[CSG Winter 2011] Time to de-localize?

This discussion, led by Sally Jackson (Illinois), was a lot more interesting than is captured here, but I’ll share what I’ve got:

Overall tendency of IT has been to amplify the ability of faculty and students to reach across great distances, socially, politically, and physically. Our support structures have not adjusted to this reality.

de-localize – invites an association with globalization, but that’s not entirely what she had in mind.

Services from different providers, virtual teams, support for people who rely on many people other than just us.

Shel – localization is no longer necessary for personalization – it’s easy to tailor environments that aren’t provided locally.

Most of us have divided support structures – large core at the center, surrounded by a community of IT professionals attached to labs, colleges, centers. At Illinois, about a third of support staff are in the center, two-thirds in the units. That’s true of all the CIC except Indiana.

All of our end users are now wandering horizontally. Every day is a sequence of small but irritating hurdles to jump. We’d like to be able to eliminate those little irritations. Extra credentials are a real problem – at Illinois they need all new credentials to report on conversations with vendors.

Kitty – individual units have sets of services that work great within their silos, but for people who want to engage outside that silo it gets confused.

Barbara – as a faculty member she has control of her desktop, but as a member of the provost’s office she has to use the locked down image.

Bill – there’s a lot of power in the local tribes across the institution. Greg – tribes are no longer geographically defined. Even within local physical communities, people interact with those they choose, not necessarily those that are in physical proximity.

Shel – any given solution will be an aggregation of pieces from multiple providers. “Central” doesn’t mean what it used to – it’s about being dynamic.

Good support gets attached as a node in a personal network. Great support helps to build this unbounded personal network.

Can we build a curriculum for training great support staff? Add a layer of socio-technical competence to the pure tech. competence.
– Treat people equally and involve them no matter what organization they’re part of.
– Collaborative problem based learning infused into all projects and studies.
– Problems requiring virtual teams.
– Network-building activities.
– New professional career tracks focused on connector skills.

Treat each faculty member as the center of an unbounded network of social and technical resources.

Shel – there’s also a product management role, which Sally characterizes as a level of context awareness.

[CSG] Unified Communications Workshop – part 3

Duke Telepresence –

View of the big screens at the front of the Duke Fuqua telepresence classroom
Duke Fuqua telepresence classroom
the view the presenter has in the Duke Fuqua telepresence room
The presenter's view

Fuqua’s (Duke business school) been doing telepresence for over a decade. Challenge was to find a room that would accommodate 90 people. Room opened in 2008, seats 140, and there was some thinking about telepresence as it was designed. About 1/3 of the schools in the room have Cisco telepresence.

They wanted a 3-screen system and everyone in the room to be able to see the remote presenters well. Wanted the local presenter to be able to see the remote participants without turning around.

Camera system in the room – standard is the 3 camera mount under the big screen array – shoots the room in 3rds. On either side are two pan-tilt-zoom cameras. There are 70-something microphones around the room – press and hold to talk. As you speak, camera on your half of the room pans and tilts to show you, and one of the screen shows you. There’s also a camera that shows the local presenter – follows the actions of the person at the front of the room, replacing the image on the center screen.

People are getting used to using the room. Haven’t had any regular classes using the resources, so continuously getting faculty up to speed. People are learning, and will be able to use it themselves.

Harvard has 12 CTS 1200 and 1300 units on campus. Installed a 60-seat classroom in a local high school that’s connected to Harvard. Averaging 25-40 hours a week on the units, with peaks up to 60 hrs. Majority of calls are interop with h.323 conferences. Done mobile interop with Mobi (Tandberg). Added interactive presentation capabilities. Working on FaceTime and Skype tie-ins. Looking at backside integration with WebEx and other collaboration tools.

Duke is creating a smaller version of the three screen room to talk to a remote site for the School of the Environment.

Lots of high schools are adopting this technology. Smithsonian has four units that are now online.

Haven’t done any QOS on network – works ok over the R&E networks across to China.

Harvard has integrated with Exchange. Users can use it with one button, unless they have to do h.323 interop, which requires some intervention.

Eventually you’ll see all the Tandberg gear integrated with Cisco’s call manager.

[CSG Winter 2011] Unified Communications Workshop – part 2

Jim Jolkl – UVA Voice Replacement Project

They’ll supply a phone device for those that ask for them – phones are cheap compared to support calls for softphones.

