May 2007 Archives
Last night after dinner at the Columbia faculty club, Tony, Bob, and I went out to Iridium to hear the debut performance of Cindy Blackman's New Lifetime - wow!!!
New Lifetime is Blackman's tribute to Tony Williams, primarily of his Lifetime period in the early-to-mid-seventies. The original Lifetime included Williams on drums, Larry Young on Hammond organ, and a John McLaughlin on guitar (they later added Jack Bruce on bass).
New Lifetime is made up of Blackman on drums, Doug Carn on organ, Greg Osby on alto sax, and Kevin Hunter on guitar. They played mostly the difficult music from the original Lifetime - it was loud, intense, and incredibly energetic. Blackman is a phenomenal drummer, and there was no doubt who the leader of this group is.
I hope this group records - it's worth hearing.
Two nights of great jazz in New York and we barely scratched the surface of what's available - though the early mornings have certainly left me feeling drained at the end of the week.
Technorati Tags: CSG, CSG-Spring-2007, jazz, music
Joel Smith from CMU is leading this discussion.
There's a bunch of activity in Educause and other forums around this topic.
Strategies around specific emergencies could be very different depending on the nature of the emergency.
A quick survey of the membership: 84% of the respondents said there have been situations in recent years calling for emergency communications, including environment and weather, environmental health risks, dangerous or damaged facilities, etc.
How long does it take to send messages? Fastest is web posting, email is pretty fast, and text messaging is the least deployed. Joel notes that composing messages is not something that is built into our emergency processes and it's difficult to do in many circumstances. At Columbia it took them eight hours to compose a message to inform people that the campus was closed in a snowstorm. It can also be hard to get hold of the right people to post and send messages.
Berkeley deployed PeopleLocator (http://peoplelocator.berkeley.edu/ )
Much is predicated on having good data, like cell numbers.
Bill notes that at Stanford they have an incident response team that's separate from the emergency operations process.
Joel notes that it's important to put the time that the next communication will take place in each emergency notification, in order to keep people from overloading the channel just to see if there are any updates.
MIT is looking very seriously at being able to send SMS messages. There's some concern that you have to work closely with vendors to not have mass SMS messages classified as spams.
A few institutions in the room have some cell contact information for students, but nobody claims to have good directories of cell information.
Texas students had brought Mobile Campus on campus - but it peaked at about 7,000 students (out of 50,000) and appears to be on its way down - they think it's because they get spammed with ads from them.
MIT is going to try some tests of emergency communications, asking people to respond if they receive the test messages. They are using mir3, which was contracted originally to contact emergency responders, but they expanded that to try to contact everybody. They hope to be able to use that test to gauge how good their contact info is, as well as how long it takes to get messages out. They'll try sending both voice and text messages.
At Wisconsin they're adding text asking people to update their contact info when they register for classes.
Several campuses have been updating PA systems on campus in the wake of recent emergency events.
Technorati Tags: CSG, CSG-Spring-2007, emergencies, emergency-notification, emergencies, notifications
Charlie Leonhart is leading off the morning with a discussion of identity management. He's asking the crowd who's running their first generation ID management system as opposed to as second or third generation system. Paul points out that their approach at MIT is more incremental, changing and adding to the original system every year, so it's more of a maturing continuum rather than generations. Georgetown's original ID management was a directory built for provisioning accounts in different systems.
RL Bob says that Internet 2 and MACE point to different products that handle this kind of thing, but there is no significant open source shared product in the space of core identity management and provisioning, as the institutions that have built these systems have done it in ways that are embedded so deeply in their systems that it's hard to share.
Several people have used commercial products in their identity management - Indiana uses Microsoft's identity management server, and it's working very well. Brad thinks we need to get better at federated identity - maybe 2008 will be the year of federated identity. Gary says NYU uses Sun's identity management products, because they didn't want to have to build it themselves. Michigan is going to go with the Novell services because they didn't want to build it themselves and the connectors to Peoplesoft and other systems were already there. Duke is also using Novell. Colorado is going with Sun. Georgetown has picked Oracle, primarily to automate feeds from backend systems and for provisioning and de-provisioning. De-provisioning is particularly challenging - the ability to do ubiquitous de-provisioning is important.
How much convergence is there with digital identity and physical id control. At Chicago the card office has always been part of central IT, and they're working on merging that system with card system, and they're working on a common system across the hospital and the campus.
How centralized is the process of creating identities - how many are taking feeds from departments to create identity? Tim says that at Harvard the issues are around SOA kinds of things - changes in data formats, scheduling, etc.
RL Bob says that we have a local community college that we share facilities with that needs NetIDs, and we are working with the Cancer Care Alliance who needs NetID. In both of those cases they run Active Directory and we've been using a federated approach, using Shibboleth - which raises some policy issues of what kinds of things they then might get access to.
At Stanford they're setting up a guest account service. Bruce also notes that the owners of the Peoplesoft and Oracle systems are likely to start asking about what value the separate registries bring, instead of just using the purchased systems.
Klara talks about Duke needing to create the ability for affiliates to create accounts in a delegated fashion. Charlie characterizes this as the "Martian" user issue - visitors, people who come just for the day, etc. Michigan is setting up a sponsorship system where departments can set up temporary identities for visitors.
Brad says to look at the strategic issue, the University is not going to be a fortress any longer, but will need to be much more porous. He cites the issue of the library which was using access to a University digital identity as a surrogate for meaning "faculty, staff, or student" to grant access to subscriptions.
Tom is talking about people who are "non-affiliated patrons", like those who have library privileges but no other connection to the institution. They're creating a separate store of identities for these folks. It was much easier to not bring those back into the main identity store and deal with all the policy issues, etc.
Phil Long notes that business process has to precede identity management.
At Wisconsin they have a formal decision making body for identity management that reports to the Provost. Just this month that committee has announced that they'll add two faculty members and student representation. Federated research has made this an academic as well as administrative issue.
Berkeley has a signle-sign-on management model, but there's not a good funding model - they've been considering some sort of identity-management tax on new system development projects.
At Georgetown they have a tax on all money transactions on their cards to fund the card office operations - 4% on internal purchases (like soda and candy machines, etc), more for external vendors (like local restaurants, etc).
