IT Architecture and Infrastructure Committee
9:00 – 10:30 a.m., February 13, 2015, FAC 228D
I. Toopher and The University of Texas at Austin – Discussion (C.W. Belcher)
II. Two-Factor Authentication and The University of Texas System– Update (Cam Beasley)
Reference: https://wikis.utexas.edu/display/ISO/Approved+2FA+Authentication+Methods
III. Permissions Systems Changes for Next-Gen Net Management – Update (William Green, Jason Wang)
IV. Office 365 Charter – Update and Endorsement (Sabina Winters)
V. UT Austin Web Linking Policy – Endorse (Jennifer Chance)
2014 W-2 Claiming & Two-Factor Authentication Activity
W-2 Claiming Statistics
Total 2014 W-2s:
2014 W-2s claimed online:
2014 online claim rate (with 2FA):
2013 online claim rate (without 2FA):
37,726
24,229
64.2%
72.1%
Two-Factor Authentication Activity during W-2 Claiming Period (January 9–29)
Total new two-factor pairings:
Total two-factor authentication sessions:
Total two-factor administrative resets:
Peak daily pairings:
Peak daily authentications:
Peak daily resets:
17,908
35,294
932
3,358 (January 28)
5,429 (January 28)
154 (January 28)
Two-Factor Authentication Service Traffic Pattern (January 9–29, 2015)
Note: The total hourly “hits” to the two-factor authentication service are a multiple of
the number of pairings and authentication sessions during that time period since each
user interaction with a two-factor protected service generates multiple “hits”
depending on the action being taken.
2/9/2015
1
TSC Tools Permission System Changes
Overview
The TSC Tools Permission System has far outgrown its original design and is suffering both performance
and scalability problems. This is impacting TSCs’ abilities to manage their networks using the TSC Tools.
In addition, the schema devised for the current TSC Tools is entirely proprietary to that system and does
not translate well to the official University organizational hierarchies and roles, making re-use of the
data across other systems a great challenge.
The goal of the TSC Tools Permission System re-design is to make a scalable and supportable backend
permissions system for Networking’s TSC Tools suite that meets current and foreseeable future needs,
and is consistent with the University’s official organizational structure and roles
Steering Group
A steering group was assembled to represent customers and developers of the TSC Tools and related
systems/applications. This group included representatives from:
Academic Technology Services, University Libraries, Cockrell School of Engineering, McCombs
School of Business, College of Education, ITS Applications, Information Security Office
Proposed Changes
Networking will re-design and re-write the TSC Tools Permission System to align with the UT
Department System and with OHS. The Department System will be used as an authoritative source to
identify departments, and OHS will be used to define the different roles and staff in those roles.
ITS Applications has also identified changes that can be made on OHS to expand the number of roles
that can modify OHS role assignments beyond just departmental HR/administrative staff.
Benefits of Proposed Changes
Use of the University Department System and OHS leverages these existing production systems, so
Networking does not have to develop and maintain a separate organization and role management
system. This allows development and operations efforts in Networking to be focused on network
management applications instead of organizational hierarchies and roles.
By using the official University systems for identifying departments and roles, applications developed
across different areas can use a consistent base set of data, and there is a consistent system by which
support staff and customers can look up the appropriate contacts for each department.
Impact of Changes to Departments
Because TSCs will now be identified by roles in OHS, the current flexibility to assign very specific and
granular subsets of permissions to staff on an individual basis will cease to exist. Instead, all staff in a
particular role, as defined in OHS, will have the same permissions within each respective department.
Because roles will now be defined and staff assigned to such roles in OHS, the interface used to manage
TSCs will shift from the current TSC Tools proprietary pages to the University’s official OHS interfaces,
and follow-on systems in Workday and Sailpoint.
Office 365 2015 Migrations
Document Version 2.0
Prepared by Sabina Winters, ITS
Last Edited February 12, 2015
PLAN
REQUIREMENTS
SOLUTION
ANALYSIS
DESIGN
BUILD
TEST
TRAIN/DEPLOY MAINTENANCE
Project Charter
Office 365 2015 Migrations
Executive Summary
In December of 2014, the IT Governance Architecture and Infrastructure Committee (AIC) endorsed a strategy
of pursuing a cloud-based platform for calendaring and email business class users (primarily faculty and staff)
in order to deliver the functional requirements desired and needed by those users. The Office 365 2015
Migration project has been launched in support of this strategy. The goal of this effort is an organized and
well-planned migration of mailboxes from volunteer Colleges, Schools, and Units (CSUs) from UT Austin’s onpremise Microsoft Exchange environment, Austin Exchange Messaging Service (AEMS), to Microsoft’s Office
365 cloud-hosted calendaring and email environment.
