Difference between revisions of "Transport Canada (TC) Infrastructure Modernization - Cloud / DR / Workload Migration"
Julia.rose (talk | contribs) |
Julia.rose (talk | contribs) |
||
| Line 240: | Line 240: | ||
This project is following an iterative Agile process and the first set of applications are being migrated to the Cloud. The apps in progress will continue to be worked on throughout sprint 4. | This project is following an iterative Agile process and the first set of applications are being migrated to the Cloud. The apps in progress will continue to be worked on throughout sprint 4. | ||
| − | [[Image:AppsInProgress- | + | [[Image:AppsInProgress-May29-2020.jpg|700x700px]] |
| − | [[Image:Sprint4- | + | [[Image:Sprint4-May29-2020.jpg|700x700px]] |
[[Image:LegendNew-Apr27-2020.jpg|700x700px]] | [[Image:LegendNew-Apr27-2020.jpg|700x700px]] | ||
Revision as of 16:15, 29 May 2020
Transport Canada (TC) IT Infrastructure Modernization
The goal of this project is to deliver a complete modern infrastructure environment for TC applications in the Cloud. This requires building a foundational Cloud environment, planning and executing a workload migration plan, as well as creating and implementing a Disaster Recovery Management Program. In conjunction with SSC, a secure network to Cloud and authentication services will be established.
The Cloud will provide TC with a modern, scalable, and resilient infrastructure which offers disaster recovery and rapid time to market to support the promotion of a safe and secure, efficient and environmentally responsible transportation system in Canada.
This project is meant to address the business needs and opportunities of:
- Providing recovery services for IT in the event of a disaster. This will ensure that the delivery of critical services affecting the safety, security, and economic viability of Canadian citizens continues in a normal operations mode in the event of a disaster;
- Responding to the Cloud First principle and direction from TBS for delivery of Digital Services;
- Responding to demands for increased IT capabilities and increased IT capacity to support department’s programs;
- Adoption of DevOps and modern development methodologies that are enhanced by Cloud services – working in Agile, Open, Collaboration; and,
- Implementing a disaster recovery management program in response to the TBS Policy on Government Security to provide IT service continuity in a timely and efficient manner.
The key deliverables are:
- Modernized TC IT environment using Cloud solutions;
- A migration of all applications/systems within the Workload Migration (WLM) initiative to the Cloud;
- Application development and support model modernization to enable Cloud solutions providing efficiencies in delivery time and cost; and,
- A validated and maintained Disaster Recovery Management framework in place.
Cloud Service Operation Model (CSOM)
The Cloud Service Operation Model (CSOM) is a framework used to assess current levels of organizational maturity in the operation, management, and governance of Cloud services. The CSOM framework and methodology is iterative and can be used for existing and new Cloud services. Microsoft is leading the CSOM effort for TC and will deliver the Maturity Roadmap and Assessment Report in June 2020.
Project Status
This project is using Agile methodology and following the TC Project Management Framework 4 Gate Model. Overall, the project is behind schedule because SCED (Secure Cloud Enablement & Defence), required for applications that need secure connectivity, has not yet been delivered by SSC. The SCED Readiness Request has been submitted to TBS and SSC and a decision is pending. TC3oE is working with Solutions Centre, SSC, and Hitachi to secure resourcing for the Cloud migration work. TC's Azure Cloud Foundational Environment has been granted Authority to Operate (ATO) up to Protected-B for applications not requiring secure network connectivity. The project is in Phase 3, Launch/Execution & Control, and unclassified applications are being migrated to the Cloud.
