Huit 2015 march town hall
-
Upload
kevindonovan -
Category
Education
-
view
379 -
download
2
Transcript of Huit 2015 march town hall
Special Thanks
• Miguel Baquerizo, Senior Technical Support Engineer
• Brian Silva, IT Operations Specialist
• Tim O’Sullivan, Computer Operator
• Dave Bibeau, Group Leader
• Alex Andrade, IT Support Assistant
Town Hall Objectives
• Connect to Harvard’s mission of teaching, learning, and research
• Update on initiatives and topics that interest you
• Recognize HUIT staff who most exemplify our values
Agenda
• Connecting to the Mission: James Cuff, Assistant Dean for Research Computing in the FAS
• Updates:
✤ Cloud & DevOps
✤ Information Security
• The HUIT Cup
• Cloud & DevOps Values • Harvard’s Cloud & DevOps Vision • Program Approach • Program Organization • Migrating Applications • Migrating Staff • Training Opportunities • Get Involved
17
Agenda
2
Reliability Agility with Quality Cost
Benefits of the Cloud
• Application Team Self-Service • Deployment Automation • Focus on IT Solutions
Migrating key Harvard Community information technology solutions to the cloud doesn’t just improve efficiency and optimize cost — it also enables our systems to work more reliably in ever-shifting circumstances.
• Managed System Updates • Automated Failover • Disaster Recovery
• Economies of Scale • Utility: Pay as You Go • Elastic Capacity: Pay for Use
3
Cloud & DevOps Values
Objectives Guiding Principles Key Performance Indicators
The Vision for the Cloud & DevOps Program
1. We are committed to staff growth and development as we pursue program goals
2. We ensure close collaboration between the program and other HUIT teams to maintain high levels of existing services
3. Improving deployment methods and processes are as important as the technologies we use
4. Consistent architectural and design patterns are critical to achieving enterprise-level results
5. Communicating with all employees, partners, and customers is crucial to program awareness and understanding
To improve HUIT’s delivery of information technology solutions to the Harvard Community, we will employ new methodologies, tools, and processes that will enable us to simplify and deliver higher-quality solutions
with improved robustness and resiliency in a more timely manner.
1. Develop training to transition staff from administrator roles to cloud and DevOps engineering roles
2. Lead staff transition process and create an empowered, service-focused culture
3. Implement application design and deployment patterns to maximize consistency, quality, and reliability
4. Migrate existing app workloads with a goal of 75% of existing compute from on-premise data centers to the public cloud
5. Establish operational toolsets and processes to ensure operational effectiveness, awareness, and partnership with service teams
!!
1. Percentage of HUIT employees who have successfully completed Cloud & DevOps training
2. Percentage of total apps migrated to cloud providers
3. Improved app availability from monitoring (uptime percentage)
4. Successful DR testing processes in place — average time to recovery for migrated applications
5. Percent deployment rollbacks 6. Cost of deployment solutions
compared with onsite measurement !
4
Harvard’s Cloud & DevOps Vision
20
Build integrated tool suite managing capacity, performance, and availability of services across environments.
Work with Integrated Monitoring to create cloud ops roadmap Align tools with integrated monitoring and industry best practice Perform ongoing analysis and optimize cloud-deployed workloads for performance, availability, and cost Create and evolve HUIT cloud training plans Create tools/dashboards for business and service team reporting Manage cloud CMDB Matrix-manage embedded operations engineers
Cloud Operations Team
Provide embedded expertise and a highly automated platform to simplify and streamline delivery of app functionality.
Work with development community to understand requirements for build, deploy, test, and provision processes Introduce best practices, patterns, reference implementations, code, and tools in support of software deployment automation Create a DevOps services definition for HUIT service catalog Create and evolve DevOps services roadmap Matrix-manage embedded DevOps engineers within service teams Define cloud integration patterns in partnership with EA
DevOps Platform Team
Provide strategic leadership for the development of agile, cost-effective cloud solutions.
