DESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE. This project is part of the Identity and Access Management Roadmap.



Similar documents
Project Charter. Identity & Access Management Strategy. Executive Summary. Business Need and Background. Document Version 1.

IAM Committee Meeting Agenda 3/14/2016

IAM Committee Meeting Notes 11/9/2015

DESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE

SharePoint 2013 Project Charter

CASI Project Charter. Centralized Authentication System Implementation. Executive Summary. Business Need and Background

Project Charter. UT Web Infrastructure Project Document Version 9.0 Prepared by John Lovelace & David Moss Last Edited March 13, 2012

DESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE

Project Charter. Office Migrations Document Version 2.0 Prepared by Sabina Winters, ITS Last Edited February 19, 2015

Project Charter. Secure Message System Upgrade

Drupal Foundation Project Charter

Project Charter. VoIP Plan Task Force Document Version 3 Prepared by Sandra Germenis, ITS Last Edited October 19, VoIP Plan Task Force

Task Force Charter. Mobile Strategy Document Version 3.0 Chief Information Officer, ITS Last Edited December 17, 2012.

VoIP Deployment Committee Charter

OE PROJECT CHARTER TEMPLATE

WFT - SAP Disaster Recovery Solution Brief Planning and Automating an SAP Landscape Remote Recovery Procedure

STRATEGIC IT ACCOUNTABILITY BOARD AGENDA Wednesday, December 19, :00 3:00 p.m. STARK LIBRARY

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

University Data Communication Plan

IT Architecture and Infrastructure Committee

Configuring and Deploying a Private Cloud 20247C; 5 days

Identity & Access Management: Strategic Roadmap. April 2013

How To Write A System Replacement Plan

Server Virtualization with Windows Server Hyper-V and System Center

Operational IT Committee

10533: Deploying, Configuring, and Administering Microsoft Lync Server 2010 Duration: Five Days

Disaster Recovery Checklist Disaster Recovery Plan for <System One>

STRATEGIC IT ACCOUNTABILITY BOARD (SITAB) AGENDA WEDNESDAY, JUNE 15, :30 3:30 p.m. STARK LIBRARY

Planning for the Worst SAS Grid Manager and Disaster Recovery

Server Virtualization with Windows Server Hyper-V and System Center

Stephen Hess. Jim Livingston. Program Name. IAM Executive Sponsors. Identity & Access Management Program Charter Dated 3 Jun 15

Server Virtualization with Windows Server Hyper-V and System Center

Business Continuity and Disaster Recovery Policy

Disaster Recovery Policy

DATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.

Disaster Recovery White Paper

Building your Server for High Availability and Disaster Recovery. Witt Mathot Danny Krouk

ROLE PROFILE. Business Function: Software Operations Managed Cloud Services eg s Head Office, Dunston Business Village, Staffordshire

McAfee Endpoint Encryption Hot Backup Implementation

How To Write A Project Management Plan

Centrify Server Suite Health Check

Deploying, Configuring, and Administering Microsoft Lync Server 2010

Involve Cloud Video Conferencing Service. VC:me (Video Conferencing: made easy) Service Definition

Project Management Plan for

University of Massachusetts Medical School's Data Center Relocation For the period July 1, 2008 through August 31, 2010

ITSM Tools Operation Continuity Plan Example

Configuring and Deploying a Private Cloud. Day(s): 5. Overview

Server-Virtualisierung mit Windows Server Hyper-V und System Center MOC 20409

Course 10533A: Deploying, Configuring, and Administering Microsoft Lync Server 2010

Server Virtualization with Windows Server Hyper-V and System Center

This course is intended for IT professionals who are responsible for the Exchange Server messaging environment in an enterprise.

Process Improvement Plan

AppSense Environment Manager. Enterprise Design Guide

Implementing and Managing Windows Server 2008 Hyper-V

20409B: Server Virtualization with Windows Server Hyper-V and System Center

Server Virtualization with Windows Server Hyper-V and System Center

Program Lifecycle Methodology Version 1.7

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Organization. Project Name. Project Overview Plan Version # Date

The George Washington University

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

Lab : Planning and Implementing a Virtual Machine Deployment and Management Strategy

Microsoft Active Directory Project

PROJECT SCOPE STATEMENT

Project Roles and Responsibilities

Top 7 Best Practices for IT Service Continuity

IDENTITY MANAGEMENT AND COMMON SYSTEM ACCESS HUMBOLDT STATE UNIVERSITY. Audit Report December 21, 2012

Final Audit Report. Report No. 4A-CI-OO

Data Protection. for Virtual Data Centers. Jason Buffington. Wiley Publishing, Inc. WILEY

StorageX 7.5 Case Study

6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days)

Upgrading Your Skills to MCSA Windows Server 2012 Course 20417A: 5 Days; Instructor-Led

Disaster Recovery Plan for Center Moriches School District Information Technology Operations

Remote Copy Technology of ETERNUS6000 and ETERNUS3000 Disk Arrays

Voice Over IP Network Solution Design, Testing, Integration and Implementation Program Overview

