Project Portfolio

This project will implement the ServiceNow Asset Management module. The ServiceNow Asset Management module will be responsible for managing the life cycle of end-point device hardware assets for ITS and SOM Managed Desktop Services groups. Standardizing tracking and reporting on the data attributes relating to ownership, status, and location of hardware assets will be helpful to our teams. Benefiting our clients by allowing IT to identify the most at-risk end-point devices in a department that should be budgeted for replacement. Overall, ServiceNow Asset Management will assist with identifying unknown devices, failure root cause analysis, and trends to help us make data driven purchasing decisions.

Phase one of the Background Check project went live in May 2021, but a second phase is needed. Phase two has multiple parts. First, our contract with CastleBranch, the existing Background Check vendor, ends in December 2021. We’ve chosen InfoMart as the University’s new vendor, so phase two will switch all integrations from CastleBranch to InfoMart. This phase needs to be completed by the end of this calendar year.

The second part of phase two will pull the Background Check reports back from Infomart and revisit how candidates receive Guest ID access to ConnectCarolina when they need to give HR information for the background check. Phase two will also improve the digital accessibility of the background check solution. Phase two is in analysis and has no target date yet.

This project will streamline data mart processes. It will also provide a way for end users to maintain the mapped values between UNC-Chapel Hill and the System Office data marts.

After a three-year process involving hundreds of faculty, students, staff and other key stakeholders, the new General Education curriculum is being implemented for undergraduates beginning in fall 2022. This project implemented the system changes needed to support the new IDEAs in Action curriculum (IDEA stands for Identify, Discover, Evaluate and Act), which replaces the current curriculum adopted in 2006.

For more information, visit the IDEAs in Action website.

This project will migrate Research Computing’s technical documentation off of the ITS WordPress site. The project will also refresh the content, making it easier to find and read.

The Mass Storage system (also known as StorNext or /ms) is used for archiving research data files and storing very large files, files that are too large to fit within an individual researcher’s or a department’s storage space. This project will move the Mass Storage system to the next generation of hardware.

This project will develop the Enterprise Data Warehouse’s most-used data sets in a more efficient type of schema called a “star schema” data model. The new tables and views will be available for internal use within the data warehouse, allowing the team to better serve customers.

As the Enterprise Data Warehouse grows, so does the time required to run the ETLs that keep it updated. (An ETL extracts, transforms, and loads data from multiple sources to a data warehouse.)  This project will redesign the nightly ETL for the Enterprise Data Warehouse to make better use of the after-hours time we have to run the jobs and to make it easier to diagnose problems.

During the Fall 2021 semester, ITS-Educational Technologies and Digital and Lifelong Learning conducted a small pilot of the Canvas learning management system. In Spring 2022, this project will expand the pilot to include more courses and users. ITS-EdTech will continue to evaluate the Canvas learning management system as a possible replacement for Sakai, and will collaborate with Instructure (developers of Canvas) and their course migration partner K16 on the implementation of the pilot. The project will measure success using end-of-semester surveys and focus groups with faculty and students.

This project will change the method we use to back up our enterprise systems databases from Oracle Recovery Manager to the database snapshot method (a database snapshot is a consistent, read-only copy of a database). Switching to this method will reduce the time it takes to back up our databases.

This project will provide patches and hardware changes as needed. It will also reorganize the data disk so that log and error files can be segregated from the actual data in the databases, reducing the disk space needed to back up databases.

When UNC migrated to Microsoft 365, we implemented an on-premises infrastructure called “Active Directory Federation Services” (ADFS) to support authentication into Microsoft 365. ADFS addressed security concerns around syncing passwords into the Azure Active Directory Cloud service, but it also created an on-premises dependency for Microsoft 365 and technical debt.

Note: “Technical debt” is a concept in software development that reflects the implied cost of additional rework caused by choosing an easy (limited) solution now instead of using a better approach that would take longer.

This past summer the ITS cloud team and ITS identity management teams did an evaluation to see if we needed the ADFS infrastructure and concluded we do not need it anymore. The goal of this project is to remove the ADFS on-premises infrastructure and rely on Azure Active Directory authentication for Microsoft 365. Once the ADFS infrastructure is turned off, campus will authenticate directly to Azure through the Microsoft portal.

Load balancing is the process of distributing tasks across network resources, with the aim of making their overall processing more efficient. UNC-Chapel Hill uses load balancing technology provided by F5, Inc. The University’s current F5 infrastructure has a storage resource constraint that makes patching challenging, and it is running at capacity, which limits our ability to take on new F5 projects.

This project will form a working committee to analyze the current state of the University’s F5 load balancing infrastructure and make recommendations for a path forward.

This project is performing a lifecycle replacement of storage controllers and disk that are nearing the end of their useful life. As hardware ages, it becomes less reliable, the potential for data loss grows, and maintenance costs increase. This project is focusing on replacing:

• ESMC0 – the hardware supporting Storage.unc.edu and SecNas.unc.edu.
• ESMC5 – the hardware that provides some primary storage for Splunk and serves as a backup destination for a majority of ITS data.

