Case for Change
The campus currently does not have a central way to create and manage groups that can be used easily across applications. Campus community members have to create the same groups they define in each collaborative tool they use, such as bConnected (GoogleApps) for email and calendaring, Confluence for wikis, ResearchHub or Box for file storage, or the Learning Management System for training.
The Calnet team proposed the development of CalGroups for group creation and maintenance which has the following advantages:
Manage from One Location
CalGroups allows multiple applications to easily manage internal access by utilizing centrally created groups. Since administrative staff will no longer need to create group lists for each system, less work is involved in keeping records of which users are supposed to be included/removed from various systems.
CalGroups keeps the group membership decisions in the hands of the business/group owners, access control in the hands of the application owners, and the technology management in the hands of the technologists. Individuals can use the system to review their group memberships. IT administrators are relieved from the burden of keeping up with the day-to-day group changes and having a central group management system increases the overall integrity of the policy and technology interaction.
Help Collaboration Happen
With CalGroups, an owner sets up a group in one spot, feeding membership information to applications like email lists and calendars. The owner does not need technical skills to create, change, or delete groups or members. A researcher might create a group and enable members to participate on an email list or view a web site. Students use CalGroups to set up and manage groups for similar applications as they work together on shared projects and class work. CalGroups enables group management institution-wide and on an individual level, providing more secure, robust, and responsive methods to control access to resources and to enable collaboration.
Ease Staff Support Load
CalGroups separates the management of group memberships from the supporting technology. This reduces the end-user support calls associated with underlying infrastructure changes. Removing IT from the middle of managing groups will help ease helpdesk calls as well.
CalGroups allows for the retirement of many locally managed group systems, including excel spreadsheets and paper-based group assignment processes. Since the larger purpose of a group management system is to assign access rights, improved group management also reduces risk and the potential costs associated with security exposures.
CalGroups Design Overview
In 2012, the IT Bank granted $265,000 for the development of a central group management solution. The CalNet team researched group management technology options and chose Grouper, an Open Source product built and maintained as part of the Internet2 Middleware Initiative and used by many campuses across the country.
Stakeholder Task Force
In January 2013, the Calnet team launched a stakeholder task force to develop a functional design for central group management. The task force included representatives from key collaboration platforms on campus, including bConnected, Confluence, bSpace, Research Hub, and Active Directory/CalShare. The key group management design decisions that came out of task force discussions will drive the implementation phase of the group management project.
The CalNet team has implemented the Group Management System (GMS) infrastructure for CalGroups. Groups can now be set up in CalGroups which will populate those groups into the CalNet LDAP Directory.
Find out more: CalGroups Q&A