Current Environment Assessment Specification. Single Sign On Customer Relation Management Workstation Support

Transcription

1 Current Environment Assessment Specification Single Sign On Customer Relation Management Workstation Support Georgia State University By: Team #2 Members: Igor Wolbers Tony Yuan Saeed Nadjariun Team2 Version /9/2005 Current Environment Assessment Specification 1

2 CURRENT ENVIRONMENT ASSESSMENT SPECIFICATION 1. Introduction Purpose Key Participants Scope Integration Technologies... 5 Single Sign On:... 5 Customer Relation Management:... 6 Workstation Support: Application and Data Sources Interfaces Integration Matrix Integration Diagram Security Conclusions and Commentary Appendix A: References Current Environment Assessment Specification

3 1. Introduction This document defines the current information technology environment as it pertains to the business integration strategy and architecture as of 10/09/2005 for Georgia State University. The focus of this document is on three initiatives: Single Sign on Customer Relation Management Workstation Support Single Sign On - This initiative will provide a strategy to create a single entry point for authentication for all electronic web enabled resources maintained at Georgia State that require authentication. It can then be expanded to include access to universities across the country that require generic authentication to their resources. Technologies being defined include Internet2 s Shibboleth and eduperson, PersonRegistry created via Oracle, and Novell s edirectory which is a LDAP service. The major constraint in the current environment is that every system that is implemented at Georgia State University needs to create its own method of authenticating users as well as track the identity of the authenticated users. This also creates security issues because there are multiple entry points into the University s systems which need to be monitored. If security standards change in the future every resource that has its own authentication schema needs to be updated and tested for compliance. The University is experiencing something similar to this as the Board of Regents has announced that it wants the Universities systems to meet a security mandate which states that Social Security Number may no longer be used as a primary means of authentication for non payroll based systems. Customer Relation Management Currently Georgia State University Help Center uses Remedy to log trouble tickets and how to resolve it. There are a number of issues identified with this current process: It is not streamlined - the customer information data has to be entered to Remedy when customer calls the Help Center; the other problem is that there is no guarantee of documentation and knowledge reuse in the current process. Technicians are still being contacted in person, and there is not enforcements of what problem will be routed to 2 nd level or 3 rd level support. This document looks into the current technical configuration of the existing Remedy setup, and the call routing process. This document will serve as a reference for integrated architecture and process which will be proposed later on. Workstation Support - As a part of IS&T, Planning and Strategic Initiatives (P&SI) is responsible for providing workstation support to the campus. To better manage the estimated 10,000 workstations around campus, in December of 2004, IS&T purchased 10,000 1 licenses for the Symantec icommand software. However, implementation was delayed due to remote access limitations of the purchased version of the software. Upon receipt of a softwareupgrade in summer 2005, IS&T has been conducting appropriate testing, and the first implementation is anticipated to begin soon. Use of icommand will be piloted at IS&T as the first step of the implementation. One of the foreseen challenges in the enterprise-wide implementation is the acceptance of the use of icommand by various organizational units. Concerns over workstation security have been expresses, specifically, some faculty members are concerned that grade and exam information, may be compromised. Current Environment Assessment Specification 3

4 2. Purpose The purpose of the Current Environment Assessment is to document and assess the current integration technologies that support the business functions of the enterprise. This assessment will be used when determining recommended technologies and vendors in the Integration Architecture Document. 3. Key Participants The creators and the maintainers of this document are CIS 8020 Team number 2 consisting of Igor Wolbers, Tony Yuan, and Saeed Nadjariun. The intended audience members include: Director of Planning and Strategic Initiatives will use this document to ensure it is inline with its strategic mission. Director of Library Services Support will use this document to ensure that the architecture to be implemented is scalable enough to be used in an initiative to use generic authentication schemas for accessing library resources. Director of Advanced Campus Services will use this document to ensure that it is inline with other strategies that would utilize the outcomes of this initiative. IS&T technical staff The Planning and Strategic Initiatives (PS&I) Will use this document for appropriate planning and implementation. 4. Scope The scope of the environmental assessment includes: Single Sign On - All web enabled electronic resources which are maintained by the University of Georgia State as well as the various colleges that are a part of it, specifically any web enabled resource that requires authentication such as GILL, GOSOLAR, WebCT, etc... Customer Relation Management - IS&T s Help Center support efforts only. However the enhanced Help Center and its process will serve all faculty and staff at Georgia State University. Workstation Support - The current environment assessment covers all the operating units within Georgia State University where workstations are being used. 4 Current Environment Assessment Specification

5 5. Integration Technologies Single Sign On: Integration Technology Vendor Solutions Applications Messaging systems Integration brokers/servers Application servers with some integration Oracle RDBMS Packaged application integration PeopleSoft In progress Adapters and interfaces Enterprise service bus and Web services tools Data, information and content integration tools Portals B2B technology BPM technology WebCT Vista Current systems that use stored data will use Oracle to persist that data. Integrated security Novel s edirectory (LDAP solution) Currently just campus PC based authentication and eduperson by MACE None as of yet Other middleware technologies Point solution technology Custom integration solution Current Environment Assessment Specification 5

