SpinSys helped the Department of Navy (DON) modernize their legacy portfolio and asset management enterprise system. As a result of an audit and baseline assessment, we determined that the previous vendor’s system security did not meet DoD guidelines.
Phase I – Stabilization
The production, test, and development environments did not reside within the DoD/DON enclave. There did not appear to be a well-defined process for security posture maintenance, to include software updates, patch management, Information Assurance Vulnerability Management (IAVM), virus scan updates, and routine vulnerability assessment and remediation. Host Based Security System (HBSS) services were not implemented, in violation with DoD-mandated configuration control, and intrusion detection controls.
Additionally, hardware had become outdated and expensive to sustain, with higher than normal maintenance costs, including vendor warranty support. The DOD Information Assurance Certification and Accreditation Process (DIACAP) requires the ability to maintain vendor support (warranty) for all system hardware. Additionally, since the program had been in operation for several years using the same hardware, newer technologies could be opportunistically leveraged to address hardware performance and stability. The systems were installed “bare-metal”, with local disks configured in a RAID configuration, a hardware configuration with higher-than-needed cost to operate.
In response, SpinSys migrated the systems away from the legacy hardware and as per customer guidance, the systems was moved to commodity hardware with full SAN storage capability, in the Navy’s Enterprise Data Center (NEDC) in Charleston, SC. In addition, all services were virtualized to further increase the operational efficiency of the hardware. This addressed several concerns but most importantly, it provided the ability to better leverage the hardware resources and used in combination with the SAN resources, to reduce the incidence of outages due to hardware failure. The following current hardware security gaps would be met with the relocation of the systems to the NEDC: current vendor support (warranty), virtualization of the systems (redundancy), fault tolerance/high availability (live maintenance capabilities), SAN Storage (increased uptime, performance and data integrity), scalability (on-demand resource allocation).
SpinSys, in conjunction with the NEDC teams, built out new environments for the program that would mitigate the issues around hardware and older software versions. After the Certification and Accreditation process was completed, and the Authority To Operate (ATO) was received, the migration from the legacy vendor environment to the Charleston NEDC environment was completed in a record time of 3 months.
During the assessment period, it was also observed that the prior vendor’s help desk requests and associated resolution activities, went unrecorded by the help desk team. As a result, there was no reusable knowledgebase built from help desk activities for newer team members to leverage. Senior management reporting of help desk activities was based on rough estimates of support emails received by the help desk team. Useful metrics were also not available. This issue was mitigated by the introduction of a 3rd party help desk via the Navy 311 service, the Customer Relationship Management component of the Navy’s Distance Support capability.
Further progress was made when we rolled out the automation of the account activation and re-activation processes resulting in a reduction of help desk tickets by a 68% rate, to an approximate average number of 80 tickets per week.
Phase II – Modernization
With the program stabilized, SpinSys moved on to the secondary phase of modernizing legacy technology. The technology upgrade was accomplished via requirement management, including fit/gap analysis, software configuration management, as well as the development of Reports, Interfaces, Conversions, Extensions (RICE) objects, and their minimization.
All change requests were implemented in agreement with DON CIO and DoD CIO Product Management stakeholders, via Configuration Management processes architected and implemented by the customer. Our active participation in the Change Configuration Board (CCB) sessions, as well as follow-up meetings with individual feature stakeholders, and descriptions of the changes to be implemented via our Spin Application Lifecycle Management (SALM) portal, were essential parts of our Requirement Management strategy and success.
Among their major features, included a re-design of the DON EA (Department of Navy Enterprise Architecture) review process, impacting the database, user interface, business logic, reports and metrics. Due to the fact that the vast majority of US Navy IT systems is subject to the DON EA review, until final signoff by the DON CIO, we paid particular attention to regression testing, and data migration.
A successful implementation was architected and executed using a rolling wave pattern, allowing for early release of individual features, minimizing rework, and proactively raising the bar in terms of quality and timeliness. Our Agile approach favored an open dialog with the final stakeholders when re-visiting each Change Request for further requirements analysis, and going through multiple Walkthroughs during and after the implementation phase, to ensure correctness, enforce quality, and reduce subsequent rework.
A successful implementation was architected and executed using a rolling wave pattern, allowing for early release of individual features, minimizing rework, and proactively raising the bar in terms of quality and timeliness.