STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
1
The Technical Services Stuff in IT ServicesThe Technical Services Stuff in IT Services
A brief tour of the technical and service offering plethora – who knew????A brief tour of the technical and service offering plethora – who knew????
Technology Training ServicesTechnology Training Services
October 2009October 2009
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 2
Course GoalsCourse Goals
• To help you integrate into IT Services by gaining the technical and service-oriented knowledge needed to be more productive.
• To improve your awareness of and promote the services, resources, and tools that the various groups within IT Services provide (to the campus at-large and also within IT Services).
• To provide a functional overview of the services and products, and how they interrelate across computing organizations and why they are important to the campus as well as IT Services.
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 3
Course AgendaCourse Agenda
The technical overview of the services provided by each of the main divisions within IT Services
• Strategic Planning• Human Resources• Architecture• Research Computing• Computing Services• Communication Services• Client Support• Business Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 4
Administrative Guide PoliciesAdministrative Guide Policies
Policies: http://adminguide.stanford.edu/• Admin Guide 1: University Code of Conduct• Admin Guide 61: Administrative Computing Systems• Admin Guide 62: Computer and Network Usage Policy• Admin Guide 63: Information Security• Admin Guide 64: Identification and Authentication Systems• Admin Guide 66: Chat Rooms and Other Forums Using
Stanford Domains or Computer Services• Admin Guide 67: Information Security Incident Response• Admin Guide 81.1: Telecommunication Services• Admin Guide 81.3: Provision of Mobile Equipment and
Related Services• Admin Guide 84: Credit Card Acceptance and Processing
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 5
HIPAA and FERPAHIPAA and FERPA
HIPAA (Health Information Privacy and Security)• http://hipaa.stanford.edu/• Protects the privacy of an individual’s health information
and govern the way certain health care providers and benefits plans collect, maintain, use and disclose protected health information (“PHI”).
• Be sure appropriate procedures are maintained to ensure that the HIPAA privacy and security rules are followed.
FERPA (Family Educational Rights and Privacy Act)• http://ferpa.stanford.edu• Provides students the right to consent to disclosures of
personally identifiable information contained in the student’s education records.
• Students, faculty, and others with questions regarding student records should contact the Office of the University Registrar.
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
Security IssuesSecurity Issues
Important security concepts all IT Services employees need to know and understand:• Admin Guide 63• Data Classification (Confidential, Restricted, Prohibited)
http://www.stanford.edu/group/security/securecomputing/dataclass_chart.html
• Encryption • Passwords: always use a secure connection when sending your
password!• Kerberos• Secure Socket Layers (SSL) and Secure SHell (SSH)• Stanford Desktop Tools
• Computers: be aware of how to encrypt the contents of your computer!• Stanford Whole Disk Encryption: (SWDE)
http://www.stanford.edu/services/encryption/wholedisk/index.html• Windows: http://securecomputing.stanford.edu/pc_file_encryption.html• Mac: FileVault (System Preferences > Security > FileVault)
page 6
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 7
IT Services Organization ChartIT Services Organization Chart
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 8
IT Services Organization ChartIT Services Organization Chart
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 9
Authentication: SUNet IDsAuthentication: SUNet IDs
Stanford University Network IDentifier• 3-8 character identifier• Permanent – cradle to grave – but aliases allowed!• Not private and not anonymous• Your “golden key” to online services• Password – change every 180 days• http://sunetid.stanford.edu
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 10
Authentication: Workgroup ManagerAuthentication: Workgroup Manager
Workgroup Manager Web application Defines groups of community members for use on
restricted web pages or applications
Workgroups are:• Lists of members in a group• Identified by their SUNet IDs• Given a name that uniquely identifies them. • Replicated into the Active Directory (AD) – more on AD
later!
A workgroup may also contain subgroups!
