IPMA News : March 2004
Edited By Mary Ellen Bradley and Dennis Jones
The State of Washington Enterprise Active Directory
Washington Department of Ecology – Winner – Government Productivity Solution
Washington State’s Enterprise Reporting wins recognition at the Microsoft CIO Summit
Common Reporting Tool Selection Process is Underway
News from the Past
(Note: The IPMA Board did not meet in February.)
-- by Phil Grigg, Department of General Administration, and John Ditto, Department of Information Services
The Enterprise Active Directory marks an exciting new era for the IT enterprise in The State of Washington.
Every day, state agencies use hundreds of common applications, software, services and resources. There is time lost and human/financial resources spent duplicating and reinventing applications. Recent, tough budgetary constraints have demanded a paradigm shift. The technology leadership in the state has turned its attention toward shared access to applications, software, services and resources and the implementation of best practices. The enterprise is moving toward a standardized environment, schema, application programming interfaces (APIs) and an authentication system that is available and secure. The Washington State Enterprise Active Directory Forest provides a common, shared environment that makes greater levels of cooperation possible and, ultimately, reduces costs and optimizes resources.
State agencies have traditionally focused on Point Solutions for LAN/Network applications.
Each agency or department automated cumbersome manual processes to save time, increase accuracy and free staff from repetitive manual tasks. The resulting solutions helped improve workflow, delivery time and customer service. Point solutions have a down side. Agencies may duplicate effort and investment by creating single applications such as time card systems, personnel processes, asset management systems, budget applications, trouble ticket systems and emergency notification systems.
The Enterprise Active Directory may add other potential common-use applications such as: LAN faxing; mobile device services; e-mail virus scanning; offline message archiving; and Internet access to e-mail.
The Enterprise Active Directory Steering Committee, under the guidance of the Customer Advisory Board (CAB), has led the way to create the Enterprise Active Directory Forest to share network resources among agencies and departments. The Enterprise Active Directory Forest provides a common environment within which agencies can jointly share resources, create effective joint solutions for common problems and take advantage of economies of scale.
Agencies in Production - DIS, DOL, DOP, DRS, DSHS, ESD, GA, HCA, LNI, and SSV (AGR, CFC, TIB, OMWBE, GOIA )
Agencies in Pre-Production – DFI, DOH, MIL, OFM, WSP
Agencies in the Lab – ATG, ECY
Resources Available for the Enterprise Active Directory Participants:
There are a number of documents that agencies can utilize to help manage their environments within the Enterprise Active Directory:
Best Practices Active Directory Design for Managing Windows Networks
This guide provides a step-by-step methodology based on best practices learned from customers who have already deployed Active Directory™ in their organizations. The intended audience for this guide is the IT professional responsible for testing, piloting and rolling out an Active Directory design.
Best Practices Active Directory Deployment for Managing Windows Networks
This guide assists architects, project managers and consultants with the deployment of an Active Directory service in a network operating system (NOS). The best practices deployment methodology encapsulates technical expertise from the Microsoft Windows Product Group with lessons learned from customers who have implemented Active Directory.
Security Strategy for Root Domain
This document was developed by identifying the forest-wide resources that require protection. For each asset, an evaluation of the related threats, vulnerabilities and constraints was performed to provide a basis for policies and related control activities.
Welcome Kit for Agencies Joining the Enterprise
This welcome kit provides an overview of the project plan that new agencies receive when joining the statewide Windows forest. The kit includes checklists to guide the IT staff in preparing the application and migration plan for review by the Forest Resource Group.
Frequently Asked Questions
This document is a reply to the questions posed by the Enterprise Active Directory Steering Committee. This is a first round of responses in a developing a document that is open for distribution.
The process for joining the single-root forest typically takes several months to complete. Help is available: agencies planning to implement an Active Directory migration can take advantage of a wealth of best practices and background information.
Agencies will petition to join the Lab where they can rip and tear their environments. They will then join the Pre-Production forest for a period of time where they will ensure their configuration is correct. After a period of time in the Pre-production forest, agencies will be welcomed into the Production Forest.
