uc ref group mar09
TRANSCRIPT
‘Extended’ Reference Group meeting
26 March 2009
Agenda
• Welcome, new meeting format – Ché Broekman
• IPTel Update – Sylvie Isabelle
• Carrier, Mobility and Billing – Jenny Connolly
• Desktop Lifecycle Services – Deborah Tapping
• Identity and Access Management – Terry Brennan
• Close
• Lunch
IPTel Project Update
Sylvie Isabelle
Carrier, Mobility, and Billing Projects Updates
Jenny Connolly
Carrier Update
• 10,500 lines (centrally managed service and Archives)
churned to Optus
– 3,000 lines identified owners
– 2,500 lines unidentified owners
(many transferred to TAFEs etc.)
• Further churning awaiting Billing System (CAAB)
implementation
– identified & University owned lines
• Unidentified owners – cancellation process in place
• Non-university account holders – transfer ownership
Carrier Update
• Frame audits to identify additional (unknown) lines
• Numbers to be ported once Optus infrastructure in place– dependent on fibre works – due later in year
• All University services identified and on a single account
• Billing for centrally managed services will be through Billing system (CAAB)
• Bills for locally managed services will continue to be sent to departments for payment
• Transitioning to IPTel includes services clean up – review and consolidation of lines– move to centrally managed billing service– activity will be in line with staged IPTel transition
Billing Project Update
• Solution build completed
• AD and Themis integration completed
• CADS data imported into AD
• Back-office CAAB implementation due 6th April
– Includes cut-over from CADS
– No change to departmental staff processes
• CAAB upgrade due 4th May
– Functionality includes self-service bill information
via web reporting
Billing Project Update cont.
• Call records from PABX and IPTel currently being
captured
– parallel processing with CADS
• Retrospective bill processing and Themis feeds
available from January for IPTel
• CADS data used for PABX bill processing to March
• CAAB used for PABX and IPTel bill processing from
April onwards
Mobility Coverage Update
• Location and appearance of Optus towers identified
• Optus drop-in sessions held in February
• Fibre works set to commence
– Awaiting Optus agreement in place
• Tower construction to be completed mid year
• Optus recommendation
– halt all bulk transitioning until new infrastructure
installed, given the assessment of Parkville campus
Mobility Transitioning
• Remediation due for completion mid year
• Bulk transitions will recommence at this stage
• Operational requests (new phones) now managed via the
Service Desk
• Caveats about coverage are communicated prior to any
service being added centrally
– request form, website
• Overseas usage – valuable information on website
Unified Telecoms
Questions?
Desktop Lifecycle Services Project
Deborah Tapping
Project Rationale
• Cost containment - RDM
• Whole of University approach
• Leverage off University’s buying power
• Consolidation of printer, photocopier, fax machines &
scanners
• Standardisation of Desktop Hardware and Desktop Build
– O/S, SOEs
• Streamline, automate and centralise processes
Project Objectives
To create an aggregated model which will:
• Centralise and streamline the procurement, tracking,
configuration, deployment and disposal of Desktops
• Implement a University wide Managed Print Service
focusing on MFDs – Parkville only
• Standardise desktop builds – O/S and SOEs
• Design and deploy Thin Clients / Virtual Desktops
Project Workstreams
4 Workstreams
1. Desktop Procurement – 1st Phase Dec 2009
2. Printer/MFD Procurement usingManaged Print Services (MPS) – Dec 2009
3. Desktop Build – Dec 2010
4. Thin Client / Virtualisation – Dec 2010
NB: Approval to proceed to Business Case on first phase of Workstream 1 and to Discovery & Design of Workstream 2
Project Overview
Workstream 1 - Desktop Procurement
First Phase - By December 2009• Enable Desktop procurement using the Victorian
Government Purchasing Board
• Tender for Macs to ensure premium vendor
• All machines to leave factory with Base O/S
Second Phase – By December 2010• Online procurement & tracking processes
• Integration with Themis and Remedy
• Centralised IS Procurement Team
• All machines to be configured with Configuration Management Tool (i.e. Altiris)
Workstream 1 - Desktop Procurement
Victorian Government Purchasing Board
• PC & Notebook Equipment Panel
• Can choose to purchase from one vendor or the entire Panel
• Panel established in April 2006 for 3 years – up for review. Current vendors:
Workstream 2 - Managed Print Services
• Approval to proceed to Design & Discovery
• Currently 2,182 staff printers
• Rationalise number of printers - increase employee to printer ratio from 4:1 to 20:1
• Eliminate personal desktop printers and install MFDs
• Investigate MPS options available
• Offers significant reductions in cost and energy consumption
• Can support multi-vendor environment in initial stages
Workstream 2 – Managed Print Services
Case Study – Road Traffic Authority, NSW
• Reduced devices from 2,100 to 750
• Resulted in savings of $4 million over 5 years
• Decreased the print costs per FTE from $463 to $347 (based on 6,900 FTEs)
Workstream 3 – Desktop Build
• To commence after Procurement work
• Standardisation of SoEs across UoM
• Each SOE Build Model will include the Base Application (OS), Core Applications and Extended Applications.
• Implementation of a Desktop Management solution (i.e. Altiris)
• Standardisation of deployment processes and reduced Desktop support costs
Workstream 4 – Thin Client / Virtualisation
• Requirements analysis
• Business analysis to understand cost and environmental impacts
• Tender for an appropriate supplier(s)
• Pilot using Library – 300 PCs
Conclusion
• Change Management component
• Working Groups – need volunteers
• Feedback is important
• Questions?
Contact: Deb Tapping or Jo Cusack
Identity & Access Management Project
Terry Brennan
http://go.unimelb.edu.au/sa6
Overview
• What is Identity and Access Management
• Why are we proposing an upgrade
• Drivers and benefits
• Scope of the project
• Schedule
• Budget
• Questions
• Contacts
What is Identity and Access Management?
•‘The right access for the right people at the right time’
• Who are you? – Identification
• How do we know? –
Authentication
• What access are you allowed? –
Authorisation & Access
• Is information about you and
your transactions secure? –
Privacy, security
Right access, right people … ?
Why upgrade?
• ARS system developed 15 years ago and enables registration for key systems including Themis, Merlin and LMS.
• Risks and constraints
– Aging technology
– Design complexity
– Difficult to retain knowledge and skills for system support
• single points of failure
– Barriers to delivering future benefits and improvements:
• single sign on', on-line employee on-boarding and improved processes for student on-line registrations
– Exposure to sophisticated security threats also lends weight to a replacement of the current infrastructure
• IT Architectural drivers
• Business and strategic drivers
Current state
Drivers & Benefits - 1
Source: Gartner, Id#G00152051, 2007
Drivers and benefits - 2
One university’s experience
Activity numbers• Accounts
– 1812 Prof Staff– 4566 Faculty staff– 59064 Students– 7944 Applicants– 1095 Other
• 500-1500 changes per day (more at semester starts)
• Average provisioning time – 30-60 mins
Return on Investment• More than 13,000 staff hours
recovered annually
• Implementation of IDM resulted in 3 Year Cost Savings or Avoidance of $1.7M
• 40% Reduction in Account-Related Help Desk Calls
• On-boarding time reduced from days to hours. Enrolments previously were cut-off 10 days prior to term, now are able to be accepted up to the day of the first class.
• Better customer service and enrolment revenue
Drivers, benefits and objectives
Business Driver Objectives
Strategic alignment, e.g.service delivery improvements impacting MSSM, Research & Teaching, Knowledge transfer, RDM
•Enhanced user experience, e.g..seamless IT environment using single or reduced signon (RSO/SSO)
•Speedier user provisioning – 0 days
•Enhanced delivery capability for collaborative research, teaching and knowledge transfer activities by supporting federated identity initiatives e.g. Shibboleth support
•University ID for life- e.g. for alumni management
•Shared services / RDM support
Reduce costs / improve efficiency & capability
•Improved productivity with speedier user provisioning
•Improved integration with enterprise applications facilitating role based authorisation.
•Reduce support risk / overhead of multiple point to point solutions on legacy infrastructure
•Increased web self-service capability, increasing quality & reducing load on central functions
•Improved directory services & search capability: consolidated LDAP-based directories, single staff/student AD
•Support for fee-for-service/billing per user
•Opportunities to participate in collaborative activities, e.g. via NCRIS initiatives requiring federated identity support
•Opportunities to improve business processes, e.g. simplified identity administration via distributed automated role based provisioning
Improved compliance / risk reduction •Reduce/eliminate compliance breaches – IT security, copyright, privacy
•Improve / introduce proactive auditing capability
•Reduce support risk of multiple point to point solutions on legacy infrastructure
•Reduce risk to reputation
•Meet compliance and privacy requirements by better auditing and tracking features
Improved security •Reduce/eliminate access breaches, e.g. student labs
•Support for multi-factor authentication
•Integration with smart card technologies
•Role based authorisation & access
•Proactive event monitoring, reporting, auditing
Current state
Future state?
Scope
IDENTITY MANAGEMENT REPLACEMENT PROGRAM
Student IT & Printing
IP-telDesktop
Messaging and Collaboration
Related Projects
New ID to transition Student->Staff
Student->Alumni
4. Replace ARS with new IdM Sys (HW, SW)· Select & procure· Design· Install· Customise· Integrate· Staged
implementation· BPR
2. Redevelop Directories and Groups
3. Reduce count of LDAP Directories and Redevelop
Telephone Lists update separate to
ARS/AD
Student Card has no electronic ID
No access sharing with Partners
Lab & resource access, security
abused
Telephone List integrated
Centralised resource access control,
security
One ID and sign on for life
Compliance - legal discovery of I&A is
efficient
Analysis of SOW
OVC Refresh and Realign
UniComms Billing
Compliance - legal discovery of I&A
laborious / impossible
v5 20/3/09
Analysis of Student
Admin.feed
Impact Analysis
Email Collaboration
including Student Email
Share access with other Universities
Support for smart Student Card
Support for fee for service /Billing by
user
Analysis of
Directories/Gateways
Analysis of ~20 other feeds
Internet Traffic and Cost Recovery
Support single/reduced signon
Multiple signon
Ad hoc point to point connections
Enabler for system integration /
interoperability
No support for fee for service /Billing by
user
Uncertain policy environment
Coherent policy environment
Policy & process review
Requirements gathering
Single source of identity with all Staff
Students Alumni
New improved IdM Sys
Solution design
Standard industry support and reduced
risk
1. Redevelop AD
No single source of identity
ARS: 15 years old,
support intensive
Current State
Support staff single point sensitivity
Outcomes
Analysis of Themis
feed
Scope of Work
User provisioning productivity lag 3
days
User provisioning productivity lag zero
days
DesktopServices
POCanalysis
Scope - 2
• Overarching IdM architecture
• IdM requirements and solution design
• Select, procure, implement IdM solution
• Re-engineer existing Id data management processes
• Improve system interfaces and interoperability via SOA approach
• Restructure directory services and management
• RSO / SSO
• Business process and workflow improvement
• Support for federated IdM - e.g. Shibboleth
• Review IdM policies and practices– Access management – Authentication– Authorisation – Privacy
Schedule
ID Activity DurationQ4 08 Q3 09
Feb JulJanNov Mar Jun
1 9wProject staffing, approach, scope, governance
2 62wStakeholder engagement
3 20wIdentity Management Requirements - initial cut
4 13.6wSolution Design – initial, indicative
6 17wIdentity Management Requirements - Final
7 17wSolution Design – Final
10 8wFinal Business Case
11 76wEvaluation, Implementation planing, implementation
Q1 09
MayApr
5 4wMarket scan/vendor input – “RFI”
8 15.4wPOC
Q2 09
AugDec
I DENTITY MANAGEMENT PROJ ECT – STAGE 1: STARTUP - > BC
Start
20/10/2008
20/10/2008
20/10/2008
1/12/2008
3/02/2009
5/03/2009
9/03/2009
16/03/2009
26/05/2009
20/07/2009
Finish
19/12/2008
25/12/2009
6/03/2009
4/03/2009
2/03/2009
1/07/2009
3/07/2009
30/06/2009
20/07/2009
31/12/2010
9 30/06/200930/06/2009.2wPOC signoff
Overall schedule – high level
ID Task Name DurationQ2 10 Q4 10Q2 09 Q3 09 Q1 10Q4 08 Q4 09Q1 09 Q3 10
Sep OctSepFeb May DecAprNov Mar NovMay Jun OctDec Mar NovDecApr Aug JanJul JunFeb Jul AugJan
1 38wAnalysis to Business Case
2 25.8wRequirements & Solution Desigh
3 11.2wBusiness Case
10 8.6wProcurement ??
11 117.2wImplementation - Plan &Design Phase
12
13
26wImplementation – Design and Installation Phase
52.2wImplementation - Customisations
14 52.2wImplementation - Integration
7 39wAD Remediation
8 17.6wPhases 1&2 - IPTel requirements
9 21.4wPhases 3&4 – Data Mgmt Roles and domain consolidation
IdM Project Overview
4 15wProof of Concept (POC)
Start
3/11/2008
3/11/2008
1/05/2009
16/03/2009
1/10/2008
1/10/2008
2/02/2009
1/07/2009
3/08/2009
3/08/2009
1/11/2010
1/01/2010
5 0w30/06/2009MILESTONE - POC Approval – Go/No Go
6 0w27/07/2009MILESTONE – BC Approval
Organisation – Draft only
Project Control GroupDirector, IT and CIO Sendur KathirDirector, Infrastructure Peter SackDirector, App Services Michael CarolanManager, User Support Rod MahonManager, IT Architecture Nigel YandleManager, Hosting Services Tooraj EnayatiManager, Communication Services Barry SmithIS Program Manager Reuchlin Teo
IT Council
Project ManagerTerry Brennan
Lucien BolandTerry Brennan
Robin FroushegerFrank Gomizel
Jason GoodacreAdrian Hill
Michael SaidakBen Scantlebury
Nigel Yandle[vendor rep]
Identity Management Project
Interim Organisation Structure
Mar 2009
Business Stakeholders
Technical Working Group
Student Management
ServicesRosalie Livingstone
Faculty and Department Representation
IT Policy & PrivacyStephen Young
Janet White
Student CentresGillian Luck
Student Centre Managers
Systems / Apps
Student PortalSayaka Treeve
Merlin SysLachlan Cameron
Rosalie LivingstoneSarah Calder
Advancement ServicesBen Ragg
Advisory Group
Application Services Paul CourtotJason D Nell
[DBA rep]
Business AnalysisFrank Gomizel
Ben Scantlebury
Student System Project SSP
Rosalie Livingstone
LMS GroupTravis CoxDeb Jones
Michelle Rennie
V0.5 12/03/09ID 2099-03-09
Student ITJon Peacocke
InfrastructureLucien Boland
Jason GoodacreAdrian Hill
Barry SmithRod Mahon
Procurement, Licensing &
SecurityTim ArneaudGeorge Ng
IT Architecture
Michael Saidak
Nigel Yandle
Themis HR SysMarlena AxelPaul Courtot
ARSJason GoodacreLucien Boland
ADAdrian Hill
Robin Frousheger
Faculty IT repsAlister Air – Eco & Comm
Roger Ward - MDHS
AlumniOVC Network
Building AccessExchange
Student Email
Reference Group ?
Property & Campus Services
Ben van der VegtTim Thornton
Governance Group - tba
ReseachProf Leon Sterling
Proj Coordinator
Kerrie Jarman
Business repsSimon PorterGavin TriggLyle Winton
Human Resources
Damien Pearson
Budget
• Investigation and implementation are expected to take
approximately 18-24 months and will require project
funds of approximately $3 million.
Questions?
Contact / Information points
https://wiki.ea.unimelb.edu.au/display/IDMProject/IdM_Home
OR
http://go.unimelb.edu.au/sa6
OR
Terry Brennan, Project Manager, ext 42724
Frank Gomizel, Senior Business Analyst, ext 40338
© Copyright The University of Melbourne 2008
Thank You
Please stay and have some lunch