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 11
Authentication: Types of WorkgroupsAuthentication: Types of Workgroups
3 types of workgroups:
1. System-maintained workgroups:stanford:student (students) stanford:academic (faculty and students)stanford:faculty (faculty)stanford:administrative (staff and faculty)stanford:staff (staff) stanford:stanford (students, faculty, and
staff)
2. Department workgroups (often identified by the department’s assigned stem)
organization:businessaffairs_its gsb:affiliates helpdesk:consultants
3. Individual workgroups (identified by the owner’s SUNet ID preceded by a tilde ~)
~jdoe:book_exchange ~instr:friends ~santa:naughty_children
Using workgroups (with Webauth, for example) in a .htaccess file:AuthType WebAuth AuthType WebAuth AuthType WebAuthrequire privgroup stanford:staff require privgroup its:directors require privgroup
~instr:friends
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 12
Authentication: KerberosAuthentication: Kerberos
Kerberos:• A network authentication system for use on physically
insecure networks. • The heart of Stanford’s campus-wide network security
infrastructure.• Prevents eavesdropping or replay attacks.• Provides for data stream integrity (detection of
modification) • Prevents unauthorized reading of data using
cryptography systems such as the Data Encryption Standard.
• Is the official method for authentication at Stanford(see Admin Guide 64)
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 13
Authentication: Kerberos–A Screencast on How It Authentication: Kerberos–A Screencast on How It WorksWorks
Computing Services
From Password to Service Request to Service Ticket
Screencast Played Here
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 14
Authentication: Establishing Kerberos CredentialsAuthentication: Establishing Kerberos Credentials
Windows: • Network Identity Manager (NIM) • Stanford Desktop Tools• http://www.stanford.edu/services/ess/pc/docs/kerberos/
Macs: • Kerberos for Macintosh (runs in the background) • Stanford Desktop Tools• http://www.stanford.edu/services/ess/mac/docs/kerberos/
Unix: • kinit• http://unixdocs.stanford.edu/loggingin.html
How does it work?1. User runs NIM (Windows) or Stanford Desktop Tools (Windows/Mac) or
kinit2. User logs in with valid SUNet ID and corresponding password3. Kerberos credentials are established!
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 15
Authentication: Web Authentication (WebAuth)Authentication: Web Authentication (WebAuth)
Open-source web-based system for authenticating users (developed here!)
Protects web sites on the main Stanford web servers Can be used with other Apache-based web servers How does it work?
1. User visits a protected website2. Login screen appears and user enters SUNet ID and password3. User’s identity and Kerberos ticket carried in a cookie
https://weblogin.stanford.edu/help.html http://webauth.stanford.edu
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 16
Authentication: Web Login (WebAuth continued)Authentication: Web Login (WebAuth continued)
2 keys are given to you when you log in: 1. a key to the specific web site or service you visited, 2. and a "master" key that opens other protected web sites.
The keys last until you quit your browser program, or until they expire – up to 10 hours later.
Be sure you have "turned in your keys" by quitting your browser before you leave your computer. • Otherwise other people can access websites as though
they are you!
Note:• Using a protocol called SPNEGO, supported browsers can access
protected web sites using Kerberos credentials obtained from your computer login instead of using the WebLogin screen.
• For details, go to https://weblogin.stanford.edu/config.html
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 17
Authentication: ShibbolethAuthentication: Shibboleth
http://www.stanford.edu/services/shibboleth/
Lets you access secured non-Stanford sites (only those who have joined a common federation) using your SUNet ID.
Lets Stanford web servers authenticate users from those non-Stanford institutions using their local authentication credentials.
Example: COManage – Internet2 Project• Still in development…• COManage is the Collaborative Organization Management Platform
developed by the Internet2 Middleware Initiative. It is intended as a demonstration of the capabilities offered by tying together federated identity management (Shibboleth), groups management (Grouper), and (coming soon) privilege management into a cohesive support infrastructure for a variety of collaborative applications.
• http://middleware.internet2.edu/co/• http://comanage-dev.stanford.edu/
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 18
Authentication: Guest AccountsAuthentication: Guest Accounts
Based on email address Uses Shibboleth as authentication A Stanford Guest Account allows you to view specific
Stanford web pages that normally require Stanford-Affiliated SUNet identification. A Guest Account might allow you to view and interact with web-authenticated department, individual, and group pages. The owner of the restricted pages can allow you to access them via your Guest Account.
