session # 46 federal student aid technical architecture initiatives sandy england
Post on 19-Dec-2015
216 views
TRANSCRIPT
2
Objective - Key Target State Vision Enablers
• Integrated Technical Architecture• Federal Student Aid Enterprise Portal• Enterprise Service Bus (ESB)• Security Architecture (SA)• Federal Student Aid Gateway
3
Target State Vision
IntegratedTechnical Architecture
Target State Vision
Customers &Partners
Integrated Technical Architecture
Portal / Gateway / Call Center
Students, Borrowers, Applicants
Schools
Financial Partners
Department of Education
Federal Agencies
State Agencies
Service Providers
Security Architecture
Security Architecture
Security Architecture
Enterprise Service Bus
Enterprise Service Bus
Enterprise AccessManagem
ent
Integrated Partner Managem
ent
ADvance
Comm
on Services for Borrow
ers
Campus Based
Financial Management
System
Enterprise Information
System
Enterprise Applications
4
TSV Architecture Overview• Integrated Technical Architecture, Portal, ESB, Security Architecture,
Gateway and internal applications are integrated within the enterprise target state vision
5
Key Target State Vision Enablers
• Integrated Technical Architecture• Federal Student Aid Enterprise Portal• Enterprise Service Bus (ESB)• Security Architecture (SA)• Federal Student Aid Gateway
6
What is Integrated Technical Architecture?
• Common, shared, proven architecture using standardized tools, technology, and technical support services
• An effective technical architecture supports a business’ ability to deliver sufficient resources to users
• Provides strategic and economic benefits
Improved Access
Standardized Methods Product Specialist SupportStandardized Technology• Standardized configuration
of hardware and software platforms
• Standardized messaging technology to support communications across varying hardware platforms, projects and locations
• Methods, standards, policies, and directives for maintaining an integrated environment
• Structured approach to evaluate/implement changes into the environment and support problem resolution
• Highly trained staff to manage resources and provide services
• Manage daily operations, controlled development environment, maintain software, and plan for future requirements
7
Integrated Technical Architecture Benefits
• Leverage current investments and assets - – Provides simplified, secure, and integrated access to Federal Student Aid
services and resources– Facilitates an enterprise-wide perspective to planning, developing, and
delivering IT application systems and services
• Significant cost savings -– Reduces hardware, software licensing, and support costs– Ability to share highly skilled product specialists among multiple teams
• Improved application performance - – Architecture can be easily scaled to meet capacity and performance
requirements
• Increase productivity and efficiency - – Applications get “faster and smarter” by implementing best practices,
common services, and lessons learned from previous projects
8
Integrated Technical Architecture
Supporting Technologies
Application Layer
Public/Private Data Networks
Students Schools Financial Partners Vendors Federal Student Aid Others
Firewall
Oracle Web Servers
Load Balancer
Cisco ACE
Application Servers
Data MartsSearch Engine
Web Content Management
TeamSite, Portal WCM
IBM Internet HTTP (IHS)
IBM WebSphere (WAS)
Microstrategy, WebFocus
ETL
Informatica
Portal Servers
IBM WebSphere Portal
Customer Relationship Management
Siebel Application
9
Product Selection ApproachResearch best practices and market research to
determine industry leaders of products
Research best practices and market research to
determine industry leaders of products
Investigate high-level functional and technical capabilities of
each product to create a short list of vendors to evaluate
Investigate high-level functional and technical capabilities of
each product to create a short list of vendors to evaluate
Create extensive set of criteria to evaluate the
short list
Create extensive set of criteria to evaluate the
short list
Schedule technical briefings with each
shortlist vendor
Schedule technical briefings with each
shortlist vendor
Evaluate technical capabilities of the products and ability to meet the evaluation
criteria
Evaluate technical capabilities of the products and ability to meet the evaluation
criteria
Interview/talk with current customers that are using
products to assess support quality, etc.
Interview/talk with current customers that are using
products to assess support quality, etc.
Conduct Technical Proofs of Concept to determine if products are technically compatible with existing architecture and meet
requirements
Conduct Technical Proofs of Concept to determine if products are technically compatible with existing architecture and meet
requirements
Determine business and technical architecture
requirements
Determine business and technical architecture
requirements
Determine which products best fit by evaluating their ability to meet the detailed evaluation
criteria and understanding their key differentiators
Determine which products best fit by evaluating their ability to meet the detailed evaluation
criteria and understanding their key differentiators
Provide product recommendation based on
product’s ability to meet the key selection criteria.
10
Key Target State Vision Enablers
• Integrated Technical Architecture
• Federal Student Aid Enterprise Portal
• Enterprise Service Bus (ESB)• Security Architecture (SA)• Federal Student Aid Gateway
11
What is a Portal?• An integrated and personalized access point to information, applications, and
services• Provides a single, secure, simplified, and personalized access point to business
information• Delivers integrated content and applications, within a unified, collaborative
workplace
Improved Access
Integration InteractionImproved Access• Simplified and standardized
look and feel• Customized information &
services to meet users needs• Access content from multiple
sources• Secure Information
• Expand portfolio of online transactions
• Increase self-services & user self-sufficiency
• Analyze "merged" information
• Improved internal use of information
• Secure data sharing with external organizations.
