The significant advances in the University's information technology environment must be maintained and every effort must be made to continue the pace of advancement to support the increasingly sophisticated technology needs of the University community. Future initiatives will build on what has been accomplished and will continue to focus on the goals that have been established in the technology plan. As progress continues and applications and services are upgraded or replaced, the conceptual information technology structure, diagramed below, will accurately represent the University's environment.

Figure 3

The direction and initiatives that will be undertaken over the next three years are described in the following sections.

Security

A comprehensive security plan will be systematically implemented to address network, application, and data security throughout the University. The proliferation of hacking attempts, software vulnerabilities, virus attacks, peer-to-peer file sharing software usage, and new governmental regulations have increased the necessity for strict security policies. The mission of the University requires that security be implemented in a way that addresses the legitimate need to protect online collaboration and access to data that is central to the teaching and research missions of a major university.

Strides have been made in implementing services and systems to address security issues, including implementation of network-based firewalls to protect identified segments of the network, ongoing review of central systems and services to reduce vulnerability to authorized access and attack, ongoing investigation of issues arising with compromised machines on the network and machines that have been identified as using significant proportions of available bandwidth, formal procedures for handling complaints of electronic copyright infringement by members of the University community, the provision of centrally funded anti-virus software to the University community for desktop computer use, publication of security-related information on the Information Technology Web site, and dissemination of important security information to University units by means of the Expert Partners program.

In addition to these initiatives, the comprehensive plan will address the legitimate need for University research faculty to access protected medical data housed on the UPMC network and will enhance measures to protect similar data housed within the University's network. The plan will also provide policies, standards, and recommendations for University units as they address security issues involving unit-based applications, services, and data. The plan will be developed to ensure that the resulting security standard is in compliance with applicable laws and to ensure that industry best practices have been fully considered. The goals of the plan include protecting information belonging to the University and any information within its custody by safeguarding its confidentiality, integrity, and availability. The plan will define steps to ensure that the University is able to continue activities in the event of a disaster or significant security incident. A disaster recovery plan will be developed in conjunction with the comprehensive security plan. The disaster recovery plan will use information obtained from a business continuity plan to define the resources, actions, tasks, and data required to manage the business recovery process. The information gained from a business continuity plan includes a risk assessment and business impact analysis to identify locations, functions, and applications most critical to the operation of the University.

To guarantee that resulting University security policies and standards remain current with technology, industry best practices, and applicable laws, these policies and standards will be reviewed on an ongoing basis following adoption and implementation and will be revised as needed.

Encryption Solutions for Network Communications

To ensure the security of network communications, a comprehensive review of all data transmissions will be conducted to identify all protocols, systems, and processes that transfer plain text information over the network. Examples include Telnet, FTP, electronic mail, and non-secure Web sessions. Following this review, encryption solutions will be identified and a project plan developed to ensure that data encryption standards are applied to electronic data transfer over the network and Internet according to industry standards for that type of data transfer.

Intrusion Detection Solution

The University will assess hardware and software intrusion detection solutions to further enhance the security of the network, servers, and desktop devices. Intrusion detection solutions gather and analyze information from various areas within a computer or network to identify possible security breaches, including both intrusions and misuse. Intrusion detection functions include monitoring and analyzing user and system activities, analyzing system configurations and vulnerabilities, analysis of abnormal activity patterns, and tracking security policy violations. The implementation of an intrusion detection solution is intended to protect the network and connected devices from malicious attacks that threaten the security and stability of infrastructure.

Network Infrastructure

The University's current information technology architecture model is illustrated in Figure 1. The base of the diagram is the network infrastructure layer, consisting of physical network components. These components form the University's data and voice network, known as PittNet.

