October through December 2009
Mobility
The development of an MIT iPhone app by Feb 1, 2010 for deployment
by Mar 1, 2010 has become ISDA number one project (as for IS&T).
This work is being done in partnership with the MIT news office.
Andrew Yu is leading the project along with significant development
from CCS in the person of Justin Anderson along with 3 contracts.
Also heavily involved in this project are AMIT for deployment, Dave
Tanner for backend structure, fixes to ldap code and significant
cleanup. Amon Horne also involved with Dave Tanner (but a little
less so because he has some high priority work of his own). While
the iPhone app is developed, additional changes to the MIT Mobile
Web infrastructure are needed to support the iPhone app.
Additionally, we are moving to new VM services and names.
We have initiated iMobileU bi-weekly conference calls to help
coordinate what others are doing in the mobile space and to
see if opportunities exist to leverage the work of the various
institutions involved. It will take some time to get this
community going.
=================
Athena
We are stepping up our planning efforts for Athena by requiring
greater details and time estimates for work requested. We are
not reducing our commitment but we are requiring greater detail
and planning to better allocate time to non-Athena work. We are
no longer operating under X% time allocated. This applies to
rbasch and amb. Both amb and rbasch completed commitments made
in november for Athena OS update in late Jan 2010.
=================
AMIT
This quarter we implemented a VMware 3-server infrastructure within
the OIS' larger VMware Datacenter Infrastructure. We have migrated
many of our dev and test systems along with prototype systems from
from our ESX servers in colo. We will continue to migrate remaining
servers for dev/test and proto to reduce our infrastructure costs as
much as possible. Toward the end of the quarter OIS discussed with
DSPS concerns they have around our moving too many systems from OIS
managed VMs to our 3 servers. We will continue these discussions and
address concerns going forward where possible and appropriate.
We developed plans for reducing infrastructure needs for systems
such as stellar related to the use of fomalhaut and enif to not
only provide a better DB failure response environment but also to
simplify and reduce costs. We press forward investigating other
opportunities such as appropriate use of MySQL along with proper
placement of DB resources.
AMIT working with Dave Tanner completed the shift to the new
Developer Tools infrastructure. All of IS&T, and others, have
been shifted.
Plans for migrating the web services (geocodes, moira, uaws,
roles, etc) are near completion and execution of the plans
should occur before Feb 15, 2010. This also involves coordination
with dtanner.
AMIT has also transitioned most services utilizing shibboleth to
shib SP version 2.x in preparation for the core IdP becoming 2.x
and also transitioning to ensure 2.x is part of any new deployments.
VM services and OS/App configuration were done for Blackboard
project and ongoing support for DOS, Stellar and others. We
also transitioned Stellar down to one VM web server from 2
expensive Solaris web servers.
We continue to work closely with OIS while discovering issues
with how outages and changes are handled. We continue to prove
ourselves as careful negotiators while pushing to "do the right
thing". We remain transparent reporting outages and problems
to senior staff.
==================
SWRT
Two major release projects involved this quarter - Windows and Mac
OS 10.6. 10.6 was completed but full support not announced due
to issues with SAP and TSM. Similar issues with Windows. Both
Windows 7 and 10.6 were released on time or within a short period
of consumer release. There were some difficulties realized with
how OIS deploys and what CSS considers supported but these issues
have led to the increased pain around the release process for all
and the coming to agreement by ISDA, CSS and OIS it is time to
rethink release. We also pressed on a different process for TSM
release for both platforms along with finding an owner for Oracle
Client which has not been updated since 2004. Blake Skinner started
work and has made significant progress developing installation
process candidates for deployment by product owners instead of
centrally by SWRT. This along with developing understanding and various
strategies using VMware we are moving SWRT to have a bit more flexibility
and options on how we deploy software. We are looking at how to make
better use of VMware to distribute pre-installed/configured systems
for student use (in coordination with CSS) and even for administrative
usage. We have also begun investigations into windows domain software
update issues as input to the process of looking at release changes.
==================
Identity Services
The perMIT project timeline was altered in response to the announced
retirement of Jim Repa. Given this significant event, the project
continues on track. Vijay Konda has completed the porting of all feeds
while addressing numerous issues around code and modernization.
We also applied changes to the RolesUI and fixed various problems.
Next quarter should see the initial implementation of perMIT as a
shadow of Roles.
Touchstone work on upgrading the core IdP to 2.x continues. 2.x IdP
lays the groundwork for additional changes supporting things like
providing information about authentication mechanism used to the app
so apps like SAP could consider using Touchstone by requiring use of
Certificates. This work also means changes to metadata and distribution
along with community announcements regarding these changes and support
consideration leading up to the demise of Shib 1.x in June of 2010.
rbasch, in addition to his work on Athena, is primary for effecting these
changes to the IdPs. The IdP changes also bring us forward at the OS
layer increasing security and maintainability of the overall environment.
Both rbasch and pbh continue to provide consulting support to libraries
and other various units in the deployment of touchstone around MIT.
We also continue investigating various data ETL tools to assist with
data feeds into perMIT along with how these tools may assist in the future
management of data related to Identity Services. This may help with the
elimination of custom scripts for various data loads and exports in the
future.
We remain involved in various identity efforts such as MACE, MACE-paccman,
InCommon Library Services and lead efforts such as IdM Steering Committee
to help keep the identity train rolling here at MIT.
We were instructed to find opportunities where we could speed up the work
to be completed by hiring contractors and began work to determine who we
could get and how this would affect project timelines and budgets and we
were then told to stop doing so.
pbh conducted a bit of legwork to understand our ID landscape in support
of changes going on for libraries to transition to Touchstone. He investigated
how special accounts are handled along with Affiliates and provided
recommendations to IdM Steering on how to address some long-standing concerns.
A regular inspection of this data and process is necessary to ensure identity
is working as expected and we continue to have appropriate policy and
process or to address the gaps in policy and process with how we conduct
our identity business. For future consideration this investigation resulted
in about 2 weeks (10 business work days) of pbh time (someone with quite
a bit of familiarity to the MIT environment and access to data and deep
understanding of identity issues).
Touchstone Metrics
(NOTE: these metrics are somewhat skewed due to various application
loops between SP and IdP during this quarter)
Core IdP Application Access involving AuthN: 838,012
Core IdP Application Access Single sign-on: 1,280,025
Total App Access requests for Core IdPs: 2,118,037 (2010Q1 was 1,024,487)
Logins by Method:
username/password: 184460
MIT Certificates: 646965
Kerberos: 2403
By Applications: Stellar=1039378, Libproxy=105868, Wikis=63981, Library=35555, Illiad=10712,
IS&T Web Site=8036
CAMS IdP Application Access involving AuthN: 16,198
CAMS IdP Application Access Single sign-on: 21,414
Total App Access requests for Core IdPs: 37,612 (2010Q1 was 96,517)
By Applications: Stellar=17090, Wikis=1841, library=1037, semxxi=404, libproxy=384
Total CAMS accounts is about 6413. (2010Q1 = 5500)
July through September 2009
...