Category Archives: Enterprise Architecture

Facilitating from the Side

I presented today on the Itana New2EA Working Group call on the skill of “Facilitating from the Side”. This skill helps make a productive meeting out of one that is poorly planned or poorly run. The nice thing is, you can apply it when you are not up front running the meeting.

I started with poll of attendees asking the question, “How often are you in unfocused, orderless, rambling meetings?”. The scale was 1 to 5 where 1=”Never. All our meetings are awesome” and 5 = “OMG! A meeting on my calendar is my worst fear.” The majority of the people put themselves at a 3 on the scale. I think this is true for everyone’s calendars. There are hundreds of articles out there on why most meetings are a waste of time.

Poll Question: How often are you in unfocused, orderless, rambling meetings.
Poll Question: How often are you in unfocused, orderless, rambling meetings?

So what can you do if you are not up front running the meeting?

First off: recognize that you are not alone in the meeting. Probably everyone in the room is wishing that it was going better or that they weren’t there at all. Realizing this is empowering. It means that almost everyone will welcome your intervention. You won’t be hated. They will thank you after.

Step 1: Ask Clarifying Questions

Preface your questions with humility. “I’m just a bit confused…” “Maybe I missed this but could you help me understand…” Ask about three things to help focus the meeting.

  • Could you help me understand the goal of this meeting?
  • So, at the end of the meeting, you would like to have _______?
  • And that means, you would like us to _______ to help you ________.

Step 2: Ask If You Can Write them down

This is a way to get up to the whiteboard or flipchart. It also makes the goals, outcomes and roles visible for the rest of the meeting.

Step 3: Offer Activities

This is more complex but here are a couple of scenarios to help you think through this step.

Meeting Leader: I thought it would just be good to get together and talk.

Your follow-up question: “Just so I know, what is in and out of scope for the discussion?”

Offer activities:

‘Should we do an agenda bash on the whiteboard then vote to see what is the top topic?’

‘We could capture ideas on sticky notes* then group them to find themes’

Should we do a go around to hear what is top of mind from each person?’

Meeting Leader: I thought we would get together and review this document [that wasn’t sent out before hand]

Your follow-up question: Do you want to give us an idea about the types of feedback you are looking for?

Offer activities:

‘Should we break into small groups to read and comment then come back together?’

Note if you do this one, control the conversation when you come back by asking, “Who else had comments in the first section?” This acts as an opening for discussion but it also controls the flow of comments (top down) and you can gather up similar comments more easily (‘I had that too’)

‘Should we take 15 minutes to read the document and capture comments on stickies that we can group later?’

*Always carry a zip top bag with pens and sticky notes

Step 4: Offer to “Help Capture Notes”

Another way to get to the whiteboard and help control the flow of the conversation is to offer to capture the conversation, notes, feedback, ideas, etc. You can ask simply, “Would you like me to capture the feedback / ideas on the whiteboard for you?” Almost always people want help with notes in a meeting. If you are capturing notes, you have the opportunity to “ask for clarification” on topics where you think there should be more conversation. Simply ask, “can you help me understand what you meant by this?” or “could you put this in other words just to make sure I have it right?” This leads you to “is this how others think of this” or “does this make sense to everyone?”

Step 5: Reflect Back Goals and Outcomes

When the conversation gets sidetracked, reflect back the goals and outcomes that were agreed upon. Offer to start up a parking lot for off-topic ideas.

Reflect the goals and outcomes. Put off topic ideas in a parking lot.
Reflect back the goals and outcomes when the conversation gets sidetracked.

Step 6: Provide a Time Check

You can interject, from the side, time checks. You can say, “I see we have 30 minutes left and I want to make sure we get to where you want?” or “There are 10 minutes left, should we wrap up and capture next steps?” This is a way to keep the conversation moving and focused on the outcomes.

