For the University of Cape Town's (UCT) ICT director Prags Naiker, the key component of the university's electronic directory project is to enable the department to automatically provision the large and diverse community on its campuses.
Says Naiker: "We have 20 000 students, 5 000 staff, and categories of staff that are both students and staff, which presents some challenges. Auto-provisioning in this sort of environment requires a directory system that can cope with great variation, while making it possible for us to secure access to systems campus-wide.
"On the one hand," he continues, "this is all to do with access control on campus. There are, for example, specific laboratories that are secure areas, which only certain staff and students must have access to. Some of them are highly toxic areas, so the issue of access control to such a facility needs to be managed by the electronic directory system. Then there's the broader issue of access control to residences any time of the day or night. It is not possible for us to contemplate a system that is not industrial-strength. For example, we cannot have a female student stuck outside a residence in the middle of the night. For us, reliability, proven hardware and software capability is non-negotiable and critical."
The cost issue
UCT's senate approved a new ICT strategy for the university in 2003. Part of this strategy included the decision to stay with its Novell eDirectory investment, and to integrate the directory service with as many of its systems that hold identity information as possible. UCT's goal was to reduce administration costs and implement role-based administration. It was at this stage that Novell partner Ubusha Technologies was called in. Ubusha specialises in open source, management services, identity management (IDM), resource management and infrastructure software.
Reliability, and proven hardware and software capability is non-negotiable.
Prags Naiker, ICT director, UCT
"Around Christmas 2004, we interviewed each head of department at UCT, each of whom had specific concerns about identity management and key things they wanted to accomplish," says Andrew Whittaker, service delivery manager at Ubusha.
"The traffic department, for example, wanted to implement a traffic management system so that people could hop on or off buses all over campus, but they didn't know who the people who used the buses were."
After consulting with the departments, Ubusha wrote a strategy for the university, which it took back to the ICT department. The department approved it and the initiative entered the project phase. This involved taking the technological components and breaking them up into two streams: staff and students.
Says Whittaker: "We started with the students first because this was obviously where the university had the largest administrative overheads. Between ourselves and UCT, we integrated the first 10 systems, while transferring skills to the IT staff. The university is now integrating systems month-by-month on its own. The staff system integration started in mid-2006 and UCT is now also rolling that out on its own."
Following procedure
"IDM is the glue that sits over the network, and hardware and software systems we provide to the university," says Naiker. "We have, for example, unusual events where visiting professors coming onto campus need access to e-mail, the teaching system and so on. We need to control access to all of these systems.
"We also have a large number of third-party people who provide services to students in the residences, like food and cleaning, and so on. We need to manage those categories of person and the kind of access they require, which will probably be limited to access to e-mail and specialised Web services like menus that need to be managed and updated."
Naiker says the major challenge at the outset was to define the groups and their needs around campus. "One of the reasons we chose Novell was that it understood the complexity of enterprise environments that stretch across campuses that are geographically dispersed. We needed to be able to manage roles and access from a central point," he says.
The greatest challenge Naiker is now facing, he admits, is change management. "People will have to get used to the whole business of not simply picking up the phone and asking for access rights, but following a workflow process driven by electronic forms with proper authorisation before access can be given. We don't envisage a staff member being able to simply ask for access rights. The person they report to would need to give permission for them to have access.
"The system we've put in place makes it impossible for people to appear in the access vault without authorisation, so they will have to get used to it," he points out.
The next step
Something that hasn't yet been done, but which could take place in the foreseeable future, is for the university to share its identity information with other universities - what is commonly known as federating identities.
Says Whittaker: "Often students move between universities when doing research, so a UCT student might go to Stellenbosch, but they wouldn't have access to the facilities or systems. By federating the information between the universities, therein creating a shared information pool, the universities can add many benefits that will impact their students' ability to do research."
Naiker is also putting service level agreements in place with the people responsible for keeping the systems that house identity information up to date. "That's one thing we've borrowed from the corporate world," he says.
Thanks to the systems that are running thus far, UCT can now automatically provision 5 000 to 6 000 students (which is what happens during registration) across all relevant systems in a matter of seconds once their information has been captured. The system has eliminated the need for the manual interventions the IT department used to have to do during the registration process. It has undoubtedly served its purpose of reducing administration costs.
Share