April 21, 2023

The Silver Ring: Inter-institutional Middleware CollaborationThe Silver Ring: Inter-institutional Middleware Collaboration

Michael Berman

Mark CraseApril 9, 2003

Michael Berman

Mark CraseApril 9, 2003

Copyright A. Michael Berman and Mark Crase, 2003. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.

9 April 2003 2

Overview of Presentation

• Overview of CSU IT

• Drivers for CSU Middleware

• Where we’ve been so far

• Where we’re going

9 April 2003 3

The California State University

23 Campuses

• 1 Research Institution (R2)

• 21 4-year Comprehensive Institutions

• California Maritime Academy

400,000 Students

60,000 Faculty and Staff

9 April 2003 4

Integrated Technology Strategy

• In 1997, the CSU Presidents came together to ensure that each campus in the system would have the technology infrastructure required to support each institution’s academic and administrative programs.

• The result was the creation of the CSU Integrated Technology Strategy

9 April 2003 5

Integrated Technology Strategy

• Outcomes-based strategy

• Built on Integrated Academic and Administrative Initiatives

• Supported by a Robust Infrastructure• Access (Hardware, Software, Network)• Training• Support Services

• Technology

Prerequisites

Outcomes

Initiatives

SupportTraining

Access

Net

wor

k

Har

dwar

e

Sof

twar

e

Initiatives / ProjectsD

istr

ibut

ed L

earn

. & T

each

.

Mul

timed

ia R

epos

itory

Libr

ary

Res

ourc

es

Student Friendly S

ervices

Com

mon. M

gt. System

s

Stream

line I/T Delivery

Procurem

ent Process

Improvem

ent

One C

ard

Access Infrastructure Initiative

Cen

ters

for

Inst

. Tec

h. D

evel

op.

• Optimal Personal Productivity

• Excellence in Learning and Teaching

• Quality of Student Experience

• Administrative Productivity and Quality

Baseline Training & User Support Infrastructure

CSU ITS FRAMEWORK

FULL

BASELINE

CURRENT

9 April 2003 7

Institutional MW Leadership

• Information Technology Advisory Committee• Campus CIO’s• Chancellor’s Office Staff

• Middleware Steering Committee• CIO’s, Campus Technical Staff, CO flywheels

• Directories Working Group• Campus Technical Staff

9 April 2003 8

Drivers for a Multi-campus Approach to Middleware

Financial• While a one-size-fits-all approach may not work for

all components, some economies of scale can be achieved.

Political• Being a State-subsidized institution, proper stewardship of public resources is always important, but it is especially important when budgets are tight.

9 April 2003 9

Drivers for a Multi-campus Approach to Middleware

Coordination• Success even at the campus level will depend on a well

coordinated approach. A Systemic effort will help reinforce the importance of coordination and cooperation.

Help communicate the value of middleware and the benefits of the effort.

Consistent with CSU Integrated IT Strategy

SupportTraining

Net

wor

k

Har

dwar

e

Sof

twar

e

Access Infrastructure Initiative Baseline Training & User Support Infrastructure

Middleware

ServiceOutcomes

InitiativeApplications

The position of Middleware in the CSU ITS Pyramid when viewed from the technology perspective.

9 April 2003 11

Drivers for a Multi-campus Approach to Middleware

Maximize Value of Technology Investments• Infrastructure Terminal Resources Project• Common Management Systems• PHAROS Library Project

Help balance requirements for Strategic and Tactical planning

Coordination with external agencies (SEVIS, NIH, etc.) and partners (I2, EDUCAUSE, etc.)

9 April 2003 12

Where to Start?

A Directories Working Group

• Directories as the starting point for more comprehensive middleware effort

• Ad hoc effort to work collaboratively

• Volunteers/interested parties - 20-40 persons representing most campuses

• Smaller detailed architecture sub-group

9 April 2003 13

Final Recommendations…

…will depend on projected system wide uses.

However…

• Central directory servers (redundant and diverse)

• Submit campus data to system wide directory registry service (like DoDHE CDS)

• Common view with extensions, unique ID, security

• Minimum central attributes option

• Expanded central attributes option

9 April 2003 14

Future of Group

• Larger scale central directory performance testing

• Automation of campus-to-central data feeds

• Design central registry reconciliation processes

• Lessons learned: need to commit resources, not just volunteer

• System wide direction: to be determined by Steering Committee

9 April 2003 15

From Experiment to Institutional Response

First Step: Middleware concepts presented to the CSU Executive Council

• Executive Council is 23 Presidents + Chancellor• All receive Middleware briefing in February 2002• Consensus: “We’re not sure what it is, but if this is

what we need, let’s do it.”

