Forum Replies Created
-
AuthorPosts
-
erooneyParticipant
With respect to the “UNM IT Administrative Technologies Advisory Board” charter, is it intended to read as “Customer Relationship Management (CRM) report development” or are CRM and report development 2 separate technologies that the board will provide guidance on?
erooneyParticipantUNM ERP Applications portfolio: does this include downstream systems and processes that rely on or use ERP data such as: AD auto-pop group creation, email account demise upon termination, etc.? Is there a list of what is in the ERP Application portfolio?
2.1.1.1: Access “must” be safeguarded and not “should”?
2.1.1.1: Is there an expectation that OLAs will be in place or created between departmental IT and UNM IT? What can we expect to support per application in the portfolio and at what point do we escalate to UNM IT?
3.2.2: Should bullet points 1 and 2 in 3.3 be a partner responsibility, too?
Thanks,
RooneyerooneyParticipantShould the Collaboration Tools Standard and Inquiry Tools and Analysis Standard be rolled up into a standard that encompasses the purchase of tools and products in general? Rather than write multiple standards for classes of tools, would it make sense to have this standard apply to software/service purchases in general and encourage departments/decision makers to take a look around and scan the environment before making purchases for tools that may already exist on campus.
To ease the search process, is there a catalog of software/tool purchases made on campus that includes the product, a description, cost, a point-of-contact at the department making the purchase, UNM IT security approvals, etc.?
Thanks,
RooneyerooneyParticipantPlease ignore. Just saw the feedback on App Dev come across — thank you.
erooneyParticipant– The statement that “[t]he standard addresses the following Enterprise and Supplemental Services named by the IT Strategic Advisory Committee” refers to those items in the KSA Final Report and Recommendations (http://president.unm.edu/campus-community-engagement/information-technology-strategic-advisory-committee/ksa-final-report-and-recommendations.pdf), correct?
erooneyParticipant2.1.1:
– Should the clause “Refrain from bypassing or circumventing security measures” use language from RFC 2119 (https://www.ietf.org/rfc/rfc2119.txt) that this is absolute?2.1.2:
– Should the clause “Refrain from using any non-UNM IT supported network equipment (switch, routers, hubs, wireless access points);” use language from RFC 2119 (https://www.ietf.org/rfc/rfc2119.txt) that this is absolute?2.2.2:
– How is 99.9% uptime calculated and what goes into the uptime calculation? The 2 day time frame to repair broken equipment could possibly trigger an SLA violation of 99.9% uptime depending on how uptime is calculated. Is there an uptime calculation per department, zone, something else?
– How are degradations in service handled in the uptime calculation? Is there a certain threshold at which the network is deemed to be “down” due to a degradation in service?3.2:
– “Include UNM IT in the planning and design phase of … new construction.” Should “Policy 5310: Information Technology for Facilities” be referenced here? https://policy.unm.edu/university-policies/5000/5310.htmlOther:
– Should there be a separate section in the SLA for departments that have access to Tier 2 support?- This reply was modified 8 years, 10 months ago by erooney. Reason: Included note about Tier 2 support
erooneyParticipant– Is this service for standing up a Microsoft SQL Server 20xx instance on a VM or is the service the provisioning of a database on in an existing SQL Server cluster/environment maintained by UNM IT?
– If this service is for using an existing SQL Server cluster/environment, should the SLA define how the database can be remotely accessed or managed?
– If this service is for the provisioning of a VM with a DBMS, will the user have remote access to the server?
– Can database backups be set for more granular levels of recovery should the application owners request it?
– It seems as if this SLA is blending SLAs for database hosting and the application that uses the database that UNM IT may not have any control over or may live on a different server? Is it assumed that the application and database live on the same VM?
– Should service catalog specify the versions of Oracle and SQL Server?
– Does there need to be a statement that this SLA excludes MySQL databases used by departmental web sites?
– Is there a time-to-restore that can be included in the SLA?
