Monthly Archives: November 2015

Identity and access management –a project from the US

michelle

 

Michelle Griffiths
ITS Project Manager
IT Services
University of Oxford
Member of UCISA-PCMG

Looking at TIER

This Educause session Trust and Identity in Education and Research: Identity for Everyone  was run by Ron Kraemer (Vice President and Chief Information and Digital Officer, University of Notre Dame), Kevin Morooney (Vice Provost for Information Technology-CIO, The Pennsylvania State University), Ann West (AVP, Trust and Identity, Internet2 ) and Steven Zoppi (Vice President, Internet2). Internet2’s  Trust and Identity in Education and Research (TIER) initiative  will provide a common framework for campus identity and access management (IAM) components.

An overview of the TIER project

  • TIER will provide a set of integrated components that address IAM as a whole.
  • 500 US HE institutions are involved.
  • Primary users: medical students, researchers, faculty staff and students.
  • TIER will address community requirements across components, and sustain components that were developed together.
  • During the next few years the project will focus on maturity and sustainability models for workforce and funding.

The TIER vision was outlined for the Educause audience:

  • “We believe identity will be a service.”
  • “We believe in a cloud service with campus localization.”
  • “We believe that if we don’t develop it, then we will have to accept that someone else has (social identities).”
  • “Effective collaboration with partners will be key (includes federated agencies).”
  • “We know we are at least three to five years from achieving this vision.”
  • “We will build frameworks and tools to make it simpler for ourselves.”

Components of TIER

  • Secure directories
  • Identity and metadata services
  • Single sign-on and identity components
  • Registry services
  • Workflow services
  • AuthN (who) & AuthZ (What)
  • Federated registry (Directory Search/lookup)
  • Persistence and reputation

The TIER project is moving from investor to sustainable models (financials and governance) via the TCIC – Tier Community Investor Council. Fifty campuses invested $75,000 each over three years ($4 million in total which includes funding provided by TIER themselves).  There is also programme support for community – Anne West (AUP trust and Identity), technology – Steve Zoppi (AUP services integration and architecture) and sustainability (community engagement and membership).

The first integrated release is scheduled for 2106.  There will be minimal installation/configuration of user interfaces, and the preliminary requirements will be set for scalable content.  The objective is point in time consistency.

Partners involved: Shibboleth, Grouper and COmanage 

The primary focus for the first release is: container/packaging, APIs, continuous update cycles every eight months, 250 user stories driving requirements, documentation and the Initial deployment.

Progress

  • MOU management community forum
  • Financial timetabling and reporting
  • Technical requirements revision
  • Working groups
  • First two corporate partners – Unicon (for Shibboleth and Grouper) and Spherical Cow Group (for COmanage)

The work is sponsored by the community, who are responsible for the for HE standards and by Internet2 who is responsible for industry approaches.

Approach

  • Several key working groups are formed or are forming including 3M (monitoring, measuring & managing)
  • Continuous meaningful feedback (how the community is utilising the components everywhere)
  • Community adoption – working group needed
  • Emerging community contributors

Building curiosity

michelle

 

Michelle Griffiths
ITS Project Manager
IT Services
University of Oxford
Member of UCISA-PCMG

 

If you build it: The power of design to change the world

Emily Pilliton began her keynote session by talking about her book, ‘Design Revolution: 100 Products That Empower’ which was published October 2009. She then moved onto to say that her presentation would be based around a couple of stories that she would like to share with us.

Emily runs a non-profit company named Project H Design, which practices design and architecture in a more meaningful way. Project H has been involved in various projects, including the re-design of playgrounds, computer labs, and a gym for a local football team. Emily started up the company after finishing her Master’s degree, because she felt that, during the course, she hadn’t learned enough about areas that provided any real value.

Emily then went onto talk about the people/experiences that influenced her through her life and career, including TV secret agent, MacGyver.