Texas has multiple assurance levels of identity - for high assurance you have to show up in person with photo ID.
Technorati Tags: authentication, CSG, CSG-Spring-2007, digital-identity, identity-management, identity
Educause live - June 5 - covering the increases in royalties for streaming radio. June 19 - campuses outsourcing student email to Google (Steve Worona looking for speakers).
Cliff - CyberInfrastructure office at NSF starting to generate solicitations for proposals for considerable numbers of things. Most recently an announcement for "community-based data interoperability networks" - looks like it's designed to fund interoperability for scientific data on projects - relatively small grants (up to around $250,000). The solicitation we've been expecting on data prototypes doesn't look like it will be out till July.
NEH has launched a digital humanities funding project. There was a meeting of digital humanities centers a couple of weeks ago. They may be moving towards funding these kinds of centers.
An astounding proposal made for a new set of copyright laws, originating from AG Gonzales - they want to criminalize things like attempted copyright infringement, bring copyright infringement under the RICO statute. Keep an eye on this.
Mark Luker - House science committee having a hearing June 5 on control of P2P file sharing (due to a member from Nashville). There will be four witnesses, including one from Arizona State, that has tried out Audible Magic technology; the president of Audible Magic; A rep from Illinois State who've been testing out different technologies; and Greg Jackson on why these technologies aren't perfect.
Jerry brings up the management of CSG surveys. We do a lot of surveys - should we have a data coordinator? Bill says that the surveys are as of a point in time and he's not sure of the value of keeping that around. Phil suggests that having a place to collect the survey data might be useful.
Spam -
Greg - moved to Mirapoint RazorK which does the same stuff as PureMessage but also notes if identical messages come in in batches, which knocked out a whole bunch of stuff that PureMessage didn't capture. It has had some false positives. They also quarantine for two weeks.
Bruce - Stanford also uses PureMessage. Other departments use other things - business uses Iron Port which they like. Texas likes that too, as does Virginia. Berkeley uses that too, in series with everything else.
Greg - Tbird client filter is pretty good.
John - uses Barracuda device - been adequate though not spectacular. Once they taught admins to click vendor default button instead of customizing it's been much better. They're taking a strong look at Iron Port, which has just been purchased by Cisco.
Phil - we could be benchmarking spam catching data across the institutions, which might be more valuable than anecdotal testifying.
Michigan has put temporary rejection of mail into place at the end of the spam filters. Joel says graylisting has made a big difference in spam receipt, as has Berkeley. UC Berkeley couldn't get to contract terms with Sophos and dropped them.
MIT has been using Barracuda spam firewall.
Paul - CalConnect update - most recent meeting was in Seattle at Boeing, next in fall is at MIT. New members include Google, Scalix, ... next meeting will have demos using CalDAV and free/busy searches of CalDAV including Boeing's gateway to Exchange. Next few months will see CalDAV products shipping. Mobile vendors have asked the consortium to take on looking at the vCard standard, so there will be a full-day workshop at the MIT meeting. Bob notes that it was impressive to see engineers from all those companies sitting around the table working together.
RL Bob - Shib and InCommon - Shib working on 2.0 release. Small scale beta anytime now, full-scale before Shib camp in Portland June 25-27. implements SAML 2.0, authn requests, logout, Java SP. InfoCard - new paradigm signon method for web apps. Only significant way we have of fighting phishing - the card paradigm instead of sites asking for login and password. Often talked about in terms of self-provided credentials, but also useful for enterprise-provided credentials. Expecting to this to be ubiquitous, but it will take a while to get there. Shib folks will be working on implementing this (not in Shib 2.0). Shel asks about the relationship between Liberty Alliance and InfoCard - no particular relationship. There is still active work going on in Liberty, but that's separate from this.
InCommon - 5-+ participants, 35+ universities, 15+ partners - over half of CSG members are now InCommon members. Community Working Groups - Apple, re iTunes U; library services (re using shib with licnesed content, search, citation mgt, etc); student services (federation opportunities in admissions, transcripts, enrollment verification, etc); US Gov (e-auth, NIGH, Dept of Ed).
OpenID - openid.net
- "user-centric" internet identity ("a cool hack" - RL Bob)
- has nice features of being dynamically deployable. blog-centric in many ways, evidence of popularity, yet another thing to support
Gary - putting up blogs.nyu.edu - how seriously should they think about putting up blogs? Bob - the canonical case is blog comment authentication - but when it gets popular enough the spammers will set up their own OpenID provisioning sites.
Paul Hill - federation technologies are beginning to succeed. Let's say we accept these IDs for anyone dealing with our university. What does this do to our sense of community for all of our online tools? How do people understand the community they belong to? Phil thinks that in the long run he can't see higher ed remaining the provider of electronic identity - people will have online lives both before and after they're at the university - we give identities because there is no good alternative.
Steve Worona - there isn't a current way to overlay universities with congressional districts. He's got a list of addresses of institutions - who's interested in taking on this challenge to mash this up? Note that congressional districts don't match to zip codes.
Ron notes that at Wisconsin they're seeing lots of less-qualified contents for their jobs. One of the California schools says they're having to pay 10-12% higher salaries than last year to pull in candidates.
Brad - Community source update - Had about 200 people in St. Louis for Kuali days. Release 2 of Kuali goes to code freeze in July. Release 2.1 is targeted for June 1 of 2008, which will include capital assets tracking. Sakai put out 2.4 release. Release was coordinated out of South Africa, and the chairman of the Sakai board is from the UK. Four new tools went from contrib to provisional, and three from provisional into the core. Rice, the Kuali workflow and service buss, is making progress, and is the first community source project with no foundation funding. See rice.kuali.org.
Technorati Tags: CSG, CSG-Spring-2007
Way to go, MIT!
Following opposition by MIT, the Society of Automotive Engineers halted implementation of digital rights management controls aimed at restricting access to SAE documents. On April 19, SAE issued a press release stating that they would not enable DRM controls "on the Society's Digital Library of technical papers for licenses at colleges, universities, and other academic institutions."
