ITCCMarch 8, 2017 – Room 438 - ITD

Agenda

2

1:00 Update on EA Activity Jeff Quast

1:20 Update on ITD Activity Gary Vetter

1:30 Update on Agency Activities Jeff Quast

1:40 Skype Server Update Kory Hellman

1:50 AD Sync to Azure Kory Hellman

2:00 Iterative Development WSI and ITD

2:40 Oracle Update Kory Hellman

2:50 Statewide IT Plan Follow Up Justin Data

2:55 Future Agenda Items

EA Activity

3

Surveys completed

• Waiver – DOCR – Zip Files• Likely to be withdrawn

• Best Practices - E-Services Privacy Policy – Rescind

• Standard – Record Migration – Updated

• Guidelines – Data Classification – Creation• Concerns about open records and definitions

• Will be revised and posted as a second survey

• Survey process was successful

• Standard – Email – Updated

• Standard – Electronic Data Backup – Changed to Best Practices• Some comments recommending continuation as a Standard

EA Activity

4

• Data Architecture• Data Visualization Tools

• The group had an initial but detailed discussion about data visualization tools, such as Power BI and Tableau. Fundamental requirements for data visualization include:

• A solid business case

• Agencies having thorough knowledge about their data

• Data completeness and accuracy

• Standards for sharing, including format and APIs

• The topic appeared to validate the increasing need for a Chief Data Officer in NDGOV

• Data Licensing• Bob Nutsch provided a summary about how the state addresses licensing of GIS data

and the topic will be discussed in detail at the April meeting

EA Activity

5

• Security Architecture• Access Control Standard

Content removed for security reasons

EA Activity

6

• Security Architecture• Annual Review of standards

• Encryption and Remote User Access standards - The group reviewed the standards and agreed that no changes were needed

• Windows Vista End of Support 4/11/17

• Measurement of Agency Workstation Management• Emphasis on Security – OS Patching, 3rd Party App Patching,

Baseline Config, Endpoint Protection

• Survey pending to agencies from ITD

EA Activity

7

Technology Architecture (February)• February 2018 is now the end of life for updates for Office 2013, so agencies should have

their users on Office 2016 before then

• Microsoft has reverted from the recent move to cumulative inclusive monthly patches

• Chad Gumeringer presented an overview of the ADFS service. Proposed changes to the Access Control standard would require the use of ADFS (via the SAML protocol) for all SaaS solutions

• ITD and Game and Fish have reviewed Microsoft LAPS and found it inadequate as a tool to manage administrative account credentials. Other solution will continue to be reviewed.

• Cloud print services such as Google print, Apple Air Print, and HP ePrint may be addressed with a new or existing EA standard

Application Architecture (February cancelled)

ITD Activity

8

• Brown Bag Lunch – Review• Cliff Heyne and Rusty Dahlin – “The Technology Behind the

Response”

• Email SLA• Now using a new Secure Content type

• New DKAN-based GIS Hub Data Portal is live• Could be foundational to a broader open data presence

• NASCIO State Recognition nominations due May 4

Agency Activity

9

• New NDPERS web site

Skype Server Update

10

• Upgrade from Lync to Skype for Business

• Requires a client newer than OCS 2007 R2

• A free Skype for Business Basic client is available for download if agencies on old client versions are not budgeted for an upgrade

• Supports IM and Presence

• Supports Desktop Sharing

• Compatible with the Avaya ACA Plug-in for “Click-to-Call”

• Tentatively scheduled for last weekend in May (after session)• Agencies can migrate sooner

• Mobile Skype for Business client works well after migration

AD Sync to Azure

11

•Azure AD Connect integrates ND.GOV

with Azure AD

• Provides a common ID for

integration with on premise and

cloud (Office365, Azure and SaaS

applications) solutions.

•Replicates UserID’s only – No passwords

•Authentication remains on premise

WSI Claims and Policy System (CAPS) - Agile

Project ApproachMarch 8, 2017

ITCC Meeting

Business Need

Improve customer service (both internal and external), meet WSI’s anticipated demand for growth, and enable WSI to remain current with technology

• Improve upon existing functionality with no loss of current efficiencies

• Enhance customer and staff accessibility to applications

• Improve system navigation and ease of use for staff

• Improve ability to respond to customer and staff requests

Background

Feb. 2013 – Dec. 2014

• Completed lessons learned, business process review, market research, architecture review, new Charter and requirements review

• The ESC approved moving forward with an “Evolutionary Approach” for WSI’s core system replacement/upgrade

Jan. – June 2015

• Performed comprehensive project planning (Phase 1) for a database consolidation, a product roadmap (release plans), program plan, and procurements

CAPS Approach

The CAPS program replaces core WSI business applications (Work Manager, Claims, Policy systems) through an evolutionary approach

The user interface is incrementally re-faced into one system, CAPS

20 ‘Releases’ (Projects) over approximately seven years

Each Release is planned, baselined, managed, and closed as a ‘major IT project’ (each is approx. 6-10 months and $1-2M)

Each Release delivers functionality into Production

ServiceLogix provides the leadership and team for the application re-facing along with WSI staff. ITD, Intertech, and TEKsystems also support WSI with resources for project management, infrastructure, and database consolidation services.

