Category Archives: ITANA

Posts on ITANA – the I.T. Architects in Academia peer group that I chair. See ITANA.org for more info.

ITANA.org – bringing the catch home

 

Image courtesy of the Nova Scotia Museum

Image courtesy of the Nova Scotia Museum

I’ve been pondering, wondering and worrying about how to bring value out of ITANA.org to the world at large.  I struck upon a metaphor over dinner with a friend at EDUCAUSE recently that brought my vision and the issues I’m pondering into sharp light for me at least.

 

I watched Captains Courageous, a wonderful 1937 film with Spencer Tracy, recently.  This is a story about a spoiled boy who ends up on a fishing Schooner.  The schooner would launch dories with fishermen aboard them.  The dories would bring there catch back to the schooner where the fish would be processed and packed.  The schooner would then bring the catch back to the mainland and to the public.

ITANA.org spins up sub-groups that work on a topic.  These are the dories if you will.  ITANA.org and its sponsors, EDUCAUSE and Internet2, act like the schooners and the delivery systems on the mainland. 

If I take this as the operating principle for ITANA.org, then a variety of questions pop into my head:

  • How do I make sure those sub-groups have the resources needed to bring back a meaningful deliverable? 
  • Who should be, as it were, on the dory doing the fishing? (It’s my metaphor and I’m sticking with it to the end – Jim) 
  • How do I make sure that the delivery from the sub-group to ITANA.org is a smooth as possible and as efficient as possible? 
  • How do I make sure that the sub-groups are working in fertile fishing grounds?
  • How do I make sure that what we are delivering is what the mainland wants?

These are the things that I’m wrestling with as I get ITANA.org up and running.

I see a lot of interest and potential in the bright minds that participate in ITANA.org.  We have great conversations.  We generate interesting thoughts an comments.  Those thoughts and comments get lost in the minutes from the phone calls or the hallway chats or the blog posts and notes from meetings.  How do I turn those things into more meaningful deliverables?

Some thoughts that I’ve had on this topic:

  • Each sub-team should have one person dedicated to gathering up content.  They should pull responses out of the minutes and into a wiki page or section.  They should glean the good stuff from the email chatter and add it to the wiki.  They would be responsible for rolling-up all the various bits and pieces that go by into a single reference point.
  • Each sub-team should have a set of deliverables as part of its charter.  For example, the Data Management sub-team agreed to deliver a survey and the survey results.
  • Each sub-team should produce some artifact(s) that can be shared with the world at large (e.g. a paper, or video or blog post) that others can consume on their own time.
  • I/we should have a standard way of “publishing” these deliverables and a standard set of ways of getting the news out that they have been published.
  • We should also be creative in our thoughts about how we engage beyond the core of ITANA.org.  Where does Twitter, Facebook, LinkedIn, the EDUCAUSE blogs and wikis, podcasts, screencasts, vodcasts, etc. fit into the mix?

That’s what I’ve been pondering.  Anyone have input?  I’d love to hear it.

Technorati Tags: , , , , ,

ITANA Face 2 Face – Security Architecture

Indiana University

Completed a 10 year Strategic Plan which worked because they connected money to it.  You couldn’t get funding unless you showed how your project connected to one of the 71 strategic initiatives.  Completed a 10 year tactical Telecom Plan.  Instead of replacing 1/4 of the switches every year for four years, they want to replace all switches in one year so they can take advantage of new features.

802.11X access solution based on MAC addresses or logins.  Getting to automated, policy-based network access.  What is the value of this and what have people done in this area?  What are the policy zones?  This can flip it over so that we are both protecting our network from devices as well as protecting devices from our network.

This group could develop some design templates that schools could use in discussions with vendors.

UW-Madison

Should there even be a Security Architecture?  Shouldn’t security be embedded in all of the groups and users?  When Stefan started in 2001, he always was asked, “Why” about security items.  Why do I need to use a firewall?  Why should I have logging turned on?  Set a set of principles:

  • Security is Everyone’s Responsibility
  • Security is Part of the Development Life Cycle
  • Security is Asset Management (classifying the information)
  • Security is a Common Understanding

We have a five step process for doing a risk assessment.  First we agree to the assessment scope, then conduct the assessment, develop a draft report, communicate the findings then re-assess as needed.

Risk = (Impact X Likelihood) / (Mitigation Controls)

Impact is related to costs.  How do you monetize reputation?  You can ask how would you spend to prevent this from happening.  This is a Risk Prioritization process.

How do you balance the security principles against the development principles (scalability et al).

