IT Architecture and Infrastructure Committee 9:00 – 10:30 a.m., February 12, 2016, FAC 228D I. How to Access TACC Resources (Bill Barth) II. Service Now – Update (Susan Roy) III. Office 365 Tool Set – Update (Bob Gloyd, Chris Carter, Trice Humpert) IV. WITI Committee – Update (Aaron Choate) V. Mac Systems Management – Update (James Lewis)

ServiceNow Implementation Status

2/9/2016 1

Continual Service Improvement

2/9/2016 2

We started with IT teams at Colleges, Schools and Units using Footprints.

2/9/2016 3

Phase 1 Major Accomplishments• Core Configuration

– Integration with TED and Facility location data, security• Incident Management

– Process, form, categorization, priorities, service levels, metrics and reports

• Content Management Systems– Look and feel, service identification and reconciliation,

categorization, request items• Configuration Management

– Categories of configured items, key attributes• Knowledge Management

– Process, phase 1 participants, content migration process (wikis, SharePoint, public pages, Askus

2/9/2016 4

What’s Next?• Footprints Sunset Strategy• Continued TRAC Discovery and Design• Show-me Sessions• User Acceptance Testing• Project Planning with CBO, HR and Facilities• Define ‘Finance’• Continue Prioritization of Validated Catalog Items• Import Knowledge• Training• Publish Knowledge Roadmap• Configuration Management and IT Asset Roadmap

– NetContacts,Claim, ISORA, SCCM, Absolute Manage, Excel spreadsheets, SharePoint, Define/Workday

2/9/2016 5

Challenges• ‘Cederated’

– Support centralized and federated IT

ExampleTwenty 0365 knowledge articles

• Understanding ASMP/Workday Functionality– Complement not duplicate

ExampleWorkday IT Asset Management

2/9/2016 6

Connecting Campus

2/9/2016 7

ServiceNow

Automated Call Distribution System

Service Desk, Centers of Excellence

Resolve, Route, Escalate, Report, Self-Service, Knowledge

Walkup, Phone, Chat, Email

ServiceNow Team• ServiceNow project documentation,

updates, and links, visit the ServiceNow wiki

• Contact a Team Member (See wiki)• Office Hours – Visit the ServiceNow Team

Room at FAC 227A every Wednesday from 9:30am-11:30am

• Submit Suggestions and Ideas via Ideation - Click Here

2/9/2016 8

Content Management System (CMS) Examples

2/9/2016 9

2/9/2016 10

CMS

2/9/2016 11

CMS

2/9/2016 12

CMS

2/9/2016 13

CMS

2/9/2016 14

CMS

Configuration Management Categories

2/9/2016 15

Configuration Management Categories*

Desktops and Laptops

Business Services

Applications

Database

Network

Storage

Server

VoIP

* Also known as CMDB Data Models or Classes

Questions?Suggestions? Action Items?

2/9/2016

16

Topic Milestones (esp. names & numbers) DiscussionAccessibility(VPAT 508)

per Laura Grooms & Jennifer Maedgen

DONE - confirmed OK without need for exception request

Security & review

Per Charlie Scott of ISO

DONE - confirmed to fall under existing Microsoft terms of service

Legal review Approved by Jeff Graves, however, it is not approved for use with HIPAA protected data.

Networking

Desktop sharing-...-Simultaneous online collaboration-

Bob & Chris define small as ~<=6, for optimal•

Networking sees no issues with use by faculty/staff in small-group video collaborations. Per William Green.-

William Green continues to pursue a better overall understanding of the toolset with Microsoft.-

KBaseUntil ServiceNow is ready•https://wikis.utexas.edu/x/sg9MBw •

ITS Help Desk has engaged via a Wiki-

https://wikis.utexas.edu/display/engritgpublic/Using+Skype+for+Business

•Engr: -

https://wikis.utexas.edu/display/MCS/How+to+Sign+In+to+Skype+for+Business+2015+for+PC

•

https://wikis.utexas.edu/display/MCS/How+to+Sign+In+to+Skype+for+Business+by+using+Lync+for+Mac+2013

•

Lib:-

Participants >1,000 deployments in total, largely among key participants (ATS, Engr, JSG, Libraries) -

Other, early adopters, are tracking in proportion to their interest and need (Comm, iSchool, Law, LBJ, ...)-

Stats Number of participants (as of 2/1): 1,070-Number of 3rd-level tickets (10/16 – 2/1): 31-

Class Notebook

some minor administrative challenges are expected due to @utexas.edu schizophrenia

•

Bob Gloyd is actively exploring the Class Notebook tool and already has a good understanding of the capabilities of the tool.