PittNet provides service to some 32,000 undergraduate and graduate students and approximately 10,500 faculty and staff. PittNet consists of a fiber-based Gigabit Ethernet backbone with redundant connections to each of the six network core sites. The network also includes an OC-48 SONET ring connection to the University's computer facility at RIDC Park in O'Hara Township, providing redundant gigabit service to this facility. End-user connections consist of more than 26,000 Ethernet ports, 800 dialup modems, and 30 wireless access points installed within University facilities. Connections to the University's four regional campuses consist of ATM OC-3 connections, T1, and frame relay connections. The University provides 160 Mbps of bandwidth to the commodity Internet and up to one gigabit to Internet2 through two distinct connections. Student traffic from the residence halls and campus computing labs is routed through one 80 Mbps connection and all other traffic is routed through the second connection. These connections were configured to provide redundancy.

The University maintains additional network connections, including a Gigabit Ethernet link to the UPMC network and a variety of wide area links to off-campus rental properties, remote locations, hospital facilities, and other similar locations.

10 Gigabit Ethernet Backbone Upgrade

The University is in the process of moving to a single protocol, IP-only, network. Most network equipment vendors no longer support routing of legacy network protocols such as IPX, AppleTalk, or DECNET. It is anticipated that the conversion to single network routing protocol will be completed by 2004, at which time the options for upgrading the Gigabit Ethernet backbone will be considered. These options will include moving to a 10 Gigabit Ethernet backbone, or as technology evolves moving to multiple 10 Gigabit Ethernet backbones, a single 40 Gigabit Ethernet backbone, or SONET technology.

The University's current Gigabit Ethernet is not utilized to the extent of its capacity, although this will change as high-bandwidth applications such as streaming video and audio, video on demand, and video conferencing are developed and more widely utilized by faculty and staff. The rate at which this occurs will affect the schedule for upgrading the University's network capacity. Network usage is carefully monitored on an ongoing basis to ensure ample time to plan for upgrade paths.

The diagram below depicts the network infrastructure as it will appear when the 10 Gigabit network backbone is implemented.

Increased Network Redundancy

To ensure the stability and reliability of PittNet, CSSD has implemented redundant network connections at the most critical points and has established redundant paths between them. Full redundancy is in place within the core of the network backbone, including the RIDC computer facility and the University's primary connections to the Internet.

Enhancing network reliability and stability through added redundancy will continue. Future efforts include the identification of the remaining critical points of failure within PittNet and reinforcing these locations. Upgrades will include the installation of dual processors in network hub site switch equipment and installation of redundant hardware in building entrances and critical wiring closets. Redundant paths will be required for building riser systems.

Figure 4

Internet Protocol Version 6 (IPv6)

The Internet is currently based upon version 4 of the Internet Protocol (IP). This protocol relies on 32-bit addressing for devices on the Internet. Currently blocks of addresses are assigned to individual institutions and are in short supply. IP version 6 has been developed by the Internet community to address this problem by expanding IP address lengths to 128-bits, thereby expanding the available pool. IPv6 is currently in use at two North American higher education institutions and by Internet Service Providers in the Asia/Pacific Rim, and it is available natively on Internet2. There are, however, technical considerations that must be fully addressed, including how the expanded pool of IP addresses will be allocated and how vendor support will be provided prior to large-scale implementation of the revised protocol. As migration paths from Internet Protocol version 4 to version 6 are proven, the University will develop its own plan to implement version 6.

In addition to the increased number of IP addresses made available under IPv6, the revised protocol includes support for built-in security, quality of service, and more intelligent routing capabilities. The University will take advantage of these improvements once vendors fully support the revised protocol.

Until the protocol is adopted at the University, the existing IP shortage problem will need to be addressed and will require the cooperation of schools and departments across the University. Currently numerous units have hundreds of unused IP addresses that they refuse to release for reallocation, and these same units continue to request new IP addresses. This is unacceptable because the University has already allocated most of the finite number of IP addresses it controls. It is important to note that the number of addresses assigned to the University would be more than sufficient if the unused IP addresses were released. Departments will be called upon to cooperate in the effort to effectively manage and reallocate IP addresses.