Full story at:
http://www-tech.mit.edu/V127/N26/drm.html
Thanks to Paul Hill for pointing this out!
Shel is talking about the work they've done at UC Berkeley. They've taken up a program of readiness, varying their drills so they're not only preparing for an earthquake - their actual disasters have included floods, windstorms, fires.
They got a grant from FEMA to create a tool for higher ed which could be released in open source. They looked at commercial packages, but the prices were just outrageous.
You use the tool to develop a plan, then do an exercise which tests the specific plans. Each of the 12 departmental EOCs do two drills a year in addition to the campus-wide drills.
Content of a business resumption plan - 1. departmental identification (any size); 2 critical functions (critical= necessary for achieving 30-day resumption of teaching & research); 3. Information technology (included in every departmental plan); 4. Faculty engagement (you can receive service credit for tenure by participating in planning and drills).
Shel's looking for a few institutions to help participate in creating and maintaining the tool.
The demo site is at:
They expect an end population of more than 300 plans. Right now they have about 70. You can't exit academic program review unless you have a continuity plan.
Technorati Tags: busines-continuity, CSG, CSG-Spring-2007, disaster-recovery
Bill Clebsch from Stanford is coordinating a session on Business Continuity and Disaster Recovery
Full results of survey are up on the web at http://www.stonesoup.org/Meeting.next/mtg.pres/clebsch2.htm
Bill asks how many of us are ready for a disaster - at Stanford they say ready is being documented and drilled. Most of us are prepared for major events, maybe better than we are for smaller events (like one that would just take out the data center). Stanford estimates that they could function for around sixty days without financials - beyond that the big driver is being able to make payments to the federal government.
If you only have excel and word, you dont have a business continuity tool
Drilled means exercised quarterly - any less often means it likely won't work.
Scope is focused around enterprise computing - Bill really worries about departmental systems. The future is in arranging partnerships with other institutions.
Lessons from Hurricane Katrina - ECAR research bulletin - Catherine Lewis from Xavier.
There's a role-playing discussion of disaster recovery. Shel asks about whether people are worried about the NIH and NSF regulations around access to data any time during the grant. One opinion expressed is that researchers aren't worried about that compliance, while another is that non-compliance is another risk that must be managed. One person says that any institution that pushes these compliance issues ahead of their peer institutions risks losing their faculty to other institutions that won't push compliance as strongly.
Shel says that he's achieving some success by brokering a connection between Risk Management and Sponsored Programs, so that it's not IT pushing the issue with researchers.
Texas is in the process of cataloging every computer on campus - they've developed a tool that's being used across campus to catalog data in three categories. Everyone is obliged to report what kinds of data are on each computer, from faculty desktops to the mainframe. This is a huge process, which has created some happiness among faculty.
It's mentioned that there are faculty that insist that the data is theirs and that the institution does not have any role to play in poking its nose in, whether for backup or other purposes.
Bill suggests that IT is not the group in the position to suggest value of various risks of loss of data or operations. Phil Long says that there are people with that expertise in the financial sector who could be brought in. Cliff agrees that this is properly framed as a risk management issue, but that in the last few decades many campuses someone has wandered through and said they need to place a value on the campus library, in the context of risk management and self-insurance, not in terms of business continuity. They've had terrific trouble with that, because some of the material is very replaceable, and that's the stuff they know what to do with in valuation, but other stuff is rare, and is more like museum treasures - irreplaceable and highly valued, but they end up coming to the conclusion that there's no point in taking out higher insurance values, but better to invest in its protection with better environmental controls, security, etc.
Ken points out that NYU's experience through 9/11 is that the ability to continue to communicate with the community is absolutely essential in any disaster.
Mike Pickett notes in the back channel that "Duke did a university-wide risk assessment last year and set the level for making it onto the "risk list" as multi-million $ impact."
Technorati Tags: business-resumption, CSG, CSG-Winter-2007, disaster-recovery
Ken Auerbach from NYU is leading a conversation about help desk metrics.
What kinds of things are meaningful to know about the help desk?
Bill says that time to resolution of help desk tickets has a strong correlation to the perception of organizational quality.
Joel says that reporting what kind and how many issues get passed to 2nd and 3rd level support is of interest. Ken thinks that the second level needs to know what the first level solved.
I said that real-time information on what kinds of things are coming in to the desk is important. Kitty says that using help desk requests to understand impacts of changes in services is of interest.
Paul Hill points out in the back channel this service at MIT that gives some real-time information on service availability: http://3down.mit.edu/3down/index.php.
Greg shows this service at Chicago, which is also available as an rss feed: http://hp-announce.uchicago.edu/archive.php?areaID=30&listType=current.
Shel responds with Berkeley's site, which is hosted offsite in the event of local failure: http://ucbsystems.org/.
Steven chimes in with Princeton's version: http://helpdesk.princeton.edu/outages/list.plx.
What are the kinds of things we want to know about our services? (from NYU):
Categories such as Performance (availability of a particular service, mean time between failures, mean time to repair); Utilization (Who, When, for what); Satisfaction; Costing
Ken says that Metrics have to tell a story - correlating the numbers with specific events and contexts (e.g. XP released, blaster worm, machine registration improved, etc).
Karen from CMU says that they often do lightweight benchmarking with other institutions. She asks if we shouldn't have some sort of designated contact at our institutions for IT benchmarking. Does it have to go through the CIOs?
Shel notes that there's a lot of work in normalizing data, though ITIL helps with some of that. Bill and Jerry agree that the Stanford/MIT benchmarking work was not at all lightweight, but that it had significant impact, changing the way they did business in the help desk and their client surveys. It took them months to agree on data definitions, but that's where the payoff lays.
Technorati Tags: CSG-Spring-2007, help-desks, it-support, metrics
Discussion of a SWOT analysis of help desk tools.
Our help desk tools are not well enough integrated, and terminology used in ITIL tends to be off-putting to many.
Knowledgebases are being used by many - mostly internally constructed and written. There's at least one school that is using library school interns to work on the taxonomy of the knowledgebase.
There's discussion of the relative merits of knowledge bases and wikis for support. The folks at Wisconsin note that their use of kb.wisc.edu, which is wiki-like for support of new technologies (Vista, Office 2007, IE7) has resulted in contributions of very high quality. Partner sites are motivated to be involved because they can take advantage of other people's knowledge.
