epcc directory services & e-mail migration plan · epcc directory services & e-mail...

EPCC Directory Services & E-Mail Migration Plan

Index

Introduction ............................................................................

Project Design and Implementation ....................................... Page 4

Windows 2003 Active Directory................................... Page 4 Microsoft Exchange E-Mail .......................................... Page 5 DHCP/DNS.................................................................. Page 6 Virus/SPAM Protection ................................................ Page 6 Student E-Mail Access ................................................ Page 6 Licensing ..................................................................... Page 6 System Management................................................... Page 7 Banner / Pipeline Integration ....................................... Page 7 Dell Rack Servers........................................................ Page 8 System / Network Server Diagram .............................. Page 9 Training ....................................................................... Page 10 Server / Desktop Deployment...................................... Page 10 Security ....................................................................... Page 11

Novell NDS / Microsoft AD Study ........................................... Tab 1

Project Schedule .................................................................... Tab 2

Product Data Sheets .............................................................. Tab 3

Security Procedures............................................................... Tab 4

Hardware and Software Costs ............................................... Tab 5

Page 1


Introduction

EPCC is currently working on a project to upgrade its server and software infrastructure. The first objective of this project is to migrate from Novell Directory Services and GroupWise Mail to Microsoft Active Directory and Exchange. This change is required for several reasons. Novell Directory Services and GroupWise are rapidly losing market share and support is being dropped in many third party applications. For example, there are many more options for e-mail virus scanning and spam filtering for Microsoft Exchange than for Novell GroupWise. Many products, such as the VPN (Virtual Private Network) solution and the Wireless Gateway product that are being deployed by the college have direct tie-ins for user authentication against Active Directory. A recent survey found that 8 out of 10 businesses using Netware have plans to move to Microsoft Active Directory (see Tab 1). Many colleges and school districts have already migrated from Novell products to Microsoft products and many more are in the process of doing so whereas there are very few new deployments that utilize the Novell architecture.

Another objective of this project is to move the college to a more consistent and consolidated Server architecture based on Dell Rack Servers. Servers that have been purchased by the college in the past have been stand-alone tower servers and often from different manufacturers. Most large organizations have already begun migrating to a rack server architecture because of the many benefits this design provides. First, commonality of the equipment manufacturer allows the college to benefit from economies of scale, that is, better pricing is usually available when all the servers are purchased from one company. Spare equipment is less expensive because spares don’t have to be maintained from many different product lines. Rack servers take less space, are easier to manage, and in the long run are less expensive since they are designed to share common equipment such as the monitor, keyboard, and power distribution system. They require less power than stand-alone systems and make the network and computer operations facilities less cluttered since cabling to the servers is managed within the rack. Finally, the college eventually wishes to implement a SAN (Storage Area Network) architecture that will allow consolidating disk space, and provide the needed storage for upcoming projects such as Document Imaging. The move to rack servers based on the Dell architecture is a first step in this direction.

Page 2


During the first phase of this project, the IT Department will install the new Dell Rack Servers and migrate from Novell Directory Services to Microsoft Active Directory. This will be completed by August 31, 2005. The second phase of this project will include the installation and migration of client software at each computer or workstation such as Microsoft Outlook for Exchange. During this phase of the project, which will be completed by December 31, 2005, both the old and the new systems will be running side-by-side. When all the workstations have been cutover to the new system, support for the old Novell software will be discontinued. This project also ties in with Phase-3 of the Wireless Project which is currently underway. This phase will implement user security on the wireless network by authenticating students, faculty and staff against Microsoft Active Directory.

Page 3


Project Design and Implementation

Because many systems will be affected, design and planning is critical to the successful completion of this project. Some of the tasks that must be completed include:

1) Implementation of a Directory Structure that will facilitate easy management of the network.

2) Migration of existing GroupWise users to Microsoft Exchange. 3) Deployment of the Banner Forms to the new servers & operating system. 4) Integration with Banner UserID’s and Passwords. 5) Installation of DHCP Servers, Print Servers and File Servers. 6) Migration of Academic Software and Labs to the new servers. 7) User Authentication for Wireless Project and VPN deployment 8) Changes made by MSU’s at the desktop, including installation of Microsoft

Outlook, removal of the Novell Client, assigning to domains, etc.

Windows 2003 Active Directory

The directory structure will be designed to logically keep students separate from faculty and staff. This will allow optimization of administrative tasks such as customizing Group Policies and delegating user rights. The Active Directory structure will be one domain (epcc.edu) with two Organizational Units (OU's) at the upper level titled Student and Faculty/Staff, logically separating the two groups for administrative purposes. Three more sub OU's will be created under each upper level OU to aid in managing and differentiating between Users, Computers, and Printers. Additional OU's will be created as needed. Groups within the OU's will be used extensively for Group Policy Rights, Security, and other controls.

Page 4


Microsoft Exchange E-Mail

Two options were considered for switching from the current GroupWise E-Mail system to Exchange E-Mail.

