1 / 34

IT Briefing Thursday, March 20, 2008

University Technology Services. IT Briefing Thursday, March 20, 2008. IT briefing. AGENDA FOR february 2008. Updates & Announcements Oxford Website Server Virtualization CISO Introduction. Karen Jenkins Seth Tepfer & Mahbuba Ferdousi Steve Siegelman Brett Coryell Brad Sanford.

ishmael-hopkins
Télécharger la présentation

IT Briefing Thursday, March 20, 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. University Technology Services IT Briefing Thursday, March 20, 2008

  2. IT briefing AGENDA FOR february 2008 Updates & Announcements Oxford Website Server Virtualization CISO Introduction Karen Jenkins Seth Tepfer & Mahbuba Ferdousi Steve Siegelman Brett Coryell Brad Sanford

  3. general Updates & announcements Web hosting migration • All testing of currently migrated sites must be complete NLT 3/26!! Enterprise Content Management • Selected Cascade Server from Hannon Hill! • Huge higher ed presence (over 50 universities including Duke, Clemson, Cornell, Carnegie Mellon) • Great reference checks with CMU, Texas A&M Health Sciences Center, and the Medical College of Georgia – outstanding support and responsiveness! • Healthcare presence as well (although not as large a vertical – about a dozen) • Easy to use interface • Standards based XML templates Service Management Team (Remedy & LANDesk) • Very limited resources over the next few weeks!

  4. Oxford website redesign Mahbuba Ferdousi Seth Tepfer

  5. oxford website redesign approach Send RFP Vendor Selection Committee Invite 3 vendors Unanimously Chose Dot Marketing Sold the CMS University did not have plans for CMS Talked with John Mills and ITPC

  6. oxford website redesign Why dotmarketing Education Customer Base Surveys of High School Students Visual Appeal of designs in portfolio Methodologies well thought out Their CMS

  7. oxford website redesign Why dotmarketing (cont) Their CMS • Written in Java • Db independent (Oracle, MySQL, SQLServer, etc) • Runs on Linux and Windows • LDAP Authentication • R25 interface experience • Open Source Product

  8. oxford website redesign CMS advantages Ease of end-user development Built in groups/roles based permissions Dynamic data Design Control Workflow process Ability to roll-back to previous versions

  9. oxford website redesign CMS advantages (cont) Edit/preview/live modes Left menu navigation and breadcrumbs Photo/video gallery Streaming .mp3 player Form handling WebDAV

  10. oxford website redesign Our website Prospect-oriented philosophy Multiple Navigation methods News Events/Calendar CMS

  11. oxford website redesign What we learned We have a lot of content Need more robust search than built-in Early adopter of load balancer for this vendor Vendor has been responsive and stayed with us

  12. oxford website redesign questions Mahbuba Ferdousi • 770-784-4570 • usmf@emory.edu Seth Tepfer • 770-784-8487 • seth.tepfer@emory.edu

  13. SERVER VIRTUALIZATION Steve Siegelman

  14. server virtualization Why virtualize Server consolidation Cost reduction on physical infrastructure Hardware budget cuts Provide failover and high availability Provides more opportunity for server maintenance during normal working hours. Proven, mature technology

  15. server virtualization TO VM –OR– NOT TO VM • “For any new initiative, it is the direction of UTS to Virtualize first before deploying physical hardware.” • VM Candidates: • Occasionally used development servers • Underutilized servers • Servers that have seasonal use • Application software that the vendor will support running in a VM • Not VM Candidates: • IO intensive applications such as Oracle or SQL Server databases • Application software that is unsupported by the vendor in a VM infrastructure

  16. server virtualization VMWARE VI3 • VMware VI3 – Suite of Products • VMware ESX Server • VMware VMFS • VMware High Availability (HA) • VMware DRS • VMware VMotion

  17. server virtualization VMWARE ESX SERVER * Source – VWware Website

  18. server virtualization VMware VMFS * Source – VWware Website

  19. server virtualization VMware High Availability (HA) * Source – VWware Website

  20. server virtualization VMware Vmotion * Source – VWware Website

  21. server virtualization VMware DRS * Source – VWware Website

  22. server virtualization Hardware Platform HP c-Class Blades

  23. server virtualization Phase One • Two VMware Clusters • 3 Node Cluster – DMZ • 3 Node Cluster – Admin Core • Targeted VMs • 39 VMs – DMZ • 23 VMs – Admin Core • OSs: Windows 2003, Redhat Linux, Solaris 10 x86, SLES Linux

  24. server virtualization Phase Two – Fall ‘08 • Academic Core Cluster Build Out • 3 Node Cluster – Academic Core • Grow Out DMZ & Admin Core Clusters As Needed • Campus Wide Hosting Offering

  25. ? Questions

  26. Brad sanfordChief Information Security Officer Brett Coryell

  27. Introduction and Observations from My First 50 Days Brad Sanford, CISSP, GSEC, GCIHChief Information Security Officer (CISO), Emory brad.sanford@emory.edu

  28. brad sanford introduction Personal Bio • Kentucky • Interest in Computers and Security • Education Work Bio • Humana through HCA • Vanderbilt • HCA (Security Assurance & Architecture)

  29. brad sanford Ciso role at emory Earl Lewis Provost and Executive Vice President for Academic Affairs Mike Mandl Executive Vice President for Finance and Administration Fred Sanfilippo Executive Vice President for Health Affairs and CEO, Woodruff Health Sciences Center Richard Mendola Vice President for Information Technology & CIO John Connerat IT Finance and Administration Dee Cantrell CIO Emory Healthcare Information Services Brad Sanford Chief Information Security Officer, Emory University and Healthcare Brett Coryell Deputy CIO, University Technology Services Marc Overcash Deputy CIO, Research and Health Sciences IT Linda Erhard IT Governance

  30. brad sanford Ciso role at emory The Chief Information Security Officer is responsible for coordinating and leading information security activities across Emory University and Emory Healthcare Primary Areas of Accountability • Security Policy and Strategy • Security Awareness • Security Architecture • IT Risk Management • Security Incident Response • Vulnerability Management

  31. brad sanford Initial observations Willingness to “Do the Right Thing” is High • Awareness is low • Expectations are unclear Our Knowledge is Limited • Where does sensitive data resides and how is it protected • But we do know we have a data protection problem • What vulnerabilities are putting us at risk and how do we address them • Who is responsible • How should we respond to security incidents Duplication of Efforts Across Schools and Departments is High • Active Directory • Virtualization • Many Others Many Security Controls and Operational Processes are Immature • Ad-Hoc • Limited in Scope / Coverage • Limited Effectiveness

  32. brad sanford Security related initiatives Ongoing • Information Gathering • Security Gap Analysis • Security Policy Review • Full Disk and Removable Media Encryption • Trusted Zone • Trusted Storage • Security Strategy

  33. brad sanford Security related initiatives Future • Security Policy Overhaul • Data focused • Security Awareness Program • Mobile Device Protection (PDAs, Smartphones, etc.) • IT Risk Management Program • Vulnerability management • Expanded HIPAA Risk Assessment • PCI Data Security Standard Compliance • Evolution of Operational Security Capabilities • Integrate Security Controls into Existing Processes • Contracts • New-Hire Process • IRB

  34. ? Questions

More Related