Technorati Tags: , , , , ,

ITANA Face 2 Face: Data Management

Data Management  Discussion:

Key Issues:

  • Data Architecture, Analysis and Design
  • Data Security Management  – data access and security
  • Reference and Master Data Management  – making data available rather than copying data
  • Data Warehousing and Business Intelligence Management – normalizing the data across the data warehouse
  • Document, Record and Content Management –
  • Meta Data Management –

The difference between Structured Data (data in authoritative systems, usually in a database) and Unstructured Data (  ).  The Structured Data was designed by DBA.  These can proliferate silos.  Complex queries are difficult to build and brittle.  The metadata and taxonomy as delivered is often “accepted” without thought as the enterprise definition and taxonomy.  They also include open fields to store what ever you want.

Unstructured data is individually generated, often in file systems, often without much metadata that is meaningful to enterprise.  The rich media formats cannot be easily mined to discover content.  Management is a nightmare with a proliferation of stores and types of content.

Structured Data Gaps:

Data Warehouses:  it was sold as a way to build a bridge across the silos.  The queries are difficult to construct and often take a lot of effort to get written.  It is hard to deliver the complex queries.  All the business logic is missing that is used to develop the data and queries.  There is a gap in the definitions and the data in the warehouse.  You can define student 12 ways so any query could have 12 answers.

There is no business rules repository that lets you figure out how things are defined.  You can build business rules into the database and into the application code.  The farther you get from source, the farther you get from the business rules and the definition and intent for the data.

Data Warehouse is used to buffer the source system from queries.

When we give out reporting tools to individuals in offices, then it locks you into schemas in the data warehouse.  As people develop their queries, it locks down the database table structure.  If you change the schema to make more enterprise sense, then many distributed queries suddenly break.  There are also “experts” who are vested in their interests in the complexity of the data warehouse.  When you streamline and change the process and the queries, you actually threaten the experts.

LDAP as an example:  We bring data from a bunch of sources, we then normalize the data and present it in standard queries for consumption at large.

A place to start:  things that go into an executive dashboard.

Access To Data project that turned into a drive to get large data sets into Excel on the desktop so they could drill around on their own.

Privilege Management: Authorization in application based on name NOT on an institution role.

At UW-Madison, we manage privileges by sneaker-net.  We don’t have access to metadata so that we can generate privileges based on roles.  We don’t have a way to delete someone from all of the systems when they leave or change roles.  The roles of people have states that we have to move them through.

There are multiple organization charts that come into play when you try to define the role(s) the person which can actually be different at the application roles.  Every application also has roles defined and applications do RBAC.  But there needs to be an external system where you manage these people and roles.  There are two views:  one is that there has to be application centric views of roles and privileges, the second is that there could be a set of pre-defined roles that come with a suite of privileges. 

There are a set of RULES which are different than the roles.  The rules must be stored in a repository as well. 

Unstructured Data Gaps:

Electronically recorded lectures, talks etc: We gather some metadata when we create the file like it is the third lecture, created on this date, etc.  We cannot scan these files to get rich metadata.

Unstructured Data Management Architecture from IBM.  It is cycle-intensive.  It looks at 10 second clips of music and adds metadata (like it is “happy music”).    The idea that you can just grind at the problem with power might work for a while.  There are vendor(s) who are working in this spaces.

Just knowing what data exists is an important step.  Storage is just as important.  How long do you archive, repose the data?  At what level of storage should you storage?  The librarians are building dark archives.  They are storing data in hopes that some day we will be able to “do something with it”.  The metadata harvesting and management tools are immature. 

Digitally Signatures:  When we throw stuff out onto the web or into distributed storage, how do we mark the content so we can mine the archives.  “If there was a point to doing it, people might do it.”  Not many people see the value in deploying the systems.

Wikipedia claims that authors are professors who aren’t so their stuff will be taken more seriously.  The ability to express our university membership out in the world at large becomes more important.

Students will be coming to us with digital identities.  They will want to use those identities and we will become another fob on their keychain that they use in the world at large.  We may not be the source of their identities in the future.

All of the data is going to live someplace.  We will not be holding it all but we will need to be able to assert our IP over the data wherever it lives.  Look at the RIAA and their ability to enforce their IP across multiple platforms.

Standardized media formats:  

E-discovery:   When you have an E-Discovery request, it is no longer personal data or institutional data.  What is the impact of distributed storage and the Web2.0 applications on e-discovery requests.    Where is the liability?  Who will be sued?  Don’t change data management practices to because of e-discovery.