Option 1 is to start a new E-Mail system from scratch, that is, with empty mail boxes and a “clean” system. The advantages of this approach are that it costs less, it would be operational in a short time, and would be error free at start up.Users would have to be notified in advance to either print or forward old E-Mail messages that they wish to keep to another account. Because of the simplicity of this option, many organizations have chosen this approach. Option 2 is to migrate message data from the current E-Mail system to the new E-Mail system.The advantage to this approach is that users have access to their old messages within the new E-Mail system. The disadvantages of this approach are that converting the existing mailboxes tends to complicate the cutover, and it is not unusual to lose some mail in the process. However, third-party tools are available that are designed to simplify this process. Time to learn the software migration procedure, test the procedures, and then do the actual migration may be significant, however, because of the ability to retain existing E-Mail messages, this is the approach that will be taken.

The software tool that is being considered to assist in this migration is Quest GroupWise Migrator for Exchange. The product data sheet is included in Tab 3.Users will be migrated from GroupWise to Exchange after MIIS (Microsoft Identity Integration Server) has been deployed to assist in transferring user information from Banner to the Active Directory structure. Alias's will be created manually to accommodate the different E-Mail address naming conventions, i.e., First Initial + Last Name, First Name + Last Initial. Alias's will only be necessary for existing users. New users will be placed in the system under the new E-Mail address naming convention. Several test migrations will take place to verify the migration procedure. An informational E-Mail will inform users to "un-archive" their older E-Mail messages just prior to the final migration. The migration will be done by campus as that is how the GroupWise system is currently configured. In the event that the MIIS deployment is delayed, the migration will still take place and users will use their current login names without the alias name until such time as MIIS data transfer takes place.

User mailboxes for faculty and staff will be accessed through either the Microsoft Outlook client, or through Outlook Web Access (OWA). Initially, faculty and staff will be allocated 200MBytes of E-Mail disk space and students will be allocated 100MBytes of disk space. Faculty and staff alone will require approximately 400GBytes of disk space on the new servers. Because of the large volume of data, routine maintenance and tape backup procedures are being developed and reevaluated to insure that both can be accommodated.

Page 5


DHCP/DNS

One server will be located at each campus to accommodate DNS (Domain Name Services) and DHCP (Dynamic Host Control Protocol). Subnets will be setup so that the college can run DHCP on both NetWare and Windows simultaneously without IP Address conflicts. Existing static IP addresses will have to be entered manually in the Windows 2003 servers to match those on the NetWare system. The majority of these static addresses are for Banner printers. The backup or secondary DNS in the DHCP scope at each campus will point to the primary DNS server at the Administrative Services Center.

Virus/SPAM Protection

Computer Associates (CA) Antivirus, already licensed by the college, will be used on all servers.

Symantec BrightMail will be purchased and installed to control Spam within the Exchange E-Mail system. The product data sheet is included in Tab 3.

Student E-Mail Access

Although the college will continue forward with its current plans to upgrade to Luminous E-Mail later this year for students, access to Exchange will also be available to students through the use of Microsoft Exchange Connector and Outlook Web Access (OWA). Many of the other features in the Luminis content management product rely on the Luminis E-Mail account and the single sign-on feature currently available for Luminis ties in with WebCT and Banner. Using OWA instead of Microsoft Outlook for student access will greatly reduce the number of Client Access Licenses (CAL) that must be purchased by the college.

Licensing

The Microsoft product licensing for Exchange, SMS, etc. will be bundled in with the existing licensing that the college already maintains for other Microsoft products including MS Windows, MS Office, etc. By bundling all these individual Client Access Licenses into a so-called Microsoft “Desktop” Package, the college will receive additional price breaks and access to other products such as SharePoint which might be used in the future. The CALs and the licensing for the Microsoft Server products that are needed by the college will be handled through a college-wide Campus License Agreement. This is the most cost effective option available to large institutions and will ensure that renewal for the various licenses is handled correctly for all Microsoft products. The quantity and costs of the CALs as well as the quantity and cost of the other Microsoft Server licenses required are shown in Tab 5.

Page 6


System Management

Microsoft SMS (Systems Management Server) software for deploying software, upgrades, polices and remote management of computers on a district wide platform will be deployed by December 31, 2005. Product data sheets for SMS are included in Tab 3.

Banner / Pipeline Integration

An automated approach will be needed for adding and deleting students, faculty, and staff from the user/directory service. The college will implement Microsoft Identity Integration Server (MIIS), a cross-platform Metadirectory that ties together objects from several data sources and provides a way to synchronize information between those sources. Information can be pulled from Oracle and Luminis/SunOne and can be used to create or delete objects in Active Directory and to synchronize passwords between Active Directory, Banner, and other services.

Implementation of MIIS will require a person with extensive knowledge of the system including a database programmer and a Banner administrator. The college will use a combination of in-house expertise and a consulting service familiar with the implementation of MIIS with Banner/Active Directory/Luminis and other software in use at the college. The actual information pulled from Banner needs to be determined and relationships established in MIIS. When a change is made in a monitored field MIIS will propagate that change through connected systems.

