2009 Spring COMTECH Meeting - University of Calgary
2009 Spring COMTECH Meeting - University of Calgary 2009 Spring COMTECH Meeting - University of Calgary
2009 Spring COMTECH Meeting Harold Esche, CIO
- Page 2 and 3: Six IT Portfolios Learning Course D
- Page 4 and 5: Data Centre Current State ~10000 sq
- Page 6 and 7: New Look for the IT Web Pages
- Page 8 and 9: “UNITIS Lite” Test Site
- Page 10 and 11: The Exchange Project Simon Sharpe,
- Page 12 and 13: Objectives of this session • What
- Page 14 and 15: What is the Exchange Project? • T
- Page 16 and 17: Why are we doing it? • Our custom
- Page 18 and 19: How it will effect you • Unless y
- Page 20 and 21: We need your help • Like me, you
- Page 22 and 23: 3rd Party Services Support Leaders
- Page 24 and 25: 3 rd rd Party Services Support - Ro
- Page 26 and 27: 3 rd rd Party Services Support - Va
- Page 28 and 29: 3 rd rd Party Services Support - Re
- Page 30 and 31: 3 rd rd Party Services Support - Fu
- Page 32 and 33: Agenda • Who is the Business Admi
- Page 34 and 35: Communications • Website www.ucal
- Page 36 and 37: Communications • Website www.ucal
- Page 38 and 39: Laptop Encryption Project Janet Har
- Page 40 and 41: Background • FOIP Section 38: “
- Page 42 and 43: Product Deployment Phases 1. DTP -
- Page 44 and 45: Our Encryption Software Candidates
- Page 46 and 47: Deployment Attempt 1: Learning the
- Page 48 and 49: Deployment Process • Move laptops
- Page 50 and 51: Vulnerability Assessment Program (V
<strong>2009</strong> <strong>Spring</strong> <strong>COMTECH</strong> <strong>Meeting</strong><br />
Harold Esche, CIO
Six IT Portfolios<br />
Learning<br />
Course Delivery<br />
Student Access<br />
Process and Organization<br />
ITSM<br />
Integrated Service<br />
Information Security<br />
Project Management and Governance<br />
Research<br />
Applications<br />
Consulting<br />
Research Computing<br />
Collaborative Tools<br />
Administration<br />
ERP<br />
Business Intelligence<br />
Information Management<br />
Distributed Admin Systems<br />
Infrastructure<br />
Community<br />
Web Content<br />
Alumni Systems<br />
Fund Development<br />
Hardware and Systems<br />
Common Services<br />
Networks and Telecommunications<br />
Data Centres
Data Centre Current State
Data Centre Current State<br />
~10000 sq ft in basement <strong>of</strong> MS<br />
~1000 KVA power<br />
~160KVA on generator power<br />
~2000 systems<br />
No more power<br />
No more cooling
Data Centre Plans<br />
Add 250KVA in MS<br />
Refurbish Space<br />
Add CCIT Data Centre<br />
– 100 m<br />
2<br />
– “Green” Data Centre<br />
Find funding to double MS capacity<br />
Add EEEL Data Centre
New Look for the IT Web Pages
Web Content Management Upgrade to<br />
Drupal 5<br />
1,000 sites in Drupal 4<br />
100% <strong>of</strong> Faculties, 90% <strong>of</strong> Depts migrated to Drupal 5<br />
Full migration to be completed by Aug<br />
“UNITIS Lite”/Contact page replaces Teleweb by Aug
“UNITIS Lite” Test Site
Student Dashboard v2.0
The Exchange Project<br />
Simon Sharpe, Project Manager
Introduction<br />
• Started at Haskayne in 2001, working as Sessional<br />
Instructor and IT guy<br />
• Former liaison between Haskayne and UCIT<br />
• Ran project to get Haskayne out <strong>of</strong> the email business<br />
(Lotus Notes) and onto central services<br />
• Former team lead on Tier One Support Centre<br />
• ITSM Program Manager<br />
• In February, I was asked to manage the Exchange project<br />
• Lots <strong>of</strong> discussions and work had gone on before that<br />
• Not a member <strong>of</strong> the Micros<strong>of</strong>t fan club<br />
Agenda
Objectives <strong>of</strong> this session<br />
• What is the Exchange Project?<br />
• Why are we doing it?<br />
• How will it effect you?<br />
• What is the timeline?<br />
• Questions and answers<br />
Agenda
What is the Exchange Project?<br />
• We are setting up a production-ready* Micros<strong>of</strong>t<br />
Exchange service<br />
• We are collaborating with HiiTeC, who have<br />
experience using and supporting<br />
Outlook/Exchange<br />
• We have engaged Dell to help us with<br />
– High Level design<br />
– Active Directory remediation<br />
– Detailed design and build<br />
• HiiTeC has financially supported Dell’s<br />
engagement<br />
• Work is required to our Active Directory<br />
Agenda
What is the Exchange Project?<br />
• The service is for staff and faculty<br />
