adcom / nacs sharing session and uc information technology architecture group (itag) update and...
Post on 11-Jan-2016
218 Views
Preview:
TRANSCRIPT
AdCom / NACS Sharing Sessionand
UC Information Technology Architecture Group (ITAG)
Update and Feedback
Marina Arseniev Director of Enterprise Architecture, Security, and Data
Management ServicesAdministrative Computing Services
April 22, 2009
Agenda• Introductions• UC Information Technology Architecture Group
(ITAG)– Update on current projects and progress– Kuali RICE Assessment
• AdCom’s Architecture Initiative– Application / Technology Architecture– SDLC
• NACS Project Challenges and ITAG Feedback• Discussion of NACS and AdCom’s “common”
problems and requirements
Enterprise IT Architecture?• OpenGroup’s Architecture site and Zachman Framework• Zachman’s Key statements:
– “Enterprise architecture has everything to do with managing enterprise complexity and enterprise change.... “
– [Enterprise Architecture] .. ”technically is an ontology. “– “The descriptive representations that make up the knowledge
base of the enterprise constitute […] the “raw material” for engineering the enterprise for flexibility, integration, reusability, interoperability, alignment, mass customization ....”
– “Enterprise Architecture is not arbitrary…and not negotiable.”– “Enterprise architecture and system implementation are two
different things. “
What is ITAG?• “The Information Technology Architecture Group (ITAG) is an operational
group working under the aegis of the Information Technology Leadership Council (ITLC). “
• “Its mission is to create and maintain, on an ongoing basis, a repository of architectural principles, standards, practices, common frameworks and preferred technologies for use throughout the UC system. These are to be chosen with the primary goals of enabling integration, interoperability, and sharing across the system.”
• “The work of the ITAG will enhance sharing of applications and systems among UC campuses, […] support the eventual creation of a UC source code repository and facilitate coordination with national standards bodies. “
• Some ITAG members are also members of IT Architects in Academia (ITANA), an independent constituent group of Educause
ITAG effort currently in progress
• Interoperability Guidelines and Standards for University of California
• Summary of Campus Middleware Survey
• Kuali RICE Assessment– Each RICE component was evaluated separately– RICE is middleware and an Application Development
Framework– Evaluation Framework
– What is RICE? ( http://rice.kuali.org/ )
What is Kuali?
Kuali Identity Management (KIM)• Generating a unique “person” key and maintaining unique
person “identity” is one of a few services Identity Management Systems provide
• Like KIM, IdM systems store user, role, group, and attribute information related to a person
• Which role? Business role? Application Function?• In addition to storing who is in a “Low Value Purchaser”
Role, KIM can also store an “Attribute” indicating this role can only approve purchases for a specific amount, such as < $500
• Does not store “entitlements” or “privileges” per se.• In RICE 1.0, KIM is really only a data store for IdM data that
is managed externally, in a more robust IdM system• How will Kuali KIM integrate with NACS IdM?
