In this third post within our Getting to Know series about ITS Middleware Services, learn about important changes to Middleware’s Carolina CloudApps platform.
The series launched with Middleware Services Manager Patrick Casey, in a Q&A, explaining what Middleware is, why the team has been growing and what the group is working on. A second post provides a table of Middleware’s key services.
The ITS Middleware Services team is rolling out a new, better and more secure version of Carolina CloudApps. The new version is approved to process and store sensitive data for all types of data other than payment card information.
Launched in October 2014, the CloudApps platform enables campus faculty, staff and students to request computing environments via a self-service portal, at no cost. It is built using Red Hat’s OpenShift Container Platform solution and provides a secure, multi-tenant environment for application development and content hosting. ITS centrally manages the server hardware, operating system infrastructure and programming language software, which enables developers to focus on delivering the application code, functionality and content needed to meet their business needs.
The legacy version of CloudApps has more than 600 users. In the initial two weeks, more than 100 users registered for the new CloudApps environment. In total, between the environments, Middleware is supporting just over 700 applications on the platform.
Migrations should finish by July
The Middleware team has created a unique “developer liaison” role, staffed by engineers on the Middleware team who support the CloudApps platform and will assist end users with their migrations to the new v3 platform. Developer liaisons regularly meet with CloudApps users to ensure they are getting the help they need to be successful in using the platform.
Migrations began February 16 and should be completed by July, said Patrick Casey, Middleware Services Manager. “We will contact all CloudApps v2 users to discuss scheduling these application migrations,” he said.
The platform’s rating to process and store sensitive data–that’s for all data types other than payment card information–is “big news,” said Boris Kurktchiev, Senior Solutions Engineer and a member of the CloudApps team.
Use of the platform plateaued throughout 2016 as many campus users have applications that contain sensitive information of some form (FERPA, HIPAA, PII, PHI, etc.) and were unable to use the service without the sensitive data approval.
“We would like to thank our end users and the Information Security Office for their work in getting the platform rated for sensitive information,” Casey said. “It’s been a long journey, but one that we believe will be worth the wait.”
“We also would like to thank the CloudApps community for their continued support,” he added. “Special thanks to our users who took part in the beta testing of this next iteration of the Carolina CloudApps environment, which assisted in validating the new platform and enhancing our documentation set.”
How to request sensitive data storage
Users can check out the help document that will guide them through the process for requesting approval for using their CloudApps container for storing sensitive information. In short, users from the requesting department will receive an email to complete a sensitive data questionnaire, which will then be routed to the Information Security Office (ISO). The ISO will interact with representatives from the requesting department to validate the information, clarify any additional risks or controls needed beyond those provided by the platform, and work with appropriate leadership to obtain approval. Lastly, once the request is approved, the CloudApps team will provision the request.