Huit 2015 march town hall

Town HallMarch 5, 2015 | 9:00 a .m. | Paine Hal l

Welcome!

Thank you!

Special Thanks

• Miguel Baquerizo, Senior Technical Support Engineer

• Brian Silva, IT Operations Specialist

• Tim O’Sullivan, Computer Operator

• Dave Bibeau, Group Leader

• Alex Andrade, IT Support Assistant

Thank you!

Town Hall Objectives

• Connect to Harvard’s mission of teaching, learning, and research

• Update on initiatives and topics that interest you

• Recognize HUIT staff who most exemplify our values

Agenda

• Connecting to the Mission: James Cuff, Assistant Dean for Research Computing in the FAS

• Updates:

✤ Cloud & DevOps

✤ Information Security

• The HUIT Cup

New Faces

James Cuff

Update: Cloud & DevOps

Cloud & DevOps Program Vision and Strategy

Jason Snyder, Steve Martino, and Erica Bradshaw

• Cloud & DevOps Values • Harvard’s Cloud & DevOps Vision • Program Approach • Program Organization • Migrating Applications • Migrating Staff • Training Opportunities • Get Involved

17

Agenda

2

Reliability Agility with Quality Cost

Benefits of the Cloud

• Application Team Self-Service • Deployment Automation • Focus on IT Solutions

Migrating key Harvard Community information technology solutions to the cloud doesn’t just improve efficiency and optimize cost — it also enables our systems to work more reliably in ever-shifting circumstances.

• Managed System Updates • Automated Failover • Disaster Recovery

• Economies of Scale • Utility: Pay as You Go • Elastic Capacity: Pay for Use

3

Cloud & DevOps Values

Objectives Guiding Principles Key Performance Indicators

The Vision for the Cloud & DevOps Program

1. We are committed to staff growth and development as we pursue program goals

2. We ensure close collaboration between the program and other HUIT teams to maintain high levels of existing services

3. Improving deployment methods and processes are as important as the technologies we use

4. Consistent architectural and design patterns are critical to achieving enterprise-level results

5. Communicating with all employees, partners, and customers is crucial to program awareness and understanding

To improve HUIT’s delivery of information technology solutions to the Harvard Community, we will employ new methodologies, tools, and processes that will enable us to simplify and deliver higher-quality solutions

with improved robustness and resiliency in a more timely manner.

1. Develop training to transition staff from administrator roles to cloud and DevOps engineering roles

2. Lead staff transition process and create an empowered, service-focused culture

3. Implement application design and deployment patterns to maximize consistency, quality, and reliability

4. Migrate existing app workloads with a goal of 75% of existing compute from on-premise data centers to the public cloud

5. Establish operational toolsets and processes to ensure operational effectiveness, awareness, and partnership with service teams

!!

1. Percentage of HUIT employees who have successfully completed Cloud & DevOps training

2. Percentage of total apps migrated to cloud providers

3. Improved app availability from monitoring (uptime percentage)

4. Successful DR testing processes in place — average time to recovery for migrated applications

5. Percent deployment rollbacks 6. Cost of deployment solutions

compared with onsite measurement !

4

Harvard’s Cloud & DevOps Vision

20

Build integrated tool suite managing capacity, performance, and availability of services across environments.

Work with Integrated Monitoring to create cloud ops roadmap Align tools with integrated monitoring and industry best practice Perform ongoing analysis and optimize cloud-deployed workloads for performance, availability, and cost Create and evolve HUIT cloud training plans Create tools/dashboards for business and service team reporting Manage cloud CMDB Matrix-manage embedded operations engineers

Cloud Operations Team

Provide embedded expertise and a highly automated platform to simplify and streamline delivery of app functionality.

Work with development community to understand requirements for build, deploy, test, and provision processes Introduce best practices, patterns, reference implementations, code, and tools in support of software deployment automation Create a DevOps services definition for HUIT service catalog Create and evolve DevOps services roadmap Matrix-manage embedded DevOps engineers within service teams Define cloud integration patterns in partnership with EA

DevOps Platform Team

Provide strategic leadership for the development of agile, cost-effective cloud solutions.

Create and evolve cloud sourcing strategy Create and evolve cloud selection framework Map app portfolio to cloud selection framework Manage enterprise contracts for cloud Optimize cloud costs and manage cloud billing Create and evolve cloud services roadmap Create cloud services definition for HUIT service catalog Report metrics and KPIs

Cloud Architecture Team

Migrate apps from on-premise facilities to external cloud providers, build internal capabilities, and transition staff.

Perform app inventory; create/manage migration plan Liaise with app business and technical owners Tech assessments and cloud optimization recommendations Mentoring and support for new, transitioned resources Support app migration and ongoing operations of transitioned apps Enable end-state resource migration to service teams Create executive program reports

Cloud Migration Team

5

Program Organization: Teams

6

Program Approach: The Big Picture

PI-1.1 3/9-3/20

PI-1.2 3/23-4/3

PI-1.3 34/6-4/17

PI-1.4 4/20-5/1

PI-1.5 5/4-5/15

PI-1.6 5/18-5/29

PI-2.1 6/1-6/12

Pre-Implementation

Cost, Tagging, SP Framework

DevOps v. 1.0

Pattern (Java, Tomcat, Python, GUnicorn)

CDP

Cloud v. 1.0

Logging & Monitoring

Auditing

Network v. 1.0

AWS Connectivity & IP Mgmt

Wave 1 Migration (25 Apps)

Java/Tomcat Apps

Python/GUnicorn Apps

RDS/Oracle Apps

RDS/MySQL Apps

7

Program Approach: Cloud & DevOps Milestones

We are committed to moving 25 applications by the end of FY15.

