Overcoming Obstacles: Implementing Search in an Era of Strong Cybersecurity and Federal Data Center Consolidation - Phyllis Kolmus, AT&T under contract to Office of the Secretary of Defense (OSD)
Similar to Overcoming Obstacles: Implementing Search in an Era of Strong Cybersecurity and Federal Data Center Consolidation - Phyllis Kolmus, AT&T under contract to Office of the Secretary of Defense (OSD)
Similar to Overcoming Obstacles: Implementing Search in an Era of Strong Cybersecurity and Federal Data Center Consolidation - Phyllis Kolmus, AT&T under contract to Office of the Secretary of Defense (OSD) (20)
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Overcoming Obstacles: Implementing Search in an Era of Strong Cybersecurity and Federal Data Center Consolidation - Phyllis Kolmus, AT&T under contract to Office of the Secretary of Defense (OSD)
1. Overcoming Obstacles:
Implementing Search in a
Government (DoD)/ Enterprise
Environment
Phyllis Kolmus
Deputy Group Director, OSD Programs, AT&T
@phylliskolmus
#Activate18 #ActivateSearch
DISCLAIMER: Views expressed in this presentation are those of the speaker
2. Agenda
Some days it felt like waking up in a fairy tale…
• Purchasing:
Contracting Office…
WHAT BIG I’s YOU HAVE!
• Implementing:
Joint Service Provider…
WHAT BIG EARS YOU HAVE
• The Evolving Environment:
Surprises from the Enterprise…
WHAT BIG TEETH YOU HAVE!
3. OSD/CAPE: Who are they?
Cost Assessment and Program Evaluation
• What do they do?
Collect and Analyze Future Year Budget and Cost Data
• How do they do that?
Analyze and Evaluate Weapons Systems, Forces, and
other Military Programs
• What are their tools?
• Data collected yearly from military services and DoD agencies
• Knowledge of military systems and economics (lots of PhDs)
• 20M Document Archive of Studies and Analysis
4. Agendas – Everyone Had One
• Little Red Riding Hood’s (OSD/CAPE’s) Agenda :
Replace the on-premises Google Search Appliance with Enterprise class search
so Cost Analysts can unearth wisdom in the CAPE Studies Archive and provide
world-class analysis to DoD Decision Makers
• The Wolf’s (Enterprise) Agenda:
Consolidate Federal Data Centers and Provide
world-class cyber security to protect government systems
and data assets
• The Guardians’ (Contracting Office) Agenda:
Ensure best value and fair pricing as stewards of
the American Taxpayers’ dollars
• The Hunter’s (LucidWorks) Agenda:
Sell to the Federal government and create a
profitable business model
5. Purchasing LucidWorks Fusion:
Contracting Office…WHAT BIG I’s YOU HAVE!
• The Standard Model Familiar to Contracting
Offices
• Purchase Product
• Purchase Maintenance & Support
• Life Cycle Replacement
• Pricing basis: Number of documents or users
• LucidWorks Business Model
• Subscription Model with multi-year discount
• Pricing by CPU cores
The Contracting Office required OSD/CAPE to dot I’s and cross T’s to explain and justify
a business model they were not prepared for...A purchase with 3 years of maintenance
was usual, but a 3-year subscription was something new and different.
6. Implementing: Joint Service Provider…
WHAT BIG EARS YOU HAVE!
• Consolidating Federal Data Centers puts network resources under the
control of service providers who are far away from user community
requirements.
Local system administrators have issues
gaining access to the resources they
need to implement last mile security
Despite CAPE following Enterprise guidance
for defining security groups using ADFS, the
Search Administrator could not gain access
to authenticate users and read their
permissions to do the security trimming in
Fusion. We ended up using IIS to validate the
user's identity and passing the credentials to
Fusion.
Being prepared with an alternate implementation strategy saved the day
7. The Evolving Environment: Surprises from the
Enterprise…WHAT BIG TEETH YOU HAVE!
• In a centralized environment, enterprise level requirements impact a large user
community.
• Enterprise Management performance indicators
do not appear to include consultation and
communication with user community.
• The Enterprise disabled aging security protocol
SMBv1 (A GOOD THING!) with no consultation
or warning (NOT SUCH A GOOD THING!).
Fusion depended on it. LucidWorks had
to provide new connectors that worked with v2
and v3. The six-week delay put CAPE into the
budget formulation POND (Period of No
Deployments), causing a significant
delay in fielding the new search capability to
production.
The gains from centralization will only be fully realized when consultation and
communication with the user community is given its due.
You will learn how CAPE overcame obstacles for(1) purchasing LucidWorks Fusion(2) accessing network resources for access control after Enterprise reorganization of network domains and restricted permissions under data center consolidation (3) dealing with Enterprise policy changes and patches that disable COTS software features
-- Procurement. Industry business models can change on a dime, but government procurement is a big ship to turn for course correction. In recent years, the license + life cycle replacement model changed to a subscription model. CAPE ran into an obstacle with Contracting Officers and Specialists neither aware of nor prepared for that change. -- Access Control. In the days before Federal Data Center Consolidation and the rise of Enterprise Service Providers, it was a straightforward matter to gain access across the network to authenticate users, determine their access rights, and match those up to permissions. As the Enterprise establishes its dominion to meet compliance regulations, the design of network domains can introduce obstacles to accessing resources needed for security trimming and access control.-- Connecting the Dots with Enterprise. In golf, if your shot is in danger of hitting another group you yell "fore!" Centralization and de-centralization of computing resources have their pros and cons. In a centralized model, enterprise level requirements impact a large user community. Sudden obstacles can jump out unannounced when new policies and patches are pushed out (with or without fair warning).
Several phone calls Industry Agility vs. Ability to Evaluate… Additional documentation