1 OPERATIONAL IT COMMITTEE MEETING AGENDA Wednesday, September 26, :00 p.m., FAC 228D I. Welcome and Introductions II OIT Chair II. Governance Overview III. OIT Priority Topics for V. UT System IT Roadmap and Funding (Brad Englert) VI. Baseline Charts for Services Being Subsidized by UT System (Cam Beasley) VII. Virtual Machine Use (Cam Beasley) VIII. Inventory Policies (Cam Beasley) IX. SITAB Campus-wide Survey (Cam Beasley) X. OIT Meeting Schedule
2 The University of Texas at Austin Office of the Chief Information Officer About IT Governance The IT governance structure establishes the strategic, operational, and technical decisionmaking process required to ensure IT enables the University to excel in its mission. IT governance provides strategic leadership, establishes campus-wide IT priorities and policies, and is accountable and transparent to the University community. The following diagram illustrates the committee structure for IT governance at the University. General Responsibilities of IT Governance Committees The IT governance structure as a whole is responsible for the following: Establishing and communicating a campus-wide IT vision that supports the University mission and goals Establishing IT policies that support strategic, campus-wide IT priorities Establishing an overall IT budget structure for total IT spend on campus, starting with ITS Defining technical architecture and standards for the University Establishing best practices and tools for IT across campus 1 A b o u t I T G o v e r n a n c e a t T h e U n i v e r s i t y o f T e x a s a t A u s t i n, S e p t e m b e r
3 IT Governance Values For IT governance to be successful, the committees must hold the following values: Transparency Governance structure and process must be clear. How decisions are made and who has input rights and decision-making rights must be readily apparent to campus. Communication Communication must occur into, out of, and across the committees and with campus. Accountability Committees and task forces must be held accountable for delivering on their responsibilities. Clear escalation paths for issue resolution must be defined. Responsibility Governance structure must focus on results rather than implementation and project management. Appropriate representation Constituency groups across campus must be represented. Active support Governance structure requires staff to support the process. Agenda setting, meeting logistics, issue tracking, and communication are all essential aspects of active support. Agenda Setting Members of each committee propose agenda items to be discussed in their respective committees. Agenda items can also be suggested by anyone in the UT community (noncommittee members) by directly contacting either a committee member, a committee chair or the CIO's office. Agenda items for each committee are vetted through that committee's chair. The committee chairs and CIO meet monthly to coordinate the timing of committee efforts and ensure proper communication, inclusion and prioritization. Reporting The IT governance structure is supported by administrative and communications personnel who report to the Chief Information Officer. Notes for each regularly-scheduled IT governance meeting are available on the respective committee web pages. In addition to the meeting notes and executive summaries, IT governance progress and updates are communicated via the CIO s Weekly Update. Any policy related materials are posted on the CIO website. Some decisions and projects may need additional communications due to their scope. These communications will be determined on a case-by-case basis. 2 A b o u t I T G o v e r n a n c e a t T h e U n i v e r s i t y o f T e x a s a t A u s t i n, S e p t e m b e r
4 Projects IT governance committees focus on setting direction and ensuring accountability rather than implementation responsibilities or IT project management. Committees can, however, ask for and receive presentations and updates on projects from any project teams or steering committees as needed. Funding Continuum Projects are funded through four mechanisms; local funding, aggregate funding, aggregate funding with partial central support, and common good funding. Local funding is derived completely from the unit employing the service or administering the project. Examples of services that are completely funded by the local unit include Echo 360 and Computer Aided Design. Echo 360 is a service funded by Liberal Arts that is available to their unit and training for which is available for campus based on special agreements with their staff. Computer Aided Design is a service funded in total by Engineering to serve the specific needs of their population. Aggregate funding involves the cooperation and coordination of funding through multiple units to save money by buying a service in bulk. By aggregating funds and purchasing power among and across units, the service can typically be acquired at a lower cost. Examples of those services purchased through aggregate funding include Media Site, Apple Educational Licensing, and general use CrashPlan. When a service funded aggregately is identified as essential to a majority of units across campus, it may qualify for partial funding from the central IT budget. Common Good services are available to and serve all campus units and members. Examples include Encryption software, BevoWare, the IT Help Desk, CrashPlan, Webspace, Blackboard and Austin Exchange. Common Good services are funded entirely through the central budget. IT Governance Continuum of Funding Locally Funded Aggregate Funding Aggregate + Partial Central Subsidy Common Good Echo 360 Media Site Adobe Connect Encryption Software Computer Aided Design Apple Education BevoWare Licensing Program CrashPlan for General Use Help Desk CrashPlan for Faculty Webspace Blackboard Austin Exchange 3 A b o u t I T G o v e r n a n c e a t T h e U n i v e r s i t y o f T e x a s a t A u s t i n, S e p t e m b e r
