NASA's IT infrastructure requires significant changes to improve security, enable collaboration across centers, and reduce costs. The key initiatives include consolidating networks, applications, and data centers; establishing governance and financial controls; and defining core IT services delivered by the CIO. This transformation will improve integration and security while achieving efficiencies to better support NASA's mission.

1. Improving Information Technology
Management at NASA
Project Manage Challenge 2008
Mike Bolger
NASA Deputy CIO

2. NASA’s IT Environment
Users NASA IT Workforce
• 18,000 Employees • 667 FTE, 2,386 WYE managed by CIOs
• 44,000 Contractors • 1,167 C.S. positions w/ IT as primary competency
Spending Networks
• $2 B annually • 3 Wide Area Networks, 6 million IP addresses
Systems/Applications • >80 connections to Internet Service Providers
• > 2,500 Applications • >200 connections to universities and partners
• NOMAD Email: 38K accounts
•530K/day messages delivered
Devices and Data Centers
• >80,000 Desktops/Laptops
Websites • >15K servers in at least 34 data centers
• >8,000 websites
• ~4K public & ~4K internal
Feb 26-27 PM Challenge 2008 2

3. Issues / Challenges
- NASA’s current IT infrastructure allows for
significant security vulnerabilities
- This infrastructure inhibits cross-center
collaboration
- There is significant proliferation of tools and a lack of
standards to enable integration
- There is a lack visibility into NASA’s IT
investments, and there are inadequate
controls on IT spending
- There is inconsistent understanding of how IT is
managed at NASA
Feb 26-27 PM Challenge 2008 3

4. Four Key Principles for IT at NASA
• IT at NASA serves to enable NASA’s mission
– IT must understand what is needed to enable the mission
– We buy before we build whenever possible
• We will implement information technology that enables the
integration of business (mission) processes and information
across organizational boundaries
– IT serves to bind Centers together not keep them apart
– NASA trusts NASA
• We will implement information technology to achieve
efficiencies and insure that our IT is efficiently implemented
– IT investments are business case driven
– All IT decisions are not made at the most granular level
• We will implement secure IT solutions
– Security is designed into our IT solutions
– We will understand the risks we are buying down through IT security
Feb 26-27 PM Challenge 2008 4

5. Key Change Initiatives
Overall – Reaffirm and clarify
the role of the CIO as stated in
NPD 1000.3 and define core Finance – Increase
Organization - Realign IT services that shall be visibility into IT
NASA IT organization to delivered by the CIO budgeting and
reflect the role of the CIO spending through
and better connect the CIO Financial management controls
Organization
Management
with customers and fund base IT
services through a
Governance
combination of
Application & Tools Application Corporate and CM&O
Portfolio
Assign ownership of Management Infrastructure
application portfolios and
create a CIO-facilitated Infrastructure –
process to drive application Governance – Create Improve integration,
standardization and governance structure and security, and efficiency
efficiencies processes to engage key by consolidating
stakeholders, inform IT infrastructure and
investment decisions, and management control
apply project management
discipline to IT projects
Feb 26-27 PM Challenge 2008 5

6. Role of the CIO in Managing IT
The CIO is responsible for all aspects of the IT
The CIO has overarching infrastructure in which those applications
The Centers, Mission responsibility for ensuring reside.
Directorates, and Mission Support alignment of those
Offices have responsibility for the applications with NASA
applications. Enterprise Architecture and
standards.
NPR 2800
NPR 7120.5 NPR 7120.7 Governance & Enterprise IT Security
Compliance
Highly Science and Project Business Infrastructure Policy Architecture
Specialized Engineering Management Management Applications
Applications Applications Applications
Examples:
Avionics Relationship Resource Innovation
software Alignment Management Management Management
Real-time
Control Infrastructure Services
Systems
Onboard
Processors Service Project
End User Communications Data Center Service Delivery Performance
Deep Space Mgmt. & Management
Management
Network Delivery (Ops) (Development)
IT Portfolios CIO Core Functions
IT that is an embedded component of a flight system, experiment,
simulator, ground support environment, or mission control center.
Does not necessarily include the IT infrastructure that supports
those embedded components.
Feb 26-27 PM Challenge 2008 6

7. NASA IT Governance Structure
• IT Strategy and Investment Board Agency
(SIB) OMC
– Senior level stakeholders from Mission
Directorates, Mission Support, and Centers
– Decisions regarding IT Investments
(prioritization and selection), Enterprise IT Strategy &
Architecture, and NASA-wide IT
Investment
policies/processes.
Board
• IT Program Management Board
(PMB)
IT Project
– Decisions regarding application and ITIT Operations
Management
Management Board
infrastructure projects to ensure that Board
Board
investments approved by the IT strategy
and Investment board stay on track during
design and implementation.
• IT Management Board (ITMB) IT
– Decisions regarding operational Processes
performance and issues
Feb 26-27 PM Challenge 2008 7

