160 likes | 245 Vues
Email Identity Standard Proposal. Identity and Access Management Subcommittee December 12, 2013. Situation. The @UCSF Exchange service provides email to 30,500 users across the UCSF enterprise
E N D
Email Identity Standard Proposal Identity and Access Management Subcommittee December 12, 2013
Situation • The @UCSF Exchange service provides email to 30,500 users across the UCSF enterprise • Many separate email systems have been consolidated into @UCSF, including the Medical Center and School of Medicine • @UCSF Exchange currently receives email for 140 distinct domains • Some units adopted ‘@ucsf.edu’ primary address when consolidated, but accounts are still being provisioned for 73 email domains • Rules for assigning a new individual to appropriate domain are manually implemented
Consequences of Current Situation • Delay in creation of new accounts • Barrier to implementing automated processes • Movement of individuals between units results in additional email addresses (and confusion) • Rollout of new services and integration with cloud service providers become more complicated and are often delayed
Target • A uniform primary @ucsf.edu address for all members of the UCSF community • Continuous delivery ofemail sent to all historical addresses in perpetuity • Benefits • Simpler experience for UCSF community • Department or organization move does not affect email address • Simpler account provisioning logic, leading to faster turnaround and opportunities for automation • Single email namespace is aligned with most cloud service integration requirements
Proposal • New individuals joining the UCSF community will receive a first.last@ucsf.edu primary address • The ‘mail enable’ web page used during account provisioning will have alternate domain choices removed • Existing UCSF individuals using a primary address not matching the new standard will have: • proxyAddress populated with their current address • Primary address reset to first.last@ucsf.edu format • UCSF Listserv memberships automatically updated with new address • Authoritative directory listings (CLS, SIS, E*Value) automatically updated
User Impact • Email sent to prior address and new address will be delivered to single mail box – No Impact • Loss of identity and ‘branding’ associated with domain suffixes on outgoing mail – Impact Variable • Ability to send to external Listservs that restrict input to validated addresses will be interrupted until Listserv account is updated with new address – Impact Moderate • Business cards and other collateral with prior address may need updating – Impact Low to Moderate
User Impact Custom inbox rules built manually from email addresses rather than the global address list will need updating – Impact Low External correspondents may notice multiple entries in their address book for UCSF staff – Impact Low Users may forget that registrations on external websites used their previous address – Impact Variable Business processes that query AD for users matching @department.ucsf.edu (sub-optimal choice, but may exist) will no longer work– Impact Unknown
Alternate Email Servers • There is no requirement that members of the UCSF community use the enterprise Exchange server • Small number of units continue to operate independent email servers • Options for provisioning / cloud integration for this population • Create first.last@ucsf.edu even when account is provisioned for individual joining unit not on Exchange • The Exchange account might not be used, but existence will facilitate integrations that need an @ucsf.edu address • Inform account owner that their @ucsf.edu address is used for authenticating to these services
Visual Impact of Email Domain – Outlook Web Access (OWA) on Mac
Integration Project Examples • UCSF Box • Box expected a single primary domain • Two UCSF staff members spent significant portion of month to resolve complication • Initial Implementation Delayed • Cisco Unified Communications • Uniform Resource Identified (URI) must be constructed for each individual • Primary email address can’t be used, because UC implementation overly complex if many domains supported • Ad hoc heuristics in development to pick ‘correct’ @ucsf.edu address from among multiple candidates in proxyAddress field
Recommendation Request approval via IT Governance Process Define process for obtaining necessary community input Identify resources and schedule for the implementation of proposal