The Latest in Shared Infrastructure- July Accomplishments

Submitted by David Sterling

TeamBusiness Areas of InterestAccomplishmentImpact
Enterprise EngineeringWorkdayIdM live and running on Workday dataHR system of record changed to Workday. IDM has been working closely with HRIS to facilitate quick remediation for identity related issues in Workday.
Enterprise EngineeringVarious schools & depts.Three ECM sites have been retired/removed from SharePoint 2013 — EHS, Radsafety and Brown-DeanContinued progress to goal of implementing WUIT SharePoint Strategy
Enterprise EngineeringRadiologyCompleted BRML Radiology software load – 23 applications for final SITS subunitEnabled final radiology subunit to move to SITS – Accounts
Enterprise EngineeringRisk ManagementCompled FSM for risk management from legacy medpriv to files.wustl.eduEnabling decomission of legacy file server
Enterprise EngineeringInfosecDistributed out-of-band Windows Update for printing vulnerability to mitigate known vulnerabilities within Microsoft operating systems. No issues reportedMitigated possible security vulnerability
Enterprise EngineeringInfosecAMP connection to Splunk competed. Events are flowing into Splunk and meetings scheduled to review.Requested logs from AMP have been routed to Splunk for InfoSec to utilize for reporting. 
Enterprise EngineeringSoftware LicensingSuccessfully installed a new version of the Mathematica License Server software on a new server; users are migrating over from the old license server to this new one.Makes new version of Mathematica available to students and faculty
Enterprise EngineeringInfosecWorked with SOC to add the “” domain to InCommon, to enable SSL certificate requests for that domain, as part of the NIST 800-171 enclave project.Allows WUIT to procure SSL certs for the Wash U secure enclave from InCommon, the preferred vendor.
Enterprise EngineeringInfosecCompleted Phase1 deployment for WUSM ITSS Digital Guardian ProjectSubstatially completed software deployment of Digital Guardian agent to Windows Computers
Enterprise EngineeringCampus WideCompleted credential onboarding for WUIT Depot for WUSTL Secure EnclaveGained valuable feedback on onboarding process and steps to improve process for customers
Enterprise EngineeringInfosecSplunk information is triggering automatic blocking upon detection of external hosts scanning Wash U network.First instance of actionable intelligence from Splunk triggering instant, automatic blocking of malicious actors.
Enterprise EngineeringVarious schools & depts.Sites implemented in JAMF to allow ArtSci and STS to do management for their groups. This is just one step of several to fully implement. Some build out in JAMF in progress to complete ArtSci access to do higher level task. Weekly meetings to ensure we are moving forward and meeting needs.Both STS and ArtSci has reqeusted to self manage their devices in JAMF. Configuring and testing has been done in the test environment and configuration and testing of production environment taking place at this time.  The ArtSci staff are testing and working with DE on access as they would like. 
Enterprise EngineeringVarious schools & depts.SharePoint migrations: Migrated to Azure and Protective Services to Teams and SPO.Continued progress to goal of implementing WUIT SharePoint Strategy
Platform EngineeringVarious schools & depts.Finalized purchase of SQL Server 2008 Extended Support for the third (and final) year. Remaining servers to be retired or migrated by July, 2022.Ensure vendor support for legacy systems as the migration efforts continue.
Platform EngineeringDepartment of Pathology & ImmunologyCompleted go-live for, the file sharing location for Pathology. A separate implementation was developed to enable Windows file indexing. Specific I/O (input-output) monitoring is employed to ensure appropriate performance.Provides files services supported by WashU IT for the Department of Pathology & Immunology.
Platform EngineeringWUSMCompleted retirement of SCCM system in the legacy ITC hosting environment.Retired legacy support systems that have been replaced by WashU IT shared service offerings.
Platform EngineeringVarious schools & depts.Completed automation of Red Hat Satellite tasks to streamline deployment and patching activities for WashU IT-managed Red Hat Linux systems.Continued to improve the support environment for client systems hosted by WashU IT.
Platform EngineeringDepartment of OtolaryngologyCompleted onboarding of shared FileMaker hosting for OtolaryngologyMigrated client databases to the WashU IT shared hosting environment.
Platform EngineeringVarious schools & depts.Completed emergency security upgrades for Serv-U FTP/SFTP hostsEnsure secure environment for file transfer hosts.
Platform EngineeringVarious schools & depts.Completed scanning and remediation of managed Windows hosts for PrintNightmare vulnerabilitiesEnsure secure environment for print server hosts.
Platform EngineeringSchool of Arts & SciencesCompleted deployment of CrowdStrike to server endpoints managed by Arts & Sciences computingEnhance security capability for Arts & Sciences servers.
Platform EngineeringVarious schools & depts.Completed configuration and allocation of 8 new Veeam backup server repository serversIncrease the capacity and performance of backup systems utilized by the WashU IT server environment.
