IET Application Infrastructure and Systems Development Powered by Specialized Project Management Application Infrastructure and Systems Development (AISD) To realize the UC Davis vision for excellence, our campus must have a set of computing systems that are well integrated, run efficiently, operate at optimal security levels, and provide the most reliable services at all times. Application Infrastructure and Systems Development (AISD) is the unit within Information and Educational Technology (IET) responsible for delivering essential application infrastructure systems and services, as well as enterprise applications to the campus (see Core AISD Services At-A-Glance sidebar). Specifically, the unit supports the campus mission and aspiration for excellence and organizational efficiency by: Developing, maintaining, and operating a portfolio of application infrastructure services and middleware tools to help the schools, colleges and administrative units around campus ensure their applications are developed with great agility and operate efficiently o Ensures commonality among multiple applications, both for application developers and for end-users o Includes tools for end-users (authentication), deciding who may use which application services (authorization), providing a common interface to the institution's services (portal), and managing the routing of tasks through the University's systems (workflow). Developing, maintaining, and operating enterprise systems that deliver a range of reliable, and secure academic and administrative services for faculty, staff, and students. Developing, maintaining, operating all systems using a standards based approach. Strategic value to UC Davis: o Provides a common way of authenticating to various campus systems, whether those systems are developed by IET or local departments; o Reduces the proliferation of potentially costly duplicative systems throughout campus by providing central services; o Provides developers around campus a set of common tools to ensure all applications and systems integrate well; o Ensures users are presented with common user interfaces for the application s infrastructure functions; o Increases the security of campus applications by ensuring appropriate access; o Draws on project managers deep expertise in campus application infrastructure; o Follows nationally-recognized technology standards and best practices. Core AISD Services At-a-Glance Centralized roles, workflow and routing o Kuali Rice o Role Management Identity management o Person Registry o Computing Accounts o Identity Resolution o Directory Services o Campus authentication Kerberos programming support Web-based authentication Federated authentication Major campus systems o MyUCDavis portal o Course Management (SmartSite) o Faculty merit & promotion (MyInfoVault) o WarnMe (programming support) o Network and telephone management system (Pinnacle) o Site License Coordination Specialized programming & application support o Security, VLAN, email services, etc. o IET billing and time tracking o Telecommunications management system o IET wiki software (Confluence) o Project management ticketing tool (JIRA ) o IET s ITSM tool (Remedy) o IET s Employee Support Program (ESP) 1
To meet these goals, AISD specialists work closely with formal campus advisory groups and IT experts to identify needs and vet projects at several points during the conceptualization, development and implementation phases. Deep Expertise in Specialized Project Management A key factor driving AISD s ability to deliver specialized systems and services efficiently to the campus community lies in the deep expertise of its professional project managers who are specialists in a range of technologies, including development and delivery of: Application infrastructure systems and services; UC Davis enterprise applications; Middleware tools and services; IT security services Data center services Networking services, and Standard methodologies and best practices. Given the critical nature, specialized scope, and broad usage of these services, the unit s disciplined approach to managing the entire application infrastructure development and delivery process, whether those services reside in AISD or other IET departments, is essential to meeting key strategic objectives, including: Containing costs of what can be multi-year, expensive (short- and long-term) technology initiatives; Ensuring projects are clearly aligned with the core campus business and academic drivers for new services; Formulating project charters that are tied to organizational strategy and outline assumptions, costs, people needed, business practices impacted and key decisions that need to be made; Understanding and managing the complex connections among a range of campus services and conduct projects accordingly, which the AISD project management team is more than general project managers to do successfully; and Managing all these efforts using standard methodologies and best practices, which include development of resource, communication, risk mitigation, quality assurance, and implementation plans. The AISD specialized project managers are experts whose work is guided through community-driven governance bodies. This expertise, along with the units s application development and project management services, are available to the schools, colleges and administrative departments on a costrecovery basis. What is Application Infrastructure and Why Are These Services Important? Our UC Davis computing environment has long been highly distributed. In addition to the central IET organization, there are many campus departments that develop, maintain and operate a range of administrative and academic systems. As the number of technical staff increased in campus units over the last twenty years, so has have locally developed and maintained systems. Systems have grown organically, as units have demanded automation to relieve higher workload and reduce repetitive worktasks. In the early 1990s, the UC Davis IT division foresaw this trend and worked to provide common services to these applications, such as account provisioning, identity management, and secure 2
