CGIAR ICT Roadmap

  • 2,410 views
Uploaded on

CGIAR Information and Communications Technology Roadmap and Action Items: A Three Year Perspective

CGIAR Information and Communications Technology Roadmap and Action Items: A Three Year Perspective

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
2,410
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
125
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. CGIAR Information andCommunications TechnologyRoadmap and Action Items:A Three Year PerspectivePrepared by the Office of theCGIAR Chief Information Officer December 2010
  • 2. Executive Summary This document includes a three-year roadmap in the area of Information andCommunications Technology. It proposes twenty-four prioritized Action Items forthe CGIAR, divided into five general areas. These Action Items were developed, discussed, and prioritized by the ICTmanagers of the CGIAR Centers. Each of the Action Items is a standalone projectwith specific deliverables. In addition to the Action Items themselves, this plancontains background information, rationale for each area, environmental scans ofthe CGIAR and related organizations, as well as a business case or business need foreach Action Item. The starting point for the roadmap was the Strategy and Results Frameworkdocuments [SRF] on the Design and Establishment of the Consortium of CGIARCenters. Within these documents, the concept of “shared services” across CGIARcenters is called out in “Key Findings and Recommendations from the Consultancyon Common Administrative, Financial, and Research support Services in the newConsortium of the CGIAR Centres (November/2009),” hereafter, the “AccentureReport.” These shared services across the CGIAR centers were focused largely oninformation technologies. In the Accenture Report, it was noted that “… shared services in IT can drive improved specialization and increased services. Efficiency gains can potentially free up IT personnel to focus on strategic uses of technology to help drive the future research agenda instead of tactical IT support within a specific Centre. “ The Accenture Report identified five key goals that shared services withinthe CGIAR would support: · “Improve the effectiveness and quality of research by allowing Centres to focus more time and resources on core research activities · Increase collaboration and knowledge sharing within and across Centres through the introduction of standards and collaboration tools · Increase productivity and efficiencies of research support, administrative and financial services through use of industry leading practices and tools · Improve the ability of the CG system to quickly scale and respond to potential increases in funding and introduction of CGIAR Research Programs (CRPs) · Reduce redundancies in spending, technologies and resources by sharing common back- office and research support services” (Accenture Report, page 13) Based on these five goals, 15 very broad shared services initiatives (page 20),ranging from “standardize ways of working” to “share donor intelligence,” were CGIAR ICT Roadmap Page 2
  • 3. proposed. While the very broad initiatives provide high-level guidance, theAccenture Report didn’t offer a detailed implementation plan. Thus, the CGIARturned to its own ICT managers to flesh out the broad initiatives. The ICT managersdeveloped a series of “action items” to build a 3-year roadmap for shared servicesICT deployment within the CGIAR. Those action items form the core of thisdocument. Over a three-month period (July to September, 2010), as a group effort, theCGIAR ICT managers met electronically and via conference call in small groups todevelop a set of action items. The discussions were divided into five general topicareas, and each topic area was covered by a team of ICT managers, with mostmanagers participating in more than one team. In October, 2010, the ICT managers met in Addis-Ababa for a face-to-facemeeting. During the week-long meeting, the five topic areas were combined intothis document. Each action item was discussed, both in small group discussionsand, finally, in a full meeting of all managers. When the action items had beenagreed upon, ICT managers worked together to prioritize and order the final set oftwenty-four. Finally, budget estimates were prepared for the highest priority items. This document doesn’t represent a final three-year plan with a timeline, but arolling analysis of the action items needed for shared services within the CGIAR.Each year, it is expected that this roadmap will be re-visited to verify itsapplicability, to re-confirm priorities and initiate new projects from the action itemlists, and to further fine-tune the roadmap. To begin, the following immediaterecommendations for implementation of the highest priority seven action itemsbeginning in CY2011 are offered. CGIAR ICT Roadmap Page 3
  • 4. Title Description and Proposed Project Scope Description: Establish minimum standards for Internet connectivity, including guidelines for selecting vendors, media (wires/wireless/VSAT), Internet and types of circuits. Connectivity Scope: Prepare policies and negotiate contracts based Internet requirements across different regions in the CGIAR; manage Internet contracts and handle purchasing, negotiation, and project administration. 3 person-months for research, policy establishment, contract negotiation Resource at project initiation; 2 full-time staff continuing to handle admin/finance Requirements tasks and manage program. Description: In conjunction with appropriate partners within CGIAR, a Common Data Repository for CRPs should be developed, including data dictionary and with full access control/security capabilities. Both known data objects and potential future data objects should be supported. This Common Data action item has scope beyond CGIAR Research Programs (“mega- Repository for programs”) as well, and may have results with broad applicability.CRPs and beyond Scope: Establish requirements definition and project design; prepare white paper comparing hosted versus cloud; research on existing repositories for “meta” repository; detailed design of repository; develop access control guidelines, archiving, publishing, and data dictionaries; create repository and operate repository for all CGIAR Resource 60 person months to design, contract, and deploy system. Hardware costs Requirements of approximately $250,000. Continuing staffing of 1 person full-time to manage/maintain (or outsourced contract). Description: Support the selection and deployment of back-office software as part of the One Corporate System initiative. Investigate any bandwidth/connectivity requirements and integration with document One Corporate management systems/corporate repositories that OCS will require when it System is rolled out. Scope: Monitor OCS project and provide ICT input; report and gather feedback; full-time participation and liaison regarding ICT function; progress reporting and documentation Resource Requirements 1 full-time person for life of OCS project. Description: Establish CGIAR data backup systems focusing on the needs of Backup, Data under-served and small offices, including day-to-day automated solutions Protection, as well as cloud-based backup services. Business Scope: Establish backup system policy; establish cloud policy and contract; Continuity establish best practices guidelines for business continuity; contracting for service; establish and initiate service. Resource 4 person-months at project initiation; continuing ¼ full-time person for Requirements management of service and assistance to participating Centers CGIAR ICT Roadmap Page 4
  • 5. Title Description and Proposed Project Scope Description: Continuing program of maintenance, education, and development of CGIAR Active Directory.Active Directory Scope: Creation of knowledge base, community of practice, training materials. Update status of directory. Extend AD beyond simple Exchange/Windows uses. Write governance policy. Deliver training program in 3 regions; continuing daily monitoring and maintenance of AD 4 person-months at project initiation; 3 weeks training annually; Resource continuing ¼ full-time person (or outsourced) for monitoring and Requirements maintenance and management. Description: Make available to all CGIAR staff, support, and promote a collection of collaboration tools (locally hosted or cloud-based, as appropriate), including collaboration platforms, desktop sharing, video Develop a and audio conferencing.Collaboration and Scope: Identification of tools based on action item; product selection; Social Media development of training materials and decision matrix; best practices Toolbox establishment; governance development; continuing outreach and training program; operation of collaboration platform CGIAR-wide including licensing and conferencing services. Resource 3 person-months at project initiation; continuing ½ full-time person and ¼ Requirements full-time person; hardware/bandwidth costs; annual licensing costs.Enterprise Single Description: Design and deploy an enterprise single sign-on infrastructure. Sign-on Infrastructure Scope: Requirements definition and project design only Resource Requirements 2 person-months CGIAR ICT Roadmap Page 5
  • 6. Table of Contents Executive Summary .........................................................................................2 Introduction ....................................................................................................8 Priority Initiatives ............................................................................................9 TOPIC AREA: Application Layer....................................................................... 11 OVERVIEW ................................................................................................................................................ 11 BACKGROUND AND RATIONALE .................................................................................................... 11 ENVIRONMENTAL SCAN .................................................................................................................... 12 OCS - One Corporate System.................................................................................................................12 Other System-Wide Applications........................................................................................................12 Enterprise Architectures ........................................................................................................................12 Survey of Application Usage .................................................................................................................13 ACTION ITEMS ........................................................................................................................................ 13 A1) One Corporate System ....................................................................................................................13 A2) Enterprise Application Framework .........................................................................................14 A3) Common Data Repository for CGIAR Research Programs and beyond ...................14 A4) Lifecycle of Shared and Standardized Applications .........................................................15 A5) Data Management and Collection Tools for Research ....................................................15 TOPIC AREA: Communication & Collaboration Tools and Techniques .............. 16 OVERVIEW ................................................................................................................................................ 16 BACKGROUND, ENVIRONMENTAL SCAN, AND RATIONALE .............................................. 16 ACTION ITEMS ........................................................................................................................................ 17 C1) Develop a VoIP strategy for the CGIAR system....................................................................17 C2) Develop a collaboration and social media toolbox. ..........................................................18 TOPIC AREA: ICT and Organizational ICT Governance ...................................... 20 OVERVIEW ................................................................................................................................................ 20 BACKGROUND, ENVIRONMENTAL SCAN, AND RATIONALE .............................................. 20 ACTION ITEMS ........................................................................................................................................ 21 G1) Identify Critical Center ICT services supporting Science................................................21 G2) Rightsource ICT services at Centers with a global view .................................................21 G3) Transform ICT from Service Provider to Strategic Partner..........................................22 G4) Improve ICT maturity at Centers ..............................................................................................22 G8) Establish Appropriate CGIAR-wide ICT Standards ...........................................................23 TOPIC AREA: Location Strategies .................................................................... 24 OVERVIEW ................................................................................................................................................ 24 BACKGROUND AND RATIONALE .................................................................................................... 24 ENVIRONMENTAL SCAN .................................................................................................................... 24 ACTION ITEMS ........................................................................................................................................ 25 L1) Provide ICT Support, Training, and Procurement to Under-Served Offices ..........25 L2) Backup, Data Protection, Business Continuity ....................................................................26 CGIAR ICT Roadmap Page 6
