Implementing Infrastructure for the eUniversity
description
Transcript of Implementing Infrastructure for the eUniversity
![Page 1: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/1.jpg)
Implementing Infrastructure Implementing Infrastructure for the eUniversityfor the eUniversity
Art Vandenberg
Director
404-463-9601
Fred Przystas
Project Manager
404-463-9602
University System of Georgia Annual Computing ConferenceUniversity System of Georgia Annual Computing ConferenceOctober 25-27, 2000October 25-27, 2000
Information Systems & TechnologyAdvanced Campus Services
Georgia State University
![Page 2: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/2.jpg)
The “eUniversity”The “eUniversity”
Why the Rush? Why Do We Need It?
![Page 3: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/3.jpg)
Why the Rush?Why the Rush?
As universities continue to expand their customer base via the internet, they are reaching beyond their territory into YOUR territory.
Distance is no longer a barrier as a result of the internet and “Distance Learning.”
Playing “catch-up” is difficult given the rate at which technology and information is currently speeding along this virtual internet highway.
![Page 4: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/4.jpg)
Why do we need the Why do we need the “eUniversity?”“eUniversity?”
Improve the quality of University ServicesReduction of CostsOpen New Avenues for RevenueMore sophisticated ways of doing businessEnhance collaborative researchProvide a campus portal for students to
obtain various services
![Page 5: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/5.jpg)
Major Areas of FocusMajor Areas of Focus
E-academics – enhanced technology learning and distance learning
E-research – promotes collaborative research and scholarly publishing
![Page 6: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/6.jpg)
Major Areas of FocusMajor Areas of Focus
E-business – electronic administrative services, i.e., travel, purchasing, and supply
E-community – become a valued resource for the surrounding communities we serve by providing easy access to various online services such as GIL, G.L.O.B.E, and eCore
![Page 7: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/7.jpg)
How do we get there?How do we get there?
Coordination – Project PlanningCooperation – Inclusion of StakeholdersCreativity – Funding and ResourcesConsultation – Hire an outside group to
examine what you have, and what you will need to implement the “eUniversity”
![Page 8: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/8.jpg)
What Else Is Needed?What Else Is Needed?S
E
C
U
R
I
T
YPublic Key Infrastructure
PKI
![Page 9: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/9.jpg)
SSEECCUURRIITTYY
SAFE ENVIRONMENT
ENCRYPTED TRANSACTIONS
CERTIFICATE AUTHORITY
UNIVERSAL UNIQUE ID (UUID)
REGISTRATION AUTHORITY
TRUST
IDENTIFICATION
YOU NEED IT TO...
![Page 10: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/10.jpg)
COMPETE & SURVIVE!COMPETE & SURVIVE!
![Page 11: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/11.jpg)
Public Key InfrastructurePublic Key Infrastructure
– Confidentiality– Integrity– Authentication– Non-repudiation
![Page 12: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/12.jpg)
Components of PKIComponents of PKI
– Security PolicyDefines Organization’s Top-Level
SecurityCertificate Practice Statement (CPS)
–Outlines Key Creation/Distribution and Certificate Issuance
Identifies Levels of Risk
![Page 13: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/13.jpg)
Components of PKIComponents of PKI
– Certificate Authority (CA)Sets Expiration Dates for Digital
CertificatesTracks Certificate Revocation Lists
(CRLs)Issues Certificates binding identity of
user or system to a public key with a Digital Signature (DS)
![Page 14: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/14.jpg)
Components of PKI (Cont.)Components of PKI (Cont.)
– Registration Authority (RA)Interface between User and CAAuthenticates Identity of User
following Security Policies Quality of Authentication sets level of
trust placed on certificates issued
![Page 15: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/15.jpg)
Components of PKI (Cont.)Components of PKI (Cont.)
– Certificate Distribution SystemDirectory ServiceUser DistributedEnterprise PKI solution
![Page 16: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/16.jpg)
Components of PKI (Cont.)Components of PKI (Cont.)
