Appropriately protect institutional and personal data in an open academic environment, while enabling innovation.
The following accomplishments represent how departments within Information and Technology Services (ITS) successfully met this significant 'Area of Focus.' Accomplishments listed may appear in more than one area of focus.
Click on an ITS department title to view all their accomplishments for fiscal year 2024 (FY24).
Bringing Generative Artificial Intelligence to U-M
In August 2023, the University of Michigan marked a milestone as the first major university to launch generative artificial intelligence (GenAI) platform specifically designed for the campus community. This innovative suite of AI tools aims to enhance learning, streamline administrative tasks, and uphold stringent standards of security, privacy, accessibility, and equitable access.
This platform was conceived and built by ITS’ first-ever Emerging Technology team, a new group dedicated to exploring ways to integrate groundbreaking technology into higher education and the daily lives of our community.
Their innovative GenAI platform includes U-M GPT, U-M Maizey, and the U-M GPT Toolkit, three powerful AI tools tailored to meet the unique needs of the Michigan community. U-M GPT provides access to popular AI models such as GPT-4 Turbo, GPT-3.5 Turbo, Llama 2, and DALL-E 3, enabling users to leverage advanced language processing and image generation capabilities. U-M Maizey offers personalized AI assistance and tutoring by being trained on university and classroom-specific documents. The U-M GPT Toolkit is designed to support custom AI model development and deployment, allowing users to create tailored AI solutions for their specific needs.
Improving U-M Security Posture
“Information assurance is a shared responsibility and every member of the U-M community has an important role to play in protecting U-M’s digital assets,” said Sol Bermann, Executive Director of Information Assurance and Chief Information Security Officer.
The IA team actively partners with unit IT colleagues in protecting the university’s valuable IT resources and data. We are more aggressively blocking systems with critical vulnerabilities that have not been remediated within established timeframes.
In addition, we continue identifying and blocking insecure remote access protocols that have the potential to open U-M systems, data, and individuals, to a cyberattack.
We worked closely with Health Information Technology & Services (HITS) to begin the process of moving Michigan Medicine users to one common password, making their work simpler and U-M data more secure. Over 19,667 Michigan Medicine users are now using one common password.
In spring 2024, IA deployed a self-service open-source tool, PlasmaPup, that supports review and cleanup of Active Directory accounts.
Evolving Security and Privacy Technology
Cosign, a web-based single-sign-on solution, developed at U-M in 2001 and widely adopted across academia, was officially retired in fall 2023. In partnership with all U-M units and many ITS colleagues, tens of thousands of sites were transitioned away from Cosign. “Cosign retirement is a significant milestone that paves the way for the implementation of advanced IAM functionality in the future,” said DePriest Dockins, Director of Identity and Access Management.
Following the university’s 2020 adoption of CrowdStrike Falcon as the enterprise enhanced endpoint protection service for U-M devices, we continued to add capabilities, such as CrowdStrike Falcon Complete. This capability provides 24/7 managed detection and response support from CrowdStrike, with their analysts acting as an extension of the IA Security Operations Center. The CrowdStrike service has been deployed on over 120,000 machines across all U-M campuses, including Michigan Medicine.
In February 2024, IA completed a smooth transition to enable U-M Weblogin to use the Duo Universal Prompt for two-factor authentication. The new prompt delivers a more streamlined, intuitive, and accessible login experience.
In line with U-M’s commitment to protecting and respecting privacy, IA, in collaboration with The Office of the Vice President for Communications (OVPC), released a new cookie consent and preference management solution for U-M websites in February 2024. The solution allows users to opt in or out of analytics and advertising cookies and has been deployed on a number of U-M websites.
Reinforcing Focus on Information Assurance
In February 2024, IA organized and hosted an ITS-wide Disaster Recovery Tabletop exercise. This all-day working session tested how well ITS can organize failover and recover our systems in an emergency situation. “Over 50 people from across ITS participated, and I have heard nothing but positive feedback from those who attended,” said Ravi Pendse, Vice President for Information Technology and Chief Information Officer.
In April 2024, IA welcomed more than 50 Security Unit Liaisons, unit IT Directors and friends of IA for an Open House event to showcase IA capabilities and reconnect the security community.
In the spring of 2024, IA also released a Cybersecurity Checklist for IT Professionals, which outlines security and privacy best practices for Michigan IT staff and curated a Secure Coding curriculum for developers across U-M.
Safe Computing, the go-to website for IT security and privacy information for the U-M community and the general public, was refreshed and reorganized in FY24. “The Safe Computing website is a huge resource for getting information and staying compliant,” says Sonam Yadav, Data Security Analyst/IT Security Specialist, U-M Facilities and Operations.
Sustainability & Data Storage
ITS Advanced Research Computing (ARC)
Data Den, ARC’s archival storage service, uses a Linear Tape-Open format storage system to store large volumes of data for an extended period of time, often supporting researchers in meeting grant requirements. The use of Data Den upholds U-M's commitment to environmentally responsible operations, saving over 1,200 tons of CO2 each year when compared to an active storage system.
Impressive Infrastructure
ITS Advanced Research Computing (ARC)
ARC's services offer incredible speeds and space for storage, allowing researchers to reimagine what is possible when it comes to analyzing and storing data. Data Den Research Archive contains 1,580 tapes, each containing 960 m of tape. The 1,600 km of tape housed by Data Den is enough to cover the distance between Ann Arbor and Jacksonville, Florida.
The Great Lakes high-performance computing cluster specializes in incredibly fast data processing. The cluster is so fast that it would take 300 million people processing two numbers per second for 38 days of non-stop input to process what Great Lakes can process in one second.
Turbocharged Data Access
ITS Advanced Research Computing (ARC)
Serving over 2,000 researchers, Turbo Research Storage is ARC's active storage system, allowing researchers to access stored files via a local computer in a lab, office, or ARC's high-performance computing clusters. Turbo offers high speed processing, averaging a read time of 6.6 gigabytes per second over a 24 hour period, a speed which would consume more than half the university's bandwidth, if allowed. The next generation of Turbo will quadruple in speed, helping to increase research productivity as a crucial storage tool.
Comprehensive Research Package
ITS Advanced Research Computing (ARC)
The U-M Research Computing Package is a comprehensive suite of resources, offering high-performance computing hours, secure enclave services, replicated storage, and extensive archive capacity at no cost to members of the U-M community. Designed to meet the diverse needs of researchers, instructors, student teams, including Michigan Medicine, this package demonstrates ARC's dedication to nurturing an innovative research community.
Putting the Operations in Systems Operations in FY2024
ITS Administration & Operations
A&O’s new Systems Operations and Data Science Practice teams had a seismic impact on the organization last year. These groups showed an unwavering commitment to strengthening the digital backbone of U-M, which has yielded unprecedented progress across several domains, including
-
A new ITS Load Testing Service was rolled out to ensure the robust performance of systems under peak load conditions, providing an essential tool for upholding service reliability.
-
The Wolverine Web Services was introduced, offering faculty, staff, and students a multi-tier website content management and hosting solution tailored to diverse needs across campus.
-
The transformation didn’t stop there - The Wolverine Access Gateway was given a user interface refresh, thereby enhancing the gateway experience for finding essential U-M tools and resources.
Collaboratively, these improvements underscore the area’s dedication to providing sustainable, robust, and user-centric digital services.
Advancing Technological Capabilities and Services
ITS Administration & Operations
-
Integrating GitHub Copilot with U-M GitHub to expedite the coding process using AI. This groundbreaking tool streamlines code generation, ushering in a new phase of efficiency for university developers.
-
The Pantheon web hosting service was adopted to serve Drupal and WordPress users starting in 2025, signaling another leap forward in website management services.
-
On a parallel track, the team initiated Phase 1 of the AFS Retirement, marking the beginning of a transition to more advanced data storage solutions, while also embarking on the AFS Website Upgrade Project to enhance the security of university websites.
Cloud Strategy and Cybersecurity Investments
ITS Administration & Operations
-
The cloud infrastructure received a significant boost with the Container Service Platform Upgrade, leading to a modernized hosting environment on AWS through a partnership with Red Hat.
-
Proactive defense strategies included the implementation of Cloudflare as a web application firewall, reinforcing the protection of university digital services against external threats.
-
To further secure IT operations, Drupal was updated on ITS websites, ensuring adherence to the highest security standards.
Security Enhancements
ITS Enterprise Application Services
In FY2024, the EAS Time and Labor team enhanced security across campuses by reconfiguring the network for the time clock system. New processes for Friend Account access were implemented, and EAS optimized its ability to apply security patches rapidly, minimizing vulnerabilities. Throughout this period, crucial operations, including payroll and benefits, remained uninterrupted, showcasing its commitment to maintaining both security and operational continuity. As an additional measure, and in collaboration with ITS IAM, all staff and enterprise administrator passwords were reset.
Advancements in MCard
ITS Enterprise Application Services
The EAS DART/MCard development team expanded its support personnel to enhance system functionality last year. They successfully phased out Cosign in favor of more secure https protocols, overhauled the MS Access Orientation database, and launched MCardConnect, for online photo submissions, replacing the previous MyPhoto vendor. Additionally, they streamlined MCard client installations compatible with MiWorkspace and fully integrated MCard into ITS service operations. The team established clear responsibilities across various university departments, improved user access protocols, and transferred vital database management duties. An ITS dedicated website for MCard further supported the project, coupled with detailed knowledge articles in TeamDynamix. In addition, a robust Disaster Recovery Plan for MCard has been crafted in collaboration with Information Assurance.
Private Cellular for U-M Campus
ITS joined the Future Wireless Working Group established by Internet2 to explore areas of collaboration with peer institutions regarding the use of state-of-the-art, emerging wireless technologies on campuses and across the Research and Education community. Through this effort, U-M will soon be able to own and operate its own fully private LTE and 5G networks, as well as fixed wireless broadband networks without needing to purchase expensive spectrum licenses.