2018 CIO Feedback Meetings with 10 members of CIO council revealed agreement on several points: HUIT Group Service should: Provide an IT service including advisory services and technical integration options Create groups based on authoritative HR and student data Focus initially on reference groups and HarvardKey integration Common Concerns and Challenges: Enabling collaboration with non-Harvard, externally based users (without Harvard identity) Providing a user-friendly way to create ad hoc groups, avoiding redundant groups Making use of group services with Microsoft collaboration tools easier

7 Vision for Group Services Key Performance Indicators
Service Vision Vision for Group Services Enable IT service providers to easily secure their services and provide a consistent user experience through ready access to accurate data Strategic Objectives Provide an IT service that enables other IT services to meet requirements for access, collaboration, and communication Support delegated administration of groups Provide standard API options, and integration with HarvardKey Guiding Principles Deliver service in phases Base solutions on Grouper from Internet2 Deliver offerings in response to prioritized use cases Ensure accuracy and performance Key Performance Indicators Number of applications and web sites that are supported through groups with HarvardKey (adoption) Number of reference groups Number ad hoc groups (adoption) Number of groups actually used (ratio to created)

8 IAM Future State Services and Offerings
Current Service # offerings End User Computing Collaboration Services 3 offerings and Calendars 6 offerings Field Support Services Network Services Phone Services IT Provider Services Cloud Services HUIT Support Tools and Systems Identity and Access Services 4 offerings Server Administration Web Hosting IT Security Information Security Education and Consulting Information Security Operations and Engineering Future Service # offerings End User Computing Collaboration Services 3 offerings Field Support Services Network Services Phone Services IT Provider Services Cloud Services HUIT Support Tools and Systems Identity and Integration Services Server Administration Web Hosting IT Security Information Security Education and Consulting Information Security Operations and Engineering 13 Services Offerings 6 Services Offerings FUTURE OFFERINGS Collaboration Services Account and HarvardKey Services and Calendar Groups and Guests Identity and Access Integration Services Identity Data and Provisioning Identity Repositories Authorization Services

9 Integration Required to Benefit from Group Services
Service providers and application owners will need to plan for development to integrate with Group Services Options for Integration with Group Services include: Attributes/Authorization with HarvardKey RESTful API Using Directory Services LDAP Active Directory Direct provisioning of group data

10 After FY17, expansion is dependent on resources and priorities.
Timeline FY17 FY FY19 + Foundation Expansion Non-People Reference Groups HarvardKey integration Delegated group management Authorization with HarvardKey API integrations with early adopters More reference groups Expansion of delegated group management Use Cases including: iSites Group Service retirement (Open Scholar, Wiki, Blog) Courses AWS, VPN, Radius platforms Emergency communication Broadcast communication Collaboration Expansion into managing non-people identities After FY17, expansion is dependent on resources and priorities.

11 Next Steps HarvardKey integration with Groups available in early March – Full Production Ongoing collaboration with Academic Technology Services to enable retirement of iSites Group Service Regular meetings with Work Group to review use cases and to plan for documentation and support processes Pilot use of API with additional HUIT teams in ATS, ITS Definition of service offerings with ITSM Continue outreach to peer institutions in Internet2

12 Appendix

13 Value Proposition Service Offerings Outcomes Benefits
HarvardKey integration Authorization Reference Groups Automatically updated for accuracy Aligned with affiliations and orgs Access Control Turnkey authorization options for web applications via HarvardKey Reduction in risk of unauthorized access Mailing lists Emergency management Broadcast Communication Communication Proper alignment of messages with user populations Less time spent on ad hoc lists ITCRB request for Broadcast Communication Provisioning to Directories and Applications Collaboration Eliminate need for multiple versions of the same lists across tools Simplification of administration of file sharing Better user experience

14 Learning From Others Who Have Gone Before Us
IAM team members have reviewed our technical architecture and design ideas with Internet2 community over past couple years. Key takeaways include Deploy group services as a hub service, to be used by other services Provide a single source of groups to many tools Use Grouper platform – the defacto tool in Higher Ed, which TIER is now updating Publish groups based on system of record; auto-update the data Use built-in Grouper functions to create groups from groups via “group math” via unions, or exclusion critieria Support ad hoc groups, created manually or via automation Extend access to delegated administrators through the Grouper UI Publish the groups to LDAP and AD to support access management

