Endpoint Management (EPM) Centralization and Standardization Program

June 2, 2022

In an effort to improve the consistency, efficiency, and security of endpoint management on the UT campus, the IT Leadership Council Endpoint Management (EPM) Standing Committee, in partnership with the Information Security Office, is leading a campus-wide initiative to develop and implement endpoint management practices and centrally managed endpoint management tools for university desktops, laptops, and tablets. 

  • Endpoint Management (EPM) Efforts are undergoing 

  • EPM successfully supported the Ivanti retirement which was completed on March 26th

  • The team is currently in the second phase and supporting clients continuing to onboard to the EPM platforms

  • The Provosts Office sent a memo announcing the EPM program to all Deans and Vice Presidents of the university

Each year, the university experiences millions of attacks against our critical information systems with ransomware attacks increasing by over 185% in 2021. The consequences of a large-scale ransomware attack against the university would be highly disruptive and could result in a great deal of loss, including the erosion of trust with donors, alumni, and public partners and a negative impact on the university’s reputation.  While this project will move the university to standardized EPM platforms, there are no plans to centralize desktop support services that are currently provided locally at each CSU. Additionally, there should be minimal impact to end-users such as faculty, researchers, and staff. 

The EPM program is sponsored by Executive Vice President and Provost Sharon Wood and Senior Vice President and CFO Darrell Bazzell and is led and planned by IT representatives from many colleges, schools, and units with the following goals:  

  • Consistent, shared vision and expectations for endpoint management across the campus  

  • Greater security of end-user endpoints, both on and off campus, by moving to secure EPM tools and adopting uniform logging and patching practices  

  • Increased operational efficiency achieved by leveraging a core EPM team to maintain central tools, allowing CSU staff to focus on supporting local needs  

  • Collaborative operational model that relies on shared ownership and knowledge-sharing between the central EPM team and campus units  

Colleges, schools, and units will be required to adopt standard EPM practices and to transition their end-user devices (e.g., UT desktops and laptops) to centrally managed EPM tools. As part of the university’s commitment to this endpoint management strategy, the cost of implementing and sustaining this EPM effort has been funded centrally to reduce the cost to CSUs. In many cases, transitioning to the campus-scoped EPM toolset may allow units to either reduce their operational costs associated with managing end-user devices or refocus IT resources on other CSU-specific efforts.   

In the coming months, the EPM program team will hold a townhall to provide more information about this program and will begin reaching out to your IT staff to gather feedback about customer migration planning. The transition to new EPM tools and practices will take place as a phased approach and is scheduled to start at the beginning of March 2022.  

It is important to note that while there is no option to opt-out for CSUs, the Information Security Office may grant exceptions based on business or research needs as long as security standards are maintained and exceptions do not increase the risk to the university.  

 

Phases

Endpoint Management practices vary widely throughout the university and the process of developing standardized EPM processes, deploying central EPM tools, and then migrate all UT-owned end user devices to central EPM tools and processes will take several years to execute.  

The program has been divided into the following phases. 

 

Phase 1:  Initiation 

Assess the current state of endpoint management tools and processes. Identify key stakeholders and technical resources. Partner with the university IT community to formulate requirements and select EPM tools. Develop EPM support model and estimated budget. Implement central Microsoft Endpoint Configuration Manager instance and begin migrating Ivanti Windows customers.

On March 10th, 2021, the ITLC unanimously approved the proposed EPM program plan and associated budgetOn April 2nd, 2021, funding for the Endpoint Management (EPM) Centralization and Standardization Project was approved. This funding included centrally-provided funding for the initial program, as well funding for continuing operational costs. 

 

Phase 2: Planning

Identify and acquire products, licenses, and resources needed to deploy campus-scoped instances of EPM tools. Staff EPM core team. Document communication, designand deployment plansDevelop plan for onboarding CSUs to EPM tools and processes. 

 

Phase 3: Implementation

Implement the plans developed in Phase 2 according to the timelines provided. Expected to take one to two years. 

 

Phase 4: Customer Migration 

Migrate CSUs to central EPM toolset in stages. Scheduled to begin in March 2022 and is projected to continue through 2023.