The Silver Ring: Inter-institutional Middleware Collaboration
advertisement
The Silver Ring: Inter-institutional Middleware Collaboration Michael Berman Mark Crase April 9, 2003 22 March 2016 Copyright A. Michael Berman and Mark Crase, 2003. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors. Overview of Presentation • Overview of CSU IT • Drivers for CSU Middleware • Where we’ve been so far • Where we’re going 9 April 2003 2 The California State University 23 Campuses • 1 Research Institution (R2) • 21 4-year Comprehensive Institutions • California Maritime Academy 400,000 Students 60,000 Faculty and Staff 9 April 2003 3 Integrated Technology Strategy • In 1997, the CSU Presidents came together to ensure that each campus in the system would have the technology infrastructure required to support each institution’s academic and administrative programs. • The result was the creation of the CSU Integrated Technology Strategy 9 April 2003 4 Integrated Technology Strategy • Outcomes-based strategy • Built on Integrated Academic and Administrative Initiatives • Supported by a Robust Infrastructure • Access (Hardware, Software, Network) • Training • Support Services 9 April 2003 5 CSU ITS FRAMEWORK • Optimal Personal Productivity • Excellence in Learning and Teaching • Quality of Student Experience Outcomes • Administrative Productivity and Quality Initiatives / Projects Initiatives FULL • Technology Prerequisites Access BASELINE Training Support CURRENT Access Infrastructure Initiative Baseline Training & User Support Infrastructure Institutional MW Leadership • Information Technology Advisory Committee • Campus CIO’s • Chancellor’s Office Staff • Middleware Steering Committee • CIO’s, Campus Technical Staff, CO flywheels • Directories Working Group • Campus Technical Staff 9 April 2003 7 Drivers for a Multi-campus Approach to Middleware Financial • While a one-size-fits-all approach may not work for all components, some economies of scale can be achieved. Political • Being a State-subsidized institution, proper stewardship of public resources is always important, but it is especially important when budgets are tight. 9 April 2003 8 Drivers for a Multi-campus Approach to Middleware Coordination • Success even at the campus level will depend on a well coordinated approach. A Systemic effort will help reinforce the importance of coordination and cooperation. Help communicate the value of middleware and the benefits of the effort. Consistent with CSU Integrated IT Strategy 9 April 2003 9 Service Outcomes Initiative Applications Middleware Training Access Infrastructure Initiative Support Baseline Training & User Support Infrastructure The position of Middleware in the CSU ITS Pyramid when viewed from the technology perspective. Drivers for a Multi-campus Approach to Middleware Maximize Value of Technology Investments • Infrastructure Terminal Resources Project • Common Management Systems • PHAROS Library Project Help balance requirements for Strategic and Tactical planning Coordination with external agencies (SEVIS, NIH, etc.) and partners (I2, EDUCAUSE, etc.) 9 April 2003 11 Where to Start? A Directories Working Group • Directories as the starting point for more comprehensive middleware effort • Ad hoc effort to work collaboratively • Volunteers/interested parties - 20-40 persons representing most campuses • Smaller detailed architecture sub-group 9 April 2003 12 Final Recommendations… …will depend on projected system wide uses. However… • Central directory servers (redundant and diverse) • Submit campus data to system wide directory registry service (like DoDHE CDS) • Common view with extensions, unique ID, security • Minimum central attributes option • Expanded central attributes option 9 April 2003 13 Future of Group • Larger scale central directory performance testing • Automation of campus-to-central data feeds • Design central registry reconciliation processes • Lessons learned: need to commit resources, not just volunteer • System wide direction: to be determined by Steering Committee 9 April 2003 14 From Experiment to Institutional Response First Step: Middleware concepts presented to the CSU Executive Council • Executive Council is 23 Presidents + Chancellor • All receive Middleware briefing in February 2002 • Consensus: “We’re not sure what it is, but if this is what we need, let’s do it.” 9 