Completion of the Move to Single Protocol Environment

At the present time, few vendors provide network equipment capable of routing multiple network protocols due to the considerable complexity and cost involved. It is anticipated that these vendors will ultimately discontinue support for multiple protocols. By completing the conversion process as soon as possible, the University gains the ability to choose equipment from among a variety of vendors, and network stability and reliability will be improved by reducing network complexity with simplified network routing code.

The conversion of individual computers and departmental services to an IP-only environment is underway. Older computer operating systems and network operating systems used within departmental local area network environments do not support IP-based communication. Completion of conversion to an IP-only network protocol requires careful assessment of the services and devices utilized by University departments on a department-by-department basis to determine the extent to which network operating system and computer upgrades are required to eliminate legacy network routing protocols. CSSD is working with departments to complete the conversion process. The completion date for this project is January 2004. To ensure that units continue to utilize only IP-based network services, as soon as the conversion process is completed for a particular unit, the network segment supporting that unit will be configured to route only the IP protocol.

Multicast Technology

Multicasting is an advanced network technology that supports submission of data to multiple users on a network with very little network impact. A multicast transmission could be real-time or scheduled video/audio feeds. Through this method of transmission, a single copy of a data stream is sent to a server that then delivers that data stream simultaneously to a designated number of end users by transmitting the data stream only once. Multicast technology is currently in use in a limited number of University units. Several of these units use multicasting to deliver software to student computer lab devices. For example, without multicast technology, a data stream intended for delivery to ten computing devices needs to be sent ten times, consuming ten times the bandwidth of the same data stream sent only once via multicast to the same ten devices.

The University plans to support multicast technology throughout PittNet, although strict adherence to network standards is required to enable this service. Standards include limiting network access to one device per port and the elimination of hubs, repeaters, and other legacy network equipment attached to end-user ports.

Network Operations Center

Central to the success of the University's technology initiatives is the implementation of a 24-hour, seven-day network operations center (NOC) from which the status of the entire data and voice network, along with the status and performance of central services and systems, can be visually displayed through the use of advanced monitoring systems and technologies. The NOC will include staff capable of interpreting and responding to network and system status information. The NOC will be tightly integrated with the existing Technology Help Desk service to facilitate flow of user problem reports and availability of timely communication to the University community.

PittNet and central University systems and services are presently monitored on a 24-hour basis, but the monitoring systems in place have varying degrees of capability and operate independently of each other. Implementation of the NOC will centralize responsibility for monitoring and responding to network and system performance issues and ensure a consistent level of access to the information that is generated by them.

Network Load Balancing Services

Network load balancing services ensures improved performance of enterprise services and applications by deploying redundant server hardware in a manner that is transparent to the end user. In the event of a server failure, a load balancing service re-routes traffic intended for that server to an available redundant server. Coupled with network redundancy initiatives, implementation of network load balancing and application hardware redundancy will significantly reduce the likelihood of performance problems and system outages observable by University students, faculty, and staff.

Various mechanisms providing some degree of load balancing services are in place for specific applications, but these mechanisms are not scalable. The advantage of a network-based solution is that it is application independent.

Network load balancing solutions from several vendors are under evaluation to ensure that they are compatible with PittNet and the applications that are currently in place. A project plan to implement this solution will be prepared when these evaluations have been completed.

Mobile Computing Network

Significant strides have been made in the implementation of wireless network access for the University. Authenticated wireless network access is available in selected public areas, classrooms, and departments and was installed according to the wireless standard. The standard defines the University's practices and procedures for the installation and use of wireless network access and is a necessary component of the wireless strategy because it defines security, equipment, installation, and maintenance procedures.

Wireless technology is evolving at a rapid pace as a wider range of end-user wireless devices become available, including lightweight laptop computers, personal digital assistants, and tablet-style computers. The increased use of these devices has led to greater demand for faster network throughput, improved mobility, and security enhancements to guard against eavesdropping on wireless communications.

