The Other Side of Middleware:Working with Policy Makers, Data Owners and Campus Constituents
Panelists • Joseph Lazor Florida State University • Lesley TolmanTufts University • Dave TomcheckUniversity of California, Irvine • Art VandenbergGeorgia State University • Ann WestEDUCAUSE/Internet2/Michigan Tech
A Bit About Middleware • Middleware makes “transparent use” happen, providing consistency, security, privacy and capability • Identity - unique markers of who you (person, machine, service, group) are • Authentication - how you prove or establish that you are that identity • Authorization - what an identity is permitted to do • Directories - where an identity’s basic characteristics are kept
Topics Not Covered • Business Case • Long-term Value • Technology details
Themes • Middleware is not just a technology project • Implementation challenges are a reflection of • Institutional culture and needs • Installed technology, requirements, and available resources • Leadership
Topics • Project Methodology • Stakeholders • Challenges • Lessons Learned
What’s unique about middleware? • It’s like an ERP project • Cross institutional impact and value • Changes the way business is done • Leverages the crown jewels, our data • It’s not like an ERP project • Rare for non-IT to lead the way • Costs less • Rare for the IT-data staff to implement it • Difficult to communicate the benefits • Transparent
Project Methodology • Three project approaches • Stealth • Application-based • Strategic
Stakeholders • Contributes to or benefits from implementation • IT (supplies/oversees data; offers services) • Telecommunications • Campus-wide (email, calendaring, video, etc.) • Administrative • Academic • Student Services (supplies/oversees data; offers services) • Registrar • Financial Aid • Advising • Admissions • HR (supplies/oversees data; offers services) • Finance (supplies/oversees data; offers services) • ebusiness (vendors)
Stakeholders • Library (supplies/oversees data; offers services; consumers) • Research services (supplies/oversees data; offers services) • Advancement (supplies/oversees data; offers services) • Alumni (supplies/oversees data; offers services) • Athletics (supplies/oversees data; offers services) • Academia (faculty/departments) • teaching (supplies data/consumer) • on-campus • distance ed • research (supplies data/consumer) • Facilities management (supplies/oversees data; offers services) • Students (supplies/oversees data)
Challenges and Pitfalls • Misjudging readiness of environment • Business needs are not obvious • Aim, fire, ready • Going too slow is a problem too. • Lacking leadership and support • IT trusted? • IT on board? • Where are the weak spots? • Failing to plan up-front • What could go wrong/right? • Just-in-time opportunities • Not setting boundaries, short and long term • Leaving out key participants • Do they lose control? • Do they need control? Do you?
Challenges and Pitfalls (cont.) • Incurring legal or PR risks • Your president gets a call… • Educating campus • What have you done for me lately? • Why should I care again? • Best practices • Passwords are like underwear… • We’re never done • Resourcing the project • Missing one or more function: architect, implementer, project manager, communicator • Do this in your spare time… • Let’s go for the big bucks… • Moving the on-going cost to the infrastructure category • Moving the operations to data-knowledgeable staff
Suggestions • Plan up front • Educate IT well before the external campaign • Assess weak spots • Allocate resources • Consultants, Training, Creative management? • What are the boundaries? • Be flexible and allow for opportunities • Overall architecture and tenets • Go for the easy wins to set up a track record • Include ability to iterate, pilot, and fail; iterate, pilot, and succeed • Identify ways to measure benefits ahead of time for later flag waving • Consider opportunities taken, productivity gains through self-service
Suggestions (cont.) • Include key stakeholders early • Don’t promise what they want; offer reality instead • Bring them inside and develop strategy together • Develop your story early • Decide if middleware should even be mentioned • Tie the implementation to culture and business needs • Use stories and words your audience can relate to • On-going communication is critical • Find IT staff who can talk to the campus constituents • Include web/hard copy/personal communications • Consistency and constancy of message • Use the informal network • Don’t do what you shouldn’t do
If you build it… • They will: • Want it before you know they want it. • Want it before the pilot is done. • Want it right after it’s done because department A wants it. • Wait and see until department A &B weigh in and then want it. • Wait until they are required to want it and still not want it.
Enterprise Directory Service:A Case Study Florida State University • Joseph A. LazorOffice of Technology Integrationjlazor@fsu.edu
Florida State UniversityHighlights • 58,000 students, faculty, staff. • Main Campus, London, Puerto Rico, Panama City Campuses. • 10th largest in research royalties. • 17th most wired –1st in Florida. • 1200+ Distance Learning courses. • Largest University owned supercomputer configuration in the U.S. • Bobby Bowden
Highlights • Centralized Finance & Administration. • Centralized Information Technology – Office of Technology Integration. • AVP-CIO – Provost & VP F&A • Administrative: human resources, financial, student, administrative services. • Academic: Network, Labs, E-mail. • User: Helpdesk, CBT training. • Office of Distributed Distance Learning – Blackboard. • Data Center • Colleges, Schools operate with great deal of autonomy.