5 Policy and Funding Decisions and Exception Handling Each committee in the IT governance structure is responsible for identifying and drafting IT policies for the University. Policy decisions are vetted through the entire governance structure. For example, a policy originating in the IT Architecture and Infrastructure Committee is vetted through the Operational IT Committee before endorsement by the Strategic IT Advisory Board. Committees may solicit the review and expertise of personnel outside of the governance structure in making policy decisions. IT policy decisions are available at If decisions involve funding, they may first be vetted by the IT Architecture and Infrastructure Committee, the Business Services Committee, or the Research & Educational Technology Committee. The decisions must then be endorsed by the Operational IT Committee. The IT governance structure is also tasked with establishing processes for handling exceptions that meet unique business needs. Exceptions are also useful means for collecting feedback on current structures and determining when established standards become obsolete. Subcommittees and Task Forces Subcommittees are defined as ongoing groups responsible for issues and decisions in a certain area of IT at the University. Task forces are defined as time-bound groups assigned specific problems to solve or tasks to accomplish. IT governance committees can form subcommittees and task forces as needed. Existing committees may be asked to establish formal relationships with the IT governance committees, such as the one created between the BSC and the Administrative IT Leaders groups. There is an intermittent need to create task forces to investigate issues and explore different IT solutions. Task forces can be appointed by any of the IT governance committees on an asneeded basis. The task forces meet for a set timeframe to accomplish specific objectives related to resolving an issue or implementing an IT strategy; they are not be considered standing or ongoing governing bodies. Task force membership can consist of IT governance committee members or any qualified personnel identified by IT governance committee members. Customer Steering Committees Customer steering committees serve as representative customer groups that work with IT project teams to determine the best course of action and to provide accountability for IT projects at the University. Customer steering committees help project teams: Develop a project charter that directs the project towards what customers need most from the service 4 A b o u t I T G o v e r n a n c e a t T h e U n i v e r s i t y o f T e x a s a t A u s t i n, S e p t e m b e r
6 Create a thorough and effective communication plan to distribute information to affected customers across the University Refine the project plan and be accountable for changes to that plan Direct research about the project or service at the University and peer institutions Deliver the projects and services that the University truly needs Customer steering committees may be called upon to present information and updates to IT governance committees. IT Governance Meetings The IT governance committees meet according to the following schedule: Business Services Committee First Friday of every month, 1:30-3:00 p.m. IT Architecture and Infrastructure Committee Second Friday of every month, 9-10:30 a.m. Research and Educational Technology Committee Third Thursday of every month, 8-9 a.m. Operational IT Committee Fourth Wednesday of every month, 3-4:00 p.m. C-13 Information Technology Committee Second Thursday of every month, 2-3 p.m. IT Governance Chairs (BSC, AIC, R&E, C-13, OIT) Third Thursday of every month, 11-11:30 a.m. Strategic IT Accountability Board Quarterly, scheduled according to availability of members 5 A b o u t I T G o v e r n a n c e a t T h e U n i v e r s i t y o f T e x a s a t A u s t i n, S e p t e m b e r