Technorati Tags: , , , , , ,

ITANA Face 2 Face Case Studies

Duke University

http://oit.duke.edu/tag/

Tech Architecture group at Duke is charged:

  • to track emerging technology and raise issues for the CIO’s consideration
  • review major decisions
  • integrate into the project management lifecyle
  • pay attention and champion certain solutions

Developed small set of principles – few enough that they could remember them around four areas:

  • Data
  • Infrastructure
  • Services
  • Support

Each of these areas are highlighted in each principle’s page (http://oit.duke.edu/tag/principles/p-robust-systems.html)

The principles:

  1. Robust Secure Systems
  2. Link don’t copy
  3. Design for scalability
  4. Design for information lifecycles (not only the data but the overall system)
  5. Adapt to realities of people and technology (has to work in real life)

There is tension between all of the principles. You are picking a failure mode when/if you don’t meet a principles.

TAG drafted the principles. Focus groups used to refine the principles. The “adapt to the realities” principle came from the focus groups. Did an OIT-wide staff survey. Then followed a communications plan to evangelize the principles. They showed practical application via case studies – looked at situations that went badly or tough decisions that had to be made. The case studies are very valuable for communications and for the change management. They chose failures that where inside the group so that they would be criticizing themselves.

They also use Issue Reviews when there is a failure (http://oit.duke.edu/tag/issues/index.html). Each write-up has a list of recommendations with the principle highlighted.

The idea is build a volume of case-law and to evaluate the principles. “You’re making stories… the legend that becomes part of the culture”.

UW-Milwaukee

Started the planning process in 2005-2006. Looked the leadership and the way that the serve campus. They also help support the UW-System.

Targeted the information flows between and within the academic, research and administrative areas. Engaged the leadership.

They hired staff with EA experience and repurposed staff with expertise. They then looked at frameworks to take advantage. The liked the TOGAF framework but streamlined it and made it more light-weight.

The EA Team has:

  • Chief Process Architect
  • Enterprise Data Architect (Michael Enstrom)
  • Operations Architect
  • Application Integration Architect
  • Security Architect
  • Network Technology Architect
  • Web Architect
  • Deputy CIO

Developed Architecture Principles in four areas; Business, Data, Application, Technology. Develop “IT Guiding Principles” for centralized and decentralized IT-Oriented staff (“how we’ll function”). Defined the activities that we will follow together to put the Architectural Principles in place. Almost an SLA with the business partners.

Now doing a data/application/process inventories – huge pain, a lot of work. Trying to capture legacy information before people retire.

A lack of a consistent approach to requirements gathering leads to solutions that aren’t based on deep understanding. The role of agile approach is to do it in smaller chunks. This helps align the requirements with the end-users needs. They have used the IIBA Requirements Management methodology. The CIO is paying for the training of people outside of IT so they all speak a common language.

They are looking at an “Emerging/Accepted/Best Practices” approach. Looking a broad suite of standard best practices. Evaluate the standards and see what they want to use.

Working on a method to bring every one to the table set priorities for funding and projects.

Saint Louis University

2006 – was getting a lot of things done but they weren’t connected. Lot’s of talk about flexibility and agility. There was a lack of change control with “heroism at the interfaces”. Lot of big projects going with and showing success: network, info shield, DHCP, Banner ERP upgrade, IDM. The CIO said, “show me some ROI” when she created her EA group.

Drivers for EA: mitigation of risks with the Banner Upgrade, regulations (SOX), lack of documentations. Started with the ITS shop first.

Governance included the 19 architects (domain and EA architects). The things that worked: the focus on People, Process and Technology. The PIM (Product Item Master) and the quarterly report of the PIM. Building relationships has been a focus for the past year or two. Created an Enterprise Infrastructure Working Group to manage the desktop image.

Using procurement to document savings.

Next Steps:

Architecture Gaps – they have reference architectures and the PIM but there are steps and layers missing between the two,
Governance Gaps – missing ties between strategic goals and the local technical choices,

The Control of the Work statement: what does that mean? Do you think the EA group will control the work? Means enterprise system / standards type context under the control.

How do we articulate the importance of “Architecture” regardless of the leadership and changes in leadership?

Technorati Tags: , , , , ,

ITANA Face2Face Tools of Trade

UC Davis

http://vpiet.ucdavis.edu/

Created an Administrative Services Map with eight domains. Each domain has a Domain Convener. All the Domain Conveners gather on a single governance board.