There are two guiding principles: 1. A design that is simple, easy to explain and easy to maintain is the best investment 2. Possible changes in future technology must be considered when adopting a design
Most important activity — collaboration
Enterprise Activity Directory built by agencies working together
Agencies work together to develop a common application environment, schema and secure authentication system across the enterprise. As an essential component of Windows architecture, Enterprise Active Directory acts as a consolidation point and central authority for streamlining and managing complex directory structures and system software. Agencies can operate independently and still leverage all the network information and resources across state government. Sharing technology, services, software and expertise can mean significant savings for tight budgets. Focused on improving the efficiency of state government operations, Active Directory is the right solution for easy, secure and selective access to applications.
Approved hot fixes for statewide forest
As partner agencies identify problems in the root or production environments, the Forest Resource Group members, Microsoft Consulting Services and Premier Support Services will recommend or require specific critical updates to be applied to domain controllers in between service pack releases. The hot fixes that have been approved are compiled and agencies must use the proper links when applying hot fixes to ensure that all state systems are running the same version of the DLLs.
Smart technology strategy for government
Building manageability, security, interoperability into the enterprise
The Enterprise Active Directory Steering Committee has approved a number of documents which assist in the Governance of the shared forest:
Change Management Document
This document identifies a key goal of the change management process: to ensure that all entities affected by a given change are aware of and understand its impact. The document discusses the change management process as it attempts to identify all affected systems and processes in order to mitigate or eliminate any adverse effects.
This escalation management document defines the procedure for escalating problems and issues for resolution.
Health Monitoring Plan for Root Domain
The health monitoring plan document includes procedures and checklists for optimizing the health of the root Active Directory domain.
Naming Conventions and Standards
Agencies set to deploy Windows within the Washington state enterprise begin by planning for Active Directory and developing naming conventions and appropriate standards. This important first step establishes a reliable way to find network resources across the enterprise, while maintaining and building a Global Address List (GAL) for mail lookup.
Policy and Requirements Document
The purpose of this document is to provide a policy and requirements framework for applications using the Active Directory. Agencies must follow the requirements published by the Forest Application Developers Committee (FAD) and approved by the Customer Advisory Board (CAB) Enterprise Active Directory Steering Committee that pertain to Washington’s Multi-agency Forest Active Directory.
Objects and Attributes
The purpose of these documents is to view the objects and attribute definitions within the Enterprise Active Directory.
The Enterprise Active Directory has been working well for its members since 2000. There are a number of exciting initiatives on the horizon including Exchange 2003 and Single Sign-on. As more agencies join the Enterprise, the ability to leverage resources and enrich the environment increases.
We are being continually asked to do more in a co-operative manner. The Enterprise Active Directory is a path which enables this guiding principle in our network and communication disciplines.
For more information, call Phil Grigg at 360-902-7452 or John Ditto at 360-902-0349, or visit theEnterprise Active Directory web site.
Return to Top
-- by Debbie Stewart, Enterprise Applications Manager, Department of Ecology
At Microsoft’s Annual CIO meeting on January 14-15, 2004, the Department of Ecology was recognized as the winner of a Microsoft Government Solutions Awardfor work performed as part of the National Environmental Information ExchangeNetwork, also known as the "Exchange Network".
What is the Exchange Network?
In July, 2000 the Environmental Council of States (ECOS), a national consortium of stateand territorial environmental commissioners, charged a workgroup with developinga blueprint for an Exchange Network. This blueprint would serve as aconceptual design for an Internet- and standards-based, secure informationsystems network that supports the electronic collection, exchange, andintegration of high-quality data between the U.S. Environmental ProtectionAgency (EPA), States, and other partners that use the Internet and standardizeddata formats. The decision to go forward with the Exchange Network marked thebeginning of the transition from the "data push" era to an era where dataresides at its source and can be accessed using network nodes, webservices, and XML by those who need it from anywhere when their businessrequirements dictate. In 2002 EPA established a grant program to providefunding to State, Territories, and Federally Recognized Indian Tribes tosupport the development of the Exchange Network. Since 2002, over $40 millionin federal funding have been distributed to support this effort.
What was the Problem with the Existing Solution?
State environmental agencies' inability to efficiently meet EPA reporting requirements due tochanging information needs, inefficient information exchange processes, growingdata integrity problems, rising system maintenance costs, decreasing budgets,dynamic change of technology, and increasing need to provide rapid data accessto environmental agencies and the public.
