ITCC20031112 - Northwestern University

advertisement
Current Work in
System Architecture
November 2003
Tom Board
Director, NUIT Information Systems Architecture
Information Technology
Presentation Outline
•
•
•
•
•
Context
Business environment
Security
Integration
Architectural future
We are heading toward a future that will be based on
these ideas.
Information Technology
Context
• Self-service. The world expects it.
• Central digital identity. The basis for
service unification and enhanced security.
• Loosely-coupled systems. Replace tight
integration between systems with Web
Services to expose functions in standard
ways.
Information Technology
Business Relationships
Clients
within or
outside NU
NU Providers
Enabling
Technologies
Three groups:
– Clients/Users
– NU Service Units
– Technology Enablers
Service Methods
Applications and Tools
Identity & Security
Technology enables NU
service units to create
the best services for
their particular clients
Information Technology
Technology’s Role
Organizational Excellence
Human Capital
Information Technology
• Information Technology
enables – it is not an end
• Effective IT increases human
capital effectiveness
• Human capital realizes the
goals of the organization
• As IT capabilities improve,
human capital adapts to its
advantage
• Higher levels of excellence
can be achieved
Information Technology
Best-in-Breed Services
• Once defined, a System
Purchased software
Architecture permits the
Locally authored
run locally
University to deploy the
best IT approach for each Purchased
Internet-based
given application
services
• The University need not
build or house the IT
services – best-in-breed
solutions can be integrated
Information Technology
together.
Information Technology
University Business Environment
The user’s experience
should be of unified access
to services through a
standard, Web-based
portal. Transactions with
applications are initiated
through this portal.
Based upon identity
attributes set by Human
Resources and the
Registrar, institutional
roles are defined that
create separate views of
University systems in that
context. This is also a
available for basic
application security.
Information Technology
University Business Environment
Using portal technology
will group functions
around the individual’s
personal responsibilities.
Roles present functions in
context and can enforce
additional authorizations.
Tailoring of role functions can
follow specific entitlements
granted by service providers.
Personalization gives the
person control to optimize his
or her time and use of
information.
Information Technology
Service and Data Flow
Coupled
central applications
HRIS
SES
Common
credentials
Portal
LDAP
Central identity
and entitlements
The combination of unified presentation, common
authorization, and standard connectors will create a
seamless service to the end-user.
End-user
Identity management will be a key aspect of the
infrastructure serving the entire network.
Authoritative identity information from key
systems will define roles and default entitlements.
Information Technology
Security
• NU will need firm management of digital
identities to give service units confidence
• We will need to adapt existing systems, and
specify new ones, to achieve desired levels
of security.
Information Technology
Role-Based Security
Registration
Roles assigned to identities offer
an initial screening of access to
resources. This screening can
occur at the application or even
within the network itself – making
access to host systems impossible
for some individuals.
Financial
Time Entry
Department
Assistant
Student
Information Technology
Delegated Access Control
Application
security
Local service
access rules
Sensitive
data
Unified central identity
management allows delegated
control of access by service
administrators.
Credentials
Entitlements can be based on
roles (by job class) or
membership in groups or
individually through rules.
Portal
Central management
Application management
Information Technology
System Integration
• We should enhance services by coupling
enterprise systems to speed processes
• Portal-based access to services relies upon
this coupling
Information Technology
System Integration
“Integration” is a perception by the customer of a
unified service. A restaurant appears as a unified
whole delivering a service.
The appearance of integration is realized by coupling
systems, not merging them. The cook, waiter, and
cashier are separate systems that communicate
effectively to deliver a single service to the customer.
A breakdown in that communication exposes the
internal structure to the customer.
An integrated administrative system will deliver a set
of services crossing boundaries hidden from the
customer through effective coupling of systems. The
resulting service structure only appears monolithic,
but remains distributed. Each separate system can be
a best-in-class solution to its needs, with the
necessary requirement that it communicate well to
the remainder of the administrative matrix.
SES
Financials
Advance
Research
HRIS
Information Technology
Integration Benefits
Human Resources System
Integrated enterprise systems
can reduce the time to
complete services across the
University, eliminate manual
steps (and errors), and create
auditable transaction records.
A hiring event can trigger
financial and service actions.
Some actions could be
immediate and others queued
for review by service
administrators before
fulfillment.
Later events, such as
completed training, can be
promoted back into the HR
record for the employee.
Hiring Event
Employee
Record
Provision
NetID
Provision
ETES
Queue to
ERP
Provision
Wildcard
Notify
supervisor
Provision
access
Provision
local services
Provision
directory
Encumber salary
and benefits
Schedule
training
Schedule
training
Provision
calendar
Notify unit
funds mgr
Subscribe to
email lists
Subscribe to
email lists
Notify
supervisor
Notify
supervisor
Information Technology
Queue to
school
Summary
• User self-service, reduced manual interfaces, and
easier deployments will save effort and reduce
errors
• Unified identity management will create
consistency of services and security across the
University
• Vendor adoption of application coupling methods
combined with simplified local development will
speed deployment of new functions
• The portal navigation point will reduce confusion
and save time
Information Technology
The Challenge – Application Silos
Identity Management and
Authentication
Authorization
Users
Business
Unit
Business Rules
Processing
IT
Database
Reporting
Interfaces
Application silos develop
naturally around business
systems and software under
standard architectural planning
and funding. Each business
unit invents user management,
tracks authorizations, and
builds interfaces to other
systems.
Silos limit views of institutional
data, fragment security, require
manual re-entry of data and
detract from the user’s
“integrated system” experience.
Information Technology
The Future
IT IdM &
Portal
Identity Management and Authentication
Users
Role-Based Business Rules
Business
Unit Focus
Application
Business Rules
Application
Business Rules
Application
Business Rules
Application
Business Rules
Application
Business Rules
Database
Database
Processing
IT
Services
and
Facilities
Database
Database
Database
Transaction Bus
Warehouse
Reporting
Information Technology
Download