As part of this you can also reflect back next steps. “I see there are 5 minutes left. Let me make sure I have the right next steps. Sarah will _____”

If you do these things, you will have built an on-the-fly effective meeting plan. In short, you will have:

  • Set the goals for the meeting
  • Defined the roles of the participants
  • Defined the meeting outcomes
  • Scoped the conversation
  • Defined the process by which we will get there (activities)
  • Captured the notes
  • Parked out-of-scope conversations*
  • Provided time checks
  • Pushed towards next steps
  • Reflected back the next steps a the end of the meeting

*There was a facilitator at UW-Madison, Lindsey Schmidt, who was running a group that was all over the place and willing to roam across every possible topic. She put the Parking Lot on a flip chart outside of the room. Every time someone went off topic, she would say, “I’ll put that on the Parking Lot” and she would walk out of the room. Everyone thought it was pretty funny but they also got the message. “Stay on topic.”

After the meeting…

If you have time, go up to the meeting owner after the meeting and talk for a few minutes to make sure everything was okay. “I hope it was okay that I was asking questions and taking notes.” You will usually get a “No problem. Thank You for helping” reply. Ask, “I hope you got what you wanted?” This gives the meeting owner a chance to reflect on how the meeting went. They may say, “It was great. You helped a lot.” Hopefully they realize that this meeting has gone better than most and your help is what made it happen. If you have the time and are willing, you can offer to help plan and run the next meeting. Use the checklist above to plan the meeting in advance.

3 Lenses to Apply Before You Facilitate from the Side

There are three lenses I consider before I start to influence how a meeting is being run by someone else. The first is the Political Lens. Whose meeting is it? Who is in the room? Will someone (the meeting organizer most likely) look or feel like fool? Is that okay? The second lens is the Cultural Lens. How does this team or group work? Are they really tight and I am the outsider (this can be an opening to start asking questions)? Are they very top-down hierarchical? How will my questions and actions be interpreted in their culture? Finally, an Investment Lens. Is it worth my political capital to push on this meeting? Is the meeting salvageable at all or will this be wasted effort? Is this where I want to invest? While I get pulled into a much larger effort that I don’t want to be in?

Apply these lenses and decide if you want to help a meeting run better. If you decide you do want to help, remember to come from a place of humility. It is amazing what a few questions and an offer to “help write things down” can do to make a mediocre meeting much better.

new2ea-wg-facilitation-from-the-side-2019.06.05Download

Washington Digital Government Summit – Presentations

I presented twice at the Washington Digital Government Summit 2018. The first presentation was with Mike Lawson, Cloud Platform Specialist, Application Development, Public Sector, Oracle.

We talked about Disruptive Technologies:

Technology is defining the way we live, work, play and govern. The adjective “disruptive” is probably an understatement when applied to trends such as autonomous vehicles, drones, artificial intelligence, ever-smarter devices, robotics and the Internet of Things. This session explores some of the technologies that are changing the face of society and – inevitably – government.

My talk was focused on the shape of disruption (building on a great talk by Chris Eagle, IT Strategist and Enterprise Architect for University of Michigan) and the impacts of digital technologies on how we design our applications and the centers of excellence we need to support this disruption.

You can see my slides in Google Slides:

Disruptive Technologies Shape of Disruption – Radical Design

The second talk was on the Future of IT Skills

Never has the future of IT jobs been so difficult to predict. In an era of disruption, the key is to keep your skill sets as sought-after as possible. If you’re a manager, that means doing the same for your team. The approaching silver tsunami, while most certainly disruptive, can also be a time of unprecedented opportunity – if you’re prepared. This session covers which IT skills will be in higher demand than others and how to best prepare for our very bright futures.

I covered the shape of disruption (again), three personas and how shifting from building software to SaaS impacts our relationships, skills and the staff. I went on to build on the topics above to talk about the organizational changes that need to occur, emphasizing the need to hire for and build above-the-line competencies in our staff. You can get the slides below:

Future of IT Skills

E!Live Webinar on Digital Transformation

I was on a panel with Jennifer Sparrow (Penn State), David Weil (Ithaca College) and the EDUCAUSE staff to discuss the Digital Transformation (Dx as they call it). You can see the slides, read the transcript and (EDUCAUSE members) can watch the webinar at the EDUCAUSE E!Live site:

EDUCAUSE Live! Webinar Digital Transformation in Higher Ed: What Is It, and Why Should You Care?