Kuali Service Bus (KSB)
How could UC Irvine use an ESB?“Events” generate real-time business transactions and workflow, replacing
FTP
NACS Enterprise
LDAP
UCI Enterprise Service Bus
UCINetID /CampusID Request
to NACS
ParkingEmployee Payroll
Deduction
Payroll Application“Add Employee”
HR - New Employee
Event from GreenTree Hire
ID CardSAMS
User Authorization / Provisioning
UCOP Enterprise Service Bus
UCNetID Requestto UCOP
Learning Management System – Course
Registrations
ARC EmployeePayroll Deduction
Connexxus Travel Portal SAAS User
Provisioning AdCom’sLDAP
How could UC Irvine use an ESB?“Events” generate real-time business transactions and workflow, replacing
FTP
NACS Enterprise
LDAP
UCI Enterprise Service Bus
UCINetID /CampusID Request
to NACSParking
Purchase
UCOP UC-wide IdM
New StudentEvent
IDCard
Housing
UCOP Enterprise Service Bus
UCNetID Requestto UCOP
Learning Management System – Lab Safety Course
Registration
Student BillingSystem Registrar (XNET
Replacement)
Cafeteria
How could UC Irvine use an ESB? “Events” trigger emergency processes
and generate RSS feeds for continuous Web Updates
UCI Enterprise Service Bus
NACS WebUpdate Student Portal
Web Update
UCOP WebUpdate
Emergency Notice
UCOP Enterprise Service Bus
SNAP Web Update
Communications/ UCI Web Site
Update
Police WebUpdate
EvacuationProcess
First ResponderProcess
Kuali Nervous System (KNS)• Data Dictionary - data name, description, type, GUI representation (radio,
checkbox, drop down…)• Business Objects - represent entities in the system, Java Pojos• Inquiries - allow for drill down detail functionality and relationships• Lookups - allow for finding the Business Object Record that you want to
maintain or reference• Maintenance Documents - allow for maintenance of Business Objects
(Entities) through user transactions – Create/Read/Update/Delete (CRUD)• Transactional Documents - for business process based transactions• Reusable Custom Tag Library - makes building UI’s for Transactional
Documents easier• Business Validations Framework - allows for a plug point for writing
business validation code
Workflow GUI – Action List
Workflow GUI – Document Status
RICE has promise, however…
• Deadlines have slipped• RICE 1.0 will be the first downward compatible release
– due out June, 2009
• Stand-alone RICE needs load testing• Kuali is an ERP, is new, is complex. • Unknown, unproven, limited integration• Very ambitious future planned• Resources must be submitted from Higher Ed like us in
the form of $ and programmers• ITAG is working with ITLC on letter to Kuali Foundation
regarding assessment results
AdCom’s Architecture Initiative
• Applications
• Software Development Life Cycle (SDLC)
• Technology Architecture and Middleware
What does Administrative Computing Services do?
Financial System IBM Mainframe
CICS/Cobol
Data CenterDesktop Support
And Helpdesk
SNAP Administrative Portal
uPortal Web/Java
TED Learning Management
Microsoft IIS/.ASPVendor
Facilities Management Work Order / BillingTririga ERP Vendor
JBoss/Java
PayQuest Reimbursement
SolarisWeb/Java
Payroll at UCOP IBM Mainframe
CICS/Cobol
Purchasing andAccounts Payable
IBM MainframeCICS/Cobol
Human ResourcesSelf-Service
Solaris Web/Java
Student BillingPowerbuilder
GreenTree Hiring Manager/
Applicant Tracking System Microsoft IIS/.ASP
Vendor
Permanent BudgetPowerbuilder
FacilitiesSelf-Services
SolarisWeb/Java
And much more…
Central Credit Card Payment - Solaris
Web/Java
Student FinancialServices Systems
Web/Java
What do our Applications Require?
Disaster RecoverabilityHigh Availability
Goal: 24 x 7
Ease of Use / Common User Interface
And more…
Application
24 x 7 Support Minimal maintenance,
heavy cross training and Helpdesk
Auditability /Correctness
Secured Access ControlPenetration TestingQuality Assurance
Architectural IntegrityReuse of tested components
Reuse of staff skill sets
Compliance and Governance -
Section 508, SAS 112, Tax Relief Act,HIPAA, PCI DSS, SB1386, FERPA,
FTC Red Flag
What are our controls?• Incorporation of effective and best practices • Currently using Payment Card Industry Data Security
Standard (PCI DSS) as the standard for security controls even for non-Credit Card taking applications.
• An Enterprise Architecture and Software Development Life Cycle (SDLC)– Project, Task, and Time Tracking using JIRA / Confluence– Architecture, design, security, database and code review protocols
and approvals– Formal quality assurance, security scans (AppScan), code scans
(JTest and FindBugs), and load testing (using JMeter) are required for production turnover approval
– Production turnover checklists and approval workflows in JIRA
What are our controls? (cont.)• Formal Change Management process…
– Weekly mandatory meeting for all staff – often only 15 minutes– Minimize collisions of changes to network, hardware, OS, firewall,
middleware, Web Server, or application that can result in downtime or security problems
– Use Oracle Calendar to schedule work and planned downtime– Require test plans and checklist at least 2 weeks prior to change– Production code turnover is performed by production control staff, in
compliance with “separation of duty” required by auditors and SAS 112 Compliance.