• Students will stay with IMAP<br />
• Oracle calendar will be shut down summer 2010<br />
• Basic email and calendar will be provided free, as<br />
before<br />
• Blackberry Exchange Services will be provided to<br />
users requesting it as a fee-for-service.<br />
• The Exchange project provides a foundation for a<br />
second project, a pilot <strong>of</strong> Unified Communications<br />
Agenda
What is the Exchange Project?<br />
Production-ready means<br />
• We have a Service Owner<br />
• We have defined service levels<br />
• We have monitoring in place<br />
• We have backup and recovery<br />
• We have the server people trained<br />
• We have the Support Centre trained<br />
• We have our Tier Two people trained<br />
• We have training available to our users<br />
Agenda
Why are we doing it?<br />
• Our customers are asking for it and have been<br />
asking for a while<br />
• PDAs such as Blackberries do not all work well<br />
with IMAP<br />
• Lots <strong>of</strong> money is flowing <strong>of</strong>f-campus every month<br />
for Exchange/BlackBerry services<br />
• Outlook/Exchange is an integrated, feature-rich<br />
service<br />
• The web access to Exchange is good and works<br />
well on a wide variety <strong>of</strong> browsers<br />
Agenda
Why are we doing it?<br />
• Any other service or application that integrates<br />
with email integrates with Outlook/Exchange<br />
• Several alternatives were considered and the<br />
experience at other institutions was taken into<br />
account<br />
• The initiative was created in consultation with the<br />
ITAG group<br />
Agenda
How it will effect you<br />
• Unless you are supporting members <strong>of</strong> the pilot<br />
groups (Bell Exchange users at HiiTeC, VetMed,<br />
Executive Suite), the change will not effect you<br />
before this fall.<br />
• If you are in an infrastructure support group, you<br />
will see new equipment and procedures<br />
• You may be involved in planning an Oracle<br />
calendar conversion to Outlook between now and<br />
summer 2010<br />
• You may need to develop skills and knowledge<br />
around supporting Outlook/Exchange<br />
Agenda
Timeline<br />
• 300 pilot users who already use Outlook-<br />
Exchange with external service provider to be<br />
moved to our own service this summer<br />
• Detailed planning for the campus-wide rollout,<br />
including migration, user training, involvement <strong>of</strong><br />
our IT partners over the summer/fall<br />
• Ready to start migrating email this fall.<br />
• No interoperability between Oracle Calendar and<br />
Exchange, so we may need to move the<br />
calendaring for all users at one<br />
• Oracle Calendar to be tuned <strong>of</strong>f summer 2010<br />
Agenda
We need your help<br />
• Like me, you might not be a member <strong>of</strong> the<br />
Micros<strong>of</strong>t fan club<br />
• As we spend more time with Outlook/Exchange,<br />
we see things that we think will add value for our<br />
customers<br />
• We want to be engaged with the distributed IT<br />
people and with our customers to understand how<br />
this will fit into their world<br />
• Rather than saying “This is all the stuff<br />
Exchange/Outlook can do,” we want to highlight<br />
the areas we feel it adds value in our world.<br />
Agenda
Questions and Answers
3rd Party Services Support<br />
Leaders in facilitating long-term business success<br />
between <strong>University</strong> <strong>of</strong> <strong>Calgary</strong> Customers, 3 rd<br />
party Vendors and UCIT<br />
David Menks, GIS
Mission Statement<br />
• The Mission <strong>of</strong> 3 rd Party Services Support is to provide<br />
business analysis and packaged (3 rd party) IT system<br />
support to <strong>University</strong> <strong>of</strong> <strong>Calgary</strong> groups by<br />
– Providing an interface between customers, vendors and UCIT<br />
– Understanding business processes<br />
– Focusing on prioritized tasks, goals and long term objectives<br />
– Assisting in S<strong>of</strong>tware & Hardware selection and<br />
implementation<br />
– Facilitating appropriate business system support
3 rd<br />
rd Party Services Support - Roles<br />
• Provide an interface between customers, vendors and UCIT<br />
• Conduct Enterprise Analysis<br />
• Assist in system selection<br />
• Facilitate Sustainment activities (Service Support)<br />
• Simplify UCIT billing to customer<br />
• Cradle to grave service provision<br />