Create and evolve cloud sourcing strategy Create and evolve cloud selection framework Map app portfolio to cloud selection framework Manage enterprise contracts for cloud Optimize cloud costs and manage cloud billing Create and evolve cloud services roadmap Create cloud services definition for HUIT service catalog Report metrics and KPIs
Cloud Architecture Team
Migrate apps from on-premise facilities to external cloud providers, build internal capabilities, and transition staff.
Perform app inventory; create/manage migration plan Liaise with app business and technical owners Tech assessments and cloud optimization recommendations Mentoring and support for new, transitioned resources Support app migration and ongoing operations of transitioned apps Enable end-state resource migration to service teams Create executive program reports
Cloud Migration Team
5
Program Organization: Teams
PI-1.1 3/9-3/20
PI-1.2 3/23-4/3
PI-1.3 34/6-4/17
PI-1.4 4/20-5/1
PI-1.5 5/4-5/15
PI-1.6 5/18-5/29
PI-2.1 6/1-6/12
Pre-Implementation
Cost, Tagging, SP Framework
DevOps v. 1.0
Pattern (Java, Tomcat, Python, GUnicorn)
CDP
Cloud v. 1.0
Logging & Monitoring
Auditing
Network v. 1.0
AWS Connectivity & IP Mgmt
Wave 1 Migration (25 Apps)
Java/Tomcat Apps
Python/GUnicorn Apps
RDS/Oracle Apps
RDS/MySQL Apps
7
Program Approach: Cloud & DevOps Milestones
We are committed to moving 25 applications by the end of FY15.
• Apps were prioritized based on application team availability and technical patterns (Java/Tomcat, Apache/LAMP)
• Remaining ~50 Wave 1 apps will be evaluated after first 25 are migrated
23 8
Group Applications
IAM
Account App App Admin CAS Auth Engine Claim App Create/Manage ID
FindPerson API Harvard LDAP IdDB Identity Service API PIN2 Bridge
SailPoint IIQ Shibboleth IdP Phonebook Public LDAP
INF OID
ATS
QlikView (7) ACE Muse OARS Course Catalog
Cross Registration Winter Break
LTS Presto, Feedback
DR Aleph (LTS) IAM PeopleSoft (POC)
Migrating Applications: Wave 1
9
Migrating Applications: The Process
Ongoing: Implement, Monitor, Optimize, Repeat
Phase C: Operation & Optimization
Ongoing: Decommission and Optimize Infrastructure
Step 1: Replatform/Remediate Application
Phase B: Execution (Iterative Process)
Step 2: Integrate Application
Step 4: Validate App & Complete Migration
Step 3: Migrate Environments
Step 0: Prepare for Application Migration
Phase A: Planning
Step 1: Hold Initial Engagement Meeting
Step 5: Conduct Kick-off Meeting
Step 2: Perform Architectural Discovery
Step 3: Create Migration Schedule
Step 4: Perform Cost Comparison
10
Migrating StaffThe program uses a repeatable, criteria-based process to identify and transition HUIT staff into new roles. In Wave 1, 19 team members have migrated into the program to support process definition, technology selection, and app migrations.
26
Training Opportunities
11
Agile Training Scrum & DevOps in Practice: Immersive Agile Training
ITIL Certification HP: http://tinyurl.com/hp-itil-cert ThirdSky: http://tinyurl.com/thirdsky-itil-cert Pink Elephant: http://tinyurl.com/pinkelephant-itil-cert
AWS Essentials AWS Essentials (lynda.com) HUIT AWS Training Sessions: http://cloud.huit.harvard.edu
AWS Free Self-Paced Labs: Introductions Elastic Block Store (EBS) Simple Storage Service (S3) Elastic Compute Cloud (EC2) Identity and Access Management (IAM) Elastic Load Balancing (ELB) Relational Database Service (RDS)
Visit https://huitcloud.talentlms.com for courses including ...