Scenario Planning and Job Pathways – Two tools to help you plan your career.

I recently published an article in EDUCAUSE Review on using scenario planning and job pathways to help individuals think about their career plans.  I suggest starting with scenario planning, with a focus on changing skills and how the workforce needs to adapt, to get a sense of possible future skills and careers.  This acts as an input into Job Pathway planning where you look at career steps you could take and the skills needed to take each step.  Here is a link to the article if you would like to read it in full:

Scenarios, Pathways, and the Future-Ready Workforce

 

Architecture and finding the path

Ron Kraemer, our VP of Information Technology and CIO, spoke at the IT Leaders Program this week. He built on his blog post, Interdependence – Both Positive and Negative. To paraphrase:

The growing interdependence of our systems is driving the complexity of our systems towards the edge of chaotic systems. The choices that we make are no longer focused on finding the perfect solution. Instead, we can see many possible solutions, many of which are good solutions. The choice is then to pick the solution which builds positive interdependency and limits negative interdependency.

Interdependency and Complexity

Fig. 1: Growing interdependency has put us at the edge of complex and chaotic systems.

In his talk at ITLP, Ron also pressed on the ever-growing rate of change. These two factors limit our ability to design and implement perfect solutions to problems. To paraphrase again:

If you take two years to design a great solution, the landscape will have changed so much that the solution may not be applicable. The level of complexity makes finding and defining the perfect solution even more difficult. The level of interdependence means that even more good solutions are available – when many systems are connected, many systems could be used to provide the solution.

Impossible Route to a Perfect Solution

Fig. 2: Impossible Route to a Perfect Solution

I agree with what Ron has come to believe. The level of integration between systems is very high. The expectation for real-time interactions has become the norm. Users expect to see real-time flight information. They expect real-time updates on openings in courses. Students can see, in real-time, the bus schedule, where they are located and the location of nearest bus stop and the location of the buses on their routes.

This interdependence has driven complexity to the point where perfect solutions are hard if not impossibly to design and deploy. Therefore, we must choose from many good solutions that exist. We need to act quickly to implement some solution to meet the rapid rate of change.

Many good solutions

Fig. 3: Many good solutions

This is where Enterprise Architecture and the other architecture practices can help. If we look out to the future and think about the desired state, then we can begin to sift out those good solutions which move us towards that future state. For us, we had stated that Service Oriented Architecture was a strategic direction. That bounded the future state some. In the student area, we had a future state process diagram. This diagram outlined improvements to the way that students manage course data and move through finding courses to enrollment. This put another boundary on the future state. When it came to think about how we get course roster type information out to a new learning management system (Moodle), we were able to use that projected future state to pick from the possible solutions (flat file transfer, shared database connections, web services) those which moved us closer to future state.

Architecture filtering the good choices

Fig. 4: EA can help filter the good choices that move you towards the desired future state.

The rate of change and interdependency drives the importance of an architectural approach. If you have not thought about the future state, then there is a multitude of choices. To pick from many choices, you have to establish some factors that affect your selection. In a restaurant, this might be dietary restrictions, cost, the weather outside. In technology, it is often quickest and cheapest. But those factors, in this complex environment are often shortsighted and misguided. The quickest and cheapest solution might need to be replicated many times for many systems. This would increase the interdependency in a negative way and push you even closer to a chaotic system. A more expensive, slower solution might serve you well over the long haul.

Architecture can help you make those choices in a framework that is focused on the future and on the overall complexity that you are creating. Enterprise Architecture (and the other architecture practices) can help sort those good solutions and help make sure the choice you make is along the path to desired future state.

SOA – Maturity is Key Presentation, EDUCAUSE Enteprise 2009

My presentation on SOA in the Enterprise – Maturity is Key has been posted in a couple of places.