Enterprise Directory Service • Mission • Provide FSU and Our Constituents With Secure • Web Delivered Information Services that are: • Personalized • Access to Many System Services with ONE Password • Easy to Use • Easy to Support • Available World-wide • Based on Progressive Industry Standard Technology • Positioning FSU for Integrated Systems with a Single Login.
Enterprise Directory Service • Expanding Community of Constituents • Expanding with “Lifelong Relationships”, Distance Learning, and Enrollment Management, etc. • Students on Our Four Campuses plus • Remote Learning Centers and Distance Learners Worldwide • Special Education Relationships (e.g.. Navy, Army, IRS) • Faculty and Staff • Prospective Students
Enterprise Directory Service • A Complex Community of Constituents • Students and Alumni sharing information • Family, Friends and Potential Employers – Delegation of Access • Alumni Access to Services after they leave FSU • Academic • Business Partners i. e. Technology Transfer Partners • Research Partners i. e. Mag Lab, Internet 2, JA-SIG, Weather Service • Administrative • Potential FSU Employees • Oversight Relationships i.e. Purchasing, Accounting, Travel • Vendor for Business Services i e. Bookstore, Food Services • Complexity - Invisible to people using Integrated Web Security
Enterprise Directory Service • Security with an LDAP • A technical word for - Progressive Industry Standard Technology • Strong Password Encryption Worldwide • Reliable 7/24 Access to Services • Selective Access Control with User Roles • Limit Number of Invalid Login Attempts • Password Change + Lost Password Processes • No Password Retrieval • Position Ourselves to Phase out the SSN and Move to Self-selected Webname for Web Identification
Enterprise Directory Service • Usability/Drivers • Single Login to Individualized Set of FSU’s Systems • Privacy & Security • Ease of Use, Familiar Look • Personal Choice of Favored Login Method • User Friendly Procedures (e.g. Lost Password, Secure Q/A) Help Desk Relieve • Personalized Services Environment (Real Name) • Fast and Easy Setup for First Time Users • Scalable to Larger Communities (Roles!)
Enterprise Directory Service Rollout Step One – Business needs – Campus wide. Web enabling legacy systems as foundation for Integrated Web Security was Implemented for Faculty and Staff Fall 2000. Personalized Web names
Enterprise Directory Service • Rollout – Continued • Step Two – Personalized User Account Service and the Integrated Authentication Process • Conduct training Sessions for Key Business Offices. • Implement the User Account Service and the Integrated Authentication Process (using LDAP) for Faculty and Staff; while Retaining the Current Menu and Applications.
Enterprise Directory Service • Rollout – Continued • Step Three – Students get Personalized Web services • Implement the New User Friendly Menu of Services including the Services for Enrolled Students. • Add Enrolled Students • Step Four - Implement Common Security and Password for ACNS and AIS Services - using LDAP
Enterprise Directory Service • Rollout – Continued Proceed to Integrate Additional Services and Communities: • Blackboard’s “Teaching and Learning Services” • FSU’s Web Based E-Mail • Alumni and Foundation - with our Shared Login • “Admitted but not Enrolled” Students • People applying for jobs at FSU • Student Support Service Toolkits for Staff • Student’s Delegation of Access - Family & Employers
Enterprise Directory ServiceOutputs/Results • Integrated Web Security, and the Services Accessed through it, will Position FSU as an Integrated Web Services Leader in Higher Education. • FSU will be Positioned to Continue that Leadership with the Future Implementation of Digital Certificates which will Provide a technique for electronic signatures - an even Higher Level of Security.
Enterprise Directory ServiceCase Study • This concludes my first presentationand now Art!