'MacGyver's Multitool', via Charles Williams, shared via Creative Commons licence

‘MacGyver’s Multitool’, via Charles Williams (https://www.flickr.com/photos/99652207@N00/366985080/), shared via Creative Commons licence

MacGyver focused on solving problems in unconventional ways, thinking ‘outside of the box’ and using whatever objects that he had to hand.

Other major influences in her life came from her grandmothers, who were both very strong-willed and passionate people. They were both librarians; one was a calligrapher, and the other was a cross-stich artist and part time musician.

The teachers at Emily’s school were also very supportive, and made her feel cool to be a nerd! Being a nerd is useful in architecture school, along with building knowledge in the following areas: maths, science, community, and social sciences. It is also useful for obtaining an understanding of and user knowledge about local areas, and the social landscape of the community that you will be developing or building in.

Experience is more important than content
Emily argued that experiences matter more than content; students remember experiences better if they have to work through a series of problem solving activities. She gave the following example:

First Project  (Farmers’ Market public space) – Project H were invited to go along to a high school in eastern North Carolina, to design a public space in the format of a farmers’ market for the town of Windsor. The town has an agricultural background, high obesity rates, poor public health record, and a stagnant economy. The students built the first set of models, which they took along to present to stakeholders. There were a number of constraints that the project had to work with, which included the following:

  • A $50,000 budget
  • A short time period (three months)
  • The local area being on a flood plain, so the building had to be above a certain height off the ground
  • They could only use construction students who were all under 18, apart from one student who became 18 during the project. Only people of 18 years and above were allowed to legally use power tools, so this one student became the go-to power tool guy!

The construction was made on the ground using manual tools such as mallets, and then the frame was raised up to position. The design of the farmer’s market building came entirely from the teenagers, who expressed the desire for it to be a “bold façade”. The next challenge was to find suppliers to sell their wares at the market. The students set out to find people to sell products such as kale.

The launch of the farmers’ market created four new businesses and fifteen new jobs. Emily mentioned that she asked one of the students involved in the project to provide feedback, and the following quote was given: “I want to come back someday with my kids, and tell them I built this”.

Seeking is more important than knowing
Emily suggested that asking questions, such as how and why, is more important than knowing the answers. Being in a constant state of enquiry is the best position.

Second Project  (Middle school library) – Emily went on to discuss her next project at the charter school in Berkley California, which was a useful exercise to demonstrate that Project H can work at both ends of the spectrum. The principal of the school wanted middle school kids (8th graders) to be involved in the project. The group of kids provided extra sets of challenges, including not being able to speak English, autism, and disciplinary problems.

The kids wanted to build a library for their school as a class gift, to give back to the school community. There had been a space earmarked for a library that was never built due to lack of funding. Emily decided as part of the initial planning process that the kids should visit a library; the feedback from the trip was that libraries are super boring! The following conclusions were reached:

  • The kids wanted the library to be a place of discovery and invention, not reference
  • The library would be designed to accommodate 108 8th graders

The group began to design a bookcase that could be put together in 108 different ways. The design that was chosen involved convex/concave shelves with a wavy design, which could be interlocked together in various ways to keep it as flexible as possible. The project felt unfinished and chaotic, but it was what the students wanted: “In Algebra, X is the unknown; the X-space is where we go to discover the things we don’t know”

Third Project (two individual homes built for the homeless) – Emily told us that Project H knew that, as a team, they could get this done no matter what happened. They did not have planning permission to begin with, and were in full view of the principal’s office, so they were expecting a visit to stop their work; fortunately, this didn’t happen.

When the big day arrived to raise the walls, Project H had up to 25 teenagers all working together, using geometry and trigonometry as core subjects that were applied to the project. Pallet wood was the material of choice to be used for the side walls, which posed problems as the wood was different colour, and often contained odd staples and nails hanging out of them. One of the students related to the pallet wood by saying “It’s all different, just like us, like a tapestry.”

Important design decisions were made as a group, such as, although this was a home for a homeless person, it would not contain running water, toilet or a kitchen. The group needed to address the issue that although it was public space, it also needed to provide a level of privacy.

