Wais high level overview


Published on

Application designed and implemented by Abdul Jaludi at Citigroup, chosen as the global tool for emergency access to production for Unix and Mainframe systems by the Global Security Standards committee.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Welcome
    Thanks for opportunity to speak about WAIS
    Introduction – a bit about the ESM group’s roles and responsibilities and presenter’s place in it.
    Tell the audience what you are going to tell them, and what they should come away with.
    Encourage (or discourage) questions during the presentation, depending upon how slowly (or quickly) it needs to go.
  • The Web Automation Information System (WAIS) is a secure (SiteMinder/SSO (AAA)) Web/HTML-based application supported by CTI Enterprise Systems Management and utilized by CTI Global Operations.
    This application and its supporting infrastructure are deployed to facilitate frequently-prescribed and otherwise time-consuming Mainframe Operation requests via an access-controlled self-service mechanism.
    Basic “device reset” (i.e. printer and terminal acquisition, release, and/or reset); “system development” (batch/task management); and emergency ID/access request and approval functions are supported via a straightforward web interface.
    Status information concerning these functional elements is also made readily available.
  • Intuitive GUI – Convenient interface menu widgets, logical layout, screen depth, familiar nomenclature, etcetera.
    Quick Search – Mainframe request number search. Linkages to VR(?), etcetera.
    On-line Help – Links to Mainframe User Guide; SoftToken Request Process documents; UIDMS (User ID Management System) URL; UIDMS Help.
    Support Links -- APPC Customer Service Group (for server related issues, give examples, describe group affiliation and location, hours of ops); Workflow Automation Team (for application related issues, ditto); Global WAIS Support Team (for SoftToken related issues, ditto).
  • Reset VPS Printer – Virtual Private Server printer assigned in a mainframe logical partition (LPAR).
    Acquire CICS Printer – Customer Information Control System printer associated with a mainframe transaction server.
    Release CICS Printer -- Customer Information Control System printer associated with a mainframe transaction server.
    Recycle JES2 Printer – Job Entry Subsystem 2 printer associated with mainframe batch/task processing.
    Reset Mainframe SNA Terminal – IBM Systems Network Architecture terminal used for mainframe connectivity/access.
  • Cancel TSO UserID on Specific System – TSO - Time Sharing Option is an interactive command line interpreter for IBM mainframe operating systems MVS, OS/390 and z/OS.
    Cancel Development Batch Job -- Batch job and CICS/MPM task management.
    Shutdown CICS or MPM Task -- CICS = Customer Information Control System transaction server. MPM = Multi Processing Monitor – Oracle address space running to support an Oracle database instance.
    Start CICS or MPM Task – (see above)
    Recycle CICS or MPM Task – (see above)
  • Release Held Scheduled Job TWS – Workstation ID specific function. TWS = IBM Tivoli Workload Scheduler – A load leveler for matching job requirements with the best available mainframe computer resource for execution.
    Request Defined One-Time Job – Simply requests execution of a pre-defined job.
  • 12,000 requests per month Unix token
    4,000 requests per month Mainframe
    1,000 requests per month Windows
  • Logs – each action is logged
    Individual status –Status information concerning these release operations is also made readily available. An access token contains the security information for a login session and identifies the user, the user's groups, and the user's privileges.
  • Wais high level overview

    1. 1. Citi Technology Infrastructure – Internal Web Automation Information System (WAIS)
    2. 2. 2WAIS Overview– June 10– Version] 1 Contents Overview Homepage Controls WAIS Functionality – Device reset – System Development – User scheduling – Emergency ID release – Reporting Appendix / Contact Information
    3. 3. 3WAIS Overview– June 10– Version] 1 Overview Web Automated Information System (WAIS) o Web-based self service portal accessed via Single Sign-on o Empowers users to drive automation towards end goal o Innovative technology – real time communication: MF/VT/OA/VC Self-Service for any repeatable tasks • Frequently Prescribed Mainframe Operations Requests • Printer/Terminal; Batch/Task; and ID/Access Management • Production and UAT/Development Environment Support • Secure Authentication, Authorization, and Accounting
    4. 4. • Intuitive GUI • Quick Search • On-line Help • Support Links WAIS – Home Page
    5. 5. 5WAIS Overview– June 10– Version] 1 WAIS – Controls • Access Control Security via Single-Sign-On Authentication • Controlled Authorization via Managed WAIS User Profiles – Access limited to specific profile • WAIS Functional profile Pre-Approval – Manager approval – Command Center or Client manager approval • Usage Accounting for Reporting and Audit Compliance
    6. 6. 6WAIS Overview– June 10– Version] 1 Device Reset • Reset VPS Printer • Acquire CICS Printer • Release CICS Printer • Recycle JES2 Printer • Reset Mainframe SNA Terminal Can be expanded to include any device managed via automation
    7. 7. 7WAIS Overview– June 10– Version] 1 System Development • Cancel TSO UserID on specific system • Cancel user development batch job • Shutdown, Start or Recycle • CICS or MPM task • Websphere app • User specific app Since WAIS interfaces with Automation on the Mainframe, complex commands can be grouped and executed with one mouse click
    8. 8. 8WAIS Overview– June 10– Version] 1 User Scheduling • Release held scheduled job TWS • Request defined one-time job or application • Trigger multi job applications • Release end of day or start of day user dependant processing
    9. 9. 9WAIS Overview– June 10– Version] 1 • Eight functional ids released in 4 hour increments • Labor intensive process for UAT support staff: – Track assigned ids – Revoke access at usage threshold – Un-suspend next available PQA id. – Notify developer Any repeatable complex process can be automated! Production Quality Assurance (PQA) ID Automation
    10. 10. 10WAIS Overview– June 10– Version] 1 • Global tool: Unix token request – SCSU, Powerbroker • Global tool: Windows token request - Daphne • Mainframe emergency id request – TSS, RACF – Labor intensive repeatable process – Difficult to manage, audit and control – Delays support staff trying to address production impacts – Not compliant with CISSP policy Functional / Emergency ID Release
    11. 11. 11WAIS Overview– June 10– Version] 1 Functional / Emergency ID Release
    12. 12. 12WAIS Overview– June 10– Version] 1 Reporting • Detailed logs for each request • Individual request status • Administrative level reporting • Read only access for report generation