• Communication Plans– Monthly Status Reports that go to stakeholders with escalation
notices as necessary– Service Level Agreements– Roles and Responsibilities Documents
Value of AdCom’s Enterprise Architecture Initiative?
• We all do it to varying degrees already • Answers “what” needs to be done, “how” and in what
“sequence” to be most efficient, cost effective, and align best with business goals and strategy.
• It sets the “boundaries” and ground rules for how decisions are made using “Guiding Principles”
• Usually involves multiple layers that reduce costs and align technology with business stakeholder missions
• Based on best practices and is a best practice
AdCom’s Stack
Examples we use
• University of Washington
• M.I.T.
• University of Texas
• Alaska
AdCom’s StandardApplication Architecture
• A consistent and reusable application development “blue print”
• Common and tested components
• Defines how an application will be built - what components and APIs
• Exceptions to architecture reviewed and by approval
• Vendor applications often exempt
Application
Sybase SQLServer,
mySQLANSI SQL
SAMS
WebAuth / Shibboleth
LDAP
Apache/Tomcat / Java 1.6
Java FrameworkExpresso/RICE*
JSP / HTML / JavaScript
Drala WorkFlow
Jasper Reports
Apache CXFSOA
Spring/Hibernate AdCom GUI
Template
Architecture Governance• Usually done by consensus of senior technical staff in
AdCom services in periodic meetings
• Exceptions reviewed by team for approval– Example 1: request to use AJAX in Human Resources application.
– Example 2: request to bring in a vendor Microsoft IIS/.ASP application
– Example 3: request for a reporting solution resulted in an evaluation and department-wide adoption of Java Jasper Reports.
– Example 4: request for a standard solution for web form pagination of database data resulted in adoption of DisplayTag component (server-side and javascript technology)
• Quarterly meetings to review “Technical Reference Architecture” and approve new technologies and “sunset” or decommission older technologies
Middleware• As NACS and AdCom know, common middleware
infrastructure and common applications should be operated centrally – Departments/programs/activities should not have to build their own
core middleware
• What are examples of middleware AdCom uses?– SAMS AuthZ – WebAuth, 2-factor RSA Authentication, Shibboleth– HTTP, SOAP, WSDL, XML, SOA Services CXF– Messaging – Java Messaging, Microsoft Transaction Services– JDBC, LDAP– Common logging (log4j)
• Common applications? – Password or “secret” storage (SecretServer), Wiki, JIRA Project and
Issue Tracking, Workflow, Calendar, Content Management System, Learning Management System, Portal
Plans and next steps?• AdCom is planning to run Kuali Coeus (2010) and Kuali
Financial System (~2012) on a stand-alone instance of RICE.• AdCom may invest in home-grown RICE applications• AdCom would like to work with NACS on leveraging the UC
Information Technology Architecture Group (ITAG) to help our campus middleware plans and implementation– Is NACS interested in any RICE components covered today?
• AdCom is facilitating a work group to evaluate “Enterprise Authorization” solutions– What is the intersection of Kuali Identity Management (KIM), which is
also a repository for Users, Groups, Roles, and Role Attributes, and NACS’ LDAP and IdM plans?
– What do we do with AdCom’s SAMS?– Do we need to fold in our requirements for ITAG consideration?
What are NACS Issues?
• What are NACS project challenges?• Any feedback or ideas that I can share with
ITAG?
What are our “Common” Problems and Requirements?
• When developing applications, what do you spend most of your time on? GUI? Interfaces? Requirements? Design? Coding?
• What do you find yourself doing over and over again?
• Where do you see the largest number of bugs or problems?
• How do you QA your apps? Is an SDLC used? When is your app “good enough”?
• Do you use an application development framework?
• What are your favorite programmer tools?
• What best practices do you employ for application security?
• What are your controls? Who decides what technology to use?
• How do different project teams communicate? Share knowledge? Cross-train?
• How does your organization eliminate redundancy and consolidate or reuse tools?
• How does your organization separate roles and responsibilities and consolidate functions of staff? How do you eliminate “silos”?
• How do you deal with project prioritization? Changes in application scope?
This presentation: https://webfiles.uci.edu/marsenie/ITAGFeedback_NACSAdCom.ppt
top related