IFAS Computer Coordinators

Recommendations for IT Services

 

Summary of Recommendations

1. Problem: Much of the available information about the services that IFAS IT provides is disorganized and out of date. This frustrates end-users and leads to inefficiencies in the delivery and maintenance of these services.
   
   Recommendation: Current documentation should be reviewed, updated and improved according to criteria specified in the Service Documentation Requirements section below. The IT website should be reorganized with a focus on end-user requirements. It should provide clear and complete documentation of the services offered and should be kept current. The existence of this documentation should be well advertised via e-mail to all users of these services. Likewise, future additions and modifications should be advertised as they are made. Further, all future services should be developed with such documentation needs in mind.
   
   
2. Problem: Current core IT services, including the IFAS computer network (IFASDOM), and its e-mail, web and file-sharing resources are based on old technology that Microsoft is retiring in stages. Because of this, moving to newer technologies is not optional, but rather a question of how and when. IFAS IT is not currently positioned to address this, as detailed in the Current Technology Situation section below.
   
   Recommendation: IFAS IT must persistently develop and maintain expertise in new technologies if it is to continue to provide and improve necessary centralized IT services. Considerable resources must be allocated to this issue, separate from those involved in providing and maintaining current services.
   
   
3. Problem: There is a difficult question as to how IFAS should proceed with the development of directory services as detailed below in the Directory Services section. Directory services store information about an organization and its internal relationships. Such services can then be used to control various aspects of the collaborative sharing of information resources.
   
   Microsoft’s new technologies are increasingly based on their own directory services that they call Active Directory. In fact, the newest version of Microsoft Exchange Server (an older version of which IFAS currently uses to provide e-mail services) requires it. Since Active Directory is not designed so that it can be readily merged with centralized services after-the-fact, IFAS has been waiting for a UF-level Active Directory initiative that it could join. That would allow the broadest possible information collaboration, and avoid unnecessary service duplication.
   
   UF is currently developing its own directory services to support UF-wide collaborative sharing. While it is assumed that some method for communication between UF’s upcoming directory services and Active Directory eventually will be developed and supported, there is no indication that this is coming in the foreseeable future.
   
   Individual units within IFAS have been waiting on IFAS in the same manner that IFAS has been waiting on UF. Since the newer Microsoft technologies offer improved services that IFAS is not yet providing, units that can muster the resources are beginning to develop such services individually.
   
   Recommendation: Clearly, IFAS must plan to interact with UF-level IT services as they are developed. Such interaction is needed to facilitate the broadest possible resource sharing and to avoid unnecessary service duplication.
   
   In the meantime, however, IFAS has its own needs for centralized IT services. Having standardized our services on Microsoft products that are now considerably out-of-date, it seems necessary to move sooner rather than later to Microsoft’s newer technology solutions.
   
   Towards this end, the ICC is beginning to work with IT to develop a plan for the implementation of Active Directory within IFAS. This plan will include technical details, a cost-benefit analysis, proposed budget, and implementation schedule.

Service Documentation Requirements

The relatively simple task of better documenting IT services could greatly improve these services. Improved documentation could pay great dividends for both service users and providers alike.

Documentation for Service Users:

If proper documentation is not provided to the users of services, many things become more difficult than necessary.

 

• First of all, it is difficult for those needing services to learn about and take advantage of available services if they are not well advertised.
• Carefully documenting the goals and purposes of available services sets user expectations and at the same time provides a structure within which service providers can meet those expectations.
• Once users clearly understand the services that are available, they need to know how these services can be obtained or implemented. Without clear instructions, the valuable time of both clients and providers cannot be used efficiently.
• Services undergo changes. Service transitions, updates or additions can be expected to occur; problems arise for which the users should be notified.  If procedures for notification of changes, updates, alerts or transitions are not clearly specified, then changes can cause unnecessary confusion. Both the client and the provider should have it clearly specified how to proceed when changes or problems occur.

 

Fortunately, current e-mail and the web services provide ready means for rapid maintenance and dissemination of such information. The challenge is to review, update and improve the documentation of current services from an end-user perspective. Among the details that should be considered and included are:

 

• the purpose of each service, and the advantages each provides for users in comparison to alternatives;
• the goals of each service--including issues of coverage (who may use it), scope (what limitations apply), and planned availability (e.g., service hours and regularly scheduled maintenance periods);
• clear instructions on how services can be obtained or implemented, including a description of who to contact for questions that go beyond what is anticipated;
• end-user troubleshooting instructions and FAQs for each service--including support contacts and methods for problem resolution.

 

A mechanism for feedback on the usability of this documentation should be worked into the system so that the documentation can be continually improved to better meet the needs of the users. The IT website should provide a form that can be used to solicit comments and suggestions at various locations within the site. Additionally, Helpdesk and other support personnel should continually evaluate how current documentation is meeting end-user needs and solicit/implement improvements whenever possible.