Need to take on moving academic areas, and hospital and clinics.
~ 20k lines remaining

People tell them that keeping their email working is more important the their telephone.
Budgets are impossibly tight

Call centers, emergency calling, are important. Some parts of universities are very phone-centric (hospitals and clinics among them).

Vendor types:
– Traditional PBX (Avaya, Cisco, Siemens) – don’t save much money, but you get modern services
– Centrex – voice from local phone company. Not low cost
– Carrier products moving to enterprise (Broadsoft, MetaSwitch) – good core services at reasonable cost.
– Open Source efforts (Asterisk, Nortel SCS, sipXecs & Ezuce)
– New entries (Microsoft OCS/Lync)

Talked to Skype, but they’re not interesting in importing current sets of numbers. They don’t want to become a regulated carrier.

Are we at an industry shift point yet?
– Are the more discruptive players “there” yet? (technology, reiliability, features)?
– are they far enough along to influence the type of contract terms we get?

Key RFP focus areas
Cost reduction – Most users do not need 5-9s reliability, but many still do. Be able to implement different levels of reliability at different costs.

Enhance user productivity – end user call control, mobile integration

Provide high-end services where needed

Be open to use of multiple products

RFP: http://www.procurement.virginia.edu/pagerfp
responses are in, presentations being scheduled

Thoughts – where does OCS/Lync server fit in? Soft client support; audio issues, etc; Focus on a shorter planning horizon; cellular coverage, wifi integration

[CSG Winter 2011] Unified Communications Workshop – part 1.

Mike Pickett (Brown)

What is UC?

Multiple devices, platforms, time-span, products
Will affect workflow, ability to integrate with lots of devices
“UC is integration of real-time and non-real-time devices across platforms”
Brown engaged – WTC Consulting – Phil Beilman

Why care? Allows business process integration, to simplify and integrate all forms of communications to optimize business processes, reduce the response time, manage flows.

Survey Results – 2 campuses are on the way to eliminating desktop phones.
Illinois – have about 18 months to go.

Bill Clebsch – at Stanford they’re finding that people think they want the soft phone, but after two or three days of using it they find they don’t.

Iowa – deployed OCS for presence and IM across campus, and people like it. 150 people on OCS voice, paired with unified messaging. UM has been the killer app.

Greg J – 4 dimensions to communications we need to unify – voice, text (becoming one), documents, video. Many-to-many video is a big unsolved problem. We’re not going to control any of these, so moving towards understanding how to move forward with these in ways that allow people to collaborate is important.

Shel asks “can we embrace mediocrity at the institutional level, because the innovation is going to happen around us?”

Tom Barton – thinking about the global use as we extend our campuses is important.

Klara – How far do we go in supporting mobility in the hospitals?

Jim Phelps – thinking about how we migrate the store of rich streams as systems transition is important.

Ken Klingenstein – there’s a level of indirection we can provide in this space, and that is our business.

Two Expert Views:

Vern Elliot – Gartner
– cellular providers don’t take direction from universities, they take it from 16 year olds
– it’s all about the network
– Big driver – things are moving to commodity hw, TCIP-IP
– h.323 is becoming dominant
– communications are becoming integrated with apps
– sonsumerization
– on demand, cloud-based
– desk phone will have a diminishing role for at least 10 years.
– don’t get tied into a single vendor – not a good time to make a big bet if you can avoid it
– need a vision / strategy to resolve organizational issues over 3-5 years.
– cell phones are leading the convergence
– Google doesn’t have an enterprise approach yet
– MS Lync option is getting pretty impressive

WTC – Phillip Beitleman
– Reinvest in wire as you adopt a wireless strategy
– Harden the entire network – most eggs will be in this basket
– carrier neutral distributed antenna systems
– figure out actual costs across all IT services so funding can be mapped
– put together formal, structured plans across technology map and across multiple years – identify future funding strategies
– take longer planning cycles – 10 years for infrastructure
– don’t throw things away
UC doesn’t usually end up saving money in the near term because of complexity.
– rate models need to evolve to include telephony, network, and IT services
– WiMax as lost the battle – LTE will win

Directories are important.

Charlie – we only need phone numbers because of the legacy systems. If we all had SIP systems we’d use our network IDs.