27
Training Opportunities
12
AWS Programmatic Language Track Git Workshop (Self-Taught) Version Control Workshop (Self-Taught) Introduction To Python (codecademy.com) Up-Running-Bash-Scripting (lynda.com)
AWS DevOps Engineer Certification Sample Q&A for AWS Associate Solutions Architect Certification AWS Certified DevOps Engineer Professional Level Exam Guide AWS Certified DevOps Engineer Exam — Professional (Beta)
Visit https://huitcloud.talentlms.com for courses including ...
Cloud Operations (COPS) Track What Is New Relic? New Relic University Splunk App Administration for Enterprise Security 3.1 (Virtual) Searching & Reporting: Splunk 6 (Virtual) Advanced Searching & Reporting: Splunk 6 (Virtual)
AWS DevOps In-Person Bootcamp (Instructor: Leo Zhadanaovsky of AWS) CloudFormation Jenkins CodeDeploy EC2 Container Service Scripting using the AWS CLI Monitoring & notification tools: NewRelic, CloudWatch, Splunk, SNS
29
Get Involved
14
Play a part in the Cloud & DevOps program! Check out these important dates, info sources, and training opportunities:
• Cloud & DevOps Big Group: March 13 • Cloud & DevOps Open House at 50 Church Street: March 28 • Training:
– Devops/AWS Training Day: March 17 – Scrum & DevOps in Practice: Immersive Agile Training: March 30-31
• Websites: – HUIT Training Portal: https://huitcloud.talentlms.com – HUIT Cloud Website: http://cloud.huit.harvard.edu
The Five Points
1. Confront One Big Problem 2. Take Two Approaches 3. Fight Three Misconceptions 4. Promote Four Best Practices 5. Ask for Five Minutes
33
Confront One Big Problem
34
One Two Four FiveThree
Higher education is a leading target of cyber crime.
Confront One Big Problem
35
One Two Four FiveThree
“Universities are home to cutting-edge research and emerging technology patents; unfortunately, their networks are large and porous.”
High-Value data: • Social Security numbers • Credit card numbers • Medical records • Employee records • Research
The scope: 14,724,405 records disclosed in 745 reported higher education breaches since 2005. !Why? • Up to $45 per credit card number • Up to $3 per Social Security
number • Up to $200 per patient record !Peers: • Stanford: 101,000 passwords
stolen • MIT: Suffered DDoS and web
defacements in attack by Anonymous
• University of Maryland: 309,000 SSNs stolen
Infrastructure: At Ohio State: “They did find evidence that the purpose of the unauthorized access was to launch cyberattacks on online business entities.”
Confront One Big Problem
36
One Two Four FiveThree
Harvard High-value Data !Social Security numbers: More than 2 million SSN’s are stored at the University. !Credit card numbers: Over the past 12 months, 1.6M credit card transactions were processed on behalf of 82 merchants at Harvard, representing approximately $254M. !Employee records: Harvard maintains employee records for more than 30,000 active faculty and staff. !Medical records A single study at HMS included research on 1,360,908 Medicare claims records. !Research Data • Commercial - Advanced Batteries • Medical - Diabetes breakthroughs • Defense - Flexible exo-skeleton • Geo-Political - Ukrainian social media study • High-Visibility - NFL concussion study
Attacks against Harvard’s network in 2014 were up 25% over 2013. !Malware activity detected in 2014 was up 50% from 2013.
LulzSec
Syrian Electronic Army
Reputational Attacks
Automated Attacks
Take Two Approaches
37
One Two Four FiveThree
1. Do our part
2. Enable the community to do their part
Take Two Approaches
38
One Two Four FiveThree
1. Do our part• Centralized 13 FTEs to form Harvard Information Security • Simplified security policy and data classification • Developed 3 part strategy
• Aware of risks and responsibilities • Protected from today’s threats • Ready to identify and respond to an incident • So that we can reduce incidents and minimize impact
• Consolidated and upgraded network security tools and services • Deployed anti-phishing software to HUIT and beyond • Retained vendor for contingent incident response resources
Take Two Approaches
39
One Two Four FiveThree
1. Do our part• Aware
• Develop and launch enhanced awareness campaign • Meet with FAS faculty groups • Conduct phishing exercise in Central Administration !