First, on the EDUCAUSE site is the talk listing:

EDUCAUSE – Enterprise 2009 Site

Slides can be found at Slideshare.net:

Soa Maturity is the Keyhttp://static.slidesharecdn.com/swf/ssplayer2.swf?doc=soamaturity2-090506093907-phpapp02&rel=0&stripped_title=soa-maturity-is-the-key

View more presentations from jimphelps.

Blue Sky to Ground part 1

 

 

Soaring

Soaring

I’ve been working with our CIO on the I.T. strategic planning initiative.  At the same time, I’ve been working with the Technical Directors and Operational Directors on planning at the technology level.  They have been creating a map of what technologies are used to support our services.  I’ve had my head in the blue sky of the strategic planning process while I’ve also had my hands in the dirt of the technology mapping.   I keep coming up against the issue of how to connect the blue-sky of the strategic plan with the down-in-the-dirt technology planning.

Finding a process and methodology to connect the sky to the ground has taken up a lot of my mental cycles recently.   The following is my take on a method to connect the strategic planning to the technology planning. 

1.  Strategy to Capabilities

The first step is to take the general directives of a strategic plan and have them expressed in terms of capabilities.   I see this work being done by leadership as part of a collective planning exercise.   As an example, a strategic initiative might be: Classrooms and learning spaces will be equipped with a base set of instructional technologies.   This strategic direction then needs to be interpreted into a set of defined and measurable capabilities.    A leadership team would be charged with determining the capabilities that would meet this strategic direction.  The capabilities should be measurable.

For example, the capabilities might be:  Multimedia Projection, Student Response Measurement and Lecture Capture

We could survey all rooms and learning spaces and get measures of current state (for example: 65% of rooms meet the projector capability, 15% meet the student response and 10% meet the lecture capture capability).   We could then decide priority – which is more important lecture capture or student response – act on those priorities and measure improvement.

2. Capabilities to Services

The next part of this to map our services to the strategic capabilities.  Some services support multiple capabilities (Hosting Services, Identity Management Services for example).  Some capabilities may not have a supporting enterprise service.  A capability that does not have a set of supporting services might indicate a gap in the enterprise.  For example, there may not be a matching Lecture Capture Service that provides the Lecture Capture capability.  This might be done in an ad hoc fashion or it might be missing completely.  This gap in the enterprise service would be worth evaluating to see if the capability is being delivered effectively in the current structure.  If not, then we might want to look at developing an enterprise-wide Lecture Capture Service that supports all of the classrooms.  

3.  Services To Technical Roadmaps

This is where we use the brick diagram in our planning.  The brick diagram captures the technologies that support a given service.  The brick captures what is current state (those technologies currently in use), what is tactical (what will be used for the next 0-2 years), what is strategic (on the plans to use 2-5 years out), what is in containment (no new development), what is in retirement (being stopped) and what is emerging (interesting trends that may move into the tactical or strategic realms in the future).  

These brick diagrams are created and maintained by the service owner – that is the group that manages the service being provided.  The bricks let the service owners and the service teams grab a snapshot of their current state and their strategic plan for the next few years – what they will leverage, what they will stop, what they are watching and what they want to move to – in a simple format.

 

Core Planning Stack from Tech to Strategy

Core Planning Stack from Tech to Strategy

This set of relationships is managed by a set of governance process that define and prioritize the layer below.  

At the lowest level, the service manager or service team usually defines and prioritizes the technology they use to deliver that service.   This is the layer that is captured in a brick diagram.  They should also describe the capabilities that are delivered by their service and which strategic directions they support.  

At the top level, senior leadership should work to refine the strategic directions as measurable capabilities that want to see delivered.  

The mid-level governance is a gap in our institution.  It is probably filled by project prioritization processes and budget processes.  I’ll talk about that in part 2 of this post.

Brick Diagrams and related planning tools

 

Brick Diagram

Brick Diagram

Brick diagrams are a strategic planning tool that I mentioned in passing in my ITANA talk at EDUCAUSE.  Since then, I’ve had several people ask for more information.  So here it is… more information.

 

Brick Diagrams are used by NIH in their Enterprise Architecture planning process.  You can see the NIH brick diagrams and their taxonomy for the brick diagrams on the NIH EA Site.

