Middleware: Addressing the Top IT Issues on Campus Renee Woodten Frost Internet2 and University of...
-
Upload
adam-rogers -
Category
Documents
-
view
216 -
download
2
Transcript of Middleware: Addressing the Top IT Issues on Campus Renee Woodten Frost Internet2 and University of...
Middleware: Addressing the Top IT Issues on Campus
Renee Woodten FrostInternet2 and University of Michigan
CUMREC May 13, 2003
CUMREC May 13, 2003
Outline
• Set the context
• Define middleware
• Outline the Top 10 issues
• Discuss the relevancy of middleware
• Introduce NSF Middleware Initiative
• Highlight available resources and educational opportunities
CUMREC May 13, 2003
What is IT being asked to do?
• One stop for university services (portal) integrated with course management systems
• Email-for-life• Automatic creation and deletion of computer
accounts• Submit and/or update information online• Browser or desktop preferences follow you
CUMREC May 13, 2003
More on the “to do” list
• Multi-campus scanning electron microscopes• Integrated voicemail, email, and faxmail for
Advancement staff• Secure PDA and wireless support• All-campus email announcements (spam)• Expensive library databases shared with other
schools in a system or consortium• . . . .
CUMREC May 13, 2003
What do all of these have in common?
• Are the people using these services who they claim to be?
• Are they members of our campus community?
• Have they been given permission?
• Is their privacy being protected?
CUMREC May 13, 2003
What is middleware?
• Suite of campus-wide security, access, and information services– Integrates data sources and manages
information about people and their contact locations
– Establishes electronic identity of users– Uses administrative data to assign affiliation
and gives permission to use services based on that role
CUMREC May 13, 2003
Definitions: Identifiers
• Identifiers– your electronic names– Multiple names and corresponding information in
multiple places– Single unique identifier for each authorized user– Names and information in other systems can be cross-
linked to it
Ie, Admin systems, library systems, building systems
CUMREC May 13, 2003
Definitions: Authentication
• Authentication – links the physical you to an electronic identifier– Password authentication most common
– Security need should drive authentication method
– Distance learning and inter-campus applications
CUMREC May 13, 2003
Definitions: Authorization
• Authorization services – allowing you to use services– Affiliated with the school (role)
– Permitted to use the services based on that role
CUMREC May 13, 2003
Definitions: Enterprise Directory Services
• Enterprise Directory services - where your electronic identifiers are reconciled and basic characteristics are kept– Very quick lookup function
– Phone number, address, campus identifiers
– Machine address, voice mail box, email box location
CUMREC May 13, 2003
What is Middleware?
• specialized networked services that are shared by applications and users
• a set of core software components that permit scaling of applications and networks
• tools that take complexity out of application integration• a second layer of the IT infrastructure, sitting above the
network • a land where technology meets policy• the intersection of what networks designers and
applications developers each do not want to do
CUMREC May 13, 2003
Map of Middleware Land
CUMREC May 13, 2003
Core Middleware
Middleware makes “transparent use” happen, providing consistency, security, privacy and capability
• Identity - unique markers of who you (person, machine, service, group) are
• Authentication - how you prove or establish that you are that identity
• Directories - where an identity’s basic characteristics are kept
• Authorization - what an identity is permitted to do• Public Key Infrastructure (PKI) - emerging tools for
security services
CUMREC May 13, 2003
2002 EDUCAUSE Current Issues Survey
• Criteria– Importance for strategic success– Potential significance in next year– Most time consuming for leaders– Most resource intensive
• 10 issues most significant
CUMREC May 13, 2003
The Top Ten Issues
• Administrative Systems/ERP• IT Funding• Faculty Development, Support, and Training• IT Strategic Planning• Security Management• Online Student Services• Teaching and Learning Strategies• Distance Education• Maintaining Network Infrastructure• Emerging Network Technologies• (Portals)
CUMREC May 13, 2003
