210 likes | 345 Vues
Public Key Infrastructure at the University of Pittsburgh. Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring 2000 Task Force Meeting. University of Pittsburgh Profile. Member of AAU Pittsburgh Campus
 
                
                E N D
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring 2000 Task Force Meeting
University of Pittsburgh Profile • Member of AAU • Pittsburgh Campus • 25,853 Students / 35% Graduate and Professional • 3,468 Faculty • 4,891 Staff • Heavy Concentration of Graduate and Professional Programs • High Level of Research, Large Medical Complex • Regional Campuses (4) • 6,420 Undergraduate Students • 378 Faculty • 440 Staff
Information Technology Strategic Plan • Three Year Plan – Fiscal Years 2001-2003 • Focus on: • Infrastructure • Computing Equipment and Facilities • Support • Emphasis on Defining Appropriate Locus of Responsibility • Technology Planning Fully Integrated into Academic Planning
Infrastructure • Support vBNS and Abilene Networks • Transitioning to Gigabit Ethernet Backbone • Kerberos V4 authentication services • AFS for file serving • 26,500 Active Ethernet Ports
Infrastructure (continued) • Student Access • 1900 Computers for Undergraduate Use • Ten campus computing labs • Specialized Labs • Calculus/Engineering • Chemical Engineering • Art History • Journalism • Residence Halls • 8006 Ports • E-mail Stations • 100 Planned Over Three Years
Computer AccountsCurrent • Internally-developed accounts management database • 56,000 Active Accounts • Decentralized Management (1,500 administrators) • Limited Functionality • Not integrated with payroll and student information systems • Attribute changes difficult
Computer AccountsFuture • Directory-Enabled Applications • Automatic Account Creation and Deletion • Centralized Administration • Development of Web-based Tools • Moving Toward Single-Sign-On
Need for Security • Initially Looking at Options for: • Privacy Enhanced-E-mail • Access to Restricted Databases • File Encryption • Digital Signatures • Immediate Need • e-Store
e-Store • Closed In-house PC Center July 1998 • Implemented On-Line Computer Store August 1998 • Required Confirmation of University Affiliation • Multiple Options
Options • Authentication Using Kerberos • Lack of vendor support for restricted databases • Development effort • Network Restrictions –IP-Based or Domain -Based • Difficult to maintain • Too Restrictive
Options (continued) • Web-enabled Authentication • Insecure • Difficult to Maintain • Public Key Infrastructure • Limited Portability • Relatively New Technology
PKI Solution Chosen • University Made a Decision to Adopt PKI • Met Immediate Need • Provided Interoperability • Provided Extensibility • Industry Adoption Anticipated • Implementation Decision: • In-House Certification Authority • Outsourced Certification Authority • Hybrid Model
PKI Solution Chosen (continued) • In-House Certification Authority • Internal Effort • Full Control • No Trust Beyond University • Inadequate Facilities and Expertise • Outsource Certification Authority • Implicit trust • Secure Facilities • Simplified Implementation • Interoperability
PKI Solution Chosen (continued) • Hybrid Model – Chosen • Provided Advantages of Outsourced and In-House Certification Authorities • Provided Local Control while Maintaining Implicit Trust • Provided Fastest Implementation • Few Vendors Offering Solution
Selection of VeriSign • Leading Provider of Internet Trust Services • 3.9 Million Digital Certificates Issued to Individuals • 215,000 Web Site Digital Certificates Issued • Strategic Relationships with Industry Leaders • Provided High Level to Technical Support • Responsive to Needs of the University
VeriSign at the University of Pittsburgh • Hybrid Solution Implemented • Manual Administration • Auto Administrator Feature Planned • Automate verification process • Local Hosting • Customized Web-Interface • 50,000 Co-branded Certificates
Current Uses • e-Store • Primarily used by Students and Faculty for Personal Purchases • Department Administrators for University Purchases • E-mail Signing and Encryption • Used with Supported E-mail Clients (Outlook, Netscape)
Challenges • End User • Limited Portability • Resistance to Adopting New Technology • Vendors • Slow adoption of PKI • Pitt Environment • Integration with Legacy Administrative Applications • Business Practice Changes • Cost of Smartcard Solution
Future Implementations • Integration with Enterprise Level Directory • CDS Development Underway • Early Adopters Program • New Administrative Projects • Human Resources / Payroll • Financial Information System • Institutional Advancement • Enhancing Legacy Systems • Integration with Smartcards • Access to Restricted Databases • Integration with E-Commerce
Questions ? • Presentation Available Online: • http://www.pitt.edu/~packr • E-mail: • robert.pack@pitt.edu Robert F. Pack Vice Provost Academic Planning and Resources Management 809 Cathedral of Learning University of Pittsburgh Pittsburgh, Pennsylvania 15260