authentication. This meant that college- and department-level applications did not have to develop their own systems to deliver these services, as was the case for many other institutions. However, over the last decade, as local systems have proliferated and security has become more of a concern, the need for centrally-provided, standard-based application infrastructure services has grown. Also increasingly critical is the need to authorize or "authenticate" users efficiently and securely as we continue to promote access to campus donation sites, electronic libraries, databases, computer applications, and other secured or subscription services. More and more, faculty, researchers, librarians, student services officers, and other administrators are faced with the need to extend their services to colleagues, students, parents, donors, and friends of the University connected across public and private networks, often far beyond our campus borders. It is important that these services be developed and delivered from a central source so as to make optimal use of limited campus resources, leverage economies of scale, and reduce locally developed shadow systems. It is the core of IET s mission to provide these enabling services to the campus community broadly defined and to develop technical solutions which can be widely used by academic and administrative units alike. This includes constituents who are outside the borders of the campus. Other campus units do not have this mandate, and usually develop services which are limited to local deployment, i.e., they may not scale to enterprise use, they may not be maintainable by anyone but their own local experts, they may not align with the different technologies in use by the campus, and they are difficult to integrate with other systems. This is borne out of a reality that local units are usually not in a financial or programmatic position to develop services and systems that go beyond their own borders. It is IET s programmatic mission to provide these standard services using methods to ensure scalability, maintainability, management of the security development lifecycle, and broad adoption in our distributed computing environment. The following depicts how application infrastructure relates to other technical infrastructure layers, such as network, hardware, and data, and to the actual applications that end-users see and experience. 3
AISD Portfolio of Systems and Services AISD develops, maintains, and operates enterprise application infrastructure systems where there is a significant software development component. AISD also provides project management expertise to deliver these infrastructure services, as well as other infrastructure services for departments in IET, such as the Data Center and Client Services, Communication Resources, and the Campus Security Coordinator. Projects are identified by and vetted with the Campus IT Architect, the Campus IT Security Officer, the Campus Data Center, the faculty-led Campus Council for Information Technology (CCFIT), the Deans Technology Council (deans IT representatives), and the Technology Infrastructure Forum (representing all major campus administrative and academic units). The portfolio of systems and services managed within AISD include: Centralized Roles, Workflow and Routing o Kuali Rice provides centralized workflow, enterprise service bus, enterprise (system to user) notification, electronic document routing lite, and integration of these services with campus identity management system. From a user perspective, a central action list alerts users to items that are ready for their review and action, and once action is taken Rice delivers the transaction or document to the next stop in the cycle. Current applications using Kuali Rice include MyInfoVault and Kuali Financial System. The roadmap includes Kuali Coeus and any other campus applications that use workflow or need to exchange information with other applications. o Role Management provisions campus and UCDHS systems with attributes about people and systems to enable constituents to perform specific activities associated with authorized roles. Identity Management o Person Registry provides a repository for all campus and UCDHS identities, part of the chain of identity management systems that ensure that access to electronic campus resources are given to appropriate people. Examples of these electronic resources include DaFIS, Banner, PPS-DS, Davis-DS, MyInfoVault, etc. o Computing Accounts provisions computing accounts for campus and UCDHS constituents and systems, part of the chain of identity management systems that ensure that access to electronic campus resources are given to appropriate people. o Identity Resolution ensures that people have one valid identity rather than none, or multiple identities (as in the case when a person is an employee and a student), part of the chain of identity management systems that ensure that access to electronic campus and UCDHS resources are given to appropriate people. o Directory Services enables campus and UCDHS systems to view attributes about campus constituents so that authorization decisions can be made by local systems and so that campus systems do not have to store these attributes locally.. The services include LDAP; Departmental Listings; directory look up. All campus constituents with computing accounts use these services to access campus systems. o Campus Authentication Kerberos programming support Kerberos provides the basis of secure authentication services. Web-based authentication Central Authentication Service (CAS - and the legacy service Distauth) provide single sign-on for web-based systems. This means the end- 4
