Campus IT Forum - UCSB · PDF fileCampus IT Forum February 25, 2016. ... •Attrition of...
Transcript of Campus IT Forum - UCSB · PDF fileCampus IT Forum February 25, 2016. ... •Attrition of...
Campus IT ForumFebruary 25, 2016
Agenda
1. Welcome
2. Information Security
3. Professional Development
4. Architectures
5. Amazon Web Services
6. UCPath Technical Impacts
7. Questions/Comments
Security Working Group Meetings
• ~Weekly Meetings started in Oct. 2015
• 60 Day UCOP requirement to complete “UCSB Cyber-Risk Management Plan”
Group collaboration of UCSB plan based on the NIST Cybersecurity Framework:
• identify assets to protect,• protect the identified assets,• detect threats and breaches to assets,• respond to threats and breaches, and • recover from any breaches.
Matt Hall (CIO) Sam Horowitz (CISO)
John Ajao (Library) Richard Kip (LSIT)
Antonio Manas-Melendez (Audit) Ben Price (ARIT)
Joe Sabado (SIS&T) Andy Satomi (Academic Affairs IT)
Jim Woods (MSI) Matt Erickson (ETS)
UCSB Cyber-Risk Priority AreasIdentify
Intellectual Property
Personally Identifiable Information Awareness
Assets (Hardware, data, software)
Personal Health Information
FERPA (Student Records)
Police/Criminal Justice Information Systems
Payment Card Industry
Protect
Identity & Authentication Stores
End Point Protection
Network Segmentation/Firewall
Security+ Training
Asset Guidance
Dual Factor Authentication
Cloud and Outsource Guidance
Password Management (End Users)
Password Management (IT Pros)
Mobile Pin (Mobile Device Management)
Training for Students
Patch Management
Encrypt at rest/inflight
Least Privilege
Social Media
Detect
Logging (Syslog, Application Logs, Log Aggregators, Netflow)
Application Scanning
Code Analysis (SDLC)
Security Information & Event Management Expansion
Respond
Virtual Incident Response Team
Time Monetization
Reporting
Recover
Tiered Storage with off-Site Replication
Disaster Recovery
Priority 1: Active Initiative
Priority 2: Pending Initiative
Priority 3: Future Initiative
Security Working Group Communications
• With Matt Erickson (ETS), developed a communications plan to socialize cyber security requirements, recommendations, and best practices with the UC Santa Barbara community.
• UCSB Faculty/Staff “Security Memo” sent to CSF and D-List in December 2015
• UCSB Security Working Group communications topics…
Gu
idan
ce f
or
IT P
rofe
ssio
nal
s
Virtual Incident Response Team
Security Information & Event Management (SIEM)
Password Management
Patch Management (Internet of Things; scientific equipment, building management)
Security+ Training
Cloud and outsource services
Payment Card Industry requirements
Gu
idan
ce f
or
End
Use
rs
Spear Phishing
Encryption (Intellectual Property (IP), Personally Identifiable Information (PII), ...)
Password Management
Dual Factor Authentication
Mobile Pins
Use of cloud services
Payment Card Industry requirements
Social media Gu
idan
ce f
or
Stu
de
nts
Social media
Password management
Open Wi-Fi
Phishing
Agenda
1. Welcome
2. Information Security
3. Professional Development
4. Architectures
5. Amazon Web Services
6. UCPath Technical Impacts
7. Questions/Comments
Congratulations!UCSB CompTIA Security+ Certified Staff
• Doug Drury
• Scott Gilbert
• Shea Lovan
• Steven Maglio
• Katie Mankins
• Jennifer Mehl
• Glen Nason
• Scott Nowell
CompTIA Security+ Certification
• A globally recognized credential to validate foundational IT security knowledgeWhat is it?
• Network & system admins; staff engaged in the administration of access controlsWho should get certified?
• Background knowledge in cybersecurity, attend training, take the test
What are the steps to certification?
• Certification provides a recognizable method to demonstrate competence in information securityWhy get certified?
• ETS Human Resources Analyst, Maria Coombs (x2262)Who should I contact?
Agenda
1. Welcome
2. Information Security
3. Professional Development
4. Architectures
5. Amazon Web Services
6. UCPath Technical Impacts
7. Questions/Comments
Identity & Access Management ArchitectureJim Woods, Marine Science Institute
Messaging & Collaboration ArchitectureRichard Kip, Letters & Science IT
Staffing Transitions
• Randall left to local startup in January
• LSIT Maintains Strong Commitment• Two CNT vs a student programmer
• Added two CNT IVs in Fall Quarter
• ETS adding 2 FTE (CNT V and VI)
What We’re Working On Now
• Migration Pipeline
• Server/Service Stability/Documentation
• CAP Improvements
In The Pipeline
• Institute for Collaborative Biotechnologies
• Instructional Development
• KCSB
• Physics
• Communication Services
• Administrative & Residential IT
Enterprise Applications ArchitectureBruce Miller, Enterprise Technology Services
Objective
For Financial and Human Resources systems, develop a more comprehensive and approachable collection of descriptive architectural material to:
• Assist in ongoing development and support efforts
• Assist in educating stakeholders about our business systems
• Enable decision-making on how best to target our resources to:• Simplify our operational environment and reduce operational complexity
• Reduce business process complexity
• Reduce risk and improve compliance
• Increase business information velocity, quality and accessibility
Just a few of the architectural challenges
• The Campus Financial System, for example, is composed of numerous satellite applications wrapped around a central system
• Systems developed piece-meal over several decades
• Attrition of knowledge on business processes, rules, and interactions
• Aging and varied technologies and platforms
• Cumbersome interfaces and batch processes result in low velocity and sometimes incomplete information flow
• High complexity
For Example…..
