Migrating the University to Microsoft Office 365 consumed significant ITS Infrastructure & Operations resources during the 2016-2017 fiscal year. While that was a massive undertaking, Infrastructure & Operations also accomplished many other projects and initiatives that improved service, performance and access for the campus community. Among those efforts, Infrastructure & Operations launched Carolina CloudApps v3, rolled out 2-Step authentication for W-2s, expanded virtualization and assisted the Information Security Office with phishing and compromised accounts.
Please keep reading for more Infrastructure & Operations highlights from the past fiscal year.
Migration to Office 365
Between March and July 2017, ITS migrated 28,600 faculty and staff mailboxes to Microsoft Office 365, providing them with a full range of email, calendaring, storage and collaboration tools in the cloud. Office 365 provided improved services and features, including more email and personal storage, the ability to easily share resources, stronger physical and digital information security and 24/7/365 access from anywhere. The effort was led by Infrastructure & Operations in partnership with User Support & Engagement and collaborators across campus.
Carolina CloudApps v3 and Sensitive Data
In January 2017, ITS Middleware Services launched Carolina CloudApps v3, a new CloudApps environment that is approved to process and store sensitive data for all data types other than payment card information. The application’s ability of process and store sensitive information enabled many more campus users to use the service. The Middleware team migrated users between February and July.
Directory Sharing between UNC-Chapel Hill and UNC Health Care completed
ITS launched Directory sharing between UNC-Chapel Hill and UNC Health Care in December 2016. The project created 25,307 UNC-Chapel Hill contact records in UNC Health Care’s Microsoft Global Address Book and 7,524 UNC Health Care contact records in UNC-Chapel Hill’s Microsoft Global Address Book.
Completed Exchange Online Protection project
In October 2016, ITS completed re-routing of incoming and outgoing mail from Cisco IronPort servers to Microsoft Exchange Online Protection (EOP). The tool, which became available to the University as part of the campus Microsoft Office 365 agreement, provides email routing in addition to improved email filtering for spam, malware and spoofing over Cisco IronPort. The new tool also required fewer resources and cost to maintain service.
Rolled out 2-Step authentication for W-2s
On October 5, 2016, ITS implemented 2-Step Verification, a process designed to secure and safeguard personal information and vital University data and credentials. At a time when phishing scams are becoming ever more frequent on campus, this enhancement is part of ITS’ ongoing work to ensure that personal and University information remains secured and protected.
Disabled Advanced Threat Protection
Based on performance and cost, ITS discontinued its license for Microsoft’s Advance Threat Protection (ATP). ATP is the application that scans email attachments and reroutes all of the links in campus mail messages to see if they might be malicious.
Continued virtualization expansion
ITS continues its virtualization expansion. At the end of the 2016-2017 fiscal year, ITS was 85 percent virtualized and its virtual machine (VM) guest count was 1,580. Between 2014 and June 2017, the environment grew about 14.5 percent per year from a combination of new work and the continuation of moving off of physical servers.
The average size is 12 GB of RAM, 2.6 processors and 150 GB storage. In comparison, the average size in 2015 was 10 GB RAM, 2 CPU and 100 GB of storage. Some of ITS’ biggest servers have 128 GB of RAM 14 vCPU and over 2 TB of storage.
“The story is not glamorous,” said Matt Conley, ITS Manager of Storage, Server and Application Virtualization. “Just a lot of day-to-day hard work. It is all part of the virtualization-first strategy.”
Conley added: “Building out our own private cloud has reduced cost and streamlined our processes (automation). We can deliver work to customers faster and continue to retire physical servers in favor of virtual servers. We also have a better reach. We are able to virtualize servers that in the past would have had requirements that we could not meet.”
Cloud providers continue to mature and cloud complexity continues to decrease.
“If public cloud costs start to come down, ITS wants to be ready,” Conley said. “There are networking and security issues to be addressed. We continue to evaluate public cloud prospects and look for savings or efficiencies in process. We regularly refine and standardize our processes so we could take advantage of cloud providers sometime in the future.”
Continued expansion of enterprise monitoring
In the 2016-2017 fiscal year, ITS Enterprise Operations doubled the number of web services for which it provides monitoring to customers at no cost through Zabbix, its unified system for monitoring servers in the data center.
