“Overall we have much better management of our security patches. We have more information and the ability to protect ourselves against threats."
Sara McAneney, IT Security Manager, TCD
One of Ireland's oldest universities, founded in 1592, Trinity College Dublin now consists of six faculties based on a city centre campus of 47 acres. The University has 2,835 employees in total, of whom 636 are academic and 520 are research staff and had 15,428 registered students in the 2003/04 academic year.
Situation
Trinity College Dublin operates a large diverse and physically widely distributed computing network. During peak term time there can be upwards of 10,000 connected devices on the network. A large portion of this network is made up of Microsoft Windows devices, but there are also signifi cant numbers of computers running Linux or Mac OS as well as specialised teaching and research equipment.
Students and visitors can also bring in their own personal computers and get access to the internet and segments of the college network. Management of the network is maintained chiefly by the College Information Systems Services department though some segments are delegated to dedicated support staff local to other academic areas.
Microsoft engaged with the College Information Systems Services department initially to assist them in a domain migration project. The Information Systems Services department planned to migrate its existing NT4 domain to Windows Server 2003 using Active Directory.
Trinity College was experiencing regular widescale virus outbreaks; the knock-on effect of which was a huge drain on IT resources as support staff had to co-ordinate and carry out huge clean-up operations. Anti-virus software was in wide-spread use and was administered centrally but staff had no centralised remote method of deploying the security patches needed to prevent re-infection.
The timescales for such clean-ups were protracted and resulted in major disruptions to both staff and students. Computer labs were forced to close disrupting lectures to allow IT support staff to manually patch hundreds of computers. Staff and students were forced to queue at helpdesks to collect patches on CD ROMs.
There was wide scale disruption to the core administrative, academic and research functions. IT support resources were tied up in fire-fighting and clean up activities and end users were developing an overall negative experience of computing in college.
Solution
Microsoftʼs solution was to deploy Microsoftʼs Systems Management Server 2003 in tandem with the Active Directory migration. Systems Management Server provides total control over change and confi guration on the Microsoft platform, enabling organizations to provide relevant software and updates to users quickly and cost-effectively. It is used to assist in deployment of new applications, asset management, delivery of security patches and management of mobile workforces.
By implementing Microsoft Active Directory and Systems management Server 2003 Trinity College Dublin achieved effective centralised management over their large distributed network of Microsoft Windows servers and workstations.
The Active Directory structure provided a much needed central authentication directory for controlling access to College resources. It also allowed administrative control to be delegated to individual academic areas and for the fi rst time facilitated the use of policy-based desktop lockdown as a security mechanism for College computers.
In tandem with this Systems Management Server 2003 provided a comprehensive security patch management system allowing vulnerability identifi cation and centralised remote patch deployment for computers on the College network.To minimise disruption, the roll out of the new technology took place over the summer months when there is the smallest number of users on the network. The new infrastructure was successfully in place for the commencement of the academic year.
One particular objective was to find a solution that could deliver line of business application monitoring. Setting up service views of key hospital processes was considered paramount for improving hospital care. Critical applications around patient treatment in A&E and the dispensing of drugs in the pharmacy unit could be managed more proactively, ensuring higher levels of availability that would directly benefit the patient experience.
Benefits
The installation of SMS 2003 instantly provided invaluable information on the current patch status of all the Microsoft Windows computers in the collegeʼs Active Directory domain.
For the first time the IT Security Officer could accurately assess the level of risk that Microsoft Windows computers were exposed to and more importantly was empowered to take action.
Information Systems Services immediately set about ensuring every machine in the domain was fully patched up-to-date and implemented procedures to ensure that they would continue to be so. SMS fully automates this procedure so that an exercise that would previously have involved the participation of a team of support staff and every end user in the College could now be done automatically by one server monitored by one administrator.
Trinity College is now actively managing and reporting on about 5,000 of the PCs on the college network using Systems Management Server. The Information Systems Services team have a much greater level of visibility on the current status of the machines and can easily generate reports to see if the patches are up to date.
When a new security patch is released IT staff can select which machines they wish to apply it to and will subsequently receive back information as to how many have been successfully updated.
Information Systems Services have a range of responsibilities from support to development work and as a result of the implementation they are now able to work more strategically rather than spending their time responding to problems.
Microsoft Server Product Portfolio
For more information about the Microsoft server product portfolio, go to: www.microsoft.com/servers/default.mspx
Solution Overview
Country or Region:Ireland
Industry:Third Level Education
Customer Profile
Trinity College Dublin now consists of six faculties based on a city centre campus of 47 acres. The University has 2,835 and had had 15,428 registered students in the 2003/04 academic year.
Business Situation
Trinity College had no central management and a loosely controlled domain.
Solution
Trinity's domain was migrated from NT4.0 to Windows Server 2003 and Systems Management Server was installed.
Benefits
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to: www.microsoft.com
For more information about BT Group products and services visit the Web site at: http://www.bt.com/ni
For more information about The Royal Group of Hospitals products and services, call +44 28 9024 0503 or visit the Web site at: http://www.royalhospitals.org
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published June 2007