See draft minutes attached - Technology Infrastructure Forum

advertisement
TECHNOLOGY INFRASTRUCTURE FORUM
Wednesday, September 29, 2014
10:00-11:30 a.m
Andrews Room, Social Sciences and Humanities Building
DRAFT MINUTES
Attendees: Jamie Butler and Paul Rivette (TIF Co-chairs); Tom Pomeroy (TIF-Security Chair); Huy Tran (TIF-CSI Chair); Steve
Pigg (TIF-I Chair); Beau Patrette (for Randy Anderson); Charles Baker; David Blizzard; Anthony Drown; Tom Fortis; Adam
Getchell; Safa Hussain; Flo Inzunza; Ken Jones; Dewight Kramer; Tracy Lade; David Levin; Morna Mellor; Viji Murali; Hai Vu
Nguyen; Minh Nguyen; Anita Nichols; Hemang Patel; Jeremy Phillips; Sheri Pulis; Mark Redican; Steve Schwarz; Dale Snapp;
Albert Sy; Dan Tory; Josh Van Horn; Mike Wall; Laurie Warren; Paul Waterstraat; Gabe Youtsey.
Excused: Cheryl Washington;
Absent: Nathan Affleck; Jeff Barrett; Brigette Bucke; Alfred Chan; Martha Cornejo; Dan Cotton; Paul Hawley; Chip Mrizek; Monte
Ratzlaff; Mark Redican; Dawn Roarty; Kristie Sallee; Ray Tai.
Coordination and liaison to CIO Office: Babette Schmitt.
1.
WELCOME AND INTRODUCTIONS
Paul Rivette and Jamie Butler, TIF Co-chairs for 2014-15, welcomed everyone to the first meeting of the
Technology Infrastructure Forum for the new academic year.
Rivette solicited input on the draft minutes from August that were circulated to the membership. No revisions
were identified. Comments and suggestions should be sent directly to Babette Schmitt in the Office of the CIO
by the end of the week.
Rivette introduced the new CIO, Viji Murali, as well as the new members who’ve been appointed to represent
their units on the TIF this year. A round of brief introductions followed, including three new chairs for the TIF
subcommittees: Huy Tran for Client Services Issues (CSI); Tom Pomeroy for Security; and Steve Pigg for
Infrastructure. (See 2014-15 TIF roster.)
2.
YEAR-END REVIEW AND MAJOR AREAS OF FOCUS FOR 2014-15
Jamie Butler summarized the objectives for today’s meeting as being twofold: a) review the TIF’s charge, role
and structure; and b) identify major topics for this year’s work plan. The focus of today’s discussion is on
identifying topics, not delving into or resolving issues. The list the TIF develops today will be discussed and
prioritized at the next meeting of the steering committee. All members are encouraged to contribute to the
work plan, now and on an ongoing basis throughout the year. CIO Murali indicated she plans to bring a couple
of topics to the TIF next month.
Jamie gave an overview of the TIF’s charge and membership, and reviewed the TIF’s main areas of focus and
accomplishments from 2013-14, including several recommendations that were submitted to the campus CIO
on behalf of the membership. The TIF is a committee of technology leaders from academic and administrative
units at both the Davis and Sacramento campuses who come together once a month to discuss major campus
technology issues. A steering committee helps guide the work of the TIF, primarily by prioritizing topics on
the work plan and by mapping out a course of action for issues, concerns and proposals/recommendations.
See slides.
Jamie solicited input into the preliminary work plan. Suggestions from the membership included:
 Featuring application development and procurement more prominently as a key topic this year
 Increase interest in Sharepoint online as a way to facilitate business needs
 Strategy for Office 365 and other tools (OneDrive, Sharepoint, etc.) – need governance model
 Need to understand changes being made to cloud services on campus and by vendors; need service
metrics model (level of service to expect, reporting issues, etc.)
 Problem management, service issues
 Salvage (e.g., tax hardware upfront so it’s easier to retire)



Training for end users – how to improve the situation on campus
On-boarding – at its core is an HR issue but has significant implications for the technology support
staff in campus departments; need to find out status and strategy; who ‘owns’ the issues?