• Apps were prioritized based on application team availability and technical patterns (Java/Tomcat, Apache/LAMP)

• Remaining ~50 Wave 1 apps will be evaluated after first 25 are migrated

23 8

Group Applications

IAM

Account App App Admin CAS Auth Engine Claim App Create/Manage ID

FindPerson API Harvard LDAP IdDB Identity Service API PIN2 Bridge

SailPoint IIQ Shibboleth IdP Phonebook Public LDAP

INF OID

ATS

QlikView (7) ACE Muse OARS Course Catalog

Cross Registration Winter Break

LTS Presto, Feedback

DR Aleph (LTS) IAM PeopleSoft (POC)

Migrating Applications: Wave 1

9

Migrating Applications: The Process

Ongoing: Implement, Monitor, Optimize, Repeat

Phase C: Operation & Optimization

Ongoing: Decommission and Optimize Infrastructure

Step 1: Replatform/Remediate Application

Phase B: Execution (Iterative Process)

Step 2: Integrate Application

Step 4: Validate App & Complete Migration

Step 3: Migrate Environments

Step 0: Prepare for Application Migration

Phase A: Planning

Step 1: Hold Initial Engagement Meeting

Step 5: Conduct Kick-off Meeting

Step 2: Perform Architectural Discovery

Step 3: Create Migration Schedule

Step 4: Perform Cost Comparison

10

Migrating StaffThe program uses a repeatable, criteria-based process to identify and transition HUIT staff into new roles. In Wave 1, 19 team members have migrated into the program to support process definition, technology selection, and app migrations.

26

Training Opportunities

11

Agile Training Scrum & DevOps in Practice: Immersive Agile Training

ITIL Certification HP: http://tinyurl.com/hp-itil-cert ThirdSky: http://tinyurl.com/thirdsky-itil-cert Pink Elephant: http://tinyurl.com/pinkelephant-itil-cert

AWS Essentials AWS Essentials (lynda.com) HUIT AWS Training Sessions: http://cloud.huit.harvard.edu

AWS Free Self-Paced Labs: Introductions Elastic Block Store (EBS) Simple Storage Service (S3) Elastic Compute Cloud (EC2) Identity and Access Management (IAM) Elastic Load Balancing (ELB) Relational Database Service (RDS)

Visit https://huitcloud.talentlms.com for courses including ...

27


12

AWS Programmatic Language Track Git Workshop (Self-Taught) Version Control Workshop (Self-Taught) Introduction To Python (codecademy.com) Up-Running-Bash-Scripting (lynda.com)

AWS DevOps Engineer Certification Sample Q&A for AWS Associate Solutions Architect Certification AWS Certified DevOps Engineer Professional Level Exam Guide AWS Certified DevOps Engineer Exam — Professional (Beta)

Visit https://huitcloud.talentlms.com for courses including ...

Cloud Operations (COPS) Track What Is New Relic? New Relic University Splunk App Administration for Enterprise Security 3.1 (Virtual) Searching & Reporting: Splunk 6 (Virtual) Advanced Searching & Reporting: Splunk 6 (Virtual)

AWS DevOps In-Person Bootcamp (Instructor: Leo Zhadanaovsky of AWS) CloudFormation Jenkins CodeDeploy EC2 Container Service Scripting using the AWS CLI Monitoring & notification tools: NewRelic, CloudWatch, Splunk, SNS

28


13

Sample progress report for the Agile track:

29

Get Involved

14

Play a part in the Cloud & DevOps program! Check out these important dates, info sources, and training opportunities:

• Cloud & DevOps Big Group: March 13 • Cloud & DevOps Open House at 50 Church Street: March 28 • Training:

– Devops/AWS Training Day: March 17 – Scrum & DevOps in Practice: Immersive Agile Training: March 30-31

• Websites: – HUIT Training Portal: https://huitcloud.talentlms.com – HUIT Cloud Website: http://cloud.huit.harvard.edu

Thank you!

Update: Information Security

Five Points on Information Security

HUIT Town Hall | March 5, 2015

The Five Points

1. Confront One Big Problem 2. Take Two Approaches 3. Fight Three Misconceptions 4. Promote Four Best Practices 5. Ask for Five Minutes

33

Confront One Big Problem

34

One Two Four FiveThree

Higher education is a leading target of cyber crime.


35


“Universities are home to cutting-edge research and emerging technology patents; unfortunately, their networks are large and porous.”