7 Governance Priorities Strategic IT Accountability Board Network Speed Plan Develop a network plan that outlines in which Fiscal Years the campus will realize increases in network speed. 10GBs GBs GBs Current Educational Technology Roadmap Determine the most appropriate technologies for large and small scale online instruction. More Efficient Administrative Systems As business units undergo efficiency assessments, tie the roadmap for the administrative system master plan to business plans and identify technologies to support increased efficiencies. Identify Patterns in Data Collected for Network Reporting Investigate and develop methods for capturing patterns in data collected for network reporting. Operational IT Committee Increasing Network Speed Increase network speed to enhance the ability to move more and larger files quickly and make more efficient University operations. Inventory of Devices Align inventory processes to increase efficiency and so that device tracking is easier in a manner that addresses any disparities between IT policy, Inventory policy, purchasing policies, and in some cases State policies. Data Policies Create data policies that address the questions of who is allowed to use certain University data and for what purposes they can use data while being mindful of transparency desires and the need to train people to become educated and responsible users of data. Increasing Use of Cloud Computing Identify support structure for proper cloud technologies, observation, and evaluation schemes. VoIP Support the move to VoIP on an escalated time schedule. On-line Instruction Identify support structure for on-line instruction, the use of video technologies, and expansion of the classroom into new dimensions. Learning Analytics Determine the best tools and strategy for analyzing real-time classroom data Governance Priorities, September 2012
8 Research and Education Committee Educational Technologies specifically video and lecture capture technologies Identify technologies that can be used to extend and augment classroom instruction. Big Data Policies and Management Address the following big data questions: Who has access to what data? How is data accessed? How do researchers share data? Research Computing Environment Secure cloud computing options that allow for collaboration in the cloud must be identified and shared with campus. Business Services Committee Emergency Web Presence Develop redundant and robust central and supporting web pages for campus and coordinate with colleges to create a directory of contacts for who is responsible for pages and who needs access to pages during a disaster is necessary. Administrative Systems Roadmap and Data Create and implement Road maps and data strategy for new administrative system. Disaster Recovery Continue exploration and implementation of policies and practices for response to disaster. Proxy Cards/Building Access Control System Identify and implement a new system for building access controls. Institutional Data Management and Sharing Address the following institutional data questions: To what data do we allow access? How do we share data? What is the University attitude about data? Architecture and Infrastructure Committee Administrative Systems Technical Environment Design the technical environment that will support the new administrative system. Institutional Data Policies and Management Identify and define who owns what data on campus and who the data stewards are. Long-term Archival Data Storage Determine policies and guidelines for the long-term storage of data on and off campus. Web Development Environment Determine web development environment. Wireless Network Identify access methods for new technologies including consideration of 3G to 4G networks Governance Priorities, September 2012
9 Information Security Funding News As a result of a recent external security audit and targeted ISO funding requests, UT System has agreed to fund approximately $3 million in one-time funding to help our campus address several high-risk security areas. I've been coordinating this effort on behalf of the university and want to make these funds available for the campus to benefit as quickly as possible. Below are more details on how the funding will be used and the benefits to the community. UTBackup * Make UTBackup more available to UT faculty members. All faculty members now receive a minimum quota of 50 gigabytes of compressed space for every device they use. This will help our faculty to safeguard the security and integrity of their data. Please see more about this service at: Virtual Computing * Make virtualized computing more affordable to campus units. Beginning this fiscal year, ITS will be reducing rates for commodity Virtual Machine Units (VMUs) from $300/VMU/year to $100/VMU/year. These price reductions are based not only on UT System funding, but on better negotiated prices for hardware, storage, and software licensing. Please see more about this service at: University Data Center * Make co-location in the University Data Centers more affordable. The current co-location cost is $1.70/KW (around $700/year for an average system). Beginning this fiscal year, and for the following two years, the rate will be reduced by 40-50%. Please see more about this service at: The goal of these initiatives is to move 1,000 new physical or virtual servers into the University Data Centers within the next two years. Deans, Vice Presidents and/or Unit Heads will hear more about this goal in the coming weeks from President Powers. All of these rate changes will be in effect for a minimum of three fiscal years. These new initiatives and rate reductions will make key services more available to campus units, which will help to reduce related security risks on campus. Please contact the Information Security Officer, Cam Beasley, with any questions or concerns.
