IT Briefing Agenda 12/15/05 - PowerPoint PPT Presentation

1 / 40
About This Presentation
Title:

IT Briefing Agenda 12/15/05

Description:

... Proxy Servers Protects Front End server services Moving from ISA to an ... Jay D. Flanagan Clientless SSL VPN Remote Access to the Admin Trusted ... – PowerPoint PPT presentation

Number of Views:155
Avg rating:3.0/5.0
Slides: 41
Provided by: KarenJ99
Category:

less

Transcript and Presenter's Notes

Title: IT Briefing Agenda 12/15/05


1
IT Briefing Agenda 12/15/05
  • MS Campus Agreement
  • Exchange Update
  • VeriSign Certificates
  • Remote Access (f5)
  • it.emory.edu update
  • NetCom QA
  • John Ellis
  • John Ellis
  • Jay Flanagan
  • Jay Flanagan
  • Karen Jenkins
  • Paul Petersen

2
Emory Email Strategy
  • Draft
  • 12/2/2005

3
Rationale for Current Direction
  • EmoryLink report and related discussions revealed
    the following themes
  • Learnlink and enterprise email/calendaring serve
    different purposes
  • Strong student affection for Learnlink driven
    mostly by conferencing features no products that
    can currently replace Learnlink at comparable
  • Desire for a more enterprise quality email
    solution for the administrative layer of the
    institution
  • Preference for freedom of choice in email
    clients by faculty

4
Recommendation
  • A robust Learnlink offering for all students and
    for those faculty that wish to use it
  • For those faculty that only want email, the
    freedom to choose any email client (e.g., Eudora,
    Thunderbird, Outlook Express) on multiple
    platforms (e.g., PC, Mac, Unix, Linux) by taking
    advantage of the exposed IMAP or POP services on
    an Exchange server
  • For faculty that want email and scheduling, a
    variety of centrally supported, feature rich
    clients
  • PC Outlook, Outlook Web Client (Explorer,
    Firefox)
  • Mac Entourage, Outlook Web Client (Safari,
    Firefox)
  • Linux Evolution, Outlook Web Client (Firefox)
  • For administrative staff, a mandated set of
    options
  • Outlook (PC) or Entourage (Mac) for local access
  • Outlook web client for offsite access
  • For faculty/staff that spend time in the
    Healthcare setting
  • A HIPAA/PHI certified Exchange/Outlook solution
    that is offered on the Healthcare Virtual
    Desktop (VDT)

5
Learnlink
6
A Robust LearnLink -Initial Steps
  • Infrastructure will be hardened to support growth
    (need more specifics here)
  • LearnLink will be considered a Tier I enterprise
    application
  • LearnLink will continue to be accessible via a
    client, web interface, POP, or IMAP
  • Migration of content from Eagle Mail clients will
    be accomplished by client-side action

7
A Robust LearnLink - Longer Term Changes
  • Move infrastructure to a highly available Blade
    Architecture
  • Evaluate options for linking Learnlink with
    Universitys standard directories (LDAP/AD)
  • Streamline backups with EMC Replication Manager
  • Move core server gateways from Windows to Linux
  • Adopt upcoming Releases
  • 8.1 Enhanced workflow, customization, and
    application support
  • 8.2 Enhanced User Interfaces (client web)
  • 8.3 Enhanced Mobility Support (BlackBerry,
    PocketPC, Symbian, SyncML)
  • 9.0 Compliance and Archiving

8
(No Transcript)
9
Exchange
10
Why MS Exchange?
  • Despite the real and/or perceived issues with
    Microsoft, there is significant demand for the
    feature rich, widely utilized Exchange/Outlook
    combination. If we dont offer this service
    centrally, units will continue to adopt it and
    will be forced into supporting it locally, at
    higher cost
  • Market leader, and growing in market share (57
    in 2005)
  • Messaging server most supported by 3rd party
    vendors (mobile devices, unified messaging,
    compliance, retention, archiving)
  • The licensing costs of Exchange and Outlook are
    already covered as part of our new Microsoft site
    license
  • Although security is a valid issue, we believe it
    can be managed with an appropriate design and
    mix of 3rd party products