– PKI Enabled ApplicationsWeb Servers and BrowsersE-mailElectronic Data Interchange (EDI)Credit card Transactions over the Internet
Virtual Private Networks (VPNs)
![Page 17: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/17.jpg)
PKI Evaluation ConsiderationsPKI Evaluation Considerations
– FlexibilityInterface with standard directory structures
like Lightweight Directory Access Protocol (LDAP) and X.500 (DAP)
Allow users to request certificates via e-mailStandard interfaces such as PKCS#11 to
work with various security tokens (example: smart cards and hardware security models (HSMs))
Automated RA, if needed
![Page 18: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/18.jpg)
PKI Evaluation Considerations PKI Evaluation Considerations (Cont.)(Cont.)
– Ease of UseManagement of PKI should be simple and
not require a technical background to manage
Interface should be graphical and intuitive– Supports Security Policy
CA/RA should be able to reflect security policies of organization in certificate issuance
![Page 19: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/19.jpg)
PKI Evaluation Considerations PKI Evaluation Considerations (Cont.)(Cont.)
– ScalabilitySupport for additional applications as
they come onlineAbility to add CAs and RAs as needed
to support organizational growthAbility to support increased numbers
of certificates issued as the PKI grows
![Page 20: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/20.jpg)
PKI Evaluation Considerations PKI Evaluation Considerations (Cont.)(Cont.)
– InteroperabilityPKI should be built to the most
common commercial standardsPKI should be completely open to
allow for future integration as IT infrastructure grows
PKI needs to be interoperable globally
![Page 21: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/21.jpg)
PKI Evaluation Considerations PKI Evaluation Considerations (Cont.)(Cont.)
– Security of CA and RACA/RA is the center of PKI and should be
held in a tamper resistant security moduleBackup copies are essential protection for
disaster recoveryCA/RA system should have a secure audit
trail that includes a time/date stamp and signature for each transaction
CA should be held to the highest commercial standard security
![Page 22: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/22.jpg)
WHAT ARE WE WAITNG WHAT ARE WE WAITNG FOR?FOR?
LET’S LET MIKEY TRY IT FIRST…
![Page 23: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/23.jpg)
Meet Mikey!
![Page 24: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/24.jpg)
Taking Strategic ActionsTaking Strategic Actions
Advanced Campus Services – CIO/Associate Provost Information Systems & Technology creates a strategic unit
Discovery of Resources – educatingOrganizational Structure – enabling interactionPerformance Objectives – accomplishing goals
![Page 25: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/25.jpg)
Advanced Campus ServicesAdvanced Campus ServicesA Response to Ongoing IssuesA Response to Ongoing Issues
CSO to LDAP directory conversion “in the queue” for several years
Authentication/authorization needsStudent email a campus pressure pointAudit findings call for account managementData feeds, interfaces between application
domains becoming increasingly complex
![Page 26: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/26.jpg)
Advanced Campus ServicesAdvanced Campus ServicesEstablishing a Strategic IT UnitEstablishing a Strategic IT Unit
ACS unit created February 2000 Charged to plan and develop actions for:
– University-wide directory services– Public-private key infrastructure– Universal email solutions– Interfaces to one-card, library, other systems
“broad, coordinating role in the establishment of standards, methods and processes…”
![Page 27: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/27.jpg)
Discovery of Resources – Discovery of Resources – EducatingEducating
Aim is to find “best practices”Research resources:
– Higher education groups– Standards groups– Industry analysts– Application vendors– Trade journals, News, Georgia Code...
Internet/Libraries/People!
![Page 28: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/28.jpg)
Discovery of Resources (cont.)Discovery of Resources (cont.)
Internet2 Middleware Initiative <http://www.internet2.edu/middleware/>
Higher Education “Middleware” services:– Identifiers, directories, authentication, authorization
Overviews, conceptual framework, best practices, “LDAP recipe”
Extensive links to other sites The Authoritative Hub for Higher Education
![Page 29: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/29.jpg)
Discovery of Resources (cont.)Discovery of Resources (cont.)
CREN <http://www.cren.net/>
“mission is to support higher education and research organizations with strategic IT knowledge services…”
TechTalk series – live audiocastsInterviews with technology experts – real life
scenariosCREN Certificate Authority initiative
![Page 30: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/30.jpg)
Discovery of Resources (cont.)Discovery of Resources (cont.)