Other institutions use similar planning tools.  Read on to see links to other places that use something similar and to download slides for a talk about Brick Diagrams that I gave to our Management Team.

Continue reading

SOA from the Registrar’s Perspective

Just had a hallway (okay, exhibit floor conversation) with Tom Black of Stanford University.  They have ideas on embedded enrollment functions in several places: inside their LMS, available via iPhone applications and elsewhere.  They would expose those enrollment functions as services then write to those services.  Interesting.  We also talked about orchestrating a flow, click on the drop button and you are passed to a short survey to see why you dropped.

This brought me back to the question in our session “Is SOA DOA?”.  I was asked how you get business leaders to buy into the SOA change and how do you get campus consumers to agree to work on SOA solutions.    Add to this the discussion with Karen Hanson, our Associate Registrar, on funding issues and how do we deal with costs of deploying SOA solutions.

It seems that there is a lot of interest in SOA in the Registrar’s world.

We may try to organize a meet-up after AACRAO in Chicago in April.  We could have Registrars bring their Architects for discussion around uses of SOA and issues with implementing, supporting and governing SOA.  It would also be good to hear their interesting Case Studies of how they are using SOA .

Things to follow-up on when I get home.

Technorati Tags: , , , ,

Advanced CAMP – Part 3

Merri Beth Lavagnino – Privacy and Policy

Policy and privacy are really consideration of the human aspects and impacts of technology.  Policies are: strategic direction and operating philosophy (which are usually informal and cultural), Public and Institutional policies (these are both documented and usually legal documents).

Institutional policy – a statement that reflect the philosophies and values of the project, service, organization or federation.  Policies should be clear and concise, applicable across a wide range of activities and should not change very much.

Why create a policy?

  • When reasonable people disagree
  • To guide thinking when making decisions
  • To correct repeated misbehavior
  • When there are significant risks or liabilities
  • In response to external forces like regulation or law

Where does the policy apply?  Federation, Institution, Service

Real-life stories:

  • Email Outsourcing:  vendors proposed that we would do incident response and legal requests for both students and alumni.  There was no policy that said they had to be in charge and n control.  She took the discussion back to the original goals for the project. (1) Improve and add services for students and (2) reduce their costs.  So they did not take on the incident response because that would not reduce the costs.  That was the policy that helped inform the decision.
  • Course Management System:  they changed their course management model.  They began to get incident reports because the new service didn’t match the old policies for the previous system.
  • Virtualization:  They moved to a new virtualized systems.  The old policies where around knowing that super-hot data is on a specific machine, with a specific system admin.  Now, they didn’t know what machine had the data and all sys admins might have access.  Had to expand training and the understanding of how they would manage super-hot data.
  • InCommon Agreement:  Thought that went very well.

“A policy is a temporary creed liable to be changed, but while it holds good it has got to be pursued with apostolic zeal.”  Mohandas K. Gandhi

Privacy:

Categories of privacy harms:

  • Intrusions : They come into your space and contact you and tell you what to do (spam, cold calls)
  • Information Collection:  They watch what you are doing more than they should (tracking, interrogation, etc)
  • Information Processing:  They have a lot of data about you, and they do things with it. (data mining)  Need to watch out for secondary use – collect for one reason then use it for another reason.
  • Information Dissemination:  They disclose data about you, perhaps more than you think they should.  (Transferring data, true or false facts)

Fair Information Practice Principles:  The FTC drafted these principles and they do enforce them.  Higher Ed is not under the FTC’s jurisdiction but users are expecting these principles to be met.  If we don’t

  • Notice/Awareness:  User should be given notice of your information practices, in order to make an informed choice about whether to provide information.
  • Choice/Consent:  User should be given options as to how any personal information collected from them may be used.
  • Access Participation:  Users should be given access to the data held about them, and ability to contest that data’s accuracy and completeness.
  • Integrity/Security:  data should be secure and accurate
  • Enforcement/Redress:  there should be a mechanism in place to enforce fair information practices and it should include appropriate means of recourse by injured parties.  At a minimum, you should right the wrong.