The initial design the kids came up was that of a traditional house, and the two halves that were built, once placed together, resembled the original pencil drawing. A student that had worked on the project gave the following feedback: “I gave someone a place to live. Oh, and I got an A in this class, and I know how to build a house!”

Fourth Project (to create a space for young girls that celebrated curiosity) – This space was based around ideas to do with curiosity: “Curiosity breeds confidence.”

Project H wanted to create a space for young girls who were part of the Camp H after school summer programme for girls aged nine to twelve.

The first step for the girls to create was to build a bird house as a confidence builder, to get the girls used to working with the materials and some basic tools. The second step was to open up their curiosity, develop what you mean personally in order to express your identity as a person.

One of the favourite lessons was to learn arc welding, which really develops the girls’ confidence to move onto bigger welding projects.  The task set was to weld a symbol using four pieces of steel that represents both your first name and your last name. Emily talked through an example of a student with the first name “Ultraviolet” and a last name involving the word “Taylor” and a synonym for dark. The student created a symbol that featured a light and dark side, representing ultraviolet and darkness, which were stitched together to bring in the reference to “Taylor/tailor”.

Fifth Project (creating items to be used in a domestic abuse centre) – The project focused on creating a number of items that improved the experiences of the people living at the domestic abuse shelter. This included the following: coffee table, play house, shelving units, and a metre square garden.

Conclusion

  • “Curiosity takes you to a place where you can help others.”
  • “Curiosity is incremental, curiosity helps others.”
  • A student involved in the project was quoted as saying “I am a ten year old girl and I know how to weld: what can’t I do?”

Emily went onto to discuss the badge system that project H has created. This is similar to the badge system of the Boy Scouts, but the badges are a little different; they include as badges for welding, using power tools, carpentry, electronics and architecture.

She closed the session by advising the audience to think of themselves as learners, and to nurture their own creativity; that way you can nurture and mentor others.

Resource:
A recording of the presentation will be publicly available 90 days after the conference ends.

 

 

Educause – the final day

simon

 

Simon Geller
Senior Project Manager
University of Sheffield
Member of UCISA-PCMG

 

 

 

The final session I attended was on preparing your organisation for the Cloud. It was noted that most organisations were already in the Cloud to some extent. A question was raised – ‘what does an IT Director actually do?’ – something I’m sure we’ve all asked ourselves.

The last general session was an inspirational talk from Emily Pilloton of Project H Design, who has found some exciting new ways of teaching kids how to build things. It was a great way to remind ourselves of what the business we’re in is all about – sometimes, as we plough away in our chosen furrows, this can be forgotten.

All in all, a very interesting conference; thanks to UCISA for making it possible for me to attend.

Performance management and assessing capacity

Giuseppe Sollazzo

 

 

Giuseppe Sollazzo
Senior Systems Analyst
St George’s, University of London

 

 

 

 

 

Velocity day three – the final one – has been another mind-boggling combination of technical talks and masterful storytelling about performance improvement in a disparate set of systems. The general lesson of the day is: know your user, know your organization, know your workflows – only then will you be able to adequately plan your performance management and assess your capability.

This was the message from the opening keynote by Eleanor Saitta. She spoke about how to design for ‘security outcomes’, or, in other words, ‘security for humans’: there is no threat management system that works if isolated from an understanding of the human system where the threats emerge. We have some great examples of this in academia, and at St George’s one of the major challenges we face is securing systems and data in a context of academic sharing of knowledge. Being a medical school, the human aspect of security – and how this can affect performances – is something we have to face on a daily basis.

One of the best presentations, however, was by David Booker of IBM, who gave a live demo of the Watson system, an Artificial Intelligence framework which is able to understand informal (up to a point) questions and answer them in speaking. As per every live demo, this encountered some issues. Curiously, Watson wasn’t able to understand David’s pronunciation of the simple word “yes”. “She doesn’t get when I say ‘yes’ because I’m from Brooklyn,” David said, triggering laughter in the audience.