  • 7. L3) Global Standards for Network Infrastructure .....................................................................27 L4) Internet Connectivity.......................................................................................................................27 L5) Optimizing Wide Area Network Connections ......................................................................28TOPIC AREA: Network and Telecommunications Infrastructure Services ......... 29OVERVIEW ................................................................................................................................................ 29BACKGROUND AND RATIONALE .................................................................................................... 29ENVIRONMENTAL SCAN .................................................................................................................... 30ACTION ITEMS ........................................................................................................................................ 30 N1) Active Directory ................................................................................................................................30 N2) Enterprise Single Sign-On infrastructure .............................................................................31 N3) Cloud Computing - Utility Computing, Outsourced Services, and SaaS ..................32 N4) CGIAR-wide VPN redesign, firewall upgrade, and filtering options .........................33 N5) CGIAR Security Operations Center ...........................................................................................33 N6) CGIAR-wide Equipment and Training contracts ...............................................................34 N7) Strategy for IPv6...............................................................................................................................35Participating ICT Managers ............................................................................ 36References..................................................................................................... 37Appendices .................................................................................................... 39Maturity Model: A Definition ............................................................................................................ 39COBIT: A Definition ............................................................................................................................... 39Enterprise Architecture: A Definition ........................................................................................... 40Unified Communications: A Definition ......................................................................................... 42 What is Unified Communications? ....................................................................................................42 Two Types of UC Applications .............................................................................................................42 UC Applications ..........................................................................................................................................43 UC Applications ..........................................................................................................................................44Cloud Computing: A definition ......................................................................................................... 45 What is Cloud Computing? ....................................................................................................................45 Types of Cloud Computing.....................................................................................................................45Single Sign-on: A Definition ............................................................................................................... 47 Introduction .................................................................................................................................................47 Benefits of Single Sign-On......................................................................................................................47CGIAR ICT Roadmap Page 7
  • 8. Introduction This document presents a three-year roadmap for Information andCommunications Technology (ICT) for the new CGIAR System. The plan ispresented as a series of Action Items in five key areas of ICT: - Applications and Upper Layer Services - Collaboration Tools and Techniques - ICT Governance - Geographic Location and Mobility Issues - Network Infrastructure and Security Services These Action Items were developed, discussed, and prioritized by the ICTmanagers of the CGIAR Centers. Each of the Action Items is a standalone projectwith specific deliverables. In addition to the Action Items themselves, this plancontains background information, rationale for each area, environmental scans ofthe CGIAR and related organizations, as well as a business case or business need foreach Action Item. The starting point for the roadmap was the Strategy and Results Frameworkdocuments [SRF] on the Design and Establishment of the Consortium of CGIARCenters. Within these documents, the concept of “shared services” across CGIARcenters is called out in “Key Findings and Recommendations from the Consultancyon Common Administrative, Financial, and Research support Services in the newConsortium of the CGIAR Centres (November/2009),” hereafter, the “AccentureReport.” These shared services across the CGIAR centers were focused largely oninformation technologies. In the Accenture Report, it was noted that “… shared services in IT can drive improved specialization and increased services. Efficiency gains can potentially free up IT personnel to focus on strategic uses of technology to help drive the future research agenda instead of tactical IT support within a specific Centre... common processes and systems can reduce time in finance spent working on manual processes, reconciliation and reporting… standards for collecting, managing and disseminating information can increase collaboration within and across Centres, and also reduce the risk of losing data and institutional knowledge “ The Accenture Report identified five key goals that shared services withinthe CGIAR would support: · “Improve the effectiveness and quality of research by allowing Centres to focus more time and resources on core research activities · Increase collaboration and knowledge sharing within and across Centres through the introduction of standards and collaboration tools · Increase productivity and efficiencies of research support, administrative and financial services through use of industry leading practices and tools · Improve the ability of the CG system to quickly scale and respond to CGIAR ICT Roadmap Page 8
  • 9. potential increases in funding and introduction of CGIAR Research programs (CRPs) · Reduce redundancies in spending, technologies and resources by sharing common back- office and research support services” (Accenture Report, page 13) Based on these five goals, 15 very broad shared services initiatives (page 20),ranging from “standardize ways of working” to “share donor intelligence,” wereproposed. While the very broad initiatives provide high-level guidance, theAccenture Report didn’t offer a detailed implementation plan. Thus, the CGIARturned to its own ICT managers to flesh out the broad initiatives. The ICT managersdeveloped a series of “action items” to build a 3-year roadmap for shared servicesICT deployment within the CGIAR. Those action items form the core of thisdocument. Over a three-month period (July to September, 2010), as a group effort, theCGIAR ICT managers met electronically and via conference call in small groups todevelop a set of action items. The discussions were divided into five general topicareas, and each topic area was covered by a team of ICT managers, with mostmanagers participating in more than one team. In October, 2010, the ICT managers met in Addis-Ababa for a face-to-facemeeting. During the week-long meeting, the five topic areas were combined intothis document. Each action item was discussed, both in small group discussionsand, finally, in a full meeting of all managers. When the action items had beenagreed upon, ICT managers worked together to prioritize and order the final set oftwenty-four. Finally, budget estimates were prepared for the highest priority items. This document doesn’t represent a final three-year plan with a timeline, but arolling analysis of the action items needed for shared services within the CGIAR.Each year, it is expected that this roadmap will be re-visited to verify itsapplicability, to re-confirm priorities and initiate new projects from the action itemlists, and to further fine-tune the roadmap. To begin, the following immediaterecommendations for implementation of the highest priority seven action itemsbeginning in CY2011 are offered. The remainder of this document outlines the most critical Action Itemsidentified by the ICT managers, and provides additional detail for readers interestedin the rationale and business case behind each action item.Priority InitiativesThe ICT managers of the CGIAR prioritized the action items in this roadmap bydividing them into three priority classes: highest, normal, and lowest. Based on thecollective ranking of the ICT managers, the action items are ordered below fromhighest priority to lowest priority. Please note, however, that the rankings arerough and that within each of the four groupings identified (by color orP1/P2/P3/P4 level) below, the items are approximately equally ranked. In other CGIAR ICT Roadmap Page 9
  • 10. words, all action items ranked “P3” have approximately the same priority with theICT managers of the CGIAR Centers. L4 P1 Internet Connectivity A3 P1 Common Data Repository for CRPs A1 P1 One Corporate System L2 P1 Backup, Data Protection, Business Continuity N1 P2 Active Directory C2 P2 Develop a "collaboration toolbox" N2 P2 Enterprise Single Sign-on Infrastructure G3 P2 Facilitate organization-wide ICT transformation G4 P2 Improve ICT maturity at centers L1 P2 ICT Support, Training, Procurement G2 P2 Rightsource ICT Services at Centers with a Global View N3 P2 Cloud Computing - Utility Computing and SaaS C1 P3 Develop a VoIP strategy for the CG system G1 P3 Identify Critical ICT services supporting Science L3 P3 Standards for Network Infrastructure and Security N6 P3 CGIAR-wide Network Equipment contracts L5 P3 Optimizing Wide Area Network Connections N4 P3 CGIAR-wide VPN redeployment and update N5 P3 CGIAR Security Operations Center G8 P3 Establish Appropriate CGIAR-wide ICT Standards N7 P4 IPv6 Strategy for CGIAR A2 P4 Enterprise Application Framework A4 P4 Lifecycle of Shared and Standardized Applications A5 P4 Data Management and Collection Tools for Research CGIAR ICT Roadmap Page 10
  • 11. TOPIC AREA: Application LayerOVERVIEW The CGIAR Centers each operate their own ICT infrastructures. At thehighest layer of these infrastructures are applications that support the work of theCenter. These applications include a very wide variety of research tools andcollaboration systems, as well as traditional back-office applications such asaccounting, human resources, and purchasing. This topic brief covers the use of applications within the CGIAR Centers andproposes specific action items designed to optimize the selection and sharing ofapplications, specifically common applications, within the Centers.BACKGROUND AND RATIONALE There are many reasons to consider common applications across multipleCenters, including similarity of purpose, CGIAR Research Programs (CRPs, formerlycalled "mega-programs") and shared locations, facilitating collaboration, exploringcloud-based services, and reducing capital and operational expenses. Most of thesereasons are fairly obvious and have been evaluated in considerable depth already. Similarity of Purpose: Although each of the CGIAR Centers is unique andoperates in its own regulatory and administrative environment, there is alsoconsiderable commonality: each of the Centers is more like the other Centers than itis to a traditional trans-national enterprise. This suggests that major applicationacquisition in any area can be done more effectively by raising the level above theindividual center. CRPs/Shared Locations: The Strategy and Results Framework for the CGIARproposes “CGIAR Research Programs” which will cross CGIAR Centers. [SRF] At thesame time, Centers are choosing to co-locate with each other in some geographicareas. While the CGIAR Research Programs and geographically co-located Centersdon’t require integrated cross-Center applications, there are obvious arguments onboth the research and back-office sides of ICT to have common applications. Facilitating Collaboration: As the research teams at the CGIAR Centers areengaged in related work (independently of the collaboration required by the CRPs),it is logical to encourage researchers to draw from a common research tool kit, tosimplify future collaborative efforts both within the CGIAR and without. Exploring Cloud-based Services: Software as a Service (SaaS) is a strongtrend being explored by many enterprises. As Internet bandwidth increases andbecomes more reliable at CGIAR Centers, the use of SaaS may make sense in bothback-office and research computing areas, as well as with commercial office utilitiessuch as as email and/or other related office suites, providing thin clients for userswhere appropriate. Utility Computing, another type of Cloud-based service, may alsobe useful for researchers needing high-performance computing for their work CGIAR ICT Roadmap Page 11