Georgia State University – Case Study 1 Middleware:Working with Policy Makers, Data Owners, and Campus Constituents • Art Vandenberg • Director, Advanced Campus Services • Information Systems & Technology • Georgia State University • Avandenberg@gsu.edu
Culture, Business Needs& Project Methodology • CIO - top level sponsor of eUniversity • Analogous to eCommerce, higher ed needs: • Directory services (not limited point solutions) for id, authN, authZ per application • Seamless interfaces to applications: libraries, email, calendaring, eLearning, room/resource access, etc. • Reduction of multiple electronic identities • Specific commitment, assignment & charge for Advanced Campus Services - broad coordination
Specific Direction& Action Plans • Feb 2000, ACS charged with: • University-wide directory, metadirectory • Universal account creation (namespace) • Universal email solutions • Interface to other electronic domains (one card, library…) • Public-private key infrastructure • NOTE: Georgia State’s ERP domain: • Peoplesoft financials, Student SCT begun, WebCT…
Stakeholders • CIO and IT directors • Steering Group, scope doc, charter • Data Stewards for Person Working Group: • registrar, hr, financials, card office, person registry • LDAP Technical Working Group • Application domains • WebCT, student email, Rec Center, one card office • University System - discussion, promotion • CIOs, Vice Chancellor, Technical staff
Pitfalls/Missed Opportunities? • Misjudging readiness • Competing ERP deployments • “Not ready for prime time” PKI • Business needs not obvious • Hard to engage ERP teams focused on their core tasks • “But we can already do that!” (finding a killer app…) • “We’ll do that later, as soon as finished with priorities.” • Lack of trust from data custodians? • Not really, but challenges with“technical” custodians
… Opportunities?… • Re: Bringing in key stakeholders • Deference to ERP teams (hindsight is 20/20… but) • However…aircraft carriers need room (time) to turn • Changes the way we do business • Easier for new applications to embrace change? • WebCT, student email, Rec Center • Major event horizon (inevitable…) • First stop is person registry, then HR • Change process, not business • University System - a necessary engagement
Legal Risks with Data • Limit initial issues (but be aware) • If risky, leave data behind ERP wall (cf. bank accounts) • Person registry actually inserts level of protection • Publishing/provisioning can have appropriate limits • Registry remains behind access controls • White pages: “print” directory (Registrar/HR) • Core principles: • Authoritative sources remain ERP systems • Data Stewardship & Access Policy governs all data
Silos and Fortresses? • What about aircraft carriers? • Major ERP implementations already underway • Production and operations culture vs. R&D • Technical debates can be: <invigorating/debilitating> • Tactical versus strategic • Just do it (works well initially) • Iterative process, that keeps focusing on strategy • Remember, we’re part of a state system • Keeping one eye on national initiatives in middleware
Communication Model • Enterprise Directory Infrastructure Steering Group • CIO and IT directors • Start biweekly, phase toward monthly end year 2 • Level setting, resource identification, priorities • University System • Burton Group directory/PKI seminars (1999-2000) • Directory Working Group (3 research, system office) • Establish vocabulary, concepts, general consensus • Recommendation to ACIT (CIOs & V.Chancellor) • Directory of directories/system-wide id/ERP integration
Communication… • Conferences • University System Rock Eagle, CUMREC • Focus-IT newsletter, campus contacts • System Committee on policy for SSN • Internet2 Middleware working groups • Support group, sanity check, best practices • Consider as “retreat & renewal” for more evangelism • Technical staff (listen, be patient, leverage) • Work it until it’s part of the IT vocabulary
The Sales Pitch… • Focus on application areas • Middleware may be too arcane, except for “initiates” • “Printed Directory” as a metaphor • Provisioning - as it impacts colleges/depts: • Automatic course rolls for WebCT • Universal email(and for admitted students) • New staff hires (get them online “day one”) • Account management - as it impacts technical • User X has what accounts? Who is in application Y?
Hot Buttons – Internal Pressures • Doesn’t everyone use same email? (No!) • President: Why can’t I send email to all faculty? • “I want to choose my own unique ID” • New hire online “day one” • Group email, paperless office, email check advice • Too many ids, too little management • Operational/production missions take priority • Resources: staff, time, money (in that order)
Wormholes…Strategic Goals • Goose & gander (student email policy… staff too) • Aha! (Metamerge & NMI-R1 for dynamic groups) • Just do it! (Forgiveness negotiable) • Involve faculty & students (competitive edge) • Support teaching & learning mission • Integrate with ERP systems (Campus Pipeline…) • 3 years… but directory services on VC’s plan!
Carrots & Sticks • We’ll do this app for you if… • vs • We can do this app better if… • Involve from beginning? • Advantage sometimes, sometimes not • Good for us: research faculty & students • Find customer app that sells: WebCT, demographics • The problem you want: middleware advisors! • You’ve really arrived!
Overview • Technical Implementation of Institutional Policy • Pitfalls • Suggestions
Institutional Policy • Defining and Maintaining Policy, e.g. Parking Permits • Business Rules Derived from Policy • Implementing Technical Triggers of Policy • Applications enforce business rules and policy definition, e.g. SAA • Middleware glues applications via messaging and transaction services
Challenges • Data Owners and Control Issues • Policy Framework out of Sync with Reality • New Culture of Staff/Faculty/Students • New Mobility • Increased Regulatory Environment • Greater Concern over Privacy