Email
Access mail@ucsf
VPN
HelpUCSF Campus Report February 2004
UCSF Campus Report
UC Information Technology Leadership Council
February 2, 2004
Administrative Systems Advisory Committee (ASAC) Project: UCSF Link
Work continues on this campus-wide initiative that includes research administration, distributed processing of selected financial functions and asset management. Since our last JOG update, efforts have been focused on:
- Software and Organizational Readiness activities for the distribution to the
departments of PeopleSoft on-line journal processing, scheduled to go live in
April 2004
- Testing of the modifications built to the existing journals processes (systems, integration, performance)
- Change management activities to ready the end users for distributed processing
- Operational readiness activities to support the distributed processing including ongoing security administration and customer support
- Detailed functional and technical design analysis and documentation for the research administration processes in scope; go-live still estimated for July 2005
- Finalizing the build phase for Assets in order to begin the testing and implementation phases; Assets is scheduled to go live in August 2004.
For more information, please visit the website for this project http://ucsflink.ucsf.edu/ or contact Mara Fellouris, Project Leader, at mara.fellouris@ucsf.edu.
CENIC Network Upgrade/Cutover
On Friday October 17, 2003, ENS staff along with several partners successfully cutover to the new CENIC network. This will provide significantly faster, more reliable and more capable connections to the Internet and Abilene (Internet2) for many of our customers- especially Mission Bay and the Medical Center. The CENIC connection is a major step forward for UCSF and parallels quite well the efforts we are undertaking with NGMAN.
Data Center Consolidation
Discussions continue to evaluate the possible co-location of the Campus and Medical Center Data Centers. ITS and Medical Center IT are working with a consultant to examine the options available for consolidation of the data centers.
Infrastructure Projects - Current Status
- Common Individual Identifier Project
- Background: This project seeks to unify identity management at UCSF by connecting all applications systems which store human identity information to a common identity management system. This entails the establishment of a single identifier namespace for all UCSF-affiliated persons.
- Status: The Individual Identifier System (IID, released by UCOP in 1994 in support of the on-line component of the Payroll/Personnel System) has been extensively modified to support a web service interface. Work is under way to connect the Student Information System (SIS) to IID via this web service. Other application systems will subsequently be connected. The IID population will serve as the superset of identities available to the UCSF enterprise directory
- Enterprise Directory Project
- Background: This project involves collection of more contact and directory-type information on UCSF-affiliated persons and deployment of an LDAP-compliant enterprise directory to make that data available to individuals and applications.
- Status: A prototype directory is under construction using IBM Directory Server software. Decisions are pending concerning UCSF-specific extensions to the standard LDAP schema. The schema has already been extended to include the eduPerson and eduOrg objects, as specified by Internet2 and EDUCAUSE.
- Uniform Organizational Structure/Department Server Project
- Background: This project seeks to extend to all campus-wide administrative application systems a common identifier for organizational entities and a common repository for information about those entities and their interrelationships.
- Status: Extensive modification of the Department Database (DEP) structure is nearing completion. This work both increases the flexibility of the DEP system and enables the storage of additional information about organization entities and the organizational hierarchy. These changes will be implemented in production in Spring 2004.
- Authentication and Authorization Project
- Status: a project manager was recently hired to lead this project. A preliminary website has been established at http://www.ucsf.edu/its/planning/authnz/.
Joint Services RFP
The joint services RFP between the campus and Medical Center for intra-state and interstate long distance, pagers, calling cards, operator services, cell phones and pay phones was released. Parts of this RFP are now in the award process.
Mission Bay Campus
Relocation of faculty and staff to the first building on the Mission Bay campus - Genentech Hall - has been completed.
Construction of the second building - 19B (also a research facility) - is in its final stages with completion scheduled for Q4, 2003. The relocation of faculty and staff to this building will begin in January 2004. Construction continues for the third and fourth buildings: QB3 (a research facility) and the Community Center.
Planning is underway for block 20, which is a 700-bed student and faculty housing facility. ENS continues to work with the UCSF Housing Department to determine voice, data and cable TV options for the facility.
NGMAN: Next Generation Network/Metropolitan Area Network
The Next Generation Metropolitan Area Network (NGMAN) RFP's and RFQ's were released in September. The IP-only NGMAN will be DWDM and 10 Gigabit Ethernet based. It will replace the current SONET-based ATM MAN. Migration to the new network is expected to begin in Fall 2004.
Out-of-Band Management
ENS has implemented out-of-band management. This is a network management scheme that uses the same communication path to communicate between the managing device and the managed element.
Recruitment
Recruitment is currently in progress for two directors reporting to Assistant Vice Chancellor Ken Orgill:
- Administrative Computing Director
- Information Security Officer
Secure IT Conference
Program planning is almost complete for the April 2004 Secure IT Conference presented by UC and CSU. See http://www.secureitconf.com/ for details.
Security
PriceWaterhouse Coopers has been hired to assist us with security on a time and materials basis. The first project is the successful firewalling of AC50 (the ITS data center). When this has been completed, we will have them assist us with shoring up network and perimeter security.
We are also working on ways to be more proactive to attacks and intrusions including more robust IDS systems and quicker response to unreasonably high traffic patterns.
Single Protocol Policy Implementation: IPX/AppleTalk De-Commissioned
On Thursday, January 15, 2004, the AppleTalk protocol was officially removed from the UCSF network core. This is a significant accomplishment because, for the first time, it allows UCSF to enjoy the benefits of operating a single protocol (TCP/IP) network. These include significantly less operational complexity, increased efficiency of our network equipment and increased bandwidth AppleTalk took up about ten percent of our network core bandwidth. IPX/SPX, which was sunset last fall, took an additional five percent. This translates into 15 percent less traffic traveling over the campus core. While this is a relatively minor amount of traffic, the realization of a single protocol network has resulted in a small but recognizable increase in network performance.
Voice Communications Consulting Services
At the present time, UCSF is reaching the end of a multi-year contract with SBC for Centrex voice communications services. This expires on January 31, 2005. Prior to this expiration date, ENS is conducting an extensive review of the current Campus voice infrastructure. We hope to offer short- and long-term recommendations that will support UCSF's strategic goals.
ENS has engaged a third-party consultant to assess the current voice communications infrastructure, and to assist us with determining the most cost-effective solution for the campus. The solution needs to integrate seamlessly with the Medical Centers telephony service.
Wireless Pilot Project
A wireless LAN pilot project is underway in ENS. A team was developed to perform the pilot. The team will demonstrate the viability of using, deploying, and testing the standard 802.1x (EAP-PEAP) secure protocol for wireless networks at UCSF