information technology current work in system architecture november 2003 tom board director, nuit...
Post on 19-Dec-2015
214 views
TRANSCRIPT
Information Technology
Current Work inSystem Architecture
November 2003
Tom BoardDirector, NUIT Information Systems Architecture
Information Technology
Presentation Outline
• Context• Business environment• Security• Integration• Architectural future
We are heading toward a future that will be based on these ideas.
Information Technology
Context
• Self-service. The world expects it.
• Central digital identity. The basis for service unification and enhanced security.
• Loosely-coupled systems. Replace tight integration between systems with Web Services to expose functions in standard ways.
Information Technology
Business Relationships
Three groups:– Clients/Users
– NU Service Units
– Technology Enablers
Technology enables NU service units to create the best services for their particular clients
Clients within or outside NU
Service Methods
Applications and Tools
NU Providers
Enabling Technologies
Identity & Security
Information Technology
Technology’s Role
• Information Technology enables – it is not an end
• Effective IT increases human capital effectiveness
• Human capital realizes the goals of the organization
• As IT capabilities improve, human capital adapts to its advantage
• Higher levels of excellence can be achieved
Information Technology
Human Capital
Organizational Excellence
Information Technology
Best-in-Breed Services
• Once defined, a System Architecture permits the University to deploy the best IT approach for each given application
• The University need not build or house the IT services – best-in-breed solutions can be integrated together.
Locally authored Purchased software run locally
PurchasedInternet-basedservices
Information Technology
Information Technology
University Business EnvironmentThe user’s experience should be of unified access to services through a standard, Web-based portal. Transactions with applications are initiated through this portal.
Based upon identity attributes set by Human Resources and the Registrar, institutional roles are defined that create separate views of University systems in that context. This is also a available for basic application security.
p ers onal emp lo yee s tud ent
Search 12:34O c to be r 12
c us tomize
(c ) No rthw este rn Unive rs ity 2003. Send c omments to w ebmaste r@ northw este rn.edu
Pa y p e rio d e n d s Frid a y - p le a se re co rd yo u r h o u rs - se e e m p lo ye e ro le
Ema il ne w me ssa ge sC o urse Ne w s d ro p /a dd de a d line ne w po s tings re minde rsL ib ra ry ma te r ia ls due
A ler t A g entla s t upda te : 10 /12 12:15pm
R e minde rsY o ur c ur re nt s ta nd ingY o ur fina nc ia l a idDe gre e a ud it a nd p la nne rA c a de mic c a le nda rIns ta nt tra nsc r ip tP re -re g is te r fo r ne xt qua r te rO rde r bo o ks
R eg is tration S erv ic esENG 203 – MT T hF 2 :00 Ne w d isc uss io n po s tings Ne w a ss ignme nt H IS 301 – T h 3 :00 Ne w a ss ignme nt A R T 206 – F 4 :00C HM 206 – MT WF 9 :00 A ss ignme nt due to mo r ro w
C ours e N ew s
Me c ha n ic a l Eng ine e r ing ................ ................De a n 's O ffi c e No tic e s ................
M c C ormic k N ew s feedth ro ugh 10/12 11 :00a m
C T ECC he mis try He lp P a geNU L ib ra ryB a r tle tt's Q uo ta tio ns O n line
B ookmarks
NU Ho meP la n it P urp leWe a the r.................................
N U B ookmarks
Add Or ganize
Information Technology
p ers onal emp lo yee fac ulty fi nanc ialres earc h
Search 12:34O c to be r 12
c us tomize
(c ) No r thw este rn Unive rs ity 2003. Send c omments to w ebmaste r@ northw este rn.edu
Op e n e n ro llm e n t u n til 1 0 /3 1 - se e e m p lo ye e ro le
Dr P h ilip B e it.. Expe r ime nta ..J o hn Do e C ubs ga me t..F ra nc is Smith G ra nt a ppA nno unc e m... Ne w po r ta lB MB C B c ha ... F a c u lty me e ting
E -mail Inb ox15 ne w me ssa ge s
NSF A A -433 (due 10 /03) S te m c e ll su r fa c e s truc tu reNIH A 9943 (due 11 /03) P ro te in in te ra c tio ns o n s te mNIH B 8889 (due 1 /04)
mR NA c a ta lytic eff e c ts unde rNSF A B -448 (due 2 /04)
G rant O p p ortunitiesFro m N U Res ea rc h S erv ic es
NIH A 3773 (e xp ire s 8 /05) ba la nc e $34 ,567NIH Q 44T 5 (e xp ire s 11 /03) ba la nc e $11 ,333NSF 4 -44R (e xp ire s 8 /07) ba la nc e $134 ,987
G rant Informationa s o f 10 /12 09 :00
C yto lo gy ................ ................S te m C e ll ................
