1. | Severe: Affects Financial Aid Integration | N | Financial Aid Pilot: Issues with Workflow Peoplesoft college dropped out of pilot At CISOA, colleges expresses concerns about marker courses and how it will negatively affect the A&R process.
| Parchment | | No new updates this week. In process with Allan Hancock for the P2 Teaching College Implementations CVC leadership is investigating a possible new path.
| | | Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | 3bc2d1ff-b4f9-313a-8d84-ca6b48c5c997 |
|---|
| key | BLQ-1015 |
|---|
|
| 5/3/24 |
2. | Moderate: Users Were Not Able to Authenticate to CVC via Proxy | Yes | On Friday, Dec 15th, all student attempts to authenticate to our platform via the proxy seem to be failing. No one was been able to sign in. We've seen 100% failure rate on all attempts from every user who has tried at every college since about 6 AM Friday morning. CVC reached out to CCCTC support team but they didn’t seem to have any insight into what could be causing this as they have shared that no one else has reported any issues. However, we kept receiving a 403 Forbidden error message when we try to connect to any college via the Proxy. This is impacting both production and pilot and began failing around the same time on Friday. Whenever a user selects any college where we would normally route them to the appropriate SSO page, we instead are getting this error. https://search.cvc.edu/users/sign_in (select any college) | | We escalated this to Mike Caruso at the CCCTC and he advised they were able to log in with no issues. After further research, it looks like the CCCTC had some additional IP restrictions and our IP was possibly whitelisted. This issue was resolved same day, but we are working with the CCCTC and Parchment to ensure this does not happen in the future. CVC and Jason from Parchment are working to investigate to ensure this doesn't happen again in the future. Jason has provided the following update about next steps and continuing research with the CCCTC: “I've gotten some additional information on this, the net of which is that this part of our application isn't capable of being configured on a guaranteed static IP. There's work we can do to make it semi-static, meaning it still may change with some, but even so change of the outbound IP can happen for reasons outside our control. A "more static IP" change is not something we can implement immediately, given the holidays and that such a change may impact other users. I can't speak to if this was also a risk in the Heroku infrastructure days or not, but I'm slightly concerned as in our current state, as this could happen again based on factors we can't really control. So, I have these questions for the Tech Center: Is this a new practice? If so, can it be rescinded until we have time to ensure there's a lesser risk configuration on our side? Can the Tech Center whitelist by fqdn, rather than by IP? On our end, this is the best solution because we can implement what we have in the rest of the platform, which ensures traffic will always be sourced from
egress.parchment.com even though the IP addresses assigned to that may change in a way we can't control. As an aside, we don't have great logging of this on our side, so normally we'd put a monitor in place that fires the moment we start seeing it. We're not in a position to do that yet.”
| No new updates this week. The CCCTC 'pushed pause' on this particular element of that security update, but they are unblocked in terms of continuing to make improvements via consistent security-focused deployments. It is something they need to resolve, but that work has just started, and there isn't a firm ETA yet. CVC and CCCTC are meeting on 4/17/24 to discuss.
| | | Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | 3bc2d1ff-b4f9-313a-8d84-ca6b48c5c997 |
|---|
| key | BLQ-1041 |
|---|
|
| 5/3/24 |
3. | Severe: Will Affect All eTranscripts Sending Colleges Who Are on SaaS | Y | Manage The CCCTC/Ellucian SaaS Shared Application Staging Tables In Conjunction With The GLUE Data Model - SaaS Migration Process | Mike V. | For colleges who are either a SaaS client or migrating over to SaaS, the current Ellucian APIS will not support eTranscript CA sending infrastructure. This affects colleges that are already live with eTranscript sending through Parchment/XAP as well as the ones who are migrating. | No new updates this week. Parchment submitted requirements to Ellucian. Ellucian received and is actively looking into this and advise if this is configurable or if they need to do development.
| | | Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | 3bc2d1ff-b4f9-313a-8d84-ca6b48c5c997 |
|---|
| key | BLC-138 |
|---|
|
| 5/3/24 |
5. | Excessive Lag Time for Imports | Y | There is a queue now of imports tah tare supposed to run nightly and are running into the day. | Parchment | TBD | CVC to bring this up with the Parchment team in their in-person visit. | | | 5/9/24 |