Western Michigan University

Story Details

In higher education, the opportunities for improvement through IT consolidation and integration are becoming increasingly clear. On many campuses around the world, a number of different and often incompatible email systems can be found. Western Michigan University (WMU) discovered it was facing this issue; in fact, the university had VMS, Unix, Novell and sendmail systems on the campus.

“We realized we had a need to mass-communicate with our students, but no single system afforded us that capability,” says Greg Lozeau, director of planning and middleware services for WMU.

In late 2002, the university set out to lay the foundation for the school's communications infrastructure. Choosing to acquire a commercially available solution rather than developing their own in-house, WMU selected the Sun Java Enterprise System, (JES) on which to build its future service offerings.

Yet email provisioning is just a part of a larger problem facing school administrators in managing the complexity of identity requirements of students or faculty/staff members during their enrollment or employment. How to manage multiple and changing roles (for example, a full-time student might also be a part-time employee) while maintaining the necessary access control and security is a question concerning many IT planners.

Java ES, and particularly the Sun Java System Identity Manager Suite, enabled IT administrators at WMU to reexamine business processes around a “student life cycle” for the development and integration of student services. The same lifecycle approach has been applied to faculty and staff needs. The integrated platform, which now recognizes multiple and changing roles across different campus systems and applications, has accelerated the process of provisioning and deprovisioning users of all types.

By tying together popular and necessary student applications through middleware, WMU is able to enhance security of two-factor identification while reducing costs by eliminating the need for duplicate or redundant data. Combined with a new student information system, this integrated platform is also able to meet new state student privacy and security regulations.

An interesting wrinkle in this process, however, is WMU's choice to provision every admitted student within the school's system – and not just the ones who actually enroll. This allows the university to communicate with the potential students who were admitted and not just the incoming freshmen who enrolled, enabling the university to inquire about why the student chose not to attend WMU.

The Sun software is helping WMU make innovative use of the Lightweight Directory Access Protocol (LDAP) as a message broker. WMU has developed several provisioning “listeners,” processes that run on hosts provisioned by Sun Java System Identity Manager that wait for the provisioning data to be written to a designated area in LDAP. When detected, the listeners take the provisioning data, perform the necessary operations, and report the status back to the Sun software. Since LDAP is accessible campus-wide, there are no obstacles for data flow. This approach allows WMU to provide data to any system, leaving the details of account provisioning to the individual department, system or system manager.

Lozeau has also found Sun Professional Services to be of great assistance in the planning and implementation of these projects. Sun Services has helped WMU establish a test environment in which the IT team can bring up software patches and new versions and quickly drop them into production.

“We are fortunate to have been able to maximize on the abilities and expertise of Sun consultants in aggressively moving forward on these project implementations,” says Lozeau.