9 April 2003 16

“Citizen of the CSU” Scenarios

Alice Chu is a junior biology major at Cal State Hayward, and a Citizen of the CSU. As a “traditional” student, most of Alice’s coursework is in classrooms at the Hayward campus, but last semester she was an intern at a biotechnology company in Anaheim. Using the 4Cnet, she was able to access all her usual Hayward resources, even though she was connected to her company’s intranet. Since she was in the area, she also registered to receive email about lectures in biology at Cal Poly Pomona and Cal State Fullerton, and attended one in-person and another via video streaming etc…

9 April 2003 17

Result: Middleware Steering Committee Formed

• Convened by CSU CIO, David Ernst

• CIO’s from multiple campus, CSU auditor and CO “fly wheel”

• Charged to develop a strategy for Middleware in CSU

• Formed in May 2002

• Report overdue in October 2002 (nearly done!)

9 April 2003 18

Preliminary Activities

System-wide workshop at I2MM, October, 2002

• 2-3 persons from each campus

• Intended to raise Mware awareness

• Solicit input from academic/administrative managers

• Build consensus for moving forward

9 April 2003 19

Initial Feedback

Need to emphasize “interoperability”

Need to be “standards-based”

Address security from the beginning

Overly ambitious agenda• Need to narrow the initial scope

• Need to identify the initial outcomes and deliverables

• Need to estimate required resources (staff and $$ for HW and SW)

9 April 2003 20

Initial Feedback (cont.)

Create mechanism for identifying and addressing policy issues

Communication (in English)• Central website for MW info• Call it something other than “Middleware”?• What “it” is and what it isn’t.

Work with campus Telecom (and others)

How does it relate to CMS (PeopleSoft)? Coordinate w/ ERP

Libraries appreciate invite to participate. Interested in Shib.

9 April 2003 21

High-level Planning

Planning Team convened for two days in November, 2002

• CO and Campus staff and faculty

• Functional (CIO’s, Library, HR/Finance) Technical and Risk Management representation

• I2 Facilitators

9 April 2003 22

Highlights of Recommendations

3-year Plan organized into three phases:

• January 2003 – September 2003

• October 2003 – June 2004

• July 2004 – June 2005

9 April 2003 23

Phase One: Jan 2003 – September 2003

• Establish CSU Middleware Policy Board, reporting to President’s Technology Steering Committee

• Create initial IMI policies and review practices• Establish CSU-wide LDAP definition < EduPerson• Establish a single, state-wide LDAP directory service

• replicate external-facing portion of individual directories • one-third of campuses providing data to this directory

• Pilot Shibboleth authorization

9 April 2003 24

Phase One: Jan 2003 – September 2003

• Register the CSU as a certificate authority

• Establish a model and whitepaper to define best practices for identity reconciliation.

• Prepare a “good practices” whitepaper on developing campus registry and directories

– recipe for campus development

– statewide workshop

9 April 2003 25

Phase One: Jan 2003 – September 2003

• Work with CalVIP to integrate of the directory structure into Video initiatives.

• Working group to evaluate business case for CSU-wide permanent identifier for individuals

• Get commitment from CMS Executive Committee to assure integration into CMS baseline (ERP Project)

9 April 2003 26

Phase Two:October 2003 – June 2004

• Complete external directories for all entities.

• Move Shibboleth from pilot into full production.

• Develop a plan to integrate campus-wide directories into CMS and CSU Mentor (On-line Admissions)

• Develop a plan to integrate campus-wide directories into Pharos (Library system).

• Pilot secure messaging/digital signature system, possibly based on PKI-Lite specification

• CSU-wide identifier - consider initial development of technology and procedures for implementation

9 April 2003 27

Phase Three:July 2004 – June 2005

Complete Integration with CMS and CSU Mentor

Complete integration with Pharos

Extend secure messaging/digital signatures to all campuses

Assignment of permanent identifiers in full operation.

Pilot extension of Middleware infrastructure to Community College and K12 community

9 April 2003 28

Initial Operational Model

• Local/campus Implementation• Staffing, software and hardware as needed• Participate in policy development

• Centralized Coordination• Coordinate intercampus activities• Coordinate policy development• Define system-wide architecture• Acquire centrally managed software & hardware• Manage system-wide communication• Provide documentation and project management support

9 April 2003 29

Initial Resource Projections

• Campus Resources:• .5 to 2 FTE depending on local implementation

requirements• Staff resources typically already in place

• Central Resources:• Middleware Architect• Directory Architect• Project Manager• Documentation Specialist• Communications Specialist• Program Assistant

9 April 2003 30

3-year Budget Projection

Salaries & Benefits (Six Positions):

FY 03/04 $563,640

FY 04/05 $586,186

FY 05/06 $609,633

Operating Expenses:

FY 03/04 $971,272

FY 04/05 $147,272

FY 05/06 $147,272

9 April 2003 31

Barriers to Participation?

What kind of campus representation is required?

How do we incent participation? • Executive Briefing to CABO, CIO, ExCom to get

political support• $$• People

Getting mindshare

9 April 2003 32

Next Steps: Campus

How do you develop a vision?

How do you develop a process to achieve the vision?

Who are your stakeholders?

What are the strengths you can leverage and limitations you need to address?

9 April 2003 33

Next Steps: System

How do you develop a shared vision?

How do you develop a process to achieve the vision?

Who are your stakeholders?

What are the strengths you can leverage and limitations you need to address?

9 April 2003 34

Thanks!

Michael Bermanamberman@csupomona.edu

Mark Crasemcrase@calstate.edu

Michael Gettesmrgettes@duke.edu

Ann Westawest@educause.edu

Please fill out the evaluation!

9 April 2003 35

9 April 2003 36

Development Principles

• Collaborative effort among all CSU campuses

• Maintain appearance of unified directory architecture

• Adopt a system wide unique identifier

• Common view (eduPerson, etc.)

• Standard software (LDAP now, others later)

• Security at least as good as source data/applications/business processes

9 April 2003 37

Initial Assumptions

• Federated directory approach

• Common view incorporating eduPerson

• LDAP architecture 

• Unique ID (unique vs. Linking)

• Internet2 involvement

9 April 2003 38

Detailed Architecture Proposal

• Distributed directory model (campus directories, LDAP v3 referrals to all others)

• Domain component naming

• Adoption of eduPerson 1.0 (now 1.5)

• Extension to calstateEduPerson (affiliation, major, SecurityFlag, VOIP address)

• Provision for campusEduPerson attributes

• Global unique ID based on “uniqueness” algorithm

• Secure directory servers (SSL)

9 April 2003 39

Test Bed Implementation

• Five campuses (SLO, Hayward, Northridge, Pomona, Fresno)

• Mixed directory software (iPlanet, OpenLDAP, Oracle)

• Various levels of compliance with system wide schema (mandatory-optional attributes)

• Various population subsets (student, staff, real/sample)

• Various client access methods (specialized search engines, Microsoft ‘address book’, Netscape ‘address book’, LDAP command line clients)

9 April 2003 40

Some Results So Far

• Response times are long (local server capacity, client referrals)

• Client handling of referrals varies (some do – some don’t)

• Coordination of referral trees at multiple sites is difficult

9 April 2003 41

Topics for Today

CSU Middleware: Technical and Organizational Dimensions

A. Michael Berman, Cal Poly Pomona

Mark Crase, CSU Office of the Chancellor

A. Michael Berman, Cal Poly Pomona

Mark Crase, CSU Office of the Chancellor

9 April 2003 42

Next Steps

A number of our colleagues could not attend. If we were to convene another mtg., what would we want to cover?• Items to add?

– Better defined scope– Costs– Quick wins– Competing initiatives– Outcomes from the beginning– More HR, Registrars folks involved– CSU Case studies– CCC and UC

• Items to drop?

9 April 2003 43

Some Discussion Topics

Feedback

Keystone Activities

Second Tier Activities

Barriers to Participation

Next Steps

9 April 2003 44

Keystone Activities

Begin with Directories• Identify a directory lead for each campus and CO• Directory Day(s) preceded by some survey of

current practices.• Provide “best practices” for campus-based efforts• Identify activities/participants in “central directory”

pilot• Other?

9 April 2003 45

Second Tier Activities

After Directories are on their way…• Simple authentication? If so, which apps?

–Local (Libraries/Shib)

–System-wide (CMS)

• Other?