15 Reference Groups: Foundational Groups
Designed as building blocks enabling selection of a population by roletype, organization and status. Locked down: only able to be modified by the group service Based on authoritative sources (e.g., IAM, Courses via Canvas) Aligned with the organization hierarchy used in HR Helps ensures continuity of access, since legacy authorization mechanisms are aligned to this definition today Support role sub-types where applicable, for example: Differentiate faculty from staff, students from a class participant Reference groups differ from Ad Hoc Custom Groups, that are created, manually, through delegated process, by systems or collaborators.

16 Benefit: Ability to use same group for multiple needs
Efficient, Effective for Administrator & End User Department Administrator System Administrator List Wiki List Web Site Access Sharepoint Creates Reusable Group Creates Reusable Group AWS Access VPN Access Benefits to the Administrator Create the list once, and then reuse it Peace of mind that when team members leave Harvard, they will be dropped from the group Benefits to the Administrator Create the list once, and then reuse it Peace of mind that when team members leave Harvard, they will be dropped from the group Automate export of group to AWS to ensure proper permissions management Audit trail Security and access aligned Project Team Group: Benefits to the team members: Equal access to the resources Ability to communicate via a mailing list Privacy for their work Ability to share files easily

Download ppt "Group Services CIO Council Update"

Similar presentations

WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.

WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.
Kentico CMS 5.5 R2 What’s New. Highlights Intranet Solution Document management package – WebDAV support – Project & task management – Document libraries.

Kentico CMS 5.5 R2 What’s New. Highlights Intranet Solution Document management package – WebDAV support – Project & task management – Document libraries.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
Identity and Access Management PM COP Forum May 20, 2014Tuesday10100 AMLamont Library.

Identity and Access Management PM COP Forum May 20, 2014Tuesday10100 AMLamont Library.
INTRODUCTION TO THE STATE OF MICHIGAN’S SHAREPOINT ENVIRONMENT.

INTRODUCTION TO THE STATE OF MICHIGAN’S SHAREPOINT ENVIRONMENT.
Chapter 8 8-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
GOOGLE APPS IN SCHOOLS. Overview Google apps addresses all of a school’s communication and collaboration needs. –Email, calendaring, document creation.

GOOGLE APPS IN SCHOOLS. Overview Google apps addresses all of a school’s communication and collaboration needs. – , calendaring, document creation.
Real World Case Study KM Summer Institute June 12-16 2006 Rano Joshi, Vorsite.

Real World Case Study KM Summer Institute June Rano Joshi, Vorsite.
Bright Ideas Around Communication and Collaboration.

Bright Ideas Around Communication and Collaboration.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
Jane Hill Directory Services Product Manager, Harvard University.

Jane Hill Directory Services Product Manager, Harvard University.
Technology for Social Justice Enhancing community sector service delivery Stefanie Kechayas – Senior Consultant 17 November 2015 SharePoint Connect and.

Technology for Social Justice Enhancing community sector service delivery Stefanie Kechayas – Senior Consultant 17 November 2015 SharePoint Connect and.
IEEE IT (Information Technology) Strategy – 2005 Unapproved.

IEEE IT (Information Technology) Strategy – 2005 Unapproved.
The value of iSites Course iSites are typically recreated each year. Not so with standard iSites. iSites are important administrative tools, used for:

The value of iSites Course iSites are typically recreated each year. Not so with standard iSites. iSites are important administrative tools, used for:
ISC-ASTT PennGroups Central Authorization System (Grouper) June 2009.

ISC-ASTT PennGroups Central Authorization System (Grouper) June 2009.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington 16-17 October 2007.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Project Discovery – Monday Holyoke 561 Most updates will only have 30 minutes maximum for their presentations. At least 10 minutes should be left for Q&A.

Project Discovery – Monday Holyoke 561 Most updates will only have 30 minutes maximum for their presentations. At least 10 minutes should be left for Q&A.

Similar presentations

Ads by Google