1 / 49

Implementing Infrastructure for the eUniversity

Implementing Infrastructure for the eUniversity. Art Vandenberg Director 404-463-9601 Avandenberg@gsu.edu . Fred Przystas Project Manager 404-463-9602 Cagfwp@gsu.edu. Information Systems & Technology Advanced Campus Services Georgia State University.

goldy
Download Presentation

Implementing Infrastructure for the eUniversity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implementing Infrastructure for the eUniversity Art Vandenberg Director 404-463-9601 Avandenberg@gsu.edu Fred Przystas Project Manager 404-463-9602 Cagfwp@gsu.edu Information Systems & Technology Advanced Campus Services Georgia State University University System of Georgia Annual Computing ConferenceOctober 25-27, 2000

  2. The “eUniversity” Why the Rush? Why Do We Need It?

  3. Why the Rush? • As universities continue to expand their customer base via the internet, they are reaching beyond their territory into YOUR territory. • Distance is no longer a barrier as a result of the internet and “Distance Learning.” • Playing “catch-up” is difficult given the rate at which technology and information is currently speeding along this virtual internet highway.

  4. Why do we need the “eUniversity?” • Improve the quality of University Services • Reduction of Costs • Open New Avenues for Revenue • More sophisticated ways of doing business • Enhance collaborative research • Provide a campus portal for students to obtain various services

  5. Major Areas of Focus • E-academics – enhanced technology learning and distance learning • E-research – promotes collaborative research and scholarly publishing

  6. Major Areas of Focus • E-business – electronic administrative services, i.e., travel, purchasing, and supply • E-community – become a valued resource for the surrounding communities we serve by providing easy access to various online services such as GIL, G.L.O.B.E, and eCore

  7. How do we get there? • Coordination – Project Planning • Cooperation – Inclusion of Stakeholders • Creativity – Funding and Resources • Consultation – Hire an outside group to examine what you have, and what you will need to implement the “eUniversity”

  8. What Else Is Needed? S E C U R I T Y Public Key Infrastructure PKI

  9. SECURITY SAFE ENVIRONMENT ENCRYPTED TRANSACTIONS CERTIFICATE AUTHORITY UNIVERSAL UNIQUE ID (UUID) REGISTRATION AUTHORITY IDENTIFICATION TRUST YOU NEED IT TO...

  10. COMPETE & SURVIVE!

  11. Public Key Infrastructure • Confidentiality • Integrity • Authentication • Non-repudiation

  12. Components of PKI • Security Policy • Defines Organization’s Top-Level Security • Certificate Practice Statement (CPS) • Outlines Key Creation/Distribution and Certificate Issuance • Identifies Levels of Risk

  13. Components of PKI • Certificate Authority (CA) • Sets Expiration Dates for Digital Certificates • Tracks Certificate Revocation Lists (CRLs) • Issues Certificates binding identity of user or system to a public key with a Digital Signature (DS)

  14. Components of PKI (Cont.) • Registration Authority (RA) • Interface between User and CA • Authenticates Identity of User following Security Policies • Quality of Authentication sets level of trust placed on certificates issued

  15. Components of PKI (Cont.) • Certificate Distribution System • Directory Service • User Distributed • Enterprise PKI solution

  16. Components of PKI (Cont.) • PKI Enabled Applications • Web Servers and Browsers • E-mail • Electronic Data Interchange (EDI) • Credit card Transactions over the Internet • Virtual Private Networks (VPNs)

  17. PKI Evaluation Considerations • Flexibility • Interface with standard directory structures like Lightweight Directory Access Protocol (LDAP) and X.500 (DAP) • Allow users to request certificates via e-mail • Standard interfaces such as PKCS#11 to work with various security tokens (example: smart cards and hardware security models (HSMs)) • Automated RA, if needed

  18. PKI Evaluation Considerations (Cont.) • Ease of Use • Management of PKI should be simple and not require a technical background to manage • Interface should be graphical and intuitive • Supports Security Policy • CA/RA should be able to reflect security policies of organization in certificate issuance

  19. PKI Evaluation Considerations (Cont.) • Scalability • Support for additional applications as they come online • Ability to add CAs and RAs as needed to support organizational growth • Ability to support increased numbers of certificates issued as the PKI grows

  20. PKI Evaluation Considerations (Cont.) • Interoperability • PKI should be built to the most common commercial standards • PKI should be completely open to allow for future integration as IT infrastructure grows • PKI needs to be interoperable globally