  • 12. Reducing Expenses: As with any asset, software has both capital andoperational expenses. Sharing applications may reduce acquisition costs, trainingcosts, maintenance costs, and allow some specialized applications to be madeavailable to researchers in more Centers, however possible increases in end usersupport and technical support would have to be well thought out, so as not to incurfurther expenses.ENVIRONMENTAL SCAN The possibilities for shared application services have been exploredextensively in the CGIAR Centers, especially in the back-office area.OCS - One Corporate System The “One Corporate System” initiative [OCS] is already working to develop asingle back-office system (sometimes referred to as ERP, enterprise resourceplanning, or HIFAS, highly-integrated financial accounting system) for multipleCenters: “The OCS Initiative is an inter-center bottom-up initiative that seeks to haveCG centers working together to select and implement a [corporate] system … tocreate synergies and economies of scale by increasing centers negotiation powerwith vendors, reducing consulting and implementation costs, and by increasingcenter collaboration by sharing development and maintenance costs amongcenters.” Given that the core module of the OCS is Project Management, scientistscould take advantage of all project information provided and be able to use it totheir advantage, being able to have vital information on hand at any time of theirprojects.Other System-Wide Applications Other system-wide applications are currently being incorporated in variouscenters, for example the Human Resources application HR4U is successfully beingused by a few centers. Other centers may want to follow suit and incorporate thissystem-wide solution while the OCS initiative takes flight. These solutions areprobably not exclusive of each other and can work together. The CGXchange, built on top of Google’s cloud-based web services, iscurrently providing collaboration tools across the CG Centers.Enterprise Architectures The team preparing this brief also evaluated four Enterprise Architectures--Department of Defense [US] Application Framework, Zachman EnterpriseArchitecture, The Open Group Application Framework, and the Federal [US]Enterprise Architecture. A summary of these architectures is beyond the scope ofthis brief, but is available as part of the references. [Framework] CGIAR ICT Roadmap Page 12
  • 13. Survey of Application Usage As part of this topic brief, the ICT Roadmap group asked each Center toprovide a list of applications in use in four areas: Financial/Administrative,Operations Management, Research and Data Management, and PublicationsManagement. While the survey was not comprehensive and different Centers gavedifferent levels of detail in their answers, several trends are visible: [AppSurvey] 1. Centers all have a mature set of applications running in traditional back-office roles, although there is little commonality, with Oracle eBusiness, SAP, Microsoft, and other tools all reported in use. 2. Operations Management functions such as travel management, project management and coordination, grant management, and business intelligence functions are sophisticated in about half the Centers, with multiple applications including both COTS (commercial, off-the-shelf) and custom-developed. The other half did not report having a sophisticated operations management application portfolio. 3. Research and Data Management applications are common across all Centers, with a few typical applications (ESRI GIS tools, SAS or SPSS statistical tools) in almost each Center. Centers reported as many as 37 different Research applications. The survey data suggest that Centers have extensive portfolios in this area. 4. Publication Management applications are less sophisticated. Many Centers reported library management applications, but there seems to be very little penetration of various collaborative tool kits (other than typical web content management systems, such as Drupal and Joomla) into the Centers. 5. Above and beyond the applications themselves, there is a big opportunity to provide a much more integrated data management system for applications to use. For example, CGIAR Centers make heavy use of surveys, but the survey data and results are not coordinated or linked. Researchers wondering whether they can use an existing survey or not are stymied by the lack of common or linked databases that can be searched. The theme of "data repository" appears many times in this document.ACTION ITEMSA1) One Corporate SystemDeliverable: Support the selection and deployment of back-office software as partof the One Corporate System initiative. Investigate any bandwidth/connectivityrequirements and integration with document management systems/corporaterepositories that OCS will require when it is rolled out.Business Need: The Background and Rationale in this document lists five reasonsfor shared applications. All of these are valid reasons to suggest a common back- CGIAR ICT Roadmap Page 13
  • 14. office framework for the CGIAR centers. The One Corporate System initiative is an"action item" which proposed a single, shared application to cover many back-officerequirements. The Action Item here is an endorsement of the One Corporate Systeminitiative and a directive to continue the standardization of back-office applicationsacross Centers and, where possible, the creation of a shared back-office applicationto handle financial and administrative tasks.A2) Enterprise Application FrameworkDeliverable: Research Enterprise Application Frameworks in the context of thenew Consortium to determine applicability to the CGIAR in the area ofadministrative applications. N.B. It is not anticipated that this would apply toresearch computing needs.Business Need: Enterprise Application Frameworks address the twin problems ofincreasing system complexity and decreasing business alignment within theinformation technology arms of large enterprises. In the context of this research,individual Centers are likely too small to require such an enterprise architecture orframework. However, as the Centers combine to a larger CGIAR Consortium, thereis applicability of these frameworks to the larger organization. The goal of this taskis to identify the areas where the research in Enterprise Application Frameworkscan be applied to the CGIAR Centers to increase IT value while reducing IT costs.A3) Common Data Repository for CGIAR Research Programs and beyondDeliverable: In conjunction with appropriate partners within CGIAR, a CommonData Repository for CRPs should be developed, including data dictionary and withfull access control/security capabilities. Both known data objects and potentialfuture data objects should be supported. This action item has scope beyond CGIARResearch Programs (“CRPs”) as well, and may have results with broad applicability. Consideration should be given to storing both structured (e.g., database) dataand unstructured (e.g., publications, images) data in the Common Data Repository. The Common Data Repository should be workflow-enabled, rather thansimply being a repository for data and role-based with the possibility of having bothpublic (uncontrolled) and private (authenticated, access-controlled) access. This Action Item may be satisfied by making a single common repository (ifthere are few Center-wide repositories), or by creating a "virtual" repository thatsits on top of existing repositories to create a single consistent view. This Action Item should also consider using Storage as a Service as the corestorage for the repository (“in the cloud” storage).Business Need: The new CRPs will be generating large amounts of data that need tobe managed. This is especially important with the new CRPs, because someinformation that is generated by one CGIAR-Research-program will be needed asinput to another CGIAR-Research-program. The Common Data Repository willinclude common data dictionaries to describe the data collected, definitions of termsand specifications of allowable values, documentation of the data stored, and CGIAR ICT Roadmap Page 14
  • 15. version control for updates. An important part of this Common Data Repository willbe the security of the shared data, both against unauthorized access andunauthorized modification. As the work of the CGIAR gets re-organized into Research Programs, thework outputs for any Research Program will be spread across the institutionalrepositories that have been setup at multiple centers and are a major component ofthe One Corporate System (OCS) project to be adopted by as many as ten centersinitially. The information in these repositories will need to be repackaged (virtuallyor physically) so that they not only reflect the institutional knowledge and memorybut so that they also reflect the CGIAR’s research program history. The currentreality of diverse, center-based repositories needs to merge seamlessly into thedefinitive collection for each research program.A4) Lifecycle of Shared and Standardized ApplicationsDeliverable: A Procedure to deploy both Shared and Standardized Applications anda common methodology to deal with the lifecycle of applications.Business Need: The action items within this brief, as well as other projects withinthe CGIAR Centers, call for applications to be either standardized or shared or both. We anticipate the benefits of shared and standardized applications, and want toencourage the creation of greater application standards and application sharing. This implies that a simple model to describe how applications are adopted,maintained, and eventually retired will reduce the costs of setting up new sharedand standardized applications.A5) Data Management and Collection Tools for ResearchDeliverable: In conjunction with field users, this deliverable would include a reporton new fieldwork data collection tools (mobile voice networks, text networks, tabletcomputers, Netbooks) across CGIAR Centers. The report would include aninventory of existing tools and devices in-use across the CGIAR Centers. A second aspect of this deliverable would be guidance for end-users on thedifferent data collection tools, including use cases to help users select the correcttools for their research.Business Need: Multiple CGIAR Centers are investigating data collection tools thatmake use of newer technologies, including both hardware and networking. Toreduce duplicate effort and work more efficiently, a CGIAR-wide investigation of thetechnology is appropriate. CGIAR ICT Roadmap Page 15
  • 16. TOPIC AREA: Communication & Collaboration Tools andTechniquesOVERVIEW “Communication and collaboration tools and techniques” includes a broadset of ICT products and services, but some of the most fundamental are:  Synchronous Communications, including: a. Telephony and Audio conferencing b. Video conferencing c. virtual meetings d. Instant Messaging  Asynchronous Communications, including: a. Electronic Mail b. Collaboration platforms c. Social media and networking  Shared Repositories These are core tools and techniques that can minimize the impact of distanceon geographically dispersed team members, helping them work together moreeffectively. In all of these areas, technology has changed extensively in recent years,opening up a broad range of possibilities to improve communications. Thewidespread availability of the Internet in most locations world-wide has madecollaboration a more practical matter than ever before. Even more significantly, the innovative forces behind collaboration tools(such as social media networks) are becoming more and more familiar to CGIARresearchers, making the use of these tools not just familiar, but an expected part ofany day-to-day work plan. We are already observing the CGIAR researchcommunity exerting a substantial “pull” towards collaborative tools. The challengefacing the ICT community is how to bring collaborative tools to the CGIAR researchcommunity in a secure fashion. CGIAR ICT staff must ensure that the use ofcollaborative tools within CGIAR research teams operates in the best interests of theentire CGIAR community, providing a controlled, open and transparent platform toeasily share and preserve information.BACKGROUND, ENVIRONMENTAL SCAN, AND RATIONALE Within the CGIAR system, the need for communication and collaborationtools and techniques is especially relevant for three reasons: CGIAR ICT Roadmap Page 16
  • 17. 1. Most centers are highly decentralized so even intra-center teams are often geographically dispersed. 2. Most projects involve working with external collaborators. 3. Inter-center collaboration exists now and is likely to increase with the reorganization into CGIAR Research Programs. Though the IT units in all of the CGIAR centers are independent of each other,the CGIAR has a long history of ICT collective action focused on supportingcommunication and collaboration. The IVDN (integrated voice data network) wasdeveloped in the mid-90s to facilitate inter-center communication; the voicecomponent of this is still in use at over half of the centers today and all centersparticipate in the common directory and email component. The CGVlibrary projectsuccessfully combined the library resources on all of the centers into a single,searchable collection; this is available at http://vlibrary.cgiar.org. The lessonslearned in the initial attempt to develop a CGIAR intranet/extranet paved the wayfor the successful development of the CGXchange collaborative platform(http://www.cgxchange.org). Institutional repositories -- a mechanism for collecting, preserving, anddisseminating in digital form the work of an institution -- are described as a majorcomponent of the One Corporate System (OCS) project that will be jointly adoptedby at least ten centers, although the focus of OCS has shifted towards back-officefunctions such as finance and administration and document management workflowfunctions. At this time, the OCS is not seen as a repository for research results sofurther work is required to collect the requirements for a collaboration platform andrepository for OCS. [OCS] But not all efforts have been successful; the pilot project using the MicrosoftLive Communication Server (for instant messaging) was not embraced by all centersand the platform was dropped after two years. There is much more that can be done to expand on this initial effort andCGIAR teams would benefit from having a robust set of communication andcollaboration resources to choose from that are easy to use and well supported.ACTION ITEMSC1) Develop a VoIP strategy for the CGIAR systemDeliverable: Develop a unified VoIP strategy, and an implementation plan, for theCG system, including:  for Centers using analog or digital phones, technical standards to add SIP to PBXes; for Centers wishing to use full VoIP to the desk, technical standards for full VoIP PBXes and SIP interconnectivity  an overall architecture for VoIP based on SIP  software standards, profiles, and if necessary acquisition of VoIP clients to encourage VoIP CGIAR ICT Roadmap Page 17
