9.2 Upgrades for SecURITY

9.2 Upgrades for  SecURITY 9.2 Upgrades for  SecURITY - Start

2018-10-24 4K 4 0 0

9.2 Upgrades for SecURITY - Description

Admins: Lessons Learned. SESSION 35354. March 8, 2016. presenters. Matt Lemme. PS Security Administrator. University of Colorado. matt.lemme@cu.edu. PS Security Admin with CU System Administration since November 2014.. ID: 695856 Download Presentation

Download Presentation

9.2 Upgrades for SecURITY




Download Presentation - The PPT/PDF document "9.2 Upgrades for SecURITY" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.



Presentations text content in 9.2 Upgrades for SecURITY

Slide1

9.2 Upgrades for SecURITY Admins: Lessons Learned

SESSION 35354March 8, 2016

Slide2

presenters

Matt Lemme

PS Security Administrator

University of Colorado

matt.lemme@cu.edu

PS Security Admin with CU System Administration since November 2014.

6 years of experience with PeopleSoft security (4 as a distributed security coordinator)

Focus on student systems and portal

Slide3

presenters

Ryan McDaniel

Assistant Director of IAM

University of Colorado

ryan.mcdaniel@cu.edu

Becky Kimminau

PS Security Administrator

University of Colorado

rebecca.kimminau@cu.edu

Lorem ipsum dolor sit

amet

,

consectetur

adipiscing elit. Aliquam molestie lectus at nibh semper egestas. Maecenas vel nisi blandit, egestas sapien eget, accumsan leo. Curabitur orci massa, blandit sed sollicitudin vitae, eleifend posuere sem.

Lorem ipsum dolor sit

amet

,

consectetur

adipiscing

elit

.

Aliquam

molestie

lectus

at

nibh

semper

egestas

. Maecenas

vel

nisi

blandit

,

egestas

sapien

eget

,

accumsan

leo

.

Curabitur

orci

massa

,

blandit

sed

sollicitudin

vitae,

eleifend

posuere

sem.

Slide4

UNIVERSITY OF COLORADO

Slide5

ORGANIZATION & ORACLE

If relevant,

organizations include

their recent and current

version or status

with Oracle/PeopleSoft

modules

Slide6

Overview

1

BACKGROUND

Legacy

Scope

Timeline

Participation

2

CHALLENGES

3

LESSONS LEARNED

Delegation

Environments

Change Management

Production4Q&A

Slide7

DISCLAImERMuch of what we will cover regarding our experience with our recent 9.2 upgrades applies to upgrades generally and is not technically specific to 9.2.

Slide8

BACKGROUND

Are we really doing this??

Slide9

Legacy - sharedPeopleTools

8.49No upgrades/bundle applications in many yearsHeavily customizedSecurity

Many

users with secondary accounts due to

customizations

Inconsistent naming of security (and other) objects

Slide10

FIN legacyFIN 8.4

1 Business Unit segregated in separate FIN instance

Slide11

Hcm legacy

HRMS 8.9SecurityRoles did not make sense to users1 permission list per role

Slide12

9.2 upgrade SCOPE - SHARED

PT 8.54DecustomizationWorkflow implementationSecurity

Retiring secondary accounts

Redesign

Roles based on job functions

Permission lists based on business processes

Principle of Least PrivilegeService accounts as well as end usersNon-page security (component interfaces, web services)Naming standardization

Oracle Upgrade Lab

Phire

for change management

Slide13

9.2 upgrade SCOPE - SHARED

9.2 security needsWorkCentersActivity Guides – hardcoded roles

Unified Navigation

Fluid

Slide14

FIN 9.2 upgrade SCOPE

Implementation of Grants module, including Grant SecurityReimplementation of security due to significant change in objects

Slide15

HCM 9.2 Upgrade SCOPE

Employee portal redesignEmployee portal security redesignMove away from Public content referencesContent Reference Security by Permission List instead of

Role

MFA

for privileged users

Slide16

9.2 upgrade TIMELINE

2-year programInitial project for fit-gap analysis aimed at decustomizationUpgrade/Execution

projects

University Information Services

Office of the University Controller (FIN)

Employee Services (HCM)

3 weeks from scheduled cutovers go live was postponed for 4 weeks because FIN campus users were not yet comfortable with new systemEarly December 2015 go live

Slide17

SECURITY TEAMAssistant Director

2 FT PS Security AdminsConsultantsCount1 for 6 months until original go live

2 for 2 months around go live

1 for an additional month after go live

Responsibilities

Creating cutover provisioning scripts

Grants Security in FINPOI Security in HCMMonitoring and assisting with resolution of production issues

Business office security

approvers

Slide18

9.2 upgrade CURRENT STATUS

3 months since go liveSecurity: Go-live/Crisis mode for 2 months after actual go liveBrought in a change management consultancy to run command center, track issues, and stabilize system

Stabilization project

#

1 priority – Grants on FIN side

Campuses needing to close books

Closed December in last FebruaryElevate Phase 2 – Projects that were descoped for go live

Slide19

CHALLENGES

What could go wrong??

