ess update april 21, 2005. introduction aaron andersen manager dorothy bustamante administrator joan...

ESS Update

April 21, 2005

Introduction

Aaron AndersenManager

Dorothy BustamanteAdministrator

Joan Fisher Administrative Assistant

Gary New (ASH) Lana Stillwell (ASH)

Computer Production Group

Linda LaBrie (GH)Ken AlbertsonSusan AlbertsonGary GardPaul GoodmanJirina KokesRaisa LeiferKelly MeeseKatrina Smith

Distributed ServicesGroup

Mark Uris (GH)Ed ArnoldJohn FoxJohn FrudegerScott HaysRich Johnson (SEC)Lynda McGinley (SEC)Herb PoppeGreg Woods (ASGH)

Applications and Information ServicesGroup

Lana Stillwell (GH)Julie ChapinBo ConnellLeif MagdenRosemary MitchellMichelle SmartIngmar Thompson

Web EngineeringGroup

Marcus Stobbs (GH)Tatiana BurekMyra CustardAndrei RodionovLeonard Sitongia

Infrastructure Support Group

Gary New (GH)Julie HarrisStan McLaughlin

Enterprise Services Section

The ESS Vision

To efficiently create cost effective opportunities while continuing to

synergistically supply enterprise-wide paradigms to meet our customer's

needs Courtesy of Dilbert Mission StatementGenerator

Better ESS Vision

Git-R-Done!

ESS Vision

The enterprise IT service provider for the organization

Getting IT Done

Getting IT Done

• Integrity – deliver what we promise

• Efficiency

• Quality– Service– Support

• Security – an insecure service is unusable

• Fun – celebrate our successes

Strategy

• Foster a team environment– No quicker way to make me mad than, “None of us is

as dumb as all of us”

• Evaluated on our team efforts as much as individual efforts

• More resources towards fewer projects at any given time– Complete the same or maybe more projects in a year– We don’t have to say “no”, we may have to say “not

now”

Project Prioritization

ESS Current Project List• Data Center Expansion• Next Generation Authentication• WEG Test System• Database Redesign• Directory Services• SCD Portal (JA, GAU, WORD)• SCD Customer Support System• Central Hub for Customer Support• Upgrade ESS Website• Automate Blue Folders• CISL Downtime/Change Control• Document Web Cluster• Vavoom• Collab. Portal and Software

Development• Content Management System• WEQC• Desktop/Laptop Purchase• Security Gateway Servers• Ad Hoc Accounting

• Computer Room UPS Electrical Distribution

• Deep Cleaning and Floor Restoration• UMF Push Model• SKIL 3.0• Triage Troubleshooting Index for

Operations• Traffic Shaper/SSL Acceleration• Redesign NOC• CVS• License Management Servers• Install AHU M• Chilled Water Expansion Project• Access Control• Hosting Realignment• Central Notification System• Allocation Change Policy• Access Control• Enterprise Mail Server• Storage Area Network• Server Infrastructure Review

Narrow Focus

• ESS Management examined this project list and determined we had too many current projects.– Working all open projects spread staff too thin– Could not do a good job on all projects– Needed to choose top projects and focus resources

• Categorized projects– Critical– Urgent– Important

• Categorization based on:– Impact of project on organization– Any dependencies for other projects

• Critical and Urgent needed to be completed regardless.• Need to prioritize Important

Critical and Urgent Projects

• Data Center Expansion• Chilled Water Expansion• Central Hub for Customer Support• SCD Customer Support System• Desktop/Laptop System Purchase• Security Gateway Servers• License Management Servers • Electrical Distribution

Important• Next Generation Authentication• Directory Services• SCD Portal• Ad Hoc Accounting• Enterprise Mail Server• Storage Area Network• Server Infrastructure • Central Hub for Customer Support• SCD Customer Support System Implementation• Triage Troubleshooting Index for Operations• Traffic Shaper/SSL Acceleration• CVS

• Re-design NOC

Narrowed Focus Further

• Reduced list to seven Highly Important Projects– Next Generation Authentication– Directory Services– Enterprise Mail Server– Storage Area Network– Server Infrastructure Review– SCD Customer Support Structure– SCD Customer Support System Implementation

(Extraview)

Prioritization

• ESS management team ranked these projects based on the project prioritization methodology introduced in Matrix Management class.