10 UT System Funding :: Tracking Usage of Associated Centralized Services Information Security Office University of Texas at Austin AUG Overview As a result of a recent external security review, the UT Austin Information Security Office has requested (and received) approximately $2.5M in funding from UT System. This funding was specifically approved to address decentralized risks by reducing the financial barriers to adoption for existing central backup, colocation, and virtualization service. Goals The UT System funding was approved with the condition that 1,000 new physical or virtual systems are migrated to central services in the next two years with a heavy focus on academic and research units (preferably 75% or more). Additionally, at least 80% of UT Austin faculty members are to be backed up in the next two years. Virtualization & Data Center Colocation The following graphs attempt to demonstrate the current distribution of subscribers using the centralized virtualization service offered by ITS (426 virtual servers). This data does not include the 76 virtual systems assigned to ITS in Enterprise/Restricted clusters. Note: There are approximately 6,500 servers on campus. This virtualization service currently represents approximately 7% of this total. The academic/research community accounts for approximately 20% of the current subscribers. Top$V$&$Virtualiza.on$Subscribers$(2012&July)$ Virtualiza)on,Subscribers,by,Major,Campus,Unit,(2012=July), Center)for)Teaching)and) Learning) 2%) Development)Office) 3%) Informa(on)Security)Office) 3%) Other)campus)units) 21%) Cockrell)School)of) Engineering) 7%) Informa(on)Technology) Services) 64%) SOCIAL$WORK$ UNIVERSITY$OPERATIONS$ NURSING$ LAW$ INFORMATION$SCHOOL$ ARCHITECTURE$ UNDERGRADUATE$STUDIES$ PHARMACY$ DIVERSITY,$VP$ CONTINUING$EDUCATION$ LIBERAL$ARTS$ PUBLIC$AFFAIRS$ EDUCATION$ ATHLETICS$ STUDENT$AFFAIRS,$VP$ COMMUNICATIONS$ BUSINESS$ PRESIDENT$ FINE$ARTS$ RESEARCH,$VP$ GEOSCIENCES$ DEVELOPMENT$OFFICE$ NATURAL$SCIENCES$ PROVOST$ ENGINEERING$ FINANCIAL$AFFAIRS,$VP$ 1$ 1$ 1$ 1$ 2$ 3$ 3$ 4$ 5$ 5$ 5$ 6$ 6$ 8$ 8$ 11$ 11$ 26$ 33$ 286$ Page 1 of 3
11 UT System Funding :: Tracking Usage of Associated Centralized Services Information Security Office University of Texas at Austin AUG The following graphs highlight the current distribution of University Data Center customers (737 physical devices). The academic or research community accounts for approximately 18% of the current customers. Note that a number of major units were not currently using the data center as of July. TopV%UDC%Customers%by%Major%Unit%(2012:July)% UDC$Subscribers$by$Major$Unit$(2012=July)$ Info0Mgmt0&0 Analysis0 6%0 Natural0Sciences0 6%0 Other0Units0 16%0 University0Opera(ons0 6%0 General0Libraries0 10%0 Informa(onTechnology0 Services0 56%0 COMMUNICATIONS" NURSING" LAW" INFORMATION"SCHOOL" ARCHITECTURE" UNDERGRADUATE"STUDIES" PHARMACY" DIVERSITY,"VP" SOCIAL"WORK" 1$ DEVELOPMENT"OFFICE" 2$ FINE"ARTS" 2$ RESEARCH,"VP" 3$ EDUCATION" 3$ STUDENT"AFFAIRS,"VP" 3$ GEOSCIENCES" 4$ TEXAS"EXES" 4$ LIBERAL"ARTS" 5$ BUSINESS" 5$ ATHLETICS" 8$ CONTINUING"EDUCATION" 11$ ENGINEERING" 42$ UNIVERSITY"OPERATIONS" 47$ NATURAL"SCIENCES" 53$ PROVOST" 12 FINANCIAL"AFFAIRS,"VP" 423$ 0" 50" 100" 150" 200" 250" 300" 350" 400" 450" Page 2 of 3
12 UT System Funding :: Tracking Usage of Associated Centralized Services Information Security Office University of Texas at Austin AUG Backup There are currently 1,680 systems being backed up by the UT Backup service accounting for 30 Terabytes of backup data. The following graph demonstrates the current distribution of UTBackup customers by major campus units. It should be noted that the following groups have opted to run their own large Crashplan services internally and thus are not fully represented in this data (Geosciences, Liberal Arts, Natural Sciences, Communications, Education, and Computer Sciences). If these standalone services are included, the data indicates that roughly 45% of the campus faculty/researcher community is being routinely backed up. The academic/research community accounts for approximately 55% of the current UTBackup subscribers. UTBackup)Subscribers)by)Major)Campus)Unit)(2012<July)) GEOSCIENCES$ NURSING$ DIVERSITY,$VP$ EDUCATION$ ATHLETICS$ COMMUNICATIONS$ UNIVERSITY$OPERATIONS$ PRESIDENT$ LIBERAL$ARTS$ RESEARCH,$VP$ LAW$ DEVELOPMENT$OFFICE$ PUBLIC$AFFAIRS$ INFORMATION$SCHOOL$ FINE$ARTS$ NATURAL$SCIENCES$ SOCIAL$WORK$ ARCHITECTURE$ CONTINUING$EDUCATION$ UNDERGRADUATE$STUDIES$ PHARMACY$ BUSINESS$ STUDENT$AFFAIRS,$VP$ PROVOST$ FINANCIAL$AFFAIRS,$VP$ ENGINEERING$ 1$ 4$ 6$ 1 11$ 16$ 22$ 37$ 41$ 54$ 65$ 66$ 69$ 83$ 105$ 118$ 136$ 141$ $ Page 3 of 3
