National Institutes of Health
- By Pamela Houghtaling
- Nov 10, 1996
At a Glance
Project Objective: Create an intranet that provides controlled access to sensitive information and at the same time permits groups to collaborate on projects.
Status: The intranet infrastructure is up and running and the division continues to add new capabilities.
Investment: Because the division was able to use existing systems the project investment was minimal.
Contractors: Division personnel managed the project without contractors.
NIH's Division of Computer Research and Technology went live with its intranet in early September after four months of planning. The intranet provides a secure way for the division's director and branch chiefs to access personnel and budget information while improving communication within DCRT through such features as employee phone directories and project listings. The intranet enables small groups to work together and lets all of DCRT which numbers about 400 people know what everyone else is doing said Sandra L. Desautels a member of the DCRT team that built the intranet.
Security Drives IntranetDCRT's need to provide controlled access to information drove the development of its intranet. At NIH a lot of people have been putting their information on the conventional World Wide Web explained Jim Brunetti who heads the intranet DCRT team. The division needed to find a way to provide selective access to information but this was not possible with the division's existing Web servers with Internet Protocol filters.
Nor did the Web servers provide adequate security for confidential information. And access to the DCRT server could not be given to users on the remote campuswide NIH network service because that service could not be restricted to DCRT users only.
The ability to access DCRT information from remote locations whether across the NIH campus or from home was another security issue. And access to proprietary budget data had to be made secure enough so that only the DCRT director and branch chiefs could see it. Previously the only way to provide such security was to deliver the budget information to the DCRT officials in paper form - a cumbersome process.As Brunetti pointed out there had to be a better way. And there was. The DCRT intranet is designed to protect confidential information. Authorized access to specific intranet pages is controlled through a user's account. Some of the paper-based transactions are already being eliminated as more information becomes accessible over the intranet.
Web Page DesignCharles Mokotoff a computer specialist with DCRT and his Web page design committee decided that they would take responsibility for the first two tiers of the intranet: the main page and a second introductory page. For those pages Mokotoff established a template for consistency in design.
He said intranets need some standardized design beyond the first two tiers. "At the very least each page should be signed " he said. This way if a link doesn't work the person who put the page up can be found.
To further promote page accountability David R. Laws a network specialist who runs the DCRT server created two groups: Web masters and Web scribes. The Web masters are individuals who design the top tier (Mokotoff's design committee among others) and only they have access to the intranet's root directory. Below them are the Web scribes people in DCRT's branches who have authority over what goes in the common DCRT directory.
Directories were also created for individual branches within DCRT. Within these directories anyone in the branch can put up a page. "We encourage a free-for-all so that people can gain experience with HTML (Hypertext Markup Language) " Brunetti said.
Structure and ScopeThe cost of setting up the intranet was virtually nothing as the equipment was already in place. DCRT employees use one or another of the popular browsers. The intranet had to be platform- and browser-independent to accommodate DCRT's diverse computing environment.
The intranet began running on a Microsoft Corp. Internet Information Server and a Windows NT-based Ethernet local-area network. The DCRT team used an existing registry system for user authentication rather than create another one for the intranet service. Brunetti pointed out that 95 percent of the people who join DCRT are given an NT account which provides access to the Microsoft-based network. DCRT users can now log in from any terminal on the NIH campus or through the remote service by using the domain name (DCRT) user name and password.
To further enhance security the DCRT team plans to make its server Secure Socket Layer-compliant so that all the data from the server to the client is encrypted making the password system virtually unbreakable.The scope of the DCRT intranet continues to expand. "We've built the framework and now we're looking for people to fill in the content " said Brunetti on the status of the project. Personnel and budget offices have already created their home pages on the DCRT server.
"The Intranet is still in its infancy " added Laws who is looking into analysis tools to measure intranet traffic. The DCRT team wants to add a calendar program that would enable all users regardless of computer platform to put their personal calendars on the intranet and schedule meetings.
People have been drawn to DCRT's intranet project for a variety of reasons Brunetti said. Some sought selective access to sensitive budget information while others wanted to encourage collaboration within DCRT. And another group at NIH is looking to make mainframe-based information accessible over the intranet.
"We're moving in all kinds of different directions " Brunetti said.
IHoughtaling is a consultant and writer based in Northern Virginia.