| Milestones | Initial Target Date | Forecast Date | Completion Date | Comments |
| Project Start Date | 2017-10-26 | 2017-10-26 | ||
| Discovery & Analysis for Disaster Recovery (DR) | 2018-10-05 | 2018-10-05 | 2018-10-05 | Complete: Initial research for establishing a Disaster Recovery Program for TC |
| Gate 0 Phase 1: Discovery and Initial Cloud Foundation | 2019-04-29 | 2019-04-01 | 2019-04-01 | Complete: Task awarded to Microsoft to collect information for Cloud environment, assess the TC landscape, and create the initial working environment for TC applications. |
| Gate 1 Phase 2: Application Target State Assessment | 2019-09-20 | 2019-09-20 | 2019-09-20 | Complete: All business systems assessed and assigned a Cloud target state. |
| GC EARB Prioritization for Secure Cloud Enablement Defence (SCED) | 2018-07-16 | 2020-06-30 | TC requested a target date of July 2018 for SCED but delivery was delayed. Until SCED is available, TC cannot put into production any Cloud applications that require secure connectivity. | |
| Cloud Foundation Build | 2019-04-01 | 2019-10-18 | 2019-10-18 | Complete (except for SCED secure connectivity). This is the Cloud working environment for TC applications. |
| Sprint #1 Migration of Applications to Cloud | 2020-01-31 | 2020-01-31 | 2020-01-31 | Sprint #1 complete. The following apps were worked on: CUMULUS, SAP-BI, TSCA. CUMULUS progressed into a Non-Production environment. |
| Gate 2 Project Execution Approval (under the PMF 4 Gate Model) | 2020-03-01 | 2020-03-01 | 2020-01-30 | |
| Sprint #2 Migration of Applications to Cloud | 2020-02-28 | 2020-02-28 | 2020-02-28 | Sprint #2 complete. The following apps were worked on: CUMULUS, SAP-BI, TSCA, LDPS, TeamMate Suite, TC WWW, ASD. |
| Sprint #3 Migration of Applications to Cloud | 2020-03-15 | 2020-04-30 | 2020-04-30 | Sprint #3 complete. The EGIS app was worked on. |
| Sprint #4 Migration of Applications to Cloud | 2020-05-04 | 2020-05-20 | Sprint #4 in progress. The following apps are being worked on: MEDV, SRF, iServer. | |
| Migration of Business Systems to the Cloud | 2023-03-31 | 2023-03-31 | Remainder of systems migrated to the Cloud. | |
| Disaster Recovery Plans for all applications completed | 2023-03-31 | 2023-03-31 | ||
| DR initial Exercise | 2022-03-30 | 2022-03-30 | First full scale exercise | |
| Gate 3 Phase 4 - Project Completion Date - Approval for Project close | 2023-03-31 | 2023-03-31 | TC signoff of delivery of all services | |
| Gate 4 - Project Close | 2023-04-15 | 2023-04-15 |
Key Accomplishments
- Upgraded the Microsoft Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR) features to use a centralized portal.
- Created a Cloud Migration Checklist for teams to use for migrating their apps to the Cloud.
- Created a Cloud Workload Prioritization framework to establish a priority order for applications moving to the Cloud.
- TC WWW and EGIS are moving into a Production environment, which is a staging environment before going live in the Cloud. The team has done a lot of work to achieve this milestone, including building templates, resolving performance and technical issues, and ensuring the applications will function as desired in the Cloud. These applications are expected to go live in the Cloud in mid-May 2020.
- eBIDA has moved into a Non-Production environment, and eGIS will do the same by the end of April. Both applications will undergo testing and troubleshooting, and then will move into Production environments.
- Created an Application Gateway script that dramatically reduces the amount of time required to create and configure subdomains on the network. As a manual process, creating and configuring subdomains takes about 30 minutes for each one, but with the new script it takes only 2 minutes. The script contains all the accurate settings for the subdomains, which removes any chance of configuration errors, and therefore saves the team potential troubleshooting time. The script is shared in the GCAccelerators github.
- Launched an Education Initiative as a way to create and distribute content to educate other teams in TC about Cloud migration and operations. As one of the first steps in this initiative, an onboarding checklist was created to help teams understand the steps involved in their journey to the Cloud.
- Created an Assessment Scorecard as a way to assess the criticality of moving applications to the Cloud and create a priority order. This scorecard will assist ARB with a technical understanding of the applications in the migration pipeline so they can make a decision about the migration priority order.
- All active TC employees (7,079) have been on-boarded to MS Teams.
- Active Directory Federation Services (ADFS) is now available for Cloud-based applications at TC. ADFS provides users with single sign-on capabilities by establishing a link between TC’s Azure Active Directory and the on-premise Active Directory. This reduces the amount of usernames and passwords required to log on to Cloud-based applications.
- TC has received the Memorandum of Understanding (MoU) from TBS for $1.27M for Cloud Migration activities, and it has been signed by Philippe Johnston (Director General, Digital Services Directorate).