  21. PKI Evaluation Considerations (Cont.) • Security of CA and RA • CA/RA is the center of PKI and should be held in a tamper resistant security module • Backup copies are essential protection for disaster recovery • CA/RA system should have a secure audit trail that includes a time/date stamp and signature for each transaction • CA should be held to the highest commercial standard security

  22. WHAT ARE WE WAITNG FOR? LET’S LET MIKEY TRY IT FIRST…

  23. Meet Mikey!

  24. Taking Strategic Actions • Advanced Campus Services – CIO/Associate Provost Information Systems & Technology creates a strategic unit • Discovery of Resources – educating • Organizational Structure – enabling interaction • Performance Objectives – accomplishing goals

  25. Advanced Campus ServicesA Response to Ongoing Issues • CSO to LDAP directory conversion “in the queue” for several years • Authentication/authorization needs • Student email a campus pressure point • Audit findings call for account management • Data feeds, interfaces between application domains becoming increasingly complex

  26. Advanced Campus ServicesEstablishing a Strategic IT Unit • ACS unit created February 2000 • Charged to plan and develop actions for: • University-wide directory services • Public-private key infrastructure • Universal email solutions • Interfaces to one-card, library, other systems • “broad, coordinating role in the establishment of standards, methods and processes…”

  27. Discovery of Resources – Educating • Aim is to find “best practices” • Research resources: • Higher education groups • Standards groups • Industry analysts • Application vendors • Trade journals, News, Georgia Code... • Internet/Libraries/People!

  28. Discovery of Resources (cont.) • Internet2 Middleware Initiative <http://www.internet2.edu/middleware/> • Higher Education “Middleware” services: • Identifiers, directories, authentication, authorization • Overviews, conceptual framework, best practices, “LDAP recipe” • Extensive links to other sites • The Authoritative Hub for Higher Education

  29. Discovery of Resources (cont.) • CREN <http://www.cren.net/> • “mission is to support higher education and research organizations with strategic IT knowledge services…” • TechTalk series – live audiocasts • Interviews with technology experts – real life scenarios • CREN Certificate Authority initiative

  30. Discovery of Resources (cont.) • Federal PKI Technical Working Group <http://gits-sec.treas.gov/fpkitechwork.htm> • Providing leadership in public key and directory technology over last decade • Establishing models for interoperation • Addressing policy issues, cf. ACES • GTRI participated in Federal Bridge CA demonstration project

  31. Discovery of Resources (cont.) • Net@Edu PKI for Networked Higher Education Working Group <http://www.educause.edu/netatedu/groups/pki/> • Sponsoring “a series of summit meetings” • eduPerson LDAP objectclass (with Internet2) – attributes of a higher education person • USG Central Office personnel involved

  32. Discovery of Resources (cont.) • The Burton Group <http://www.tbg.com/> • Network infrastructure strategy consultants • GSU subscribes to Network Strategy Service • Conducted seminars on directories (9/1999) and PKI (3/2000) for USG • TBG recommendations endorsed by ACIT • [FYI: Jamie Lewis, CEO, is GSU grad]

  33. Discovery of Resources (cont.) • The GartnerGroup <http://gartner4.gartnerweb.com/public/static/home/home.html> • Industry consultant providing research highlights and analysis of industry trends • USG subscription • Decision Drivers service includes PKI model: • 2,800 factors related to PKI vendor evaluation • Tool facilitates collaborative definition of criteria

  34. Discovery of Resources (cont.) • Internet Engineering Task Force (IETF) <http://www.ietf.org/> • LDAP Specifications (RFCs 2251-2256) • Understanding and Deploying LDAP Directory Services, by Timothy Howes • Author of LDAP while at U. Michigan • Developed Netscape’s LDAP directory • Text introduces directory architecture, addresses life-cycle deployment, and provides case studies

  35. Discovery of Resources (cont.) • Directory Interoperability Forum <http://www.directoryforum.org/> • Forum established 1999, then merged in July 2000 with... • The Open Group’s Directory Program<http://www.opengroup.org/directory/> • “promotes open and interoperable directories based on open standards” • Members: Cisco, HP, IBM, Microsoft, Netscape, Novell... • Universal Schema Reference<http://home.netscape.com/eng/server/directory/schema/> • 150+ objectclasses, 600+ attributes...