The University will continue to deploy wireless service in public areas, outdoor areas, and classrooms as quickly as resources permit and will offer service to University departments according to procedures in effect. Service will be deployed using equipment that can be upgraded as new standards are evaluated and adopted to ensure that the University's mobile network, known as "Wireless PittNet," offers the most reliable, fastest, and most secure mobile network available.

Voice Network Upgrade

The University of Pittsburgh's voice network has an Avaya Definity G3R private branch exchange (PBX) switch at its core. It is anticipated that the PBX switch will require software upgrades on an ongoing basis to ensure vendor support and the inclusion of new features that may be desirable.

The increased demand for equipment requiring telephone numbers is expected to lead to a shortage of available University telephone extensions. This shortage will be due in part to the existence of the five-digit extension dialing system in use at the Pittsburgh campus that includes UPMC and other telephone exchanges. Increasing the pool of available numbers will require modifying the on-campus dialing system to require additional digits. While it is possible to increase the number of required digits to six or seven, the small likelihood of obtaining an exchange from the telephone company that would fit the dialing plan will probably require converting to ten-digit extension dialing. The telephone number allocation system in place makes it likely that any new exchange provided would not be in the 412 area code and would make the change to ten-digit dialing necessary. Further, any change in the extension dialing system would require a detailed communication plan and sufficient advance notice to adequately inform the University community of the change. This communication process would be needed each time the extension dialing system is changed, making it less desirable to make these kinds of changes with any frequency.

In addition to basic telephone service, the University provides AUDIX voice mail capability for students, faculty, and staff. The AUDIX system currently in place allows for the storage and retrieval of voice messages only, with some limited fax service capability. Voice messaging systems that offer extended feature sets and enhanced services, such as e-mail integration and message list management, will be evaluated.

The University offers to units automated call distribution services that allow calls to be distributed to a designated set of users and which have automated reporting capabilities to provide call wait, call duration, and other data. The system in place has only the most basic capabilities. Short-term plans include the deployment of service that provides more advanced functionality, including interactive voice response and advanced reporting capabilities, such as individual agent statistics. The new system will also include the ability to interface ACD systems with call management software, such as that used by the Technology Help Desk.

Storage Area Networking

Centralized systems and services generally require large amounts of dedicated disk storage space for each system. Maintenance of separate disk arrays for each service is costly to purchase and maintain. To date, limited technology has been available to permit the creation of common large disk storage arrays that can be used by multiple applications and services and that can be housed separately from them within PittNet. Recent improvements in the technology indicate that further evaluation of such storage area networks may reduce independent file stores, decrease costs, and allow for better utilization of available disk space for common services. The University is presently undertaking a detailed equipment inventory in order to determine the cost savings that can be realized through the deployment of storage area networks and to determine the most appropriate equipment and configurations to meet the needs identified. The initial goal is to utilize storage area networks to meet the file storage needs of centralized applications and services. This service is strictly for enterprise systems and will not replace the current user disk structure that provides storage space for user files and Web pages.

Port-Level Authentication

With the exception of the residence halls and wireless network access, the University does not require users to authenticate prior to accessing network resources, although authentication is required in order to access and utilize network-based applications and services. Port-level authentication is required in order for the University to be able to enhance network security, offer dynamic distribution of IP addresses, and structure fees based on actual network bandwidth utilization. The primary advantages that port-level authentication offer to the University community are the ability to access network resources from any University wired network port and simplified configuration of computers and other end-user devices.

The University is carefully evaluating technologies that will permit port-level authentication in order to ensure that appropriate client software is available, that the solution can be implemented successfully within PittNet, and that the solution will successfully integrate with the University's central directory service to provide appropriate access to University network resources for students, faculty, and staff. As with multicast services, adherence to the one device per port requirement is a prerequisite to the implementation of port-based authentication.