  • 18.  creation of gateways between popular proprietary systems, such as Skype, to bridge Center VoIP networks and encourage connectivity  linkage of Centres’ PBX system to enable least-cost routing of calls and inter-centre calling  standard procedures and promotion to encourage inter-center calling using SIP and a “communication culture”  standard procedures and promotion to encourage linkage to regional and country offices either using softphones or branch office SIP gateways to hosted or Campus based PBXs  directory services to allow easy discovery of phone numbers for CGIAR staff  external linkages to easily allow calls from non-SIP-connected parties, such as a button on a web page “click to call me”  integration of the CGIAR VoIP system with a cloud-hosted conference calling system/service  establishment of minimum standards for VoIP services, including investigation of proprietary extensions and their effect on connectivity  investigation of regulatory issuesBusiness Need: The introduction of CGIAR Research Programs (CRPs, previouslycalled "mega-programs") will broaden the collaborative nature of the work of theCGIAR centers. Voice communication can help teams collaborate more effectively,but the lack of a “communication culture” within the CGIAR and in some cases costand ease-of-use can deter a researcher from using voice. The original IVDN projectbegun in the mid-1990s addressed this by implementing a system that allowed allcenter headquarters staff to call each other as easily as a local call, but this hasdwindled to only half the centers and, for the most part, never reached beyondheadquarters offices. Changes in voice technology and the broad adoption of Skypehave opened up new opportunities to revive and expand upon the original vision ofno-barriers voice between CGIAR staff.C2) Develop a collaboration and social media toolbox.Deliverable: Make available to all CGIAR staff, support, and promote a collection ofcollaboration tools (locally hosted or cloud-based, as appropriate) including:  collaboration platforms o virtual meetings o wikis o shared workspaces (Google Apps, SharePoint)  desktop sharing  large file transfer  social media and social networking tools  video/web conferencing  audio conferencing CGIAR ICT Roadmap Page 18
  • 19. “Make available” in this context could include CGIAR-wide licensing,subscriptions to cloud-hosted services, CGIAR-hosted services, and so on, dependingon the tools selected and the requirements. Where appropriate, paid services andenterprise versions of these tools should be selected (i.e., don’t just focus on freeservices). In the case of video conferencing and audio conferencing, CGIAR-widesubscriptions to bridge services may be appropriate if suitable vendors can beidentified. Another aspect of this deliverable is the creation of training materials and adecision tree or matrix for users to help them understand which tool to use in whichsituation (use cases). The training materials should be part of a continuing end-user support program, with regular updates. The list of collaboration tools should be guided by the communicationcollaboration strategy of the CGIAR, and the set of tools should be selected with careto keep the variety appropriately contained. “Best Practices” for the CGIAR in theuse of collaboration tools will be created, and maintained, as part of this deliverable. This action item has several governance issues. One is an important tie-inbetween the use of collaboration tools and data/document knowledge managementpolicies; the relationship between collaboration tools and long-term repositorieswithin the CGIAR.Business Need: Collaboration tools, including collaboration platforms (such aswikis, blogs, Google Aps, and Sharepoint), desktop sharing (such as GoToMeeting,webex and Dimdim), and file transfer systems (such as FTP and YouSend It) arewidely used throughout the CGIAR system. Emerging tools, such as Yammer(company-private Twitter micro-blogging tool), are also seeing use by earlyadopters. Since teams have different needs—document archive versus jointdocument creation, for example—there is no one-size-fits-all tool that will meet allneeds. CGXchange 2.0 has done a superb job in meeting many of the collaborativeneeds of CGIAR teams, but it alone cannot meet the needs of all of them. Centershave independently attempted to address the needs of their staff, resulting in anarray of overlapping solutions. As inter-center collaboration grows, researchers willgrow frustrated with having to master a different tool for each team. So the centersneed to work together to identify, support, and promote the collection of tools thatwill meet the needs of staff without significant overlap. People in many different locations and from different organizations arecarrying out research projects. These projects and people require a platform andassociated mechanisms for collaboration and joint work. As a side note:collaboration platforms require access control at the individual, group, andexternal/outsider level. The current CGIAR Active Directory does not easily enableaccess controls for external organizations. Changes or extensions to the directorymay be necessary as part of this collaboration action item, and these have beenidentified as part of an Action Item in the Networking brief. CGIAR ICT Roadmap Page 19
  • 20. TOPIC AREA: ICT and Organizational ICT GovernanceOVERVIEW While the CGIAR is moving from a set of independent Centers to a moreunified Research Entity, ICT in the CGIAR will also have to adjust from a set ofindependent ICT Centers to a more unified ICT Support function. Yet, there will be aneed for regional and Local ICT specialized services. There is also an opportunity for ICT to move from a simple support functionto join the Business in researching ICT solutions to achieve the strategic objectivesof the Organization. Stepping up the role of ICT will involve the adoption of well-defined ICT Governance policies and procedures. Because the alignment of ICT with business needs and knowledgemanagement is a widespread industry trend, many Centers have taken some or evenmany steps in this direction already. As part of the new ICT governance it will be important to define the new roleof the CEO and CIO along with a new Global ICT Services function. An externalreview on the ICT-KM Program in 2009 [ICT-KM-ExtReview] proposes severaldifferent structures for Governance. This will help support the consistenttransformation of ICT groups across all Centers into an integrated ICT, informationand knowledge function.BACKGROUND, ENVIRONMENTAL SCAN, AND RATIONALE Up to now, with the current Center’s independent status, ICT managers andsenior management were in charge of taking all decisions. This includes decisionsabout the value of cooperation with other Centers, because the life of the Centerswas mainly on each managers own shoulders. This should not be the case anymorein a more unified CG where funds are distributed from a single entity. In this case,the CG is going to really look for economies of scale (as the study from Accenturepoints out) across multiple Centers. So if the CG is serious about economies of scale,the CEO and the CIO will have to take on higher profile roles which involve makingICT decisions and doing ICT planning on behalf of the Centers. It is clearly an advantage from a business point of view that global ICTservices currently with the ICT-KM Program would be expanded. It is alsoimportant that ICT units within each of the Centers continue and expand theirexpertise in the areas of information and knowledge management. It is felt thatthere is an ongoing trend for ICT in Centers to become more an expert and advisoryservice to guide staff on the best use of the technology for maximum cost efficiency.Local ICT would become less involved with running ICT operations and more withoptimizing the workflow of staff and offices. CGIAR ICT Roadmap Page 20
  • 21. Staff should make sure that they get their project requirements ready, ask forthe proper contract to service them and monitor results. ICT will be theintermediary that makes sure the right ICT services are chosen, the proper contractssetup and ensures deliverables are obtained. However, these ICT services should be,in large part, outside the local premises in the cloud or in the Enterprise cloud.ACTION ITEMSG1) Identify Critical Center ICT services supporting ScienceDeliverable: A needs assessment for ICT services required by the sciencecommunity, including all ICT services, not just those provided internally by CGIAR ITgroups. Consideration should be given to using the ITIL framework (such as the ITILservice catalog) in structuring this deliverable.Business Need: Accenture did not have the resources or the time to look at the roleof ICT in each center. IT needs to get involved in the planning of the entire spectrum of(research) support services in the new CGIAR landscape. There are special ICTservices provided to the Scientists and to the scientific community that are crucial tothe success of research. It will be useful to find out if they are strictly local or if theycan be globalized. Furthermore, some locally provided services could benefit fromglobalized support or globally provided tools.G2) Rightsource ICT services at Centers with a global viewDeliverable: "Rightsourcing" is the process of identifying ICT services andapplications, then deciding whether they should be delivered internally or handledusing external service providers (with internal oversight). This deliverable has twoparts: guidelines, and recommendations.The CGIAR Centers, as the first part of this deliverable, should prepare guidelines onrightsourcing decision making along with a discussion of the elements required toguarantee service quality and continuity to the end users. For example, providing ITsupport to country offices might come with a service catalog, SLA (Service LevelAgreement), performance metrics, and costs.Further, once the guidelines on rightsourcing are developed, the second part of thisdeliverable calls for the guidelines to be used in a CGIAR-wide exercise. As part ofthis exercise, services will be identified that are common across multiple centers,and recommendations made about which should be kept internal to each Center,which can be fully outsourced, and which may be able to take advantage of aninternal CGIAR service provider. N.B. “Global view” in this Action Item does notimply the same sourcing for all locations. However, the option for CGIAR Centers tocollaborate because of proximity should be fostered. CGIAR ICT Roadmap Page 21
  • 22. Business Need: Rightsourcing of services aims for economic savings whileproviding the same or a higher level of service to end-users.G3) Transform ICT from Service Provider to Strategic PartnerDeliverable: Recommend ICT goals and visions for the new CG systems that will beused as key messages to persuade senior management in championing organization-wide ICT transformation. Necessary steps (assessment, gap analysis, architecturedefinition, etc.) will be defined to a certain level of detail that can help facilitatingthe discussion, strengthen the case, and setting reasonable expectations.Business Need: Modern IT management suggests that IT, in general, needs to bemore closely aligned with the business it serves. This Action Item helps to promoteIT into the position of best serving the CGIAR Centers.Additional Background Information: As part of the discussion of this Action Item,the ICT managers offered guidance on direction and goals. The ICT structure should be aligned with the business structure andorganization and strategy. The organization and infrastructure needs to be flexible.We should align with internationally recognized frameworks like COBIT forgovernance to include oversight steering groups and ITIL for ICT Service Provision. It needs to be clear which ICT Services are mandatory to be provided withinthe Consortium (either internally or externally with internal oversight).Requirements must be generated and agreed to by those who need the services.These can them be provided through a service catalogue and SLA by the ICT teams. One option is to take ICT Services out of the Center structure. Since ICTfunctions are self-financing, they could be detached and still provide services backto the Centers and CRPs including partner organizations. (similar to ICT Services atILRI and World Agroforestry). Country offices can then choose who they want toreceive the service from: the closest ICT Service Unit, the ICT Service Unit thatprovides the service to the lead Center of the CRP, or from somewhere else.G4) Improve ICT maturity at CentersDeliverable: With the input of IT users, enterprise management, and the IAU,analyze the current ICT maturity level (see Appendix for a definition of "maturitylevel") at Centers, gather existing international maturity standards that would beapplicable to CGIAR Centers, and recommend changes to help increase compliancewith standards and increase overall ICT maturity.This could be done in a fashion similar to the process followed by security auditors.However, it will require changes that have implications for the entire Organizationand must be championed by senior management in Centers. Recommend that ICTwithin Centers adopt ITIL for the provision of services. One strategy for this mayinclude benchmarking by comparing ICT maturity within Centers to Universitiesand similar organizations. This could provide a baseline as well as a target. CGIAR ICT Roadmap Page 22