-

more... on back >>>

Topic Milestones (esp. names & numbers) Discussion

Ofc365 project status report, AIC Feb 2016Friday, February 12, 2016

Topic Milestones (esp. names & numbers) DiscussionCanvas The ball is in Learning Sciences court. Microsoft is

willing to bring resources to the table too.-

More...

Chat/Instant Messaging (IM)○Presence (Availability/Calendar)○

Messaging•

Collaborative Videoconferencing○Desktop and application sharing○Presence (Availability/Calendar)○

Meetings•

Shared Notes (OneNote)○Shared Documents (OneDrive)○Web Productivity Apps (Online Apps)○

Collaboration Tools•

Core functionality is considered accomplished-

in December meeting with Microsoft we could not get time commitments, this makes us think late 2016.

•

in the interim we have a set of tools in order to accomplish functionality

•

Full citizenship/equity for Apple platform is further away than we had hoped-

•we have various scenarios on campus, that don't have obvious answers, we will be leveraging Microsoft and campus insights to unveil options

-Additional Group functionality is desired

We do perceive that we may need to address some additional DNS/identity challenges as we move forward, due legacy campus systems.

-

Next Objectives

Key & core functionality seems well vetted and we anticipate requesting the AIC to endorse a Grand Opening this summer, at the April AIC meeting.

-

Project Schedule

Timetable Summer '15 Fall '15 Winter 15/16

Spring '16 Summer '16

Phases:

8/2015

Staging -Completed

Exploring & Validating

Reporting Expanding & Integrating

Grand- Opening for entire campus

Mac Client Management (was JAMF Casper for Systems Management) Update (2016-02-12) The ATS Systems Management team has had more challenges than expected in allocating resources at the start of the spring semester, due to ongoing projects on both teams. After a review of current systems and practices, the team identified the need to start with a solid foundation, and focus on aligning policies and practices first, rather than jumping into the purchase and migration to new tools. Minimum Security Profile As such, the team has been focused on defining the minimum security profile for a supported system—identifying the compliance policy requirements and translating those into a standard practice—in order to identify gaps in our existing practices (which are primarily with Mac client management). These practices will be shared with the public once the initial review is complete. We are specifically focusing on:

• Admin Rights for Non-IT Staff • AUP Banner Display • Backup • Encryption • File Sharing • Firewall Configuration

• OS and Application Management • Remote Access Tools • Securing Unattended Devices • System Logs • System Management Tools • Virus and Malware Protection

Identified gaps in client management practices with Macs while be used to inform our investigation of JAMF Casper and other client management tools. Industry Analyst Review of Mac Client Management Tools On a parallel, but separate track, we are working with ITS staff (Trice Humpert and Eric Weigel) to review the offerings from industry analysts Gartner and InfoTech in the sphere of Mac client management tools. We’ve provided evaluation criteria to Eric (see associated spreadsheet), who will be engaging with each company to solicit their recommendations in this space, as well as information on what our peer institutions are using to manage their Mac clients. This approach will serve a dual purpose, by both evaluating the offerings of these analysts, while providing us much needed research in this domain. Next Steps Once the results are obtained from Gartner, we will proceed with evaluation of the top recommended client management tools for Macs. We expect this to begin in mid to late March, and run through the end of April. It is expected that a recommendation will be provided to AIC at the May 2016 meeting.

Client Management Tools

Criteria Mandatory?

Application Administration

Single sign-on capability (Shibboleth) YGranual permission model YInherited permission model Y

Asset Management

network scan/discovery of computers Yautomated enrollment, install of asset management agent post-discovery Nagent report: OS patches installed, needed, failed Yagent supports last 2 releases of client OS Yautomatic updating of asset management/inventory (hardware, software fields) Yintegration with vendor warranty status Nnotification of inventory changes in hardware Ynotification of inventory changes in applications Ynotification of inventory changes in location (provided external database of location available) Ndetection of attached peripherals Yagent report: encryption status, method Yescrow and retrieve encryption keys Ndocumented API for data exchange Yversion tracking Yusage tracking Nsearching by file name Ncreation of custom groups (boolean criteria) Y

