Embed Size (px)
Citation preview
Whither Infrastructure: Opportunities and Challenges for a WorldClass Research
University
Steven KelloggMarch 2009
Agenda
From Whence I come Whither Enterprise Information Technology
Challenges Infrastructure Security
Discussions
Whence
'79 – 81: Baback and Wilcox, NPGD Analytical Engineer
'82 – '94: IBM Analytical Engineer Product Planner Development Manager Systems Engineer Marketing rep
Whence(cont'd)
'94 – present: Penn State Manager, Research Programmer Director
Phase 1 of my 30 Years
MVS VM VMS CDC 7600
http://photo.com
phase 2
SunOS Apollo/HP AIX 1,2,3,4 Digital Unix OS/2 VM/MVS/VMS
CourtesyAirshow Aviation Photo Callery by Henk Tito::
Phase 3 AIX
Solaris
Linux
Windows
Mac OS X
HPUX
IRIX
Z/OS (MVS)
Penn State
24 Campuses 85,600 (90,609 w/ World Campus) students 35,000 full and part time employees 13 Colleges 9 ”special mission” units
med school, law school, World Campus, ...
Applied Information TechologiesAIT
A unit of Information Technology Services 25+ FTEs
Responsible for development and maintenance of: Identity and Access Management Authentication
K5, CoSign, Shibboleth LDAP Windows AD Domain Services
AIT
Responsibilities (cont'd) Web Hosting Services Enterprise Filesystem Enterprise Storage Backup Services Application development, maintenance and service Calendar services Collaborative tools
Projects and Services
Kerberos 5
Shibboleth
Cosign LDAP
WindowsActive Directory
Email Webmail
Oracle Calendar
File ServiceDFS;GPFS
WebServices
TSM
WorkflowBlogging
Identity Management
Database
Networking
AIX
Linux
Solaris
Challenges
Competition for the best faculty Competition for the best students Competition for the best employees Retention of the best Cost containment; IT is necessary but expensive Integrated Infrastructure Security
Challenges
RIAA/MPAA war Data Centers Collaborative computing environments Constituency satisfaction
Infrastructure
Box Mentality
Storage Area Network(better but ...)
Holistic
1. Of or relating to holism
2.a)Emphasizing the importance of the whole and the
interdependence of its parts.
b) Concerned with wholes rather than analysis or separation into parts
Holistic Computing
http://dictionary.reference.com/browse/holistic
Holistic Computing
Holism The theory that the parts of any whole cannot exist and
cannot be understood except in their relation to the whole; ”holism holds that the whole is greater than the sum of its parts”
http://dictionary.reference.com/browse/holism
Holistic Computing
The approach to enterprise computing that emphasizes a single overarching infrastructure made up of as few elements as possible and all of the elements taken together provide for a single integrated computing environment; eg. One authentication method, one directory, and common storage.
CPU
Research Computing
Memory
Bandwidth
Enterprise Infrastructure
Should be constructed with as few pieces as possible eg. OS's, platforms, protocols, databases Each piece is scaled to service the whole enterprise
Standards based Don't duplicate functions or data Evolutionary changes; not revolutionary if possible security, security, security
Infrastructure
Service Oriented Architecture (SOA) Reuse Evolutionary changes to support the business needs Should not be turned over to IT, but should be a
partnership between the business and IT. Need buyin all around, but definitely from the top
Infrastructure
Buy v. Build You gotta ask yourself:
Do we have time to build it? Do we really have the skills available? Can we really do a better job? Can we afford to not buy it? Can we afford to buy it?
Buy
Pros quicker time to service someone to call lower total cost (maybe) expect the vendor that provide best practice
buy
Cons Vendor lockin Does the solution fit within your architecture
Avoid the box mentality Business rules, processes
vendor responsiveness feature enhancements problem resolution
doesn't develop staff skills time to resolution?
Security
Security Network Security Endpoint Security Data security Compliance User behavior
Security
Regulatory issues FERPA HIPAA CALEA eDiscovery HEA Copyright Infringement
Security
1984
Regulatory sarbanesoxley Homeland security??
Middleware
Protocols Secure Transport Data types Authentication Authorization
Identity and Access Management
People and Relationships Creation and Management of Identities Access to Data and Applications
IDM
PSU circa 1992 k4 principle for all DCE (150,000) now: k5, LDAP, Cosign, Shibboleth
Why IAM is Important
Four goals Increase collaboration and innovation Improve customer service Increase efficiency Improve security of digital assets and mitigation of risk
IAM committee 8 Strategic Recommendations http://its.psu.edu/IAM
Penn State Access Storage Space
150,000 Personal folders Home Directory www www_protected Blogs
2,000 Shared Spaces courses, departments, clubs
Core Elements
Holistic v. BoxPros
Holistic Single identity Unified authorization
strategies Overall scalability Overall efficiencies Lower support costs Lower administration
costs
Box Turnkey solutions Availability of skills
Holistic v. BoxCons
Outage of one element can take out many/all services
Higher level of skills required
Vendor lockin Multiple digital
identities Duplicated data
Data sync issues
Questions?Comments?
