Forum Replies Created
-
AuthorPosts
-
elishaParticipant
Hi Cindy,
I think there are good arguments for and against centralization, and I don’t believe there is a clear “right” answer. On the other hand, I believe both models are entirely capable of success as long as the community is engaged and involved in making it work and has some sense of common purpose. Given the President’s directive to implement the TIG report and the centralized model it recommends, my personal responsibility is to support that initiative in a way that doesn’t compromise the quality we have delivered over the years.
I have enjoyed the connection to purpose that the decentralized model has provided, and have had the pleasure to work in a very supportive environment with many talented staff who are passionate about serving faculty and students. It is these relationships and connection to mission that have made our technical services meaningful, and it is these qualities that we must preserve to the best of our abilities through the transition.
You make good points in calling out the excellent work that collaborative working groups have accomplished over the years. I am optimistic that these restructuring efforts represent a return to that level of shared engagement on initiatives of mutual benefit, and I am appreciative of Duane and Brian for the extraordinary communication and outreach that they are engaged in to steer us in that direction. The model I see proposed, is actually quite similar to the recommendation that college / academic IT managers and directors gave to Ratnakar when he came to campus.
From what I have seen, the School of Law provides excellent service to its constituency, and has devised ways to meet the differentiated service needs of its faculty and staff. I wouldn’t characterize the School of Law as an area full of problems that need fixing. Rather, I believe that the School of Law has significant expertise and specialized knowledge that it can contribute to the larger organization, and I look forward to working with you all in whatever way my initiatives can align with and support yours. Reporting structures aside, the IT Officer model seems designed to create the kind of collaborative community of technical professionals that you cite, and an extension of the good work that the Academic IT group has been involved in over the summer. From that perspective, I am optimistic.
It is certainly a realistic and pragmatic approach for the School of Law to watch and see how these initial efforts go. I also think that there are real benefits that the School of Law can realize through participation (both informal initial collaboration, and perhaps later integration). One of area of benefit that comes to mind is the access to a greater depth of staffing resources. We have all had the occasion when a critical employee is ill, takes another job, or simply wishes to take some extended leave. One benefit I see from the larger organization is more resiliency in the staffing of our services. The other significant benefit I see is more continuity of services across organizational lines, and more awareness of and alignment between central services and distributed support. More awareness of how the services my team manages align with the greater university needs and initiatives is a good thing.
While there is always room for improvement in all of our areas, there is also much more that is right with what we are doing than the TIG report states. With Central IT in particular, I have seen consistent focus on continuous improvement initiatives, with positive results in many areas. As Duane and Brian have said, we have deep technical expertise on campus with very dedicated employees in all areas. I am looking forward to the opportunities for collaboration and growth as we move ahead. We all have much to learn from each other, and I believe faculty, staff, and students will be the beneficiaries if we do this right.
Elisha
elishaParticipantThanks, Steve. Intending no disrespect, my main concern with the standard is that I think there is a lot of hard earned wisdom related to managing and supporting collaborative technologies that it would be good to write into a standard. As it relates to web conferencing, Extended Learning has been managing and supporting these tools for well over a decade. Through pilots of multiple systems and feedback from faculty and students contacting the support desk, we have learned a lot about specific points of usability, bandwidth scaling for delivery to remote areas, support requirements, and specific features that are needed for teaching and learning. The ability to create breakout rooms, support inline polling and chat, application sharing, whiteboard functions, content archiving and export, and integration with an LMS for authentication and authorization are all things that we’ve spent a lot of time refining. I think we could have a very productive collaborative process with you that would result in a useful standard. I’m just not sure how to do that over the discuss site, because I think there is enough to think through that it merits some time sitting down and developing it together.
elishaParticipantThanks, Aaron. Great points… I agree that reaching out to the survey committee is a good idea.
elishaParticipant2.2.1 – I’m not sure what this means “Management to contract terms and oversight of vendor; ”
3.1 – It might be a good idea to reference the Data Center standard here as it relates to hosting and security/availability tier.
