NETPDTC Hosting Support
advertisement
NETPDTC Hosting Support for AIM Tools Peg David, NETPDTC N621, Tech PM Roy Hoyt, NETC N74 Functional PM/Resource Sponsor Bruce Bare, NETC N62 AIM Team: Tiffany Dombrowski, AIM PM / Ron Zinnato / Jamie Stewart 3 Apr 12 Overview Central Site AIM I/AIM II implementation for all NETC Centers plus non-NETC communities • CPM Rel 5.0 hosting at NETPDTC • Implementation Issues • AIM Central Site Hosting at NETPDTC • NETC N74, N6, and NETPDTC have a plan and schedule to migrate most AIM content and processing to NETPDTC Citrix Metaframe-based servers thru end FY12 • Benefits Include: ‒ Simultaneous access by geographically dispersed Center and contractor personnel for collaborative development and maintenance ‒ Support for future centralized enterprise data mining for reuse, repurpose, and reference (R3) ‒ Significantly faster access to software updates ‒ Potential for automated workflow AIM Central Site Implementation • • Points of contact: ‒ NETC N74: Leslie Desenburg ‒ NETPDTC: Peg David/Virginia Lovett/Chris Stark/Charlie Odom (Metaframe Sys Admin) ‒ AIM team: Ron Zinnato/Steve Wicinski/Jim Ferrall Implementation resources including planning document templates and narrated help videos available on AIM information Web page: AIM Central Site Hosting at NETPDTC Schedule and Center POCs Center CID CSS CSCS CHAPS CNI CPPD CNE CEODD CSF SLC SWOS AIM POC Joe Pekarske Vicky Spencer Jessie Harris & Adrienne Young Claire Olona Bud Livers Rick Bly D. Harrison-Youngs Marion Conley & Frank Carbone Roy Wilde Pedro Moore Ed Elliott Month (T) Feb-Apr Feb-Apr Feb-Apr May-Jun May-Jun Jun-Jul Jun-Jul Aug-Sep Aug-Sep Sep-Oct Sep-Oct * TBD Date - CNATT/CSFE Migration to AIM 5.0 Center Transition Planning • Kick-Off Meeting with each Center POCs • Centers review/assist draft Transition Plan, roles and responsibilities, POAM, Test Plan, Q/A’s • Identify data transfer method; data quantity • Review and understand ESS/CITRIX Account Creation Process – Form, SAAR, Center IAM role • Review templates, lessons learned, forms, user guides – all found at: http://aim.aimereon.com/aim/AIM-Central-Site-Hosting-at-NETPDTC.ashx Notional Implementation POA&M AIM Central Site – eDMZ standup • Current NETPDTC central site migrating to eDMZ; benefits AIM as whole when Application migrates to NOLA eDMZ • Centers/data on central site will migrate inside the eDMZ • Functional Test Plans will be done; code freeze, Production Release Reviews prior to go-live • ‘ESS’ CITRIX accounts transition to ‘NTSS’ CITRIX accounts; no new form required; Centers will validate their users/info on spreadsheet ; PM office to maintain SAAR repository • Remaining Centers if any have not transitioned by go-live – will transition directly into eDMZ w/ NTSS accounts AIM eDMZ Milestone Timeline Server Builds and Security Test (19 Mar – 04 Jun) Note: IATT will be 11 Apr – 04 Jun NETPDTC IA Doc Build/Review 05 Jun – 3 Jul (22 Work days) NETC IA Review 05 – 25 Jul (15 Work Days) Operational/Functional Test and Prod Readiness Review 05 Jul – 15 September • Effort includes new server builds: 9 ‒ Average builds/STIGS/SCANS - 50 days ‒ 2 SQL DB Servers for SQL DB clusters (Physical); 4 ESX Host Upgrades for VMWARE Farm; 1 CPM Web Interface Server (Virtual); 5 AIM Citrix Servers (Virtual) Interim Authority to Test (IATT) period 16 May – 10 AUG AIM I RLO Performance Issue • Identified potential login issue - CPU utilization – consensus: does not represent performance issue • Identified disconnect issue with EDE update by AIM I ‘super’ user – saturating system, breaking after 4.5 hours; conducting stress test with realistic data this week • Affects traditional AIM I and ‘may’ affect LO module; debugging code being added, duplicate process(es), see impacts – isolate coding and/or configuration issues • Testing to see if applicable to CSCS AIM I processes; test with both Columbia-hosted production version of CPM & re-pointing via .ini file to NETPDTC CPM test instance • NETPDTC: deploy Windows Server 2003 R2 x64 (64-bit) Enterprise Edition to legacy and eDMZ servers; allows additional CPUs and memory to be added as needed; handle more load per server • Establish performance baseline; compare/contrast baseline configuration with identified mitigations for current environment and planned eDMZ AIM Certification and Accreditation • NETC/ODAA treating Central AIM as ‘new’ System standing up inside eDMZ • As such, Interim Authority to Test (IATT) granted for 16 May – 10 Aug 2012 • eDMZ has dependency on CSA Accreditation Plan; ATO imminent Apr timeframe • As IATT test period draws to close, C&A package, STIGs, SCANs, mitigations, POAMs are updated, and any other deltas added – for ODAA submission for full ATO approval Implementation Issue: NOFORN NNPI • Affects primarily non-SWS undersea community – NAVSEA 07TR, SLC, SLC learning sites • Stringent data handling controls for unclassified No Foreign Dissemination Navy Nuclear Power Information, mandated by NAVSEA 08 • NETC/NETPDTC standing up SLC enclave on TRANET_C (NAS PCOLA) to host: ref matl, e-library, IETMs, NNPI content, course curriculum