Threads Woven Throughout
• Money and Time• Integration• Policy Enforcement• Enhanced Security• Ease of Use• Capability to Iterate and Deploy Faster• Privacy management
CUMREC May 13, 2003
Money and Time
• Consolidated access management– Fewer staff for more applications
– Fewer information repositories to manage
– Fewer accounts to manage
– Automated creation and deletion of accounts
CUMREC May 13, 2003
Integration
• Leverage existing infrastructures– Data
• Unique identifier is mapped to application-dependent identifiers
– Network• Integrated sign-on
– Services • Administrative and Course Management Systems
CUMREC May 13, 2003
Policy Enforcement
• Access follows institutional policy and legal requirements– Business changes reflected in access
• Dismissed students/staff have access to all services and buildings immediately revoked
CUMREC May 13, 2003
Enhanced Security
• Consolidation of Access – Status/role change alters service mix
– Use of same identifier enhances auditing
– Access to critical applications is concentrated
• More security minded
CUMREC May 13, 2003
Ease of Use
• Directory-enabled applications– Reduce faculty need to update class rosters
• Consolidated authentication– Reduces the number of userids/passwords
• Move updating of information to ultimate data owner– Students update address information or
destination of their forwarded email
CUMREC May 13, 2003
Capability to Iterate and Deploy Faster
• Use same authentication and identity infrastructure for new services
• Extend services to new groups by adding to the directory
• One group of staff responsible for implementing business rules
CUMREC May 13, 2003
Privacy management
• Increasing need both to pass information about people for access and to protect privacy– Must have a central policy structure and
related technical infrastructure for privacy management
• Library applications where both authorized access and anonymity is critical
CUMREC May 13, 2003
Next Steps
• Develop project plan
• Decide on unique namespace
• Review application and directory requirements
• Pick initial target applications
• Design and populate the directory with big picture in mind
• Deploy directory and enable applications
CUMREC May 13, 2003
NMI-EDIT Consortium
• Funded by the NSF Middleware Initiative (NMI)
• Enterprise and Desktop Integration Technologies (EDIT) Consortium– Internet2 – primary on grant and research– EDUCAUSE – primary on outreach– Southeastern Universities Research Association (SURA) – primary on Integration Testbed
• Higher-ed, government, corporate, research, and international participation
CUMREC May 13, 2003
NMI-EDIT: Goals
• Much as at the network layer, create a ubiquitous common, persistent and robust core middleware infrastructure for the Research & Education community
• In support of inter-institutional and inter-realm collaborations, provide tools and services (e.g. registries, bridge PKI components, root directories) as required
CUMREC May 13, 2003
NMI-EDIT: Core Middleware Scope
• Identity and Identifiers – namespaces, identifier crosswalks, real world levels of assurance
• Authentication – campus technologies and policies, inter-realm interoperability via PKI, Kerberos
• Directories – enterprise directory services architectures and tools, standard object classes, inter-realm and registry services
• Authorization – permissions and access controls, delegation, privacy management
• Integration Activities – common management tools, use of virtual, federated and hierarchical organizations
CUMREC May 13, 2003
Enterprise MiddlewareEducational Opportunities
• Pre-conference Seminars & track sessions: EDUCAUSE Annual & Regional Meetings, CUMREC, Internet2, etc
• Campus Architectural Middleware Planning Workshops– CAMP, Boulder CO – June 4-6, 2003
• CIO and Technical staff• Best practices in middleware deployment• Check the www.nmi-edit.org site for announcement or past
conference proceedings
– Advanced CAMP, Boulder CO – July 9-11, 2003• Highly technical• Research topics
CUMREC May 13, 2003
On-line Resources Available• Introductory Technical and Management Documents
– Sample Middleware Business Case and Writer’s Guide– Identifiers, Authentication, and Directories: Best Practices
for Higher Education– Identifier Mapping Templates and Campus Examples– And more….
• Enterprise Directory Implementation Process (Roadmap) www.nmi-edit.org
• For more information, contact Ann West [email protected] or send mail to [email protected]