Students at the University of Tennessee wanted their university website to operate with the convenience of a social networking site, which would bring information and applications directly to them in one place. The university’s systems didn’t operate that way—but university officials set out to make it happen. They used Microsoft technologies to aggregate information and applications from back-end systems into a one-stop portal, and to give students, faculty, and staff single sign-on access to it all. The result has won rave reviews from students, who now can perform integrated actions ranging from settling accounts to registering for classes, all without leaving the portal. The streamlined process, in turn, contributes to a broader university effort to increase graduation rates. And the choice of Microsoft technology “future proofs” the portal, according to a top executive.Situation
Scott Studham, Chief Information Officer at the University of Tennessee, has nothing against Facebook. But he points out that most incoming students these days are members of the world’s largest social networking site, and they’ve come to expect other websites—including the university’s—to operate with the same level of convenience: aggregating data streams for them, providing that information in one location, and making it possible for people to use a range of applications from the same location as well.
That expectation put a lot of pressure on the University of Tennessee—an institution with four campuses, 20,000 faculty and staff, and 48,000 students—to provide the same streamlined ease of use. But the university’s systems didn’t aggregate multiple data sources in the same way, nor did it provide single sign-on access to multiple applications. Student frustration with the university computing environment was increasing. Students complained that they couldn’t register for courses on the same site that they used to update their university credit card (VolCard) accounts. They couldn’t settle parking tickets on the same site that provided advising and degree-audit information.
||We’ve future-proofed our portal by basing it on SharePoint Server 2010. As the world moves to XAML 2.0 authentication, we’re ready. It can only make us more productive.
Chief Information Officer, University of Tennessee
As disparate as they sound, those functions were actually part of integrated workflow processes for students—and the inability of the web portal to support that workflow was a significant inconvenience. For example, students might go first to the degree-audit system to see if the classes they wanted to attend were available. They might then go to the registration site and find they couldn’t register because of outstanding parking tickets. They’d go to the campus parking site to pay the tickets, and then go to the advising site to get their academic advisers to release the courses to them. Then they’d search for the classes and try to register again.
The problem facing students, as well as the administrators who wanted to give them the best possible experience with the campus computing environment, was based in part on the decentralized and diverse nature of that environment. The university was running its own systems for enterprise resource planning (ERP), as well as ERP systems from Oracle, SAP, and education-market providers such as Banner and Blackboard. The systems ran on platforms including mainframes, UNIX, Linux, and the Windows Server 2008 R2 operating system.
The university also hosted a variety of directory systems, including Active Directory Domain Services, Lightweight Directory Access Protocol (LDAP), and SAP directory services.
The variety of systems and services made it difficult to provide students with a single snapshot of relevant data. It also contributed to the difficulty in creating a single sign on to relevant systems, forcing students to log on separately to each one.
In 2009, it became even more pressing for the university to address this diversity and the technological problems it created. That’s when the state of Tennessee changed its formulas for education funding. As a result, 20 percent of state education funds would now be tied to improvements in the rate of graduation from colleges and universities. The University of Tennessee receives half a billion dollars a year in state funding, no one wanted to put a fraction of that at risk.Solution
The university wanted what Studham calls a “metaportal” that would provide a single gateway to the various campus systems that students and staff needed to access. That meant the portal had to interoperate with all of those systems, including their security protocols. It also had to support the variety of clients—including both Windows PCs and Macintosh computers—that would be accessing it.
“What we wanted to do was incredibly complicated,” says Studham. “It involved tying together multiple systems at multiple campuses with multiple types of authentication.”
It also involved something more: the creation of a true single sign-on system. “We wanted students and staff to log on once and never again see a request for their user names or passwords, whether they were signing in from inside or outside of our network,” says Studham. Many so-called single sign-on systems make follow-up requests for authentication data to reach some systems; the university wanted none of that. “This was a big point in achieving the level of user satisfaction that we sought,” says Studham.
Provided One-Stop Access
For its metaportal, the university turned to Microsoft SharePoint Server 2010, the Microsoft collaboration platform for the enterprise and the web. The result is MyUTK (the first phase of deployment covers the Knoxville campus), a one-stop site that provides access to a range of information, transactions, and processes (see Figure 1).
||What we wanted to do was incredibly complicated. It involved tying together multiple systems at multiple campuses with multiple types of authentication.
Chief Information Officer, University of Tennessee
“SharePoint Server is incredibly solid,” says Studham. “Our background ERP systems can update content automatically in the portal through the use of Web Parts, which aggregate and centralize content, and our system owners can custom-configure that content and its appearance without the need for developer intervention.”
Solved the Need for Single Sign On
The university still faced the issue of providing all users with single sign-on access to all of these systems. To meet this need, the university adopted several Microsoft technologies, including Integrated Windows Authentication to Active Directory Federation Services 1.1, and Microsoft Forefront Unified Access Gateway 2010.