Under 3.2.2 “Provide annual training for employees;” –where is the training and support responsibility boundary between IT and departments?
elishaParticipantI agree that this provision is the responsible thing to do, “Replace or upgrade equipment that cannot provide the setup, data protection, user access and security measures identified in the next sections.” Making that a reality will require new funding allocations or budget models in many departments.
Under Equipment Set up, Integration, and Security, I assume “Windows 8,1” should read “Windows 8.1” Are there best practices documents for Windows 7, OS X, or any specific concerns with Linux?
Simpler processes to support devices that do not regularly connect to the UNM network (offsite, out of town) for KMS would be helpful.
elishaParticipantSome of the surveying and course evaluation functions are covered in the Virtual Learning Environment standard. It would be a good idea to look at where those overlap and see if any definition between the two is needed.
It seems like energy is running out on development of these standards as well as on their review. If we knew more about what we were trying to accomplish with them, it would be easier to give advice on whether a standard is needed for each of these tools with certain levels of specificity or if a more generic overview standard like this one is sufficient.
elishaParticipantThis looks like a good revision to me. Thanks for your work on it.
elishaParticipantThis is not a standard as it is written. Shouldn’t a standard describe aspects of the service beyond a requirement to use it? e.g. Collaboration tools should work well on multiple platforms, should have certain security or scalability features, should be tested for usability, integrate with business and learning systems, compete with best-of-breed solutions, etc. If I read it correctly, this is just a document that states a requirement for users/departments to use o365/Lync, and it is a good example of the fundamental flaw in this whole standard/SLA process.
The approach is inverted. Centralization of some services could be a good thing, but the best way to get there without impacting quality of service would be to engage current service providers, faculty, staff and students to find out what they need and can afford. If you start there, and then design a service to meet those needs that includes documentation development, support planning, it shouldn’t take much to convince departments to use it.
elishaParticipantScope:
Is there a definition of what “significant” means in the context of how this standard applies?
“Examples of projects includes in the scope of this standards are”
should read:
“Examples of projects included in the scope of this standard are”
“Assess Risk Asses” should read “Assess Risk Assess”
Are the numeric rankings a required part of the project documentation?
Many of the projects we work on have an IT component, but are not primarily IT driven. i.e. an academic initiative may require certain IT support, but the larger context of the project includes training and pedagogy support, curriculum design, reporting and compliance, student service planning, etc. Where do those sorts of projects fall as it relates to this standard?
“At a high level, this plan identifies milestones; at a detailed level, it is a complete work break down structure.”
A complete work break down structure may not be possible for projects with iterative development cycles, extended development timelines, complex dependencies, many unknowns, etc.
How is this standard applied to projects with iterative development cycles?
As an aspirational document, this standard is pretty good. However, achieving that level of documentation and process definition within IT and other parts of the university seems like it would require more project management resources than the university currently has, unless this is applied with a very limited scope. Is it useful to have a standard that only addresses very large projects and does not provide guidance on small to medium ones? If this standard is to be applied more broadly, how will UNM address the cases where a project is needed, but project planning and oversight resources are limited? Cancel the project? Obtain project management support from a central entity? Obtain funding to supplement departmental project management resources?
On the artifact side, the document seems heavy on paper artifacts and formal reports. There are many electronic project management tools available (Jira, Redmine, Basecamp, Trello/Slack…) How would departments prove adherence to the standard for artifacts using these tools?
April 1, 2016 at 9:56 am in reply to: Identity Management – Central Authentication Service (CAS) #675elishaParticipantCAS is definitely an Authorization service. I’m not sure it qualifies as an Identity Management service.
Given the increased adoption of AD, what is the long term plan for CAS? Is there a convergence between the two services planned? If CAS is to continue, is there a documented way that we can address the secondary authorization question for sites and services using CAS using group membership?
Where does LDAP fit into the service boundaries of CAS and AD?
elishaParticipantHow does this standard relate to the Virtual Classroom standard or any other Standards and SLAs that will involve application administration, acquisition, and/or development?
Is there a size of application and/or level of application exposure that triggers formal adherence to a Development Life Cycle? Are there specific templates or forms required?