High-Value data: • Social Security numbers • Credit card numbers • Medical records • Employee records • Research

The scope: 14,724,405 records disclosed in 745 reported higher education breaches since 2005. !Why? • Up to $45 per credit card number • Up to $3 per Social Security

number • Up to $200 per patient record !Peers: • Stanford: 101,000 passwords

stolen • MIT: Suffered DDoS and web

defacements in attack by Anonymous

• University of Maryland: 309,000 SSNs stolen

Infrastructure: At Ohio State: “They did find evidence that the purpose of the unauthorized access was to launch cyberattacks on online business entities.”


36


Harvard High-value Data !Social Security numbers: More than 2 million SSN’s are stored at the University. !Credit card numbers: Over the past 12 months, 1.6M credit card transactions were processed on behalf of 82 merchants at Harvard, representing approximately $254M. !Employee records: Harvard maintains employee records for more than 30,000 active faculty and staff. !Medical records A single study at HMS included research on 1,360,908 Medicare claims records. !Research Data • Commercial - Advanced Batteries • Medical - Diabetes breakthroughs • Defense - Flexible exo-skeleton • Geo-Political - Ukrainian social media study • High-Visibility - NFL concussion study

Attacks against Harvard’s network in 2014 were up 25% over 2013. !Malware activity detected in 2014 was up 50% from 2013.

LulzSec

Syrian Electronic Army

Reputational Attacks

Automated Attacks

Take Two Approaches

37


1. Do our part

2. Enable the community to do their part

Take Two Approaches

38


1. Do our part• Centralized 13 FTEs to form Harvard Information Security • Simplified security policy and data classification • Developed 3 part strategy

• Aware of risks and responsibilities • Protected from today’s threats • Ready to identify and respond to an incident • So that we can reduce incidents and minimize impact

• Consolidated and upgraded network security tools and services • Deployed anti-phishing software to HUIT and beyond • Retained vendor for contingent incident response resources

Take Two Approaches

39


1. Do our part• Aware

• Develop and launch enhanced awareness campaign • Meet with FAS faculty groups • Conduct phishing exercise in Central Administration !

• Protected • Conduct external benchmark exercise • Develop enhanced vendor management strategy that includes

information security • Accelerate two-factor authentication • Roll out password manager !

• Ready • Conduct cybersecurity table top exercise • Review and improve incident response readiness and process

Take Two Approaches

40


2. Enable the community to do their part !

• Why? !

• What?

Take Two Approaches

41



Take Two Approaches

42



“Security is not a service we provide, it is a goal we work towards together.”

Fight Three MisconceptionsOne Two Four FiveThree

Security is something done for me. !I’m not sure where I report an incident. !Getting hacked is inevitable, it’s a losing battle.



Security is everyone's responsibility. !I know where to get help and information. !There are things I can do to keep myself and the University secure.



Security is everyone's responsibility. !I know where to get help and information. !There are things I can do to keep myself and the University secure.

Information Security Policy

Security services

Security best practices


Security best practices

Promote Four Best PracticesOne Two Four FiveThree

Our Message

Promote Four Best Practices

48



49


Click !Wisely


50


Click !Wisely

Apply !Updates


51


Click !Wisely

Know Your !Data

Apply !Updates


52


Click !Wisely

Know Your !Data

Apply !Updates

Use Strong!Passwords


53


Click Wisely!!

Only click links and open files in emails that are expected and only from people you trust


54


Use Strong Passwords!!

Create passwords that are unique and hard to guess – password managers can help with this. Use 2-step verification when it is available.


55


Apply Updates!!

Set your software to auto-update. Approve updates and restart when prompted.


56


Know Your Data!!

Use tools like Identity Finder to find sensitive data. Secure sensitive data according to the policy. If you don’t need it, delete it.


Our Message

Our Method


JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

Timeline



HUIT

Timeline



All IT

HUITIT Summit

Timeline



All ITAll Harvard

HUITIT Summit

N C S A M

Timeline



On-going channels

• Orientation

• Snacks with Security

• More to come

Ask for Five MinutesOne Two Four FiveThree

We need your input. !

(See friendly waving people)Online at

security.harvard.edu/feedback

Ask for Five MinutesOne Two Four FiveThree

Follow-Up

Keep an eye out for an email from Security. 1. Take our survey. 2. Attend an in-person focus

group.

Now for the best part…

THE HUIT CUP

Congratulations Kim Edelman!

THE HUIT CUP

Upcoming EventsMarch 11 — 3:30pm-5:00pm Support Services Open House, 1033 Mass Ave, 4th Floor

March 13 — 2:00pm-3:00pm Cloud & DevOps Big Group, Science Center 309A

March 16 IT Summit proposal deadline, contact Maggie Ronald [email protected]

April 7 — 9:00am-10:00am HUIT Morning Coffee, Science Center 300H and 6 Story Street Conference Room

April 16 — 3:00pm-5:00pm TLT and AcTS Open House, 125 Mt. Auburn, 5th Floor

May 19 — 11:00am-1:00pm Finance and Unified Communications Open House, 1230 Soldiers Field Road

June 4 — 9:00am-5:00pm IT Summit, Sanders Theater

Thank you!

Huit 2015 march town hall

Education

Transcript of Huit 2015 march town hall