• Major Considerations– Dependencies– Improving customer support– Divisional need– Sectional need

What does this mean?

ESS will focus resources on these Critical, Urgent and Highly Important projects to get them completed.

ESS will continually re-evaluate the project list to determine priority projects to focus on. Will assign resources as appropriate.

ESS will work smarter and more efficiently.

Rankings

1. Directory Services2. SCD Customer Support Structure3. SCD Customer Support System

Implementation (Extraview)4. Next Generation Authentication5. Server Infrastructure Review6. Enterprise Mail Server7. Storage Area Network

Project Process

• Standardize process across the section– Methodologies– Documentation– Status reports

• Benefits– Improves communication– Provides mechanism to keep management

informed

Life Cycle of a Project

• Kickoff

• Draft Charter

• Communication plan

• Requirements

• Design

• Testing

• Implementation/execution

Overview of Top Projects

Project ChartersChilled Water Expansion

Install Mesa Lab Electrical Distribution Gary New

SCD Customer Support Structure Linda LaBrie

Directory Services

SCD Customer Support System Implementation (Extraview)

Lana Stillwell

Desktop/Laptop System Purchase

Security Gateway Servers

Server Infrastructure Review

Enterprise Mail Server

Storage Area Network

License Management Servers

Mark Uris

Next Generation Authentication Markus Stobbs/Lynda McGinley

Data Center Expansion Aaron Andersen

ISG Main Projects

• Chilled Water Expansion

• Mesa Lab Computer Room Electrical Distribution

SCD Customer Support Structure

Initial Point of ContactHelp Desk

(CPG)

AllocationsAccounts

Resource Usage(AISG)

High End SystemsConsulting

User Community Svcs.(CSG)

Desktop/Client Support(DSG)

Mass StorageAdministrationDevelopment

Enterprise ServerAdministration

SupercomputerAdministration

ApplicationDevelopmentData Analysis

Web Engineering

Front Line

Specialized

Research & Engineering

Help DeskManagement

Second TierManagement

Primary External User Interface

SCD Customer Support Implementation (Extraview)

• Define requirements– Staff input– Business rules associated with new support structure

• Design & Implement in Extraview• Staff training• Timeframe (~6 months)• Data transfer• Mean time? (Remedy as is)

Next Generation Authentication

• Single sign-on– Interactive shells– Active Directory– File Server– Web Applications– Internal web pages

Guiding Principles

• Strong security

• Single sign-on

• Limit burden on users

• Backward compatibility

• Transition period

How might it work?

• UCAS token single-sign on– One-time password (OTP) via Central

Authentication Server (CAS)– Receive Kerberos ticket– Kerberos-aware services and web-apps

authenticate you based on your ticket

Web Authentication

• Backward compatibility for UCAS passwords

• Research Kerberos web solutions• Place any burden on servers and apps not

client browsers• Code examples for implementing Kerberos

in web apps

Server Infrastructure Project

Server Infrastructure Project

• Decommission systems (MIGS,IRJE, mesa1 & 2)

• Consolidation of user front-end servers (niwot, meeker, k2, longs) onto new Sun V890 server

• License management servers (ACCIS)

• Review other server configurations and interactions

Desktop Deployment Project

• Desktop strategy approved by SCD Exec.• Purchase and replace desktops/laptops

twice a year (January, June)• Standardization of hardware and software

around Windows, MacOS, and Linux• Initial installation of applications and

patches are being automated • Additional system setup and configuration

will be done by CPG/DSG

Enterprise Mail Server Project

• ACCIS project from DIG report• Used for receiving and storing division e-

mail (UCAR mail relay is separate service)• System is configured in a high-availability

configuration to minimize down time• Niwot, MS Exchange, and cyclone user e-

mail accounts were moved to system• MMM and ESIG are interested in moving

their users e-mail to new server

Security Gateway Servers Project

• CSAC project being done by UCAR security• Only access to UCAR interactive systems will be

through roy, VPN, and gateway servers• Servers such as meeker, niwot, and db will be

protected by gateway servers, as well as, workstations

• Servers such as ftp and web are still exposed• One time password authentication (similar to

roy)• Secure file transfers using store and forward• Outbound ftp proxy for users

