Harvey Mudd College Information Technology Strategy

IT Infrastructure

Permalink for this paragraph 0 Since information technology is ubiquitous,a good computing infrastructure is a prerequisite for achieving the college’s goals in all other areas. At Harvey Mudd College the information technology infrastructure has suffered from uneven investment and a lack of long term planning. The 2007 IT review identified this issue: “[The College] has invested unevenly in its IT infrastructure over the years, e.g. assuring regular replacement of faculty desktop computers but dedicating no significant funding to central machine room facilities or departmental computer labs for teaching”.

Permalink for this paragraph 0 If we take infrastructure to mean the full collection of hardware and software tools that the college uses, then there is need for work in many areas. At the most basic level, there is work to be done on physical conduit for fiber, on the wired and wireless networks and on the collection of servers the college owns. There is work to be done on integrating the large number of critical applications that are used every day to get our work done. And there is a need for work in areas of IT infrastructure such as identity management, account provisioning, data stewardship and security. And most of these infrastructure areas cannot be addressed in isolation from governance issues.

Permalink for this paragraph 0 Let us take the issue of identity management as an example. “Identity Management” refers to the systems and procedures for managing information about people and, sometimes, machines or equipment. It is usually associated with authentication and authorization systems, but can provide the foundation for much more, such as preferences management and automated role based work flow. Identity management initiatives usually involve developing policies that identify which data will be regarded as the source data, stewardship responsibilities and data access rights. With a robust identity management arrangement, one can move on to true single sign on, improved online privacy and reliable directory information.

Permalink for this paragraph 0 Like many colleges, HMC faces challenges in all of these areas. As an example, something like the following is the current scenario. Much student identity data is stored in the Jenzabar CX system; some staff and faculty data is also stored in CX (for mailings etc); employee data is stored in ADP (faculty, staff, working students) with some duplication of the information in CX; some student identity data is stored in the portal; photographs (a form of identity data) are stored in several places; usernames (another form of identity data) are multiple and vary with application or service (eg file storage vs email); some data relevant to student identity is stored in Sakai (non-final grades, for example); some data relevant to faculty and staff identity is also stored in Sakai, as well as in the Blackboard card system. On the information delivery side (both general public and on-campus directories), the LDAP based online directory is not regularly maintained and there is little understanding and no agreement about stewardship roles with respect to directory information. There are no formal agreements for any of these systems regarding critical questions like the following: which data fields should be regarded as the canonical source of information? What are the stewardship responsibilities and in what part of the college do they lie? How should access be provided (both a political and technical question)? What are our standards for securing data?

Permalink for this paragraph 0 As another example, consider information security, an area in which the interlocking of governance and infrastructure is very clear. Information Security has become a more pressing issue in recent years; it was ranked as the #1, #2 and #3 issue in the Educause Top Ten IT issues survey for 2007, 2008, and 2009 respectively. And of course there are a number of legal mandates, such as California’s SB1386 and FERPA, that bear on security too. Although the focus is often on technology, it is important to look at the how people behave with respect to sensitive data, whether it is stored electronically or on paper. Harvey Mudd College needs coherent policies and practices regarding information security, guidelines for security settings for equipment and formal policies about access to sensitive data. These in turn affect the design of the IT infrastructure.

Permalink for this paragraph 0 As another example, the advent of “cloud computing” and remote hosting raises the question of whether the college should continue to task CIS with managing a local data center. If we should, then we need a plan to upgrade the data center so that it meets modern security, power and cooling requirements, if only at a modest level.

Permalink for this paragraph 0 Identity management, data stewardship and security are only three of the important areas of IT infrastructure that the College needs to begin addressing. Others include sustainability, the potential use of Software as a Service (SaaS) models for critical business activities, disaster recovery plans, long term network plans and research computing needs. They all need to be addressed in an iterative and sustained manner.

Permalink for this paragraph 0 Few of these issues can be addressed by CIS alone, nor can they be viewed in isolation as “IT problems”, since all imply questions that cut across functional areas. An IT governance model is therefore a necessity for developing an infrastructure plan.

Permalink for this paragraph 0 Examples of Information Technology Infrastructure Goals:

  1. Permalink for this paragraph 0
  2. Develop long range IT infrastructure management plans for every level: physical infrastructure, network, servers, classroom equipment, and end user devices.
  3. Develop a technology roadmap for the College that will allow it to address issues such as identity management, data stewardship, single sign-on, security and sustainable IT.
  4. Design an IT infrastructure that balances appropriately between security and allowance for innovation and experimentation.
page 3