ENTERPRISE DATA CENTER BUSINESS OBJECTS XI RULES OF ENGAGEMENT

Transcription

1 BUSINESS OBJECTS I RULES OF ENGAGEMENT Version 1.2 Date: 5/15/2014 SECURITY WARNING The information contained herein is proprietary to the Commonwealth of Pennsylvania and must not be disclosed to un-authorized personnel. The recipient of this document, by its retention and use, agrees to protect the information contained herein. Readers are advised that this document may be subject to the terms of a non-disclosure agreement. DO NOT DISCLOSE ANY OF THIS INFORMATION WITHOUT OBTAINING PERMISSION FROM THE MANAGEMENT RESPONSIBLE FOR THIS DOCUMENT. EDC BUSINESS OBJECTS I RULES OF ENGAGEMENT PAGE 1 OF 10

2 Version History Date Version Modified By / Approved By Section(s) Comment 04/28/ Wes Hammond C. Reber All Initial Version 11/16/ C. Reber All Change ESF to EDC. Change SC to ESR. 05/15/ C. reber Cover page Update cover page to OA standard.. EDC BUSINESS OBJECTS I RULES OF ENGAGEMENT PAGE 2 OF 10

3 Table of Contents 1 EDC OVERVIEW & EDC INFRASTRUCTURE EDC OVERVIEW EDC Engagement Process EDC Deployment Process Commonwealth Application Certification and Accreditation (CA 2 ) EDC INFRASTRUCTURE External DMZ Security Zone Internal Services Security Zone Internal DMZ Security Zone BUSINESS OBJECTS I IMPLEMENTATION BOE I PURPOSE / OVERVIEW ASSUMPTIONS SCHEMATIC DIAGRAM PREREQUISITES IMPLEMENTATION DETAILS BOE I RULES OF ENGAGEMENT RULES OF ENGAGEMENT OVERVIEW NAMING CONVENTIONS SERVICES Automatic Software Installation ROLES AND RESPONSIBILITIES MONITORING BACKUP AND RECOVERY CHANGE MANAGEMENT SECURITY Administrative Access Remote Access Physical Access MAINTENANCE APPENDI A - RESOURCES AND REFERENCES EDC BUSINESS OBJECTS I RULES OF ENGAGEMENT PAGE 3 OF 10

4 1 EDC Overview & EDC Infrastructure This section contains standard information that is included in all ROE documents. 1.1 EDC OVERVIEW The Commonwealth of Pennsylvania s Enterprise Data Center (EDC) provides hosting services for agency web-based and agency specific applications. Its mission is to maintain a high level of security, availability, reliability, and management of the Commonwealth of Pennsylvania's mission critical web applications. Refer to the Enterprise Data Center website, for a full description of the EDC and all hosting and service offerings EDC Engagement Process If your agency is considering deploying applications in the EDC, first examine the EDC website to understand the EDC Services Portfolio, and then contact your Enterprise Services Representative who acts as a liaison between agencies and the EDC. They answer preliminary questions and coordinate meetings with EDC personnel to ensure consistent communication on simple or complex projects EDC Deployment Process The EDC follows a well-defined deployment process for all application deployments. Application development is performed at the agency or contractor location while the EDC houses both a staging and a production environment, which are mirror images of each other. This structured deployment and testing process ensures a stable application in production. Refer to Deploying in Managed Services to review MS deployment process documents Refer to Deploying in Managed Services Lite to review MSL deployment process documents Commonwealth Application Certification and Accreditation (CA 2 ) Prior to entering the EDC every new application is required to undergo a security assessment. It is the responsibility of each agency to ensure that the security assessment is completed for their application. Refer to Commonwealth Policy ITB-SEC005 regarding "Commonwealth Application Certification and Accreditation" Click to initiate the Commonwealth Application Certification and Accreditation (CA 2 ) Process. EDC BUSINESS OBJECTS I RULES OF ENGAGEMENT PAGE 4 OF 10

5 1.2 EDC INFRASTRUCTURE The EDC architecture is segmented into security zones that are isolated from each other via firewalls. The EDC network contains the External DMZ security zone, the Internal Services security zone, and the Internal DMZ security zone. These three primary networks are either, physically or logically, connected to one another. MAN Internet Agency MAN site Agency Firewall EDC Intranet Firewall Perimeter Firewall Internal DMZ / Services Managed Services Lite Internal DMZ Managed Services Internal Services Managed Services Internal DMZ Co-location Internal Services Co-location External DMZ Managed Services External DMZ Co-location External DMZ Managed Services Lite EDC InterZone Firewall External DMZ Security Zone The External DMZ security zone contains Internet-facing servers that are connected to the Enterprise DMZ. EDC-managed web servers (such as Managed Services) and agency-managed servers (such as Co- Location servers) both exist in the External DMZ Security zone. Managed Services and Co-Location servers are on separate subnets secured by either firewalls or Access Control Lists (ACLs) Internal Services Security Zone The Internal Services security zone contains Managed Services database servers and other application servers from which dynamic content is obtained by web servers Internal DMZ Security Zone The Internal DMZ security zone contains the Managed Web and application servers that need to be accessible only from the Commonwealth Metropolitan Area Network (MAN). This Security Zone also contains internal Co-Location databases and web and application servers that are isolated from the Managed Services servers. When EDC Domain Controllers intercommunicate in a security zone, all communications use standard RPC and do not require IPSEC encryption or authentication. Domain Controller-to-Domain Controller communications between security zones only use IPSEC with Authentication Headers (AH). Other host-to-ad Component communication in the Managed Services portion of the Enterprise Data Center does not require IPSEC. However, IPSEC is required for all communications between entities outside the Managed Services and EDC AD components. EDC BUSINESS OBJECTS I RULES OF ENGAGEMENT PAGE 5 OF 10