Continuous delivery
Courtney Nash of O’Reilly spoke at length about how we should be thinking when we build IT services, with a focus on the popular strategy of continuous delivery. Continuous delivery is the idea that a system should transition from development to production very often, and this idea is taking traction in both industry and academia. However, this requires trust: trusting your tools, your infrastructure, your code, and most importantly, the people who power the whole organization. Once again, then, we see the emergence of a human factor when planning for the delivery of IT services.

The importance of 2G
In another keynote with a lot of applicable ideas for academic websites, Bruce Lawson of Opera ASA has focused on the ‘next billion’ users from developing countries who are starting to use internet services. Access to digital is spreading, especially in developing areas of Asia, where four billion people live. India had 190 million internet users in 2014, and this is poised to grow to 400 million by 2018.

The best piece of information in this talk was the realisation that if you take the US, India and Nigeria, the top 10 visited websites are the same: Facebook, Gmail, Twitter, and so on. Conversely, the top 10 devices give a very different picture: iPhones dominate in the US, cheap Androids in India, and Nokia or other regional feature phones in Nigeria. This teaches us an important lesson: regardless of hardware, people worldwide want to consume the same goods and services. This should tell us to build our services in a 2G-compatible way if we want to reach the next billion users (91.7% people in the world live within reach of a 2G network). This is of great importance to academia in terms of international student recruitment.

Performance optimisation
The afternoon sessions were an intense whistle-stop tour of experiences of performance optimisation. Alex Schoof of Fugue, for example, gave an intensely technical session about secret management in large scale systems, something that definitely applies to our context: how do we distribute keys and passwords in a secure way that allows that secrets to be changed whenever required? With security issues going mainstream, like the infamous Heartbleed bug, this is something of increasing importance. Adam Onishi of London-based dxw, a darling of public sector website development, gave an interesting talk on how performance, accessibility and technological progress in web design are interlinked, something academic website managers have too often failed to consider with websites that are published and then forgotten for years.

As someone who has developed mobile applications, I really enjoyed AT&T’s Doug Sillars’ session about ‘bad implementation of good ideas’, showing that lack of attention to the system as a whole has often killed otherwise excellent apps, which are too focused on local aspects of design.

Velocity has been a great event. I was worried it would be too ‘corporate’ or sponsor-oriented, but it has been incredibly rich, with good practical ideas that I could apply to my work immediately. It has also offered some good reflection on ‘running your systems in house’: we often perceive this dualism between the Cloud and in-house services. This is a technology that can be run in-house with no need to outsource. As IT professionals we should appreciate it, and make the case for adopting technologies that improve performance and compliance in a financially sound way. This often requires abandoning outsourcing and investing on internal resources: a good capital investment that will allow continuous improvement of the infrastructure.

 

From IT Support to CIO

michelle

 

Michelle Griffiths
ITS Project Manager
IT Services
University of Oxford
Member of UCISA-PCMG

 

A journey of three women

This session  was a panel discussion session where each of the panel members gave their views to the audience in response to a number of questions. The session started with a poll to establish how many of the audience had career aspirations to become a Chief Information Officer (CIO).

The panel consisted of: Melody Childs (Associate Provost and CIO, University of Alabama in Huntsville), Cathy O’Bryan (Director, Client Support, Indiana University Bloomington), Wendy Woodward (Chief Information Officer, Wheaton College) and Sue B.Workman (Vice President for Information Technology Services, Case Western Reserve University).

Why in the world would anyone hire you as a CIO?

  • Those of you who are in support probably feel undervalued, although you are one of the main communication links that bring the institution closer to the staff, students, parents, etc.
  • You will probably have a holistic view of people’s needs and infrastructure, and where to go for resources.
  • Study the organisational chart so that you know all the sections and departments, and all your staff names.
  • Seize on trends before they actually become trends.
  • Ensure you gather and have to hand the best data and analytics available.
  • You will be seen as the front door to the centre of IT.
  • You will probably be one of the only non-technical staff members in IT.
  • You have to think on your feet during technical meetings; if you don’t know a technical phrase, just Google it.
  • The CIO is often there to bridge the gap between the CIP and the technical staff, although they don’t need to be technical themselves.