user only has to authenticate once when accessing web systems who utilize CAS as their log-in method. Federated authentication Shibboleth is a service that allows constituents from participating institutions to access specific campus electronic resources, and allow UCD s constituents to access electronic resources from participating institutions. Examples include the UCD staff s ability to access the Learning Management System and the AYSO site (each managed by UCOP) using their UCD log-in and passphrase. Major Campus Systems o MyUCDavis the campus portal provides content delivery for campus service providers; provides methods for delivering content based on role and affiliation and personal customization. Services that can be accessed from the portal include access to PPS-DS, DAFIS-DS, UCDMail (for Students), GECKOMAIL, and channels hosted by a number of units on campus. o Course Management provides the legacy course management system; SmartSite the successor to this system is due to transfer to AISD in August 2010. o MyInfoVault - the campus faculty merit and promotion system; an example of an enterprise administrative application built in partnership with Academic Personnel. o WarnMe programming support the campus emergency warning system, managed by Safety Services, that propagates emails, text messages, and phone calls to campus constituents in cases of emergency; tightly integrated with directory services. o Telecommunications Management System Pinnacle is the core Communications Resources system that manages the inventory of all phone and network NAMS, supports activation and deactivation of network and telephone services, and bills campus users. o Site License Coordination the system that allows clients to buy widely used software as negotiated by UCOP or this unit. Specialized programming and application administration support provides programming support for security services IET Billing and Time Tracking, VLAN services, email services, etc.; provides application administration support for Confluence -IET s wiki tool, JIRA - AISD s project management ticketing tool; Remedy - IET s ITSM tool, ESP IET s Employee Support Program; and many others. Projects managed by AISD project management staff, both already underway and to be initiated in the near future, include: Identity Access and Management in partnership with UCDHS, managing 70,000 active identities, and many more inactive identities. Kuali Rice currently used by MyInfoVault, Kuali Financial System; immediate plans include use by Kuali Coeus; long-term plans include use by other campus systems. MyInfoVault in collaboration with Academic Personnel, significant enhancements including administrative clustering, paperless enhancements, and decision support, serving 2715 faculty and 634 administrative users. Kerberos replacement and password strengthening partnership with Campus Security Coordinator and Campus Data Center, managing 136,611 active accounts. SmartSite Campus learning and management system, successor to Course Management, managing 9472 course sites, 4550 project sites, 305 training sites, and 44 portfolio sites. Data Center Disaster Recovery Plan provides update of current plan, and in partnership with Safety Services providing aid to campus units to develop Business Impact Analysis for their systems. 5
Departmental Listings in partnership with CR, developing an electronic version of departmental update and search, serving 873 units described as departments in the listings. Campus Email and Calendaring - prospective project. Messaging and Voice Over IP prospective project in collaboration with Communications Resources and Data Center and Client Services. Conclusion In the broadest terms, it is the core of IET s mission to provide enabling technologies that enhance the campus mission of research, teaching, and collaboration. Application Infrastructure and Systems Development provides application infrastructure systems and services, and applications deployed for use at the enterprise level. The distinct value that AISD delivers are standard based systems that are robust, scalable, maintainable, and are designed to be leveraged by other campus systems, eliminating the need to develop redundant local systems. AISD works closely with campus advisory groups and IT experts to identify and vet projects. AISD utilizes professional managers who specialize in application infrastructure, middleware, security, data center services network services, and enterprise applications of all kinds. They adhere to standards and best practices, ensuring delivery of systems and services that meet scope, time, and budget expectations. If you have questions about this document or services, please contact Debbie Lauriano at 754-5990 or dalauriano@ucdavis.edu. 6