Chat - interactions tend to be longer, and staffing for it can be difficult. Industry says that agents can handle 3-4 chat sessions at a time if they're dedicated to chat.
Discussion of customer satisfaction surveys - Greg objects to the use of the word "customer" in this context because the customer is the person who hands us resources to provide services, and when we survey people who use the services we aren't talking to those people. It's pointed out that ITIL defines "customer" as someone that funds the service. Bill Clebsch notes that at Stanford 2/3 - 3/4 of their business is fee-for-service, so the users are the customers.
Panel - demonstration of Duke using chat support by Debbie DiYula. Live chat link is on every web page within the OIT site. Getting lots of hits on chat - almost half have been telecom related (which is handled by a separate help desk). They now have configured chat to allow people to select which help desk they want to chat with. They have to manually input data from chat into the ticketing system.
There's discussion about 24x7 support. Princeton is currently open 24x5 and moving to 24x7, but they don't have a production or NOC team available. Bill Clebsch says that in Stanford's survey of services and where people want them to invest, increased help desk hours come very far down the list. Carrie wonders if rural campuses have more desire for extended hours. Greg says that the only 24 hour operations on campus are the police and the hospital, so who are the people who need 24 hour support? 24x7 schools responding were Indiana, Minnesota, and Virginia Tech. Brad notes that they've been aggregating tasks to the places where the staff are already working the off shifts, like operations and the 24 hour student labs. One instutution says that their new network monitoring tools allowed them to move away from 24 hour support in the call center, as they didn't have to rely as much on users being the "canary in the coal mine" for noticing problems.
Technorati Tags: CSG-Spring-2007, it-support, help-desks
We had a nice dinner cruise last night, leaving from the Chelsea piers and heading down around the lower tip of Manhattan and into the East River, under the Brooklyn, Manhattan, and Williamsburg bridges on a beautiful spring evening. The entertainment on board the Spirit of New Jersey was completely over the top in its enthusiasm and lack of quality, but I spent almost the entire cruise outside on deck enjoying the views and chatting with colleagues.
After the cruise Bob Morgan, Tony Chang, and I went to Birdland to catch Geri Allen's 11 pm set with her quintet. It was really a treat to get to hear the almost eighty-year-old Jimmy Cobb on drums along with the young Rashaan Carter on bass, along with both Javon Jackson and Antoine Roney on tenors. I was particularly taken with her take on the ballads Lush Life (which opened the set) and Coltrane's Naima, which had really nice bass playing from Carter.
Boy, you sure don't hear 11 pm sets like this in clubs in Seattle on a Wednesday night. But it sure made for a hazy early morning today.
Technorati Tags: CSG-Spring-2007, jazz, music
Susan Grajek from Yale is kicking off the morning by presenting the results of a survey of CSG members about the help desk.
The survey results are on the web at:
http://www.stonesoup.org/Meeting.next/help.pres/grajek2.htm
Topics covered included the breadth of support, relationships with other support groups (both within and outside of central IT), service management, tools and best practices, and metrics. Did not ask about economics or costs of help desk operations.
Who is supported? All support faculty and staff, almost all support grad, undergrad, and postdoc students, far fewer support alumni, visitors, and clinicians. Students make up the preponderance of people supported internally.
Average help desk is open 14 hours/day on weekdays. Four are open 24 hours a day. A third are primarily staffed by students, which make up 64% of the workforce of those help desks. The help desks are open 7 hours/day on average on weekends. Half are closed on weekends. Students make up the entire weekend workforce.
Tools and best practices - All use some sort of ticketing or incident tracking system. Almost all use an automatic call distribution system. Most use some sort of knowledgebase or wiki. Two thirds use some sort of phone tree - seem to go one level deep, clients rebel at two levels deep and more than five choices. People are using data center and monitoring tools.
Almost a third are using remote desktop connections to provide in-depth support. Calls for a deeper knowledge level on the part of technicians answering calls.
Joel asks whether use of remote desktop for support raises security concerns. Greg reports that it does raise concerns, but they use it a lot.
Remedy is the most popular ticketing software.
Breadth of support - asked about 21 topics of support, could choose from 7 levels for each.
Email, network, web browsers, OS, accounts, and security prevention are the most heavily supported areas. High-performance computing, media, and library apps are the least deeply supported areas.
Some schools are providing help desk support for functional areas - the most common being use of course management tools, then financials, HR, and procurement.
Help desks are making handoffs to lots of other groups. Everyone are handing off to information security staff, and almost all to application and web developers and systems staff.
Almost half pass tickets to functional help desks like HR, Procurement, Library, health system, and classroom support.
two thirds provide access to tools for other IT support providers (knowledgebase, ticketing, systems status) and offer direct contact for these folks to back-room technologists.
Service management -
59% have different SLAs for different customer groups.
It's noted in the back-channel notes that "we are concerned with improving routing of calls to the help desk which cannot be satisfied by front-line support; especially where people are essentially asking for special/new services -- and what they really need is some really good consulting." I think that's a real issue - right now we tend to lose those requests for help.
Three quarters of schools have not evaluated outsourcing of help desk functions.
Pain points - responses include relationship with the 'back-end' of IT, the increasing complexity of support, upgrading tools, and staffing issues.
Technorati Tags: CSG, CSG-Winter-2007, help-desks, it-support, puppy
Bernie Gulachek from Minnesota is talking about how they're demonstrating value of IT to the institution.
Why measure value? It's not all about cost or efficiency, but it's a balanced approach to show that the IT group is a strategic part of the institution, and can help the institution make strategic decisions. This is about making sure that IT has a seat at the table.
Look at definitions of value - bottom line (Gartner), educause documents.