– The colocation SLA had a clause requiring users to disclose storage of certain types of data to UNM IT. Should that apply in this case? Should the Data Owner and/or Custodian also be notified if this hosted database will be used to store sensitive information?erooneyParticipant– Should title of SLA be “O365 Services” or similar? Email and calendaring does not fully encompass all of the services available in O365 unless there will be separate SLAs for IM and OneDrive for Business.
2.1.1.1:
– Is the baseline level of service departments are expected to provide the material provided in the FastInfo documentation?
– IT Agent participation is at Banner Level 3 org. A Level 3 org can have multiple representatives, but that requires approval by the CIO per http://cio.unm.edu/agents/role.html. Should language be adjusted to reflect end-users or departmental IT working with their Level 3 rep?
– Should there be different bullet points depending on the type of support relationship the department has with UNM IT? Some departments have Tier 2 support and some do not?
– Should self-service docs also be added as an end-user responsibility in 2.1.1.2?2.1.1.2:
– Seems like users checking email and frequency is out of scope for SLA and not something UNM IT (or any IT dept) should have to worry about. That is an HR and employee performance issue?
– Should this also be a requirement of departmental IT? Business-related communications and information should not be forwarded off site and we will not assist folks forwarding emails to non-UNM accounts?2.1.2:
– Are there specific timelines that can be included in the SLA for this separation process and when work-product/email disappears? Same timelines as those listed in NetID SLA?
– For bullet item 4, should that also include personal, non-UNM devices? Is setting up the Outlook client on my home PC or personal smartphone akin to forwarding sensitive emails to non-UNM accounts?
– Is it appropriate to provide a time line for provisioning of service when an employee starts?
– Are instant messages (IMs) treated the same as emails with respect to retention?Eugene
erooneyParticipant– How does this apply to “shared” facilities/spaces or the different tiers of data centers defined in the proposed Data Center and Server Room Standard? What tier, as defined in proposed the Data Center Standard, does this SLA apply? Is this intended to cover collocation in UNM IT’s Tier 4 facility only?
2.1.1:
– Is it possible to provide the Colocation Facility Access Agreement as an attachment?
– Bullet items 2 and 3 need some clarification. If a department has signed the Colocation Facility Access Agreement do they still need to submit a Help.UNM ticket for access > 24 hours in advance? In cases where a department needs emergency access <24 hours, what is that process?
– Is unescorted access available 24/7 or only during business hours?
– There is text about having to “refrain from bypassing firewall rules”. This passage sounds like a requirement and should use MUST, REQUIRED or SHALL to indicate that this is absolute as defined in RFC 2119.2.2.2:
– What specific things does this walkthrough observe? Are results of walkthrough documented and available to the customer for review?3.2:
– For sensitive data, should Data Custodian/Owner be made aware? Is UNM IT the data custodian in these colocation instances or is the department with the server?
– If a department has less than a full rack of equip, and is located with other colocated servers, do other departments have access to our equip in the same rack or is access locked down to the unit? Do you have racks that are specific to the kinds of data being stored on them in instances a department purchases existing rack space?
– Is department access to servers escorted and only during business hours or do dept staff have access 24/7 unescorted in cases of emergencies or unplanned outages where we have failures?
– Bullet 7 reads “Contact UNM IT Service Manager for additions or changes in established service levels;”. However, section 4.3 indicates that exception go through the CIO’s Office.
– Bullet 9: Are “special data types” those listed in the Data Classification Standard? If so, reword to specifically indicate that storing any E-Class or C-Class data requires department notify UNM IT and Data Owner or Steward?Eugene
erooneyParticipantIf Internet Explorer is not supported, specific versions of the browsers this does support need to be listed. Slippery slope excluding certain browsers.
When an Enterprise service is being developed or purchased, it should be usable in widely deployed and supported browsers.
2.1.1:
– What are the kinds of things departmental support can expect to be able to troubleshoot outside of the listed FAQ?
– Is it possible to list each department’s primary and secondary contacts on the department’s A-Z page so that requests to update the info can go directly to the responsible party? Should the department’s local IT support info be listed as a tertiary contact?3.1:
– Item on poor implementation and planning does not apply?