  • 23. Business Need: Using tools such as COBIT (Control Objectives for Information andrelated Technology), identify measures, indicators, processes, and best practices tohelp maximize the benefits that ICT provides. These metrics can be used to carryout e-readiness assessments and gap analysis of each Center or CRP, providing botha baseline for future comparison and a measure against global standards forresearch centers. The goal of these types of assessments is to identify areas thatneed to be worked on (and, when repeated, documentation that improvements havebeen made).Note that this is not a one-time project but a continuous process.G8) Establish Appropriate CGIAR-wide ICT StandardsDeliverable: Explore areas where CGIAR-wide ICT standards would be beneficial,where these standards would further the goals of the CGIAR as a whole, and wherestandards would be valuable to the groups involved. Some of these standards mightrequire coordination with other groups within the CGIAR. For example, while thereis an ICT component in the following two example areas, they are not purely ICTstandards: - Defining policies regarding “branding” of CGIAR web sites and collaborative tools, including the use of logos and domain names - Defining social media (internal and external) policies and guidelinesSome areas are more clearly purely within the remit of the ICT area, for example: - Creation of good practice standards for application development - Security guidelines for Active Directory - Requirements for ICT business continuity - Security requirements for 3rd party vendors - Tools to use to operationalize policies and guidelinesN.B. The areas listed above are meant purely as examples, and are not meant to bean exhaustive list for this action item. It is likely that ICT Standards will be acontinuing action item, not a one-time project.Business Need: Establishment of standards helps to reduce long-term costs anduncertainty within an organization. By providing guidelines in common areas ofconcern, standards enable groups to focus on the important work at hand and spendless time re-visiting decisions and discussions that have already been made. CGIAR ICT Roadmap Page 23
  • 24. TOPIC AREA: Location StrategiesOVERVIEW In an era of extreme mobility, the concept of "being in the office" hasdisappeared for many knowledge workers. Today, being in the office may simplymean sitting in front of their laptop anywhere they can find a Wi-Fi signal. At thesame time, in some cities, CGIAR Centers have chosen to co-locate with one anotherand with other partners. These twin trends of mobility and co-location give CGIARstaff great flexibility in where they work, but also raise important issues. This topic brief focuses on ICT issues that are affected by a persons location,whether they are in their head office, a regional, country or project office, ortraveling.BACKGROUND AND RATIONALE An implicit part of the CGIAR is that certain guiding principles should applyto all staff, no matter what their location. In the context of this brief, we believe thismeans that there should be equal access to resources wherever a person is located.This requires a minimum standard of connectivity and a security system that canauthorize access across locations. Obviously, not all locations will have the same capabilities, due to therealities of geography, politics, and budgets. However, when a minimum standard isset, this will provide guidance to applications and systems designers about whatthey can, and cannot, expect in the end-user community.ENVIRONMENTAL SCAN The ICT-KM Second Level Connectivity project investigated issuesspecifically related to smaller regional and country offices. Started as a project toimprove connectivity to the internet, it soon became clear that there were severalother issues limiting the effective use of ICT in the regional and country officesincluding poor support, old or non-existent equipment and infrastructure, lack offunding, information and training and poor collaboration with others. Many of theideas from the Second Level Connectivity project have been used in the action itemsin this brief. See also [SLC Vision]. The NetHope project (www.nethope.org) is a project to increasecollaboration among international humanitarian organizations. NetHope focuses onfive initiatives, all collaborative in nature, including Connectivity, Field CapacityBuilding, Emergency Response, Shared Services, and Innovation. Information onNetHope is available on their web site and not generally in standalone documents. CIAT has produced documentation for their Regional Offices focusing onStandards and Procedures. In the Standards area, Cabling Standards, ComputerRoom Cabling, and Electrical Protection are covered. Procedures are documentedfor Hardware and Software Inventory, Policies on Computer Use, Backup CGIAR ICT Roadmap Page 24
  • 25. Procedures, and Policies for Internet and Email. [CIAT-Procedures] [CIAT-Standards] Other projects within the CGIAR and community that have looked at theselocation issues include:CIFOR (Center for International www.cifor.cgiar.orgForestry Research)IDRC Acacia Initiative http://www.idrc.ca/acacia/IDRC Connectivity Africa [IDRC Infobook]Infobook (2005)Balancing Act Africa http://www.balancingact-africa.com/ (commercial reports, not uploaded)UN Economic Commission for http://www.uneca.org/ (although dated, theAfrica UNECA hosts dozens of publications on Information Technology for Development), [NICI eStrategies] United Nations agencies have considered sharing locations carefully in thecontext of their "Delivering as One" project. The One Office piece of Delivering asOne includes overview guidance documentation, as well as specific reports on theprojects in Cape Verde, Mozambique, Pakistan, Rwanda, Tanzania, and Uruguay.[OneUN]ACTION ITEMSL1) Provide ICT Support, Training, and Procurement to Under-Served OfficesDeliverable: Create an ICT support organization, based on a clearly defined scope,for under-served CGIAR Centers based on a regional support model with locallanguage capability. The scope of this deliverable is primarily offices that do nothave local support, although this could be extended more broadly based onexperience and capabilities.This may also include development of a knowledge base and COPs, harmonization ofprocurement standards, desktop standards, standards for remote support tools, andgeneral policies within a location or region to reduce variance between Centers.Any support structure should also include reference to established internationalguidelines, most specifically the ITIL (Information Technology InfrastructureLibrary) framework for IT Service Management.This deliverable also includes specific support for training, as in the followingexamples (which are not meant to be exhaustive or restrictive): - face-to-face training CGIAR ICT Roadmap Page 25
  • 26. - virtual training - self (CBI) training - orientation (new employee) training - funding for support visits in remote areas.Several issues to be addressed here include: - structuring of costs and staff pay - accountability and reporting (who does this report to?) - governance of the support and training facility - selection of web-based tools for supportBusiness Need: Good quality ICT support at all locations within the CGIAR is criticalto ensure effective use of systems and infrastructure. Because the CGIAR Centershave very similar ICT environments, there is considerable overlap in technologiesand configurations. By moving support resources closer to the end-user, time zoneand language differences can be minimized. At the same time, a higher level oftraining (with greater face-to-face or virtual training sessions and e-Learning tools)will make end-users more efficient in utilizing the resource available to them, headoff potential confusion, and resolve support issues more quickly.L2) Backup, Data Protection, Business ContinuityDeliverable: Establish CGIAR data backup systems focusing on the needs of under-served and small offices, including: - a day-to-day automated solution (for disaster recovery or lost file recovery) based on either traditional software approaches or backup appliances, - cloud-based backup services, especially for small offices, contracted at the CGIAR-level (not at the individual office level) In addition, establish a CGIAR Storage As A Service contract (not dependenton a single vendor, though). This can help to mitigate risk in the development ofdisaster recovery packagesBusiness Need: Head offices of CGIAR Centers typically have full-time IT staff andthe expertise to manage and maintain standard backup systems. In smaller offices,this is not the case and backups may be handled in a haphazard or ad hoc manner bystaff who are not trained to ensure that systems are being properly backed up. ACGIAR backup solution will ensure that valuable data are not lost when disks crashor laptops are lost. This could be based on cloud services, or combined with alocation storage system, and would be designed to be easily rolled out to smalleroffices, replacing tools such as portable hard drives and never-replaced magnetictapes. A different, but related, issue is the loss of data from an institutionalperspective when the data are being gathered and managed away from central ITfacilities. To reduce the risk of loss, a CGIAR repository should be created to helpcapture information from all types of locations in a secure and protected fashion. CGIAR ICT Roadmap Page 26
  • 27. L3) Global Standards for Network InfrastructureDeliverable: Establish minimum specifications, recommended equipment, andstandard configurations (for different types and sizes of locations) to ensurenetwork capabilities, configuration, and desktop security meets acceptablestandards at all CGIAR locations. This includes both governance issues andtechnical standards, so multiple groups may need to contribute to the final result ofthis Action Item. Some components of this deliverable may also be covered by the CGIARSecurity Operations Center (proposed in another topic brief).Business Need: In general, ICT infrastructure in larger campuses is establishedwith a high level of network capabilities and security. However, in regional, countryand project offices, the level of network infrastructure and the attention paid tosecurity can be quite low, impeding access to critical resources, and putting theentire organization at risk through malware infection or unauthorized access. Byestablishing minimum standards and recommended configurations for networksacross all locations, this risk can be reduced. In addition, standardization willreduce the costs of deploying secure networks and secure desktops by enablingknowledge re-use not just within a Center but also across all Centers.L4) Internet ConnectivityDeliverable: Establish minimum standards for Internet connectivity, includingguidelines for selecting vendors, media (wires/wireless/VSAT), and types ofcircuits.Identify roaming service providers (such as iPass) for public Wi-Fi and GSM dataservices and establish CGIAR-wide contracts for best pricing.Investigate CGIAR-wide e-mail and application gateway approaches with an eye toreducing capital and operational expenses and improving reliability.Investigate emergency VSAT connectivity options with an aim towards setting up a"standby" contract for CGIAR offices in need of emergency connectivity. This itemprobably should be moved to the VSAT negotiation Action Item.Policies should be established to encourage offices to keep their infrastructure to aminimum, to encourage co-location, and put budget monies into better Internetconnectivity.Business Need: Internet connectivity is crucial to the new way of working withinthe CGIAR. While smaller offices have investigated lower cost services, a lack ofstandardization and shared knowledge has resulted in sub-standard deployments insome locations. As sharing of infrastructure using Internet services becomes thenorm, the quality of Internet connectivity will be a key predictor of success oflocation sharing projects. As CGIAR staff travel, they also always need Internet access even when awayfrom a CGIAR location. While pay-as-you-go services are always convenient, it isdesirable to investigate global services providers that may result in lower overall CGIAR ICT Roadmap Page 27
  • 28. costs and possibly better connectivity. This applies both to Wi-Fi services and GSM-based telephone services, including gateway products such as BlackBerryEnterprise Server.L5) Optimizing Wide Area Network ConnectionsDeliverable: Investigate and, if appropriate based on cost vs. benefit, establish aCGIAR-wide contract for WAN acceleration products and circuit aggregationproducts. Produce a report showing how these products could be used in the CGIARand the expected benefits and cost savings.A second aspect of this deliverable is the investigation of alternative technologies toWAN acceleration, such as Windows 7 Branch Cache, and other software-basedproxy or caching solutions.Business Need: WAN Acceleration products can provide a better end-userexperience over congested, high-latency, or bandwidth limited circuits, although at acost. The use of these products within the CGIAR VPN or individual Center VPNs hasno been fully explored. The unique nature of the CGIAR operating environmentmeans that most publicly available test results and evaluations do not apply. Arigorous testing and procurement process could result in the availability of thesevaluable tools to the CGIAR ICT managers. By providing enterprise-wide testing,CGIAR managers can select products with a minimum of effort and maximumassurance of proper return-on-investment. CGIAR ICT Roadmap Page 28