• All 3 rd Party Services Support activities are cost recovery<br />
based
3 rd<br />
rd Party Services Support - Activities<br />
• Create an Opportunity Assessment<br />
• Create Decision Documents to support decisions at various stages<br />
<strong>of</strong> the project<br />
• Work with Project Management resources to ensure a Project<br />
Charter and Project Plan are supported for project success<br />
• Participate in the Request for Information (RFI), Quotation (RFQ) or<br />
Proposal (RFP) process<br />
• Facilitate implementation <strong>of</strong> the chosen solution<br />
• Take a custodial role as the Service Owner after implementation<br />
• Participate in end <strong>of</strong> life (decommissioning) activities including<br />
transfer to a new Service
3 rd<br />
rd Party Services Support - Value<br />
• Customer<br />
– Single point <strong>of</strong> contact<br />
– Simplify billing<br />
– Clarify costs<br />
– Facilitate problem<br />
resolution and new<br />
functionality requests with<br />
vendor<br />
• UCIT<br />
– Single point <strong>of</strong> contact<br />
– Provide Service Ownership<br />
– Establish SLA’s<br />
– Consistency in<br />
deployment/release and<br />
sustainment<br />
– Facilitate internal<br />
communication
3 rd<br />
rd Party Services Support - Customers<br />
• Parking Services (AIMS)<br />
• Continuing Education (OneCE)<br />
• Counselling Services<br />
(Titanium)<br />
• Development Office<br />
– Raiser’s Edge, Net Communities,<br />
Campus Call<br />
• Environment Health & Safety<br />
(SIVCO)<br />
• Food Services (Synergy)<br />
• Laptop Encryption (End Point<br />
Encryption, SafeBoot)<br />
• Remedy<br />
– Incident, Problem, Change Management,<br />
Configuration Management<br />
– 17 custom applications<br />
• Residence Services (Star Rez)<br />
• UCIT Time Management (Web<br />
Time Sheet, PM2)<br />
• Universal Student Ratings <strong>of</strong><br />
Instruction (USRI)
3 rd<br />
rd Party Services Support - Resources<br />
• Two person team reporting to David Jones, GIS<br />
Manager<br />
– David Menks (1 FTE)<br />
– Ivan Runions (.2 FTE Other, .6 FTE Remedy)<br />
• Temporary Project Secondment<br />
– Heather Keller (
3 rd<br />
rd Party Services Support - History<br />
• During the mainframe era, additional applications<br />
were acquired<br />
• Support for these ‘3 rd Party’ applications was<br />
spread throughout UCIT (and the campus)<br />
• The number <strong>of</strong> systems (services) has increased<br />
exponentially in the past decade<br />
• There is a growing desire to have a single support<br />
model for ‘3 rd Party’ services<br />
• There is discussion about reducing UCIT’s<br />
increasing 3 rd Party resource load through the use<br />
<strong>of</strong> the 3 rd Party Services Support team
3 rd<br />
rd Party Services Support - Future<br />
• Evaluate the service support potential for Ad-<br />
Astra, Archibus, EDMS/Synergize, Medicine,<br />
Supply Chain Management, Ancillary Services<br />
(Bookstore, DSX, General Meters, Microstore),<br />
Library, UCIT support systems, and others<br />
• To become service owners for all current UCIT<br />
sustained 3 rd Party applications for which costs<br />
can be recovered<br />
• To facilitate discussion regarding efficiency and<br />
centralization <strong>of</strong> business process (e.g. admission<br />
systems, Institute support systems)
Business Administration<br />
Systems (BAS)<br />
Heather Pylatiuk, Instructional Services & Application Support
Agenda<br />
• Who is the Business Administration Systems<br />
group?<br />
• Upgrade Project
New Name
Communications<br />
• Website<br />
www.ucalgary.ca/ps<br />
• Re-direct and<br />
forward<br />
•Support Centre –<br />
press 2
Upgrade<br />
• HCM and SA to v9<br />
• Timeline<br />
• Benefits
Communications<br />
• Website<br />
www.ucalgary.ca/<br />
itbasupgrade<br />
• Mailing Lists<br />
• UAT & User<br />
Community Updates<br />
Contact us at:<br />
upgrade9@ucalgary.ca
Conclusion
Laptop Encryption Project<br />
Janet Harvey, IT Project Office<br />
Kerry Bueckert, DTP Deskside Services
Agenda<br />
• Background / Need<br />
• Product Deployment Phases<br />
• Technical Information
Background<br />
• FOIP Section 38: “The head <strong>of</strong> a public body must protect personal<br />
information by making reasonable security arrangements against<br />
such risks as unauthorized access, collection, use, disclosure or<br />