Note: A Guest Account cannot be used to access any restricted data including HIPAA, FERPA, or PCI-regulated data.
http://www.stanford.edu/service/guest/
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 19
Distributed File Systems – AFS (Andrew File Distributed File Systems – AFS (Andrew File System)System)
Stanford’s campus-wide file system Allows users to efficiently share files across local and
wide area networks System is backed up nightly University’s main web site and linked files hosted on
AFS
http://www.stanford.edu/services/afs/
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 20
Distributed File Systems – AFS disk space quota Distributed File Systems – AFS disk space quota
1 GB of disk space per users, group, or department
Can be used to store web pages, text files, computer programs, pictures and other digital data
Learn more:http://www.stanford.edu/services/disk-space/
Request group/dept space or increase quota:http://tools.stanford.edu/
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 21
Distributed File Systems – OpenAFSDistributed File Systems – OpenAFS
Lets you access AFS space on a desktop computer as a shared drive
http://www.stanford.edu/services/openafs/
Computing Services
Mac Windows
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 22
Distributed File Systems – Copying Files to AFSDistributed File Systems – Copying Files to AFS
For step-by-step instructions on copying files to AFS, visit http://filetransfer.stanford.edu/• OpenAFS• SFTP (Fetch/SecureFX)
WebAFS is a new, web-based method to easily copy files to AFS• http://afs.stanford.edu/• http://www.stanford.edu/services/afs/webafs/userguide/
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 23
Distributed File Systems – Workgroup IntegrationDistributed File Systems – Workgroup Integration
Workgroups can be integrated with AFS, Mailing Lists, and the Active Directory
https://tools.stanford.edu/cgi-bin/workgroup-admin
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 24
Distributed File SystemsDistributed File Systems
Common Internet File System (CIFS)• CIFS (Common Internet File System) = “file servers”
• Also known as “Server Message Block”• Also known as the “Windows File Sharing”
• At Stanford, we use the CIFS protocol to provide access to a central file service.
• Can be used to share and store files for groups and departments.• Authentication is via Kerberos and NTLM version 2 (Windows NT LAN
Manager)
http://www.stanford.edu/services/storage/lowcost/cifs/
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 25
Backup, System Security, and Anti-VirusBackup, System Security, and Anti-Virus
Backing Up:• Desktop/laptops (e.g., Mozy, Iron Mountain (BaRS being deprecated))
• Basically outsourced with a Stanford rate - CRC can help if part of a CRC contract
• Servers (e.g., AFS) - Using TSM (looking at disk to disk backup solutions)
System Security:• BigFix – http://www.stanford.edu/services/bigfix/
An OS patch management service which distributes critical security updates to Windows PCs and Macintoshes.
• PC Security Self-Help - http://www.stanford.edu/group/security/securecomputing/
• OS Updates• Windows: http://windowsupdate.microsoft.com/• Apple: http://support.apple.com/• Linux/Unix
Anti-Virus: Sophos (Stanford site-licensed anti-malware software, providing protection from both viruses and adware/spyware)• http://ess.stanford.edu/pc/sophos.html• http://ess.stanford.edu/mac/sophos.html
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 26
Business Applications SupportBusiness Applications Support
Support for ITS internal business apps and campus-wide enabling applications
Pinnacle (Billing), OrderIT, MyITServices
General Enterprise/IT Support Systems• Remedy/HelpSU - tickets; reporting• CMDB (Content Management DataBase) – at Stanford, we use Remedy
Calendaring• Zimbra information: http://www.stanford.edu/services/emailcalendar/
Docushare• A content and document management system• http://docushare.stanford.edu
Infra • Change Management system used to create, approve, schedule, and
provide notification of change requests related to IT systems hardware and software
• http://changemanagement.stanford.edu
Stanford Answers (also Client Support): http://answers.stanford.edu
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 27
Business Applications Support (continued)Business Applications Support (continued)
Support for ITS internal business apps and campus-wide enabling applications
ACES (Access Control Enterprise Systems) – Card access to buildings
• Lenel
• CS Gold
eCommerce – a suite of services that enables Stanford's schools, centers, and departments to establish themselves as merchants, and market and sell products and services on the web. Managed by the Controller’s Office.