Platform EngineeringPublic Health Sciences DivisionCompleted FileMaker hosting onboarding for Public Health Sciences.Migrated client databases to the WashU IT shared hosting environment.
Platform EngineeringMcKelvey School of EngineeringCompleted migration of McKelvey School websites from legacy dedicated web servers to WashU IT shared hosting services.Migraged web sites to the shared WashU IT hosted environment to enable retirement of legacy web servers.
Network EngineeringBrown SchoolDeactivated legacy brown school vpn profile on  Migrated clients to more robust hardware providing better throughput and standard configuration. Improving their experience while also providing a more secure and supported platform.
Network EngineeringRISCreated new RIS – GCP route Added functionality
Network EngineeringRISConfigured network hardware for Mass Spec WURN on-ramp for new construction projectProvided high speed data transfer network connectivty
Network EngineeringSecure the WUSM ProjectWorked with Project team and finished NAC Client support webpage: instructions for Client on-boarding to areas that are in scope of the Network Access Control effort.
Network EngineeringChancellorCompleted network design for the chancellor’s office renovationRefreshed network is on new hardware provding extended vendor support and future functionality
Network EngineeringCMMC/CUI projectCompleted the build out of the WUSTL-SEn lab at 4480Reached project milestone
Network EngineeringCMMC/CUI projectCompleted the install of the Meraki WUSTL SEn switch for Dr. Mitreva in support of the CMMC projectReached project milestone on-baording client to the new WUIT Secure Enclave supporting the CMMC/CUI efforts.
Network EngineeringWUSMDeployed several Perfsonars devices to aid in performance testing within WUSMTesting capabilies now exist for network engineers to test performance throughout WUCON.
Network EngineeringVarious schools & depts.Supporting 80 active construction projects for both Danforth (25) and Medical campus (55).Assuring that all new construction and renovations projects meet the IT requirements 
Network EngineeringVarious schools & depts.Completed  on average 50 tickets/work orders (Blue Light, CATV, Telecom Work Orders, Cable Installs, Fiber Paths, Locates, UPS’s)Suppport various schools and department requests and services
Systems Operations CenterWork DayProvided additional eyes-on-glass monitoring for the MyDay go-liveEnsured that infrastructure components supporting workday had health information available at-a-glance to minimize risk of project launch issues.
Systems Operations CenterCFU-HRProvisioned network at new site – Link in the loop (located at corner of Skinker and Delmar)Ensured HR customers in new building had access to network, wireless, and voice services
Systems Operations CenterVarious schools & depts.Built new servers for Internal Medicine (Cardiovascular App Server), ResLife (Sadevio Kiosk App), Informatics (All of Us Application), Desktop Engineering (Splunk Windows Endpoint Forwarder), Systems Operation Center (Prometheus), Information Security (Corelight)Provisioned new computing services for various administrative, clinical, and research groups.
Systems Operations CenterRes LifeUpgraded 37 network switches in the Danforth residential halls for lifecycle management to allow for security and feature enhancements.High volume, rapid deployment before start of term.  Optimized network performance and minimizes downtime and security risk to student residents.
Systems Operations CenterHardware support renewalAssisted with racking hardware and configuring VLANS as part of the private cloud expansion projectRemoved schedule blockers to project.  Project will allow for continued growth of on-prem cloud services.
Systems Operations CenterInfosecEnabled SPLUNK notifications pilot for internet attacks against the university as part of the InfoSec blackhole router projectEnsured that Engineers are alerted if blackhole project begins to over-run univeristy routers.
Systems Operations CenterWork DayWorked with work day staff to monitor alerts and create incidents during go live Helped work day staff focus on resolving issues
Systems Operations CenterWork DayWorked with work day staff to setup process and procedures on alerts that Command Center monitorsWorked with work day staff to make  them aware of alarms during non business hours
Systems Operations CenterWork DayCreated work day call list and updated the call list weekly after the first week of go liveWork day staff knew when they were on call going forward
Systems Operations CenterEACreated EA call list for AutoSys jobs related to work day HR and Finance in the CMSEA created new autosys jobs for work day have a call list for the Command Center to follow
Systems Operations CenterPayrollWorked with work day and payroll staff to print checks from work dayWashU employees being paid by checks recieved their checks
Systems Operations CenterFinance Worked with work day and AP staff to print checks from work dayWashU vendors being paid by checks received their checks  
Systems Operations CenterSoftware renewalRenewed software support for Red Hat, Java Service WrapperKeeping licensing updated for the support of applications and OS 
Systems Operations CenterHardware support renewalRenewed hardware support for physical servers Keeping sherver hardware on support with third party vendor
Systems Operations CenterPhysical AssetsRetired the 4495 Xerox printer from the University Physical Asset systemRetiring old technology