ITS launching Zabbix in the 2015-2016 fiscal year as a way to provide a unified, big-picture view of what is happening in customers’ infrastructure. Having one tool to monitor all the servers in the data center provides a much more comprehensive look for troubleshooting problems and reaching resolution.
By the end of the 2016-2017 fiscal year, ITS was using Zabbix to constantly monitor 120 web transacting services, including Sakai, PeopleSoft and the University’s time-information management (TIM) system. Customers that have ITS host their servers in ITS infrastructure receive this monitoring. A few examples include the School of Public Health, the North Carolina Translational and Clinical Sciences Institute (NC TraCS) and Frank Porter Graham Child Development Institute.
Provided Carolina CloudApps training to campus
For the campus community, the ITS Middleware Services team provided multiple training opportunities on Carolina CloudApps, including at Carolina Technology Consultants’ 2016 retreat and their 2017 BarCamp, UNC Webmasters, and in several joint training sessions with the UNC Library Research Hub. The team continues smaller outreach sessions with users and departments to ensure successful usage of the platform.
Computer Science (COMP 523) adopts Carolina CloudApps
The Computer Science department, in conjunction with ITS Middleware, decided that it would host a majority of its Spring 2017 software engineering lab projects on the Carolina CloudApps platform. Professors Diane Pozefsky and David Stotts assigned students to customers who needed custom development work. These students learned how to utilize the platform, developed their code, and deployed these applications to the CloudApps platform to present to their customers. Both professors plan to continue using the platform in Fall 2017 and Spring 2018.
ITS Identity Management upgraded Grouper version
In January 2017, ITS Identity Management upgraded to the most recent Grouper version. This upgrade came as campus demand for Grouper is increasing. ITS Identity Management gets more requests for Grouper groups from new departments and applications on a weekly basis.
The new version is significantly better. It has a much-improved user interface, which was one of the biggest pain points of Grouper previously. Also, the new version has greatly reduced the amount of custom code needed to add on to the Grouper code base to interact with the campus Lightweight Directory Access Protocol (LDAP) and Active Directory (AD). The newest version is able to do this because it has configurable data syncers that did not exist in previous versions.
In addition, the new version has web services that can be used by external applications to directly add groups and group memberships to the Grouper database without having to go through the user interface (UI).
Middleware expands Splunk community
The ITS Middleware Services team undertook many initiatives to expand the Splunk community. The Middleware staff members brought to campus technical experts from Splunk, the company, to provide training sessions on the machine-data analysis platform. For an ITS internal Freaky Friday presentation, the team members and their campus customers shared how they are using Splunk’s extensive capabilities.
In additional efforts to create an open community in which new and veteran users can share information, the Middleware group registered participants for a Splunk opt-in mailing service, launched a quarterly meetup and established a digital collaboration space.
Changed organizational structure and names
In September 2016, Infrastructure & Operations made some organizational and name changes to reflect an intent to orient its structure more in a cloud direction as the division refines its cloud strategy. Some of the changes were also in concert with consultants’ recommendations.
Brent Caison became I&O’s Cloud Architect and took the lead in developing the division’s long-term cloud strategy.
ITS Systems was renamed to ITS Global Systems, implying that its systems operations could be local or globally in the cloud. Subgroups under ITS Global Systems assumed similar Global Systems titles: ITS Global Systems Unix, ITS Global Systems Infrastructure and ITS Global Systems Support.
In still other changes, Campus IT Infrastructure Services was renamed to ITS Global Systems and support for ImageNow moved to the PS Admin team.
The ITS Control Center changed its name to the ITS Operations Center. ITS rebranded the group to more closely align with the operational needs of ITS and the University. The ITS Operations Center is the monitoring center for IT Automation, Networking and Security. It is also the communications hub for ITS service incidents, service outages and participates in Alert Carolina communications.
Assisted the Information Security Office with phishing and compromised accounts
During the fiscal year, the Enterprise Operations group within ITS Infrastructure & Operations assisted the Information Security Office with programming to pull out the duplicate phishing tickets that were submitted from the campus community. Automating the process reduced the number of staff hours that had been spent manually de-duplicating the tickets. Enterprise Operations also built a process to deactivate compromised accounts so bad actors could not cause further damage. With the campus’ recent move into the cloud with Office 365, this automated process did not already exist.