Operating System and Software Deployment

load balancing or distributed update servers capability Ymodular image deployment Yzero-touch deployment (via network boot) Yzero-touch deployment (via recovery partition) Nlight-touch deployment (via ext media) Ypolicy based OS and software deployment (ie: defined by user, device, group, location) Yintegration with Apple Device Enrollment Program (DEP) Nautomated directory binding capability Nmulticast deployment Yscheduled reimaging capability Yapprove/deny scheduled updates Yintelligent patch deployment (only what is needed) Ypatching/updates of installed applications Yreporting on available/deployed software updates Yresumable downloads Ndeployment of patches from internal distribution points Ndeployment scheduling Yself-install capability (with admin privs) Yself-install capability (without admin privs) Nself service portal (allowing users to select/initiate install) Ydeployment with native installer formats (PKG/DMG) N

License Tracking/Management

check in / check out of licenses Nusage defined by user, group, dept, location N

tracking of usage (period, frequency) Npolicy based tracking of software usage (ie: defined by user, device, group, location) Nprevent launch of applications that exceed licensing Nfind/remove unlicensed/unauthorized software N

Configuration Management

baselining of known-good state Yremediation of non-compliant devices Yautomated remediation of non-compliant devices Nnotification of non-compliant devices (user) Nnotification on non-compliant devices (admin) Ywhitelisting/blacklisting of applications Nmanagement of printers Npolicy based configuration enforcement (ie: defined by user, group, dept, location) Ydynamic group membership based on asset criteria Nintegrated full policy/pref management (50+ settings) Nend user update prompt suppression Ycreation/deletion of local accounts Nresetting of local account passwords N

End User Remote Support

administrator-initiated launch of remote support YBomgar integration Nuser approval for remote access capability Ysession-based control Ydirectory-based authorization Naccess agent not running until activated by administrator Ysecure remote access capability Yadmin client runs on last 2 releases of client OS Yremote disable/wipe of system N

Defining IT Roles

Document Version 1.1 Prepared by James J Lewis

Last edited February 9, 2016

Defining IT Roles Task Force Executive Summary IT Roles, including their privileges, requirements, responsibilities and expectations, are poorly defined and inconsistently applied across campus. Defining these roles holistically for campus will allow for a standardized set of roles to more easily enable current and future applications, functions and processes. Having a standardized definition of IT roles will improve campus security, clarify responsibilities and accountability for IT staff, ease the provisioning of services, and improve service delivery.

Current State In the current IT environment on campus, there are only a few roles that are widely used, most notably, the Network Technical Support Contact (TSC) and the OHS Contact Roles for IT Custodians. These roles are poorly defined, are often misapplied to non-technical staff, or are used arbitrarily for other purposes. Outside of these campus-wide roles, most other IT roles are either ad-hoc or defined for a very narrow scope. In the majority of cases, these roles have poor definition of the purpose and intention of the role, staff are arbitrarily assigned to role, and privileges and responsibilities are not explicitly defined for the roles.

Purpose As previously indicated, current IT roles are poorly defined, leading to their misapplication or workarounds. This is both a security issue (users are often given roles with higher levels of access than they require) and a logistic issue (roles often don’t match the needs of end users).

There are campus-wide systems currently under development (ServiceNow and Workday), where clearly defined and aligned IT roles will ease several regularly occurring tasks (such as onboarding and provisioning). Defining these roles, will help enable future system implementations to function better for end users.

Sailpoint, the new Identity and Access Management system, has role based management as part of that project scope. However, defining IT roles at a high-level with a broader perspective will have benefits that reach across other applications.

Scope The scope of the task force will consist of 1) developing recommended IT roles for each functional IT sphere (applications, systems, networking, customer support, and data center), 2) defining the purpose and intended use of each of those roles, 3) identifying any existing IT roles that a new role will replace, and 4) for existing roles and where appropriate in newly defined roles, enumerating the role’s privileges.

Page 1 of 2

Defining IT Roles

Document Version 1.1 The task force shall provide their recommendation to the AIC at the June 2016 meeting. If accepted, it will be distributed to relevant parties throughout campus as a standard guide and reference, to be adopted as technically feasible into existing projects and tools that depend upon IT roles.

Task Force Composition CW Belcher (or designate) ITS Applications, Identity and Access Management Trice Humpert (or designate) ITS Systems Susan Roy (or designate) ITS Customer Support Services Michael Cunningham (or designate) ITS University Data Center Cam Beasley (or designate) Information Security Office William Green (or designate) ITS Networking and Telecommunications Graham Chapman University Operations, Technology Resources Shannon Strank Center for Electromechanics Ty Lehman Jackson School of Geological Sciences Michael Harvey School of Law James Lewis Academic Technology Support

Defining IT Roles Task Force Page 2 of 2