SMARTS – monitoring tool to monitor and respond to alerts from networks (phone, switch, data, VOIP, Net-to-Switch/Jack), door security, and environmental systems in the data centers
Unanet – time tracking tool that IT Services uses internally to track staff work time
Jira – tool used to track bugs and other issues in enterprise software used at Stanford
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 28
Departmental compute serversDepartmental compute servers
Remote access to high-speed, high-power computing resources to support large jobs and provide support for core curriculum and research
Support for departmental or course-specific computing needs.
Specific compute services that don't scale to an enterprise level.
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 29
Database Services – MySQLDatabase Services – MySQL
IT Services provides consulting and assistance with databases and database vendors, as well as hosting and support.
MySQL service• Popular open source database management system• With PHP programming language, used to build dynamic,
interactive Web sites. • Available for Stanford departments and official University
groups and services• https://www.stanford.edu/services/sql/• http://mysql.stanford.edu
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 30
Database Services – Microsoft SQL and OracleDatabase Services – Microsoft SQL and Oracle
Microsoft SQL• Microsoft’s implementation of SQL• IT Services offers support for departments who have
implemented Microsoft SQL Oracle
• IT Services provides consulting and assistance with databases and database vendors, as well as hosting and support.
• Note: No Oracle DBAs in-house For-fee services - supported via Ntirety
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 31
Directory Services (Registries)Directory Services (Registries)
OpenLDAP (Open Lightweight Directory Access Protocol)• http://www.stanford.edu/services/pubsw/package/network/openldap.ht
ml• http://www.stanford.edu/services/directory/• http://www.openldap.org/
Active Directory• http://windows.stanford.edu/Public/Infrastructure/Services/Directory.ht
ml Whois / StanfordWho
• http://stanfordwho.stanford.edu/ StanfordWhat
• http://stanfordwhat.stanford.edu/ Workgroup Manager
• http://workgroup.stanford.edu/ StanfordYou
• http://stanfordyou.stanford.edu/ Printed Directory (ASSU)
• http://assu.stanford.edu/
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 32
Directory Services (Registries)Directory Services (Registries)
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 33
Technical Facilities (TFAC)Technical Facilities (TFAC)
Provides operational management and support for:• IT Services production systems• Infrastructure supporting these systems• Data Centers
• Forsythe, Sweet Hall, the 12 ECH (Electronic Communication Hub) facilities, and the Auxiliary Data Center in Livermore, CA)
Responsible for:• Space Planning• Vendor/Customer Coordination• System Hardware Installation• Cabinetry• Low Voltage Cabling and Branch Circuit Distribution• Tracking all equipment in the data centers, IT Services,
Administrative Services, and the CFO’s office (Property Administration)
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 34
Storage ManagementStorage Management
IT Services provides solutions to data storage needs for all levels — individual, departmental, and institution-wide (enterprise). • 1 GB of AFS storage space is provided at no charge• Three additional tiers of fee based storage, each priced per
gigabyte for maximum flexibility. This service provided by block-level, or file-level storage
with multiple available protocols (SAN, NAS, iSCSI, CIFS, AFS, etc).
For interconnection, fiber channel and iSCSI is recommended
http://www.stanford.edu/services/storage/
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 35
Unix/Linux/Windows System AdministrationUnix/Linux/Windows System Administration
Unix/Linux System Administration• Plan, manage and operate development and production
servers in Forsythe Data Center, Sweet Hall, and West ECH, East ECH, and Press ECH.
• http://www.stanford.edu/services/unixcomputing/
Windows System Administration• Addresses the need to move closer to single sign-on• Provides location-independent access to resources,• Provides manageability and security for the Microsoft
Windows platform• http://windows.stanford.edu/
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
Web Services – Infrastructure StuffWeb Services – Infrastructure Stuff
ITS web services allow clients control over the collection (database) and presentation (web) of information using various tools.
Virtual Host:• Lets you have a shorter web address (URL – Uniform
Resource Locator)• Learn more: http://virtualhosting.stanford.edu• Request or update existing: http://tools.stanford.edu
Web Searching: • http://search.stanford.edu/• http://www.stanford.edu/services/websearch/Google/
Web Space: http://www.stanford.edu/services/web
page 36
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
Web Services – DatabasesWeb Services – Databases
MySQL• Popular, free, open-source relational database
management system known for its speed, reliability, and ease of use.