Chartfields
PeopleSoft FSCM
General Ledger Commitment Control (KK)
Data Warehouse
Transfer of Expense (TOE)
FlexCard
GMC
Carry Forward
Transfer of Funds (TOF)
Cashnet
BARC(Student)
UCOP PPS
GUS
Online GL
EZ Access
Disbursements(Form-5)
WebTEV Travel
Form-5s
Budget
General LedgerActuals
Current Year Appropriations
Permanent Budget
Formerly BSL
Accounts Payable(AP)
Formerly APEX
Project Costing(PC)
Formerly FAMAS
UCOP CFS Financials
Journals
Payroll
Ledger
Procurement - A/P
Transfers UFIN
Intercampus &UC Transfers
eJournals or paper
Rush Checks
ChecksBanks
Journals
Facilities Mgt DEP
Recharges
Billing – A/R
Registers VendorsStudents
Banks
eVoucher or paper
Depts Submitting
Fees
Student Aid
Refunds
Journals
Receipts
< Dept Systems Vouchers >
Vendors
Dir Deposit Payments
Payments
Legend
UCSB Web Applications
Vendor Synch
CA EDD
CA FTB
IRS
Accounts Payable
State/Federal Reporting
1099
Manual Process
Entities
UCSB Systems
UCOP Systems
Banking Partners
FM systems
SQL4 DW
Pay Cycle
Che
ck P
rin
t
EDD Reporting
ReconTax
reporting
Departments
Campus Financial Reporting
Dept Deposits
Emp Pmts
Image ServerInvoices
Facilities Mgt Project Recharge & Reporting
SciQuest
PO Images PORS
< Dept Recharge Systems Journals >
Payroll-Employee Data
Receipts
Staffing Open Provisons
Chartfields
Kronos
Asset Management (AM)
Formerly CATS
Lien
s
UCOP BSC Budget
UCOP EFA Asset
UCSB zOS
Payroll Data
CFS
AST
Ass
ets
Journals
Chartfields
Payroll Distributions
Emp-
Ban
k
Cha
rtfie
lds
CFS
Bal
ance
s &
Ass
ets
eJournals or paper
Transfers Budget Journals
CashieringExternal Pmts
EIMRs
Asset & Equipment Management
BFS EMF
VouchersVouchers
Vouchers
Lock-Box Pmts
Budget Office
ARFMEffort Reporting
PY
Distributions
Person-Index
PYLV
BARC Identity
ISIS
UCOP SBS/AAS (Billing)
Journals
Data Interchange & Distribution Services
GA Services/Director
DDODS
ALLN01
ALLN02
EzPay
Pay
men
ts
Payroll Checks
Connexis
Ca
mp
us F
ina
ncia
l S
yste
m
First Steps
• Develop a taxonomy (systematic classification) of our business systems to guide both the organization of information and identify stakeholders
• Identify a preliminary set of tools for collecting and cataloging information
• Identify a set of working standards for documentation artifacts
• Develop a comprehensive catalog of systems, primary components and interfaces with key attributes useful for support and analysis
• Develop high-level architectural diagrams
Network ArchitectureJohn Loman, Enterprise Technology Services
ChargeCreate and maintain operational service records of cables, conduits and equipment installed at UCSB interests on and off campus.
Work Group• Tom Mullens
• Marian Cohen
• Sparring Lynch
• Tony Nelson
• Chad Cook
• Ray Milholland
• Andrew Morgan
• Bill Neuner
Agenda
1. Welcome
2. Information Security
3. Professional Development
4. Architectures
5. Amazon Web Services
6. UCPath Technical Impacts
7. Questions/Comments
First - Amazon Web Services - AWS
• AWS is 10 years old
• Services include:• Compute
• Storage/Content Delivery
• Database
• Networking
• Analytics
• Enterprise Apps
• Mobile Services
• Internet of Things
Most common use of AWS
• Running Linux or Windows instances (EC2)• Sizes range from nano to compute/memory optimized
• Nano - (512 meg memory, 1 vcpu) - 0.0065 per hour, $38 a year (reserved)
• Memory – r3.8xlarge (32 vcpus, 244 gig mem) $2.66 an hour
• Storage – d2.8xlarge (36vcpu, 244 gig mem, 24x2TB HDD), $5.52 an hour
• ** storage costs get added to the hourly rate
• Anyone can spin up an amazing compute server in minutes and run it just for a few hours for less than $10.