• Protected • Conduct external benchmark exercise • Develop enhanced vendor management strategy that includes
information security • Accelerate two-factor authentication • Roll out password manager !
• Ready • Conduct cybersecurity table top exercise • Review and improve incident response readiness and process
Take Two Approaches
40
One Two Four FiveThree
2. Enable the community to do their part !
• Why? !
• What?
Take Two Approaches
42
One Two Four FiveThree
2. Enable the community to do their part
“Security is not a service we provide, it is a goal we work towards together.”
Fight Three MisconceptionsOne Two Four FiveThree
Security is something done for me. !I’m not sure where I report an incident. !Getting hacked is inevitable, it’s a losing battle.
Fight Three MisconceptionsOne Two Four FiveThree
Security is something done for me. !I’m not sure where I report an incident. !Getting hacked is inevitable, it’s a losing battle.
Security is everyone's responsibility. !I know where to get help and information. !There are things I can do to keep myself and the University secure.
Fight Three MisconceptionsOne Two Four FiveThree
Security is something done for me. !I’m not sure where I report an incident. !Getting hacked is inevitable, it’s a losing battle.
Security is everyone's responsibility. !I know where to get help and information. !There are things I can do to keep myself and the University secure.
Information Security Policy
Security services
Security best practices
Promote Four Best Practices
52
One Two Four FiveThree
Click !Wisely
Know Your !Data
Apply !Updates
Use Strong!Passwords
Promote Four Best Practices
53
One Two Four FiveThree
Click Wisely!!
Only click links and open files in emails that are expected and only from people you trust
Promote Four Best Practices
54
One Two Four FiveThree
Use Strong Passwords!!
Create passwords that are unique and hard to guess – password managers can help with this. Use 2-step verification when it is available.
Promote Four Best Practices
55
One Two Four FiveThree
Apply Updates!!
Set your software to auto-update. Approve updates and restart when prompted.
Promote Four Best Practices
56
One Two Four FiveThree
Know Your Data!!
Use tools like Identity Finder to find sensitive data. Secure sensitive data according to the policy. If you don’t need it, delete it.
Promote Four Best PracticesOne Two Four FiveThree
JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
Timeline
Promote Four Best PracticesOne Two Four FiveThree
JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
HUIT
Timeline
Promote Four Best PracticesOne Two Four FiveThree
JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
All IT
HUITIT Summit
Timeline
Promote Four Best PracticesOne Two Four FiveThree
JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
All ITAll Harvard
HUITIT Summit
N C S A M
Timeline
Promote Four Best PracticesOne Two Four FiveThree
JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
On-going channels
• Orientation
• Snacks with Security
• More to come
Ask for Five MinutesOne Two Four FiveThree
We need your input. !
(See friendly waving people)Online at
security.harvard.edu/feedback
Ask for Five MinutesOne Two Four FiveThree
Follow-Up
Keep an eye out for an email from Security. 1. Take our survey. 2. Attend an in-person focus
group.
Upcoming EventsMarch 11 — 3:30pm-5:00pm Support Services Open House, 1033 Mass Ave, 4th Floor
March 13 — 2:00pm-3:00pm Cloud & DevOps Big Group, Science Center 309A
March 16 IT Summit proposal deadline, contact Maggie Ronald [email protected]
April 7 — 9:00am-10:00am HUIT Morning Coffee, Science Center 300H and 6 Story Street Conference Room
April 16 — 3:00pm-5:00pm TLT and AcTS Open House, 125 Mt. Auburn, 5th Floor
May 19 — 11:00am-1:00pm Finance and Unified Communications Open House, 1230 Soldiers Field Road
June 4 — 9:00am-5:00pm IT Summit, Sanders Theater