  • 29. TOPIC AREA: Network and Telecommunications InfrastructureServicesOVERVIEW Each CGIAR Center manages and maintains its own telecommunicationsnetwork. While many of these networks are similar in design, the final responsibilityfor network design and operation has fallen on the individual Centers. In a moretightly connected CGIAR Consortium, many basic network and infrastructureservices could be coordinated with a result of increased collaboration capability andreduced cost. This topic brief covers a variety of areas where coordination between theCGIAR Centers is desirable in the areas of network layer services andtelecommunications infrastructure. Voice over IP and digital telephony, topicswhich might be considered at this layer as well, are covered in the CollaborationTools brief instead.BACKGROUND AND RATIONALE The network infrastructure within the CGIAR Centers is a core that all otherICT services depend upon. More and more, the research and results that the Centersproduce requires 100% uptime of infrastructure services, including the network.For this reason, it makes sense to seek ways to: - increase the reliability of the network and the basic network services - monitor and manage the security of the network 24/7 - decrease the cost of running the network - provide a larger and more flexible set of network service building blocks For many mid-size organizations, the operation of the network and networkservices such as Active Directory are secondary tasks of the ICT team--they dontnecessarily take a full-time persons attention. Because networks, once set up, tendto run acceptably even in the absence of any active monitoring and management,ICT teams focus elsewhere. The end result is networks that slowly decay inperformance, security, and reliability, and are often behind the capability curvewhen new demands are placed on them. By bringing together the requirements of multiple Centers, many tasks thatwould not be affordable or reasonable for a single Center to accomplish can beshared among multiple Centers--and provide cost-effective benefits to all. This topicbrief proposes eight specific initiatives to meet the goals of increasing reliability,security, and services at a cost-effective level. CGIAR ICT Roadmap Page 29
  • 30. ENVIRONMENTAL SCAN A number of CGIAR-wide projects have focused on network layer andinfrastructure services. These include the Active Directory project, and a project tocoordinate use of anti-malware software across Centers. In 2003, the CGIAR Centers migrated from their existing Windowsenvironment to a coordinated Active Directory/Windows 2000 system. Thisinstallation, coordinated by CGnet, also included installation of Microsoft ISA proxyservers at each site and the creation of a shared Microsoft Exchange email network. Each Center runs its own Exchange servers, but the email directory is common as isthe address space for users "@cgiar.org". While the Active Directory and ISA proxyserver installation met many goals, the software and hardware are generally out-of-date. An existing project to upgrade Microsoft Exchange to Exchange 2010 is inoperation beginning in 2011. In 2008, the brief study was undertaken to consider the use of a singleantivirus tool in the CGIAR. At that time, Trend Micros anti-virus tool was in use inmost Centers and the question considered was whether this was still the technicalbest solution. The conclusion of the study was that Trends efficacy had sufferedand several Centers had migrated to competing products, including ones from ESET,McAfee, and Kaspersky. In 2008, a case study was undertaken to explore alternatives to the existingCGIAR collaboration system. At the time, a goal was to find a system that would notrequire too much investment in time and money. Because Google Applications, asuite of collaboration tools on the cloud (Software as a Service - SaaS) that includescalendar, chat, documents, sites, video and more, met the requirements of low initialinvestment, it was chosen as a pilot project. The study went so well that in early2009 it was decided to replace BEA Aqualogics (CGIARs former locally managedcollaboration system) for Google Applications and the advantages of this changehave been substantial.ACTION ITEMSN1) Active DirectoryDeliverable: Continuing program of maintenance, education, and development ofCGIAR Active Directory. This deliverable would establish a funded program to: - maintain the health of the directory, - to include outreach on existing training materials, - to create a knowledge base - to add a community of practice, - and develop new training materials to help CGIAR Centers make use of this resource. CGIAR ICT Roadmap Page 30
  • 31. It should also be considered whether Active Directory should be opened upfor use beyond the current Windows Domain Controller and Email/Exchange uses,and if this is agreed, then any required changes to routing, replication, and accessmethods should also be implemented. At the same time, additional services such asDNS may be added (for health checks, training, etc.). Additions to Active Directory as part of this action item would also include away to access the GAL (Global Address List) of Exchange outside of the Exchangeenvironment, but within the CGIAR using protocols such as LDAP. This deliverable should include a review of current design or ActiveDirectory alternatives, to determine if the design is still optimal given changes inorganizational direction and hosting environments. An additional action item within this would include a governance policyexplicitly addressing the sharing and/or replication of Active Directory informationbetween CGIAR centers.Business Need: Active Directory provides a critical service for the CGIAR. TheCGIAR-wide Active Directory is not providing the best service possible to all Centers. One of the reasons for this is simple neglect--there is no continuing program tomaintain the health of the directory and resolve problems. While there are some"best practices" provided by CGnet, in practice, the individual Centers do not havethe expertise or privileges to keep the directory operating optimally. In addition, itwas found that Centers are not making good use of the common directory andauthentication service because of lack of training in programming and operation ofthe directory. The lack of a properly working directory can impact end-userproductivity, cause interruptions in service, and decrease total system security.N2) Enterprise Single Sign-On infrastructureDeliverable: An enterprise single sign-on infrastructure that includes the following: - based on open standards; not necessarily based on AD - integrated with the CGIAR Active Directory (or its successor) - ability to include partners and a non-CGIAR user baseWhen rolling out systems that integrate with SSO, a governance requirement for arisk/security analysis should also be included. Because the single sign-on system would be a superset of the existing ActiveDirectory authentication and directory service, the scope of single sign-on mayrequire Active Directory to be expanded to include giving non-CGIAR collaboratorsaccess to resources that require authentication. This could be done, for example, bycreating an authentication service that integrates CGIAR Active Directory andanother directory through tools such as OpenID, SAML, and OAuth.Business Need: CG Centers have traditionally used internally run applications thatwould only require an initial logon by the staff. Currently, there is increasingdemand for SAAS (Software as a service) and applications running in the cloud. CGIAR ICT Roadmap Page 31
  • 32. These applications require logging into foreign systems that do not rely directly onthe CGIAR Directory services. To avoid users having to remember severalpasswords, increase security, staff efficiency and establish license-trackingmechanisms it is critical that the CG adopts an ESSO system. This will be anextremely useful tool to identify applications where economies of scale can beapplied through Centers. This system should be centrally hosted and managed incollaboration with the Centers.N3) Cloud Computing - Utility Computing, Outsourced Services, and SaaSDeliverable: Identify specific areas where Utility Cloud Computing, Software-as-a-Service Cloud Computing, Platform-as-a-Service Cloud Computing, and otherOutsourced Hosting and Management can be used within CGIAR Centers. This deliverable includes the following: - establishment of policies and good practices to encourage Centers to moveto SaaS and Utility Computing/PaaS as a default deployment strategy, to definesecurity in the use of cloud services, including data protection and compliance, andto define inventory control to ensure that cloud-based services have a definedlifecycle to reduce “sprawl.” - specific review of the existing Email network to consider whether emailshould be outsourced in some way (ranging from on-premises to off-premiseshosted) - scan CGIAR environment to identify back-office applications (finance andadministrative) that can be moved to the cloud, such as the existing OCS initiative; - scan CGIAR environment to identify areas where research computing canmake use of both SaaS and utility computing. Examples of this might include bio-informatics, remote sensing, GIS (geographic information systems), and modeling; - identify areas where outsourced management of applications or systemswould benefit the CGIAR centers This deliverable should include a white paper or other explicit discussion ofthe constraints that would prevent Centers from joining cloud services orinfrastructure changes such as increased bandwidth that may be required beforecloud services can be effectively used (a “reasons not to go to the Cloud” whitepaper)Business Need: SaaS and Utility Computing promise to provide lower costs toenterprises by taking advantage of massive economies of scale that can be offeredthrough service providers. While there are significant issues of control and datasecurity that have "clouded" the use of these new computing delivery techniques,there are many other areas where cloud computing can offer fast deployment, highdegree of scalability, excellent reliability, global levels of accessibility, andsignificant cost savings. This is both true in the SaaS area (for example, the CGIAR isalready using Googles cloud-based services for information collaboration) and inutility computing (which will be of primary interest to researchers needing high CGIAR ICT Roadmap Page 32
  • 33. performance computing). (Readers needing additional background information onSaaS and Utility Computing should refer to the Appendix of this document.)N4) CGIAR-wide VPN redesign, firewall upgrade, and filtering optionsDeliverable: The CGIAR-wide VPN should be updated to meet current needs. Thisdeliverable would include several basic requirements: (1) redesign of the CGIAR VPN to separate out the VPN from the firewallfunctionality to provide a more appropriate locus of control (2) consider options to replace the ISA servers with low-cost firewallappliances to support the VPN (3) design a standard for Web caching, malware detection, and URL filteringto replace the ISA functionality in Centers that want proxy-type web filtering. Support of IPv6 should also be built-in at this point.Business Need: The CGIAR VPN was originally developed to share Active Directoryinformation using a combination web proxy/VPN/firewall product developed asMicrosoft ISA running on general-purpose computers. Enterprises rarely use thistechnique today. As the original ISA software and hardware is now badly outdated,a re-design of the VPN to use less-expensive, more reliable and more capablehardware is appropriate. In addition, because the combination offirewall+VPN+proxy in the same device has been problematic for some Centers tomanage, and has restricted greater use of the VPN for information sharing, aseparation of function that will allow each piece to operate independently offers agreater value to the Consortium as a whole. Models for VPN deployment, includingcentral administration or distributed administration, should be explored to find the"best fit" with current use of firewalls and VPNs within individual Centers.N5) CGIAR Security Operations CenterDeliverable: Creation of a CGIAR Security Operations Center (SOC), either using in-house resources or outsourced to a MSSP (Managed Security Service Provider). The responsibility of this SOC would be to handle day-to-day operations inthe area of network security for Centers, including monitoring any IDS/IPS(intrusion detection/intrusion prevention) systems, updating firewallconfigurations and software, monitoring firewall logs, managing threat mitigationtools such as network anti-malware. The SOC would also monitor multiple securityalert bulletins to summarize and report regularly to CGIAR network managers onemerging threats and any urgent patches or updates. Because the SOC would be applying uniform standards across multiplecenters, there is a substantial Governance component to this Action Item. The SOCmust be linked to security policies established by ICT Governance. The SOC wouldpromote solutions to the CGIAR Centers that help them to adhere to the CGIARSecurity Guidelines. CGIAR ICT Roadmap Page 33
  • 34. Because anti-malware products and patching products have variable efficacyrates, an important part of this action item would be regular re-evaluation of thedesktop protection and patching vendors being used in the CGIAR to ensure that thetools are providing effective protection (or patch management, as appropriate) in allenvironments. The SOC would also have a long-term audit function to ensure that propersecurity is applied across the CGIAR Centers. As part of the audit, the SOC wouldpromote solutions to the CGIAR Centers that help them adhere to the securityguidelines. Another aspect of this action item is a regular update schedule for the CGIARBest Practice security documents, since without regular updates they would not beuseful.Business Need: Few Centers, if any, have networks that are large enough to supporta dedicated SOC function. However, all have networks connected to the Internet anda constant flow of systems in and out of their network. Most have also suffered oneor more security problems in varying degrees of severity. Because there is no full-time support, security is a part time job for many Centers, increasing the possibilitythat an intrusion or infection will interrupt work or cause data loss. By combiningthe resources of multiple Centers, a SOC can be established (or contracted withthrough any number of Managed Security Providers, MSPs) to provide thisincreasingly required service at a low cost to Centers who wish to make use of it. Itshould be noted that previous Enterprise Security and Internal CGIAR audits havealready recommended the creation of a SOC. The CGIAR has already begun work on enterprise-wide “best practices” in thearea of network security ([EnterpriseSecurityDocs]), which help demonstrate thedemand from Centers to improve their security posture.N6) CGIAR-wide Equipment and Training contractsDeliverable: Investigate, and if appropriate, negotiate contracts for IT equipmentand training globally for CGIAR Centers. This would include typical devices from the vendors most-used within theCGIAR Centers, including: o Networking Equipment: switches, firewalls, and routers o Systems: desktops, laptops, and servers o Specialized Equipment: PDAs, mobile phones, ruggedized systems o Training Challenges such as stocking of replacement equipment and geographicsupport issues will have to be included in any contract to facilitate world-widebuying and support. A side-effect of this Action Item might be greaterstandardization of equipment across CGIAR Centers. This action item should also include an investigation of training alternatives.For example, internal IT training on common equipment could be provided by CGIAR ICT Roadmap Page 34