- Deployed 4 production applications in the Cloud (Open Data, Alexa Recalls, TC Search, Navigable Waters Act Registry.)
- Deployed 1 Protected B application in pilot – MISS (Major Investigations Specialists Software).
- 40 application workloads currently in pre-production (development, testing, pilot) in Cloud.
- Completed implementation of security controls required for Protected-B Cloud environment.
- Completed assessment of TC's applications for readiness to be migrated to the Cloud.
- Contracted industry Cloud expertise to assist to create, configure, and train TC FTE staff.
- Established the foundational Cloud environment, Hybrid Cloud Management (HCM), to start accepting workloads.
- As part of Culture change to adopt Cloud, 37 (formal and informal) Training sessions, 11 Technical Talks, 33 Awareness building roadshows, and four TC-wide Cloud engagement sessions have been completed.
- TC is sharing with other GC Agencies and Departments the Azure Network Template Generator via the GitHub repository.
- Adoption of DevOps and modern development methodologies that are enhanced by Cloud services – Working in Agile, Open, Collaboration.
- Dedicated TC Cloud Centre of Excellence (#TC3OE) has been established.
Overview of Transport Canada’s Cloud Centre of Excellence (#TC3OE)
TC3OE is Transport Canada’s Cloud Centre of Excellence. The TC3oE team is enabling the delivery of modern digital solutions by leveraging the Agility, Flexibility, Elasticity, and Disaster Recovery features of Cloud technologies. The team supports and maintains the Cloud foundational infrastructure, and aids designers in the planning, procurement, configuration and integration of Cloud services, so that TC clients can quickly address their rapidly changing business needs.
#TC3OE can be contacted via email at: TC.Cloud-Infonuagique.TC@tc.gc.ca
Here is a photo of our outstanding team!
Challenges: Risks and Issues
Risk: Resourcing is a high risk, since there is a potential of a lack of resources 1) for application developers due to other projects and schedules colliding with major deliverables; 2) in obtaining support resources for the Cloud due to this skill set being in high demand at this time. – Impact: Medium – Probability: High
Mitigation: The team will strive to mitigate this risk through high-level program management and close coordination with Managers and Directors. Support from senior management across various projects will be needed to ensure that initiatives, inter-dependencies and resource conflicts are highlighted. Senior management will also need to get involved to prioritize and resolve conflicts as required.
Risk: Cloud technology is a new paradigm for TC developers, and as well is a fast changing technology environment for support staff, creating a steep learning curve. - Impact: Medium – Probability: Medium
Mitigation: TC management must include Cloud based training for staff in the training plans, as well, staff needs to take advantage of the vendor workshops, demos, and other venues that the Cloud support team has organized.
Risk: Schedule is a low impact risk as there are mitigation plans in place for the currently listed risks (connectivity, resourcing). - Impact: Low – Probability: High
Mitigation: The Project Manager will mitigate the risk by conducting weekly meetings and focus on which deliverables to manage, while at the same time keeping the project end date on track. Mitigation plans are in place for schedule delays due to the current risks. Scheduling challenges are immediately communicated to senior management.
Issue: Need secure Cloud to Ground network connectivity. Resolution Plan: Re-order activities to migrate workloads that have minimum dependency on Network requirements first. Working to ensure TC is on the next wave of SCED planning.
Guidance and Documentation
- Frequently Asked Questions
- GC Cloud Adoption Strategy
- Journey to the Cloud
- TC Cloud Corner
- Azure Network Template Generator on GitHub
Workload Migration Categorizations (Business Applications in Scope)
Data was sourced from the previous Microsoft Assessment.
| Security Classification | No Active Directory Dependency | No Connectivity | Requires Active Directory | Requires Connectivity with EDC | SQL Database | Total |
| Unclassified | 84 | 21 | 40 | 103 | 7 | 124 |
| Protected A | 87 | 9 | 60 | 138 | 5 | 147 |
| Protected B | 46 | 8 | 9 | 47 | 4 | 55 |
| Total | 217 | 38 | 109 | 288 | 16 | 326 |
Application Workload Migration via Agile Sprints
This project is following an iterative Agile process and the first set of applications are being migrated to the Cloud. The apps in progress will continue to be worked on throughout sprint 4.
Activities and Timelines for TC's Cloud Adoption Strategy
