ISC's Technology Services Strategy Review Board (TS SRB) was formed to re-evaluate ISC's technology strategy and to ensure that our strategy meets the evolving technology needs of the University. The SRB develops, documents, and coordinates standards and best practices to ensure effective and efficient activities in support of ISC and the University's mission.
Objectives
Upon the recommendation of the Senior IT Directors of ISC's Technology Services, the Executive Director chartered a team with the following objectives:
- Create an alliance of the departments and groups within Technology Services
- Solve challenging cross-organizational technology problems
- Collaboratively develop short-term and long-term technology solutions
- Provide a venue for integrated planning and implementing organizational initiatives in a timely way
- Cultivate and uphold ISC's Purpose and Values
Strategy Documents
The following strategy documents have been created to document the ratified standards and best practices. Expand a section below for additional information.
Communications & Collaboration Strategies
Key points:
- Commits ISC to provide and manage collaborative services deemed valuable to the Penn community
- Discourages excessive customization of Collaborative services while seeking provider’s recommendations and preferred practices
- Creates groundwork for standard collaborative solutions in the portfolio
- Defines ISC as an enabler for other (non-ISC managed), smaller bespoke services
- Commits ISC to continue to help the University adopt and use the growing Microsoft Office 365 portfolio
Key points:
- Formalizes the adoption of enterprise single sign-on and the continuous improvement of the service
- Outlines the benefits of integrating with the University enterprise SSO service
- Provides an ideal state for continuous improvement and business goals of the service
Key points:
- Examines current infrastructure, delivery, and redundancy challenges relating to the on-campus University and general consumer environment
- Proposes a timeline of 5-7 years to pivot from half-linear (coax) delivery and half-streaming (Internet) delivery to 100% streaming delivery
- Urges continued collaboration with primary University stakeholders on the future of included services
- Recommends investigating alternate delivery options for administrative outlet clients not currently supported by existing streaming options, by working with existing vendors and emerging technology
Key points:
- Describes the challenges facing the three voice services at Penn: PennNet Phone, Traditional Telephony, and Contact Center
- Declares a cloud-hosted Unified Communications as a Service solution as the preferred direction for voice services at Penn
- Outlines a plan for evaluating and selecting next generation voice services during fiscal year 2019
Operations Strategies
Key points:
- Designates that all client-managed hardware will reside at the Pennovation Center, unless a business case warrants an exception that is subject to approval by ISC senior management
- Ensures that an on, or near, campus secondary site will be made available for use as a redundant or failover location for (non-High Performance Compute) Pennovation Data Center installations
- Ensures that racks will be provided by Infrastructure Operations and all hardware residing in an ISC-managed location will be installed and/or decommissioned by ISC (with client assistance/oversight)
- Designates that High Performance Compute (HPC) will be housed at a third-party site
- Ensures that ISC will retain certification credentials based on systems housed within its managed facilities as appropriate
Key points:
- Unifies monitoring into a singular enterprise-class, vendor-supported tool complemented by a limited number of niche tools
- Adds complementary automation and management tools to support a cradle-to-grave service offering
- Implements a CMDB and exchanges data to and from the CMDB as the authoritative source of configuration data for enterprise devices, applications, and associated relationships
- Exploits opportunities for integrations or full-suite services to the broader University community on a for-fee basis with a core emphasis on notification and reporting
Key points:
- Commits ISC to a recovery of its critical infrastructure within 36 hours of a Disaster declaration
- Designates that physical desktops will no longer be secured under third-party Disaster Recovery contracts after calendar year 2018
- Redesigns Disaster Recovery to a tiered approach; the most critical infrastructure and applications will be recovered first
- Favors native cloud solutions as the primary recovery option
- Aligns Disaster Recovery parameters with industry best practices
- Pursues an integration of disaster recovery service cost directly into the managed services offering, rather than the current “opt in” model; retains “opt in” model for non-ISC managed installations
Platforms & Networking Strategies
Key points:
- Improves user experience by synchronizing usernames and passwords between PennKey, KITE Active Directory, and PennO365
- Consolidating duplicate technologies reduces complexity, allowing for valuable resource reallocation
- Integration with Azure Active Directory establishes the groundwork for current and future cloud services
- Increases security by automating the identity lifecycle
- Applies standardized security parameters with centralized auditing and monitoring
Key points:
- Defines a set of requirements that a third-party cloud provider must meet before being considered:
- Presence of cloud-based security and privacy that follows Information Security and industry guidelines
- Availability of cloud-based storage, data stores, and databases
- Availability of cloud-based backup, restore, and Disaster Recovery
- Presence of cloud-defined networking features (Software-Defined Data Centers, Virtual Private Networks, traffic encryption, conflict-free IP addressing, etc.)