Klara – voice is an immediate mode of communication (just one step down from video), and there will always be a role for it. Different population segments communicate differently, and we will have to support all of them.

Elazar – let’s move the risk of technology changes from us to the carriers.

Shel – if we endorse a solution, then we need to be the advocate for our users with that service.

Andy – people want a number as an enterprise identity. The carriers have ways to have multiple numbers on a single device – UMich is doing this in a pilot, where they put a UMich number on people’s individual cell phones.

Bill – Want some people to reach you by your institutional identity. We have three separate identities now – a network ID, an email address, and a phone number. Can we go to one? Security of research information is very important – how do we protect that? Only we can answer those questions.

Tracy – some of the reasons people don’t want to give up their devices aren’t yet supported in the new models. Where will people forgive convenience for mobility, and where not? When we think about remote locations, we need higher fidelity and bandwidth – will we find mobile ways for that?

Ken – metadata is (as always) important – where’s the metadata that says what was in that videoconference? Where’s integrated search?

Shel – we’re in a purgatory period – most voice mail just says “hi it’s me – call me.”

[CSG Winter 2011] InCommon Silver

InCommon Silver is an Identity Assurance Program. Requires a set of infrastructure requirements around eight assessment areas. Three general categories of requirements:
1. Documentation of policies and procedures and standard operating practices
2. Strength of authentication and authorization

CIC CIOs provide strong exec. sponsorship.
The CIC universities will implement Silver to support LoA 2 by Fall 2011

CIC co-leads – Renee Shuey (Penn State), Tom Barton (Chicago).

Michigan State – goals were to enable collaboration, so needed to build trust with external partners and can facilitate access to services. Initial challenges revolved around interpreting the Bronze/Silver Identity Assurance Profile (IAP) – luckily friends in CIC helped decode it – it’s got very complex ideas. Password policies didn’t map – were too simple. Sorely lacking: documentation, policy. Who to provide this for? Try to pare down scope. What’s the killer app? Has yet to rear its head – most likely to come out of NIH. Argument has been let’s try to be proactive and be prepared before it becomes a requirement.

Approach – work with other institutions, partner with campus stakeholders, identify a subset of users (likely research faculty), leverage ID office (verification process, credentialing). Investigating second credential (certs) through iClass ID Cards – might do that rather than strengthen passwords on first credential.

Mary Dunker – VA Tech

REwind to CSG, Jan 2010
– Developing levels of assurance for personal digital IDs at Tech.
– Developing method for determining LofA.
– Developing tech for authenticating at LofA
– Aware that InCommon Silver was “out there”, but was going down road towards NIST certification.

– Established standard for personal digital identity levels of assurance
– CAS recognizes LoA of authentication credential
– CAS front-ends SHibboleth
– ox-officio member of CIC Sliver Project planning group.

Where they’re going
– achieve InCommon Silver with personal digital certs on a usb token. Later possibilities – VASCO digipass one-time password devices. Soft certs (require infrastructure changes, developments of new UI).

Remaining tasks – Wait for Silver to be finalized, ensure compliance with silver – may require chante to record (and encrypt) DL or passport number. Ensure that CS checks revocation list for certs. Reuest audit. Apply for silver.

Iowa (Chris Pruess)

Silver thinking – Project doesn’t stand in isolation. Identity service served central academic space, but not hospital. Brought hospital into space starting in 2000. Current Authentication Focus – Active Directory Assessment – Can it provide required level of authentication strength to meet Silver? Have strong Project Mgmt discipline in IT org. Leveraging other projects – campus ID card (id proofing improvements – brought hospital badging requirement in also), revision of enterprise password policy (established framework for multiple strength passwords).

Tom notes that while the initial use cases for Silver are for smaller specialized populations (NIH apps, TeraGrid) we should be ready for the larger cases coming – e.g. TIAA/CREF, financial aid, etc. Chicago wants to get to Silver using existing user name/password credentials. Requires a bunch of work on things like how passwords are stored and managed.

RL Bob Morgan – Refining Silver.
We were working on feds E-Auth requirements, but then they phased that out and started ICAM.