12
Portal Benefits
• Leverage current investments and assets
• Increase productivity and efficiency
• Improve decision-making
• Strengthen constituent goodwill and trust
• Improved customer service and cost savings
• Standard look and feel
13
Portal Framework
Web/Intranet/Telephony
Enterprise Service Bus (ESB)
OthersStudents Schools Financial Partners Vendors FSA
Portal(s)
Security Architecture
Presentation Layer: Provides user interface for access channels, such as Web and Telephony
Services Layer
Integration Layer: Provides connectivity to enterprise information sources and services
Administration & Security
Task Mgmt. & WorkflowPersonalization Search & Categorize Collaboration & Communication
Enterprise Business System(s)
Business Information and System Services
Structured & Unstructured Data
External Data Feeds
Content Management
Framework provides a taxonomy for describing portal capabilities
14
Key Target State Vision Enable
• Integrated Technical Architecture• Federal Student Aid Enterprise Portal
• Enterprise Service Bus (ESB)• Security Architecture (SA)• Federal Student Aid Gateway
15
What is a Enterprise Service Bus?• Architecture and an infrastructure that unifies and connects services,
applications, and resources within a business • Provides the open, standards-based connectivity infrastructure for a service
oriented architecture (SOA)• Provides communication between systems through shared services
Improved Access
SOA Enabler IntegrationIT Benefits
• Quickly respond to changing business needs
• Leverage existing assets in new ways
• Reduce software development and maintenance cost
• Improve system security, scalability, availability and robustness
• Promotes reuse• Foster
interoperability• Supports
incremental implementation
• Standardize interfaces
• Integrate with all new and existing applications
• Leverages existing Security Architecture
16
Enterprise Service Bus Benefits• Provides the following Web services mediation
capabilities -– Centrally apply security (encryption, authentication, & authorization) by
leveraging Security Architecture
– Audit service requests/replies
– Data transformation
– Dynamic routing
• Invoke and reuse shared services across the enterprise -– Business logic is accessible at an enterprise level, rather than just the
application level
• Choreograph business flows across the enterprise
• Standards-based - vendor neutral
17
Current State EAI
EAI Infrastructure
Enterprise Application Integration (EAI)
COD
DataMartPEPS
eCBeMPNSAIG
FMS
CPSDLSS/CSB
NSLDS
eZ-Audit
Messages/Files Messages/FilesMessages/Files
Messages/Files Messages/FilesMessages/Files Messages/Files
Messages/Files Messages/FilesMessages/Files
Messages/Files
FTP HTTP HTTP
HTTP
Current State Applications
FAFSA
Messages/Files
HTTP
Public/Private Data Networks
Students Schools Financial Partners Vendors Federal Student AidGov’t Agency Others EAI Core Capabilities -– Assured Message Delivery– Location Transparency– Platform Independence– Protocol Independence– Single Multi-platform API– Data Transformation– Context-based Routing – Publish-Subscribe– High-speed Bulk Transfers
(> 100 MB)
18
Transition State ESB
ESB Infrastructure
Enterprise Application Integration (EAI)
COD
DataMartPEPS
eCBeMPNSAIG
FMS
CPSDLSS/CSB
NSLDS
eZ-Audit
Messages/Files Messages/FilesMessages/Files
Messages/Files Messages/FilesMessages/Files Messages/Files
Messages/Files Messages/FilesMessages/Files
Messages/Files
FTP HTTP HTTP
HTTP
Current State Applications Target State Applications
FAFSA
Messages/Files
HTTP
Security Architecture
Enterprise Service Bus (ESB)
ADvanceIPM CSB FMS
Service
Other IF/SAHM
GatewayPortal
Security Architecture
TBDHTTP
TBDHTTP
Service
ServiceServiceServiceService
Service
Service
Public/Private Data Networks
Students Schools Financial Partners Vendors Federal Student Aid Gov’t Agency Others
ESB/EAI Bridge
19
Target State ESB
Target State Applications
Security Architecture
Enterprise Service Bus (ESB)
ADvanceIPM CSB FMS
Service
Other IF/SAHM
GatewayPortal
Security Architecture
TBDHTTP
TBDHTTP
Service
ServiceServiceServiceService
Service
Service
Public/Private Data Networks
Students Schools Financial Partners Vendors Federal Student AidGov’t Agency Others ESB Technologies
Metastorm Data
Integrator
IBM WebSphere DataPower
IBM WebSphere
Process Server
IBM WSRR
IBM WebSphere
MQ
IBM WebSphere
Message Broker
20
Key Target State Vision Enablers
• Integrated Technical Architecture• Federal Student Aid Enterprise Portal• Enterprise Service Bus (ESB)
• Security Architecture (SA)• Federal Student Aid Gateway
21
What is Security Architecture?• Provides a single, integrated authentication, and authorization framework• Enables consistent Authentication, Authorization, and Accountability
– Authentication: Who are you?– Authorization: What are you allowed to do?– Accountability: What did you do?