6 Customer Relation Management: Integration Technology Vendor Solutions Applications Messaging systems Integration brokers/servers Application servers with some integration Packaged application integration PeopleSoft Remedy system is currently not using Messaging to interface with other systems. Remedy currently pull information from PeopleSoft on nightly basis Adapters and interfaces Enterprise service bus and Web services tools Data, information and content integration tools Portals B2B technology BPM technology Integrated security Other middleware technologies Point solution technology Custom integration solution CRM is currently not in Portals Remedy Latest Release of Remedy has business process management capability Currently Remedy use its own build in Authentication / Authorization mechanism for security No Customized integration middle ware for CRM 6 Current Environment Assessment Specification

7 Workstation Support: Integration Technology Vendor Solutions Applications Messaging systems Integration brokers/servers Application servers with some integration Packaged application integration Symantec ON icommand Adapters and interfaces Enterprise service bus and Web services tools Data, information and content integration tools Portals B2B technology BPM technology Integrated security Other middleware technologies Point solution technology Custom integration solution 6. Application and Data Sources Interfaces Single Sign On: Application/Data Owner Platform Interface Reusable Source Name WebCT Vista UCCS Java 2 Platform (TBD) (TBD) GOSOLAR UCCS Unix (TBD) (TBD) GILL LSS Web enabled (TBD) (TBD) Groupwise UCCS MS Windows edirectory Yes Customer Relation Management: Application/Data Owner Platform Interface Reusable Source Name Remedy / People Soft data source Help Center Unix / Oracle API Yes Workstation Support: Application/Data Owner Platform Interface Reusable Source Name icommand Windows Through Windows Yes Support Group Active Directory or LDAP Current Environment Assessment Specification 7

8 7. Integration Matrix Single Sign On - Currently, the team is not aware that any of these applications are integrated in any way with the exception of a possible common data store where Student/Staff information is housed. Customer Relation Management Remedy PeopleSoft Help Center Oracle Database Remedy Manual Process JDBC / Read PeopleSoft Help Center Manual process Oracle Database Nightly feed job Nightly job update Workstation Support Not available Nightly job update 8. Integration Diagram Single Sign On This is the As Is diagram shows that although each service uses some of the data from staff and student repositories (shown in red) they are in charge keeping track of their own authentication schema as well as any security information that is used by that service. (Original diagram was taken from a Power Point presentation created by Art Vandenberg. The original diagram was altered to fit the needs of this document). 8 Current Environment Assessment Specification

9 This diagram shows that a user authenticates directly to any one particular service (WebCT, , etc.) and the service is in charge of authenticating the user by going to its own local data store or host data store to check the credentials. (Original diagram was taken from a Power Point presentation created by Art Vandenberg. The original diagram was altered to fit the needs of this document). Customer Relation Management: Remedy Enter New / Use Oracle / UNIX Nightly Update PeopleSoft Current Environment Assessment Specification 9

10 Workstation Support: This is an eschematic of the university backbone (2003) which is used here to depict the vastness of the GSU computing environment. The estimated 10,000 workstations are connected through the backbone. 10 Current Environment Assessment Specification

11 9. Security Single Sing On Authentication Authorization Auditing Confidentiality Nonrepudiation Internal data edirectory Oracle Checks Student ID and PIN Oracle credentials Verify user is a GSU member. edirectory Partner data Customer data Internal Application GoSOLAR GILL Partner application WebCT Vista Compares SSN and PIN Checks Student ID and PIN Checks Student ID and PIN Verifies if user is a GSU member. Verifies if user is a GSU member. <unsure> SSL <none> Verifies if user is a GSU member. <none> Customer Relation Management Authentication Authorization Auditing Confidentiality Non repudiation Customer data Remedy Remedy s own mechanism Remedy s own mechanism Remedy s own mechanism Remedy s own mechanism Workstation Support Authentication Authorization Auditing Confidentiality Non repudiation Customer data icommand Active Directory / LDAP Active Directory or LDAP icommand s own mechanism icommand s own mechanism Current Environment Assessment Specification 11

12 10. Conclusions and Commentary Single Sign On - The single sign on solution will have some obstacles as current disparate systems house redundant login information and credentials as well as their own means of authenticating. These different systems also run on different platforms. The scattered data will need to be consolidated into a single data store. The data store will then need a single point of access that these systems can use to communicate and authenticate with. Because of the different platforms used these methods will have to be able to be written using a platform independent technology like web services. Customer Relation Management - For Authentication / Authorization, there is current planning going to use the LDAP authentication option. IS&T is deploying an LDAP authentication directory for that purpose. The LDAP authentication will then be available for other systems (such as PeopleSoft HR, Financials; Banner Student, Financial Aid, etc.; GroupWise ...). The goal is to get a single LDAP authentication where users would use their CampusID and password. Remedy upgrade requires a significant process reengineering of CRM. We believe it will make IS&T more responsive, more competitive, and better trained to support customers. Workstation Support The implementation of the icommand software to automate the workstation support will require an iterative approach. This will help obtain buy-in from those organizations, within GSU, who maintain their own workstation support staff. Moreover, as IS&T completes each phase of the implementation, it will be able to document and show the robostness of the system; this is especially important to overcome concers over security. 12 Current Environment Assessment Specification

13 Appendix A: References External resources: Internal resources: september2004_files/gsu_nmi_results_at_i2-y3.ppt Current Environment Assessment Specification 13