  • 35. CGIAR staff in conjunction with an equipment vendor or third-party trainingprovider.Business Need: Negotiating individual pricing contracts for each of the CGIARCenters for products such as routers, switches, and firewalls is a significant timewaster that adds to total costs and reduces the agility of CGIAR Centers. While thebuying power of the Centers may not be significant globally, it is likely thatadvantageous pricing can be identified that at least reduces the requirement to runseparate supplier bids and establish individual contracts with each supplier at eachCenter.N7) Strategy for IPv6Deliverable: A CGIAR-wide strategy for IPv6, including: - any governance guidelines related to acquisition of IPv6-compatible network equipment, including a moratorium on purchasing equipment incompatible with IPv6 - a training program to inform network teams within the CGIAR on how to migration to IPv6 - a strategy for migration to IPv6 including long-term coexistenceBusiness Need: IPv4 IP addresses are essentially unavailable, limiting the growth ofnetworks that require IPv4. As the CGIAR Centers link to each other “behind thefirewall” using tool such as VPN tunnels, address collision may require the re-addressing of networks to ensure unique addresses are used within the entireCGIAR. IPv6 is the declared migration strategy by the IETF. CGIAR ICT Roadmap Page 35
  • 36. Participating ICT Managers This roadmap was created through the collective work of more than 18individuals. The main contributions were driven by the ICT managers of the CGIAR,CGIAR’s CIO (Enrica Porcari) ,with additional coordination and guidance from TaniaJordan (Office of the CIO) and Joel Snyder (External consultant, Opus One).Center ICT ManagerBioversity Dario ValoriCIAT Carlos MenesesCIFOR Muhamad Robby MunajatCIMMYT Carlos Gabriel LopezCIP Edgardo Torres (Acting IT Manager)ICARDA Colin WebsterICRAF Ian MooreICRISAT Pradyut ModiIFPRI Nancy WalczakILRI Ian MooreIRRI Marco van den BergIWMI Nirudha PereraWARDA Moussa DavouWorldFish Rainelda Ampil Roadmap development started in 8/July/2010 and continued electronicallyuntil 28/September/2010, when all teams had submitted their first drafts of actionitems for the Roadmap. A second draft based on comments was presented to theICT Managers on 7/October/2010. At the annual ICT manager’s meeting, held in2010 in Addis-Ababa, Ethiopia, the roadmap was discussed in face-to-face meetingsthe week of 11/October/2010. A final draft and prioritized list of action items wereoutput documents from the Addis meeting on 14/October/2010. The final version of this roadmap was prepared on 22/November/2010. CGIAR ICT Roadmap Page 36
  • 37. References[SLC Vision] ICT-KM Second Level Connectivity Project: ImprovingCommunications and Access to Internet Resources for CGIAR Regional and CountryOffices. (uploaded to ICT-Roadmap Location Site)[IDRC Infobook] Connectivity Africa Infobook (downloaded fromhttp://www.idrc.ca/acacia/ev-89542-201-1-DO_TOPIC.html) (uploaded to ICT-Roadmap Location Site)[NICI eStrategies] National Information and Communication Infrastructure (NICI)e-Strategies. Best Practices and Lessons Learnt (2006) (downloaded fromhttp://www.uneca.org/aisi/nici/documents/nici-book.pdf) (uploaded to ICT-Roadmap Location Site)[EnterpriseSecurityDocs] Enterprise Security Good Practice documents includeseven “Good Practice Guides” and an accompanying set of checklists. These include: Email Management and Security Internet and Email Acceptable Usage Policy Internet Security Network Infrastructure Security Network User Identification and Authentication Sensible Use of Bandwidth Workstation Security( downloadable from http://www.cgxchange.org/ict-infopoint/es-security-good-practices )[CIAT Procedures] CIAT Information Systems Unit: "Regional Offices ITProcedures" (uploaded to ICT-Roadmap Location Site)[CIAT Standards] CIAT Information Systems Unit: "Standards andRecommendations for Regional Office Infrastructures" (uploaded to ICT-RoadmapLocation Site)[OneUN] Multiple documents, downloaded fromhttp://www.undg.org/index.cfm?P=1213 andhttp://www.undg.org/index.cfm?P=1214. Uploaded as a single archive to ICT-Roadmap Location Site)[OCS] One Corporate System documents: http://ocs.cgxchange.org CG Systems - Existing Systems Comparison (November/2008) CG Systems - Lessons Learned (November/2008) OCS General Requirements OCS Key Questions OCS Concept Document for Rome Meeting (August/2009) OCS Technical Requirements (all downloaded from www.ocs.cgiar.org/July/2010)[SRF] Strategy and Results Framework documents: CGIAR ICT Roadmap Page 37
  • 38. A draft Strategy and Results Framework for the CGIAR (March/2010 Background Document and FAQ document for Consultancy on CommonAdministrative, Financial, and Research support Services in the new Consortium ofthe CGIAR Centres Design and Establishment of the Consortium of CGIAR Centers - Final Report(October/2009) An AHP-Expert Choice Model for the Strategic Results Framework of the CGIAR(Executive Summary by Mueller and Stricker) Key Findings and Recommendations from the Consultancy on CommonAdministrative, Financial, and Research support Services in the new Consortium ofthe CGIAR Centres (November/2009)[Framework] Application Layer Frameworks Department of Defense (US) Application Framework v2 (volumes 1-3) Federal Enterprise Architecture Framework Consolidated Reference Model v2.3 The Open Group Architecture Framework v9 Zachman Framework structure for Enterprise Architecture Comparison of the Top Four Enterprise Architecture Methodologies by RogerSessions[AppSurvey] Survey on Application Deployment within the CGIAR Centers(August/2010) (http://hyperlink/here)[ICT-KM-ExtReview] External Review of the Information and CommunicationsTechnology and Knowledge Management Program (ICT-KM) of the ConsultativeGroup on International Agricultural Research (Sept 13, 2009)(http://ictkm.cgiar.org/document_library/program_docs/External_Review_09/ICT-KM%20External%20Review%2009.pdf) CGIAR ICT Roadmap Page 38
  • 39. Appendices The information in this section is supplementary and includesdocumentation of the discussions of the team who prepared this brief, as well asother background material that may be helpful to the reader.Maturity Model: A Definition One of the action items in this brief uses the term "Maturity Model." Thefollowing definition may be helpful for readers who have not come across this termbefore. This is taken from a web site improvementandinnovation.com. "Maturity relates to development and growth, from an initial state to anadvanced state, with various implicit stages in-between that need to be travelledthrough in order to reach the advanced state. In the context of businesschange/improvement, the initial state would be the implementation of the program,and the advanced state one where the strategies of the program have been fullyadopted and integrated into the organization on an ongoing and robust way. Mapping the cycle of maturity provides a framework enabling anorganization to gauge the health of its program by providing a point of reference forits current state, and then consequently guide the future direction of the program bysetting and prioritizing goals, aligning functions and projects, and setting a methodfor future appraisal. This is the Maturity Model. It gives the leadership a method ofmeasuring and reviewing the progress of an improvement program. A Maturity Model is usually created based on benchmarking research carriedout with various companies. It seeks to answer two vital questions: Why do someimprovement initiatives succeed, while others fail? What is it that successfulprograms do differently? Consequently, the correct utilization of a maturity modelcan help greatly in ensuring that an improvement program is on the right path tosuccess."COBIT: A Definition COBIT is an oft-mentioned (in this brief) term. The following definition maybe helpful for readers who have not come across this term before. This is takenfrom the Wikipedia article on COBIT. "The Control Objectives for Information and related Technology (COBIT) is aset of best practices (framework) for information technology (IT) management,created by the Information Systems Audit and Control Association (ISACA) and theIT Governance Institute (ITGI) in 1996. COBIT provides managers, auditors, and ITusers with a set of generally accepted measures, indicators, processes and bestpractices, to assist them in maximizing the benefits derived through the use of CGIAR ICT Roadmap Page 39
  • 40. information technology, and developing appropriate IT governance and control in acompany. COBIT was first released in 1996. Its mission is “to research, develop,publicize and promote an authoritative, up-to-date, international set of generallyaccepted information technology control objectives for day-to-day use by businessmanagers and auditors” [1]. Managers, auditors, and users benefit from thedevelopment of COBIT because it helps them understand their IT systems, anddecide the level of security and control that is necessary to protect their companies’assets, through the development of an IT governance model. COBIT 4.1 has 34 high-level processes, covering 210 control objectives,categorized in four domains: 1. Planning and Organization 2. Acquisition and Implementation 3. Delivery and Support 4. Monitoring and Evaluation COBIT provides benefits to managers, IT users, and auditors. It providesmanagers with a foundation upon which to base IT-related decisions andinvestments, while ensuring continuous service and monitoring systemperformance. Decision-making is more effective because COBIT aids management in: 1. Defining a strategic IT plan 2. Defining the information architecture 3. Acquiring the necessary IT hardware and software to execute an IT strategy IT users benefit from COBIT because of the assurance provided to them byCOBITs defined controls, security, and process governance. COBIT benefits auditors by helping them to identify IT control issues within acompany’s IT infrastructure. It also helps them corroborate their audit findings."Enterprise Architecture: A Definition One of the action items in this brief uses the term "Enterprise Architecture."The following definition may be helpful for readers who have not come across thisterm before. This is taken from a document "A Comparison of the Top FourEnterprise-Architecture Methodologies" by Roger Sessions. Twenty years ago, a new field was born that soon came to be known asenterprise architecture. The field initially began to address two problems: 1. System complexity—Organizations were spending more and more money building IT systems; and CGIAR ICT Roadmap Page 40
  • 41. 2. Poor business alignment—Organizations were finding it more and more difficult to keep those increasingly expensive IT systems aligned with business need. The bottom line: more cost, less value. These problems, first recognized 20years ago, have today reached a crisis point. The cost and complexity of IT systemshave exponentially increased, while the chances of deriving real value from thosesystems have dramatically decreased. Todays bottom line: even more cost, even less value. Large organizations canno longer afford to ignore these problems. The field of enterprise architecture that20 years ago seemed quaintly quixotic today seems powerfully prophetic. Many enterprise-architectural methodologies have come and gone in the last20 years. At this point, perhaps 90 percent of the field use one of these fourmethodologies: 1. The Zachman Framework for Enterprise Architectures—Although self-described as a framework, is actually more accurately defined as a taxonomy 2. The Open Group Architectural Framework (TOGAF)—Although called a framework, is actually more accurately defined as a process 3. The Federal Enterprise Architecture—Can be viewed as either an implemented enterprise architecture or a proscriptive methodology for creating an enterprise architecture 4. The Gartner Methodology—Can be best described as an enterprise architectural practice This white paper discusses these four approaches to enterprise architecture.It does so within the context of a fictional company that is facing some verynonfictional operations problems. These problems include:  IT systems that have become unmanageably complex and increasingly costly to maintain.  IT systems that are hindering the organizations ability to respond to current, and future, market conditions in a timely and cost-effective manner.  Mission-critical information that is consistently out-of-date and/or just plain wrong.  A culture of distrust between the business and technology sides of the organization. How should this company choose from among these four very differentapproaches to enterprise architecture? This white paper traces the journey thecompany is likely to face in using any one of these methodologies. When examining each of these methodologies in depth, one is struck by thefact that none of these approaches is really complete. Each has strengths in someareas and weaknesses in others. CGIAR ICT Roadmap Page 41
