Provisioning: Q&A with Ben Ruset, Princeton University

Posted: June 10, 2010 in Industry Commentary, Posts
Tags: , , , , , , ,

Ben Ruset is systems administrator at Princeton University. He speaks to VPN Haus about pressing provisioning issues all organizations – academic or corporate – should consider. 

VPN Haus: When dealing with employee terminations, who should own network provisioning – HR or IT?

Ben Ruset: Typically HR should notify IT and request that an account needs to be disabled/deleted. Neither department should make a unilateral decision that an account be modified without clearing it with the other. It’s all a matter of having well defined processes for business functions like this. Unfortunately many organizations forget to create or enforce them until it’s too late.

VPN Haus: Is this a process that you recommend automating?

Ruset: Well, this really is more of a human issue than a technological one. If there’s a policy in place, HR should notify IT to kill the account. Since they will manage to tell finance or the payroll company that the employee is terminated, as well as the health insurance company, they should be able to notify IT. Alternately if there’s a system like Peopleworks, or some such, there could be an automatic notice sent to IT as part of the termination workflow.

VPN Haus: Do the provisioning issues you raised also relate to student email address / account, especially with graduation and new school seasons?

Ruset: So, let me preface by saying that I’m not directly involved with provisioning accounts for students, faculty, and staff. IT at Princeton tends to be pretty compartmentalized. The most that I do is, request accounts for things like the occasional contractor or temp worker who’s setting up an application or whatnot. But I do try to keep my ears open and I do have a rough familiarity with the process at Princeton, so I can try to answer as best as I can.

The process for new students has a pretty well thought-out workflow. The OIT (Office of Information Technology) gets a list of incoming students for each year from the registrar’s office, and creates the accounts prior to the students arriving on campus. The students then go to an online form and create their passwords.

VPN Haus: What about when students graduate?

Ruset: When the student graduates, if they’re undergrads, their accounts are kept active until the following October or so. Then it’s deleted. I’m not sure if this is a process that happens automatically, or if someone at OIT has to launch a script or something that closes accounts in mass. Actually, there’s a good page in the Princeton KB about what happens to accounts upon graduation, retirement, etc:

Stay tuned, next week Ruset talks with VPN Haus about university connectivity issues.

Related Reading:

De-provisioning is Just for Former Employees, Right? Wrong!

IT departments should make the case for corporate resources

Combating Data Breaches with Provisioning

[tweetmeme source=”vpnhaus” only_single=false]

  1. […] Q&A with Bren Ruset, Princeton University PART 1 […]

  2. […] few weeks ago I gave an interview with VPNHaus (part 1) (part 2), regarding account provisioning in the enterprise. I'm writing this as a follow-up to the […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s