Federal PKI Technical Working Group <http://gits-sec.treas.gov/fpkitechwork.htm>
Providing leadership in public key and directory technology over last decade
Establishing models for interoperationAddressing policy issues, cf. ACESGTRI participated in Federal Bridge CA
demonstration project
![Page 31: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/31.jpg)
Discovery of Resources (cont.)Discovery of Resources (cont.)
Net@Edu PKI for Networked Higher Education Working Group <http://www.educause.edu/netatedu/groups/pki/>
Sponsoring “a series of summit meetings”eduPerson LDAP objectclass (with Internet2)
– attributes of a higher education personUSG Central Office personnel involved
![Page 32: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/32.jpg)
Discovery of Resources (cont.)Discovery of Resources (cont.)
The Burton Group <http://www.tbg.com/>
Network infrastructure strategy consultantsGSU subscribes to Network Strategy ServiceConducted seminars on directories (9/1999)
and PKI (3/2000) for USGTBG recommendations endorsed by ACIT[FYI: Jamie Lewis, CEO, is GSU grad]
![Page 33: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/33.jpg)
Discovery of Resources (cont.)Discovery of Resources (cont.)
The GartnerGroup <http://gartner4.gartnerweb.com/public/static/home/home.html>
Industry consultant providing research highlights and analysis of industry trends
USG subscriptionDecision Drivers service includes PKI model:
– 2,800 factors related to PKI vendor evaluation– Tool facilitates collaborative definition of criteria
![Page 34: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/34.jpg)
Discovery of Resources (cont.)Discovery of Resources (cont.)
Internet Engineering Task Force (IETF) <http://www.ietf.org/>– LDAP Specifications (RFCs 2251-2256)
Understanding and Deploying LDAP Directory Services, by Timothy Howes– Author of LDAP while at U. Michigan– Developed Netscape’s LDAP directory
– Text introduces directory architecture, addresses life-cycle deployment, and provides case studies
![Page 35: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/35.jpg)
Discovery of Resources (cont.)Discovery of Resources (cont.)Directory Interoperability Forum <
http://www.directoryforum.org/> – Forum established 1999, then merged in July 2000 with...
The Open Group’s Directory Program <http://www.opengroup.org/directory/>– “promotes open and interoperable directories based on open standards”– Members: Cisco, HP, IBM, Microsoft, Netscape, Novell...
Universal Schema Reference <http://home.netscape.com/eng/server/directory/schema/>– 150+ objectclasses, 600+ attributes...
![Page 36: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/36.jpg)
Discovery of Resources (cont.)Discovery of Resources (cont.)
SCT SUMMIT Conference for Banner Users <http://www.sctcorp.com/>– SCT architectural strategy – includes LDAP
CUMREC Annual Conference <http://www.cumrec.com/>– Directory, PKI sessions, networking (people)
Senate Bill 465 (Georgia Technology Authority) <
http://www.state.ga.us/cgi-bin/pub/leg/legdoc?billname=1999/SB465&docpart=full>
– Legislation that includes commitment to digital signatures technology solutions
![Page 37: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/37.jpg)
Discovery of Resources (cont.)Discovery of Resources (cont.)
Chronicle of Higher Education <http://chronicle.com/index.htm>
Information Week <http://www.informationweek.com/newsflash/default.html>
ACM TechNews <http://www.acm.org/technews/current/homepage.html>
“eUniversity” news items:– distance learning, online libraries, sharing research
facilities, mobile users, ecommerce, virtual classrooms...
![Page 38: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/38.jpg)
Organizational Structure – Organizational Structure – Enabling InteractionEnabling Interaction
ACS - 2 staff providing “broad coordinating role” to “advance the development of a university-wide consensus regarding directions and strategies.”