6 2 Business Objects I Implementation 2.1 BOE I PURPOSE / OVERVIEW The document focuses on BOE applications. Using this document an agency will gain an understanding of how to request services provided by the EDC. The EDC implements and supports Business Objects Enterprise (BOE) at the agency s request. BOE is a suite of reporting and analysis applications, which includes, Crystal Reports and InfoView. Each application in the suite provides functionality for a particular aspect of the commonwealth s data analysis and reporting needs. 2.2 ASSUMPTIONS This document assumes that the reader has a basic understanding of: Business Objects Enterprise I R2 and its function User rights and permissions structures Crystal Reports 2.3 SCHEMATIC DIAGRAM MAN Load Balancer Business Objects Enterprise I R2 Web Server Business Objects Enterprise I R2 Application Servers File Server Database 2.4 PREREQUISITES A supported web browser is required, such as IE Explorer 6 and above. EDC BUSINESS OBJECTS I RULES OF ENGAGEMENT PAGE 6 OF 10

7 2.5 IMPLEMENTATION DETAILS The BOE applications are integrated into the Business Intelligence Platform, which provides a common infrastructure for all components of BOE to be deployed and administered. The following applications are part of BOE and are available to agency users: Crystal Reports is a reporting tool that is used to create highly formatted canned reports, which are frequently distributed in high volumes. InfoView is a portal which provides secured access to all the content created by the other tools. The content can be accessed via searching, folder structures, custom lists of favorites or categorizations, etc. Non Business Objects content, such as documents and spreadsheets, can also be stored and accessed via InfoView. The following application is not part of BOE but is available to agency users: BOBJ is a Java web service that is also supported. BOBJ allows applications that are not on BOE to query and build reports. The EDC provides the URL for the web service so applications can access reports. The agency sets up and manages all aspects of this service. The EDC sets up access to BOE for agencies as described below using the Central Management Console: 1. Create folder for Agency and Application 2. Create groups for Admins and for End Users 3. Assign Full Control permissions for Admins 4. Assign Schedule & View permissions for End Users 5. Create User accounts 6. Assign User accounts to proper groups as defined in the EDC Document EDC BUSINESS OBJECTS I RULES OF ENGAGEMENT PAGE 7 OF 10

8 3 BOE I Rules of Engagement 3.1 RULES OF ENGAGEMENT OVERVIEW In this section we discuss all aspects of services provided by the EDC. 3.2 NAMING CONVENTIONS Naming conventions provide a standard approach to naming different objects. Standard 2-digit agency code is used when naming the parent folder. o AC Application Name The Application name is used for naming child folders. o Set up as desired by the agency 3.3 SERVICES To request these services, the agency must create an incident ticket and must provide a detailed EDC Document with all of the requirements identified in detail. EDC implements and supports Business Objects Enterprise I Release 2 and provides the following support: Crystal Reports Establishes connectivity to database and ensures that the service is available. InfoView Creates the users and groups for access. BOBJ Ensures that the service is available Automatic Software Installation Active plug in must be installed for InfoView. This is done automatically when the client connects to Info View. 3.4 ROLES AND RESPONSIBILITIES Roles EDC Agency Software Installation Active Plug in installation License Management Procurement of Licenses General EDC Document completion CMR Processing (for database only) Data Backup Hardware Inventory Development Environment Administrative Access Configuration Auditing EDC BUSINESS OBJECTS I RULES OF ENGAGEMENT PAGE 8 OF 10

9 3.5 MONITORING EDC monitors the Business Objects Windows services to assure they are running at all times. EDC monitors to assure the site is up. Application alerts are sent to the EDC Application Management Team (AMT) 3.6 BACKUP AND RECOVERY Backup services are provided and are based on existing EDC processes and standards. Details of this service are available at the following link EDC BACKUP AND RECOVERY OVERVIEW. EDC backs up all changes to the environment on a daily basis. 3.7 CHANGE MANAGEMENT Existing EDC Change Management Processes and procedures are leveraged for any modifications to the BOE application services. Reference the change management page for additional information: 3.8 SECURITY Security for this environment is managed by EDC personnel Administrative Access Only EDC has Admin access to all supported services Remote Access Only EDC has remote access to the servers hosting the application Physical Access Only EDC has physical access to the servers hosting the application. 3.9 MAINTENANCE Maintenance for this environment is managed by EDC personnel. EDC will provide advance notice for all scheduled maintenance activities performed on BOE services. EDC BUSINESS OBJECTS I RULES OF ENGAGEMENT PAGE 9 OF 10

10 4 Appendix A - Resources and References Business Objects Enterprise URL: Administrator s Guide: efault.htm End User s Guide: EDC BUSINESS OBJECTS I RULES OF ENGAGEMENT PAGE 10 OF 10