Enterprise IT UpdateEnterprise IT UpdateAugust 3, 2012

Introductions

AIT PersonnelAIT Personnel

– Mike Alani: Senior Network EngineerMike Alani: Senior Network Engineer

– Jay Carper: Exchange & Active Directory AdministratorJay Carper: Exchange & Active Directory Administrator

– Gene Curtiss: Senior Systems AdministratorGene Curtiss: Senior Systems Administrator

– John Willis: Chief ArchitectJohn Willis: Chief Architect

Department IT ManagersDepartment IT Managers

- New: RPTS: David BurdetteNew: RPTS: David Burdette- New: TIGM/PlantGeno: Michael McCleodNew: TIGM/PlantGeno: Michael McCleod

Information Technology Today

IT State of Affairs

Rules and Procedures

http://agrilife.org/it/itmanagement/http://agrilife.org/it/itmanagement/

Rules and Procedures ProgressionRules and Procedures Progression

• IT Managers accountable for maintaining all Rules and IT Managers accountable for maintaining all Rules and ProceduresProcedures

• IT Managers should be up to date and highly awareIT Managers should be up to date and highly aware

• Approved by AdministrationApproved by Administration

• If unsure of rule/procedure ask AIT for clarificationIf unsure of rule/procedure ask AIT for clarification

AgriLife Enterprise Service Status

Deployed ServicesDeployed Services• EmailEmail

– 4176 mailboxes, 293 distro groups and 16 email domains4176 mailboxes, 293 distro groups and 16 email domains

• Domain managed systemsDomain managed systems– 2453 computers in domain2453 computers in domain– All centers and urban centers fully joined/some departments fully joinedAll centers and urban centers fully joined/some departments fully joined– Advantages: Acct. Mgmt, Policy Application, SUS, Enterprise File ServicesAdvantages: Acct. Mgmt, Policy Application, SUS, Enterprise File Services

• Managed Network Hardware (Regional Centers)Managed Network Hardware (Regional Centers)– 99 WAP99 WAP– 125 Switches (approximately 3000 ports)125 Switches (approximately 3000 ports)

– 22 Firewalls22 Firewalls

• SophosSophos– 5490 computers protected5490 computers protected– Upgrade to version 10 completedUpgrade to version 10 completed– Review estate; if not upgraded turn on computer or perform manual installReview estate; if not upgraded turn on computer or perform manual install– New single installer model requires that you move any new installed PC’s in console from

“NewUnassigned” folder to unit folder in Sophos Console– New Domain enabled console uses domain credentials

AgriLife Enterprise Service Status

Deployed Services – continuedDeployed Services – continued

• NessusNessus– Feature of the Server Management ProgramFeature of the Server Management Program– Report sent once a month during first week of monthReport sent once a month during first week of month– Recommend addressing critical/high alerts asapRecommend addressing critical/high alerts asap

Recently or Soon to be Deployed ServicesRecently or Soon to be Deployed Services

• Windows System Update Service (WSUS)Windows System Update Service (WSUS)– Deployed to all centers and urban centersDeployed to all centers and urban centers– Improves bandwidth utilization for centersImproves bandwidth utilization for centers– Provides snapshot report of update status of domain workstations

or windows servers

– Report addresses requirement by system policy to represent unit’s

efforts in maintaining patch management of workstations/servers

• CentrifyCentrify– Centralizes Linux or MAC server account management to AGNET Domain

– Brings server into compliance with certain required policiesBrings server into compliance with certain required policies

AgriLife Server Management Program (SMP)

OverviewOverview• Who developed the program?Who developed the program?

– AIT working in conjunction with system auditorsAIT working in conjunction with system auditors

• Why was it created?Why was it created?– Clearly outline all required tasks and documentation specified for Clearly outline all required tasks and documentation specified for

a server to be TAC/SAP compliant in a consolidated locationa server to be TAC/SAP compliant in a consolidated location

• Where should you be now (a month after program release)?Where should you be now (a month after program release)?– Read program documentation Read program documentation – Formulated any questions and requesting answers from AIT to resolveFormulated any questions and requesting answers from AIT to resolve– Preparing to review servers within your department to determine if they are fully Preparing to review servers within your department to determine if they are fully

compliant with program requirements i.e. TAC/SAP compliantcompliant with program requirements i.e. TAC/SAP compliant

• Next StepsNext Steps– Create updated comprehensive listing of servers and define typeCreate updated comprehensive listing of servers and define type– Perform all required tasks and documentation effortsPerform all required tasks and documentation efforts

• When When – By December 2012By December 2012– In preparation for system audit starting as early as January 2013In preparation for system audit starting as early as January 2013

AgriLife SMP

• What does it include?What does it include?– Monthly automated Nessus scansMonthly automated Nessus scans– Access to Centrify LicensesAccess to Centrify Licenses– Recommended baseline templatesRecommended baseline templates– Centralized document management systemCentralized document management system

Document ManagementDocument Management

• SMP requires a number of documents (see baseline SMP requires a number of documents (see baseline templates)templates)

• Centralized document management system to maintain Centralized document management system to maintain required SMP documentation (required SMP documentation (https://agrilife-smp.tamu.edu))

• Common location allows ease of access for IT personnel and Common location allows ease of access for IT personnel and audit purposesaudit purposes

AgriLife People Management (APM)

OverviewOverview

• Centralized web based portal to manage the onboarding and off-boarding of employees across the entire organization

• Developed per input from representatives of IT managers, departmental business and HR coordinators

• Usage of the portal is required by ALL centers and departments/groups within Ag

• Account request form no longer accepted beginning September Account request form no longer accepted beginning September 1st1st

• Inactive account report responsibilitiesInactive account report responsibilities

• Account deactivation automationAccount deactivation automation– 120 day deactivation : August 20120 day deactivation : August 20thth

– 150 day deletion: September 1st150 day deletion: September 1st

University Student Domain Offering

–Paul GreerPaul Greer–Bill CochranBill Cochran

Take Aways

– Initiate Server Management Program EffortsInitiate Server Management Program Efforts– Review and familiarize all Rules & ProceduresReview and familiarize all Rules & Procedures– Review and assess all inactive accountsReview and assess all inactive accounts– Assess workstation Domain Join Status with DepartmentAssess workstation Domain Join Status with Department– Implement WSUS integrationImplement WSUS integration– Implement Centrify (mac or linux platforms)Implement Centrify (mac or linux platforms)

IT Management RepositoryIT Management Repository

http://agrilife.org/it/itmanagement/http://agrilife.org/it/itmanagement/

Questions ?Questions ?