April 2003 15 “Citizen of the CSU” Scenarios Alice Chu is a junior biology major at Cal State Hayward, and a Citizen of the CSU. As a “traditional” student, most of Alice’s coursework is in classrooms at the Hayward campus, but last semester she was an intern at a biotechnology company in Anaheim. Using the 4Cnet, she was able to access all her usual Hayward resources, even though she was connected to her company’s intranet. Since she was in the area, she also registered to receive email about lectures in biology at Cal Poly Pomona and Cal State Fullerton, and attended one in-person and another via video streaming etc… 9 April 2003 16 Result: Middleware Steering Committee Formed • Convened by CSU CIO, David Ernst • CIO’s from multiple campus, CSU auditor and CO “fly wheel” • Charged to develop a strategy for Middleware in CSU • Formed in May 2002 • Report overdue in October 2002 (nearly done!) 9 April 2003 17 Preliminary Activities System-wide workshop at I2MM, October, 2002 • 2-3 persons from each campus • Intended to raise Mware awareness • Solicit input from academic/administrative managers • Build consensus for moving forward 9 April 2003 18 Initial Feedback Need to emphasize “interoperability” Need to be “standards-based” Address security from the beginning Overly ambitious agenda • Need to narrow the initial scope • Need to identify the initial outcomes and deliverables • Need to estimate required resources (staff and $$ for HW and SW) 9 April 2003 19 Initial Feedback (cont.) Create mechanism for identifying and addressing policy issues Communication (in English) • • • Central website for MW info Call it something other than “Middleware”? What “it” is and what it isn’t. Work with campus Telecom (and others) How does it relate to CMS (PeopleSoft)? Coordinate w/ ERP Libraries appreciate invite to participate. Interested in Shib. 9 April 2003 20 High-level Planning Planning Team convened for two days in November, 2002 • CO and Campus staff and faculty • Functional (CIO’s, Library, HR/Finance) Technical and Risk Management representation • I2 Facilitators 9 April 2003 21 Highlights of Recommendations 3-year Plan organized into three phases: • January 2003 – September 2003 • October 2003 – June 2004 • July 2004 – June 2005 9 April 2003 22 Phase One: Jan 2003 – September 2003 • Establish CSU Middleware Policy Board, reporting to President’s Technology Steering Committee • Create initial IMI policies and review practices • Establish CSU-wide LDAP definition < EduPerson • Establish a single, state-wide LDAP directory service • • replicate external-facing portion of individual directories one-third of campuses providing data to this directory • Pilot Shibboleth authorization 9 April 2003 23 Phase One: Jan 2003 – September 2003 • Register the CSU as a certificate authority • Establish a model and whitepaper to define best practices for identity reconciliation. • Prepare a “good practices” whitepaper on developing campus registry and directories – recipe for campus development – statewide workshop 9 April 2003 24 Phase One: Jan 2003 – September 2003 • Work with CalVIP to integrate of the directory structure into Video initiatives. • Working group to evaluate business case for CSU-wide permanent identifier for individuals • Get commitment from CMS Executive Committee to assure integration into CMS baseline (ERP Project) 9 April 2003 25 Phase Two: October 2003 – June 2004 • Complete external directories for all entities. • Move Shibboleth from pilot into full production. • Develop a plan to integrate campus-wide directories into CMS and CSU Mentor (On-line Admissions) • Develop a plan to integrate campus-wide directories into Pharos (Library system). • Pilot secure messaging/digital signature system, possibly based on PKI-Lite specification • CSU-wide identifier - consider initial development of technology and procedures for implementation 9 April 2003 26 Phase Three: July 2004 – June 2005 Complete Integration with CMS and CSU Mentor Complete integration with Pharos Extend secure messaging/digital signatures to all campuses Assignment of permanent identifiers in full operation. Pilot extension of Middleware infrastructure to Community College and K12 community 9 April 2003 27 Initial Operational Model • Local/campus Implementation • Staffing, software and hardware as needed • Participate in policy development • Centralized Coordination • Coordinate intercampus activities • Coordinate policy development • Define system-wide architecture • Acquire centrally managed software & hardware • Manage system-wide communication • Provide documentation and project management support 9 April 2003 28 Initial Resource Projections • Campus Resources: • .5 to 2 FTE depending on local implementation requirements • Staff resources typically already in place • Central Resources: • Middleware Architect • Directory Architect • Project Manager • Documentation Specialist • Communications Specialist • Program Assistant 9 April 2003 29 3-year Budget Projection Salaries & Benefits (Six Positions): FY 03/04 $563,640 FY 04/05 $586,186 FY 05/06 $609,633 Operating Expenses: FY 03/04 $971,272 FY 04/05 $147,272 FY 05/06 $147,272 9 April 2003 30 Barriers to Participation? What kind of campus representation is required? How do we incent participation? • Executive Briefing to CABO, CIO, ExCom to get political support • $$ • People Getting mindshare 9 April 2003 31 Next Steps: Campus How do you develop a vision? How do you develop a process to achieve the vision? Who are your stakeholders? What are the strengths you can leverage and limitations you need to address? 9 April 2003 32 Next Steps: System How do you develop a shared vision? How do you develop a process to achieve the vision? Who are your stakeholders? What are the strengths you can leverage and limitations you need to address? 9 April 2003 33 Thanks! Michael Berman amberman@csupomona.edu Mark Crase mcrase@calstate.edu Michael Gettes mrgettes@duke.edu Ann West awest@educause.edu Please fill out the evaluation! 9 April 2003 34 9 April 2003 35 Development Principles • Collaborative effort among all CSU campuses • Maintain appearance of unified directory architecture • Adopt a system wide unique identifier • Common view (eduPerson, etc.) • Standard software (LDAP now, others later) • Security at least as good as source data/applications/business processes 9 April 2003 36 Initial Assumptions • Federated directory approach • Common view incorporating eduPerson • LDAP architecture • Unique ID (unique vs. Linking) • Internet2 involvement 9 April 2003 37 Detailed Architecture Proposal • Distributed directory model (campus directories, LDAP v3 referrals to all others) • Domain component naming • Adoption of eduPerson 1.0 (now 1.5) • Extension to calstateEduPerson (affiliation, major, SecurityFlag, VOIP address) • Provision for campusEduPerson attributes • Global unique ID based on “uniqueness” algorithm • Secure directory servers (SSL) 9 April 2003 38 Test Bed Implementation • Five campuses (SLO, Hayward, Northridge, Pomona, Fresno) • Mixed directory software (iPlanet, OpenLDAP, Oracle) • Various levels of compliance with system wide schema (mandatory-optional attributes) • Various population subsets (student, staff, real/sample) • Various client access methods (specialized search engines, Microsoft ‘address book’, Netscape ‘address book’, LDAP command line clients) 9 April 2003 39 Some Results So Far • Response times are long (local server capacity, client referrals) • Client handling of referrals varies (some do – some don’t) • Coordination of referral trees at multiple sites is difficult 9 April 2003 40 Topics for Today CSU Middleware: Technical and Organizational Dimensions A. Michael Berman, Cal Poly Pomona Mark Crase, CSU Office of the Chancellor 9 April 2003 41 Next Steps A number of our colleagues could not attend. If we were to convene another mtg., what would we want to cover? • Items to add? – – – – – – – – Better defined scope Costs Quick wins Competing initiatives Outcomes from the beginning More HR, Registrars folks involved CSU Case studies CCC and UC • Items to drop? 9 April 2003 42 Some Discussion Topics Feedback Keystone Activities Second Tier Activities Barriers to Participation Next Steps 9 April 2003 43 Keystone Activities Begin with Directories • Identify a directory lead for each campus and CO • Directory Day(s) preceded by some survey of current practices. • Provide “best practices” for campus-based efforts • Identify activities/participants in “central directory” pilot • Other? 9 April 2003 44 Second Tier Activities After Directories are on their way… • Simple authentication? If so, which apps? –Local (Libraries/Shib) –System-wide (CMS) • Other? 9 April 2003 45
