200 likes | 498 Views
Update for Data File Exchange Customers. January 28, 2010. Objectives of Meeting. General overview of file processing 2010 activities that impact data exchange customers Clarify what it means for customers Q & A. Modes of Data Exchange. XML files with PGP encryption
E N D
Update for Data File Exchange Customers January 28, 2010
Objectives of Meeting • General overview of file processing • 2010 activities that impact data exchange customers • Clarify what it means for customers • Q & A
Modes of Data Exchange • XML files with PGP encryption • Flat files (used for bulk student phone data updates, bulk email updates and batch IDGEN) • Web Services
Data Exchange via XML • PGP encryption used to secure data on the web server (location of the customer in/out boxes) • Files copied to server behind firewall to be processed • Data unencrypted using keys, processed then encrypted again • Output copied back to application server to the customer in/out boxes • Log files provide details on whether processing was successful
Service Level Agreement Imports & Exports are Tier 2 • Runs per schedule every day except during announced maintenance windows (typically 3rd Sunday 5-9 a.m.) • MAESTRO scheduler runs daily schedule • Production environments are monitored • In event of problem, objective is to find a solution during same business day • If problem occurs after hours or on weekend or holiday, staff will address on next business day • Test issues addressed on best effort basis • Special arrangements require 3 weeks notice
FY2010 Objectives • Replace aging hardware • database server – Done! • Major performance improvements resulted • application server – by June 2010 • Implement database security enhancements • Begin the project to replace the data synch software engine • ID Card system move to OAS operated hardware
Server Migration Project • Old application server(s) being replaced with new server • Since application server is where the encrypted files are dropped and picked-up, this hardware transition requires retesting of customer ability to reach the (new) servers • New servers use Linux so can’t migrate the old passwords • And it is good for security sake to reset passwords
For File Exchange Customers • Impact: • import (inbound to IdM for XML and flat file) • export customers (XML) • Mapping the logical address to new physical location • idm.cadm.harvard.edu • name stays same but points to a new server • Testing • Password will be reset, reestablish certificate authentication and accept a new server key • Can customer still connect to the inbox and outbox locations to drop and pick-up files?
Proposed Process – High Level • ITIS creates the in/out boxes with new passwords on the new servers • Customers validate connectivity in Stage and Prod • IP connectivity, passwords (both) • File system permissions by running files in Stage • Switch stage.idm.cadm.harvard.edu to new test server • Switch idm.cadm.harvard.edu to new prod server on same day and time for all customers • Old files will not be transferred; access will be available on the old server for 30 days. Must be accessed by old server name. • Sequence numbers will not be affected • Zero day export files will not be required
Typical Issues • IP connectivity may need local network staff to talk with UIS-NOC • Certificate or password not revised locally • Permission lost requires ITIS to request SOC assistance, then retest so report issues early • Users who manually move files may forget how to do it may need local technical support
How to Prepare • Review your local process • If using certificates then you do have work to do to reestablish certificate authentication • You will be required to set password on first use; temporary passwords will be provided. • Inform local technical staff of the timetable and possibility you may need assistance with connectivity issues
Fall of 2010 Annual PGP Key Renewal • Announcing timetable earlier so you can plan • To enable everyone to meet the deadline • Reordering some tasks to improve execution • Learn from this year’s experiences • Catch issues earlier • Streamline process a bit
Q & A on Encryption? • What are your questions
Documentation & Updates • Documentation: http://isites.harvard.edu/icb/icb.do?keyword=k236 • Operational updates: • http://directoryservices.scribo.harvard.edu/
Other News – Export • Before the end of the year we are going to begin to assigning IDGEN numbers to POI’s (rather than the 01XXXXXX range) • Take a look at your code and think about whether you are relying on classifying a person based purely on the number • In future you will not be able to rely on that approach
News - Flat File Imports • We need to stop processing the bulk student phone and bulk email files as flat files • Goal is to convert everyone to encrypted XML file processing by December 2010 Drivers: • Data Security • HEISP requires data on servers outside firewall to be encrypted • Flat file processing can be much more error prone • XML is our standard data exchange format • Same format used by web services and imports
Thank You For Coming! What other questions do you have? For general information directory_services@harvard.edu For production service issues: Call UIS Helpdesk at 6-2001 or uis_helpdesk@harvard.edu (Should ensure a more timely response)