  • Academic Personnel Adminstration
  • Enterprise Asset Management and Planning
  • Student and Curriculum Support
  • Finance
  • Information Technology
  • Alumni and University Relations
  • Research
  • Payroll and HR

Just bringing this fruition.

Currently moving to Kuali Financials – this is a “big rock” project that they stage. Above this is their SOA, ESB and Infrastructure layer. With IdM above that. Then Portal.

Use the roadmap to help guide the School and Department works. Hope to align the work in the School and Departments with the roadmap.

Having a transparency, rich communication and agree on principles helps with the alignment across domains and the schools and departments.

If you look down the road, you could see that the IT domain would grow as more stuff moves into the infrastructure layer. This would also allow for more modular developments.

The roadmap is application centric – the infrastructure layer should have its own roadmap.

U Chicago

Protege based ontology for mapping the relationships between Applications, Platforms, Networks. They have a defined a set of relationships: Hosts, Is-part-of, is-server-to, etc.

Produces a cool drill-able graph of relationships. The relationships have structural properties.

They have captured 1300 relationships. They have limited things to objects that are production.

The production shop is looking at this tool for mapping the flows of data files in batch jobs.

Limited to the amount of information that they can reasonably gather and manage with a 6 month refresh rate.

Technorati Tags: , , , , ,

Digital Neighborhoods – Guiding design

Second LifeDigital neighborhoods seem like a powerful tool for discussing technology and its impact on users (students, staff, researchers, etc) and the concept adds interesting new requirements to projects. Getting a good understanding of your users’ digital neighborhoods can guide design and deployment of new technologies and help predict impacts on the users themselves. Understanding how they move in their neighborhood, where they travel frequently and what places are stable over time, provides insight into the key places you should try to place application.
I came upon Jeff Swain via Twitter which led me to his blog-post about his digital neighborhood. I was wandering in my digital neighborhood and into the surrounding areas when I found his link. Jeff talks about reading David Weinberger’s Small Pieces Loosely Joined. To quote Jeff’s post:

As Weinberger points out space on the web doesn’t work that way. Distance is measured in hyperlinks and proximity is created by interest. In other words, each of us gets to create own own space on the web. Your own neighborhood, if you will, filled with the places you find interesting…. So this got me to thinking, What does my digital neighborhood look like? What seemingly disparate places are loosely joined (pun intended) just because I happen to be interested in them?

Jeff then goes on to do an analysis of his digital neighborhood.

As I read Jeff’s piece, I began to think about the value of understanding digital neighborhoods. If we understood our incoming students’ digital neighborhoods, it would give us a better understanding of how to reach them, what their interests are and places that we should think about pushing content into. One example that we have in place is in Facebook. We now have an emergency notification group and system in place in Facebook. Our leadership can push out notices via Facebook, into the user’s neighborhood.

Another example is our increasing use of RSS feeds for various applications and calendar feeds. This lets users pick up the content and move it to their own neighborhood. I have a calendar feed for our corporate calendar system integrated into my Google homepage. I can check my work calendar while checking personal email, local news and recording my workouts. The fact that my calendar appears among my personal tools means I track changes to my calendar much more closely when I’m at home doing my personal things. In some ways, Google’s custom homepage is like strip-mall with a few anchor stores (Mail, Calendar, Google Apps) and a lot of empty store fronts that you can fill with your own shops.

The value of these virtual malls, is that users can aggregate enough of their own personal content and applications that it makes it worth the trip. Every time you go on the web, you have thousands of possible places you could visit. Yet, you visit a select few. If we continue with the physical store/neighborhood metaphor: Every time you go shopping, you could go to any store in town but you go to a select neighborhood (like our State Street) because of the variety of interesting shops or to a given store because of the shop has some unique value (low price, selection, the one thing you can only find at their store). A similar thing happens when we deploy applications. Users are expected to visit that application because of the unique value it brings. When we bring up applications that are separated from their current digital neighborhood, it is like building your store in a new mall well out of town. The users have to have some reason to visit. The value has to be higher than an application built in their neighborhood or built such that it can easily be included.

This suggests to me at least, that we need to think about our users’ current digital neighborhoods and how we can integrate our new applications and services into those neighborhoods. RSS feeds are a low risk and fairly simple way to move content into their neighborhoods. Facebook groups and applications could reach into the students’ world. Portlet type applications that can be put into existing enterprise portals or into sites like Google’s homepage allow richer interaction. Finally, if if has to stand on its own, it better have unique value that makes it worth the trip.

Technorati Tags: , , , , ,