IT Portfolio Management -
- understanding costs, and allocating costs to campus units, who don't have a choice of what pieces they pay for. Once a year the units receive a bill that itemizes a rolled up version of what they're paying (on a per-fte basis) for communications, productivity applications, business applications, and student, faculty, and staff support. That allows them to have a conversation of what the services cost (around $70 million/yr total, which works out to be $44.93/head/month). Portfolio services are framed in this way. That brings them to a conversation with the deans and IT directors in collegiate units - everyone is a stakeholder. If they have to pay for the services, then the value must be demonstrable. The administration is trying to get the institution to concentrate on the mission and to get to the right level of standardization by removing non-value-added duplication, and this allows that conversation to move forward.
Measuring the performance of the IT unit is done with the balanced scorecard construct. They're breaking the conversation into four quadrants:
- service quality (measured by customer satisfaction);
- IT expenditure (productivity) (percentage of technology spend compared to total institutional spend - total IT spend, not just IT unit) - they can provide each collegiate and administrative unit's budget spend on technology and what that percentage is, so that the deans can see the impact of what they choose to do locally. Works out to about $1682 per year per head (student, facult, and staff), of which about $600 is the central IT unit spend, the other $1000 is in the units. Good conversation about what the value is gained for that.
- Staff engagement - regular survey of staff satisfaction
- Improvement processes - developing tools for best practices for particular management disciplines and their adoption, plus understanding what the best practices for IT are and how they're propagated to the units.
Impact of strategic initiatives / Projects
- what projects are out there that would be strategic to work on, given the impact to the institution. Working on institutional tools that normalize the language and measures of impact. Costs will always be realized in the IT world, but what are the functional benefits delivered to the functional unit. What they're working on is a set of descriptive language that the President has been using to talk about these projects - frames up the elevator speech about specific projects. They walk through a work sheet form that highlight the impacts over the lifecycle of a project and where the costs are borne. Projections are over 3-5 year interval.
Example of an event ticketing system, where there are benefits realized in athletics and performing arts, and the costs are realized in IT.
Same process used for a shared data center project.
Benefit categories for checkoff include: improved productivity; reduced costs; enhanced revenues; improved service or product quality; engaged employees
IT Strategic Alignment to Support the Institution's Goals
Strategy mapping is conceptual and fluffy, but it helps communicate.
The institution has set a goal of being one of the top three public research institutions in the next ten years and has set out four strategies to get there. IT has developed communication tools that demonstrate alignment with those goals. Simple maps that allow articulation of organization's strategies and how they're aligned with the institutions, and how the projects, measures, and operational goals are mapped to those strategies. This has led to a list of initiatives that they know are out there (whether defined or undefined) on a "pipeline" chart. This allows expression of all the requested initiatives. They're working on an institutional process for deciding which initiatives to engage. The hope is to help decision makers understand priorities to weigh pet projects against the other data.
When projects are mapped to institutional strategies, they receive hugely positive response by presenting this in a very simple way from the President and other decision makers. Enables them to facilitate a conversation across different functional owners, encouraging them to work with each other. Allows them to see commonalities across projects, and maximize the use of scarce resources.
They've been asked to develop a collaborative informed decision and priority setting framework for large (more than $1 million) projects, similar to the process used for deciding building projects. The output from that would go into a full-blown analysis and RFI process.
Technorati Tags: business, CSG, CSG-Winter-2007, higher-ed, metrics
Dennis Maloney from Colorado introduces this workshop
What is the right approach?
Understanding the value of IT - Educause Quarterly November 2003
- Defining value, realizing value, structuring the value discussion, and metrics.
Brad Wheeler and Laurie Antolovic from Indiana are talking about Metrics, ABC, and the Value of IT to the institution. How big is the crew doing this activity? One financial analyst who spends half her time. The rest of the work is done by the people who are the custodians of the services.
Their annual process - Jul-Sep is assessment by the CIO and his cabinet, budget and project completeness, etc. Data collection takes place, using budget figures. The annual user survey is done then too, to provide user quality assessments. Laurie's shop has really routinized all of this work. The survey is long and painful, but they get 40% response rate. They use the diagram of the annual planning processes in their budget hearings with the provosts at each of the campuses. It helps them frame the conversation, rather than having the conversation framed for them.
They can see lots of data on services, such as five year trends on service costs and unit costs for each service.
Pruning and reallocating - the expenditure review committee process trims budgets for reallocation to new priorities. Each manager has to give back a certain amount of money into a central pool for funding new proposals. Formal proposals request funding for new needs. Their latest was to take 5% from the entire base of the organization, across all the parts of the organization. They then can use that amount as being available for use to fund new proposals.
Difference between financial accounting and Activity Based Costing - in accounting money comes in to a unit, and then it is allocated for staff, equipment, etc. But that doesn't tell you the cost of services, like what does it cost to provide an email account? or a support center call, or faculty consultation? This creates a healthy tension among service owners and providers. e.g. owner of peoplesoft hr system - "I need more attention from the sysadmins to tune my HR app" - DB manager: "I'll charge 40% of sysadmin Joe's time to the HR service owner" - you can throw a fit and go to the owner about that charge, or you can say "I always wanted that time, and now I'm going to use it." Those conversations bring about a lot of behavioral change.
ABC came about as part of the quality movement.
Our first exercise is on establishing the cost of a service.
The example is the cost of support center activities.
Personnel
+ Direct Costs
+ Suppeliers (internal service providers
= fully-burdened cost
Divided by unit = service unit cost
Activities - answer help desk phone lines; assist walk-in customers; answer email help desk messages; maintain knowledgebase; provide extended consulting. Figured out for each person providing services
They already had a culture of distributed budget responsibility. That's the level of detail from which they started. They spent a good chunk of time on defining services. Every service has an owner.
First they calculate the percentage of time each person spends on each activity. Has nothing to do with number of hours per week - just percentage of a person's time overall. Then they derive the cost of each of those activities by dividing each person's fully loaded full-time salary by the percentage of activities. They don't do hour-tracking on a regular basis - just percentage estimates are good enough for what they're doing.
Direct costs are figured using the percentage allocation by activities to allocate direct costs like hardware/software, training, tools, maintenance, etc. That approach doesn't work in instances where there are large capital expenditures on equipment.
Internal services (internal systems administration, administrative support costs, etc) are allocated as Service Supplier Cost allocations into the fully burdened cost of goods.
Those total costs are then divided by the number of units served. It's possible to have lots of arguments about what the units used for any given service should be. Use whatever unit best communicates the accountability and comparability of services.