The PHP platform that the Software Distribution service operates on is no longer supported by the vendor, so this project will upgrade the platform. The project will also transition support of the service from ITS Infrastructure and Operations to the University Services team in ITS Enterprise Applications.

Currently, when you set up your Onyen, you answer some questions about yourself. Later, if you ever forget your password, you can answer these questions to prove that “you’re you” and safely reset your password.

This security model is no longer considered safe enough by the NIST (National Institute of Standards and Technology), the NIH (National Institute of Health), REFEDS (the Research and Education FEDerations group), and the University’s own Information Security Office. Current guidance says that resetting a credential needs to require strong proof of identity, such as two-factor authentication or confirmation that the person resetting the password has presented a government-issued ID.

This project is replacing both the self-service Password Reset function linked from onyen.unc.edu and the  challenge questions that the Service Desk uses over the phone. Ideally, the reset will be built into ServiceNow, possibly in an automated chatbot, or handled through a live chat with a Service Desk staff member.

The ITS Identity Management team receives frequent requests from groups around campus for centralized and automated provisioning and deprovisioning of user accounts. We currently use a home-grown utility known as IMPROV for this purpose, but it only provisions Onyens and Guest IDs, not other forms of accounts. IMPROV also does not do deprovisioning, so the team uses perl scripts for this purpose.

This project will implement midPoint, an open source identity management and identity governance solution, as our deprovisioning engine. This project is necessary for follow-on projects such as deprovisioning Zoom and other applications, which are waiting for this work to be completed.

The Remedy application infrastructure has been running on unsupported versions of BMC Remedy AR Server, Oracle DB, Java, and Linux OS, which is a risk for ITS while also consuming team resources to maintain. The purpose of this project is to transition all remaining Remedy applications to other supported ServiceNow applications or application platforms. This project needs to be completed by mid-October at the latest to prevent renewal of the Unix Support contract for another year.

This project will migrate approximately 250 unprotected VLANs (“virtual local area networks”) to campus enterprise firewalls. Migrating these VLANs will prevent attacks and also limit the scope of attacks across the University. Onboarding the rest of campus will significantly expand the range and depth of the University’s defenses. It will also give ITS unprecedented awareness of which mission-critical systems we need to protect.

PeopleSoft, the software that forms the backbone of ConnectCarolina, can be structured by positions, appointments, or a mix of the two. When UNC-Chapel Hill’s implemented ConnectCarolina HR/Payroll, the decision was made to:

• use positions for SHRA and EHRA Non-faculty (non-student) permanent and temporary positions (64% of employees).
• not use positions for faculty, Post Docs and EHRA Non-faculty student positions (36% of employees).

Since ConnectCarolina HR/Payroll went live seven years ago, the University has been translating our appointments (which don’t have positions) into positions. The reason is that those managing finances at the Board of Trustees and at the University System-level think in terms of positions when discussing budgets. Translating this data is an unstable process that gets increasingly complex as the System Office requests more data.

The Full Position Management project is improving this process by changing ConnectCarolina and related business processes to require all appointments to be associated with positions. This change affects everyone who works with HR actions (including funding swaps) or who posts positions in PeopleAdmin.

The National Institutes of Health (NIH) is requiring stronger proof that a person logging into their system is who they say they are. Starting in September 2021 multifactor authentication will be required when logging in to their system, and by December 2022, appropriate levels of identity assurance will also be required.

UNC-Chapel Hill is moving towards passwordless logins with a new option called Carolina Key. Carolina Key represents several different methods of authenticating logins for faculty, staff, and students. When used along with their Onyen, Carolina Key eliminates the need to enter a password.

To ensure UNC-Chapel Hill is compliant with federal and state regulations, the University took a comprehensive look at payments to students and recommended some changes. These changes ensure compliance with regulations, provide timely disbursement of awards, and reduce instances of students being asked to return funds to the University.

One key change is to use GradStar to process some student payments (such as training grants) instead of ConnectCarolina vouchers. Payments processed through GradStar are included in the student’s financial aid package and paid to the student’s account instead as a check directly to the student.

The project team is a cross-functional team made up of staff from ITS, The Graduate School, Office of Scholarships and Student Aid, University Finance (Accounts Payable, Cashier, Payroll), Office of Sponsored Research and campus departments.

The University’s phone service is moving from Verizon to AT&T. When the University’s contract ends in 2023, Verizon is discontinuing the service we use. This provided the opportunity to evaluate other providers, save money, and provide additional features that support mobile and remote work settings. The move affects all campus phone lines, such as fax lines, conference room phones and main lines.

In summer 2021, the page faculty, staff, and students visit to manage their Onyens and password received a makeover. The page still had all its existing features plus a more modern look. The change affected anyone who had an Onyen, including faculty, students, staff, alumni, affiliates, and retirees. The simplified look and navigation reduced accessibility barriers and works better with mobile devices.