13 AIC Proposal :: Change to Campus IT Inventory Control Processes Cam Beasley, Chief Information Security Officer 2012-AUG-07 rev3 Proposal: I would like to propose that all colleges, schools, and units be required to route all IT procurements (e.g., primarily hardware and large dollar software) and surplussed computing devices through their respective IT Systems Custodian (or local IT support contact). Such a change would ultimately need support from BSC, OIT, and SITAB. Based on evidence from various campus units who have already implemented such a change, this change is expected to represent a positive impact on IT system management, inventory management, the University s risk assessment efforts and overall security posture. Background: UT Austin administration and UT System have developed a need for campus units to have more thorough knowledge of their inventory of computing devices (e.g., encryption, patch management). The current processes in use for most campus units are inadequate for them to report on such compliance efforts or to effectively manage their inventory (logically or physically). The following changes to the procedures for procuring, inventorying, and surplussing computing devices will improve the University s ability to provide accurate data in response to compliance questions being asked and will dramatically improve overall visibility and system management practices for many units on campus. Procedural Changes: All units are required to have their local IT Systems Custodian(s) process (e.g., inventory, install, secure, etc) all computing devices being purchased. This includes but is not limited to any devices that have the ability to store data or use the wired or wireless networks. Examples of these types of computing devices include but are not limited to: laptops, desktop computers, and tablet computers including ipads. For units were ITS support contracts exist, ITS will be required to provide the local IT Systems Custodian with a complete inventory of computing devices for the contracted unit. The IT Systems Custodian will perform these tasks in a timely manner so as not to delay distribution of the device to the end user. Procurement, Inventory, and Surplus Procedures: All units creating purchase orders or pro-card transactions for a computing device shall specify the destination for delivery as the address of the local IT support team and note the EID in the purchase order notes for the individual the system is for. The local IT Systems Custodian(s) will receive the device once shipment is complete. The local IT Systems Custodian(s) will then acquire the UT inventory tag for the device either from UT Inventory or the unit that purchased the device if the unit self-tags equipment. All necessary information about the device will be conveyed to self-tagging units so that the required information about the device can be inputted into UT Inventory. The local IT Systems Custodian(s) will log and track all shipments received. The local IT Systems Custodian(s) will enter the computing device into the University s NetContacts registration tool and will be configure it per policy requirements. All University and specific unit procedures for configuration will be applied including but not limited to encryption of laptops. Campus units are encouraged to implement additional steps necessary to best accommodate this operational procedure change. Exceptions: Any department head can submit an exception to this operational procedure if they believe it would unnecessarily burden their unit or would not otherwise add value. Exceptions can be submitted via: https://security.utexas.edu/exception. References IT Systems Custodians defined at Adapted from a memorandum to all reporting units from the Dean of the College of Education, Manuel Justiz (Spring 2012).
14 SITAB Campus-wide Survey Goal Obtain data to identity IT efficiency and savings opportunities across campus. Overview All surveys are assigned to a single department - Assigned to registered department head and local TSCs - Additional roles can be delegated o Business Manager o TSC o End User Questions 1. Annual IT Service Costs Respondents are asked to provide a high-level account of the services their unit offers, supports, or manages. They are also asked to report the number of users the service serves and the number of servers the service represents. IT service areas covered Calendaring Web / media services File storage and backup User / desktop support IT lab support IT programming Databases / directories Networking Specialized / research services Other 2. User Support Devices Respondents are asked to identify the number of user support devices (e.g., desktops and laptops) their unit manages or supports. Device Types Faculty desktops / laptops Staff desktops / laptops Lab stations / systems Classroom support computers Help desk / troubleshooting computers
15 3. Server Support Devices Respondents are asked to identify the number of server support devices their unit manages or supports. Device Types Co-Located in University Data Center Virtualized with ITS All other servers 4. Licensing and Contracts Respondents are asked to identify any software or hardware maintenance costs, IT service licenses or subscriptions, any significant one time IT costs, any Authorization of Individual Services (AIS) costs, or other contracts their unit maintains along with their respective annual cost. 5. Annual funding sources Respondents are asked to identify the specific IT funding sources their unit relies on each year to fund the IT services their unit provides. Funding Sources ITAC General UT Funding (e.g., 14 or 20 accounts) Enterprise Accounts (e.g., 18 or 19 accounts) Grant Funding LERR (Library, Equipment, Repair and Rehabilitation) Funding Endowments and Gifts Special One-Time Funding Other Opt-out Units may opt out of the SITAB survey if: The unit has no IT-related assets or costs, or If the unit's IT costs are managed by a higher-level unit, or If the unit's IT costs are managed by an external department.