Upgrading the Name Serving Infrastructure

The University's current Domain Name Service (DNS) consists of five domain name servers, two handling external requests and three handling internal requests. The DNS translates specific machine and service network names into the IP addresses that identify these machines and services on the Internet. IP address translation information is stored in a separate database server that provides information to the domain name servers.

Prior to the implementation of Internet Protocol version 6 (Ipv6) at the University, it will be necessary to upgrade the DNS hardware and software. The upgraded DNS software will provide enhanced security capabilities support for the IPv6 protocol and the ability to limit access to network resources based on the location from which the request is received. In order to ensure that adequate time is available for staff training in the utilization of new DNS software utilities for managing IP addresses and problem troubleshooting, the DNS upgrade process will be scheduled to occur during the summer months when demand is low.

Usage-Based Cost Model

The technology plan outlined a cost model to provide the funding required to maintain a state-of-the-art network infrastructure. That cost model defined a per-port fee to be assessed on all ports. The fee has been implemented but has been only assessed on administrative and student ports and not faculty or research ports. The plan indicated that the fee would be established annually based on network operating costs. As these costs increase dramatically because of heightened use of the Internet, the most equitable way to assess a network fee is based on usage. This model is being considered by many universities and has recently been implemented at Cornell. A prerequisite to usage-based billing is port-level authentication. Until port-level authentication in implemented, or a satisfactory alternative is identified, the current cost model will remain in effect.

Traffic Shaping

The Gigabit Ethernet upgrade provides users with more than sufficient internal network bandwidth to meet current demands for service. Available bandwidth to the Internet, however, is limited to 160Mbps. The continued increase in demand for Internet bandwidth, along with the proliferation of peer-to-peer file sharing application use, indicates that successful management of available bandwidth will require implementation of mechanisms for prioritization and shaping of network traffic. Successfully conducting a videoconference, for example, may require that this traffic receive a higher priority than other types of traffic, such as Web browsing. Traffic shaping also enables relegating high-bandwidth activities, such as very large data transfers, to off-peak hours, when demand for available bandwidth is lower.

The current state of the technology indicates that traffic shaping and prioritization systems may be utilized within specific segments of the network to address immediate needs, but that scalable systems are not yet ready for enterprise-wide deployment. Such systems will need to be able to handle traffic at gigabit speed and higher without creating unnecessary bottlenecks and other performance problems. The University will continue to evaluate the status of the technology and to consider the business practices that will be needed in order to determine traffic priorities.

Server Consolidation

Acquisition of software and hardware for enterprise systems continues to increase. Historically separate hardware has been acquired for Web, file, and database services. The University will carefully consider opportunities to aggregate these functions and, where appropriate, reduce overall hardware, software, and maintenance costs. Hardware replacements will include the evaluation of smaller, energy-efficient units.

Voice Over IP

Emerging technologies include the capability of providing voice telephone service over the existing data network structure. The advantages are the consolidation of the cable plant and eliminating the need to maintain separate voice and data cables. The promises of the technology are improved features over voice networks, unified mail, and facsimile services. The University will monitor the development of this technology and evaluate potential opportunities for deployment, if appropriate.

Middleware

Middleware is the software between the network infrastructure and Web infrastructure that provides identification, authentication, and authorization services. The University's implementation of middleware consists of the central directory service at the core, which serves as the central repository for data identifying members of the University community and their relationships to the University. Through this single repository, applications gain information on the identity and role of an individual and can thereby grant the appropriate level of access to University applications and services.

At the present time authorization to University applications is determined by the applications themselves, either in conjunction with the central directory service, or independently in the case of a few remaining legacy applications. Ultimately, all authorization will be handled by the central directory service and all applications will be Web-enabled, granting access to applications and services through single sign on. Although security is a component of each layer of the University's information architecture, middleware directly enforces established security policies.

The central directory service will be used, for example, to prevent unauthorized individuals from accessing confidential and other protected data.