11
Exchange Security
  • All client communications restricted to Front End
    Servers
  • RPC over HTTPS communications (SSL Encryption)
  • OWA (SSL Encryption)
  • IMAP / POP3 / SMTP (authenticated / SSL / TSL)
  • ISA (Internet Security and Acceleration) Proxy
    Servers
  • Protects Front End server services
  • Moving from ISA to an appliance-based firewall
    solution
  • Outlook 2003 native support for personal key
    individually encrypted messages
  • Native Microsoft Database Encryption
  • Symantec Antivirus protecting servers and
    Symantec Mail Security protecting Exchange Mail
    and Databases
  • GFI Mail Essentials marking Spam

12
Expansion Plan
  • Current Exchange infrastructure will be expanded
    to support 6,000 Outlook email/scheduling clients
    9,000 email only clients (IMAP, POP, Web)
  • Hardware upgrades
  • Staffing changes
  • Phased, prioritized migration plan
  • Content migration accomplished by client-side
    action

13
Future Architectural Changes
  • Enhance spam scanning
  • Implement faster backup solution
  • Implement email archiving
  • Minimize necessity for quotas
  • Appropriately match requirements to storage
    technologies
  • Evaluate Exchange 2003 SP2 mobile push features
  • Link Exchange with HealthCare GroupWise servers
    so calendar data can be shared

14
Features Funding
  • Finalize feature set and policies
  • Finalize cost/funding model
  • Goal is to stay cost neutral compared to current
    centralized offerings so no additional
    allocations will be necessary

15
Digital Certificates
  • Jay D. Flanagan

16
Digital Certificates
  • Utilizing VeriSign SSL Global Certificates
  • Manage our own certificates via the VeriSign
    control center
  • Went from 10 to 50 over a 4 year period
  • Pushed all access for SSL up to 128 bit
    encryption
  • Cost 594.00

17
Digital Certificates
  • Moving to VeriSign SSL Standard Certificates
  • Manage our own certificates via the VeriSign
    control center
  • Purchased 75 certificates
  • Cost 175.00
  • Ordered 25 additional certificates and saved 20k

18
Digital Certificates
  • More affordable for schools and departments
  • Easy to request and implement
  • Request via the following URL
  • https//onsite.verisign.com/EmoryUniversityInforma
    tionTechnologyDivisionGlobalServer/server/index.ht
    ml
  • This URL can be found on the digital certificates
    web page at
  • http//it.emory.edu/showdoc.cfm?docid1384fr1025

19
ClientlessSSL VPN F5 Firepass
  • Jay D. Flanagan

20
Clientless SSL VPN
  • Remote Access to the Admin Trusted Core
  • Checkpoints Secure Remote Client
  • Limited number of Operating Systems that can be
    used with
  • Does not have Linux or Solaris client
  • Limitations and issues with MAC clients
  • Problems with other applications on user machines
  • Problems with ISPs (Bell South)
  • Manual installation of new clients
  • Reports of poor performance

21
Clientless SSL VPN
  • Current VPN architecture has single points of
    failure

22
Clientless SSL VPN
  • Customer Friendly tool
  • Easy to use with little or no manual intervention
    from customer
  • Usable with multiple operating systems and
    browsers
  • Scalable to meet future expansion

23
Clientless SSL VPN
  • Reviewed and evaluated three vendor products to
    replace Secure Remote
  • Aventail SSL VPN
  • Checkpoint Connectra
  • F5 Firepass
  • Chose F5 Firepass

24
F5 Firepass SSL VPN
  • Architecture for new Firepass SSL VPN

25
F5 Firepass SSL VPN
  • Go to https//vpn.emory.edu for access to the
    tool
  • Use network id and password for access