2.1 Initiation Phase Overview

Windows Geo-Clustering: SQL Server

MS Implementing an Advanced Server Infrastructure

MS Upgrading Your Skills to MCSA Window Server 20102

Transcription:

April 5, 2015 SOLUTION PLAN REQUIREMENTS ANALYSIS DESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE Executive Summary The (CARE) project will improve the resiliency of the UTLogin, Shibboleth, and Active Directory authentication services by implementing off- campus instances of those services and implementing the required connectivity to enable their use by both on- campus and hosted/cloud systems. This project is part of the Identity and Access Management Roadmap. Business Need and Background The university s current central authentication systems provide varying levels of resiliency in the event of a loss of the primary university data center (UDC- C), as described in the Appendix. Although some resiliency is available through system components hosted in the secondary university data center (UDC- B), central authentication services cannot currently be maintained if both on- campus data centers are unavailable. In addition, in the event of a loss of connectivity between the campus network and the Internet, centralized authentication services for hosted/cloud applications (for example, Canvas and Workday) would not be available until connectivity was. Depending on the cause of the data center outage or loss of connectivity with the Internet, restoration of authentication services could take days or weeks. By hosting authentication services off- campus, the resiliency of those authentication services can be enhanced and the impact of a data center outage or loss of campus Internet connectivity can be mitigated. Description and Scope The scope of this project will include the design and implementation of a production environment for the UTLogin, Shibboleth, and Active Directory authentication services in an off- campus location and the connectivity required to allow both on- campus and remotely hosted services to use them. In Scope Implementation of UTLogin, Shibboleth, and Active Directory in an off- campus, virtualized environment with an appropriate backing user store, e.g. TED or a subset of TED data. Implementation of a synchronization process for the off- campus instances of UTLogin, Shibboleth, and Active Directory configuration data and backing user store data. Page 1 of 5

Configuration and implementation of required networking/traffic management infrastructure. Training and documentation for parties involved when the off- campus environment is used in a disaster recovery or failover scenario. Out of Scope Implementation of an off- campus version of TED for use by systems other than UTLogin, Shibboleth, or Active Directory. Implementation of two- factor authentication in an off- campus environment. This will be handled in a separate project. Goals The goal of this project is to deploy a resilient, off- campus authentication infrastructure so that the UTLogin, Shibboleth, and Active Directory centralized authentication services remain available if on- campus authentication services become unavailable or the campus network becomes unavailable. Schedule This project is scheduled to begin in Q2 FY2014-2015 and continue through the fiscal year. Further schedule milestones will be determined at the end of the design phase. Milestone/Deliverable Target Date Plan Project December 2014 - February 2015 Requirements Development January March 2015 Solution Analysis and Selection (including high-level plan for implementation) Design Build Test Deploy Close Project Project Management and Governance Role Names 2

Executive Sponsor(s) Governance Oversight Customer Steering Committee Project Oversight Project Manager Technical Lead Business Analyst Information Security Officer Systems Point of Contact Networking Point of Contact Customer Support Services Point of Contact Julienne VanDerZiel, Trice Humpert IAM Committee Recommended CSC membership: Dave Pavkovic, ITS Systems Cam Beasley, ISO CW Belcher, ITS Applications Tim Fackler, College of Liberal Arts Elyes Benhamou, McCombs School of Business Fred Gilmore, UT Libraries Mario Guerra, CTL Ed Horowitz, Cockrell School of Engineering Mic Kaczmarczik or Scott Doane, UT Web Darin Mattke, Project IQ Juan Ortiz, ASMP Alison Lee, ITS Networking CW Belcher Justin Czimskey George Peek Rosa Harris Cam Beasley or designee Greg Baker or designee William Green or designee Sandra Germenis or designee The IAM Committee will: Establish project goals and scope via this project charter Review and approve any changes to the project scope Review project progress at end- of- phase review checkpoints Project progress will be reviewed as appropriate at scheduled IAM Committee meetings or via email. The Customer Steering Committee will: Represent the university community in project decision- making and issue resolution Establish business and technical requirements Review and approve project deliverables Review project progress Provide guidance as needed to assist the project team in adhering to the goals and recommendations of the project The CSC will meet as needed throughout the project and at the conclusion of each project. In- person meetings as well as email will be utilized. 3

Assumptions The components of the UTLogin, Shibboleth, and Active Directory authentication stacks can be built using a virtual machine environment that can be hosted remotely. Constraints The project will use resources and budget as outlined in the IAM Roadmap and IAM fiscal year project planning. Risks Project risks include: The challenges of operating the authentication services stack in a remotely hosted virtual environment are largely unknown. Resource contention may delay project progress. 4

Appendix Current Recovery Time Objectives (RTO) for Central Authentication Services UTLogin SAML Identity Provider (Shibboleth) TED Austin Active Directory Toopher (for UT Direct) Scenario A Loss of Primary UT Datacenter (UDC- C) Only two (2) hours. twenty- four (24) hours. two (2) hours. No impact to service. three (3) days Scenario B Loss of Primary (UDC- C) and Secondary (UDC- B) UT Datacenters Scenario C Loss of connectivity between Internet and campus network connectivity is connectivity is connectivity is connectivity is n/a (Toopher for UT Direct is not available for applications) 5