Integrated Directory Services

The University of Pittsburgh and the University of Pittsburgh Medical Center are distinct institutions; however, a significant degree of overlap occurs among the personnel affiliated with the two institutions and there is strong case for integrating directory services. Integrated directory services will permit those individuals who are University of Pittsburgh faculty and UPMC physicians to access required applications and services at each institution without maintaining separate identities. A cross-organizational project team has been formed to evaluate, develop and implement an integrated directory solution.

Central Directory Expansion

The central directory service has been established as the authoritative source for information about individuals affiliated with the University of Pittsburgh. The directory provides a flexible authentication platform for a variety of applications and services. Authentication permits or denies access to applications on the basis of whether a record exists for a particular user in the directory. Authorization permits an authenticated user to access specific applications and services and controls what the user can access within those applications and services.

Authorization functions are currently handled by individual applications and services rather than by the central directory. An authorization component of the central directory will be constructed to eliminate the need for separate access controls to be maintained within individual applications. This will substantially improve security and track levels of access provided to individuals or specific groups of users at the University. The authorization service along with the University's Web infrastructure will make it possible for individual applications to be modified to make use of the new central directory authorization service. The directory also provides the central accounting service that makes it possible to audit system access and usage by individuals and units within the University.

Web Infrastructure

The University's enterprise Web infrastructure is made up of the enterprise Web service and the enterprise portal. The enterprise Web service provides support for the University's primary Web presence, www.pitt.edu, and hosts a large number of departmental and individual student, faculty, and staff Web pages. The service is capable of hosting static Web pages, dynamic content, and Web applications. Content management capability has been incorporated into the system to ease management of Web sites. In addition, the system features advanced search and reporting capabilities.

The enterprise portal service grants access to the information and applications that students, faculty, and staff use regularly via a single interface that can be customized by each user according to preference. In addition to providing access to Web sites, the portal includes the capability of acting as a Web-based interface to such applications as CourseWeb, e-mail, computer account information, and grade and schedule information. The portal also features a "community" capability that allows units to customize information to be published to specific groups, such as student organizations, academic programs, or departments.

The enterprise Web service represents the University's presence on the Internet. The enterprise portal is intended specifically for members of the University community and requires a University computer account to take advantage of its capabilities.

The content management system has been implemented for the University's Web site and the Information Technology Web site. This functionality will be made available to other University units upon request. Statistical information will be made available to departments and individual users to access statistics for their own sites.

Portal Enhancements/Expansion

Development of the enterprise portal will include additional functionalities and services. Ultimately, the enterprise portal service will integrate with the University's central directory authorization service to provide a common interface for students, faculty, and staff accessing any University application or service. In this way, the portal becomes the common gateway on the Web to the wide variety of electronic resources used by members of the University community, eliminating the need to have different means of accessing these resources. It will also provide secure access to University accounting, human resource, and student information systems.

Applications and Services

Applications and services are the tools members of the University community use to perform teaching and learning activities as well as research. The University supports a wide variety of networked applications, including enterprise electronic mail, course management, and administrative applications. New applications are constantly being evaluated as a way to offer new services or to replace legacy applications that do not conform to the University's information architecture.

Distributed Enterprise Mail System

Electronic mail is the most frequently used application at the University. E-mail is used for a variety of purposes and is considered to be a critical service by most members of the University community. The University operates the IMAP electronic mail service as its enterprise e-mail application. The service handles approximately seven million messages each month.

The IMAP service is supported by an enterprise-class server backed up by a redundant standby server. Although the existing system contains highly redundant components and a readily available standby machine, the functions of this system will be distributed among an array of enterprise-class servers to provide the highest level of reliability. Distribution of the IMAP service over multiple servers will also enhance performance by distributing the load as utilization of the service continues to increase. The ultimate goal for the IMAP service is to provide the highest level of redundancy and availability possible with existing technology.