destruction.”<br />
– Increased prevalence <strong>of</strong> laptops used by faculty/staff<br />
– Likelihood <strong>of</strong> confidential data existing on them is high<br />
– Increasing risk <strong>of</strong> laptop loss or theft on campus
Scope and Solution<br />
Project Scope<br />
• Encryption solution for all <strong>University</strong> <strong>of</strong> <strong>Calgary</strong>-owned laptops<br />
• Phased implementation, starting with DTP-imaged laptops<br />
• Macs in scope<br />
Selected Solution<br />
• McAfee encryption product has been purchased<br />
– 700 licenses<br />
– Managed full-disk encryption<br />
– Demonstrated regulatory compliance<br />
– Minimal impact to end-users
Product Deployment Phases<br />
1. DTP – Managed Laptops<br />
2. Managed Laptops with DTP-like Image (Windows)<br />
3. Unmanaged, U<strong>of</strong>C owned Laptops (Windows)<br />
Tasks Required:<br />
• Install & configure s<strong>of</strong>tware on server (completed)<br />
• Create procedures for client installs, support, changes, new releases,<br />
tracking<br />
• Training<br />
• Communications<br />
• Deploy to laptop users<br />
• Lessons Learned
Product Deployment: Mac Phase<br />
Scope<br />
• Mac Pilot and Deployment<br />
Activities<br />
• Testing <strong>of</strong> Mac solution<br />
• Create procedures for client installs, support, changes, new<br />
releases, tracking<br />
• Training<br />
• Communications<br />
• Deploy to laptop users
Our Encryption S<strong>of</strong>tware Candidates<br />
• Conexsys<br />
• PGP<br />
• PointSec<br />
• SafeBoot (Now called Endpoint Encryption)<br />
• Utimaco
Configuration <strong>of</strong> Client S<strong>of</strong>tware<br />
• Single Sign-On procedure<br />
• Minimal end-user requirements<br />
• Transparent<br />
• Remote installation
Deployment Attempt 1: Learning the Hard<br />
Way<br />
• McAfee’s ePO is very powerful<br />
• Solution was accidentally deployed across<br />
campus instead <strong>of</strong> the test group<br />
• Project delayed for 3 months to recall the solution<br />
and deploy correctly
Deployment Attempt 2: Nice and Slow<br />
• Deploy to pilot group<br />
• Deploy to UCIT<br />
– 10 per day<br />
• Monitor installation progress with ePO reporting
Deployment Process<br />
• Move laptops into Encrypt group
What the User Will See
Vulnerability Assessment<br />
Program (VAP)<br />
Patrick Jungles, Information Security Office
Outline<br />
1. Introduction<br />
2. Platform<br />
3. Architecture<br />
4. Program<br />
5. Questions
Introduction<br />
Vulnerability:<br />
• S<strong>of</strong>tware or hardware flaw, which can be exploited to<br />
carry unauthorized actions on the vulnerable system.<br />
• Successful exploitation may lead to the loss <strong>of</strong>:<br />
• Availability<br />
• Integrity<br />
• Confidentiality
Introduction<br />
Vulnerability Assessment?<br />
• The first step in implementing and maintaining a<br />
well defined security strategy<br />
• Measure the security posture <strong>of</strong> various devices<br />
connected to the UCIT infrastructure<br />
• Protect information, systems and services
Rapid7 NeXpose Scanner
Architecture
Basic Program Steps:<br />
1. Scan: New devices are added to the program and<br />
subjected to a baseline and discovery<br />
assessment.<br />
2. Report: A report is generated for scanned<br />
2. Report: A report is generated for scanned<br />
devices and submitted to administrators and<br />
device managers.
Basic Program Steps:<br />
3. Remediate: Issues are prioritized and fixes are<br />
applied.<br />
4. Confirm: Another scan is performed to confirm<br />
that vulnerabilities have been properly addressed<br />
and fixes are effective.<br />
5. Report: A new report is generated, documenting<br />
the updated security posture <strong>of</strong> these devices.
Vulnerability Assessment Program
Program Availability<br />
VAP is available to administrators or service<br />
owners that manage devices and servers<br />
connected to the U <strong>of</strong> C network.<br />
Participants will be responsible for submitting the<br />
required information and following up with any<br />
remediation.
Expectations<br />
Remediation:<br />
• Critical Vulnerabilities – Fixed, Removed or<br />
Acknowledged in 2 weeks from initial scan<br />
• Severe and Moderate – 30 days from initial scan<br />
Scanning:<br />
• All systems must be scanned once a month!
