340 likes | 502 Views
AdCom / NACS Sharing Session and UC Information Technology Architecture Group (ITAG) Update and Feedback. Marina Arseniev Director of Enterprise Architecture, Security, and Data Management Services Administrative Computing Services April 22, 2009. Agenda. Introductions
E N D
AdCom / NACS Sharing Sessionand UC Information Technology Architecture Group (ITAG) Update and Feedback Marina Arseniev Director of Enterprise Architecture, Security, and Data Management Services Administrative Computing Services April 22, 2009
Agenda • Introductions • UC Information Technology Architecture Group (ITAG) • Update on current projects and progress • Kuali RICE Assessment • AdCom’s Architecture Initiative • Application / Technology Architecture • SDLC • NACS Project Challenges and ITAG Feedback • Discussion of NACS and AdCom’s “common” problems and requirements
Enterprise IT Architecture? • OpenGroup’s Architecture site and Zachman Framework • Zachman’s Key statements: • “Enterprise architecture has everything to do with managing enterprise complexity and enterprise change.... “ • [Enterprise Architecture] .. ”technically is an ontology. “ • “The descriptive representations that make up the knowledge base of the enterprise constitute […] the “raw material” for engineering the enterprise for flexibility, integration, reusability, interoperability, alignment, mass customization ....” • “Enterprise Architecture is not arbitrary…and not negotiable.” • “Enterprise architecture and system implementation are two different things. “
What is ITAG? • “The Information Technology Architecture Group (ITAG) is an operational group working under the aegis of the Information Technology Leadership Council (ITLC). “ • “Its mission is to create and maintain, on an ongoing basis, a repository of architectural principles, standards, practices, common frameworks and preferred technologies for use throughout the UC system. These are to be chosen with the primary goals of enabling integration, interoperability, and sharing across the system.” • “The work of the ITAG will enhance sharing of applicationsand systems among UC campuses, […] support the eventual creation of a UC source code repository and facilitate coordination with national standards bodies. “ • Some ITAG members are also members of IT Architects in Academia (ITANA), an independent constituent group of Educause
ITAG effort currently in progress • Interoperability Guidelines and Standards for University of California • Summary of Campus Middleware Survey • Kuali RICE Assessment • Each RICE component was evaluated separately • RICE is middleware and an Application Development Framework • Evaluation Framework • What is RICE? ( http://rice.kuali.org/ )
Kuali Identity Management (KIM) Generating a unique “person” key and maintaining unique person “identity” is one of a few services Identity Management Systems provide Like KIM, IdM systems store user, role, group, and attribute information related to a person Which role? Business role? Application Function? In addition to storing who is in a “Low Value Purchaser” Role, KIM can also store an “Attribute” indicating this role can only approve purchases for a specific amount, such as < $500 Does not store “entitlements” or “privileges” per se. In RICE 1.0, KIM is really only a data store for IdM data that is managed externally, in a more robust IdM system How will Kuali KIM integrate with NACS IdM?