Asset management
Jamie thanked everyone for their input. This is only a preliminary discussion. There will be other opportunities to
contribute, including by contacting the chairs of the TIF or subcommittees, or Babette Schmitt, with suggestions,
questions or concerns.
3.
FOLLOW-UP TO RECENT TIF DISCUSSIONS
Jamie Butler introduced a handful of updates on major topics recently discussed by the TIF. He noted that a
priority for this year again will be to coordinate status updates on major topics of interest to the membership, and
to track the status of the TIF’s recommendations to IET and others.




Procurement discussion with Office of the President and Materiel Management (follow-up from
August meeting) – Gabe Youtsey has been following up with both offices to compile the answers to the
TIF’s questions and to coordinate getting the correct UC Davis procurement data. He will share the update
with TIF.
A-21 requirements – AVC Mike Allred mentioned the A-21 requirements will go away in December. The
A-21 Circular is maintained by the Office of Federal Financial Management. It establishes principles for
determining costs applicable to grants, contracts, and other agreements with educational institutions. All
Federal agencies that sponsor research and development, training, and other work at educational
institutions apply the provisions of the A-21 Circular in determining the costs incurred for the work. Allred
offered to come back and provide an overview of the anticipated changes to A-21 and their impact on
campus units.
Adobe contract– Gabe Youtsey announced that Adobe has requested an audit of UC Davis licenses of their
products. IET and Materiel Management have consulted the Office of the President and will work with the
TIF and ADMAN over the next two months to obtain the requested information. Caryn DeMoura from IET
will be reaching out with more information.
Information security awareness training – Dewight Kramer, from IET’s security team, announced the
availability of a new security awareness program through SDPS. The 45+ offerings are based on SANS
Securing the Human modules, with add-ons for HIPPAA and PCI training. Dewight encouraged all
members to help raise awareness among their staff and faculty. Contact Dewight directly with questions
and suggestions.
4. DISCUSSION: SERVICE VALUATION TEMPLATE
Steve Pigg and Jeremy Phillips presented the service valuation template and process that they created with the IT
Service Management SIG, much of which was borrowed from the University of Michigan. The SIG created the
template as a tool to compare multiple IT solutions for meeting the same need. If adopted widely, the tool would
help better understand the benefits and costs associated with specific build/buy/borrow questions (see template).
Steve noted that the template is not a finished product. Steve and Jeremy want feedback and support before
considering next steps. The template is designed to address the following problems:



It is becoming harder and harder to compare the costs and benefits of multiple service offerings or
approaches;
We don’t have shared tools to estimate short- and long-term costs of IT projects and services;
There is no standard way to present business decision makers with information to guide decisions.
To address these issues, Steve and Jeremy held three meetings with the ITSM SIG. They also consulted the Business
and Institutional Analysis (BIA) unit on campus as well as the Advisory Committee for Application Development
(ACAD) when the committee met from December through June 2014. In addition, they studied the model at the
University of Michigan and did labor comparisons (e.g., simple vs. fully loaded costs).
Steve discussed the various elements of the template (labor, non-labor, quantitative and qualitative benefits, etc.),
how to use them, as well as work they are in the process of completing (e.g., revising fully-loaded costs). Next steps
are to: encourage campus IT staff to start using the template; work with campus IT groups (including the TIF) to
require using the template to inform discussion of proposals; request that IET provide completed templates for
their services; and encourage both campus leadership and the budget office to embrace the template as a means of
better understanding IT spend. There was also discussion of identifying an owner of the template so it can be
championed, maintained and supported. It was suggested that the TIF or BIA might play that role.
Steve and Jeremy requested feedback about the template and the methodology it is based on. The template will be
discussed in more detail with the subcommittees and a proposal for endorsement will be brought back to the TIF.
5.
DISCSUSSION/ENDORSEMENT ITEM: MULTI-FACTOR AUTHENTICATION PROJECT
On behalf of the IET Security Team, Tye Stallard presented the proposal to establish a multi-factor authentication
project. The main goals of the project are to analyze multi-factor authentication alternatives and select a solution
that is easy for students, staff and faculty to use, and is efficient (in terms of cost per user, ease of application
integration, and ongoing support). The solution would be optional for application owners across campus
interested in a campus-managed multi-factor authentication service. It would be released in phases, starting with
IT professionals, systems that need to be PCI compliant, etc. With a central service offering, the team hopes to slow
down the proliferation of multi-factor authentication approaches that are already developing (see proposal).