What skills have you developed that has helped you bridge that gap (from IT support to CIO)?

  • You really have to know the business of the University to be the CIO.
  • You need to fully understand changes and how to manage them, and how they will impact every part of the business.
  • You need to be able to build strong relationships, which you may need to call on in time.
  • The breadth and depth of knowledge you acquire in support puts you in a good position to become a CIO.
  • Many CIOs don’t have an IT background.
  • The CIO manages all interactions between IT and its internal and external support elements.

What are some examples of major initiatives that you have started as a CIO where you directly leveraged your experience in the support organisation?

  • Change management – you have to have the correct mind set to crack this area of expertise.
  • Understand and support what is being done at a technical level to ensure business continuity.
  • Supports skills between service providers either inside or outside of IT.
  • The building of relationships is difficult and sometimes requires difficult conversations to take place.

Tips on becoming a CIO

  • Undertake a listening tour when you first arrive, so that you can listen to people’s views on problems and improvements. Take time to have a coffee with staff members.
  • It’s very important to keep talking to people, and to take care of the little things.
  • Collaboratively building technology with your people in order to ensure that innovation and creativity are nurtured.
  • Don’t be the first person to talk in a meeting; listen and let other have their say.
  • If you want to become a CIO, employ a mentor and have regular meetings with them to track your progress and to offer support.

Developing metrics and measures for IT

Tim Banks
Faculty IT Manager
University of Leeds

This morning I attended a session run by Martin Klubeck from the Consortium for the Establishment of Information Technology Performance Standards (CEITPS)

This group is working to establish a common set of measures and metrics across education IT. CEITPS volunteers have spent some time over the EDUCAUSE 2015 conference writing the first 21 metrics, in between attending sessions.

CEITPS have a refreshingly common sense approach to develop standards as follows:

  • Get some interested and enthusiastic people in a room
  • Write some standards, plagiarising as much as possible from other sources
  • Review within the group and amend as necessary
  • Don’t worry if you don’t get everything perfect first time
  • Send out to the wider CEITPS group for comment, but give them a limited time to respond (e.g. seven days). If you give them six weeks, they will take that long.

What is the difference between a measure and a metric?

This was a question asked by a member of the audience. Martin answered in the form of a tree analogy:

  1. The leaves are like data – there are a lot of them and a lot can be thrown away. Data are typically just raw numbers.
    1. NB: Never give data to a manager! Business Intelligence (BI) tools are particularly bad because not only do they give data to managers but they also make it look pretty…
  2. The twigs can be thought of as measures (e.g. ‘50%’ or ’20 out of 30′) – has some context.
  3. The branches are like information,which have more context around them.
  4. The trunk of the tree is your metrics,which have sufficient contextual and trend-over-time information to make them suitable for presentation to senior managers.
  5. It is vital to find out the root (i.e. underlying) question that the person asking wants answering before you provide any metrics.

Martin gave us an example of one of the metrics that they have developed this week:

Description: Rework [re-opening] service desk incidents.
Definition: Each and every time any incident requires more effort after it was incorrectly or not fully resolved but was considered to be resolved.
Presentation: Usually presented as a percentage of total incidents re-worked [re-opened] in a given timeframe.
Note: Need to cover the use case where a member of IT staff opens a new incident is opened rather than reopening the old one.

Other examples of metrics which the group have developed this week are as follows:

  • Defects found during development
  • Defects found during testing
  • Top 10 categories for incidents over given time period
  • Mean time to resolve (MTTR)
  • MTTR minus customer wait time
  • Adoption Rate
  • Call Abandon rate
  • On-time delivery

In total they have developed 21 of a total of 42 IT service management metrics. 37 of these came from the ITIL framework and a further five were added by the group.

The USA Core Data Survey was mentioned several times by both Martin and those attending the session. The Educause Core Data Service carries out surveys of standard benchmark data across all US institutions, and there has been much discussion about making sure that the CEITPS metrics could be combined with the CDS information to provide an even richer information source.