Need to change based on feedback – it it’s that hard for Va Tech, that’s a problem. It has to work for everyone. Needs to be as simple to understand and implement as it can be while still dealing with federal requirements. People read every word. Watch out for “must”. Remove most requirements not referenced by ICAM TFPAP. Exception is some other potential Silver consumers such as TeraGrid/IGTF.

Business, Policy, and Operational Factors is the primary section where elements have been removed. Audits and Auditors – Recognize need for shared risk between InCommon and campuses, propose an Assurance Review Board, Role of Auditors: confirm management assertions, not guarantee IA conformance. Reduce number and fequency of audits. Tom notes that they’re working with ACUA (the association of college and university auditors) towards guidelines on how to audit identity management. Matt notes that working with the auditor before setting down this path is a very good idea.

IAM functional model – flesh out enterprise scenario, vs dedicated IdP – et multiple apps, RAs, password stores. Streamline terms. Define terms in context.

Registration and proofing – clarify some concepts – existing relationship, identity information (e.g. meaning of “address of record”).

Kevin Morooney – It’s important – You should care. Two perspectives

Campus CIO –

4 basic principles/observations
– We want more. always
– They said it couldn’t be done, but we did it
– If your best friend jumped off a bridge….
– We are playing our part in an epic battle.

The importance of Trust increases with transactional importance – from affinity cards, through credit cards, driver licenses, passports, social security card, birth certificate.

Principle: OVer time we want to do higher stakes transactions online. True within campus, and off campus, between campuses, etc. Klara’s point – we’ve been doing it all along for quite some time. The value of doing silver is already paying off.

Principle: eduPerson, authentication, authorization. Each of these was a hard effort, but we’ve made a lot of progress. Every step along the way there were naysayers – they weren’t right. But they could have been. NIH is taking this trust fabric idea very seriously.

Principle: Others with whom we do business are heading in the same directions, for incredibly similar reasons.

An epic battle is being waged – Popularity vs. Truth. Our institutions are largely in the business of getting it right – what we’re constantly up again is popular knowledge that hasn’t been vetted. Getting trust right is a part of truth. Changing scholarship models will require making strong assertions about our people.

A late addition – big companies have contacted Kevin about learning how we’ve done identity management – because we’ve been dealing with the chaos that they’re just beginning to experience.

InCommon guy –

Principle – it’s about community. InCommon maturation – size and shape of the org are changing. Lot of dialog about wanting InCommon to play more of a role – community asking it to do things.

Principle- Silver is one of many things that supports the theme of the future – ever increasing trust.

InCommon’s success is dependent on what we do on our campuses.

[CSG Winter 2011] IT Alignment, efficiency, strategy and governance, part 2

Mike Pickett is talking about Governance Audit &
Centralization/Decentralization. Why did they want a governance audit?
They didn’t ask for it – it’s starting to be a buzz topic among audit
departments at universities nationally. Maybe it’s a way to help
thinking about the maturity of the organization – you can treat the
lack of planning and maturity as a risk to the institution.

Audit was conducted June – Sept 2010. Talked to wide range of people
in virtually every part of the university, including the senior

Goals – Assessment of IT governance processes and key IT risks and
controls – spent about an equal amount of time looking at both. Used
COBIT to assess and benchmark quality of processes. Provide detailed
recommendations for improvements; provide a proposed action plan;
Provide estimated investment; provide strategic input

In talking about lack of IT funding as a risk, need to phrase it in
ways that make sense in a setting where nobody has adequate funding.
Probably needs to be communicated in terms of not being funded at an
adequate level to enable the academic goals of Brown.

Opportunity risks – what are the things that would prevent Brown from
being the institution it wants to be? e.g. what infrastructure is
needed to support growth in continuing education?

The report is recommending that the board of trustees have some
oversight of strategic technology investments.

There’s a question about whether we’re doing something wrong by not
persuading institutional leadership that technology is of enough
strategic importance, so that we’re seen as a cost center rather than
a strategic partner. Joel notes that it’s a challenge to have the
conversations about using technology to help research and teaching get
better. Tracy says that in industry oftentimes the CIO has come up
through the ranks within the business, which is less true in our
institutions. Building credibility with faculty and researchers then
becomes critically important.