info, AIM content, NNPI/NOFORN, used by SLC DETs • ‒ How does this fit into AIM program from enterprise view? ‒ Requirement to host AIM Application on TRANET_C? For SLC / others? ‒ Is TRANET_C interim option until NOLA data center migration? SSC New Orleans (NOLA) currently certified for NOFORN data CPM Hosting at NETPDTC • NETC N74/N6 and NETPDTC in process of migrating production version of CPM to NETPDTC ‒ NETPDTC installed test instance of CPM Rel 5.0 on new server; conducted formal GAT as arranged by AIM SSO ‒ Full IA Certification & Accreditation process underway by NETPDTC/AIM team; IATT in hand may allow .com ports to open during eDMZ test period; full IATO/ATO allows .com access ‒ CeTARS Web service, AIM enterprise data environment Web service, and PPP Repository integrated into CPM on NETPDTC server ‒ Production CPM remains hosted by AIMEREON until ODAA grants IATO/ATO for NETPDTC hosted eDMZ CPM Hosting at NETPDTC (cont’d) • Benefits Include: ‒ Enterprise production hosting and support vs. current contractor environment with limited server configuration and bandwidth ‒ Leverages NETC domain sys admin, database management, and information assurance expertise at NETPDTC ‒ Co-located with rest of NETC enterprise IT applications and off-site COOP support ‒ Secure access from both .mil and .com domains CPM Hosting POCs NETC N74: Leslie Desenburg • NETPDTC: Peg David / Virginia Lovett / Bob Rayburn (Web Apps BH/CPM assist) • AIM team: Ron Zinnato / Steve Wicinski / Jamie Stewart / Jim Ferrall • Non-NETC Implementation • 1 Oct 11 - SSP TRIDENT AIM I Central Site instance transitioned from NAWCTSD to NETPDTC – fully operational - AIM I and LO Module production work • NAVSEA 07TR AIM I Central Site instance TBD per decision on support for NOFORN NNPI data • Other interested communities: ‒ ‒ ‒ ‒ ‒ Navy Medicine NAVSPECWARCEN (hosted by NAVSOC) NAVRES DANTES Regional Maintenance Centers – Norfolk / San Diego Implementation Issue: Privilege Levels • 5 levels implemented in AIM II per CNATT request • 3 levels implemented in AIM I per SSP request • CPM-style role/privilege structure in queue for discussion development for AIM I/AIM II based on CNATT working group ACR and new software task order • All user communities need to review current business process and adapt for Central Site environment • Many lessons learned from CNATT AIM II and SWS AIM I implementation including request for 6th level in AIM II to support limited contractor visibility into AIM production instance Current AIM II Privilege Levels Role 1 – AIM User Role 2 – Curriculum Manager FTS Role 3 – Curriculum Manager HQ Role 4 – AIM Viewer Role 5 – AIM Administrator View all courses YES YES YES YES YES Edit/Lock YES* YES* YES NO YES Approve course NO NO YES NO YES Grant Privilege YES* YES* YES NO YES Create Rev or Change YES* YES* YES NO YES Import Course NO NO YES NO YES Export Course NO YES YES NO YES Archive Course NO NO NO NO YES Un-archive Course NO NO YES NO YES Delete Course NO NO N0 NO YES Modify Dev. Authority/Site Table NO NO NO NO YES Add Users NO YES* YES NO YES Use Data Manager NO NO NO NO YES *For courses in their assigned Developing Agency ONLY CNATT AIM Central Site Process Flow Process Begins Requests Account Course Supervisor Instructors AIM Process Flow Teaches Course Recieves Course Approval and Forwards to Instructors and Alternate Teaching Sites Requests Account CNATT Unit FTS Check Course submits to FTS Requests Account Recieves Course Approval and Forwards to Course Supervisor Check Course submits to CNATT HQ Curriculum Management CNATT HQ CNATT HQ Administrator Other Read Only Builds Courses Submits to Course Supoervisor Requests Account CNATT HQ Internal Process Flow Approves Course Notifies FTS of Approval Administrators Accounts/ Helps and Supports Requests Account Views TPP and TCCD as needed Implementation Issue: ‘ancillary data’ • Prospective users have requested NETPDTC establish an ‘ancillary data’ (i.e., not really AIM stuff) storage area in conjunction with their AIM I/II Central Site instances • Need better definition of how ‘ancillary storage’ will be used and NETC N6/N7 approval of business process and IT infrastructure loading • Also may be impacted by resolution of Information Assurance Category 1 issue mitigation for Metaframe systems Implementation Issue – Initial Discussions: Jobs Server approach • A number of processes in AIM I/II take a long time to complete: e.g., Trainee Guide print preview, large course export, large course import • Current NETPDTC implementation requires Central Site user to remain logged into Citrix session with CAC inserted in local workstation until process completed • Jobs Server concept developed by NETPDTC and AIM teams would permit user to begin long-running process, transfer process to Jobs Server, end Metaframe session, and then log back into Metaframe later to retrieve product of long-running process completed on Jobs Server Implementation Issue: Job Server approach (contd) Metaframe Servers Jobs Server Job Request File Share Job Output Check for Completion/ Retrieve Output AIM Central Site Architecture Questions?
