Environment

The University of Texas at Austin is the nation's largest, single-campus higher education institution, with 2,544 faculty members, 11,000 full-time and part-time employees and an annual enrollment of 50,000 students. Information Technology Services (ITS) is a central campus service organization providing a broad array of computer services and knowledge to the 15 colleges and schools at the University, as well as to the numerous administrative offices that support the campus. ITS operates a mainframe, central Windows and Unix servers, and many computer labs around campus using both Windows and Macintosh operating systems. Most ITS enterprise services on campus, to date, are on UNIX servers or the mainframe. ITS also provides computer training, help desk, and for pay consulting. Colleges and administrative departments may also maintain local computer support services.

History and Challenges

By fall 2000, departments and colleges had implemented a variety of messaging and calendar services, including Meeting Maker, Microsoft Exchange and a mainframe program, to meet their own needs. These services, plus others, required different login credentials (login name and password) and were not centrally coordinated. Students or employees using computers across campus were assigned (and often forgot) a variety of login names and passwords, prompting the Student Government in September of 1999 to pass a resolution to reduce the number of login credentials. A key example is the widely-used central UNIX mail service, which provides POP3, IMAP and forwarding, and implements its own login name and password list.

Creating a central messaging and calendaring service within this environment presented a number of challenges. The University is moving toward a set of login credentials called Electronic IDs, (EID). While more than 100,000 users held Electronic IDs (EID), their EIDs were only valid for web-accessible services. The pilot team recognized that the University's EID system could provide the credentials for a login identity but it would have to be expanded to implement a more accessible solution. The current EID system is web oriented and uses web cookies to store authentication status. A directory-based EID system, such as Active Directory, permits easier integration of commercial applications into UT's authentication process.

Establishing a campus service of this magnitude requires a very reliable, highly scalable, and secure implementation. Many operations on campus operate on a 24-hour calendar, which would require a single calendaring and messaging system to support round-the-clock, broad usage and be designed and implemented with maximum reliability.

Solutions

The University of Texas Information Technology Services consulted with Microsoft and Dell to evaluate and address a number of issues related to implementing a Windows 2000 and Exchange 2000 solution for campus wide messaging and calendaring services. ITS wanted to minimize the investment required by each department, provide a solution that addressed campus business needs and insure that the solution could be implemented within the University's technical environment.

A key point was the availability of Dell Technical Consulting and Microsoft Consulting Services to help jump-start the project. Both have experience implementing large-scale Exchange services on Windows 2000 as well as a proven record working with the University9s Red McCombs School of Business on the deployment of Windows 2000. During the summer of 2000, ITS worked with Dell and Microsoft and developed a plan to implement Microsoft Windows 2000/Exchange 2000 on Dell server hardware. Microsoft Active Directory would be used to store information on University EIDs, and Microsoft Exchange and Outlook would be used for calendaring and messaging.

To meet the availability and reliability requirements of the University, Microsoft and Dell proposed a multi-tiered server environment that would have no single point of failure. Three Active Directory Domain controllers would be configured on PowerEdge 2400 systems located in multiple campus buildings. Microsoft Exchange services were divided over five Dell PowerEdge servers and a Dell PowerVault. Desktop clients with Microsoft Outlook or Outlook Web Access would be supported through two front-end servers using Dell PowerEdge 2450 computers. Backend Exchange storage services were implemented on two, clustered Dell PowerEdge 64509s. A Dell PowerVault 650 controls RAID-5 disk storage. A fifth PowerEdge 2450 provides a web interface for managing customer information. See Figure 1 for a network diagram of the various components. Microsoft and Dell would also provide an on-site consultant to assist with system design, training and collaboration between Microsoft, Dell, ITS, the Red McCombs School of Business and the College of Engineering.

Microsoft Consulting Services assisted in data mapping from the mainframe database to the Active Directory schema. University staff designed custom programming to link the Active Directory to the University mainframe EID database, populating it with login credentials, name, University Information Number and university role. A web interface was designed to allow end users to enable their Exchange service.

Results

Training for ITS staff was crucial to the success of this project. Staff members already possessed NT4 Microsoft Certified System Engineering (MCSE) credentials, but in the fall of 2000, the Windows and Exchange 2000 software was still very new. Staff attended local Microsoft Official Curriculum courses on Active Directory, Windows 2000, and Exchange 2000 to become fluent with the new software. In addition, University ITS staffers worked closely with Dell and Microsoft staff to transfer knowledge and collaborate on the new system installations.

Dell hardware was installed and software was configured in September 2000, and in October 2000, 105,000 login credentials were loaded into the Active Directory domain. In Summer 2001, ITS implemented real-time synchronization between Active Directory and the University mainframe EID databases. An opt-in program was created for faculty, staff and students to sign up for the Exchange 2000 Services and web documentation was written to document how it worked. ITS staff members also informed the colleges of Engineering, Communications, and Natural Sciences about the project and assisted them in incorporating Active Directory into their local systems.

During the Summer Semester 2001, ITS will make adjustments to the Exchange and Active Directory services based on its experience with the pilot as well as feedback from pilot participants. The end user feedback will also help ITS prioritize future services and enhancements. Some of the political and technical problems the ITS staff faced during the pilot program include integrating Active Directory with a well-established DNS structure, adjusting names and deployment to early adopters of Active Directory, and accepting that some departments will want or need their own Active Directory solution. Exchange 2000 SP1 and virus scanning software for active-active Exchange clusters was available in the summer of 2001. The pilot team is also working to include role-based credentials in addition to individual credentials.

Once in full production, scheduled for the Fall Semester 2001, the campus Active Directory will provide a cost-savings to participating colleges and departments by eliminating the need to locally administer login credentials. And with a central directory, the University now has a source of data that is widely accessible beyond the web. The University will explore providing policy-based services according to the classification of the user, which can be as general as 3student,2 or as specific as 3student in Communications 301.2 In addition, cross-departmental calendaring and document-sharing features can offer a wide range of future services such as campus-wide room scheduling and electronic routing and approval of administrative forms.

Thomas J. Linscomb
Information Technology Services
The University of Texas at Austin
Linscomb@mail.utexas.edu