– Is there a specific format required for bulk updates that would make this more efficient for UNM IT and the department?2.2.2 and 9.1:
– If system performance and availability reporting are not available for this service then is it appropriate to list a specific uptime of 99.9%?Service-related questions:
If an employee separates or changes roles, is A-Z a directory that gets updated from Banner or is it a standalone system? If it is a standalone system, end-users need to be responsible for keeping this up to date. UNM HR separation checklist (http://hr.unm.edu/docs/employment/separation-checklist-for-staff-employees.docx) should be updated to reflect the supervisor having to submit directory listing changes that are not automated.Is this directory using a different data source than what is available on directory.unm.edu and what a user can change via Directory Self Service (DSS)? How does DSS and what appears in A-Z differ? Not required of the SLA, but I think helps to better define the service and where users can expect updates to appear (or not).
This service could be powerful if exposed in some fashion for folks to incorporate on other web sites. A single version of the directory that is accessible via web services that every department doesn’t have to duplicate in some fashion would make it an Enterprise service.
Eugene
erooneyParticipantAlong those same lines, are there any discussions about what the Enterprise service offerings should be rather than just wrapping an SLA around existing services that may or may not meet campus needs? There were a couple of responses that dismissed SLA feedback as “not an SLA question” (not in the Web Hosting SLA thread), but if there are gaps or fundamental problems with the service offering this is an opportune time to engage an already-engaged community.
erooneyParticipantThis draft of the SLA states that departmental/local IT will be the first line of support. Will there be any Operating Level Agreements (OLAs) between the centralized provider and local IT to support the customer? If a customer is going to rely on this agreement, then the central provider and the departmental IT group need to be in sync in terms of support. How will this agreement be structured for customers without departmental IT expertise for this service?
This also applies to other centrally provided services where the centralized provider’s SLA relies on departmental IT for any kind of triage or support. There needs to be an OLA in place defining how these groups work together in support of the SLA.
- This reply was modified 8 years, 10 months ago by tbui.
erooneyParticipant2.1:
HTTPS should be a standard by which ALL UNM content is served. The service should include HTTPS by default.2.1.1 bullet 2:
Ensuring that the hosted web sites are secure and updated is a shared responsibility with end users responsible for things like secure code and keeping WordPress installations up-to-date and web infrastructure security a responsibility of the hosting provider.2.2.2: The calculation for availability is vague. There should be specifics on the exact calculation used when determining availability.
Are network outages or degradation, as an example, part of the service and accounted for in the calculation? Are those outages part of the web service or excluded from the calculation.
Example:
YEARLY UPTIME CALCULATION = [(hours service up) / ((365.25*24) – (hours down for scheduled updates and maintenance[1]) – (hours down for emergency security updates[2]))] * 100[1] Schedule updates and maintenance are posted at least 7 days prior to the update or occur during UNM IT’s scheduled maintenance windows described here: http://it.unm.edu/availability/index.html
[2] Patches and updates that are flagged as “critical” or higher by the vendor may be installed outside of the scheduled maintenance windows.
3.2 bullet 8: This provision risks deleting code or work product that a department may have on cPanel servers if their backup was performed prior to the cPanel snapshot reversion. A customer could be performing backups at reasonable intervals and still be harmed by this provision of the SLA. Will UNM IT notify users when a snapshot reversion will take place allowing users to make backups?
3.3 bullet 5: A department could store or host sensitive info on a non-UNM IT hosted service through a UNM IT hosted web site that would violate the spirit of this item.
I think that we are missing a bigger opportunity here where we could leverage enterprise web infrastructure, services and data (including existing institutional data assets) to allow departments to more securely collect and store sensitive information that may exist elsewhere on campus (Banner, ODS, etc.). It seems like a UNM enterprise service web service should strive to provide this environment where the end-goal is less duplication, better security, and a better understanding by the enterprise about where we are housing and storing, potentially, sensitive data.
Thanks,
Eugene
-
AuthorPosts