N IH N ew s feedth ro ugh 10/12 11 :00ET
B MB C B ho meHuma n G e no me P ro je c tS te m C e ll A C T AC yto lo gy T o da yUC L A ga te w a y
B ookmarks
NU Ho meP la n it P urp leWe a the r.................................
N U B ookmarks
Add Or ganize
University Business EnvironmentUsing portal technology will group functions around the individual’s personal responsibilities.
Roles present functions in context and can enforce additional authorizations.
Tailoring of role functions can follow specific entitlements granted by service providers.
Personalization gives the person control to optimize his or her time and use of information.
Information Technology
Service and Data Flow
The combination of unified presentation, common authorization, and standard connectors will create a seamless service to the end-user.
Identity management will be a key aspect of the infrastructure serving the entire network. Authoritative identity information from key systems will define roles and default entitlements.
Coupledcentral applications
End-user
Portal
Commoncredentials
LDAPLDAP
Central identity and entitlements
SES HRIS
Information Technology
Security
• NU will need firm management of digital identities to give service units confidence
• We will need to adapt existing systems, and specify new ones, to achieve desired levels of security.
Information Technology
Role-Based Security
StudentFinancial
Registration
Time Entry
Roles assigned to identities offer an initial screening of access to resources. This screening can occur at the application or even within the network itself – making access to host systems impossible for some individuals.
Department Assistant
Information Technology
Delegated Access Control
Unified central identity management allows delegated control of access by service administrators.
Entitlements can be based on roles (by job class) or membership in groups or individually through rules.
Local service access rules
Credentials
Application security
Portal
Sensitive data
Application management Central management
Information Technology
System Integration
• We should enhance services by coupling enterprise systems to speed processes
• Portal-based access to services relies upon this coupling
Information Technology
System Integration
SES
HRISResearch
Advance
Financials
“Integration” is a perception by the customer of a unified service. A restaurant appears as a unified whole delivering a service.
The appearance of integration is realized by coupling systems, not merging them. The cook, waiter, and cashier are separate systems that communicate effectively to deliver a single service to the customer. A breakdown in that communication exposes the internal structure to the customer.
An integrated administrative system will deliver a set of services crossing boundaries hidden from the customer through effective coupling of systems. The resulting service structure only appears monolithic, but remains distributed. Each separate system can be a best-in-class solution to its needs, with the necessary requirement that it communicate well to the remainder of the administrative matrix.
Information Technology
Integration BenefitsIntegrated enterprise systems can reduce the time to complete services across the University, eliminate manual steps (and errors), and create auditable transaction records.
A hiring event can trigger financial and service actions. Some actions could be immediate and others queued for review by service administrators before fulfillment.
Later events, such as completed training, can be promoted back into the HR record for the employee.
Human Resources System
Hiring Event
ProvisionNetID
ProvisionWildcard
Encumber salaryand benefits
Provisionaccess
Scheduletraining
ProvisionETES
Notifysupervisor
Subscribe toemail lists
Queue toERP
Notifysupervisor
Provisiondirectory
Provisioncalendar
Provisionlocal services
Scheduletraining
Subscribe toemail lists
Queue to
school
Notifysupervisor
Notify unitfundsmgr
EmployeeRecord
Information Technology
Summary
• User self-service, reduced manual interfaces, and easier deployments will save effort and reduce errors
• Unified identity management will create consistency of services and security across the University
• Vendor adoption of application coupling methods combined with simplified local development will speed deployment of new functions
• The portal navigation point will reduce confusion and save time
Information Technology
The Challenge – Application SilosApplication silos develop naturally around business systems and software under standard architectural planning and funding. Each business unit invents user management, tracks authorizations, and builds interfaces to other systems.
Silos limit views of institutional data, fragment security, require manual re-entry of data and detract from the user’s “integrated system” experience.
D atab as e
P r o c es s in g R ep o r tin g
Bu s in es s R u les
I n te r f ac es
I d en tity M an ag em en t an dAu th en tic a tio n
Au th o r iza tio nUs er s
BusinessUnit
IT
Information Technology
The FutureIT IdM &
Portal
IT Services
and Facilities
Business Unit Focus
R ep o r tin g
R o le- Bas ed Bu s in es s R u les
T r an s ac tio n Bu s
I d en tity M an ag em en t an d Au th en tic a tio n
W ar eh o u s e
D atab as e
Ap p lic a tio nBu s in es s R u les
D atab as e
Ap p lic a tio nBu s in es s R u les
D atab as e
Ap p lic a tio nBu s in es s R u les
D atab as e
Ap p lic a tio nBu s in es s R u les
D atab as e
Ap p lic a tio nBu s in es s R u les
Us er s
P r o c es s in g