Recommended reading: IT
Governance, Weill & Ross, 2004 HBS Press

Chuck Powell – Yale has drafted an institutional IT strategic plan. Grew out of a realization that the IT organization was too technical and not aligned with the institution. Had a strategic planning process, gathering input from a wide variety of sources. Created an ITS Relationship Management – like senior client account reps in corporate world. Aligned with strategic clients. Strong alignment with their strategic issues – mainly there to make sure that the latest great idea is captured, understood, and potentially funded. These are full-time roles for senior people, each of whom has a team of between 5-10 people. Sounds to me like they pulled the people who do requirements gathering and project definition and management across the organization and assigned them to work with specific units – like the people who used to do that for the student system are now assigned as relationship managers with academic administration. All projects over $250k must go through the process, and there is architectural and regulatory/compliance checks of smaller projects if they have large impacts.

[CSG Winter 2011] IT Alignment, efficiency, strategy and governance, part 1

Jim Phelps is setting the stage – what does it mean to be a mature enterprise? 5 stages – Ad Hoc, Basic, Standardized, Managed, Adaptive – lower levels driven by technologies, upper levels driven by business strategiies. Adaptive is designed to pursue change and adapt quickly. Higher Ed governance structures are designed to resist change – to keep processes going through turmoil.

Why change? Not just because it’s fashionable – a lot of compelling drivers, like cost differential between cloud and on-premises services. Huge shift in how business is being conducted globally – See the article in Atlantic on The Rise of the New Global Elite, and the article in the Chronicle on European university mergers. Higher Ed has a terrible time making decisions.

Bernie takes over – asking Why Alignment so Important? Typically only about 1/3 of the total institutional IT spending is in the central IT organization. As we move into challenging days, the reaction may be to lower central administrative spending, but that may not help with IT. We need to help our institutions understand how IT works in the institution and how to rationalize.

Role of Governance – to understand leadership role in facilitation of conversations. Understand what customers are looking for, and to help lead and socialize directions. Strategically choosing governance groups is critical. Choose who will be part of which groups and what the roles are in continuous technology conversations. Often groups like to think they get to tell the central IT shop what to do, but we need to help them understand their role within the governance continuum. Looking for a shared set of strategies to move forward.

IT Strategic Planning Goal – “Identify and invest in technology projects that are transformative and provide competitive advantage…” Terry asks who is the competition? Competing with other institutions, as measured by rankings, research dollars, – but what happens when everyone’s strategy is to be in the top 3? Tracy notes that the differences are how we translate the goals into our culture and practices. Some of us are focusing on international programs, some on bridges with K-20, etc. Mike Pickett says that while the rhetoric may be the same about seeking competitive advantage, we want to make sure that IT is not perceived as a competitive disadvantage.

UMN has rolling 6 and 2 year plans, and then work on quarterly work plans, where they try to focus on the planned vs. unplanned activities. Trying to manage an IT investment portfolio and bring everybody into the conversation. Project selection criteria include the kind of project, what value it brings to the institution, and how its financed. Focused on strategic and operational priorities.

What criteria do you need to have in place to make a decision? definition, functional owndership, business case, and finance plan. Some projects are in planning and development phase where these things are not yet clearly understood. How do those get decided and resourced? Iowa says those that have strong champions get resourced. At Brown they have a committee chaired by the CFO – everything that’s over $50k or is a new service is supposed to come through that group.

Looking at Risk – Org and Tech readiness, architecture fit, definition is well understood, infrastructure compatibility. Looking for Value on Investment – look at over 5 year term. Looking to figure out how to shrink effort on non-strategic work and increase resources available for strategic initiatives. It’s an art form with a political calculus.

Joel says this is less about the org chart and more about the real relationships with people so everyone really understands their role. John from Duke notes that lemmings are perfectly aligned – sometimes you want to see a diversity of approaches, like with learning management systems where all the current answers are crummy. Sometimes you need to embrace chaos. Terry agrees that we need to consider alignment and efficiency vs. effectiveness. We don’t have that many arrows in our quiver to gain efficiencies – automation, de-duplication of services, and standardization. How do we try to live in a mode of pushing efficiencies while meeting the ever more disparate needs of our audience? Tracy says that part of the CIO’s role is to balance the gaining of efficiencies with the fact that two years from now people may have money again and will be driving towards flexibility.

Elazar – created new governance structure at UCSF – IT Steering Committee chaired by a faculty member – 5 groups under it. Everything that is substantial in university (including medical center) goes through this group.