For systems administration, the data center manager estimates the amount of effort that each system consumes, from example all of the operators' time, etc.
Laurie runs training on ABC every year.
Costs are done on budget on a cash basis. Once you get over the initial cost, then everything is lifecycle funded. They've decided to not amortize capital expenditures for ABC to keep the complexity down. They've applied this to all services, regardless of the kind of money used to fund the service.
This doesn't reflect the financial transactions - e.g. the people who run chat in the support center don't pay money to the people who provide identity management, even though the id management people would allocate some of their activity to the support center for that activity in the ABC.
The cabinet goes through the analysis annually, and looks at anything that has less than 85% satisfaction rating for elimination (or for increased funding to improve).
Laurie's slides from a 1997 CAUSE workshop on how to get started with ABC are online at http://www.stonesoup.org/Meeting.next/metrics.pres/CAUSE97.htm
Technorati Tags: business, CSG, CSG-Spring-2007, higher-ed, metrics
A panel with Paul Hill, Tony Chang, and Bruce Vincent.
Paul Hill kicks off the discussion with the obligatory "What is SOA" slide.
the first step is getting multiple groups to share a definition of what is meant by service.
MIT's EAG guide has multiple definitions of service.
SOA is a set of design principles that decomposes common functionality into discrete services that can be used by a variety of systems.
It is not a technology.
Service Models - Burton talks about Infrastructure Service Model (authn, authz, auditing, logging, session management, data persistence, transactions) - enterprises try to expose these for their developers; and Business process management, that models the services on business functions instead of underlying technology, e.g. courses, purchase, add/drop, assessment, etc.
Bruce shows a diagram that Stanford has been working on to show services around collaboration tools.
MIT has done some work on categorization of services, but as they started to dive down into the technology to deliver web services, people have come forward with new services that they either need or can provide - e.g. the student services folks came forward and identified a need for geocoding (zip code to lat-long, and also internationally). They had never anticipated that need (and it's interesting to note that the effort was catalyzed by the roadmap documentation effort).
Tony's talking about how the UW is undertaking some pilot projects to build community around SOA in order to understand how we might engage as a university around those efforts.
Ken from NYU says that they're working on an ITIL service catalog approach to listing the services that they offer, rather than taking on an SOA approach at present. Kitty notes that the admin systems group at Michigan is working with units to define data services around admin systems.
Lots of folks are working on building service catalogs - Chicago's new one is at http://findit.uchicago.edu, Washington's is at http://www.washington.edu/cac/planning/, Michigan's old one is at http://www.itd.umich.edu/services/index.ph
The panel is now talking about obstacles to SOA - designing for reusability takes additional time and money - developers don't know how to think about opening up their interfaces, don't know how to plan for different toolsets than the ones they're using. There's a group at MIT called the IT SPARC group - they engage with projects that don't have enough funding to take an enterprise approach to report the underfunding of projects that are too narrowly focused - they plea for one-time funding allocations to broaden scope. It's been partially successful to date, but it's early in the group's existence.
Tony's talking about the UW pilot SOA project, and how the approach is to try to understand how to build a framework that will encourage technology community around shared web services.
Bruce brings up the issue of maintaining backwards compatibility in services.
Paul points out that instrumentation of services is critical in terms of knowing who's actually using services.
Brendan is talking about the fact that there are also data problems that may be exposed in the services - data definitions can change the meaning of data without notice to the users of services. This can be somewhat mitigated by strong data dictionary practices, but most universities haven't been really strong in that area. As Tom Barton notes, this is not a new problem.
Paul says that many of the development units on campus haven't yet made the transition to be able to consume web services, and are more comfortable dealing with traditional interface mechanisms like c libraries, jar files, etc.
Technorati Tags: CSG-Spring-2007, soa
Jim Phelps from Wisconsin (the other UW) is talking about different models of enterprise architecture implementations.
- Informal / Ad hoc architecture
- Isolated architect - buried in one group
- Federated architecture - architecture deputies around campus working together
- Head architect with Domain architects
- central architecture review of projects.
Identity management seems to be the gateway architecture. Portfolio and project management seems to be an entry point for architectural planning.
Laws seem to motivate.
Mark Poepping from Carnegie Mellon is talking about "Architecture to Action" - what does architecture mean in terms of action - the measure of architecture is in its practical ability to help do better work in a better way. Architecture is social work - about building momentum over time, through a portfolio of success and reputation. But how do we measure the success of architects and architecture?
Ways to gain traction - how is architecture connected?
Some models -
- connected by leadership (CIO/CTO/Boss decrees/enforces)
- connected by process (Portfolio management for projects, business process review (continuing service support))
- connected behind the scenes (ad hoc discussions, alignment, social work)
(Oren comments that this last bullet should be "connected by relationships")
Areas to leverage traction
- WHere to apply architecture (scope of influence)
- some models:
- infrastructure-only
- IT-only
- enterprise-wide
- enterprise plus research support
- others?
There's a lot of discussion that bubbled out of the back channel now on the relative responsibilities of architects to do actual operational work vs. just taking the institutional view (or as Shel characterized it is "working in the ivory tower").
Elements of traction
1. what we do (operating architecture, how does it work?)
2. How we think about it (models pictures, how to organize thinking)
3. How we talk about it
4. What we could do (benchmark, research experiment, fasibility, familiarity)
5. What we should do ((default postures, formative guidance)
6. what we shoudld be concerned about these days
7. How should something be done
8. How's it goin?
Technorati Tags: CSG, CSG-Spring-2007, IT-architecture, architecture
Jim Phelps from Wisconsin is kicking off the workshop by talking about the ITANA group, which had its first f2f meeting yesterday. Over 20 people attended that meeting, where many people said that there was a lot of discussion about what IT architecture actually is and who is an architect (Jim characterized the discussion as "navel gazing").
Now we've got a panel representing different practices in IT architecture and governance at different institutions. Bruce Vincent from Stanford notes that we have quite a range of practices reflecting the structures and cultures of different institutions. The panel includes Tom Barton from U Chicago and our very own RL Bob Morgan in addition to Bruce and Jim.