The Exchange Network will replace and complement the traditional approach to information exchange thatcurrently rely upon States feeding data directly to disparate EPA national datasystems.
What was Ecology’s Role?
After exploring several technologies being implemented by other State environmentalagencies, WA Dept. of Ecology established a Network node using Microsofttechnology--specifically, Microsoft Server 2003, IIS 6.0, SQL 2000, .NetFramework, Web Services add-on to .Net (providing the latest advanced Webservices capabilities), MDAC 2.7, and XML. This environment supports Ecology’sstrategic direction for application development. A Node is a simpleenvironmental information Web service that initiates requests for information,processes authorized queries, and sends and receives the requested informationin a standardized XML format.
Using Microsoft technology, WA Dept. of Ecology is recognized nationally as the firststate in the nation to have successfully implemented a Node and submittedrequired data to EPA about regulated facilities. This results in more currentinformation available to other States and the public about regulated facilities,thus improving overall data quality and services to the citizens; and moreefficient methods of providing the data, thus improving overall productivity. Italso establishes the foundation for future data access/exchanges with EPA,States, and other partners (consultants, tribes, non-profits, etc.) that usethe Internet for exchanging/accessing environmental data. The WA Dept. of Ecologyis already working with the Oregon Dept. of Environmental Quality to exchange dataconcerning inter-state shipments of hazardous waste between regulated generatorsand treatment, storage, and disposal facilities to ensurecompliance. In addition, Washington, Oregon, Alaska, and Idaho arecollaborating on a project to use this infrastructure to exchange water qualitymonitoring data between states.
For additional information on the Exchange Network, see www.exchangenetwork.net
Return to Top
-- by Dennis Jones, Statewide Financial Systems Manager, Office of Financial Management
The Department of Social and Health Services (DSHS) and Office of Financial Management (OFM) received a Finalist award at the First Annual Microsoft Government Solutions Awards ceremony as part of the Microsoft Government CIO Summit held January 14 and 15, 2004. The award recognized the productivity improvements gained by the recently completed Financial Reporting Improvement Project (FRIP).
DSHS and OFM partnered in the two-year FRIP project to integrate DSHS’ Cost Allocation System and Financial Reporting System with OFM’s Agency Financial Reporting System (AFRS). The resulting system positioned OFM and DSHS to adapt the Enterprise Reporting System (FASTRACK) to meet DSHS’s financial reporting needs as well as creating additional value for existing Fastrack customers.
DSHS provides a family of programs serving 1.3 million children and families each year. Their internal Financial Reporting System (FRS) and Cost Allocation System (CAS) were used to sustain their extensive financial operations including managing the cost allocation process to maximize federal reimbursements and budget monitoring. These systems did not integrate well with the State’s enterprise-wide financial system (AFRS). As a result thousands of staff hours were spent each year in reconciliation with AFRS and explaining differences to agency management, budget staff and the legislature.
The FRIP project generated an annual savings of $400,000 to taxpayers. In addition, consolidation of these complex systems has greatly simplified systems and data maintenance requirements. Moreover, the successful addition of DSHS to FASTRACK allowed OFM to complete one of the visions for Enterprise Reporting – providing a comprehensive financial data warehouse for all State agencies’ data.
The financial data warehouse resides on the DIS SAN in OB2, occupying about a terabyte of data. Two Microsoft SQL Servers, four report servers and six web servers form the core environment for the solution. Web based report request, report preparation and report delivery are accomplished though Seagate Info 7.5 (now known as Crystal Enterprise).
Achieving a fully populated financial data warehouse has created value for DSHS and other Fastrack users, but it is just one step in the overall vision of Enterprise Financial and Administrative Reporting. More remains to be done. Version 7.5 of Crystal is not meeting the State’s performance requirements and additional capabilities are needed to address ad-hoc reporting, data analysis and access to multiple data sources. See the accompanying article on the DOP / OFM /GA partnership to push towards the next release of Enterprise Reporting.