Ken Klingenstein: Federated Identity and Data Protection Law

Good quote from Ken K:  “This is an attempt to bring trust to internet via technology not just because it is just us chickens”.
EU Law Directive 95/46/EC :  You can process personal data when it is required to perform contact, required to satisfy legal duty or consent.

Identity Providers must identify which services are necessary for education and research.  Must inform the users.  May seek users’ informed freed consent to release personal data to other services.  You have to show why it is important.    Should have a data process/data controller agreement with all service providers to whom personally identifiable data is released.  Must ensure adequate protection of any data released to services outside the EU.  We have to play by the EU rules.

Service Providers must consider whether personally identifiable information is necessary for their service or whether anonymous identifiers are sufficient.  You may request personal information from users but you must inform.

There is no normalized definition of what Personal Identifiable Information (PII).  There are questions about email addresses:  if it is a third party email address it might not be but a .edu address might be.  So the content might be more important than the field.

IP Addresses – if it is a dynamic address it is not PII.  So, unless you know it is a dynamic address, then you have to treat it as PII.

EduPerson Targeted ID – this is going to the EU privacy commission this Fall.  It is a 32 bit opaque identifier that is different per site visited.

OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) – just formed group.  A mechanism to allow consent agreements flow with data.  The first and dominant Use Case is health care.  Looking for other Use Cases.  Does this make consent a new service in our loosely coupled service?  Do services need to be consent aware?

Report Out from Discussion Sessions:

Data Modeling Group:

Modeling person and organization data.  Modeling of organization data is remarkably difficult not just in the nature of the data but also in the resistance that you get from organizations to being characterized.  Multiple organization charts – financial, hr and reporting structure.  The characterizations can be political.  Are there pressures that will lead to the marginalization old way of doing things?  Organizations that don’t want to be characterized may not get services.

Service Discovery:

What would a service description look like:  what is it called, cost, how to call it, operational context (where is it physically located).  Discussion about how you describe the service, how do you recognize similar services in distributed locations.  Talked about the grid is doing this with their RNA.

What is happening today: people using Google to search for services and looking for a WSDL.

How do you get consent?  What about promises and claims?  What about a directory of all the services?  What about a directory of directory?  You could have a convention for naming the directory so you could at least find the directories.

DNS works for finding things.

Governance:

Domain Governance – governance revolves around an application or a data element, or attribute (student ID).  These models will have to evolve to domain governance: enrollment, IdM etc.

Who owns the data especially as the data is transformed and sent along the ESB?  Services are requesting the data that can then be used by other services.

SLAs – keeping tracking of who can use the use the service.

The need for a directory of services especially in emergency notification.  There is also a need to know who is consuming services so you can notify on changes.

What is being done now on campuses?  It is evolving on campuses.  Identity and Access Management is a domain that is being governed  as a domain at Penn State.

Saint Louis University has a good examples of domains in higher education that need to be governed as a domain.

Lightening Talks:

Rob Carter:  Tracking and Authenticating IP in Cyberspace

We had all of our resources stored inside the walls of the institution.  We now see with cloud computing and Web 2.0 applications, our intellectual property out in the cloud.  How do we track the reuse of them?  How do we contextualize the content.

How do we know that it is really and artifact of mine and not someone spoofing my creations?

Could solve this with digital signatures.  What if we could add metadata before it goes out into the cloud.  Get a signature of the object and attach the signature to the object or store it elsewhere.

How does this align with Creative Commons licensing efforts.  You can search and crawl for for CC licensed objects that you use.

Loretta Auvil:  Music Analysis.

Dynamic analysis of a Tom Lehrer file.    Very entertaining.

Scotty Logan:  IAM Services and Well Behaved Apps

If every app does its own thing, there is no real management.

Trust the container:  Identity – you can get a user name from Tomcat et al, Authentication, Authorization

Have the container provider the groups and privileges as a URI

OAuth.net – a specification developed by a group to solve the “I want my Flickr protected photos on Facebook but I don’t want to give you my Flickr username and password”.

Technorati Tags: , , ,