Bruce says IT architects are working as influence peddlers - that's in a discussion of governance. Most at ITANA agreed that influence is more practical than formal governance. Influencing architecture early is critical - bringing it in late (like an architecture review board) dooms it to failure.
Tom notes that Chicago is not big on process, and they're not sure what architectural process is. But it should result in simpler more sustainable services, and a more common infrastructure. To do that some of the challenges are that people aren't connected enough to be aware of or comfortable with leveraging other people's work. At Chicago they've done several things to try to move this. One is that they've started having meetings of the chief technical people in each of the directorates. It's been good contact, but hasn't resulted in tangible outcomes. The enterprise architect has been involved with purchasing of new software for the institution, to do some vetting of security and integration in new packages - result is they're not shooting themselves in the foot quite as much. They recently formed an architecture group, which includes senior decision makers and senior tech people - 12-14 people. Aim to get buy-in and resource commitment. The idea is to make "more harmonious" decisions - e.g. what kinds of operating systems can be run in the data center. Engaging in a virtualization strategy using that group.
How services get advertised and shared is a problem. The "IT Ecosystem" is a web database that is designed to help people know who to talk to and characterize the mess.
RL Bob starts off by saying that he's here to represent the incoherent view, which both he and his institution are well suited for. One of the roles of the architect is to get everyone else to think like an architect, to think about the long-term, sustainability, etc. We don't have a single person respsonsable for architecture or an architecture office. Bob describes the attempt at UW to have an Architecture group, which tried to list architectural principles, which ended up not being entirely successful. Much architecture ends up working as advice and engagement in specific projects, which might imply roving bands of architects engaging in lots of projects. But not all projects take advantage of seeking out architectural advising (nor would that scale too far). The development of the product and service lifecycle has been more successful, and while it's not specifically about architecture, it at least has touch points where architecture can be considered.
Bruce talks about Portfolio Management - architects are asked to give an idea of relevant amount of investment and how long it will last - there's relatively little in the way of formal structure for this. At Stanford they have a body called the Systems Governance Group, which controls project money in large. Annually large projects have to come and "defend their right to exist". There's also a faculty subcommittee on computing that they've used successfully to gauge faculty support for efforts. Stanford has a Technology Architecture and Strategy Council, which has practitioners who are the lead technologists in various areas and have to "put up or shut up" on strategic direction and think about how their areas integrate and overlap with each other.
It strikes me that this conversation really represents a classic industrial style of "architecture" as a controlling system that can prescriptively decide what's correct at an institutional level. I tend to think of a post-modern concept of architect as a bricoleur (see quote below), working in more of an ad-hoc manner to build structures that use the materials at hand to respond to ever-changing needs.
In response to a question I asked about whether any of these architecture review boards include people from outside the central IT groups, Paul Hill noted that MIT's architecture review board has included people from across the institution that have reviewed projects on a regular basis, but that recently the non-central-IT folks requested that the central organization do the detailed reviews and report back to the whole group instead of having everyone involved.
The 'bricoleur' is adept at performing a large number of diverse tasks; but, unlike the engineer, he does not subordinate each of them to the availability of raw materials and tools conceived and procured for the purpose of the project. His universe of instruments is closed and the rules of his game are always to make do with 'whatever is at hand', that is to say with a set of tools and materials which is always finite and is also heterogeneous because what it contains bears no relation to the current project, or indeed to any particular project, but is the contingent result of all the occasions there have been to renew or enrich the stock or to maintain it with the remains of previous constructions or destructions. The set of the 'bricoleur's' means cannot therefore be defined in terms of a project (which would presuppose besides, that, as in the case of the engineer, there were, at least in theory, as many sets of tools and materials or 'instrumental sets', as there are different kinds of projects). It is to be defined only by its potential use or, putting this another way and in the language of the 'bricoleur' himself, because the elements are collected or retained on the principle that 'they may always come in handy'. Such elements are specialized up to a point, sufficiently for the 'bricoleur' not to need the equipment and knowledge of all trades and professions, but not enough for each of them to have only one definite and determinate use. They each represent a set of actual and possible relations; they are 'operators' but they can be used for any operations of the same type.
Technorati Tags: architecture, IT-architecture, CSG, CSG-Spring-2007
I'm in New York for the Spring CSG meeting, hosted by Columbia University.
The agenda looks great - three short workshops (instead of the usual one short and one long): Enterprise Architecture and SOA this morning; Metrics and Activity Based Costing & Measuring the value of IT to the Institution this afternoon; and the Modern Help Center tomorrow morning; followed by the CSG meeting on Thursday afternoon and Friday morning.
I'll be blogging as we go.
I hope to catch some jazz while I'm here - there's great stuff all around town this week.
There's been a lot of general head nodding on the web in reaction to Paul Graham's essay titled Microsoft is Dead.
Paul's assertion is not that Microsoft is out of business, of course, but that it's not a serious contender in the development of new technologies that matter.
After some of the things we've seen in the last couple of weeks my opinion is that, like Mark Twain, the reports of Microsoft's demise may well be greatly exaggerated, though I do have to agree with Tim O'Reilly's comment that MS's recent assertion that Linux violates 235 Microsoft patents without being willing to name them is totally reminiscent of Senator Joseph McCarthy's famous claim about communists at the State Department, and Tim's right-on when he says: Whether or not it's true, citing such a number without providing any detail is such a classic FUD move that, to me at least, it just makes Microsoft look ridiculous.
Last week we had George Moore and Walter Harp from Microsoft out to talk to our campus web services discussion group. George is the group manager of the Windows Live platform, and Walter is the Product Manager for Windows Live@edu (Microsoft's online offering for universities). George showed recently announced developments, including Sliverlight, a new platform for developing rich Internet applications. If I understand it correctly Silverlight combines methods for combining video (including high definition video) and interactivity controls into applications that render within a browser - think of it as a competitor to Adobe's Flash. It's use requires a browser plug-in, which Microsoft has made available for Firefox and Safari as well as IE. In addition to the base technology, MS is also offering the Silverlight Streaming service, which offers 4 GB accounts for free to host Silverlight applications, with outbound streaming quality of up to 700 Kbps. That speaks of a very hefty investment of resources by Microsoft.