AWS - Storage
• Instances – you’ll use Elastic Block Storage – EBS• HD - $.05 per gig per month
• SSD - $0.10 per gig per month
• Optimized IO SSD – more
• Simple Storage Service – S3 • Glacier - $0.007 per gig per month - $84 TB per year
• S3 Infrequent Access - $0.0125 per gig per month
• S3 $0.03 per gig per month
AWS Educate
• A new program rolled out in late 2015, replacing teacher grants
• Offered to instructors and students
• NOT for administrative computing
• $200 credit per faculty per year
• $100 credit per student per year
• AWS training – AWS Essentials Technical Training Course - free
• Curated Content – homework, labs, self study materials developed by other AWS educate users
• Collaborative Tools
AWS Educate Benefits
• Simple Goals – instructors and students use AWS in their curriculum. They know how to use cloud computing and are able to solve problems faster using cloud computing resources.
• Students – great on the resume, enabling smart workforce• CS/Engineering – students who have this training/experience will be
considerably more employable in this new age of cloud computing• Sciences – students will know how accessible computing resources are
available to solve problems that were only accessible by an elite few who had super computer accounts in the past
• All – content may be easily made available to 1 person for millions
AWS Educate and UCSB
• CIO signed UCSB up as a member institution in 2015
• Any faculty/student can now sign up for AWS Educate
• There is an approval process that AWS goes through
• Each person will end up with 3 accounts – (ugh)• AWS
• AWS Educate
• AWS Learning Management System
• All have to enter a credit card, other options exist, but not easy.
• Investigation by AWS Educate on exploring other options.
AWS Educate @ UCSB: Getting Started
• AWS has an onboarding document, we should create an intro page @ UCSB for this service
• Web site - https://aws.amazon.com/education/awseducate/
• UCSB Central Point of Contact(CPOC) for AWS Educate – Matt Hall
• AWS Educate program contacts• Grace Kitzmiller [email protected]
• Ken Eisner [email protected]
• AWS/UCSB contact - “Heather Matson" <[email protected]>
AWS Educate: Concerns
• Instructors / Students might not want to enter a CC
• Users have to be educated to ensure not blowing through the allotment credit un-intentionally
• No safeguards to automatically shutoff expensive running instances• Though there can be spending alerts – email
• Some courses might have cloud computing pedagogy requiring more credits than allotted per student.
AWS Educate: Why We Should
• Students can have access to a Linux machine for an entire year
• Students can run computer models on a computer configuration previously not attainable by every student at UCSB
• Our future researchers/professionals will know how to use Cloud Computing to help solve problems.
• Our students will be more employable
• We may have decreased expenses on services provided to instruction
AWS Educate / Bren
Our Plans• Offering hands on workshops teaching the basics of “driving AWS”
• Assist interested faculty to incorporate running some computer models in the cloud as part of the curriculum of some courses
• Document a few use cases of how some models can be run in hours vs days
Questions?
Agenda
1. Welcome
2. Information Security
3. Professional Development
4. Architectures
5. Amazon Web Services
6. UCPath Technical Impacts
7. Questions/Comments
Deployment Sequence
• Business Process Design – 34/137
• Campus-wide Change Impact Assessments
• Org. Transformation of BFS, APO, HR offices
Functional Delivery
• Planning for new technology
• Retrofit plans for Identity, Data Warehouse
• Engaging IT org. with tier-1 integrationsIT Delivery
Campus Activities
2018Today
Nov Feb May Aug Nov Feb May Aug Nov
2015 2016 2017
WFA, BEN FSPDs approved
Jun 30
Testing begins
Mar 1
IT development completed
Mar 1 Start training delivery
Jun 1
Go-live
Sep 1
Sep 1 - Sep 17 Conversion
Nov 1 - Jun 30 FSPD Pass #1 - WFA & BEN
Apr 1 - Jan 1 FSPD Pass#1 - GL & PY
Jan 10 - Feb 1 High Level Change Impact Assessments
Jul 1 - Mar 1 FSPD Pass #2 - WFA & BEN
Oct 1 - Mar 1 FSPD Pass#2 - GL&PY
Sep 1 - May 1 Detailed Change Impact Assessments
Jan 1 - Apr 1 Training Needs Assessment
Mar 1 - Jun 1 Training Development
Jun 1 - Sep 1 Training Delivery
Mar 1 - Jun 30 Tier-1 Planning & Design
Jul 1 - Feb 28 Tier-1 Implementation
Apr 1 - Jun 30 Tier-n Planning & Design
Jul 1 - Mar 1 Tier-n Implementation
Sep 1 - Mar 1 Testing Planning
Mar 1 - Sep 1 Testing Execution
Jul 15 - Sep 1 Cutover Execution
Mar 1 - Dec 31 Communication
FSIP UC Path
Philosophy “Campus won’t feel anything” “UCPath is a business transformation”
Scope Mostly BFS Campus-wide
Who is affected Mostly BFS employees All employees
Timeline Fully controlled by UCSB Fully controlled by UCOP
Decision making Mostly one functional area Mostly campus-wide
FSIP vs UCPath
Questions/Discussion