Smart Cards

Smart card technology will continue to be evaluated over the next three years to identify applications and services that might benefit from its use. The potential use of smart cards includes access to services and buildings, purchasing functions, and identification and authentication through integration with the directory.

New Student System

The University's current administrative student information system is a highly modified version of the SCT ISIS product initially implemented at the University in the early 1980's. This is a mainframe-based system running on the MVS administrative timesharing service and is the principal legacy system still in place on that platform. In the mid-1990's a committee including representatives of stakeholder areas known as "CERMIS" was formed to identify a replacement student system. After evaluating possible replacement products, the CERMIS committee concluded that no application was available to meet the University's requirements and the process was placed on hold. In 2000, the CERMIS committee was revived and prepared detailed process maps of student system functions and began reviewing existing student system technologies. It is anticipated that a new student system will be selected and plans for implementation developed.

Video Serving

The Gigabit Ethernet upgrade has provided the University with the network capacity to support high-quality audio and video applications. The University currently offers video conferencing services using dedicated circuits. This method of providing the service is slow and costly. Video is also offered using equipment acquired through a special vendor program in the late 1980's, although this technology was never marketed and therefore is not supported. These video services need to be replaced with higher quality, high-performance video technologies that will utilize the University's Gigabit Ethernet network infrastructure.

The University will replace the existing video switch and video services with video server equipment on which satellite video broadcasts can be stored and distributed to any campus location equipped with the appropriate video decoding equipment. These locations include classrooms, conference rooms, and similar locations. This method of distributing satellite broadcasts eliminates the need to establish designated locations where appropriate fiber is available.

The University will consider video conferencing services in which signals can be broadcast from one campus location to another or one campus location to many campus destination points utilizing a video bridge to route the traffic on the network. The video conference can include any on-campus location with wired network service and the appropriate video encoding and decoding equipment and can also include off-campus locations equipped with leased telecommunication lines or high-speed Internet connections.

The University will consider a Web-based, video-on-demand service in which video broadcasts are stored on server equipment for retrieval by students and faculty at any time. Examples include instructional and training materials, conference proceedings, informational pieces about the University, and similar materials. Near real-time video transcoding capability would be utilized to ensure that video broadcasts are viewable regardless of the decoding capability of the end-user's Web browser or network connection speed.

Grid Computing

The need for high-speed computational capacity by research faculty continues to increase beyond the capacity of current desktop and research lab computing equipment. One mechanism for increasing this capacity without incurring significant additional expense is to implement a distributed computing environment referred to as a "grid." Grid architecture permits distribution of computational processes among a cluster of computers on a high-speed data network. Such clusters can consist of either designated computers or available resources on existing computers already in use for other purposes. Grid protocols provide standard methods for discovering, accessing, and invoking online resources while simultaneously incorporating the needed security and authentication safeguards. The University will monitor the status of grid computing technologies and in consultation with research faculty plan and deploy computing grids if and where appropriate.

Data Warehouse

An enterprise data warehouse is being developed. This system aggregates data from various enterprise systems on an ongoing basis for the purpose of analyzing the data. The design and first phase of the University of Pittsburgh Data Warehouse is complete. The warehouse created in this phase captures student information from ISIS and makes it available via the Web for those authorized to view it. The data warehouse student data was stored centrally only in the ISIS student system and customized queries and reports needed by units required varying amounts of custom programming effort by CSSD analysts. Many units developed shadow systems and requested data downloads from ISIS in order to analyze the information more freely. The data warehouse enables users to query and report on student data without data downloads or submitting requests for service to have custom-programmed queries and reports generated for them.

The next phase of the warehouse development involves the inclusion of University financial and payroll data to provide similar querying and reporting capabilities.

The implementation of a University data warehouse is a major accomplishment. The data warehouse will enhance daily decision making by providing near real-time information from authorized data sources and also offering the tools needed to easily analyze the information. The power of the data warehouse is in the timely and accurate information that can be easily and quickly obtained. Ultimately the warehouse will combine information from disparate data sources into a single source providing the greatest level of flexibility in gathering and analyzing data.