How could UC Irvine use an ESB?“Events” generate real-time business transactions and workflow, replacing FTP ID Card SAMS User Authorization / Provisioning HR - New Employee Event from GreenTree Hire ARC Employee Payroll Deduction Learning Management System – Course Registrations UCI Enterprise Service Bus UCNetID Request to UCOP UCINetID / CampusID Request to NACS Parking Employee Payroll Deduction NACS Enterprise LDAP UCOP Enterprise Service Bus Connexxus Travel Portal SAAS User Provisioning Payroll Application “Add Employee” AdCom’s LDAP
How could UC Irvine use an ESB?“Events” generate real-time business transactions and workflow, replacing FTP ID Card Learning Management System – Lab Safety Course Registration New Student Event Housing Cafeteria UCI Enterprise Service Bus UCNetID Request to UCOP UCINetID / CampusID Request to NACS Parking Purchase NACS Enterprise LDAP UCOP Enterprise Service Bus Student Billing System Registrar (XNET Replacement) UCOP UC-wide IdM
How could UC Irvine use an ESB?“Events” trigger emergency processes and generate RSS feeds for continuous Web Updates Communications / UCI Web Site Update Emergency Notice Police Web Update SNAP Web Update UCI Enterprise Service Bus NACS Web Update First Responder Process Evacuation Process Student Portal Web Update UCOP Enterprise Service Bus UCOP Web Update
Kuali Nervous System (KNS) Data Dictionary - data name, description, type, GUI representation (radio, checkbox, drop down…) Business Objects - represent entities in the system, Java Pojos Inquiries - allow for drill down detail functionality and relationships Lookups - allow for finding the Business Object Record that you want to maintain or reference Maintenance Documents - allow for maintenance of Business Objects (Entities) through user transactions – Create/Read/Update/Delete (CRUD) Transactional Documents - for business process based transactions Reusable Custom Tag Library - makes building UI’s for Transactional Documents easier Business Validations Framework - allows for a plug point for writing business validation code 15
RICE has promise, however… • Deadlines have slipped • RICE 1.0 will be the first downward compatible release • due out June, 2009 • Stand-alone RICE needs load testing • Kuali is an ERP, is new, is complex. • Unknown, unproven, limited integration • Very ambitious future planned • Resources must be submitted from Higher Ed like us in the form of $ and programmers • ITAG is working with ITLC on letter to Kuali Foundation regarding assessment results
AdCom’s Architecture Initiative • Applications • Software Development Life Cycle (SDLC) • Technology Architecture and Middleware
What does Administrative Computing Services do? SNAP Administrative Portal uPortal Web/Java Financial System IBM Mainframe CICS/Cobol Central Credit Card Payment - Solaris Web/Java PayQuest Reimbursement Solaris Web/Java Purchasing and Accounts Payable IBM Mainframe CICS/Cobol Human Resources Self-Service Solaris Web/Java Payroll at UCOP IBM Mainframe CICS/Cobol GreenTree Hiring Manager/ Applicant Tracking System Microsoft IIS/.ASP Vendor TED Learning Management Microsoft IIS/.ASP Vendor Facilities Self-Services Solaris Web/Java Student Billing Powerbuilder Facilities Management Work Order / Billing Tririga ERP Vendor JBoss/Java Permanent Budget Powerbuilder Student Financial Services Systems Web/Java Data Center Desktop Support And Helpdesk And much more…
What do our Applications Require? Disaster Recoverability High Availability Goal: 24 x 7 Secured Access Control Penetration Testing Quality Assurance Auditability / Correctness Application Architectural Integrity Reuse of tested components Reuse of staff skill sets Ease of Use / Common User Interface 24 x 7 Support Minimal maintenance, heavy cross training and Helpdesk Compliance and Governance - Section 508, SAS 112, Tax Relief Act, HIPAA, PCI DSS, SB1386, FERPA, FTC Red Flag And more…
What are our controls? • Incorporation of effective and best practices • Currently using Payment Card Industry Data Security Standard (PCI DSS) as the standard for security controls even for non-Credit Card taking applications. • An Enterprise Architecture and Software Development Life Cycle (SDLC) • Project, Task, and Time Tracking using JIRA / Confluence • Architecture, design, security, database and code review protocols and approvals • Formal quality assurance, security scans (AppScan), code scans (JTest and FindBugs), and load testing (using JMeter) are required for production turnover approval • Production turnover checklists and approval workflows in JIRA