• http://www.stanford.edu/services/sql/• http://mysql.stanford.edu• Request a database: http://tools.stanford.edu/
Microsoft SQL• Microsoft’s implementation of SQL• IT Services offers support for departments who have
implemented Microsoft SQL via Ntirety support (for-fee service)
page 37
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 38
Web Services – Forms and CGIWeb Services – Forms and CGI
CGI (Common Gateway Interface): Lets you run programs on the Web – providing dynamic
content, collecting user input, and offering services Ruby, Python, PHP and Perl languages are supported http://cgi.stanford.edu/ Request CGI service: http://tools.stanford.edu/
Form Builder: Build, publish, and manage web forms on the Stanford
servers http://formbuilder.stanford.edu http://www.stanford.edu/services/webforms/
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
Web Services – Content Management Systems Web Services – Content Management Systems (CMS)(CMS)
Content Management Systems (CMS):• Drupal installation: http://tools.stanford.edu/• Stanford look and feel templates:
http://web.stanford.edu/design/templates/modern/• SharePoint: http://www.stanford.edu/services/sharepoint/
Other systems will work, but aren’t necessarily supported. Your mileage may vary!
Note: These products are evolving. Stay tuned for new developments!
page 39
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
Web Services – BlogsWeb Services – Blogs
Blogs:• MovableType installation: http://software.stanford.edu/• WordPress installation: http://tools.stanford.edu/• Drupal installation: http://tools.stanford.edu/• Stanford look and feel templates:
http://web.stanford.edu/design/templates/modern/• SharePoint: http://www.stanford.edu/services/sharepoint/
Other systems will work, but aren’t necessarily supported. Your mileage may vary!
page 40
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
Web Services – WikisWeb Services – Wikis
Wikis:• MediaWiki installation: http://tools.stanford.edu/• Drupal installation: http://tools.stanford.edu/• Stanford look and feel templates:
http://web.stanford.edu/design/templates/modern/• SharePoint: http://www.stanford.edu/services/sharepoint/
Other systems will work, but aren’t necessarily supported. Your mileage may vary!
page 41
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
Web Services – SharePointWeb Services – SharePoint
Fee-based service Offers tools for managing content on the Web Contains wikis, blogs, discussion forums, event
calendars, announcements, task lists, etc. built-in Workflow tools help manage and automate business
processes (approvals/publishing) http://www.stanford.edu/services/sharepoint/
page 42
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 43
Email at StanfordEmail at Stanford
Email at Stanford: http://email.stanford.edu/
Antivirus / SPAM (Sophos PureMessage): http://email.stanford.edu/antispam
Bulk email: Send email to large numbers of Stanford users for official, approved Stanford administrative purposes.
Mailing list services (Mailman): http://mailman.stanford.edu
Secure email: http://secureemail.stanford.edu/T
his service is for off-campus secure communication
(extra hurdles for data security)
Email Service Tools: http://tools.stanford.edu
Support for Microsoft Exchange servers
ITS is running a BES server for Blackberry devices
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 44
Stanford Collaboration Tools (Email/Calendar/IM)Stanford Collaboration Tools (Email/Calendar/IM)
Integrated Email and Calendaring (IEC) web site: http://iec.stanford.edu
Stanford Email and Calendar services web site: http://www.stanford.edu/services/emailcalendar/
IEC solution• Webmail: http://webmail.stanford.edu/• Webcal: http://webcal.stanford.edu/• Desktop tools (Outlook, iCal, Apple Mail, Thunderbird):
http://www.stanford.edu/services/emailcalendar/desktop
Stanford Instant Messaging• http://im.stanford.edu/• Centrally-funded instant messaging service provided free-of-charge to
the Stanford community, using kerberos, SSL, and the jabber (XMPP) protocols
• A safe and secure way to conduct confidential Stanford business online, real-time. (Messages are secure only when sent between Stanford accounts.)