8. 7120.7 Project Lifecycle
Governance SIB PMB ITMB
Feb 26-27 PM Challenge 2008 8

9. Infrastructure Management
Consolidate, integrate and secure the NASA infrastructure
• Consolidate management of NASA’s networks and security infrastructure
(WAN, Center LANs, firewalls) and provide as an integrated, end-to-end
service
– Create a common log in and user authentication experience for users across the NASA
enterprise. (HSPD-12)
• Consolidate Data Centers
• Standardize desktop, laptops, and other user devices
• Consolidate Infrastructure applications such as:
– Email (already in work)
– Portal Applications and web sites
– Collaboration software
Feb 26-27 PM Challenge 2008 9

10. Information Technology (IT) Priorities
n
y cy tio
urit ien gra
c
Sec Effi Inte
Priorities
Integrate & Secure Define network perimeter and consolidate network
Networks management
H M M
Standardize &
Standardize and secure end-user devices through
Secure End-User
consolidated management
H M M
Devices
Consolidate Security
Establish Agency network visibility of IT assets and
Ops and Incident
consolidate Agency security monitoring and mgmt
H M L
Response
Utilize a portfolio management approach to gather the
Consolidation of
applications baseline and identify opportunities for L H M
Applications
consolidation
Consolidation of Migrate systems to approprately managed and secure data H M M
Data Centers centers
Strong
Enable cross-Center collaboration and strengthen user H L H
Authentication for
authorization
NASA systems
Feb 26-27 PM Challenge 2008 10

11. Communications Consolidation
Current State Planned Future State
Networks managed as Network managed as single
independent services enterprise service
Feb 26-27 PM Challenge 2008 11

12. Portfolio Management Strategy
Current State Near Term Steady State
Sci. and Eng. Project Mgmt. Sci. and Eng. Project Mgmt.
Applications Applications Applications Applications
Business
Standards
OCE/MD OCE/MD OCE/MD OCE/MD
Architecture
Business Infrastructure Business Infrastructure
Applications Applications Applications Applications
Performance
Goals
MSO CIO MSO CIO
• Over 2500 applications listed in • Establish robust governance, • Recurring, lifecycle approach.
HSPD-12 repository. portfolio process and stewardship
of portfolios. • All application demand captured,
• High-level analysis indicates and managed throughout the
substantial redundancy. • Create complete Agency-wide “Execution Year”.
Investment
inventory of all application assets. Planning
• Application integration not • CIO responsible for performance
architected at the enterprise level • Develop architectural strategy for goals and EA compliance. Portfolio
and primarily point to point. applications integration. owners set business standards.
Feb 26-27 PM Challenge 2008 12

13. Financial Strategy
Funding Source IT Portfolio Visibility
Relationship
MD Apps: Program Direct Management Insight
Applications CIO Acquisition Oversight
MSO Apps: Corporate or CMO
Implement Contract Cost Reporting
Infrastructure
Applications
Infrastructure Services
Base: Corporate or CMO End User CIO Managed Contracts
Over Base: Program Direct Implement Contract Cost Reporting
Communications
Data Center
Status Quo Highly Specialized Status Quo
Feb 26-27 PM Challenge 2008 13

14. Funding Agencywide Infrastructure Services
Data Center
End User Services
Communications
WEB Services
IT Security
Agency Applications
Baseline
Services
Levels
Vulnerability
Mgmt
Desktop Patch Mgmt
Phone Authorization
Content,
WAN Authentication IEMP, NDC
LAN eMail Situational etc Delivery,
Etc. Etc. Awareness Portal
Demand above
Baseline Service
Level
Customer Funded – Charge Back
Feb 26-27 PM Challenge 2008 14

15. Summary
• A significant transformation of NASA’s IT management and
infrastructure is required in order to better enable NASA’s
mission by integrating people, processes, and information
– The “10 healthy Centers” model requires maximum collaboration
across organizations to achieve the mission
• These changes are also required to improve security and can
achieve significant efficiencies
• NASA must recognize the fundamental relationship that exists
between IT and mission success and therefore manage IT
strategically
• This type of transformation will be difficult and require time but
must begin now
• Continued strong executive buy-in and sponsorship are critical to
success
Feb 26-27 PM Challenge 2008 15