Return to Top
-- by Dennis Jones, Statewide Financial Systems Manager, Office of Financial Management
Washington State has distributed responsibility for the core Financial and Administrative systems supporting government operations. The office of Financial Management (OFM) has responsibility for providing Accounting and Budgeting systems. The Department of Personnel (DOP) supports Human Resource and Payroll Systems. The Department of General Administration (GA) supports the Purchasing /Supply Chain processes. The Department of Information Services (DIS) provides computing and network infrastructure services. Individual agencies also provide significant systems support to these functions.
OFM and DOP both have data warehouses to support end-user reporting needs. Both of these data warehouses are hosted on Windows servers running Microsoft SQL Server and the future Human Resource Management System (HRMS) will also be hosted on a Microsoft platform. GA plans implementation of a SQL Server data warehouse in 2004 to support the consolidation and reporting of procurement data. Many of the agency end users need access to the information stored in more than one of theses data warehouses as well as their own agency unique data warehouses / data stores. A variety of reporting tools are used to provide users with access to this information. Currently DOP offers access to their data warehouse via MS Access and OFM provides FASTRACK, a web-based reporting tool using Seagate Info 7.5 (now known as Crystal Enterprise). The new SAP HRMS offers yet a different set of reporting tools and capabilities.
DOP is replacing its current Human Resource systems with a commercial HRMS from SAP. This implementation presents opportunities for DOP to enhance or replace its data warehouse and reporting tools. OFM faces a need to upgrade its reporting tools to move to a newer version of Crystal Enterprise or replace Crystal with other reporting tools to enhance the current reporting capability. GA will begin development of their Procurement data warehouse in 2004 biennium. Individual agencies are interested in upgrading their reporting capabilities as reported in a Reporting Tools Survey responded to by 16 agencies in early 2003.
These converging business plans provide a unique opportunity for Central Financial and Administrative systems providers (DOP, OFM, GA and DIS) as well as line agencies to work together toward a common reporting tool direction.
The Central Financial and Administrative systems providers share a vision for a common set of reporting tools to that will:
The tools will meet the needs for:
The tools will provide:
The tools will satisfy the needs of:
The tools will facilitate access to multiple data sources (internal and external) on multiple platforms and work within the State’s security and authorization infrastructure.
In December, the partners evaluated the two incumbent toolsets - SAP and Crystal Decisions’ Crystal Enterprise Version 10 to determine if either one would meet the defined business objectives. (Note that in December 2003, Business Objects, Inc. completed their acquisition Crystal Decisions.) The evaluation in December was based on a set of criteria reflecting the business objectives and a set of vendor demonstrations. Crystal Enterprise was selected as the best toolset to meet the state’s needs. Crystal’s primary advantage is its ability to access multiple data sources / warehouses. SAP is very strong when all of the data can be imported into the SAP business warehouse data store. In addition to the ability to access multiple data sources, including SAP business warehouses, the final evaluation report highlighted the following features of Crystal Enterprise:
To complete the evaluation the partners decided to conduct a proof-of-concept prototype to validate performance, reliability, usability, manageability, scalability and the levels of adaptability of the overall system. Department of Information Systems, General Administration, Department of Personnel, Office of Financial Management as well as partners from Business Objects (Crystal Decisions), Microsoft, Accenture (the SAP implementer) along with a selected group of agency Human Resource and Financial customers are participants in this evaluation. The proof-of-concept is scheduled to complete by March 31, 2004 following a rigorous performance test using the Microsoft lab in Issaquah.
Following successful completion of the proof-of-concept, business plans and deployment strategies will be developed by DOP / Accenture for HRMS reporting and by OFM for upgrading the FASTRACK reporting. In addition, DOP, OFM, GA, DIS, Ecology and Labor & Industries are working with Business Objects to establish a favorable enterprise licensing agreement for the Crystal Decisions tools. For more information contact the proof-of-concept project managers - Ann Bruner at OFM or Debbie Kendall at DOP.
Return to Top
5 Years Ago -- March 1999 IPMA Newsletter
10 Years Ago -- March 1994 IPMA Newsletter
15 Years Ago -- March 1989 IPMA Newsletter
20 Years Ago -- March 1984 Association of Data Processing Managers Newsletter
25 Years Ago -- March 1979 Association of Data Processing Managers Newsletter
Return to Top
IPMA, P.O. Box 1943, Olympia, WA 98507-1943