  • 42. For many enterprises, none of these methodologies will therefore be acomplete solution. For such organizations, this white paper proposes anotherapproach, one that might be called a blended methodology. Choose bits and piecesfrom each of these methodologies, and modify and merge them according to thespecific needs of your organization. This white paper gives an approach to creatingsuch a blended methodology that is a best fit for your organizations needs. But even a blended methodology will only be as good as an organizationscommitment to making changes. This commitment must be driven by the highestlevel of the organization. The good news is that, with a real commitment to changeand a tailored methodology for guiding that change, the 20-year-old promise ofenterprise architecture is within reach. That promise hasnt changed: reducing IT cost and complexity, whileincreasing business value and effectiveness—or, to put it even more simply,improving your competitiveness in an increasingly competitive world.Unified Communications: A Definition One of the action items in this brief uses the term "Unified Communications."The following definition may be helpful for readers who have not come across thisterm before. This is taken from the web site "UCStrategies.COM."What is Unified Communications? Unified Communications (UC) has many definitions, so don’t get stuck onthis. The results from UC are what matter, not the definition. As was well said in apanel at VoiceCon San Francisco 2008, "Lets quit arguing about what UC is; letsspend our time focusing on what UC actually does." UCStrategies.com defined UC from the outset in 2006 as: “Communications integrated to optimize business processes.” We continue to see this as a sound foundational definition. This integration ofcommunications can occur across a wide spectrum, from:  Users simply adjusting their habits, to  Manual integration as defined by procedures and training, to  Integration of communications into off-the-shelf tools such as Outlook, Notes, BlackBerry, Salesforce.com, and many others, to  Purpose specific integration into customized applications in specific operating departments or in vertical markets such as healthcare.Two Types of UC Applications Given this range of possibilities, two categories of the UC definition weredefined in 2007-2008: CGIAR ICT Roadmap Page 42
  • 43.  UC-User Productivity or UC-U: Unified Communications tools that users adopt to improve their experience and/or results.  UC-Business Processes or UC-B: Unified Communications tools that are explicitly integrated into defined processes, either procedural or automated. This diagram illustrates how UC-U and UC-B cover a continuum frompersonal through workgroup through enterprise-level adoption and scope. The definition includes "optimized" since the tools and techniques of UCenable transformative changes in an enterprise’s operations (business processes):  For-profit companies can earn more revenue with less cost and greater profits  Non-profit organizations can lower costs while improving service delivery In both cases, the operations are significantly improved by changing howcommunications tools are used and by eliminating communication-related “hotspots” – those places where the operational activities are blocked, delayed, orcomplicated by communications issues.UC Applications These Application Descriptions provide an overview and supporting detailsfor each of the five UC-Business Process (UC-B) Application Groups defined below.In addition, there are Application Descriptions for three (3) UC-User Productivity(UC-U) Applications Groupings. These application descriptions can be used in all phases of UCimplementation. They are valuable when evaluating which applications are mostapplicable to your business; they are useful for your UC and communicationsplanning; and they can be used for discussion of UC opportunities with theoperational management of your enterprise (Line of Business, Agency Leaders, etc.). CGIAR ICT Roadmap Page 43
  • 44. UC Applications can be categorized as UC-U (User Productivity) and UC-B(Business Process). In both categories, we can observe that the applications areappearing in five major application groups. As with any groupings, there will alwaysbe exceptions and outlying examples, but these five groups provide a guideline onwhere to look for the applications in your enterprise. The five application groupings are:  Contact Management – Facilitating access from clients, partners and associates  Resource Identification and Problem Resolution – Finding a skilled, authorized person or team and solving a problem  Seamless Information for Mobility – Delivering access communication and information to mobile personnel, seamlessly  Collaboration Acceleration – Helping teams get creative and project work done most expeditiously  Communication-enabled Job Portals – Packaging communications right into the users workflow and application tools Note that none of these Application Groupings are a product or technology.Rather they are solutions based on "communications integrated to optimizebusiness processes," our basic UC definition. The required products and technologies are different for each of theApplications Groupings.UC Applications Contact Management – Facilitating access from clients, partners and associates Resource Identification and Problem Resolution – Finding a skilled, authorized person or team and solving a problem Seamless Information for Mobility – Delivering access communication and UC-B information to mobile personnel, seamlesslyApplications Collaboration Acceleration – Helping teams get creative and project work done most expeditiously Communication-enabled Job Portals – Packaging communications right into the users workflow and application tools Basic UC Productivity – Enhancements via Presence, Instant Messaging (IM), and Click-to-Communicate, where the communications are via the UC software, independent of a PBX or IP PBX; usually these solutions co-exist with PBX-type systems. UC-U Advanced UC Productivity – Basic UC productivity plus mobility solutions; voice,Applications web and/or video conferencing; usually collaborative workspaces, and some from of integration with legacy or new PBXs or IP PBXs and the telephone network. Enhanced Voice UC Productivity – The extension of Voice over IP (VoIP) and IP PBXs to include Basic and/or Advanced UC Productivity tools, offering some additional savings in total cost of ownership and selected user productivity tools. CGIAR ICT Roadmap Page 44
  • 45. Cloud Computing: A definition One of the action items in this brief uses the terms "Cloud Computing","Software as a Service" (SaaS), and "Utility Computing." The following definitionsmay be helpful for readers who have not come across these terms before. This istaken from a white paper prepared by Joel Snyder.What is Cloud Computing? Cloud computing is based on a single premise: you don’t need a computerroom to make use of a computer. Cloud computing offers the benefits of rapidscalability—the ability to get very big, very fast—as well as high reliability and highdegree of accessibility. Cloud computing also has the potential to reduce costs, byoutsourcing many aspects of operation of business applications. The roots of cloud computing extend to the first days of computers, whenmainframe computers were rare and expensive. In those days, companies would“rent time” on computers operated by service bureaus to run different applications.Cloud computing was one of the original reasons for building the Internet: so thatresearchers at one University could use computers at a different school. Fast forward to the era of personal computers and the Internet, a ubiquitousworld-wide telecommunications network. While some of the original premises ofcloud computing have changed—for example, except for certain super-computers,the cost of computing hardware is very low—others have taken their place.Computer hardware may be cheap, but the people to keep it running are asexpensive now as they ever were. The Internet may let people come to your dataeasily, but certain types of applications, such as wide-spread video streaming,require very specialized networks beyond the reach and expertise of mostcompanies.Types of Cloud Computing Today, CloudComputing is broadly brokeninto two categories:software-as-a-service (SaaS),and utility computing. In thediagram nearby, traditionalbusiness computing can beeasily compared to these twotypes of Cloud Computing. In Standard BusinessComputing, users connect toapplications across the Figure A Traditional computing uses company software, on companycompany network. The hardware, on the companys network. Cloud Computing leveragesapplication software and hardware and software owned by Service Providers, on the Internetsupporting hardware are CGIAR ICT Roadmap Page 45
  • 46. both fully under the control of the company. For example, in the CGIAR, the EmailSystem at most Centers includes application software bought from Microsoftrunning on supporting hardware bought from server vendors such as HP, Dell, andIBM, all running in computer rooms owned and controlled by the Center. In Utility Computing, a type of Cloud Computing, the user side of theequation is the same: organizational users connect to applications. However,instead of going across the company network, they connect across the Internet to adata center run by the Cloud Computing provider. On hardware provided by theCloud Computing provider, the company installs and manages its own softwareapplications. Utility Computing is most attractive to organizations that need to scaleup their computing resources massively in a very short period of time. For thatreason, it is common in new “startup” companies to use Utility Computing ratherthan build their own computer centers. The second type of Cloud Computing, Software as a Service, is thepredominant type of Cloud Computing used by businesses today. In SaaS, usersconnect across the Internet to software and hardware in a data center run by acloud computing service provider. Both types of Cloud Computing make use of "Cloud Computing" serviceproviders. These are generally considered to be third party companies, such asAmazon or specialized providers such as CGnet. However, the CGIAR could buildand manage its own "service provider" to provide Cloud Computing SaaS and/orUtility Computing within the CGIAR. CGIAR ICT Roadmap Page 46
  • 47. Single Sign-on: A DefinitionOne of the action items in this brief uses the term “single sign-on.” The followingbrief description is from The Open Group’s definition of Single Sign-On.Introduction As IT systems proliferate to support business processes, users and systemadministrators are faced with an increasingly complicated interface to accomplishtheir job functions. Users typically have to sign-on to multiple systems, necessitatingan equivalent number of sign-on dialogues, each of which may involve differentusernames and authentication information. System administrators are faced withmanaging user accounts within each of the multiple systems to be accessed in acoordinated manner in order to maintain the integrity of security policyenforcement. Historically a distributed system has been assembled from components thatact as independent security domains. These components comprise individualplatforms with associated operating system and applications. These components act as independent domains in the sense that an end-userhas to identify and authenticate himself independently to each of the domains withwhich he wishes to interact. The end user interacts initially with a Primary Domainto establish a session with that primary domain, which requires the end user tosupply a set of user credentials applicable to the primary domain, for example ausername and password. The primary domain session is typically represented by anoperating system session shell executed on the end user’s workstation within anenvironment representative of the end user (e.g., process attributes, environmentvariables and home directory). From this primary domain session shell the user isable to invoke the services of the other domains, such as platforms or applications. To invoke the services of a secondary domain an end user is required toperform a Secondary Domain Sign-on. This requires the end user to supply a furtherset of user credentials applicable to that secondary domain. An end user has toconduct a separate sign-on dialogue with each secondary domain that the end userrequires to use. From the management perspective the legacy approach requiresindependent management of each domain and the use of multiple user accountmanagement interfaces.Benefits of Single Sign-On Considerations of both usability and security give rise to a need to co-ordinate and where possible integrate user sign-on functions and user accountmanagement functions for the multitude of different domains now found within anenterprise. A service that provides such co-ordination and integration can providereal cost benefits to an enterprise through: CGIAR ICT Roadmap Page 47
  • 48.  reduction in the time taken by users in sign-on operations to individual domains, including reducing the possibility of such sign-on operations failing  improved security through the reduced need for a user to handle and remember multiple sets of authentication information.  reduction in the time taken, and improved response, by system administrators in adding and removing users to the system or modifying their access rights.  improved security through the enhanced ability of system administrators to maintain the integrity of user account configuration including the ability to inhibit or remove an individual user’s access to all system resources in a coordinated and consistent manner. Such a service has been termed Single Sign-On after the end-user perceptionof the impact of this service. However, both the end-user and management aspectsof the service are equally important. This approach is illustrated in the diagramabove. In the single sign-on approach the system is required to collect from the useras, part of the primary sign-on, all the identification and user credential informationnecessary to support the authentication of the user to each of the secondarydomains that the user may potentially require to interact with. The informationsupplied by the user is then used by Single Sign-On Services within the primarydomain to support the authentication of the end user to each of the secondarydomains with which the user actually requests to interact. CGIAR ICT Roadmap Page 48