Slide20

Challenges

Dual UpgradeDevelopers, business office staff only working in one environmentTough to go back and forthNumber of environments

CU had a dozen environments for each application

Oracle

Upgrade

Lab

Not sure what to expect, what would come throughWhich objects sourced from HR89 vs UPGUsers from HR89Security objects from UPGUpgrade process blew away custom permission

lists, which created orphans

Blew

away directory

configuration

in one app but not the other

Staffing

levels

Slide21

Challenges

Delegated responsibility for some security administration workSecurity approvers had other responsibilities and often were not able to provide requirements on time

If they occurred, we were not included in conversations with campus users regarding Business Unit security, POI security, etc.

Issues with boundaries and consequences

Provisioning of IT staff

Messing with service accounts

Granting admin rolesKnowledge transfer to security admins, security coordinatorsBusiness

office-engaged third-party development

Knowledge transfer to security admins, security coordinators

Slide22

Challenges

Interim securityProductionLate development

Slide23

LESSONS LEARNED

Never make the same mistake twice. Make it five or six times, you know, just to be sure.

Slide24

GENERALDual upgrade – DON’T DO IT!!

Interim securityBe careful with admin roles

Slide25

DELEGATION

Recommend against delegating security work to business officesBusiness office approves should provide requirements

Development responsibility of security admins

If you are going to delegate,

s

et expectations

DeadlinesBoundariesConsequencesNaming conventions

Slide26

DELEGATION

Clearly delineate responsibility for objectsBusiness office permission lists and rolesSelf Service permission lists and rolesIT

permission lists and roles

PeopleTools

security

Query trees

Row-level securityUser PreferencesDevelop clear transition plan after go-live and communicate eventsRemoval of admin roles

Slide27

ENVIRONMENTSHave a clear environment strategy and hold to it

Resist environment proliferation!Maintenance involvedNew environment setup

Refreshes

Less clarity regarding purpose of environment

More opportunity for security to scatter

Have a dedicated security environment (SEC)

Slide28

Change manAgement

Group related security objects in projectsSource all security objects from same environmentRespect your sources!Make changes in designated source environment and migrate instead of making same change in multiple environments

Easy to evaluate compares

Migrate

all changes to all environments (where

appropriate)

Isolate security objects that may have a lot of last minute changes (e.g., Production Services/Scheduler) in dedicated projectMore, smaller projects better than fewer, larger projectsCan quickly evaluate compares

Migrations do not take as

long

Designate

one detail-oriented, organized individual to manage migrations

Slide29

Change manAgement

 

Object group

Change

Request

Source

UPG migration

dttm

Business Office

CR000314

SP3

11/17/15 10:24PM

Service Accounts

CR000284

SP211/17/15 10:38PM ITCR000588SP311/17/15 7:50PM SmartCR000595SP311/16/15 2:33PM TreesCR000731SP311/17/15 10:50PMLate ChangesCR000799

TST

Change tracking spreadsheet

Slide30

PRODUCTION ISSUESStrategize

Triage for x days/weeks, then return to normal change management processConsider outliersConsultants

Go-live needs

Continued development

Emergency changes

Issue tracking

Distribution list

Slide31

RELATIONSHIPSIf anything is off, it’s security.

Manage perceptionsSmile 

Slide32

Concluding thoughts

ANY QUESTIONS?

Slide33

SUMMARY

Slide34

presenters

Jane Doe

Title of Presenter

Company Name

email@address.com

John Doe

Title of Presenter

Company

Name

email@address.com

all Alliance presentations

will be

available for download from the Conference Site

Slide35

THANK YOU!


About DocSlides
DocSlides allows users to easily upload and share presentations, PDF documents, and images.Share your documents with the world , watch,share and upload any time you want. How can you benefit from using DocSlides? DocSlides consists documents from individuals and organizations on topics ranging from technology and business to travel, health, and education. Find and search for what interests you, and learn from people and more. You can also download DocSlides to read or reference later.