I know the standard says that development philosophies are excluded from the scope, but the outlined process indicates a level of linear formality commonly associated with waterfall development rather than agile approaches. that’s not to say that agile methods should not follow the same lifecycle, it’s more a question of what level of formality is expected.
Under Operation and Maintenance, I agree that at least two-weeks’ notice is preferable when outages are involved. However, there should also be a process for handling an Emergency Request for Change. Perhaps Change Management should be referenced.
Disposition or disposal: end user input is always good. How does this provision apply in the case of product end of life or end of support?
Is there a central repository for the minimum artifacts related to the Application Development Lifecycle? Is there an audit process? How will departments be able to proactively tell if their artifacts are meeting the standard?
Under upgrades, large systems are used continuously, which makes this provision unattainable: “Upgrade or refresh hardware and software during breaks in the semester or business cycle, or when an Application is offline so end-users are not negatively impacted.” Change management processes and minimal disruption principles are encouraged in those instances.
An emergency request for change process should apply here, too.
elishaParticipantUnder What is End-User Device Support, is this limited to Windows tablets as stated, or does it extend to any tablet?
Under Equipment Set up, Integration, and Security (note the comma is in the wrong place in the header)
Can we call out specific requirements/ Best Practices instead of pointing users at a 200 page federal manual?Typo fix: “Operating systems must be within manufacturers product life cycle.”
Can departments run their own WSUS, or must they connect to the UNM IT system? Is that system designed to scale for the campus?
elishaParticipantUnder Scope, I’m not sure what “Virtual Classroom Equipment Check Out” refers to.
Under Technology and upgrades, there was some conversation in the Faculty Senate IT Use Committee about this line:
“Ideally, upgrade technology during semester breaks, when environments are offline or in low use, so that
instruction is minimally impacted. Document exceptions and obtain concurrence of faculty instructors
using the technology.”It is unclear how departments would generally obtain concurrence of all faculty using a large system, and there is not really a representative body that could provide that input. I suggest changing the second sentence to say something more like, “All proposed exceptions should follow established change control processes such as the IT Change Advisory Board, and faculty and students should be notified in advance of proposed exceptions.”
Under Support, this sentence is a little confusing: “Provide information on obtaining permission from the provider to use or access virtual classroom technologies.”
Do you mean to say, “Provide information on how to obtain permission or access to virtual classroom technologies.”
The last bullet under Support should just say Collaborate, not Collaborates.
elishaParticipantUnder who is affected by this standard, there is a misplaced “or” at the end of the first sentence. I believe it should read “This standard applies to any UNM organizational entity (i.e. branch, division, college, school, department, business unit, or other UNM affiliated organization), hereinafter referred to as a “department”, that intends to acquire,
maintain, or support print services.”Under Responsibilities, does it make sense to list an office that has responsibility for negotiating printer lease agreements with vendors that adhere to the standard? We have been trying to move all printing to leased printers. Our preference would be to go with whatever vendor is providing maintenance at a level that matches the standard.
Will printer setup and security functions be handled by vendors under UNM printer lease agreements?
I am in favor of documented, well supported IT infrastructure, which this standard attempts to codify. Actual compliance with this standard will depend heavily on UNM / departmental ability to invest resources (staff, non-labor) to move from the current state where many areas cannot meet this standard to the desired future state. Given budget realities, I don’t know if that is realistic.
elishaParticipant2.1 – “Guest account access for contractors, guest lecturers and visiting scholars;” Do service accounts fall under this category? In an effort to provide more security and enforce end user acceptance of unm policy and privacy responsibilities, we have been migrating some services to the use of the NetID as a login credential. In this case, these are non-UNM entities… they are customers of a service that UNM is providing under contract for the state.
2.1.1
“Setup challenge-response security questions and answers” These end up being nonsensical questions for departmental accounts and difficult answers to remember for regular individuals. What’s my favorite food? That pretty much depends on what I’m hungry for. Could users make their own security questions?8 – What does pricing and billing mean as it relates to Identity Management?
-
AuthorPosts