Business Need and Background
The Austin Exchange Messaging Service (AEMS) is UT Austin’s locally hosted Microsoft Exchange environment.
The existing AEMS infrastructure will need to be refreshed or retired no later than FY17-18. AEMS was
originally sized to accommodate 25,000 mailboxes at a maximum individual mailbox size of 2G. Because of the
impending infrastructure expenses, the IT Governance Architecture and Infrastructure Committee (AIC)
approved migration to Microsoft’s Office 365 hosted Exchange email in February 2013. That initial migration
ran into various project, service and technical challenges and was placed on hold in January 2014 with 60% of
migrations completed. Those challenges have now been addressed sufficiently to resume the project.
With the December 2014 AIC endorsement to continue pursuing cloud-based calendaring and email solutions
for UT Austin’s faculty and staff members, ITS was authorized to assemble a project team to continue largescale mailbox migrations from AEMS to Office 365 for as many of the remaining 40% of mailboxes as possible.
The need to complete migrations is multi-faceted. Firstly, groups that routinely share calendaring and email
tasks, normally within a College, School, or Unit (CSU), and have mailboxes located in different environments,
encounter difficulty collaborating when doing their daily work. Bringing all of those mailboxes into a single
environment (Office 365) enables those groups to once again to do shared calendaring and email, as well as
delegation tasks. Secondly, mailbox size in the on-premise environment is limited to 2G, whereas it is 50G in
the cloud. Thirdly, Microsoft has begun releasing new feature functionality, such as the new version of
Outlook for Mac, to only Office 365 users initially. To take advantage of these new features, an individual’s
mailbox must be in the cloud. Lastly, the existing AEMS hardware will need to be refreshed and right-sized for
the few remaining mailboxes, or retired outright, no later than FY17-18. ITS has received an increase in the
Page 1 of 6
Office 365 2015 Migrations
Document Version 2.0
number of requests from the campus community to move their College, School, or Unit (CSU) to the cloud,
and planning for these moves to occur within a common timeframe allows ITS to optimize the resources and
costs needed for the project.
Project Description and Scope
This project will concentrate on providing guidance on pre-migration tasks, migrating mailboxes from AEMS to
Office 365, and providing post-migration support. To support these primary goals, we will also send timely and
complete communications about the migrations, keep online documentation on the Office 365 product and
migration FAQs up-to-date, and work with each CSU migrating, to ensure their mailboxes are migrated on a
date that they approve in advance.
In Scope
The following deliverables or tasks are in scope for this project:
Pre-migration instructions and support will be provided to the CSU’s site champion, ordinarily a
Technical Support Contact (TSC), on the hardware, software, and calendaring and email hygiene tasks
that are required to be completed prior to migration.
The project team will work with each CSU to develop a communication plan to ensure appropriate
migration related communications for that business unit.
The project team will work with each CSU to identify mailboxes that should be migrated and develop a
migration date for those mailboxes.
The project team will work with each CSU to delete obsolete resource accounts and migrate EID based
mailboxes to resource accounts where appropriate, prior to migration to Office 365.
ITS will apply Microsoft ProPlus licenses to all new Office 365 accounts. These licenses allow TSCs to
determine if and when a CSU or individual user will use any or all new Microsoft features and
functionality reserved for Office 365 customers.
Onsite post-migration support will be provided the morning after migrations for each CSU.
Out of Scope
The following deliverables or tasks are out-of-scope for this project:
Migrating a CSU off its own email server and onto Office 365. Due to the complexity of migrating from a
non-ITS email server to Office 365, individual project plans need to be created jointly by ITS and the
CSU for each of these migrations.
Large-scale data remediation in Exchange for a CSU.
Downloading, installing, or authorizing any new feature or functionality available to Microsoft ProPlus
licensees including, but not limited to, the new Outlook for Mac. While a ProPlus license allows access
to features and functionality, the installation and management of those features and functionality
belongs to the individual TSCs and is outside the scope of this project.
Strategy or implementation regarding other Office 365 related services (e.g., Office Web Apps,
Sharepoint Online, Lync, OneDrive, or Project Online)
Project Charter
Page 2 of 6
Office 365 2015 Migrations
Document Version 2.0
Project Goals
The primary goals of this project are:
Conduct migrations from AEMS to Office 365 on an opt-in basis.
Provide each College, School, or Unit’s (CSU’s) Technical Support Contact (TSC) information, support,
and guidance as they complete pre- and post-migration tasks.
Ensure that 100% of mailboxes that are migrated are functional post-migration, including being able to
send and receive emails and perform all standard calendaring functions in Office 365.
Ensure that 100% of non-resource mailboxes that are migrated and accessed with mobile devices are
functional post-migration on those mobile devices, including being able to send and receive emails
and perform all standard calendaring functions.