Storage Area Network (SAN) Project

• CU/SCD joint project on shared file systems in a large production environment

• Tested ADIC’s StorNext file system between two Sun using SAN technology

• Setup production shared file system between huron and dataportal (both Sun V880s)

• Currently sharing 24 Terabytes that will double in immediate future

• Expand test bed to include other vendors than Sun (SGI, IBM, Linux releases)

Data Center Expansion

• Currently in final portion of conceptual design– Cost estimate– Peer review

• Assembly of documentation to present to NSF• Middle of May

– Presidents Council– NSF management– Board of Trustees

Design Concepts

Land for 20 Years

Building Shell for 10

Outfit for 5Strategy preservesinitial capital investmentas computing hardwareevolves rapidly.

Majority of cost in thistype of facility in outfittingmechanical and electricalsystems.

Facility Design Concept

20,000 sq. ft.4 MW

20,000 sq. ft.4 MW

20,000 sq. ft.

M/E Space

Computers

Staff/Support

20,000 sq. ft.4 MW

20,000 sq. ft.4 MW

20,000 sq. ft.

Initial ModuleModule 2 Module 3

20,000 sq. ft.4MW

20,000 sq. ft.4 MW

20,000 sq. ft.

Expand laterally

Architectural Detail

Office Space

Network Operation Center

Data Center

Mechanical/Electrical

Architectural View

Phase 2 Addition

Phase 3Addition

Culture

NCAR Culture

• What makes a successful company?

• What role does a section play in the overall success of the institution?

• Can a company be successful with everyone “doing their own thing”?

Roadblocks

• Lack of information sharing

• Baggage from past experiences– Personal– Professional

• Lack of “BIG PICTURE” strategy sharing

• “I’ve heard this before”

• Foxholes – “I have been through four bosses before, and I will outlast you”

Lack of Information Sharing

• What information is appropriate to share?

• How do you convey the big picture, without compromising political sensitivity?

• Assuming others know what they need to know in order to achieve success

• Time constraints – ever try to just visit with your doctor for more than five minutes?

Baggage from the past

• Personal experiences, relationships

• Professional experiences– Humiliation– Lack of appreciation– Longevity

BIG PICTURE

• When all parties understand the big picture, all can be working toward that objective

• Management should facilitate creativity and professionalism, not dictate it

• If any of us fail, we all fail. No sacred cows here.

Present strategies

• Data Center expansion – We are looking at an expansion capability at NCAR. This objective however is not achievable for at least four to five years.

• The short term strategy is to “max out” our current facility and hold it there until the expansion can be built.

• With this in mind, it is important to get operations as efficient as possible at the Mesa Lab.

“I’ve heard this before”

• This sounds like the same old thing

• “We’ve always done it this way”

• “Nothing is going to change”– It is going to change because it has to change– The future is going to become increasingly

more demanding

• “We have no choice”– Everyone has a choice to make

Foxholes

• An office or cubicle can be used as a foxhole.

• Stay off the radar screen to avoid any trouble

• Should people have a “guaranteed” job?

Customer Service

• Identify who the customer is• What resources are available to serve the

customer?• Is a co-worker a customer?• Compartmentalization – with the

interdependence of systems we can no longer view ourselves as an island unto ourselves.– “That’s not my job” is not an acceptable customer

service approach.

Core Competency

• What is our core competency?

• What is our customer focus?

• What things could put us out of business, as we know it– What are the tools necessary for us to do our

work?– Have our customers needs been truly

identified?

Necessary Tools

• Facilities

• Systems

• E-mail

• Vendor support

• Networks

• All are necessary for us to do our jobs

What is our responsibility?

• Our responsibility is to look out for our areas and be aware of other areas which might be affected by our actions– Short term solutions may create problems for

long term strategies.– Once a master plan is developed, it should be

made aware to all to achieve a common objective

Security

• Security is everyone’s concern. If we are to continue doing business, we must maintain a level of security which will protect the systems while keeping them accessible to our customers