Building a Statewide Enterprise Active Directory

Virginia's Community College System connects its 23 institutions with a new, single sign-on Enterprise Active Directory.

Students attending one of Virginia's Community Colleges (VCCS) have always been able to use a single username and password to access the Student Information System (SIS), Blackboard, and other centralized services. When Richmond, VA-based VCCS rolled out a single sign-on Enterprise Active Directory (EAD) in February, students, staff, and faculty members at eight of its schools began using that login information to access both state- and college-hosted resources across the entire system. The remaining 15 colleges will be online by the end of the year.

VCCS' EAD project is one of the few statewide single sign-on initiatives in the higher education space. In the planning stages since late-2010, the new setup replaced a system that required users to remember multiple usernames and passwords. One set was for college-provided services, and the other gave users access to centralized, VCCS-provided services.

"We already had a centralized system in place," said Matt Lawson, director of enterprise services. "We just needed to figure out how to extend that capability out to our campus locations."

Gathering Requirements, Setting Priorities
Brian Viscuso, VCCS' enterprise system engineering lead, said the IT team first created a project charter and steering committee to direct the efforts for the implementation. "We involved technical and management staff from our main location and from three of VCCS' colleges," Viscuso said.

Working with the IT team, the steering committee gathered authentication and authorization requirements from the three colleges. Through the process, VCCS' IT team learned that authenticating WiFi networks, workstations, lab access, and printing services were high on every college's wish list.

"It was a process of setting up governance and getting buy-in by making sure that we had representation from our colleges," said Lawson, "and gathering information on exactly what we wanted to accomplish with this project."

The next step was to figure out what type of IT equipment and/or software would be able to fulfill those needs. VCCS found what is was looking for in Microsoft's Active Directory, a directory service that provides a central location for network administration and security and that authenticates and authorizes all users and computers in a Windows domain type network.

Lawson said the Active Directory was selected based on its compatibility with third-party solutions and applications and because the organization's IT staff had hands-on experience with it. Other technology components included VMWare's virtualization software and NetApp's data storage solution.

Rolling It Out: A Multi-Phase Approach
Viscuso said the project was divided into two phases. The first phase included designing and building a centralized EAD and integrating it with the VCCS's proprietary identity management system. During the second phase individual domain controllers were installed at each college to serve as replication targets for the centrally-located EAD servers. Viscuso said the latter allows colleges to use their domain controllers as authentication sources for the services that they provide to users.

Another key consideration was centralized administration of the EAD and minimizing the ongoing administrative requirements facing the colleges. "An active directory can be very complicated if you have too many cooks in the kitchen, so to speak," said Viscuso. "When a lot of people have administrative access to the directory, governing it and keeping it clean becomes a real challenge."

To avoid that problem VCCS opted for a setup that would extend functionality to its individual schools while allowing its central IT department to perform a majority of the administrative tasks. "We created a 'black box" type of implementation," said Lawson, "that allowed the colleges to use the EAD but did not require the burden of administering the system."

Maintaining centralized control and administration also put more responsibility on Lawson, Viscuso, and the rest of the implementation team. Working with a limited staff, they had to roll out the deployment in small chunks and then work with local system integrators to implement the system at the individual campuses. "We used both internal and external resources to get everything up and running," said Lawson.

Three months into the rollout, Lawson said the EAD is already exceeding early VCCS' initial expectations. One college will save $30,000 this year because it was able to cloud-source its student printing services. "Expanding that to other schools will allow us to save over $1 million annually on printing alone," said Lawson.

The EAD project also gives students greater mobility and flexibility. "They can now access wireless LAN services or lab workstation services at any college in the state using the same username and password," said Lawson, "independent of which college the student is formally enrolled in." As an added benefit, he said, VCCS' colleges are using the EAD to enhance the security for more sensitive applications.

Lawson said he expects more benefits to surface as the directory is rolled out to the remaining schools this year. "We see it as a foundation tool for empowering colleges to implement more sophisticated technology tools to their student, staff, and faculty populations," said Lawson, who added he sees the EAD as way for VCCS to align itself with other institutions in the future. "It won't be long before we're using the EAD to share and consume services with other third-party institutions in Virginia and beyond."

Featured