Have no more than a 5% mailbox failure rate during mailbox migrations.
Project Schedule
PHASE
Q1 2015
FTE
Jan
Plan
1
Solution Analysis & Tools Testing
2
Pre-migration Tasks
3
Mailbox Migrations
4
Update Documentation
1
Project Closeout
1
Feb
Q2 2015
Mar
Apr
May
Project Roles and Responsibilities
Role
Name(s)/Organization(s)
Responsibilities
Governance
Committee
Architecture and
Infrastructure Committee
(AIC)
Executive
Sponsor
Brad Englert, CIO
Endorse the project charter and provide
approval for the project.
Approve major project scope or schedule
changes.
Responsible for the success of the
project.
Customer
Steering
Committee
Charles Soto,
Communication
Michael Bos, Athletics
Cesar de la Garza,
Development
Ruby Philipose, ITS Help
Desk
Project Charter
Review project charter
Review project timelines and progress
Review and accept project deliverables
Page 3 of 6
Office 365 2015 Migrations
Document Version 2.0
Terry Gibson, ITS Managed
IT Support
Trice Humpert, ITS
Systems
Sandra Germenis, ITS User
Services
Jamie Southerland, Shared
Services
Brad Van Schouwen, ATS
Project Manager
Sabina Winters, PMP, ITS
Systems
Technical Lead
Glen Martin, ITS Systems
Project Team
Stephen Walker, ITS
Systems
Don Nash, ITS Systems
Larry Liberty, ITS Systems
Evan Rabinowitz, ITS Help
Desk
Andrew Fogelsong, ITS
Managed IT Support
Connie Lobb, ITS
Communications
Avanade Professional
Services Team
Departmental TSC’s to be
identified
Information
Security Officer
Cam Beasley
Act as security consultant and assess
security needs for the project.
Networking
Point of Contact
Stakeholder(s)
William Green
Act as networking consultant and assess
networking needs for the project.
Project Charter
Provide project planning, coordination,
and communication. Provide overall
status reporting of deliverables. Track
progress toward completion of the
identified project goals.
Lead solutions analysis and design
efforts.
Produce deliverables, create
documentation, and provide technical
assistance to contracted Professional
Services resources.
Architecture and
Infrastructure Committee
ITS Help Desk
ITS Managed IT Support
Academic Technology
Services
Faculty and Staff AEMS
mailbox users
Page 4 of 6
Office 365 2015 Migrations
Document Version 2.0
Project Facilities and Resources
The following facilities and resources will be required for this project:
The virtual machine utilized during by the Office 365 project prior to project suspension in January
2014 that can run the existing Avanade Accelerate tool.
Professional Services staff sufficient to run the Avanade Accelerate tool and to assist ITS resources
where necessary.
Full engagement of multiple departments to support the project, including ITS Help Desk, Managed IT
Support (MITS), and ITS Systems.
Full engagement of Academic Technology Support (ATS) before, during and after the migration of
customers that ATS supports, such as College of Liberal Arts and Provost’s Office.
Customer and TSC action and engagement before, during, and after migrations, including active
participation in planning and communications to the members of the College, School, or Unit (CSU),
preparing the mailboxes to migrate, and testing that the migrations have been successful.
Impact Analysis
This project has the following potential areas of impact:
Individual or departmental mailbox owners that are hosted on Office 365.
Individual or departmental mailbox owners that will continue to be hosted on AEMS.
Any systems that rely upon connection to, or data exchange with, AEMS.
Assumptions
This project has the following assumptions:
This project will be the last large-scale migration of mailboxes to Office 365 for UT Austin. However, it is
expected that a small number of on-premise mailboxes will remain after this project is concluded. It is
expected that ad hoc mailbox migrations will continue as a normal course of ITS-Systems and Help
Desk business throughout 2015 as needed.
Avanade has been selected as the Professional Services Partner for this project due to their previous
successful experience with UT Austin on Phase 1 of the project.
Avanade and ITS-Systems will be able to re-use tools, technologies, processes, and communications
created and perfected during the previous Office 365 migration project with limited changes required.
All required staff members, both at UT Austin and professional services firms, will be available and
fully staffed for the duration of the project.
TSCs and the ITS Help Desk (as appropriate) will handle Tier 1 and Tier 2 support for this project and
email in general.
ITS-Systems (as appropriate) will handle Tier 3 support for this project and email in general.
Constraints
This project has the following constraints:
Project Charter
Page 5 of 6
Office 365 2015 Migrations
Document Version 2.0
Academic units migrating will be completed prior to the last day of classes during the spring semester
2015 (May 8th), unless an Academic Unit specifically requests to go later and the project team agrees
to that request.
Some administrative units require migration activities to begin after the last day of classes during the
spring semester 2015 (May 8th) due to administrative activities that must be completed prior to
graduation.
Risks
This project carries the following risks:
If insufficient qualified resources are assigned to the project at any point during the project, the
project quality, timeline, and/or budget will be negatively impacted.
Successful mailbox migrations are dependent on individual CSUs fully completing the pre-migration
work required. If pre-migration work for a CSU is not completed, the migration for that CSU could
have a sub-optimal outcome or migration of those mailboxes may be removed from scope at the
project team’s discretion.
Unsuccessful mailbox migrations may have a detrimental and potentially catastrophic impact on a
CSU’s business processes.
The mailbox migration process has been optimized for the Microsoft Exchange and Office 365
environment as of early spring 2015. If Microsoft makes any large material changes to that technology
or environment, the migration tools used during migrations may be detrimentally affected.
Revision History
Version
Date
Updater Name
Description
V 1.0
February 9,
2015
Sabina L Winters
Initial draft completed with feedback
incorporated
V 2.0
February 12,
2015
Sabina L Winters
Updated roles and responsibilities,
updated project schedule, grammar
corrections
Document Approvals
Name
Project Charter
Version Approved
Approval Method
Date
Page 6 of 6
The University of Texas at Austin Web Linking Policy
Last Updated: 2015-01-29
Last Reviewed: 2105-01-29
Purpose
UT Austin complies with the State Website Linking and Privacy Policy.
The purpose of The University of Texas at Austin (UT Austin) Web Linking Policy is to define provisions
for members of the public to link to or copy information from a UT Austin website, as well as to outline
UT Austin’s standards and criteria for linking to third-party websites.
Scope
UT Austin by and through its academic, research, and administrative units and programs, owns, controls,
operates, or maintains websites under a number of domains or web addresses (collectively, a “UT Austin
website”). This Web Linking Policy applies to all UT Austin websites.
Linking to UT Austin Websites
Advance permission to link to a UT Austin website is not required. UT Austin subpages may change or be
deleted at any time without notice; entities and individuals are encouraged to routinely verify links to
UT Austin website pages.
An entity or individual may not capture UT Austin website content within a frame on another website,
present the information as its own, or in any way modify the content and then present it as content of
UT Austin. Certain information displayed on a UT Austin website may be trademarked, service-marked,
or otherwise protected as intellectual property and must be used in accordance with state and federal
laws and must reflect the proper ownership of the intellectual property.
Links that create a downloading burden on UT Austin’s server(s), such as certain dynamic sites, graphics,
or tables, constitute a misuse of state resources.
Any link to UT Austin websites should pass the user’s browser to the appropriate page on the UT Austin
website without barriers. The "back" button should return the visitor to the original site if the visitor
wishes to back out.
Entities or individuals that link to a UT Austin website should use reasonable efforts to ensure that
persons with disabilities may access their websites. Visit the UT Austin Web Accessibility Policy for more
information.
Linking from UT Austin Websites
Third-party websites comprise any non-UT Austin website. Linking to third-party websites that further
the business goals and mission of UT Austin is permitted.
Linking to another entity’s website does not constitute an endorsement of the content, viewpoint,
accuracy, opinions, policies, products, services, or accessibility of the site. Visit the UT Austin
Sponsorship Guidelines for more information.
1
The University of Texas at Austin Web Linking Policy
UT Austin reserves the right to deny links to third-party websites if it determines that a website contains
misleading or unsubstantiated claims, conflicts with the purpose of UT Austin, or fails to conform to the
requirements of this linking policy.
External Web Sites
Upon leaving a UT Austin website and visiting an external site, the policies governing the UT Austin
website no longer apply. Questions and concerns regarding the information or services provided by a
linked site must be directed to the entity or individual responsible for that site, rather than to UT Austin
webmasters.
Copying Information from UT Austin Websites
Information posted on a UT Austin website, and accessible to members of the public, may be copied
provided that it is in accordance with any limitations specified by this policy or federal copyright law, is
not presented in a misleading way, and is not construed to be endorsed by UT Austin.
Entities or individuals that copy and present UT Austin information must identify the source of the
content, including the URL for the content or nearest entry point leading to the content if a URL is not
available, and the date the content was copied.
Entities or individuals that copy and present UT Austin information on their websites must accompany
that information with a notification stating that UT Austin does not endorse the information as
presented on their website, nor does it endorse the entity or individual.
To protect the intellectual property of UT Austin, copied information must reflect the copyright,
trademark, service mark, or other intellectual property rights of UT Austin.
Privacy
For more information on site privacy and confidentiality policies, visit the UT Austin Web Privacy Policy.
Questions
If you have questions or concerns about this Linking Policy, email the University Communications
Standards Committee.
Change Log
Date
Change Description
2015-01-29
Policy created.
2