On January 6, 2022, ITS will be able to turn off 16 servers, free up capacity on other infrastructure like UCS and Splunk, and save staff time simply by moving the campus to a cloud-based method of authenticating to use Microsoft 365.
Retiring ADFS
Since the University migrated seven years ago to the Microsoft 365 platform for email, Word documents and other tools, ITS has needed this on-campus infrastructure and these resources to enable campus users to prove who they are and that they have permission to access their Microsoft 365 account.
ITS’ on-premises infrastructure for supporting authentication into Microsoft 365, called Active Directory Federation Services (ADFS), can now be retired.
Collaborative effort
This past summer, multiple ITS teams, including the Cloud team, Identity Management, Systems Administration, the Information Security Office, and the Digital Accessibility Office, evaluated whether ITS could retire the ADFS infrastructure and instead safely and accessibly use Azure Active Directory authentication for Microsoft 365. That’s Microsoft’s own cloud-based system for authentication, and naturally, the vendor’s recommended configuration.
Many wins for University
Once the ADFS infrastructure is turned off, campus will authenticate directly to Azure through the Microsoft portal. The only thing campus community members will notice is that Microsoft’s portal page for logging in will look a little different than the ITS-hosted web page where they previously logged in, said Richard Hill, the project’s lead and IT Manager for ITS Systems Administration.
Sure, this is background infrastructure that most people don’t even realize is there. However, retiring this infrastructure is significant and it has many wins for the University, Hill said.
Letting go
Organizations roll out new technology all the time and that’s typically what users and, to some degree, organizations focus on. Once certain IT services and products are entrenched in operations, it’s often hard for users to let them go. Also, if those specific rooted services and products are still working OK, organizations don’t always have the impetus to overhaul.
Knowing when it’s time
With ADFS as just one example, ITS has been more closely examining the technology it is running, why the department launched the system in the first place, and if that system is still needed. If it is not needed, ITS is evaluating what the department needs to do to retire that technology, Hill said.
Will save resources
By retiring ADFS, ITS will save University resources, improve service, and move additional IT capabilities to the cloud — all goals within Carolina’s strategic plan. This will free time for one full-time equivalent employee to focus on other duties.
This cleanup also reduces ITS’ technical debt. “Technical debt” is incomplete configurations or deployments of technology that have been on the books, but due to lack of resources or time, have been lingering and if resolved will either improve service, save staff time, reduce cost, or enable the decommissioning of aged infrastructure or services.