The proposal was discussed several times with the TIF-Security subcommittee. Today, the team is seeking the TIF’s
support not to endorse a particular solution but to move forward with the recommendation to the CIO to establish
the project.
Two members were opposed to the proposal on several grounds:
 Multi-factor authentication is one element of a broader authentication and authorization system. To
introduce multi-factor authentication properly, we should also have in place an identity management
system as the background infrastructure for authorization. The campus needs to look at the whole
authentication approach in the context of all the critical infrastructure elements that are still missing, and
develop a comprehensive strategy that includes but also goes beyond multi-factor authentication. The
project team should be charged to accomplish both goals.
 Implementing multi-factor authentication would require that all users be provisioned to authenticate to
the system. There was the sense during the discussion that before it is implemented, the technology needs
to be explicitly defined so that the applications being developed or already in service can be fitted with the
MFA requirements. In addition, there are questions about the costs associated with adding MFA
requirements to campus applications and provisioning users.
Jamie Butler acknowledged these concerns and issues. He called for a vote on the proposal. The TIF endorsed the
recommendation to launch the project (18 in support; 2 opposed; no abstention). The recommendation will be
submitted to the CIO along with the dissenting views and concerns of a couple of members.
6. RECAP OF ACTIONS AND FOLLOW-UPS FROM TODAY’S MEETING
Jamie recapped the actions and decisions from today’s discussion:
 ENDORSED recommendation from TIF-Security to move forward with the creation of the Multi-factor
Authentication Project. The recommendation will be sent to the CIO, along with a brief summary of the
dissenting opinions (Jamie/Paul)
 Review draft minutes and contact Babette with changes before end of week (all members)
 Update the work plan to reflect today’s discussion (Babette/Jamie/Paul); send items to be added to the
work plan for 2014-15 (all members)
 Check with the Provost and Academic Affairs on the status of onboarding process ownership and issues
(CIO Murali)
 Invite Microsoft to present service offerings to TIF members (suggested by CIO Murali)
 Invite AVC Mike Allred to update the membership about the retirement in December of federal A-21
requirements for charging direct costs; new rules and impact on departments (Babette)
 Encourage faculty and staff to take the security awareness training available through the campus learning
management system; contact Dewight Kramer with questions or suggestions (all members)
 Send feedback about the service evaluation tool (all TIF members); meet with C. Baker, IET’s CFO, to discuss
the template; bring the evaluation tool back to TIF as a proposal for endorsement (Steve Pigg & Jeremy Phillips)
 Plan for a research theme at the October or November TIF meeting (Babette/Jamie/Paul).
7. TIF IGNITE! TWO YEARS OF EXPERIENCE WITH CLOUD SERVICES—Adam Getchell
Adam Getchell, Director of Information Technology in the College of Agricultural & Environmental Sciences, gave a
5-minute Ignite presentation on the work he and his team have done over the last couple of years using cloud
services. (see slides)
Adam gave an overview of several applications developed under the aegis of the Administrative Application
Development Initiative (AADI):
 The Pre-purchasing module -- handles the departmental pre-purchasing process and allows users to
submit any type of order request, including KFS, MyTravel, and other campus services. This application
also helps with the departmental approval process associated with approving order requests. The system
makes usage statistics prominently available to the user community: Over 64,000 orders have been placed
through the system, totaling $300M+ with 85000+ attached files and using 4200 different accounts. There
are over 3700 active users.
 The Academic Course Evaluations (ACE) system -- project to deliver an automated course evaluations
application that will be available to any campus units that would choose to use it. A cross-departmental
committee headed by faculty guides the work of a team of programmers designing the system. ACE will
draw data from Banner and will be able to feed data into MIV; it will be mobile-friendly and give the ability
to use quantitative and/or qualitative questions, with a variety of result outputs.
 The giving system – newest project the team is working on (both front end and back end).
These three projects have been on various wish lists for many years. The applications are the result of extensive
collaboration across campus, including administrative committees and teams of programmers from several
different departments.
The meeting adjourned at 11:35 a.m.
Download