Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group Management at Brown James Cramton Brown University April 24, 2007.

Similar presentations


Presentation on theme: "Group Management at Brown James Cramton Brown University April 24, 2007."— Presentation transcript:

1 Group Management at Brown James Cramton Brown University April 24, 2007

2 James Cramton2 Starting Point: Brown Grouper 1990s: Brown Grouper developed to manage groups Base groups provisioned nightly from SIS & HR systems Administrator includes or excludes members Dated web interface is difficult to search and understand Slimmed down web interface used by instructors to manage course groups 11,700 groups in Brown Grouper 18,000 users in SunOne LDAP registry No groups in SunOne registry—yet 1,000 AD & Novell groups manually provisioned Managed by very few IT personnel who know the data Background

3 James Cramton3 Current uses of groups at Brown Web authorization Licensed software access.htaccess file ACLs on various websites Bulk Email Morning Mail daily email distribution Course email lists Application Provisioning WebCT Group Usage

4 James Cramton4 Anticipated uses of groups at Brown Current uses, plus… Network Access Control Lists Wiki groups (Confluence) Improved iTunes U provisioning Centralized management of Exchange/AD groups Novell eDirectory groups (file/print services) Guest, alum IDs and ACLs Shibboleth Video on demand Campus calendars Personal groups Group Usage

5 James Cramton5 Brown’s group schema 11,700 groups 10,400 are course groups for 2,600 courses 1,300 are demographic groups Schema is 4 levels deep Half the course groups are 2 levels deep The rest are 3 levels deep Half the demographic groups are 3 levels deep The rest are 4 levels deep Number and complexity of groups expected to increase as capabilities and utilization grow Group Types

6 James Cramton6 Top level group schema at Brown SIS (5,200 base groups) Admin & membership groups for each of 2,600 courses Courses (5,200 effective groups) Admin & membership groups for each of 2,600 courses Electronic Address Book (750 base groups) Provisioned demographic groups Community (502 effective groups) Modifiable effective groups for demographic groups Most of administrative overhead is here Service (10 administrative groups) Admin users for Bulk Mail, WebAuth, Grouper, etc. Group Types

7 James Cramton7 Course groups at Brown 2 base groups provisioned per course SIS.XY123S01 SIS.Admin.XY123S01 2 effective groups maintained per course Course.XY123S01 Course.Admin.XY123S01 Expect to add subject and course number to schema Multiple groups per course Registrar’s official students, auditors, instructors Effective course list includes ‘vagabonds’ for email, courseware Currently maintained in local applications, not registry—for now Longer retention will increase number of groups Current practice retains only current term Expect to retain course groups in future for ongoing access Group Types

8 James Cramton8 Community group stems at Brown Employee (270 groups) Payroll department Social department On campus or off campus Full time or part time Union or non-union Applicants (221 groups) Degree Major Students (84 groups) Undergraduate department UG Social year Graduate department Athletic teams Dorm (74 groups) Facility designation Social designations Affiliates (25 groups) Visiting Retired Guest Registrar (8 groups) Graduate Medical Undergraduate Official graduating year Gender 600 stems with fewer groups Group Types

9 James Cramton9 MACE Grouper migration Brown is evaluating MACE Grouper Currently loading 11,700 groups for performance testing 1 st rev on dev server ran out of memory after 11 hours/2,000 groups Primary problem: adding groups to stem with many groups (courses) Adding subject & number containers to schema, deploying to QA box Will publish final metrics to grouper-users@internet2.edu Major tasks include Provisioning changes to populate MACE Grouper from feeds Re-integration of 1,000 manually provisioned AD groups Provision groups into SunOne, AD, and Novell directories Provision groups into some applications MACE Grouper interface changes to suit Brown’s needs Disable application functionality that allows users to browse groups MACE Grouper

10 James Cramton10 Nested vs. flat group schema Delegation of management need nested groups Applications generally don’t support nested LDAP groups, although some try in different ways Lowest common denominator is flat LDAP schema Use MACE Grouper’s LDAP connector to map nested MG group schema to a flat LDAP schema Use MG display name for LDAP group names Community Groups : Staff : Full Time Staff Significant limitation in schema browsing in apps How to browse 12,000 groups? Don’t want users to browse anyway; need to disable in apps Schema Design

11 James Cramton11 Policy should lead practice Need to delegate management to data owners Delegation requires clear policy The need for policy easily recognized, but the challenge is finding an owner Analyst or director often defines de facto policy ‘Policies from practice’ are often sound, but poorly communicated across organization Adherence to informal policies is unlikely Policy Issues

12 James Cramton12 Concerns moving forward Functional differences between Brown Grouper & MACE Grouper Adjusting expectations Extending MACE Grouper Performance of MACE Grouper Deeply nested stem structure not previously tested Administration usage patterns unknown Merging manually provisioned AD groups into global groups Establishing and enforcing policy Naming conventions, stem structure Who has authority to request changes for whom Transition of ownership from IT staff to Helpdesk Learning new system Different administrator skill sets Loss of continuity Moving Forward

13 James Cramton13


Download ppt "Group Management at Brown James Cramton Brown University April 24, 2007."

Similar presentations


Ads by Google