What are our controls? (cont.) • Formal Change Management process… • Weekly mandatory meeting for all staff – often only 15 minutes • Minimize collisions of changes to network, hardware, OS, firewall, middleware, Web Server, or application that can result in downtime or security problems • Use Oracle Calendar to schedule work and planned downtime • Require test plans and checklist at least 2 weeks prior to change • Production code turnover is performed by production control staff, in compliance with “separation of duty” required by auditors and SAS 112 Compliance. • Communication Plans • Monthly Status Reports that go to stakeholders with escalation notices as necessary • Service Level Agreements • Roles and Responsibilities Documents
Value of AdCom’s Enterprise Architecture Initiative? • We all do it to varying degrees already • Answers “what” needs to be done, “how” and in what “sequence” to be most efficient, cost effective, and align best with business goals and strategy. • It sets the “boundaries” and ground rules for how decisions are made using “Guiding Principles” • Usually involves multiple layers that reduce costs and align technology with business stakeholder missions • Based on best practices and is a best practice
Examples we use • University of Washington • M.I.T. • University of Texas • Alaska
AdCom’s StandardApplication Architecture Spring/ Hibernate JSP / HTML / JavaScript • A consistent and reusable application development “blue print” • Common and tested components • Defines how an application will be built - what components and APIs • Exceptions to architecture reviewed and by approval • Vendor applications often exempt AdCom GUI Template Drala WorkFlow Java Framework Expresso/RICE* Jasper Reports Application Apache/ Tomcat / Java 1.6 SAMS LDAP WebAuth / Shibboleth Apache CXF SOA Sybase SQLServer, mySQL ANSI SQL
Architecture Governance • Usually done by consensus of senior technical staff in AdCom services in periodic meetings • Exceptions reviewed by team for approval • Example 1: request to use AJAX in Human Resources application. • Example 2: request to bring in a vendor Microsoft IIS/.ASP application • Example 3: request for a reporting solution resulted in an evaluation and department-wide adoption of Java Jasper Reports. • Example 4: request for a standard solution for web form pagination of database data resulted in adoption of DisplayTag component (server-side and javascript technology) • Quarterly meetings to review “Technical Reference Architecture” and approve new technologies and “sunset” or decommission older technologies
Middleware • As NACS and AdCom know, common middleware infrastructure and common applications should be operated centrally • Departments/programs/activities should not have to build their own core middleware • What are examples of middleware AdCom uses? • SAMS AuthZ • WebAuth, 2-factor RSA Authentication, Shibboleth • HTTP, SOAP, WSDL, XML, SOA Services CXF • Messaging – Java Messaging, Microsoft Transaction Services • JDBC, LDAP • Common logging (log4j) • Common applications? • Password or “secret” storage (SecretServer), Wiki, JIRA Project and Issue Tracking, Workflow, Calendar, Content Management System, Learning Management System, Portal
Plans and next steps? • AdCom is planning to run Kuali Coeus (2010) and Kuali Financial System (~2012) on a stand-alone instance of RICE. • AdCom may invest in home-grown RICE applications • AdCom would like to work with NACS on leveraging the UC Information Technology Architecture Group (ITAG) to help our campus middleware plans and implementation • Is NACS interested in any RICE components covered today? • AdCom is facilitating a work group to evaluate “Enterprise Authorization” solutions • What is the intersection of Kuali Identity Management (KIM), which is also a repository for Users, Groups, Roles, and Role Attributes, and NACS’ LDAP and IdM plans? • What do we do with AdCom’s SAMS? • Do we need to fold in our requirements for ITAG consideration?
What are NACS Issues? • What are NACS project challenges? • Any feedback or ideas that I can share with ITAG?
What are our “Common” Problems and Requirements? • When developing applications, what do you spend most of your time on? GUI? Interfaces? Requirements? Design? Coding? • What do you find yourself doing over and over again? • Where do you see the largest number of bugs or problems? • How do you QA your apps? Is an SDLC used? When is your app “good enough”? • Do you use an application development framework? • What are your favorite programmer tools? • What best practices do you employ for application security? • What are your controls? Who decides what technology to use? • How do different project teams communicate? Share knowledge? Cross-train? • How does your organization eliminate redundancy and consolidate or reuse tools? • How does your organization separate roles and responsibilities and consolidate functions of staff? How do you eliminate “silos”? • How do you deal with project prioritization? Changes in application scope? This presentation: https://webfiles.uci.edu/marsenie/ITAGFeedback_NACSAdCom.ppt