Hardening and Securing Infrastructure

ITC Project Update

April 7, 2008

Introduction

Hardening and securing UVa's technology infrastructure is an ongoing process. This project is a major step forward that will address the most urgent needs and lay the foundation for ITC's continuing efforts over the next several years.

In 2007–2008, ITC commenced an intensive $1.2 million program of hardening and securing the University's information technology infrastructure. The program will advance the University's goal of having an information technology infrastructure that has a level of redundancy and resistance to threats that is appropriate for the University.

Activities included in this request fall into three areas:

  • Securing sensitive data;
  • Eliminating single points of failure in our most mission-critical systems and services; and
  • Implementing a set of tools for stress testing systems and applications.

Each initiative within the Hardening and Securing project directly supports the recommendations of the Commission on the Future of the University.

Securing Sensitive Data

ITC has issued a university-wide SSN policy, and the following key accomplishments will be completed by the end of fiscal year 2008–2009:

  • Issue a data classification policy, data security standards by classification and data stewardship policy;
  • Provide tools for assisting University departments to identify high sensitivity data inventories and develop security remediation plans;
  • Assess and provide feedback on departments' data security remediation plans;
  • Provide tools and (limited) consulting support for data security remediation plan implementation; and
  • Enhance the security awareness program to address institutional data security more comprehensively.

Eliminating Single Points of Failure

Work done the first year of this project will focus on ITC's storage infrastructure by improving the reliability of core services and decreasing the number of services with single points of failure. Following is a high-level overview of the 2007–2008 program schedule:

  1. Storage—Network Appliance 960 Cluster Upgrade. Completion: Spring Break, 2008. This project component will upgrade the Network Appliance 960 cluster to a 6040 cluster. This filer cluster primarily provides storage for electronic mail (both CMS and Exchange), our VMWare infrastructure, Toolkit and the mailing list server.
  2. Storage—Main Upgrade. Target: After graduation; Completion: June 30, 2008. This work will upgrade the R200 Network Appliance filer to a single-head 6040, increase the R200/6040 raw capacity from 32TB to 70TB, and add block-level replication software to the 3050 and 6040 clusters in Carruthers Hall and the single-head 6040 in Gilmer Hall.
  3. Network—Replication. Target: May 2008; Completion: June 1, 2008. This portion of the project will build the multi-building load-balanced network needed to split the main UVa web cluster across two buildings.
  4. Web Services—Main UVa Web Cluster. Target: June 2008; Completion: June 30, 2008. One half of the main UVa web cluster will be relocated out of Carruthers Hall to a remote location using the network and load balancing infrastructure completed in Task 3.
  5. Power—Gilmer and 2400 OIR. Target: June 2008; Completion: Summer 2008. The necessary power upgrades will be implemented to handle the expansion work this semester and to prepare for additional hardening next fiscal year. Also included in this phase will be the Carruthers Hall UPS installation.
  6. Space and Cooling—2400 OIR and Gilmer. Target: June 2008; Completion: Summer 2008. During this phase, space will be freed up in 2400 Old Ivy Road by relocating paper and other materials to another location. Actual available cooling and generator power will be determined for each location, as well as estimation of available rack space.

Next fiscal year's hardening work will leverage the storage infrastructure built this year and will include services such as ITC's server virtualization environment, Exchange, and other high-priority UNIX- and Windows-based services.

Implementing a Set of Tools for Stress Testing Systems and Application

IBM consultants have reviewed and revalidated the original needs assessment and requirements. The project timeline, licensing requirements, and additional issues are being determined. Implementation will be completed by the end of the current fiscal year, and tools will be in place to stress test the first phase of the new Student System.

© 2008 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology and Communication (ITC) website is provided as a public service with the understanding that ITC makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.