Priority is on SAP portal as well as student services and identity management – an interview with Dr. Matthias Reyer, head of Campus Management
In early July 2021, the Executive Board and Campus Management (ZECM) discussed which IT services would be restored next. What did you focus on?
We needed to clearly prioritize the order in which we made IT services available again. The first point of order was ensuring the University could carry out essential operations. This means restoring basic services. In this vein, we created a provisional email service to recover communication. At the beginning of August, we aim to re-introduce the original Exchange email server, so that all University members have access to their previous inboxes. This includes access not only to email but also calendars, address books, notes, and various groupware functions for working and studying.
Will we have access to all previous emails when the Exchange server is running again or will there be a data gap?
We will restore all emails which were received up until the cyberattack. We will publish instructions to synchronize your original and provisional email accounts in good time before the server is available again. Some additional functions will not be available immediately, such as the in-app preview of Office documents in the browser, the integration of fax and answering machines, and the archive. These features will be rolled out at a later time as enrollment and re-registration services have priority.
Which milestones are still planned?
Student Lifecycle Management (SLM) needs to be running by the start of the semester so that students can enroll or re-register. At the same time, we are re-introducing other administrative services.
Which administrative services does this include specifically and how are these prioritized?
In addition to the SAP portal, this primarily includes student services and identity management as it provides an important infrastructure for other services. We will be publishing an updated and detailed plan later this month.
What is the current status of the SAP portal? Some departments can already access parts of SAP. When will all staff have access again?
SAP is a very complex system. We first restored the University's general network infrastructure which the SAP servers run on. We then addressed the SAP infrastructure itself and now we are gradually tackling the individual applications.
Overall, we use SAP at TU Berlin for two core processes: Student Lifecycle Management (SLM) is used to manage student activities from application to graduation while Enterprise Resource Management (ERM) is used for all of the University's business procedures. Payroll and financial accounting were our highest priority. Now we are working on Student Lifecycle Management.
When can we expect a digital enrollment procedure to be possible again?
Campus Management functions as a technical service provider for all application and enrollment matters and is working closely with Department I. Our aim is for the University to be fully operational again this upcoming semester as regards the organization of studies. At present, we are concentrating on the application procedure for future students as well as issues impacting enrolled students. Enrollment itself will be delayed a bit as it relies on a number of processes with their own requirements, such as the use of a working identity management database. We expect the application portal to be available again in early August with the enrollment function to follow a month later. The challenge here is that this requires a number of IT services across different platforms that all need to communicate with each other in the new IT architecture: For instance, identity management is the foundation for TU accounts which students use to authenticate themselves. In addition, the degree programs do not all use the same procedures, meaning requirements and current and prospective student statuses also differ. Wherever necessary and possible we are contracting external services to become operational more quickly.
On 23 June 2021, Campus Management requested all TU members to change their central password. How did this go? How many passwords have been changed? What happens if someone has not updated their password yet?
As of 14 July 2021, roughly 25,000 University members had changed their password. However, this means that 20,000 passwords remain unchanged, including thousands of service accounts. If these remain un-updated, staff and students will be unable to access TU or Campus Management services, such as email, WiFi, and Gitlab, once we deactivate the old passwords. We urge everyone to change their password if they have not done so since 23 June.
When do you expect all staff to be able to use their office computers again? Many staff remain instructed to keep their computers powered off due to security reasons.
All devices which were in the Windows domain prior to the IT incident need to be repaired, if not already. Campus Management is creating a central rollout infrastructure for client management and software distribution. Specifically, this means that an updated operating system and many applications need to be installed on the computers. In some areas, such as the Central University Administration, Campus Management is responsible for this rollout. However, IT across all University units varies greatly. We invite all decentralized areas to use our rollout infrastructure. This is not mandatory though.
What does "repaired" mean? Do staff need to do something themselves? Will a member of IT contact me? Who will provide further information? And, when will rollout begin?
The respective IT officers in the Central University Administration are the point of contact. In other units, your local administrators are responsible. These are the people, who, for instance, set up your computer when you first started work at the University. The rollout will take place before the SCCM (system center configuration manager) and other services, whereby the ZUV and decentralized areas have different needs. For this reason, it is difficult to give an exact date. However, we will always announce further steps and procedures in advance.
Looking back, which steps were key before gradually restoring IT services?
Before we could even restore the disconnected IT services, we had to create an entirely new IT infrastructure as the foundation for all IT services. For example, we needed to build the identity management used for TU accounts and signing into IT services from scratch.
Using the experience gained as a result of the security incident and the advice of an IT crisis service provider, we improved the network infrastructure, critically examined how our servers and services interact, considered hidden dangers, and implemented stricter IT security concepts to protect us in the future.
All this was necessary before turning to look at the services used by University members.
The Campus Management support team must have its hands full. How many support requests has it received thus far?
It's difficult to give an exact number directly related to the security incident and its impact, as everyday operations continue at the same time. We do, of course, experience peaks, such as when everyone changed their password. At such times, the team may respond to up to 1,000 tickets either by email, phone, or video conferencing. Nevertheless, at the end of the day, 800 tickets still remain in the queue.
Interviewer: Stefanie Terp