Computing Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 45
IT Services Organization ChartIT Services Organization Chart
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 46
Network: BackboneNetwork: Backbone
SUNet: Our 10Gbps Backbone Network• Campus networks divided into 10 Operational Zones (OZ)
• 4 OZs for the main campus networks (BOZ, ROZ, POZ, GOZ)• 2 OZs for the residential networks (COZ, SOZ)• 1 OZ for the School of Medicine (MOZ)• 1 OZ for the School of Engineering (YOZ)• 2 OZs for the machine room server networks (FOZ, WOZ)
• Off-Campus Connectivity• CalREN – California Research and Education Network
• Operated by CENIC (Corporation for Education Networks Initiatives in California)
• 10Gbps to CENIC Sunnyvale• 1Gbps to CENIC Oakland
• Internet2 connection via CENIC• CalREN-Digital California (DC) connection via CENIC• CalREN-High Performance Research (HPR) Network via CENIC• Internet connection via Cogent Communications (1Gbps)• Internet connection via CENIC ISP
Communication Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 47
Network: BackboneNetwork: Backbone
Our network database tool: NetDB• Stanford University-developed database application• Stores Network and Node configuration information• Assigns and manages IP addresses of machines• Information loaded into DNS (Domain Name Servers) and
DHCP (Dynamic Host Control Protocol).• http://netdb.stanford.edu
Stanford Network Self-Registration (SNSR)• Web-based method to self-check a computer and register it
in NetDB (using the SNSR template)• http://www.stanford.edu/services/selfreg/
Load Balancing• Managed server load balancing service for firewalled
systems in the FOZ, WOZ, and core operational Zones• http://www.stanford.edu/services/loadbalance/
Communication Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 48
Network: Net2SwitchNetwork: Net2Switch
Net2Switch• Centralized service model • Support for internal and external network infrastructure. • Local Network Administrator (LNA) maintains control of
patching active ports in the network closet
Communication Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 49
Network: FirewallsNetwork: Firewalls
Administrative Firewall• Firewall service for servers residing in IT Services
supported data centers• For University mission critical systems with restricted data• https://www.stanford.edu/services/firewall/
Departmental Firewall• Protects computers on a local network• Opt-in service• Utilizes virtual firewall technology to allow Local Network
Administrators to define their own firewall policies for their department
• Approximately 300 networks are behind the Departmental Firewall Service
Communication Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 50
Network: WirelessNetwork: Wireless
Lets you access the network without wires! (d’oh!)• Over 3,200 Wireless Access Points deployed• Over 10,000 devices associate on the WiFi daily• http://www.stanford.edu/services/wirelessnet/
• Wireless Guest• You can grant guests access to the wireless network for up to 2 weeks
at a time• https://www.stanford.edu/group/networking/cgi-bin/wirelessguest/accou
nts
• Wireless map & coverage• http://its.stanford.edu/cgi-bin/services/wirelessnet/wireless_map.pl
• Wireless security (or rather, the lack thereof…)• Stanford does not currently encrypt data on the wireless network.
Please keep this in mind when you transmit data.
Communication Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 51
Network: Remote AccessNetwork: Remote Access
VPN: http://vpn.stanford.edu/• Lets you connect to SUNet remotely from anywhere in the world• Administrative VPN – gain access to the systems and databases
DSL• Network connection to Stanford’s SUNet from home• DSL for Faculty/Staff
Cable Modem• Stanford West• Students
iPass• A remote connectivity service with access to wireless hotspots,
wired broadband, and dial-up. Only available for Stanford faculty and staff.