The best explanation of Slverlight I've seen so far is the post in Scott Guthrie's blog. Scott also talks in this post about the implementation of a Dynamic Language Runtime to .NET that allows people to program >NET apps in popular dynamic languages. Microsoft is releasing DLR support for Ruby, Python, Javascript, and something new they're calling Dynamic VB. Perhaps most interesting, the DLR can be used in cross-platform Silverlight application in the browser.
As Tim O'Reilly notes (in a different post than the one I quoted above):
The RIA game really is heating up. Macromedia (now Adobe) started evangelizing this idea a long time ago, but it was Ajax that made it on the tip of every industry strategist's tongue. It's going to be very interesting to watch whether Silverlight and Sun's JavaFX make headway against Flash and Ajax in this space, or whether it's already game over.
In addition to showing us Silverlight, George also demonstrated some of the APIs to Microsoft Live services and the easy-to-use drop-in controls they're making available that build on those controls. The idea is to make it easy for people to build mashups of the various Live services. One of the most interesting controls is one that allows you to see your Live Contacts (think buddy list) dynamically within a web poge.
The very next morning after George and Walter were on campus Microsoft released the Popfly alpha. Popfly is a new service that allows you to visually construct web mashups within a browser by dragging controls onto a canvas and connecting the dots with a mouse. George kindly arranged for me to be invited to the alpha. I haven't had time to play with it much yet, but I did walk through the excellent tutorial, which walks you through creating a mashup that displays the location of new Twitter posts in Virtual Earth. I then tried to create my own mashup of showing where the closes Metro bus was in relation to my house, but I couldn't get it working in the fifteen minutes I had available to mess around so far. I was, by the way, working in Popfly in Firefox on my Mac, which worked fine. Popfly strikes me as similar in concept to Yahoo! Pipes, and it will be interesting to contrast the two and watch them both evolve.
So while I haven't always been a big fan of either Microsoft's software nor its business tactics, I do think that there is evidence of a whole new generation of talented people there who really get the Internet and Web 2.0 and are working hard to create some new and truly useful and interesting software there. While it's undoubtedly harder to refocus the huge corporate empire of Microsoft than it was in 1995 when Bill Gates issued his famous Internet Tidal Wave memo, I think there are definite signs of new energy emanating from Redmond. There's some life left in the old corporation yet!
Technorati Tags: business, mashups, microsoft, popfly, strategy, WindowsLive@edu
In a conversation this week with the MyUW team this week, it was noted that there was some information indicating that when MyUW users use the Search feature in MyUW, they think they're searching the entire UW, instead of just the database of services offered in the MyUW portal. So we decided to instrument the search box to log the search terms entered, and after a few days it was clear that the anecdotal information is clearly correct.
So Fang Lin whipped up a new search box, where the default will be a UW search. Here's shots of the old and the new - it should go into production early next week:
There are lots of lists on various blogs of people's favorite OS X software (some listed below).
One of my favorite little programs for OS X is SnapNDrag, which is a superior screen capture utility. While OS X comes out of the box with easy screen capture to pdf, that doesn't do you any good when you're trying to embed an image into a web page. SnapNDrag supports capture to PNG, JPEG, TIFF, and GIF, which makes like easy. Check it out.
Some lists of essential OS X software:
http://ducttaped.org/2007/4/26/software
http://pbgalvin.wordpress.com/the-best-mac-os-resources/
http://blog.founddrama.net/2007/03/essential-os-x-software-2/
http://andypiper.wordpress.com/2007/03/20/settling-in-with-os-x/
http://fuzzz.gaulin.ca/2007/02/03/so-you-bought-a-new-mac/
http://blogable.net/archives/2007/01/27/10-free-apps-every-mac-user-should-have/
http://www.43folders.com/2007/04/27/my-menubar/ (thanks, Bob!)
This might be of interest to lots of folks - I know my garage and basement tend to fill up with old electronics.
Spring Cleaning? Responsibly recycle your old electronics!
E-waste recycling event to take place at Rainier Community Center in South Seattle.
Seattle, WA - On Saturday, May 19th, 2007, individuals, small businesses, and community organizations are invited to recycle computers, monitors and TVs.
WHAT: Responsibly recycle used computers, monitors and TVs! All computer boxes (CPU's), computer monitors, computer peripherals and TV's will be accepted at the event. Computers, monitors and all TVs will be charged recycling fees ranging from $5 for computers to $25 for TVs. These fees are comparable to or less than the fees charged by the city and other recyclers. Working computer and monitor d onations are tax deductible.
WHEN: Saturday, May 19, 2007 from 9 AM - 4 PM. Rain or shine.
WHERE: Rainier Community Center
4600 38th Ave S, Seattle WA! 98118
(The center is located one block east of Rainier Ave S & S Alaska St)
WHY: Computer boxes (CPU's), computer monitors, computer peripherals and TV's all have heavy metals and are illegal to dispose of with regular garbage service. Proceeds and computers from the event will benefit the RecTech Coalition and InterConnection in their effort to steward the environment and provide computers to underserved areas throughout the world.
For event details visit: http://www.computers.interconnection.org/ecyclerainier/
For more on RecTech, see http://www.seattle.gov/parks/Centers/labs.htm
Technorati Tags: recycling
This line in Guy Kawasaki's interview of Seth Godin made me want to read Seth's new book, "The Dip: A Little Book That Teaches You When to Quit (and When to Stick)":
Losing organizations embrace tactics because they’re not flexible or brave enough to embrace strategy.
Is that a great line or what?
Seth goes on to say Smart organizations are clear and loud and vivid about their strategies and the market forgives them—endorses them too—when they change their tactics on the path of getting there.
That's good insight.
I spoke briefly about what we're up to in C&C Emerging Technology on Tuesday at a meeting of UW computing support staff. There were several hundred staff attending, and we managed to get some good suggestions from the participants about issues we should be investigating. We'll list those suggestions and have a space to add more of them over on our Etech blog site. In the meantime, my slides from the meeting (pdf) are here.
It was great to see everybody at the meeting!
Technorati Tags: UW
