NETPDTC Hosting Support NETPDTC Hosting Support for AIM Tools for AIM Tools

Peg David, NETPDTC N621, Tech PM

Roy Hoyt, NETC N74 Functional PM/Resource Sponsor

Bruce Bare, NETC N62

AIM Team: Tiffany Dombrowski, AIM PM/ Ron Zinnato / Jamie Stewart

3 Apr 12

OverviewOverview• Central Site AIM I/AIM II

implementation for all NETC Centers plus non-NETC communities

• CPM Rel 5.0 hosting at NETPDTC• Implementation Issues

AIM Central Site Hosting at NETPDTCAIM Central Site Hosting at NETPDTC• NETC N74, N6, and NETPDTC have a plan and schedule

to migrate most AIM content and processing to NETPDTC Citrix Metaframe-based servers thru end FY12

• Benefits Include:‒ Simultaneous access by geographically dispersed Center and

contractor personnel for collaborative development and maintenance

‒ Support for future centralized enterprise data mining for reuse, repurpose, and reference (R3)

‒ Significantly faster access to software updates‒ Potential for automated workflow

AIM Central Site ImplementationAIM Central Site Implementation• Points of contact:

‒ NETC N74: Leslie Desenburg‒ NETPDTC: Peg David/Virginia Lovett/Chris

Stark/Charlie Odom (Metaframe Sys Admin)‒ AIM team: Ron Zinnato/Steve Wicinski/Jim

Ferrall• Implementation resources including planning

document templates and narrated help videos available on AIM information Web page:

AIM Central Site Hosting at NETPDTC

Schedule and Center POCsSchedule and Center POCsCenter AIM POC Month (T)

CID Joe Pekarske Feb-AprCSS Vicky Spencer Feb-Apr

CSCS Jessie Harris & Adrienne Young Feb-AprCHAPS Claire Olona May-Jun

CNI Bud Livers May-JunCPPD Rick Bly Jun-JulCNE D. Harrison-Youngs Jun-Jul

CEODD Marion Conley & Frank Carbone Aug-SepCSF Roy Wilde Aug-SepSLC Pedro Moore Sep-Oct

SWOS Ed Elliott Sep-Oct

* TBD Date - CNATT/CSFE Migration to AIM 5.0

Center Transition Planning Center Transition Planning

• Kick-Off Meeting with each Center POCs• Centers review/assist draft Transition Plan, roles and

responsibilities, POAM, Test Plan, Q/A’s• Identify data transfer method; data quantity• Review and understand ESS/CITRIX Account Creation

Process – Form, SAAR, Center IAM role • Review templates, lessons learned, forms, user

guides – all found at: http://aim.aimereon.com/aim/AIM-Central-Site-Hosting-at-NETPDTC.ashx

Notional Implementation POA&MNotional Implementation POA&M

AIM Central Site – eDMZ standupAIM Central Site – eDMZ standup• Current NETPDTC central site migrating to eDMZ;

benefits AIM as whole when Application migrates to NOLA eDMZ

• Centers/data on central site will migrate inside the eDMZ • Functional Test Plans will be done; code freeze,

Production Release Reviews prior to go-live• ‘ESS’ CITRIX accounts transition to ‘NTSS’ CITRIX

accounts; no new form required; Centers will validate their users/info on spreadsheet ; PM office to maintain SAAR repository

• Remaining Centers if any have not transitioned by go-live – will transition directly into eDMZ w/ NTSS accounts

AIM eDMZ Milestone TimelineAIM eDMZ Milestone Timeline

9

19 M

ar -

Sta

rt Ser

ver B

uilds

04 Ju

n -

Comple

te S

erve

r

build

s/all S

cans

and

STIG

S

3 Ju

l -

Comple

te N

ETPDTC IA

Doc B

uild

and

revie

w

25 Ju

ly N

ETC IA R

eview

Server Builds and Security Test(19 Mar – 04 Jun)

Note: IATT will be 11 Apr – 04 Jun

NETPDTC IA Doc Build/Review05 Jun – 3 Jul(22 Work days)

NETC IA Review05 – 25 Jul

(15 Work Days)