Improved Access
Services Enterprise Security Management
Consistent Security •Decrease security risks•Improves maintainability of systems•Offloads “ADHOC” application security from application teams
–Single sign-on for web applications
–Simplified registration/approval processing
–Delegated administration
–Consolidated security views and reporting
–Flexibility to accommodate new or redeployed systems
–Lowers security development and operational costs
22
Security Architecture Benefits• Provides consistent security services & configurations
across Federal Student Aid systems -– Decrease security risks– Improves maintainability of systems– Offloads ad-hoc application security from application teams
• Gives better service to our customers/partners -– Simplified sign-on for web applications– Simplified registration/approval processing– Delegated administration
• Promote enterprise security management -– Consolidated security views and reporting– Flexibility to accommodate new or redeployed systems– Lowers security development and operational costs
23
Security Architecture
Manages trading partnereligibility, enrollment,
and oversight
School Users
School Servicers
Lenders
Guaranty Agencies
Collection Agencies
State & Federal Agencies
Accrediting Agencies
Auditors
Other Users
FSA and Trading Partners
Integrated Partner
Management
FSA Security Architecture
FSA Target State Vision
Systems
Enrollment Identity Management
Access Management
access management tools, identity management tools, enterprise policy
repositories, enterprise user repositories, and other related security components
FSA Users
Audit
Access
1 2
4
3
System Response
24
Target State Security Architecture
Public/Private Data Networks
Students Schools Financial Partners Vendors Federal Student Aid Others
Protocol FirewallFSA
Enterprise Bounary
Domain Firewall
Demilitarized Zone
Reverse Proxy
Tivoli Access Manager WebSEAL
Enterprise Zone
Tivoli Access Manager Servers
TAM Policy Server
TAM Authorization Server
User Registry
TIM Server
SA RCSTIM UserRegistry
Portal Application Server(s)
Portal Server(s)
Service Portlets AuthorizationDatabase
IPM Application Servers
Federal Student Aid Applications
COD FMS NSLDS Other
Roles Wizard
IPM DBApproval Workflow
Tivoli Directory Server
Authorization Database
25
Key Target State Vision Enablers
• Integrated Technical Architecture• Federal Student Aid Enterprise Portal• Enterprise Service Bus (ESB)• Security Architecture (SA)
• Federal Student Aid Gateway
26
What is Gateway?• It is part of an organization's technical architecture that facilitates the
communication between internal applications and external systems• Provides separation and security between the outside world and an internal
network • Acts as a proxy to broker requests between external partners and Federal Student
Aid systems
Improved Access
Customer Benefits IT ConsiderationsBusiness Objectives• Simplifies trading
partner data exchange
• Enables right-time data exchange
• Reduces the number of different data exchange formats
• Reduces effort required for integration within FSA
• Supports a wide range of transport protocols and industry data formats
• Improves visibility of transaction workflows with external partners
• Web services will be used to facilitate data exchange
• Standardizes external exchange of data through a single, virtual, secure gateway
• Enables access to key business services for the external community
• Right-time exchange of data with trading partners
27
Gateway Benefits• Creates an enterprise view of external interface
information exchanged with Federal Student Aid
• Enables centralized management of external interfaces
• Provides the capability for an external partner to upload and download files
• Provides a layer of security between Federal Student Aid and external partners
• Creates well defined procedures for integrating with Federal Student Aid services
• Validates and enforces the use of a standard data schema between systems and enables data consistency throughout data exchange process
28
Current State
EAI FSA Systems (NSLDS, COD,
CBS, etc…)
Gateway(SAIG)
Some External Partners
School
Guaranty Agency, etc
Lender
Federal Student Aid
Other External Partners
Federal Agency
Guaranty Agency, etc.
State Agency
FTP / VPN
Tape
Sends and receives batch files via Student Aid Internet Gateway (SAIG)
Sends and receives data via other communication channels, e.g. FTP, Computer Tape
• Multiple communication channels and entry points into Federal Student Aid are not centrally tracked or managed
• No real-time data interchanges• Security architecture is not being leveraged
29
Target State Gateway Solution
ApplicationsGateway Communication Layer
Enterprise Service Bus (ESB)
Shared Service
Shared Service
External Partners
School
Guaranty Agency
Lender
External Service Providers
IRS, SSA, etc...
Other
Federal Student Aid
WS
Inte
rface
Ser
vice
WS
Inte
rface
Ser
vice
Security Architecture
External partners can send batch and real-time data transmissions.
External partners can invoke exposed Federal Student Aid shared services via the gateway.
Internal Federal Student Aid applications and services can invoke external web services via the gateway.
TSV Gateway solution will be a single communication channel between Federal Student Aid, external partners and external service providers
31
Contact Information
I appreciate your feedback and comments. I can be reached at:
• Name:Sandy England• Phone:202-377-3537• Email:[email protected]