- Offering of robust cloud-based Identity and Access Management
- Availability of cloud-based cloud monitoring, reporting, and billing
Key points:
- Defines approved versions of all vendor’s databases as “current” and “last to current” or N and N-1
- Defines refresh cycle of 24 months for current databases, and a 12-month refresh cycle for databases out of date
- Creates better data security posture by identifying and defining separate access roles inclusive of end-users
- Requires all databases to meet current Information Security policies and standards
- Requires that patches be applied monthly or quarterly; allows for critical security patches to be applied off-cycle; creates an exceptions process requiring approvals of a Technology Services Director and appropriate Director or Manager representing the client
Key points:
- Designates Pennovation as the primary data center and Huntsman Hall as the secondary
- Defines architectural approach for virtual platforms based on two equally-sized clusters placed in both the primary and secondary locations
- Limits physical server location to Pennovation center only
- Requires network connectivity between the two sites and cloud providers to be robust enough to allow for a movement of virtual servers in between them
- Requires exceptions to be approved by Technology Services leadership
Key points:
- Describes IP Address Management (IPAM) as the set of policies and tools used to plan, record, communicate, and distribute IP addresses
- Explains that ISC manages IP addresses to reduce the risk of interruption in service
- States that the current practice of recording IP addresses in use is a manual one
- Designates that future IPAM tools should support automation and be integrated with DNS and DHCP tools
Key points:
- Summarizes the importance of IPv6 in enterprise networks and strategies ISC could follow for IPv6 deployment
- Suggests to initiate a gap analysis process to identify the shortcomings of the current IPv6 deployment and NMS systems
- Outlines how deploying extended IP services like DHCPv6, DNSv6, IPAM, etc. will help IPv6 deployment
- Explains the need for developing an IPv6 security policy, training strategy, and exception strategy
- States that IPv4 address availability is almost nil and explains the urgency to deploy IPv6 to ensure continuous service availability
Key points:
- Focuses on new construction or substantial renovations
- Is based on a dataset ISC does not maintain for the University
- Defines three classifications that differ slightly but still result in high reliability; largest vulnerability and cause of outages in this model are local power and environmental issues
- Defines exceptions for small spaces or University officials
- Applies to campus locations; does not cover leased space or remote campus locations but the reliability and design features of defined models will be helpful for those spaces
Key points:
- Summarizes the importance of network segmentation in enterprise networks
- Provides path isolation to keep client traffic/data separate
- Enables ISC to offer different levels of network security controls and services to clients
- Defines strategies to follow to effectively implement network segmentation
Key points:
- Recommends moving from 5 copies of data down to 3 to reduce costs
- Allows multiple clients to independently and securely manage backups utilizing the same infrastructure
- Enhances cloud integrations to support AWS/Azure/Google workloads
- Enables policy-based SLAs to standardize Recovery Point Objectives/Recovery Time Objectives for systems
Key points:
- Aligns with best practices for all main campus WAN connections: Internet, Internet2, cloud, remote campus locations
- Allows for development of strategic partnerships with providers whose service areas match the University's future needs
- Defines fault-tolerant, robust Internet connectivity with room for continued growth in bandwidth
- Leverages Internet2 value-added services including high speed, low latency, and connectivity to cloud providers
- Allows for monitoring of the connectivity to cloud providers and evaluation of benefits of dedicated connectivity
- Created three SRB sub-teams, which:
- Recommend architecture for remote campus extensions
- Established best practices for Secure Remote Access services
- Developed adoption strategy for next-generation WAN technologies
Key points:
- Defines Storage Area Network architecture and topology:
- A and B redundant SAN fabrics extending to Pennovation, Levy, and SunGard
- Physical storage frames located in Pennovation, Levy, and SunGard
- Primary storage asynchronously replicated to SunGard
- Allows for Network Attached Storage support where necessary (i.e., Virtual Desktop Infrastructure)
- Defines cloud-based storage as preferred technology for:
- Amazon Storage Gateway for archival storage
- Secondary storage location for infrequently accessed data (i.e., Oracle backups, TSM, and NetApp alternate data stores)
Key points:
- Defines approved versions of operating systems as “current” and “last to current” or N and N-1
- Defines OS version refresh/upgrade cycle of 18 months, such that after release, new OS versions will be installed in production no later than 18 months from release date
- Requires both OS-based and hardware firewalls for two levels of traffic filtering
- Requires all OS patches to be installed based on a monthly or quarterly cycle depending on security criticality
- Defines exception process requiring approval by a Technology Services Director and appropriate client Director or Manager; allows exceptions to be granted only for one additional patch cycle
Key points:
- Commits that ISC will stay on top of the ever-changing technology landscape
- Ensures that ISC maintains close relationships with customers to ensure proper feedback
- Commits to develop and improve services in a flexible and easy-to-manage manner
- Seeks to develop standardized designs for campus deployments
- Investigates new ways to fund wireless to improve the service