When can I get involved?<br />
VAP release date is TODAY!!!<br />
How to join the program?<br />
Visit:<br />
http://www.ucalgary.ca/it/infosecurity/vap<br />
Email:<br />
vap@ucalgary.ca
How secure are your systems?<br />
Questions?<br />
Patrick Jungles<br />
jungles@ucalgary.ca<br />
(403) 220 - 3299
<strong>2009</strong>RFP0018<br />
Computer Technology<br />
David Buhler, Client Services
U <strong>of</strong> C Academic Principles<br />
Student Success<br />
Excellence in Research and Scholarship<br />
Interdisciplinary Education and Research<br />
Return to Community
Connected Campus<br />
Providing access to useful, necessary<br />
and secure information and services,<br />
anytime and anywhere.
The Team<br />
• Steven Breeck (ITAG)<br />
• Kerry Bueckert (UCIT)<br />
• Edward David (ITAG)<br />
• Laurie Davison (UCIT)<br />
• Frank Lee (SCM)<br />
• Ken Masson (SCM)<br />
• Dan Overes (UCIT)<br />
• Crystal Bourgeault (Admin)<br />
• David Buhler (Chair)
Computing Technology RFP Intent<br />
• The purpose <strong>of</strong> this Request for Proposal is to receive submissions from<br />
• qualified and experienced firms as it is imperative that those interested in<br />
• forming a strategic partnership with the university understand how they will<br />
• best accomplish the following for the <strong>University</strong>:<br />
• Supply Equipment (Desktop, Display, and Laptop)<br />
• Delivery <strong>of</strong> Equipment<br />
• Warranty <strong>of</strong> Equipment<br />
• Servicing <strong>of</strong> Equipment<br />
• Disposal Plan for aging equipment<br />
• Support <strong>of</strong> the <strong>University</strong>’s departments<br />
• Online portal (Direct Connect) for assisting with Supply Chain<br />
• Innovative value
Timeline<br />
• Release <strong>of</strong> Bid Document April 3<br />
• Town Hall Presentation April 9<br />
• Last Date to submit questions April 16<br />
• Submission deadline <strong>of</strong> bid proposal April 30 – 2pm<br />
• Review <strong>of</strong> responses April 30 – May 14<br />
• Short List <strong>Meeting</strong> May 15<br />
• Receipt and Evaluation <strong>of</strong> bid samples* May 19 – June 9<br />
• Interview (tentative) June 9<br />
• Decision <strong>Meeting</strong> (tentative) June 10<br />
• Award (tentative) June 10
The Vendors<br />
Four responses have been received<br />
• Acrodex / Lenovo<br />
• Dell<br />
• Metafore / HP<br />
• Prodata / Toshiba
Evaluation Criteria<br />
• Product Requirements – 20 %<br />
• Company/Quality <strong>of</strong> Response – 5 %<br />
• Support Service – 25 %<br />
• Pricing – 20 %<br />
• Innovation – 20 %<br />
• Sustainability – 10 %<br />
• Total – 100 %
Equipment Review<br />
Equipment will be available in ICT 218<br />
• Send contact information to Crystal Bourgeault<br />
(cbourgea@ucalgary.ca)<br />
• Full name<br />
• UCID number (campus card)<br />
• Will send info to Campus Security to give access to Room ICT 218<br />
Required feedback form to be completed when<br />
reviewing equipment<br />
Mix <strong>of</strong> desktops and laptops
Answers
August Quarterly Outage Update<br />
Kevan Austen, OPC
UCIT Power Shut Down<br />
• Complete Power shut down August 8, <strong>2009</strong><br />
• UCIT working with Campus Infrastructure to repair<br />
high voltage power equipment<br />
• Should take approximately 30 hours
UCIT Power Shut Down<br />
• Mark your Calendars !!<br />
• August 8 th <strong>2009</strong>
UCIT Power Shut Down<br />
• Effects All <strong>of</strong> Math Science and Science Theater<br />
Buildings<br />
• Complete power outage, both buildings will be<br />
dark<br />
• ALL UCIT Services will be down<br />
• Start time: Saturday August 8th @ 00:01<br />
• Approximate end time: Sunday August 9 th @<br />
12:00 (noon)<br />
• Most networks will be up until 17:00 Saturday
Service Status<br />
• For information on all UCIT service outages<br />
please check our Service Status web page:<br />
• http://www.ucalgary.ca/it/status
Thank-you for attending the<br />
<strong>2009</strong> <strong>Spring</strong> <strong>COMTECH</strong><br />
<strong>Meeting</strong><br />
Presentation slides will be posted on the IT homepage<br />
following this meeting.