Documentation for Service Providers

 

Detailed service documentation can also greatly assist the IT staff in better implementing, deploying and maintaining services. A review of end-user documentation would provide a good time to reconsider many aspects of the internal documentation as well. Some issues that might be considered are:

 

• a detailing of the hardware, software and personnel resources available to the support of each service;
• operational procedures for each service, such as the maintenance of service logs recording what changes are made, how they were made, when and by whom;
• notification procedures for each service to be followed when changes affecting end-users are desirable or unavoidable--including the specifics of coordination with available unit support personnel;
• protocol for the coordination of technical service issues with the IFAS Helpdesk and unit support personnel;
• details of service security implementation, monitoring and response.

 

Getting these and other issues documented in an organized, written fashion, and making this documentation readily available to all staff, could be expected to provide a positive influence on services overall.

Current Technology Situation

A relatively small portion of the IFAS IT staff provides the centralized services that include the IFAS computer network (IFASDOM), and its core e-mail, web and file-sharing resources. These services provide the basic necessities for information sharing that are critical to the mission of IFAS. Current services are based on old technology (NT) that Microsoft is retiring in stages. Because of this, moving to newer technologies (Windows 2000 and .NET Server) is not optional, but rather a question of how and when.

 

Those within IFAS IT who are responsible for these services have not had the resources necessary to develop, evaluate and deploy the newer technologies. Rather, their efforts have been consumed in maintaining the current system. As a result, IFAS has fallen critically behind.

 

Because the newer technologies offer improved services, units that can muster the resources are beginning to develop such services individually and most units are simply doing without. These newer technologies are not structured such that they can be readily merged with centralized services after-the-fact. This has critical implications not only within IFAS, but also at the UF-wide level. The cost to IFAS of delaying this development could far exceed the cost of the resources needed for its success.

 

Directory Services

Virtually all basic needs for IT services entail some aspect of resource sharing and the offsetting need to secure those shared resources from unauthorized access. We need to publish materials on the web, but we want to control who can edit such materials and, in some cases, who can view them. We want to be able to easily pass files to our colleagues and clients, but we certainly want those files to be safe from unauthorized editing or deletion. We want to have easy access to official organizational information that can be easily updated by authorized persons, but is safe from tampering by others. Sharing resources broadly but securely is the great challenge faced by IT and directory services are key to providing and controlling many of these resource sharing and security issues.

 

Directory services involve the creation of a centralized database that stores information about an organization and its internal relationships. That database can then be used by various other services. It can be used to provide mailing lists to a e-mail program. It can be used to set access controls on file and web services. It can be used to control access to database information. It can be used to control who can logon and where. It can be used for a myriad of purposes--all related to resource sharing and security.
 

IFAS has standardized on Microsoft software, and has developed expertise in the deployment and use of its products. IFAS is currently providing domain, e-mail, web and file services via Microsoft NT technology. While this has met basic needs to this point, NT does not include a general directory service. Also, NT is old technology that is being slowly phased out by Microsoft. IFAS cannot continue to rely on this technology much longer.

 

Windows 2000, Microsoft’s follow-up to NT has been available for more than two years and it provides a directory service called Active Directory. While there are numerous advantages of moving to Windows 2000 outside of this directory issue, Active Directory is increasingly a component of Microsoft solutions. For example, Active Directory is already a necessary component of the latest version of Exchange Server, and continuing with a Microsoft e-mail solution will necessitate moving to Active Directory.

If Active Directory is implemented, it should be implemented at the highest possible level. This is important not only so that it can support the broadest possible sharing of resources, but also because Active Directory is not designed to be readily merged with centralized services after-the-fact. IFAS is well aware of the need to collaborate at the UF-level and the desirability of avoiding unnecessary service duplication. Because of these issues, IFAS IT has been waiting for a UF-level Active Directory initiative that it could join.

 
UF is currently developing its own directory services to support UF-wide collaborative sharing. This directory is to be based on open standards with the intention that it can be readily interoperable with other systems that may be desirable or needed at the unit level. While it is assumed that some method for communication between UF’s upcoming directory services and Active Directory eventually will be developed and supported, there is no indication that this is coming in the foreseeable future.

Individual units within IFAS have been waiting for IFAS in the same manner that IFAS has been waiting for UF. Since the newer Microsoft technologies offer improved services that IFAS is not yet providing, units that can muster the resources are beginning to develop such services individually. For these units to later merge with an IFAS Active Directory structure, they will basically have to tear down their server structure and rebuild from scratch. This is obviously not desirable.

It appears that the time has come for IFAS to move on this issue. It makes no sense to wait on UF indefinitely and the cohesiveness of an IFAS-wide directory is already being threatened by units moving ahead on their own. In any case, IFAS has its own needs for centralized IT services that have to be addressed, in particular the reliance on outdated technology. Moving to the next level of Microsoft technology is the logical direction and should be investigated immediately.

 

This proposed move is not trivial and will take a great deal of planning and resources if it is to meet the expected needs of IFAS. Toward this end, the ICC is beginning to work with IT to develop a plan for the implementation of Active Directory within IFAS. This plan will include technical details, a cost-benefit analysis, proposed budget, and implementation schedule.