At a minimum, the fields that will be synchronized between the Banner database and Active Directory include:

Field First Name

MILast Name Telephone

E-Mail Banner E-Mail GroupWise Banner Password

Faculty/Staff/StudentActive/Inactive

Page 7


Rack Servers

Because the campuses at El Paso Community College are geographically dispersed around El Paso, and because of the Wide Area Network architecture which ties the campuses together, the college intends to deploy the rack servers in a way which combines some aspects of a centralized computer operations center and some aspects of distributed system. In a centralized server environment, all servers are centrally located at a main data center. The advantages of this approach are that the people maintaining the systems such as the Banner System or E-mail System are often centrally located, backups are faster over the local area network, and large HVAC and UPS systems can be shared. The disadvantage of a centralized computer operations center is that if there is disaster which affects the main data center, or there is a communication failure, faculty and staff at the other campuses are unable to access their data and perform their jobs. In a distributed server environment, some servers are placed at the other campuses. The advantages of this approach are that the bandwidth requirements over the Wide Area Network are reduced because some data is stored or pushed to the local servers, and even in the event of a service affecting crash or disaster, some tasks can still be performed by faculty and staff at the other campuses. Remote servers can still be maintained through the use of remote access software. The attached diagram depicts the completed network.

Dell Rack Servers will be used because of the robustness of the platform, because there are many features to make troubleshooting and repair easy and effective, and because of the success the college has had with other Dell models in the past. These servers include embedded system diagnostics which monitors temperatures and voltages throughout the system and notifies you if the system overheats, if a system cooling fan malfunctions, or if a power supply fails. They also include hot-pluggable cooling fans, redundant, hot-pluggable power supplies, and hot-pluggable RAID hard drive configurations.

The electrical work that will be necessary for the installation of the Server Rack / UPS systems has already been completed at each of the campuses. Electrical work and network cabling must still be completed at the Administrative Service Center. Physical installation of the servers at the campuses will be completed by July 15, 2005.

The quantity, cost, location, and role/function of each of the proposed systems is shown in the attached spreadsheet in Tab 5.

Page 8


Page 9


Training

For obvious reasons, it is extremely important that the IT Staff be trained and proficient in the new systems which are being deployed. For this reason, all of the IT Staff that will be responsible for the new architecture has already attended Microsoft Active Directory training in February, and will be attending Microsoft Exchange training in May. Additional training will be required to support MIIS, SMS, and other systems as well. Details including the time and cost of the training are shown in Tab 5.

Server / Desktop Deployment

With the deployment of Microsoft Windows 2003, Active Directory, and Exchange, several changes will be required at the user’s desktop. These changes will be broken down into two areas the admin – administration, faculty, staff offices - and the academic departments. The academic area will take priority because of the August 8th to 19th time line the summer fall semester break.Some of the changes that will be required include:

� Removal of the Novell Netware client � Installation and configuration of Microsoft Outlook � Installation of the Systems Management Server (SMS) client � Addition of the computer to the domain � Banner configured to access the Windows 2003 forms server. � GroupWise E-Mail unarchived if necessary � Verify functionality - accessing mail, prints, internet etc…

Migration of the academic labs requiring print servers, file servers, application servers and academic software will proceed as soon as the rack servers at each campus are installed as shown in the proposed timeline in Tab 2. In order to minimize disruption of instruction and other operational areas within the college, these changes will be closely coordinated by the MSU department. Personnel in the academic area will be notified through the Hardware Committee on a scheduled date yet to be announced. Instructional and Academic Computing Services will be represented and will be advised on the Microsoft Windows 2003 and Exchange migration plan.

The deployment of the new software will be combined with the computer installation project which consists of 1900 new computers for the academic labs and classrooms. This combined project will be accomplished during the Summer Fall break - week of August 8th to the 19th 2005.

Page 10


The following tasks and issues must be addressed prior to deployment and installation of the new computers:

1. New computers will have to be cloned with the Windows 2003 infrastructure platform. Two images will be required, one for the Academic Computing Services and a second for the instructional departments.

2. The departments that will participate in the deployment, MSU, STS, Academic Computing or instructional staff must be established.

3. Determination of who will lead the deployment project at a managers level (Gary Chacon) and field level. Teams and team leader needs to be created; MSU, STS and outsourcing will be considered in creating these teams.

4. The old computer will have to be inventoried, formatted and classified for reuse by STS. The computers meeting the requirement for reuse will be use to replace Windows 95, 98 computers in the admin, faculty and staff areas during the deployment of Windows 2003 in the admin area.

5. Notification of the changes needs to be sent out as to the dates, times and the duration of these changes. E-Mail, faculty development announcements, mail flyers etc… explaining the migration process.

Security

One critically important factor in the long-term success of this project will be security and the method by which faculty and staff are added to and removed from the user/network directory service whenever employees are hired by or leave the college. A formal process by which IT is notified by Deans / Department Heads / Human Resources and other operational functions within the college must be established. Because this effort will put in place processes that must be strictly adhered to throughout the college, this effort will need top management support, and participation by all departments. Proposed standards for Server Security, Network Access, and Password Strength are included in Tab 4.

Page 11

epcc directory services & e-mail migration plan · epcc directory services & e-mail...

Documents