Work Anywhere: http://workanywhere.stanford.edu/• Tools and best practices for working from non-traditional locations• Click “Mobile Workers” or “Managers” for tips related to your role at
the University
Communication Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 52
Security OperationsSecurity Operations
IT Services’s Network Security Operations group• Blocks traffic at the perimeter and at firewalls• Employs preventive scanning, logging, notices and alerts• Works in concert with the Information Security Office
(separate entity)
Communication Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 53
Telephone OperationsTelephone Operations
Telephones and Voice Mail for Faculty/Staff Voice Over Internet Protocol (VOIP) Wireless VOIP Pocket Phones (Medical Center) Cellular Phones
• Cellular Phones for Personal Use• Cellular Phones for University Business
Hands-on Client Consulting for Large Order Requests• Automated Call Distribution (ACD)• ECP (Enhanced Call Processing)
Unified Messaging (see next slide)
Communication Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 54
Telephone Operations: Unified Telephone Operations: Unified Messaging/VoicemailMessaging/Voicemail
Replaces the legacy voicemail system
More storage: store up to 100 messages
No expiration: Messages can be stored forever instead of expiring in 24 days
Receive voicemail messages by phone, web portal, or in the email
Can receive faxes
Can have the system try multiple numbers before going to voicemail (“Find Me, Follow Me”)
Unified Messaging Web Sites
• More information on voicemail at Stanford:http://voicemail.stanford.edu
• More information on the voice messaging system:http://voicemessaging.stanford.edu
• Connect to the web portal for your voicemail:http://myvoicemail.stanford.edu
Communication Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 55
IT Services Organization ChartIT Services Organization Chart
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 56
Enterprise Help ServicesEnterprise Help Services
Help Desk• Tier 1 – main, front-line help desk (answers 5-HELP and routes
HelpSU tickets using Remedy)• Tier 2 – responds to the more advanced help tickets• (Tier 3 - ITS internal support to Tier 2)
IT Operations Center (ITOC) • 24x7x365 monitoring and incident management coordination• IT Services systems and applications• Data Center Building Facilities• Repair line for phones, cable TV, campus card system, etc.
Stanford Answers• Knowledge Management portals for support groups and clients• http://answers.stanford.edu
Client Support
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 57
Computer Resource Consulting (CRC) Computer Resource Consulting (CRC)
Computer Resource Consulting (CRC) • Desktop and departmental server support • Macs and Windows systems • Contract, fee-based Service Level Agreement (SLA) basis
• http://www.stanford.edu/services/contract-support/• On-call Services for clients who need additional help with desktop
or servers for a fee• http://www.stanford.edu/services/oncall/
• CHAMP (Campus Hardware Maintenance Program)• Hardware maintenance contracts• http://www.stanford.edu/services/champ/
Desktop Systems Group• Desktop Tool Development and Support (both Mac and Windows
systems)• Research and testing future desktop technology• Install wrapper development for campus applications
Client Support
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 58
Order ManagementOrder Management
Pinnacle (ITS billing system and CommServices work order management)
OrderIT (for faculty, staff, and departments) MyITServices (for Students) ePay (for Students) On-site Cell and Card Services Support Service Desk
• Ordering• Provisioning
Client Support
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 59
Operator Services CenterOperator Services Center
24x7/365 call center for Stanford University, Stanford Hospital and Clinics, Stanford School of Medicine, and Lucille Salter Packard Children's Hospital
Handle dispatching for emergency Code calls Provide overhead paging services Provides communication services for defined procedures. Answer calls for assistance and referral relating to
• Residential and Dining Services• Campus Facility Operations• environmental health and safety• organ offerings and body donations• CATH team• Dialysis and Transplant Services
More information:http://www.stanford.edu/dept/its/organization/osc/
Client Support
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
Campus Card ServicesCampus Card Services
The Stanford ID Card: what can it do?• It’s an ID card! (surprise!)
• It’s an electronic key! (allows you to enter and access secured facilities)• Access Control Enterprise
System: http://www.stanford.edu/services/aces/• Lenel (door access system)• CSGold• access to facilities
• It’s a point-of-sale card! (allows you to make purchases with funds deposited in a Cardinal Dollars account – meals, printing, etc.)
• http://campuscard.stanford.edu/
• NOTE: Client Support is the business owner for the Campus Card and provides the ID Card Services; Application Support (Computing Services) owns the applications which proved the functionality (see slides 25-26)
page 60
Client Support
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 61
Software delivery/licensingSoftware delivery/licensing
ESS (Essential Stanford Software)• http://ess.stanford.edu/• Suite of applications, from anti-virus to file exchange, free for
faculty, staff, and students via the Web Stanford Desktop Tools
• Application that simplifies the process of keeping your Stanford site-licensed software up-to-date.
Pubsw• Over 500 free and site-licensed Unix software tools installed in
AFS Licensed software
• 100’s of products available at low cost to Stanford departments, faculty, staff and students
• http://softwarelicensing.stanford.edu Software available to IT Services staff (operating systems,
Microsoft Office, check with Software Licensing for current info)
http://software.stanford.edu• University's central gateway to information about software on
campus
Client Support
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 62
Software ServicesSoftware Services
Software Licensing group http://softwarelicensing.stanford.edu Support for ITS initiatives and projects needing licensed
software Support for finding software
Purchasing/Contracts Support for departmental purchases of software http://fingate.stanford.edu/staff/buypaying/ SmartMart (Catalog Ordering in iProcurement)
http://fingate.stanford.edu/staff/buypaying/smartmart.html
Stanford Bookstore Personal purchase of Microsoft and Adobe (and other)
software at low prices. http://bookstorecomputers.stanford.edu
Client Support
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 63
Web Standards and TechnologiesWeb Standards and Technologies
Web resources and standards• http://web.stanford.edu/design/
• Templates for Web Sites, Blogs, Wikis, Drupal• Style Guides for HTML and CSS• Links to graphics and artwork (logos)• Links to video and multimedia tools
Documentation, Design, and Development group• Offers support for client-facing websites• Offers basic, internal (IT Services) web site design
assistance • Offers basic, internal (IT Services) web programming and
development assistance (in conjunction with Computing Services)
• http://its.stanford.edu/organization/documentation/
Client Support
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 64
Technology Training ServicesTechnology Training Services
Training courses (from in-house and contract instructors) End-user courses (Excel, Dreamweaver, Web Design,
PowerPoint, email, calendar, etc.) IT Professional Development courses (Drupal, PHP, Perl,
MySQL, etc.) Training by Appointment (1-on-1 Training Sessions) Classes on Request for groups/departments Tech Briefings
• Weekly drop-in sessions with information for power-users and Stanford's technology support community
• Fridays, 2-3:30pm, Turing Auditorium Lab and Training Facilities Rental http://techtraining.stanford.edu
Client Support
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 65
Campus ReadinessCampus Readiness
http://its.stanford.edu/organization/documentation/indepth_functionscr.html
Part of Technology Training ServicesProvides time-sensitive training and demonstration support to a wide variety of upcoming software, services, and upgrades being rolled out to campus (e.g., IEC)
Client Support
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 66
IT Services Organization ChartIT Services Organization Chart
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 67
Business ServicesBusiness Services
Service Management (and Business Partners)https://www.stanford.edu/dept/its/group/allstaff/management/account/
• Focal point for IT Services’ management of our services• client contact, advocacy and partnership
• Produce business plans and service level agreements (SLAs)• support for ITS planning, deployment, and operations
• Work with PMs, technical owners, documentation/design folks, and business analysts
• handles ITS sun-setting planning
• Service Managers• Computing Services• Communication Services
Business Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 68
Business ServicesBusiness Services
IT Services staff can enter client requests for new services. If one of your clients asks for a service that doesn’t exist yet, be sure to add it to the list!
Client Requests for New Services:• Form to request a service:
https://its.stanford.edu/group/allstaff/new_service_requests.fb
• List of current requests for services:http://docushare.stanford.edu/dsweb/Get/Document-73496/Service-Requests.xls
• You can also get to the form and the list of current requests by going to the Internal IT Services site (from http://its.stanford.edu, click Internal)
Business Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 69
Business ServicesBusiness Services
Project and Process Management• Project Management (Unanet)• Quality Assurance (QA)
• Silk Performer• JIRA
• Metrics• Project and Process Management
• Planning Project for 3-Year Process Project (informed by ITIL framework)
Finance and Business Analysts• Reporting (Pinnacle, OrderIT, MyITServices) – see also Client
Support• Expense Control and Billing Services• Financial Modeling for Services• Financial Partners
Administrative ServicesThe most important people you should know in ITS!
Business Services
STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES
page 70
Q & AQ & A
Any questions?
A parting note from ISO:Be aware of Admin Guide 67 on Security Incidents
AND“Don’t touch the crime scene!
(at most, just unplug the network)”