Established in 1845, NUI Galway is now one of Ireland’s foremost centres of academic excellence, with more than 17,000 students and 2,200 staff members. NUI Galway offers a wide range of undergraduate and post-graduate degrees and diplomas of international standard, and has developed a reputation for both teaching and research excellence in many fields.
Over the years, NUI Galway found itself with four different systems to address various short-term needs, resulting in four disparate environments based on combinations of Microsoft Active Directory (AD), Novell Directory Services (NDS) and Microsoft Exchange. Users required different identities to access systems running in these different environments – overly complicated for users and difficult to manage for the university’s IT staff.
What’s more, there is a naturally occurring turnover of students every academic year between new arrivals and departing graduates. Manual user provisioning was taking too long and could be prone to mistakes, so NUI Galway decided to consolidate its disparate IT environments into a single centrally managed platform based on Microsoft Active Directory (AD) 2008.
The start of the new academic year also played an additional role – putting a tight deadline of just four months to complete the project.
The objective of the project was to have a single, centrally managed AD in order to simplify administration and maintenance, automate user provisioning, reduce overhead costs and improve security. An additional benefit was that a simplified IT environment would facilitate smoother and faster execution of planned IT projects, including chargeable AD account-based printing, student ID cards and parking permits.
NUI Galway engaged Microsoft to design its new AD structure. A single domain model was recommended, that would include both staff and student accounts. The implementation would also need to address the threat of security breaches, such as unauthorised access to confidential information like the university’s payment system, exam details and grades. Other criteria for the project included forensic auditing capabilities to improve security.
NUI Galway chose PFH Technology Group to deliver the project, based on the IT services provider’s experience in several similar assignments.
Paul Large, CTO at PFH Technology Group, says of the task: “Amalgamating Novell and a number of different AD domains is an extremely cumbersome and complex task, and a manual approach would have been a bridge too far.” PFH recognised that the consolidation project would benefit from the use of specialist solutions. PFH recommended Quest Software’s tools for IT consolidation, migration, administration and automation. NUI Galway was familiar with Quest and felt comfortable with PFH’s decision to adopt the vendor’s solutions, which consisted of NDS Migrator, Migration Manager for Active Directory, ActiveRoles Server and ChangeAuditor for Active Directory.
NUI Galway’s consolidation migrations ran smoothly with no unplanned downtime or loss of data. This was an important factor because the university provides system access at all times of the day in order to meet students’ work schedules. “A key requirement of the consolidation project was no unplanned downtime, and the Quest migration solutions ensured that this was met. We also used the rollback capabilities during the project, which ensured that no data was lost,” says Large.
The consolidation project was completed on time, under the strict deadline. “Without the migration solutions, we would have needed to physically visit thousands of workstations; this would not have been possible in the time available and would have cost NUI Galway at least €25,000 in additional consultancy,” adds Large. “The Quest solutions enabled us to automate the migration process and remotely synchronise users and data, saving us valuable time and ensuring we didn’t miss the deadline.”
ActiveRoles Server automated the task of identity administration, reducing the pressure on the university’s IT team and delivering significant cost savings. NUI Galway’s ISS director Sean O’Farrell explains: “The time savings we’ve gained equate to resource savings – half a full-time equivalent (FTE) on the support desk and a quarter FTE at the third level of support. This amounts to annual savings of approximately €40,000.”
Quest’s ChangeAuditor for Active Directory enforces the security design while maintaining the delegated admin rights of ActiveRoles Server. As Large points out, the solution highlighted that a change to a large number of accounts had been made and this caused issues. “Upon investigation, we found that the change had been made in error and was immediately rectified. This supports the theory that around 90pc of a cure is the diagnosis and demonstrates how ChangeAuditor for Active Directory‘s audit trail can pay dividends very quickly.”
Return on investment hadn’t been specifically identified as a key metric for the project, the value of the initiative will continue increasing thanks to ongoing benefits of the new environment, says O’Farrell. “Now that we have a single IT platform, our forthcoming projects will become more straightforward to execute and, once implemented, the new systems will be far simpler to manage. The Quest solutions support our view that it’s faster, cheaper and simpler to use a specialised IT tool rather than to attempt a task manually.”