The third sprint of the 14th quarter of IAM development is complete and it included a significant update to our Authentication (CAS) Environment, the completion of O365 self service opt-in stabilization for students, lots of critical work to support our database migration June 1-3, and work to migrate our LDAP directories from on-premise servers. The details of Sprint 3 are as follows:
Changes to Commitments this Sprint
-
Moved to "In Progress" (4 commitments)
- Review and Address HK Self Service user improvements
- Move XID schema to the Cloud
- Work with Security to define the OU provisioning strategy for UNIVAD for future implementation
- Provision a group to University AD for Papercut application
-
Completed (2 commitments)
- O365 Self Service Opt-In Stabilization for Students
- Improvement for Authentication (CAS Server)
-
Deferred (3 commitments)
- AuthLDAP branch to Unified LDAP (SHA-1 only) - Deferred to next quarter due to stability issues in Unified LDAP that have required prioritization above this migration work. Completion next quarter will not impact the commitment to be out of the datacenter by October.
- Deprovision users in University Active Directory using grace and separation rules - Provisioning of HU-LDAP has proven to require more development effort than originally planned, and as such we will not be able to complete the 3 IIQ deployments necessary to execute this work before change free for Summer Startup on 6/18. Business impact minimal.
- IIQ Upgrade - Similar to the issue above, it is clear that we will not be able to complete 3 full IIQ release, especially one as disruptive as a major upgrade before the 6/18 change freeze. We will defer to next quarter and target completing the work after Summer and before the Fall change freeze.
You can learn more about how we do PI Planning and how to interpret the attached Summary/Priority reports by viewing our "IAM Planning & Progress Reporting" overview.
Updated Commitment List
# | Q'4 Posture | Feature | Value Statement | Due | Status | Category |
1 | Carryover | Improvement for Authentication (IDP) | Upgrade a core component of Authentication infrastructure | 4/18 | Complete | Stability |
2 | Commit | O365 Self Service Opt-In Stabilization for Students | Ensure smooth rollout and adoption of newly released Office365 opt-in feature | 5/15 | Complete | Customer Commitment |
3 | Commit | Improvement for Authentication (CAS Server) | To allow decommissioning of Auth-LDAP servers application registrations must move to a new branch in Unified LDAP | 5/19 | Complete | Stability |
4 | Commit | IAM Database to the Cloud | Successfully move all write applications to point to IAM Database in the cloud. | 6/1-3 | In Progress | Cloud |
5 | Commit | Authentication Environment Updates | To support server decommissioning, provide enhanced services, and modernize technologies determine a strategy to upgrade Auth infrastructure this Fiscal Year | In Progress | Improvement | |
6 | Commit | Provision HU-LDAP branch | To allow decommissioning of HU-LDAP servers IIQ must provision a new branch in Unified LDAP | 6/10 | At Risk | Cloud |
7 | Commit | Provision a group to University AD for Papercut application | Enable the FAS printing service (Papercut) migration before June 15 2018 | 5/30 | In Progress | Customer Commitment |
8 | Commit | AuthLDAP branch to Unified LDAP (SHA-1 only) | To support ITS' autoreg application move the AuthLDAP user branch from legacy host to new Unified LDAP | 6/14 | Deferred to next PI | Cloud |
9 | Commit | Optimize IIQ deployments (Cloud Formation templates) | Establish a more automated deployment process for IIQ to reduce operational risk during deployment. | In Progress | Improvement | |
10 | Commit | Deprovision users in University Active Directory using grace and separation rules | Support email short-term Out of Office message for separated users. Ensure security with the cleanup of permissions on accounts. | Deferred to next PI | Customer Commitment | |
11 | Commit | Provisioning access for users who are Withdrawn, Not Registered and Leave of Absence | Automates enforcement of FAS On-Leave Policy for extended access to accounts and services. | In Progress | Customer Commitment | |
12 | Commit | IIQ Upgrade | Ensure ongoing vendor support and lay the foundation for improved core provisioning functionality and feedback, such as tightly interacting with 0365. | Deferred to next PI | Stability | |
13 | Commit | Review and Address HK Self Service user improvements | Ensure all users can interact with all site functionality effectively. | In Progress | Customer Commitment | |
14 | Commit | DUO update user alias and user information from HarvardKey self-service | Expand the set of usernames to enable two factor authentication for other services like O365 | To do | Stability | |
15 | Commit | Scramble (or lock) Students who didn't enable MFA | Finish the last population of users | 6/15 | To do | Stability |
16 | Commit | Move XID schema to the Cloud | As part of IAM commitment to move our IAM Database to the cloud, the XID application will be the first to write directly to the Cloud RDS instance in Production. | 6/1 | In Progress | Cloud |
17 | Commit | Work with Security to define the OU provisioning strategy for UNIVAD for future implementation | Define a future model that will meet University AD needs in a scalable and secure fashion | In Progress | Improvement | |
18 | Commit | Grouper does not include people when an active role is added, if person had no prior active roles | Mitigates group membership integrity issue. Prevents seemingly random people from not accessing applications and un-needed time spent supporting these instance | To do | Stability |
Operational Statistics
Sprint |
Harvard Keys Claimed |
# Changes Processed |
Application Onboarding | Service Now Tasks |
# Tickets Updated |
# Tickets Resolved |
Open |
Duplicate / Overwritten IDs |
Priority 1 & 2 Incidents |
|||||||
In-Flight | Completed | In-Flight | Completed | |||||||||||||
1: 4/13 - 4/24 | 1,885 | 7 | 14 | 8 | 14 | 20 | 1,071 | 410 | 191 | 9 | n/a | |||||
2: 4/25 - 5/8 | 2,416 | 11 | 18 | 8 | 13 | 27 | 1,391 | 718 | 248 | 4 |
4/26: 2: HKS Alumni app authorization issue (3d) 5/2: 2: StarRez authorization for some students (3d) |
|||||
3: 5/9 - 5/22 | 2,798 | 9 | 24 | 2 | 13 | 31 | 1,319 | 491 | 197 | 11 | 5/21: 2: HLDAP users not appearing for VOIP in Stage (2h) | |||||
4: 5/23 - 6/5 | ||||||||||||||||
5: 6/6 - 6/19 | ||||||||||||||||
6: 6/20 - 7/3 | ||||||||||||||||
Quarterly Total | 7,099 | 27 | - | 18 | - | 78 | 3,781 | 1,619 | - | 24 | 3 | |||||
Fiscal Year to Date (6/28/17 - now) | 49,744 | 214 | - | 164 | - | 408 | 25,659 | 12,539 | - | 237 | 25 |
pi-14_-_sprint_3_-_summary_report.pdf | 79 KB | |
pi-14_-_sprint_3_-_priorities.pdf | 60 KB |