Shared Directory and Endpoint Services (SDES) Program
We are designing and building a new Shared Directory and Endpoint Services (SDES) offering and governance model, leveraging Azure Active Directory Services to be used by all university colleges and departments, excluding the Wexner Medical Center. Currently, each IT unit (Managed IT Services (MITS) and other distributed IT units) has their own Active Directory (or Active Directories) and Endpoint Services. The goal of this project is to work together to get all units to a single Shared Directory.
Key Contacts: Ginger Breon, Jason Pollock, Marty Winders
Resulting Changes of this Project
- SDES will help standardize the IT experience across colleges and departments at the university. It will enable access to common resources (i.e. file share and printing, applications), improve access to university resources from anywhere, provide a common patching experience, and providing a consistent user experience and operational support model for device use. It enhances the ability for interdisciplinary collaboration across the university, including in academia and research.
- We will reduce the number of duplicative Active Directories at the university.
- We are providing a framework for distributed IT units to connect existing servers and clients to the new Shared Directory while maintaining a level of control over the devices they manage.
- We are developing new processes and procedures to migrate devices from existing Active Directories to the new shared directory.
What strategic pillars does it support?
- Operational Excellence & Innovation
- Community of Belonging
Why is it important?
This change aligns with the university’s Strategic Plan by enabling more collaboration for teaching, learning, and research initiatives, providing improved access to resources from anywhere, and enhancing operational excellence and resource stewardship by eliminating unnecessary redundancies in our IT operations. This change impacts all members of our university community in different ways.
- Consistent university IT offerings and experience, no matter where you are: By implementing Shared Active Directory and Endpoint Services at the university, we will standardize the IT experience across departments, colleges and campuses. These services will enable university-wide (all campuses) use of Microsoft Endpoint Manager for Windows devices, using Always On VPN for client management and patching regardless of location. Faculty, staff, and students with university-managed devices will have a consistent experience for software updates and patches, and remote connectivity. The university will be able to leverage more Microsoft 365 and Azure features including device-based (versus user-based) licensing of Office products and Single Sign-On (SSO) with Office 365 services.
- The use of Always On VPN gives all university IT units the ability to provide basic services for remote work, transitioning easily between on-campus and work-, teach-, research- and learn-from-home scenarios.
- Consistent services, specialized support: Distributed IT units across the university will be able to provide their colleges and departments with a consistent IT experience regardless of the building they are working in or the people they are collaborating with, while also providing specialized support specific to their unit.
- Enhance existing server and application services: SDES provides two major frameworks to enhance existing services:
- Enables distributed IT units to connect existing servers and clients to the new Shared Directory while maintaining unit-level control of their devices.
- Provides distributed IT units with a flexible model to procure servers/application services in a way that best fits their needs (cloud services, Cap Ex, OTDI Services, etc.).
- Reduce operational overhead: This will reduce operational overhead of the Identity Management (IDM) team by decommissioning IDM connectors to multiple unit Active Directories, allowing them to focus on enhancing a smaller set of functional connections.
- Save administrative staff hours in departmental units: Departments will no longer have to run and patch the underlying Active Directory and endpoint infrastructure.
Faculty, Staff, and Student Impact
Shared Directory and Endpoint Services (SDES) will support the teaching and learning mission of the university and enable interdisciplinary collaboration to support research initiatives by giving individual faculty, staff, and students a consistent IT experience across the university, enhancing their current experience in several ways, including:
- Access to common resources: SDES will give faculty, staff, and students access to common resources as they transfer and cross collaborate between departments (i.e. services centers) by providing common methods and expectations and reducing cross departmental data silos. All faculty, staff, and students at the university will be able to more fully leverage Microsoft cloud services including additional features of Microsoft 365, SCCM, Autopilot and Intune.
- Improved off-campus resource access: Faculty and staff will be able to self-provision their university-managed computers. IT units will be able to improve remote setup of devices for remote users using Autopilot and next generation authentication.
- Work from labs and classrooms in different colleges or shared spaces with the same IT experience: Faculty and staff will be connected to the same systems and will be able to work between colleges in a more efficient manner, including having the same IT experience (e.g. log-in, application access) when moving between labs and classrooms. They will be familiar with the patching updates, prompts, and timing since they will be the same in each area.
- Consistent user experience and support model: Since all units will be using the same service, their support experience will also be the same.
- Improved experience with password changes and OSU Wireless access by removing password-based access to OSU wireless for university managed devices.
- Reduce duplication of services: Shared Directory and Endpoint Services will reduce duplication of services across units by adoption of a single shared service offering.
- Maximize ROI: This will maximize our return on the Microsoft investments we are currently making by opening access to more applications and features of applications in their offering.
Who will benefit?
- All faculty, staff, guests and students utilizing Managed IT Services (MITS).
- All faculty, staff, guests and students in non-MITS units who adopt SDES.
- All IT units who adopt SDES.
What is the timeline?
- TBD, est. 10 years
Who are our partners and sponsors?
Colleges, units, and WMC IT colleagues.
What other OTDI groups will be needed?
- Administration – Marketing, Service Now, IT Service Desk (Muhn)
- Research Technology and Infrastructure (Breon)
- Digital Security and Trust – IdM, Information Protection (Nagle)
How will success be measured?
- # of units migrated
- # of systems migrated
- User experience survey data >= 75%