26
F5 Firepass SSL VPN
  • After logging in the user will be presented with
    two options

27
F5 Firepass SSL VPN
  • Admin Core Remote Access Only From On or Off
    Campus
  • This option should be chosen by those users only
    accessing the Admin Core
  • Specifically if the user is on campus
  • This option can also be chosen if the user is off
    campus and only needs access to the Admin Core
  • Emory University Remote Access INCLUDING Admin
    Core From Off Campus
  • This option should be chosen by those users who
    need to access both the Admin Core and the
    Academic Core
  • Specifically if the user is off campus

28
F5 Firepass SSL VPN
  • Once an option has been chosen
  • First time users will have a plug-in loaded
  • For windows users, this will be an ActiveX
    control
  • The plug-in is only loaded on the first login and
    will not be seen on future logins
  • May have to download the plug-in again for
    upgrades or when new features are added to
    Firepass

29
F5 Firepass SSL VPN
  • Once the plug-in has loaded users will see the
    following connection screens
  • After completing authentication this screen will
    automatically minimize
  • Users can now do their normal remote access work

30
F5 Firepass SSL VPN
  • Firepass supports the following browsers
  • Dell Axim, Version 4.21.1088 - Windows Mobile
    2003, Second Edition
  • Firefox 1.0.x
  • HP iPAQ 4155, Version 4.20.0 - Windows Mobile
    2003, First Edition
  • i-mode phone
  • Microsoft Internet Explorer, version 5.0, 5.5,
    or 6.0
  • Microsoft Pocket PC 2003 and Microsoft Pocket
    PC Phone Edition 2003
  • Mozilla version 1.7.x
  • Netscape Navigator, version 4.7x or 7.x
  • OpenWave WAP browser
  • Mozilla version 1.7.x on Apple Mac OS X 10.2.x
    systems
  • Safari version 1.2 on Apple Mac OS X 10.3.x
    systems
  • Safari version 2.0 on Apple Mac OS X 10.4.x
    systems
  • Toshiba E800, Version 4.20.1081
  • Windows Mobile2003, First Edition
  • XDA II, Windows Mobile 2003 First Edition

31
F5 Firepass SSL VPN
  • Additional Benefit
  • Specific checks on user machines before allowing
    access
  • Checks include
  • Windows Antivirus Checker - Enforces antivirus
    protection and checks endpoint for viruses
  • Windows Firewall Checker Checks presence of
    firewall
  • Other Checks include
  • Extended Windows Information Gets extended
    information about Windows OS
  • Internet Explorer Information Gets extended
    information about Microsoft Internet Explorer
  • Admin Console

32
F5 Firepass SSL VPN
  • Reviewing use of tool to replace current Nortel
    VPN
  • Working out the details with NetCom
  • vpn.service.emory.edu
  • Still several months away
  • More details in future Briefing

33
(No Transcript)
34
it.emory.edu
  • Karen Jenkins

35
Goals
  • Provide a new combined IT website for all three
    divisions
  • Links to other campus IT units
  • Work with FA on common template/approach for all
    FA divisions
  • Leverage existing content management system for
    near term improvements
  • Research and evaluate long term enterprise scale
    CMS solution

36
Schedule/Milestones
  • New it.emory site with new look and combined
    services
  • Add NetCom services
  • Add Healthcare services
  • FA template
  • New CMS
  • January
  • February
  • TBD
  • TBD
  • TBD

37
Manage IT
  • User Group Meetings
  • Jan. 4th 200pm330pm Kennesaw gt Reporting
  • Jan. 17th 930am1100am Kennesaw gt Training 101
  • Suppress notification now available
  • Purchased Dashboard module can now create more
    than 5 dashboards
  • Close on Resolution capability
  • Getting consultant beginning of January to bang
    out some of the customization requests
  • Healthcare update
  • Initial broad meeting (yesterday) went well
  • Getting quotes for licenses and consulting

38
(No Transcript)
39
NetCom QA
  • Paul Petersen

40
NetCom
Write a Comment
User Comments (0)
About PowerShow.com