05 O

ct C

ompl

ete

ODAA R

evie

w

and

Recei

ve A

TO

Operational/Functional Test and Prod Readiness Review05 Jul – 15 September

• Effort includes new server builds:‒ Average builds/STIGS/SCANS - 50 days ‒ 2 SQL DB Servers for SQL DB clusters (Physical); 4 ESX Host Upgrades for

VMWARE Farm; 1 CPM Web Interface Server (Virtual); 5 AIM Citrix Servers (Virtual)

Interim Authority to Test (IATT) period 16 May – 10 AUG

AIM I RLO AIM I RLO PerformancePerformance Issue Issue • Identified potential login issue - CPU utilization – consensus: does not

represent performance issue

• Identified disconnect issue with EDE update by AIM I ‘super’ user – saturating system, breaking after 4.5 hours; conducting stress test with realistic data this week

• Affects traditional AIM I and ‘may’ affect LO module; debugging code being added, duplicate process(es), see impacts – isolate coding and/or configuration issues

• Testing to see if applicable to CSCS AIM I processes; test with both Columbia-hosted production version of CPM & re-pointing via .ini file to NETPDTC CPM test instance

• NETPDTC: deploy Windows Server 2003 R2 x64 (64-bit) Enterprise Edition to legacy and eDMZ servers; allows additional CPUs and memory to be added as needed; handle more load per server

• Establish performance baseline; compare/contrast baseline configuration with identified mitigations for current environment and planned eDMZ

AIM Certification and AccreditationAIM Certification and Accreditation• NETC/ODAA treating Central AIM as ‘new’ System

standing up inside eDMZ• As such, Interim Authority to Test (IATT) granted for

16 May – 10 Aug 2012• eDMZ has dependency on CSA Accreditation Plan;

ATO imminent Apr timeframe• As IATT test period draws to close, C&A package,

STIGs, SCANs, mitigations, POAMs are updated, and any other deltas added – for ODAA submission for full ATO approval

Implementation Issue: NOFORN NNPIImplementation Issue: NOFORN NNPI• Affects primarily non-SWS undersea community –

NAVSEA 07TR, SLC, SLC learning sites• Stringent data handling controls for unclassified No Foreign

Dissemination Navy Nuclear Power Information, mandated by NAVSEA 08

• NETC/NETPDTC standing up SLC enclave on TRANET_C (NAS PCOLA) to host: ref matl, e-library, IETMs, NNPI content, course curriculum info, AIM content, NNPI/NOFORN, used by SLC DETs‒ How does this fit into AIM program from enterprise view?

‒ Requirement to host AIM Application on TRANET_C? For SLC / others?

‒ Is TRANET_C interim option until NOLA data center migration?

• SSC New Orleans (NOLA) currently certified for NOFORN data

CPM Hosting at NETPDTCCPM Hosting at NETPDTC• NETC N74/N6 and NETPDTC in process of migrating

production version of CPM to NETPDTC‒ NETPDTC installed test instance of CPM Rel 5.0 on new

server; conducted formal GAT as arranged by AIM SSO‒ Full IA Certification & Accreditation process underway by

NETPDTC/AIM team; IATT in hand may allow .com ports to open during eDMZ test period; full IATO/ATO allows .com access

‒ CeTARS Web service, AIM enterprise data environment Web service, and PPP Repository integrated into CPM on NETPDTC server

‒ Production CPM remains hosted by AIMEREON until ODAA grants IATO/ATO for NETPDTC hosted eDMZ

CPM Hosting at NETPDTCCPM Hosting at NETPDTC(cont’d)(cont’d)

• Benefits Include:‒ Enterprise production hosting and support vs.

current contractor environment with limited server configuration and bandwidth

‒ Leverages NETC domain sys admin, database management, and information assurance expertise at NETPDTC

‒ Co-located with rest of NETC enterprise IT applications and off-site COOP support

‒ Secure access from both .mil and .com domains

CPM Hosting POCsCPM Hosting POCs

• NETC N74: Leslie Desenburg• NETPDTC: Peg David / Virginia Lovett /

Bob Rayburn (Web Apps BH/CPM assist)• AIM team: Ron Zinnato / Steve

Wicinski / Jamie Stewart / Jim Ferrall

Non-NETC ImplementationNon-NETC Implementation• 1 Oct 11 - SSP TRIDENT AIM I Central Site instance

transitioned from NAWCTSD to NETPDTC – fully operational - AIM I and LO Module production work