The CEITPS has several member institutions from outside the USA, and they are keen to get some more involvement from UK Universities, especially those who are currently implementing the ITIL framework and/or developing service metrics and measures.

Additional resource:

The University of North Carolina Greensboro metrics page

PaaS, bots, alerts and using analytics to improve web performance

Giuseppe Sollazzo

 

 

 

Giuseppe Sollazzo
Senior Systems Analyst
St George’s, University of London

 

 

Storytelling at Velocity

The second day of O’Reilly Velocity conference was definitely about storytelling: keynotes and sessions were both descriptions of performance-enhancement projects or accounts of particular experiences in the realm of systems management, and in all honesty, many of these stories resonate with our daily experience running IT Services in an academic environment. I will give a general summary, but also mention the names of the speakers I’ve found most useful.

Evolution in the Internet of Things age
An attention-catching keynote by Scott Jenson, Google’s Physical Web project lead, the first session was centred on a curious observation: most attention about web performances has traditionally been focused on the “body”, the page itself, while the most interesting and performance-challenged part is actually the address bar.

Starting from this point, Scott has illustrated how the web is evolving and what its characteristics will be especially in the Internet of Things age. He advocated for this to be an “open” project, rather than Google’s.

Another excellent point he has made is that control should be given back to the users. This was illustrated by a comparison between a QR code and an iBeacon : the former requires the user to take action; the latter is proactive to a passive user. Although we like to think of proactive applications, it only takes us to walk into a room full of them to understand being in control can be a good thing.

PaaS for Government as a Platform
Most of the conference talks have centred on monitoring and analytics as a way to manage performances. Among the most interesting talks, Anna Shipman of the UK Government Digital Service (GDS) illustrated how they are choosing a Platform-as-a-Service supplier in order to implement their “Government-as-a-Platform” vision.

I’ve argued a lot in the past that UK Academia will need, sooner or later, to go through a “GDS moment” to get back to innovation in a way it can control – as opposed to outsource in bulk – and this talk was definitely a reminder of that.

Rise of the bot
As with yesterday’s Velocity sessions, some truly mind-boggling statistics have been released today. One example is that that many servers are overwhelmed by web crawlers or “bots” – the automated software agents that index websites for search engines. In his presentation From RUM to robot crawl experience!  Klaus Enzenhofer of Dynatrace told the audience that he spoke to several companies for which two thirds of all traffic they receive is Google Bots. “We need a data centre only for Google”, they say.

Analytics for web performance
There has been quite a lot of discussion around monitoring vs. analysis. In his presentation Analytics is the new monitoring: Anomaly detection applied to web performance Bart De Vylder of CoScale argued for the adoption of data science techniques in order to build automatic analysis procedures for smart, adaptive alerting of anomalies. This requires an understanding of the domain of the anomalies in order to plan how to evolve the monitoring, considering for example seasonal variations in web access.

Using alerts
On a similar note was the most oversubscribed talk of the day, a 40 minute session by Sarah Wells of the Financial Times which saw over 200 attendees (with many trying to get a glimpse from outside the doors). Sarah told the audience about how it is very easy to be overwhelmed by alerts: in the FT’s case, they perform 1.5M checks per day generating over 400 alerts per day. She gave an account of their experience trimming down these figures. Very interestingly, the FT has adopted the cloud as a technology, but they haven’t bought it from an external supplier: they’ve built it themselves, with great attention to performance, cost, and compliance, surely a strategy that I subscribe to.

Conference creation
I also attended an interesting non-technical session by another Financial Times employee, Mark Barnes, who explained how they conceived the idea of an internal tech conference and how they effectively run it.

Hailed an internal success and attended by their international crowd, the conference idea came from an office party and reportedly has helped improve internal communications at all levels. As a conference/unconference organiser myself (OpenDataCamp, UkHealthCamp, WhereCampEU, UKGovCamp, and more), having this insight from the Financial Times will be invaluable for future events.

I’m continuing to fill in this Google doc with technical information and links from the sessions I attend, so have a look if you’re interested.