Information systems are vital to the University of Connecticut’s mission/business functions. It is critical that services provided by University Information Technology Services (UITS) are able to operate effectively without excessive interruption. The Critical Infrastructure Protection Plan (CIPP) establishes comprehensive procedures to fail over and/or recover critical infrastructure and key resources (CIKR) quickly and effectively following a service disruption.
Critical Infrastructure and Key Resources (CIKR)
CIKR are those components of the UITS critical infrastructure that are deemed so vital that their loss would have a debilitating effect on the safety, security, economy, and/or health of the University of Connecticut. Protecting and ensuring the resiliency of UConn’s CIKR is essential to the University’s security, public health and safety, economic vitality, and way of life. Attacks on or failures of CIKR could significantly disrupt UConn. Direct international or domestic terrorist attacks and natural, man made, or technological hazards could produce catastrophic losses in terms of human casualties, property destruction, and economic effects, as well as profound damage to student, faculty and staff morale and confidence.
Critical Infrastructure Protection Plan
A CIPP is a set of processes and procedures that serve to protect and recover these assets and mitigate risks and vulnerabilities. The CIPP defines the roles and responsibilities for protection, develop partnerships and information sharing relationships, implement the risk management framework, and integrate emergency preparedness, protection and resiliency of critical infrastructure.
Critical Infrastructure Protection at UConn
After the rush to prepare critical backup systems for Hurricane Sandy, Provost Mun Choi ordered UITS to establish the critical infrastructure protection site. I assembled a team of about 25 technical resources from the server support group, networking, the PMO, and data center operations. As a group we decided to use rack space in the Chemistry building’s telecommunication data center. That location has enough power, UPS redundancy and air conditioning to support our needs. We were given space for 2 racks. The Chemistry building is about 300 yards from the primary data center in the Math Science building (MSB). It’s not an optimal location because of its proximity to MSB, but it’s all that we had. The systems included at this site include:
- Authentication services (LDAP, Kerberos, CAS)
- Active Directory
Two other emergency communications systems, RAVE and ListServ, are outsourced. We also purchased 100Gb of Hitachi storage to support these systems. The total cost for this site fell just short of $1 million USD. There are no load balancers and fail over requires some manual intervention, so at best we can only call this a warm site, and a temporary warm site at that.
The following critical communication websites are outsourced to the Amazon eastern region cloud:
These sites also require manual intervention for data synchronization and fail over.
I ran the project as a Scrum project and can’t speak more favorably of daily standup meetings to help keep project team members committed and accountable to each other. We ran into purchasing delays and school imposed moratoriums where we had to work around student schedules, exams, and breaks. The team working on this project also had their normal day-to-day support activities and other project duties on their plates. The project required approximately 6 months to complete and make ready for a complete fail over test. All component testing worked and we enjoyed an inadvertent test of Exchange when production servers had to be taken down for patching and the Exchange servers in Chemistry automatically picked up the load. The Chemistry site is a complete victory for UITS.
Because UConn’s Critical Infrastructure Protection Plan contains proprietary details, the document is not available for download.