Versions Compared

Version Old Version 1 New Version Current
Changes made by

Priya Srinivasan

Priya Srinivasan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Attendees

Goals

  • Review current task assignments in Service Now and get task updates and adjust completion timeline

  • Identify road blocks and unresolved issues
  • Upcoming milestones
  • Next Steps
  • Knowledge transfer

 

Discussion items

ItemWhoNotes
Project Status Review - Current task assignments

David Kewley

 

  • 29501- Dataflows - ETA 6/9 - 100% complete from SIS testing perspective
    • HTTPS outgoing data flows completed
    • Pending auxiliary outgoing data flows, 2-way SSL, Load balancing, and health check - moved to a new task 30675
      • 2 way SSL is a priority for UCPATH testing. David to work with Chris on that.
      • Load balancing and health checks would be good to set up in Dev but not critical.
  • 29017 - Provision additional worker nodes.
    • This is not needed for GradAid but will be a priority for UCPATH testing. David currently working with EUS team members on the same.
  • Non-prod environment status
    • Kyle will be managing the creation of NonProd environment after review of requirements proposed by David and Priya
    • As of now, meeting 7/31 deadline for non-prod environment is not a concern
Project Status Review - Current task assignments

Chris De Rosa

  • 29063 (Migrate SIS - Admissions & Identity to ESB infrastructure) - In Progress - MFT connectivity to campus to be tested by end of this week. Also, load testing of SIS admissions and identity to be completed by this week.

29888 (Migrate SIS - GradAid) - Pushed to August per Rachael - Priya to follow up with Jason on priority of GradAid testing. GradAid requires connectivity to the on-premise database. So would be good to test in dev.

  • 29254- HA build automation - In Progress - Chris to send status by end of this week
UpcomingmilestonesTimeline review

David Kewley

Chris De Rosa

  • Test SIS applications (Admissions and GradAid) in AWS DEV environment with BorderVPC - ETA 6/30
    • Finished initial testing of SIS admissions & identity applications in DEV environment
    • Pending - Load testing, connectivity to MFT server
    • GradAid will be pushed to August per Stan
  • Migrate UCPATH, OR, OIR to ESB DEV infrastructure -Postponed  to July
  • Staging Implement Border VPC infrastructure - ETA 7/31  - On track
  • Pre-Prod Implement Border VPC infrastructure - ETA 8/31- On track
  • Prod Implement Border VPC infrastructure - ETA 9/30- On track

 

Notes

 

Action items

  •  David Kewley  - Follow up with Chris on setting up 2-way SSL for UCPATH testing.
  •  Priya Srinivasan -  Follow up with Jason on UCPATH, GradAid testing in DEV environment
  •  Chris De Rosa - Send an update on automation tasks by  

Agenda

  • Management has indicated that achieving O365 Exchange campus independence is a high priority goal

  • This meeting is to discuss approaches to remove O365 dependencies on campus.

  • Can a cloud service receive an email first, do spam filtering and route to O365 or MTA?

  • Send report to management on whether there is an agreed approach to achieve this goal 

Discussion items

Image Added

O365 has routing and authentication dependencies on resources located on campus

Authentication Dependencies

  • DNS, dependent on user location, campus (internal) DNS and external (public) DNS
  • Directory Service (Campus LDAP, Microsoft Active Directory or Azure AD)
  • AutoDiscover

Routing Dependencies

  • DNS, dependent on user location, campus (internal) DNS and external (public) DNS
  • MTA

Following options were discussed to alleviate authentication dependencies

1) Use Option 2 - Synched identities in the cloud with password hash. This would enable replicating password hashes in both locations and authentication can happen on-premise or in the cloud.

  • Managing Identities on Office365
  • WSG mentioned that currently, we are using federated identities option and would like to determine the feasibility of implementing synched identities.

2) If above approach is not feasible, then we might want to consider lift/shift in Azure/AWS.

  • Approach to be explored after WSG comes back with the feasibility of implementing synched identities.

Following options were discussed to alleviate routing dependencies

1) Can Exchange Online or Google be an initial recipient of O365 emails?

  • Need to figure out if anti-spam and anti-virus filtering by above cloud services are comparable to MTA.
  • There could be route delays to services on-premise due to the cloud being the first delivery point. This needs to be tested in POC
  • Filtering could be limited by cloud provider's capability and not match OIT standards or requirements.
  • Can we test delivering to a cloud delivery point with a POC?
    • exchangetest.uci.edu test domain is available per WSG.
    • We can test with ExchangeOnline and Google being the first delivery point
    • Most of the delivery points are in Google. So WSG and EUS prefer Google to be the initial delivery point for POC.
    • Need level of effort and estimates for POC to test delivery of exchangetest.uci.edu test domain to Google delivery point for virus scan/spam filtering

Action items

  •  HEINDRICK YU , Thomas Acker  - Get level of effort for recommended/available routing options, if Google is the first recipient of email to campus
  •  David Severance - Get level of effort for recommended/available spam filtering options, if Google is the first recipient of email to campus
  •  HEINDRICK YU , Thomas Acker  - Determine level of effort for recommended/available routing options, if Exchange Online is the first recipient of email to campus
  •  HEINDRICK YU , Thomas Acker - Determine the feasibility of password hash solution for Exchange Online authentication. If feasible, what is the level of effort? 
  •  HEINDRICK YU , Thomas Acker - If password hash is not feasible, what is required architecture and level of effort to move ADFS capability to AWS cloud? Priya & David K to assist with AWS
  •  David SeveranceDerek Chee - What is level of effort to put MX / MTA servers in the cloud?
  •  Priya Srinivasan - Create project tasks to determine LOE on above action items
    Created Project PRJ0014527 with above action items as tasks and assigned to appropriate resources