Spam Filtering

The dramatic increase in the commercial and personal use of the Internet has resulted in the exploitation of this resource for commercial gain. Spam is the term used to describe the receipt of unsolicited and unwanted electronic mail messages, often advertising products and services. These messages are usually broadcast using automated software to a large number of recipients. Commercial products known as "spam filters" have become available that automatically segregate or delete e-mail messages based on keywords that frequently help to identify those messages as spam. Some individual e-mail clients offer this capability with varying degrees of success.

The University will implement a centralized spam filtering service to be used in conjunction with the enterprise e-mail backbone. Considerable care is needed in selecting and configuring this service to ensure that users have individual control over the parameters that identify e-mail messages as spam so that the service does not eliminate legitimate messages that appear to be spam. It is necessary to combat new forms of spam as they appear. In addition to e-mail, spam is delivered through instant messaging service, windows messenger service, and inadvertently installed applications such as Spyware.

Virus Detection and Elimination

The substantial increase in virus-related computer problems can be attributed to the increase in the transmission of malicious computer code through electronic mail attachments. In spite of the anti-virus software made freely available to the University community, viruses continue to be one of the most frequently experienced computer problems.

Virus detection and elimination solutions for use in conjunction with the enterprise electronic mail service are currently under evaluation. These solutions evaluate e-mail messages to detect the presence of suspect e-mail attachments. Malicious code is generally transmitted in the form of executable files, macros, and scripts. The software can be configured either to delete or quarantine suspect attachments prior to the delivery of the messages that contain them. In order to ensure that legitimate message attachments are not deleted by the software, it is likely that any solution implemented will quarantine such attachments to allow the recipient the opportunity to determine whether the attachment is actually desired.

Linux Timesharing Service

The University's Unix timesharing service consists of a cluster of Sun Solaris-based, enterprise-class Unix machines running approximately 100 application programs and utilities. The emergence of Linux as a viable alternative to proprietary Unix operating systems merits consideration as an alternative to the existing service. The Linux operating system is capable of operating on lower cost Intel-based computers and promises considerable performance gains over the existing service. The University will continue to monitor Linux as a possible Unix alternative and consider development of a Linux-based timesharing service and the possibility of a phased discontinuation of the existing Unix service if the University community accepts the Linux alternative.

Legacy Applications

With the recent implementation of the University's human resources and payroll system, the principal remaining legacy administrative application is the ISIS student system. This system is housed on the University's MVS mainframe administrative computing system. ISIS will ultimately be replaced when a new student information system is implemented.

Scheduled upgrades of the MVS hardware and software must take place to ensure continued vendor support.

Document Management

Document management systems provide tools for effective document lifecycle management. The system should support collaboration and provide version control, access control, document routing, and approval functions. Such systems also provide indexing and search functionality to simplify the process of locating documents. A number of administrative, academic, and business units have communicated the need for an enterprise document management system. The University is evaluating document management systems and will consider implementation when a scalable system is identified that can integrate with the information technology architecture.

Print Reduction

The University provides support for the centralized printing of a wide variety of student and administrative reports and specialized forms based on data from the University's administrative computing systems. These reports and forms represent an average of 1.3 million printed pages per month. These printing services are centrally funded and have been steadily increasing each year in both cost and volume.

Options exist for reducing administrative printing volume with corresponding opportunities to reduce costs. The continuing need for certain specialized forms should be carefully reconsidered if other methods for accessing the same information are available to the end user. In addition, the need to centrally print many duplicate copies of the same report should be carefully evaluated to determine whether any benefit can be derived from controlling the number of duplicate copies of reports that are printed for distribution to specific units. Technical solutions exist to reduce printing through secure Web access to reports, printing to local printers, etc. A user group will be formed to carefully assess the options and recommend appropriate reductions.

View information for: