- A request was made through the Information Technology Board to the EVC regarding the
Chancellor or his designate naming a campus security officer.
The beta test of cross calendaring has been a success. A test group of Student Affairs and
Administrative Services employees has been using the dynamic Exchange / Oracle
calendaring bridge. Next steps will be to move our production Oracle system forward to the
10.1.2 bridge release, perhaps within a month. The largest concentrations of Exchange
usage are in Student Affairs and the Housing auxiliary. Oracle calendaring is part of the
baseline email and calendaring services made available to all employees at no charge.
The Global Systems report on architecture and design of an upgraded data center has
been received. Wider distribution and discussion within the Cyber Infrastructure Research
committee will occur in the next few weeks. It is an approximately $4.5M problem to
achieve building readiness for up to 100 racks of scientific computing, not including the rack
infrastructure. The organization and business plan we proposed is to transfer the space to
the Office of Research, who would provide logistics for a steering committee composed of
researchers, and an operational management group. The results of their deliberations
would be passed on to the management group overseeing the day-to-day operations.
Campus infrastructure specific equipment would be exempt from any hosting fees.
Enterprise services, i.e. functional office related computing, would pay a collocation fee per
Unit of rack space if remaining in North Hall, although we already have two business
related computing centers in Administrative Services and Student Affairs. Using Liebert and
APC enterprise rack equipment pricing based on a proof of concept engineered for us by
APC allowed us to calculate a life cycle financial model.
The proposed hosting model for researchers is one of free collocation if the faculty steering
group approves the applicant’s proposal. The management group will keep the faculty
steering group regularly apprised of the facility’s financial status and provide projections on
impending physical bottlenecks, if any. As a research computing facility, it would be
potentially attractive to gifting opportunities as well, and these should be pursued at the
appropriate time. The faculty group may choose in time to invent additional value added
service(s) such as high performance parallel file storage and other technologies that can
take advantage of being in a single footprint. For the present, we are keeping the proposal
basic.
It is unfortunate that UCSB’s political appetite took so long to be ready for such a proposal
and doubly so that any approved project is easily more than two years to completion. The
campus will attempt to get by utilizing some of the CNSI and other computing facilities space,
but such space is sufficiently modest as to not likely last us the year, and requires its
own investment in infrastructure upgrades.
The BCP/DR plan continues to inch forward based upon our collaboration with UC
Riverside. A replacement virtual controller has been successfully tested under z/OS as an
alternative to UCSB’s 3-year-old Bustech virtual tape. This same technology also emulates
mainframe console, teleprocessing and printing control units, plus providing a full emulation
of the 3990/3390 dasd using open systems disk technology. The next steps are to install a
z/VM LPAR, retesting the controller emulation under CP control, followed by the creation of
a test z/OS virtual machine that is a duplicate of our production z/OS. It would be desirable
to parallel this with inter-campus 3390 disk image transfers and test restores in the
virtualized tape and dasd environment, with the ultimate goal of defining and powering up a
UCR z/OS virtual machine. We are working in parallel with Kevin Munoz of IBM in the
definition of these systems in order to achieve special pricing or permissions where
possible. Nothing needs to be invented, but since there is little to no budget, creativity is in
high gear. Assuming there are no facility costs at the DR site, the current projection is now
coming in under $150,000.
While the above commentary is mainframe-centric, our original plan still calls for a full DR
replication of all central servers and middleware. This will not be a large problem due to
being close to the end of our 3-year effort to convert to a full VMware virtual infrastructure.
The Identity management services are currently in test and will be the last ones converted.
- Identity and Access Management / Directory
After an 18 month funding process with senior management, Identity has approximately
$259,000 of permanent funding, resulting in a yearly shortfall of around $115,000. The
Oblix software maintenance contract was not renewed, for a savings of $60,000. For both
architectural and cost control reasons, we are working on an integrated design with Sun,
utilizing the various components of the JES. Reviewing the market leads us to believe that
the JES is the lowest cost, integrated, general-purpose middleware suite from the TCO
perspective.
We are re-architecting the workflow of our provisioning processes so as to enable the
possibility of security processes satisfying UC policy and audit findings. This will provide for
policy driven password controls, audit and resets, plus enable the possibility of two-factor
security in an integrated manner. The second part of the architectural work is to provide for
a seamless integration with Active Directory dependent services.
In the continuing evolution of the Directory schema, we are working closely with Student
Affairs architects in the design of a “student life cycle” of Identity from candidate for
admission through alumni.
The current IAM infrastructure is a non-stop service comprised of 14 servers, many of them
Windows based. As a part of the virtual infrastructure and DR/BCP projects, all remaining
Windows servers will become Red Hat Enterprise Linux running as VMware Virtual
Infrastructure nodes. Testing is underway.
- Sakai
Sakai development is making great progress due to the efforts of Instructional Computing,
who has lent senior programming resources to the initiative. We are providing hardware
resources as the project wishes to utilize them. They are attempting to have a proof of
concept test site available for this Fall quarter. Planning and portrayal of this project
proceeds with the thinking that faculty will ultimately advise as to whether they wish to use
Sakai or Moodle.
-Training Management Systems
It is recognized that UCSB needs an LMS, or Training System, as one chooses to call it,
and we await any news from the UCOP process with great interest. If a hosted or central
solution is chosen, it is viable, but will require considerable planning for full functionality. It
will also be another reason to encourage Identity federation. Our local RFP process has
been terminated while we await the outcome.
-Kuali Financial System (KFS)
UCSB is participating within the UC Kuali partnership. There is good internal participation
with the processes of the UC Functional Council and the Subject Matter Experts (SME)
group formations are in progress. The roadmap to UCSB’s adoption of a new financial
system is considerably less clear, but fortunately we are not yet to the portion of the project
where firm commitments are needed. Senior management has been made aware of this
initiative through the efforts of the Enterprise Information Systems Group (EISPG) for over
a year now, and from the detailed report they produced, understands the approximate
resource commitments. The EISPG also recommended a replacement Student Information
System in perhaps even stronger terms. Allowing our enterprise IT to stagnate for 15 years
has created the need for massive, resource intensive projects, hence the interest in any
shared initiatives across the UC.
-AS/SA Organization of IT
We have finished our reorganization and division of work. SA and IS&C now do joint
planning and architecture.
-Identity for Guests and Other Special Populations
We have been evaluating the Identity Engines appliance and will be building out with it in a
restricted context as it matures.
For further information:
Director, OIT
Elise.Meyer@ucsb.edu
Director, IS and C
Arlene.Allen@isc.ucsb.edu