Configuration Management

 

The purpose of this communication is 1) to announce that U. T.  System has entered into contract with Configuresoft Inc., to provide configuration management software to U. T. institutions, and 2) to provide you with basic information about contract provisions and the software’s capabilities. The following FAQ serves just as a starting point to inform you about the contract provisions and software capabilities. Additional information will be made available through email communications, website materials, and through presentations to various stakeholder groups.

 

Q.  How did this contract come about?
A.  In June, 2007, the Chief Information Security Officers (CISOs and ISOs) of the U. T. institutions developed a priority list of technologies having potential for improving information security across the U. T. System. Configuration management was far and away the highest ranked priority. Twelve of the U. T. CISO/ISOs ranked this as their #1 priority. A working group (see attachment) was established to develop an RFP and evaluate the proposals. With support of the Executive Vice Chancellors for Academic, Health, and Business Affairs and the Chancellor, the Board of Regents provided funding for this purchase.

  

Q.   What does the software do?
A.  It provides the capability to manage configurations and patches of server, desktop, and laptop computers across an institution. It can be used to define, deploy, audit, and automatically enforce standard device configurations. It can also push, and if need be rollback, patches. While the software can perform this range of management tasks, exactly how it is used depends on deployment decisions made by the institution. Here is a link to a brief one-page description of product capabilities on the vendor’s website:  www.configuresoft.com/ecm.aspx

 

Q. What are the contract provisions? What does U. T. System pay for and what does the institution pay for?
A. Following is a high level summary of cost provisions:

  • U. T. System:
  • U. T. System is paying for the licenses in full. Institutions incur no cost for the licenses.
  • U. T. System is paying for 4 years maintenance. There are no maintenance costs to the institutions during the first 4 years of use.
  • U. T. System is paying for a number of training classes (some are classroom style and some are online) to be allocated among the U. T. institutions based roughly on size of institution.
  • U. T. System is paying for a certain number of installation and technical support days that will also be allocated to institutions roughly based on size of institution.
  • Each U. T.  institution pays for the following:
  • Server hardware to support the local installation. 
  • Commencing in year five, each institution will pay the annual software maintenance  based on the number of full time equivalent knowledge workers at the institution.  Note that maintenance costs are based on the number of knowledge workers NOT on number of devices managed by the software.   Maintenance cost will be $4.96 or $5.95 per knowledge worker depending on the total number of knowledge workers at all U. T.  institutions using the software.   We receive the lower rate if the total number of full time knowledge workers at institutions using the software exceeds 40,000.  To figure your institution’s “worst case” annual maintenance cost, multiply $5.95 times the number of full time knowledge workers at your institution.
  • If an institution chooses to do so, it can opt to purchase additional training and support days beyond those provided in the contract.  This would be done through separate contract between the institution and Configuresoft.

 

Q.  How does one institution’s use or non-use of the software affect costs for other institutions?
A.  As noted above, commencing in year five each institution that continues to use the software will pay annual maintenance. If an institution were to quit using the software, it will have no further cost obligations beyond the year of last use. In this regard, each institution stands independent. However, if the total number of full time knowledge workers represented by institutions continuing to use the software falls below 40,000, then the maintenance cost rate would go to the higher figure of $5.95

Q.  What platforms can the software manage?
A.  It will manage devices using Windows, Macintosh, Linux, and Unix operating systems.

 

Q.  Can the software accommodate complex environments in which some departments require different configurations and are managed by different groups of technical staff? 
A.  Yes, there is great granularity in terms of defining multiple standard configurations and multiple oversight levels administered by different staff. 

 

Q.  We currently do not actively manage device configurations; will the software still be useful to us?
A.  Absolutely. The software can, at a minimum, be used to inform your technical staff about the state of the current environment. While you may not have defined standard configurations, you may have certain policies that relate to device configuration, such as a policy requiring use of anti-virus software etc. The software can be used to report levels of compliance with whatever requirements you have in place. If the institution, or departments within the institution, do not already have a patch management system, it could be used for this purpose. It might also replace existing patch management software thereby eliminating certain costs. Many organizations are trying to implement “green IT” practices. The software can be used to control power management configuration settings on devices across the network to provide savings to the institution. Finally,it can be used to establish configuration standards where none currently exist and to implement those standards. This will result in savings to the institution as it has been shown that help desk calls are reduced in such managed environments.

 

Q.  We have no defined standard configurations; are there models we can use to get started?
A.  Yes. Over the past months, Shirley Erp has coordinated a number of working groups (see attachment) comprised of experienced security and networking specialists from the U. T.  institutions to define model configurations for the Windows, Macintosh, Linux, and Unix platforms as used in different settings. As part of the contract, Configuresoft templates are being created to deploy some of these models. From those, others will be developed and you can also develop ones to meet specific requirements at your institution.    

 

Q.  Who exactly is the software designed to be used by?
A.  The software can be useful to all stakeholders involved with IT operations and information security. Depending on local deployment decisions, users might include both Central and Departmental IT operations, networking, and security staffs as well as audit and compliance personnel. The granularity provided by the software allows the defining of different capabilities and views for various users depending on role and assigned areas of responsibility.

 

Q.  Next Steps?
A.  As a start Shirley is contacting your CISO/ISO to gather information about institutional plans and readiness  that will help with allocation and scheduling of training and support days.  If you have questions, please do not hesitate to contact Shirley or me.

  • © 2006 The University of Texas System
  • 702 Colorado Street, CLB 3.100
  • Austin, TX 78701
  • Phone: (512) 499-4390
  • Phone: (512) 499-4426

    •