|Employ Best Practices for Infrastructure, Architecture and Security
The LOUIS staff, in conjunction with LSU ITS and various partners, regularly review and update software, hardware, policies and procedures to ensure that best practices are followed in regards to infrastructure, architecture, and security for all initiatives: ILS, Electronic Resources, Interlibrary Loan, and Digital Library.
LSU Information Technology Services is the host organization for LOUIS, and it employs its own infrastructure, architecture and security policies and practices which are reviewed biennially. The LOUIS initiatives are complemented by, and benefit from, these LSU ITS policies and practices. For a full report of this environment, please review “Flagship IT Strategy: Supporting LSU’s Advance to National Prominence”, February 2011: http://itsweb.lsu.edu/CIO/files/item25554.pdf. An updated version is expected in 2014.
The following provides further specifics related to each LOUIS initiative.
The ILS initiative delivers the SirsiDynix Symphony Integrated Library System (ILS) to member libraries. The ILS system is hosted and managed by LOUIS. The hardware, software, and configurations are implemented in a way to ensure scalability, reliability, and security. Regular reviews of the hardware, operating system (AIX) and platform (ISAM), are evaluated to validate that this configuration is still the most efficient and economical infrastructure to meet the needs of the consortium.
As part of the Symphony ILS support, LOUIS uses the following products and services to monitor, backup and secure the environment: IBM’s Tivoli Storage Manager, WinSCP, SecureCRT, Big Brother, SSL Certificates, and AIX hosts files, and user access control. These products and features ensure protection of the data, reliable backups, and encrypted data transfers across networks. The LSU ITS data center houses the ILS Production server. This data center is staffed 24x7 with access granted to a limited number of authorized personnel. A disaster recovery process, tested each year, is in place to allow for a nearly seamless switch over to a Hotsite server in north Louisiana. The data is even further protected via campus network firewall software which is monitored and maintained by LSU ITS.
In regards to the Symphony suite of products, SirsiDynix has completed the accreditation process for the US National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 standard, comparable to the International Standards Organization (ISO) 27000 Series standard for particular systems and the supporting SirsiDynix network architecture, security devices, organizational policies and procedures, data management, change management, personnel security, disaster recovery, audit management, risk assessment, and incident response plans, and management of third party relationships for those systems. Redacted copies of the audit report documentation may be provided upon client request.
For the electronic resources initiative, the LOUIS staff continually reviews and updates IP addresses sent to vendors to ensure that on-campus access to electronic resources is granted appropriately. Off-campus access is accessible via EZproxy, the industry leading middleware solution for remote user authentication. Most member libraries host their own EZproxy, or they have purchased a hosted version from OCLC. LOUIS maintains a locally hosted version to assist a small subset of institutions that are unable to purchase their own subscription. This hosted version runs on a virtual server in LSU ITS.
The interlibrary loan initiative delivers member libraries a hosted instance of the Atlas System’s ILLiad software. Atlas Systems ensures the following regarding their hosted infrastructure, architecture and security: automated monitors are set up to notify Atlas staff when services are down or disk space is nearing capacity; on-call staff respond to any notifications outside of normal business hours; the SQL Database is backed up to a local file on a regular basis; configuration files, and web pages (including pdf files) are backed up to a RAID and tape library and tapes are stored off-site; servers are located in a bunker-style facility operated by a commercial internet service provider; all servers have a direct connection to the ISP’s internet backbone; physical access to Atlas hosted servers is limited to Atlas support staff and multiple levels of security are in place; server and network security are restricted by IP address; servers are further protected behind firewall and anti-virus software; SSL is used to securely transfer confidential user information to the Web Server; anonymous FTP access is disabled; and emergency generators maintain power in the event of a power outage.
The digital library initiative delivers OCLC’s CONTENTdm software to member libraries. This software is hosted and maintained by OCLC, who provided the following in regards to their infrastructure, architecture, and security:
OCLC meets international standards and best practices for Software Development, Quality Assurance, Systems Operations, and Data Security. Lloyds of London has certified OCLC is compliant with ISO 9001 and ISO 27001.
Certificates and background information on these are online:
http://www.oclc.org/en-US/policies/iso.html ISO 9001
http://www.oclc.org/en-US/policies/security.html ISO 27001