How we Apply Agile Practices within ND PM Standards

Foundation: the Release Plans (Product Roadmap)

Foundation for scope

Roadmap for each phase• Shared Components Re-facing

• Policy System Re-facing

• Claims System Re-facing

Use Cases defined

Releases defined

Sprint Plans for each Release

Overview of a Typical Release (Project) - Planning

Release planning begins while the current release is underway, led by the primary PM

The Release Plan is the basis for scope

The team develops a sprint summary plan, baseline schedule, budget, and updates to the overall Program Plan

A new amendment and SOW is developed with ServiceLogix for the Release, as well as other procurement revisions

The ESC approves all planning documents for the Release; Iterative Start-up Report submitted to LITC

The team begins prototyping while the current release is underway

The Release is kicked off within a week of go-live of the previous Release

Overview of a Typical Release (Project) - Execution

Agile and Project Management Techniques during Execution

Each Release is comprised of two-week Sprints

Each Sprint has a kickoff with Sprint Planning• Effort hours are estimated for each task of the sprint

ServiceLogix PM leads daily 15-30 minute SCRUM meetings• Each team member reports what they accomplished yesterday and

what’s on their plate today; issues are discussed after SCRUM• A Burn-down chart is calculated daily, shows effort remaining against

time

The Planning Team (Primary PM, Agency/Vendor PM’s, Sponsor, other key WSI Managers)

• Meet weekly to review status of the current release and plan the upcoming release

Agile and Project Management Techniques at Go-Live and during

ClosingAt each Release Go-Live, the new functionality is migrated to Production and previous functionality is no longer available in the legacy system

CAPS connects seamlessly to the legacy system, so the user continues to use older functionality for the majority of their work and uses CAPS for areas that have been re-faced

Closing• Release Retrospective – lessons learned are gathered from the main

team (ServiceLogix PM), but Sprint Retrospectives are also performed throughout

• Project Closeout - Primary PM performs Post-Implementation Survey, Report, and Closeout Report

Best Practices

State PM standards/practices can work well with this Agile approach

Vendor has solid processes throughout, including quality code development and configuration management approach

Comprehensive QA and UAT Testing

Solid requirements built through prototyping and comprehensive use cases

Comprehensive tool for task, workflow, artifact, issue/CR/defect management - enCorps

Weekly Tech Touch-base meetings between WSI, ITD, and ServiceLogix team members have been valuable

• Plan for and manage infrastructure, security, and hardware upgrades• Strong architect presence on vendor team is important

WSI Communications Team and SharePoint Team Site – key communications to all agency staff

ITD - Iterative Development

24

ITD - Iterative Development Approach for DPI NDFoods Enhancements

Purpose: Allow large scope of work to be distributed into small manageable iterations. Emphasis on providing continuous functionality to the customers in a predictable manner.

• Iteration length approximately six weeks

• Iteration scope determined by priority and effort required

• SDLC phases may have transcended several iteration boundaries

• I.E. Analysis required two iterations, design one iteration and development and testing two iterations

• Every iteration included a UAT and production deployment

• ITD Resources included Business Analyst, Technical Analyst and Developer

• Agency Resources included various Subject Matter Experts (SME)

• ITD and Agency resources actively involved during each iteration

• Allowed flexibility with iteration scope due to changing priorities

• Fixed budget with high-level fixed scope (Grant)

• Allowed to add future scope to current project due based on the adaptive schedule

Database Upgrades & Migrations

Database migrations are usually done in 18-24 months cycles.

Typical Process: • Environment Buildout: Test & Production

• Migrate existing test databases to new test environment

• Agency Notification & Consultation• Grouping and scheduling of agencies

• App Certification• Is the application compatible with the new database release?

• Agency Acceptance Testing & Sign-off

Oracle 12c Environment

26

• End of life for Oracle 10g/11g has passed:• Old releases no longer supported and patched

• New Hardware: • Replacing a 3 node Real Application Cluster (RAC) with a 2 node

RAC

• Environment:• Highly Consolidated• 50 Oracle databases and over 160 applications

• Majority of applications are maintained by ITD Software Development• 3rd Party Vendor Supported Applications

• Preliminary Testing Completed. DHS Eligibility/SPACES Upgrade• Don’t anticipate any major problems with most apps.

Oracle 12c Migration

27

Agency Notice & Consultation:• Agency letters will be going out to ITCC coordinators in Q2 2017. • Agency migration schedule to be published:

ITD Software Development Maintained Apps:• Agencies will need to submit a Software Development Service Request for each

application(s)

3rd Party Vendor Supported Apps:• Agencies will need to submit a Database Change Service Request for each vendor

supported application • Agencies are responsible for contacting their vendors to determine an upgrade plan

for each application• ITD DBAs are available to participate in any agency/vendor conversations.

• Point of contact: Callie Wachendorf, PM. cwachendorf@nd.gov

performed preliminary testing and based on this testing ITD does not expect any major problems. ITD has successfully completed the upgrade of DHS Eligibility SPACES databases.

Oracle 12c Migration - Testing

• The Zero Trust architecture approach, currently being implemented by ITD is intended to promotes a "never trust, always verify" as its guiding principle.

• By establishing Zero Trust boundaries that effectively compartmentalize different segments of the network, agencies can protect critical intellectual property from unauthorized applications or users, reduce the exposure of vulnerable systems, and prevent the lateral movement of malware throughout the network.

• Adoption of the Zero Trust architecture impacts the Oracle 12 Upgrade by requiring more extensive agency testing. Because development, test and production regions must be in separate VLANs agency testing efforts must be closely coordinated with ITD.

• Managed and controlled access to the application from outside the data center requires testing. This means that clients who are not authorized to access an application / service will not be able to see it. Agency testing plans need to account for external test scenarios and allow additional time in the testing schedule

Statewide IT Plan Follow UP

29

• 2017-19 Statewide IT Plan Supplemental Information

Future Agenda Items

30