A goal is to foster interactions and encourage communication
Use IETF model - working groups convened to address specific task
![Page 39: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/39.jpg)
Organizational Structure – Organizational Structure – Steering GroupSteering Group
CIO & his IT Directors representing:– Networks, educational technology, library systems,
administrative applications, strategic planning
Discussion and consensus process sets:– Overall scope– Task priorities– Resource allocation
Liaison with University System & others
![Page 40: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/40.jpg)
Organizational Structure – Organizational Structure – Data Stewards for GSU Person Data Stewards for GSU Person
Working GroupWorking Group
Functional data stewards representing:– Human resources, student systems, affiliates, library,
alumni, and information technology
Reviewing eduPerson objectclassMapping data sources to LDAP attributesReconciliation & synchronization processesRecommending policy
– cf. GSU Enterprise Directory Policy
![Page 41: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/41.jpg)
Organizational Structure – Organizational Structure – LDAP Design Technical Working LDAP Design Technical Working
GroupGroupSenior technical staff – Unix and NovellSchema design technical issuesImplementation of the directory:
– Replication & synchronization– Interfaces between directories– Interoperability of clients– Migration of existing “directory” apps – sendmail alias
forwarding, dialin authorization, PPP access...
![Page 42: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/42.jpg)
Organizational Structure – Organizational Structure – Interactions with other groupsInteractions with other groups
April 2000 – GSU, OIIT, GaTech re GartnerGroup Decision Drivers for PKI
June 2000 – “common directory” proposal becomes SURA response to I2 PKILabs RFP (not awarded but contacts good)
August 2000 – “common directory” proposal restated for Vice Chancellor OIIT
October 2000 – GSU, UGA, GIT, OIIT meet re LDAP directory implementation
![Page 43: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/43.jpg)
Organizational Structure – Organizational Structure – Mutual Interest & Common GoalsMutual Interest & Common Goals
Internet2 Middleware Initiative’s Goal: “The goal… is to assist in the creation of interoperable middleware infrastructures among the membership of Internet2 and related communities.– 1. Make it happen...– 2. Be an honest broker…– 3. Integrate across applications...– 4. Interoperate between campuses…”
“Let’s work together.” says Mikey.
![Page 44: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/44.jpg)
Performance Objectives – Performance Objectives – Accomplishing GoalsAccomplishing Goals
March 2000 – ACS establishes broad objectives based on:– The Burton Group recommendations– Internet2 Middleware Initiative– Existing GSU application needs
Expectation that as work proceeds, refinement of objectives will occur based on communication with and input of others
![Page 45: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/45.jpg)
Performance Objectives (cont.)Performance Objectives (cont.)
White Paper 6/30/2000 – summarize issues for successful infrastructure deployment:– Take strategic enterprise approach– Use collaboration and communication– Leverage existing initiatives in community of interest
Define PKI evaluation criteria PKI 7/15/2000– Ambitious, but GartnerGroup Decision Drivers a tool– Refined to “First establish directory infrastructure…”
![Page 46: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/46.jpg)
Performance Objectives (cont.)Performance Objectives (cont.)
Define GSU common directory 8/15/2000– Of course this is ambitious, but you need a start– Data Stewards WG met biweekly from June 2000– ~35 core attributes mapped to data sources– Reconciliation, prime authority issues being worked
Identify collaborative opportunities 8/15/2000– Common Directory...SURA...USG Common Directory– Internet2 BOF? SURA BOF? U. Alabama Birmingham?
“If you don’t ask, you can’t get it.”
![Page 47: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/47.jpg)
Performance Objectives (cont.)Performance Objectives (cont.)
Draft policy and procedure for managing “GSU Person” 9/15/2000– Purpose and guiding principles of stewardship
Version 1.0 policy and procedure for managing “GSU Person” 12/15/2000– Finalize via campus review– Documentation of identifiers, timing & synchronization
for directory, information for administrative account management
![Page 48: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/48.jpg)
Performance Objectives (cont.)Performance Objectives (cont.)Identify directory infrastructure and PKI funding
requirements & sources 12/15/2000– Timing for FY 2001 year end and FY 2002– Coordination with USG directory strategies
Establish account management for administrative applications 3/15/2001– Each new person has accounts set up in timely manner– I2-MI: “Identifiers, Authentication, and Directories: Best
Practices for Higher Education” <http://middleware.internet2.edu/best-practices.html>
![Page 49: Implementing Infrastructure for the eUniversity](https://reader036.fdocuments.us/reader036/viewer/2022062314/56814585550346895db265c4/html5/thumbnails/49.jpg)
ConclusionConclusion
Advanced Campus Services is key to GSU strategic focus for enterprise directories
Full time focus on “broad coordinating role” essential to establishing collaboration and consensus development of solutions
Goal: provide a strategic, competitive advantage to the University System community.