• NAVSEA 07TR AIM I Central Site instance TBD per decision on support for NOFORN NNPI data

• Other interested communities:‒ Navy Medicine‒ NAVSPECWARCEN (hosted by NAVSOC)‒ NAVRES‒ DANTES‒ Regional Maintenance Centers – Norfolk / San Diego

Implementation Issue: Privilege LevelsImplementation Issue: Privilege Levels• 5 levels implemented in AIM II per CNATT request• 3 levels implemented in AIM I per SSP request• CPM-style role/privilege structure in queue for

discussion development for AIM I/AIM II based on CNATT working group ACR and new software task order

• All user communities need to review current business process and adapt for Central Site environment

• Many lessons learned from CNATT AIM II and SWS AIM I implementation including request for 6th level in AIM II to support limited contractor visibility into AIM production instance

Current AIM II Privilege LevelsCurrent AIM II Privilege Levels

Role 1 – AIM User

Role 2 – Curriculum Manager FTS

Role 3 – Curriculum Manager HQ

Role 4 – AIM Viewer

Role 5 – AIM Administrator

View all courses YES YES YES YES YES

Edit/Lock YES* YES* YES NO YES

Approve course NO NO YES NO YES

Grant Privilege YES* YES* YES NO YES

Create Rev or Change YES* YES* YES NO YES

Import Course NO NO YES NO YES

Export Course NO YES YES NO YES

Archive Course NO NO NO NO YES

Un-archive Course NO NO YES NO YES

Delete Course NO NO N0 NO YES

Modify Dev. Authority/Site Table NO NO NO NO YES

Add Users NO YES* YES NO YES

Use Data Manager NO NO NO NO YES

*For courses in their assigned Developing Agency ONLY

CNATT AIM Central Site Process Flow CNATT AIM Central Site Process Flow AIM Process Flow

CN

AT

T H

QO

ther

Rea

d O

nly

CN

AT

T H

Q

Adm

inis

trat

orC

NA

TT

Uni

t F

TS

Cou

rse

Sup

ervi

sor

Inst

ruct

ors

Builds Courses Submits to Course

Supoervisor

Requests Account

Check Course submits to CNATT HQ Curriculum

Management

Approves CourseNotifies FTS of

Approval

Administrators Accounts/ Helps and

Supports

Views TPP and TCCD as needed

Recieves Course Approval and

Forwards to Course Supervisor

Recieves Course Approval and Forwards to

Instructors and Alternate Teaching

Sites

Teaches CourseProcess Begins

Requests Account

Check Course submits to FTS

Requests Account

Requests Account

Requests Account

CNATT HQ InternalProcess Flow

Implementation Issue:Implementation Issue:‘ancillary data’‘ancillary data’

• Prospective users have requested NETPDTC establish an ‘ancillary data’ (i.e., not really AIM stuff) storage area in conjunction with their AIM I/II Central Site instances

• Need better definition of how ‘ancillary storage’ will be used and NETC N6/N7 approval of business process and IT infrastructure loading

• Also may be impacted by resolution of Information Assurance Category 1 issue mitigation for Metaframe systems

Implementation Issue – Initial Discussions: Implementation Issue – Initial Discussions: Jobs Server approachJobs Server approach

• A number of processes in AIM I/II take a long time to complete: e.g., Trainee Guide print preview, large course export, large course import

• Current NETPDTC implementation requires Central Site user to remain logged into Citrix session with CAC inserted in local workstation until process completed

• Jobs Server concept developed by NETPDTC and AIM teams would permit user to begin long-running process, transfer process to Jobs Server, end Metaframe session, and then log back into Metaframe later to retrieve product of long-running process completed on Jobs Server

Implementation Issue:Implementation Issue:Job Server approachJob Server approach

(contd)(contd)

Jobs Server

Metaframe Servers

File Share

Job OutputCheck for Completion/

Retrieve Output

Job Request

AIM Central Site ArchitectureAIM Central Site Architecture

Questions?Questions?