  36. Discovery of Resources (cont.) • SCT SUMMIT Conference for Banner Users <http://www.sctcorp.com/> • SCT architectural strategy – includes LDAP • CUMREC Annual Conference <http://www.cumrec.com/> • Directory, PKI sessions, networking (people) • Senate Bill 465 (Georgia Technology Authority) <http://www.state.ga.us/cgi-bin/pub/leg/legdoc?billname=1999/SB465&docpart=full> • Legislation that includes commitment to digital signatures technology solutions

  37. Discovery of Resources (cont.) • Chronicle of Higher Education <http://chronicle.com/index.htm> • Information Week <http://www.informationweek.com/newsflash/default.html> • ACM TechNews<http://www.acm.org/technews/current/homepage.html> • “eUniversity” news items: • distance learning, online libraries, sharing research facilities, mobile users, ecommerce, virtual classrooms...

  38. Organizational Structure – Enabling Interaction • ACS - 2 staff providing “broad coordinating role” to “advance the development of a university-wide consensus regarding directions and strategies.” • A goal is to foster interactions and encourage communication • Use IETF model - working groups convened to address specific task

  39. Organizational Structure – Steering Group • CIO & his IT Directors representing: • Networks, educational technology, library systems, administrative applications, strategic planning • Discussion and consensus process sets: • Overall scope • Task priorities • Resource allocation • Liaison with University System & others

  40. Organizational Structure – Data Stewards for GSU Person Working Group • Functional data stewards representing: • Human resources, student systems, affiliates, library, alumni, and information technology • Reviewing eduPerson objectclass • Mapping data sources to LDAP attributes • Reconciliation & synchronization processes • Recommending policy • cf. GSU Enterprise Directory Policy

  41. Organizational Structure – LDAP Design Technical Working Group • Senior technical staff – Unix and Novell • Schema design technical issues • Implementation of the directory: • Replication & synchronization • Interfaces between directories • Interoperability of clients • Migration of existing “directory” apps – sendmail alias forwarding, dialin authorization, PPP access...

  42. Organizational Structure – Interactions with other groups • April 2000 – GSU, OIIT, GaTech re GartnerGroup Decision Drivers for PKI • June 2000 – “common directory” proposal becomes SURA response to I2 PKILabs RFP (not awarded but contacts good) • August 2000 – “common directory” proposal restated for Vice Chancellor OIIT • October 2000 – GSU, UGA, GIT, OIIT meet re LDAP directory implementation

  43. Organizational Structure – Mutual Interest & Common Goals • Internet2 Middleware Initiative’s Goal: “The goal… is to assist in the creation of interoperable middleware infrastructures among the membership of Internet2 and related communities. • 1. Make it happen... • 2. Be an honest broker… • 3. Integrate across applications... • 4. Interoperate between campuses…” • “Let’s work together.” says Mikey.

  44. Performance Objectives – Accomplishing Goals • March 2000 – ACS establishes broad objectives based on: • The Burton Group recommendations • Internet2 Middleware Initiative • Existing GSU application needs • Expectation that as work proceeds, refinement of objectives will occur based on communication with and input of others

  45. Performance Objectives (cont.) • White Paper 6/30/2000 – summarize issues for successful infrastructure deployment: • Take strategic enterprise approach • Use collaboration and communication • Leverage existing initiatives in community of interest • Define PKI evaluation criteria PKI 7/15/2000 • Ambitious, but GartnerGroup Decision Drivers a tool • Refined to “First establish directory infrastructure…”

  46. Performance Objectives (cont.) • Define GSU common directory 8/15/2000 • Of course this is ambitious, but you need a start • Data Stewards WG met biweekly from June 2000 • ~35 core attributes mapped to data sources • Reconciliation, prime authority issues being worked • Identify collaborative opportunities 8/15/2000 • Common Directory...SURA...USG Common Directory • Internet2 BOF? SURA BOF? U. Alabama Birmingham? • “If you don’t ask, you can’t get it.”

  47. Performance Objectives (cont.) • Draft policy and procedure for managing “GSU Person” 9/15/2000 • Purpose and guiding principles of stewardship • Version 1.0 policy and procedure for managing “GSU Person” 12/15/2000 • Finalize via campus review • Documentation of identifiers, timing & synchronization for directory, information for administrative account management

  48. Performance Objectives (cont.) • Identify directory infrastructure and PKI funding requirements & sources 12/15/2000 • Timing for FY 2001 year end and FY 2002 • Coordination with USG directory strategies • Establish account management for administrative applications 3/15/2001 • Each new person has accounts set up in timely manner • I2-MI: “Identifiers, Authentication, and Directories: Best Practices for Higher Education” <http://middleware.internet2.edu/best-practices.html>

  49. Conclusion • Advanced Campus Services is key to GSU strategic focus for enterprise directories • Full time focus on “broad coordinating role” essential to establishing collaboration and consensus development of solutions • Goal: provide a strategic, competitive advantage to the University System community.

More Related