Microsoft Forefront Unified Access Gateway enforces granular access controls and policies to deliver remote access to a broad range of resources, promotes secure access to those resources, and reduces management complexity—exactly what Studham and his colleagues wanted.
The university positioned Forefront Unified Access Gateway on the network in front of the SharePoint Server portal and other applications, such as SAP. It accepts Active Directory credentials, so the university expanded its existing Active Directory system to include all students and staff.
Users contacting the portal from within the university domain authenticate themselves once, when they log on to their computers. The solution performs Integrated Windows Authentication transparently, authenticating the usernames and passwords with Active Directory Federation Services. When users access the portal, their browsers pass their Active Directory credentials in a highly secure way to Forefront Unified Access Gateway.
That technology, in turn, uses the credentials to authenticate the user to the portal and its applications. It uses the Kerberos authentication protocol, which supports both Microsoft and SAP technology. The users move seamlessly to the portal and its applications without being challenged again for credentials.
Users accessing the portal from outside of the university domain—that is, over the Internet—are presented with an Integrated Windows Authentication security dialog requesting their usernames and passwords. These credentials are also authenticated by Active Directory Federation Services. Forefront Unified Access Gateway accepts the credentials, as in the domain-joined example.
From that point, non-domain joined users also have single sign-on access to the portal and its applications. The university has the option to move to other security protocols, such as XAML 2.0 authentication, when it wishes to do so.
The development and deployment process ran from February to October 2010. That first phase deployed the solution to the university’s Knoxville campus. Additional phases will roll out the portal to the rest of the university system.Benefits
The University of Tennessee has taken advantage of Microsoft technology to meet its portal needs today, to create a roadmap for the future, and to help support its ability to provide education.
Students Praise Streamlined Processes
The university has succeeded in its primary goal of creating a single sign-on solution to a portal that aggregates the information that students, faculty, and staff need in their roles on campus. Students, in particular, have a streamlined, flexible, highly automated alternative to the previous system, in which they had to go from website to website, logging on at each, as they implemented each step in a many-faceted process, such as registering for classes.
|Figure 1. The MyUTK portal provides a one-stop site for information, transactions,|
and processes based on the user’s role at the university.
Now, when a student wants to register for a class, for example, he or she goes to the MyUTK portal. On the one portal, the student may see that course registration is on academic hold, pending resolution of outstanding parking tickets. The student pays the tickets and asks the academic advisor to release the hold. The student then can query the portal to show, for example, available general sciences classes, can choose the relevant course, and register for it—all without leaving the MyUTK portal.
“Our former computing environment earned complaints from students,” recalls Studham. “Now, with the MyUTK portal, we receive raves. The students love it. They tell us this is exactly what they’ve been asking for. They hit perhaps half a dozen systems in the registration process but, to them, they’re staying in one place and the information they need is coming to them.”
Native XAML 2.0 Supports “Future-Proof” Solution
The university has succeeded with the MyUTK portal in part by making technology choices that have unified the key elements of a disparate set of systems. For example, Kerberos security technology makes it possible for SAP on Linux and SharePoint Server on Windows Server 2008 R2 to share authentication processes.
Looking ahead, an increasing number of enterprises are moving to adopt security based on XAML 2.0 authentication. The university isn’t constrained in adopting this standard by the Kerberos security protocol. SharePoint Server 2010 natively supports the emerging standard, which means that the university has the flexibility to extend its portal to include universities and institutions that are also moving to XAML 2.0.
“We’ve future-proofed our portal by basing it on SharePoint Server 2010,” says Studham. “As the world moves to XAML 2.0 authentication, we’re ready. It can only make us more productive.”
Improvements Contribute to Higher Graduation Rates, Funding
The adoption of the MyUTK portal, and its broader rollout to other campuses, is a part of the university’s response to state mandates that tie education funding to improvements in graduation rates. University officials don’t expect the portal, by itself, to increase those rates; but they do see the portal as a significant contributor to a projected increase.
“The MyUTK portal is more than an added convenience for students,” says Studham. “It makes it more likely that students will be able to register for the courses they need to graduate. It gives students a faster and more effective way to connect to their academic advisors. It simplifies the process of keeping students’ financial accounts up to date and in the black. All of this contributes to an environment that smooths the way for students and helps them to focus on their education. We believe this will have an impact on graduation rates. How much of an impact? That’s what we’re going to find out.”Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2010 is the business collaboration platform for the enterprise and the Web.
For more information about Microsoft SharePoint Server 2010, go to:For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers in the United States and Canada who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
For more information about University of Tennessee, call (865) 974-1000 or visit the website at: