Distributed Systems Management Domain-Technology Reference Model Version 2.0

9.17.1 Introduction and Background

The focus of the Interior Enterprise Architecture is on providing guidance for information technology (IT) issues and initiatives that are Interior-wide or multi-bureau in scope. The Distributed Systems Management (DSM) architecture defines how the hardware and software components of the environment will be controlled. Perhaps more than any other domain, the success of distributed systems management depends upon comprehensive governance policies, procedures and processes being in place and enforced.

If used correctly, the Interior Enterprise Architecture will act as a catalyst for those looking to capitalize on its contents and better understand the full meaning of its guidance. This understanding will permit IT personnel to better engage the non-IT organization in discussions around tradeoffs and priorities within the proper governance structure (e.g., Management Improvement Team (MIT), Information Technology Management Committee)). The Interior Enterprise Architecture is not intended to be the “last word” (e.g., some automated checklist for product selection). It is intended to be one of the “first words” to assure that Interior’s mission priorities and its IT priorities remain closely aligned.

Because Interior is incorporating the OMB’s Federal Enterprise Architecture (FEA) models, the technical guidance provided by the subject area experts within a domain spans both the Service Component Reference Model (SRM) as well as the Technical Reference Model (TRM). For the Distributed Systems Management domain, the SRM elements are as follows:

Service Domain(s): The Back Office Services Domain defines the set of capabilities that support the management of enterprise planning and transactional-based functions.

The Customer Services Domain defines the set of capabilities that are directly related to an internal or external customer, the business’ interaction with the customer, and the customer driven activities or functions. The Customer Services domain represents those capabilities and services that are at the front end of a business, and interface at varying levels with the customer.

The Support Services Domain defines the set of cross-functional capabilities that can be leveraged independent of Service Domain objective and / or mission.

The Business Management Services Domain defines the set of capabilities that support the management of business functions and organizational activities that maintain continuity across the business and value chain participants. The Business Management Services domain represents those capabilities and services that are necessary for projects, programs and planning within a business operation to successfully be managed.

Service Type(s): Assets / Materials Management – defines the set of capabilities that support the acquisition, oversight and tracking of an organization's assets.

Customer Relationship Management - defines the set of capabilities that are used to plan, schedule and control the activities between the customer and the enterprise both before and after a product or service is offered.

Communication - defines the set of capabilities that support the transmission of data, messages and information in multiple formats and protocols.

Customer Initiated Assistance - defines the set of capabilities that allow customers to proactively seek assistance and service from an organization.

Systems Management – defines the set of capabilities that support the administration and upkeep of an organization’s technology assets, including the hardware, software, infrastructure, licenses and components that comprise those assets.

Organizational Management – defines the set of capabilities that support both collaboration and communication within an organization.

Security Management – defines the set of capabilities that support the protection of an organization's hardware/software and related assets.

Component(s): Asset Cataloging / Identification – defines the set of capabilities that support the listing and specification of available assets.

Asset Transfer, Allocation, and Maintenance – defines the set of capabilities that support the movement, assignment, and replacement of assets.

Computers / Automation Management – defines the set of capabilities that support the identification, upgrade, allocation and replacement of physical devices, including servers and desktops, used to facilitate production and process-driven activities.

Facilities Management – defines the set of capabilities that support the construction, management and maintenance of facilities for an organization.

Property / Asset Management – defines the set of capabilities that support the identification, planning and allocation of an organization's physical capital and resources.

Call Center Management - defines the set of capabilities that handle telephone sales and/or service to the end customer.

Contact Management – defines the set of capabilities that keep track of people and the related activities of an organization.

Customer Analytics - defines the set of capabilities that allow for the analysis of an organization's customers as well as the scoring of third party information as it relates to an organization’s customers.

Customer / Account Management – defines the set of capabilities that support the retention and delivery of a service or product to an organization's clients.

Customer Feedback – defines the set of capabilities that are used to collect, analyze and handle comments and feedback from an organization's customers.

Event / News Management – defines the set of capabilities that monitor servers, workstations and network devices for routine and non-routine events.

Assistance Request - defines the set of capabilities that support the solicitation of support from a customer.

Online Help – defines the set of capabilities that provide an electronic interface to customer assistance.

Self-Service – defines the set of capabilities that allow an organization's customers to sign up for a particular service at their own initiative.

Change Management – defines the set of capabilities that control the process for updates or modifications to the existing documents, software or business processes of an organization.

Configuration Management – defines the set of capabilities that control the hardware and software environments, as well as documents of an organization.

License Management – defines the set of capabilities that support the purchase, upgrade and tracking of legal usage contracts for system software and applications.

Remote Systems Control – defines the set of capabilities that support the monitoring, administration and usage of applications and enterprise systems from locations outside of the immediate system environment.

Software Distribution – defines the set of capabilities that support the propagation, installation and upgrade of written computer programs, applications and components.

System Resource Monitoring – defines the set of capabilities that support the balance and allocation of memory, usage, disk space and performance on computers and their applications.

Network Management - defines the set of capabilities involved in monitoring and maintaining a communications network in order to diagnose problems, gather statistics and provide general usage.

Role / Privilege Management - defines the set of capabilities that support the granting of abilities to users or groups of users of a computer, application or network.

User Management – defines the set of capabilities that support the administration of computer, application and network accounts within an organization.

These SRM service elements are likewise supported by Interior’s IT (technical) infrastructure (e.g., servers, networks). Within this infrastructure are individual TRM components for which this domain team is providing guidance. The graphic below outlines those TRM elements for this domain that support the service needs of the SRM.

Additionally, it’s doubtful that a single domain chapter from the TRM can be used to address a substantive issue. More realistically, a few architecture domains may need to be reviewed when addressing an important IT decision. For example, if Interior was considering the creation of a new Interior-wide Web application that could be used both by the general public and Interior personnel, then the TRM chapters like Data Management Technologies, Information Security, Distributed Systems Management and Application Development might all need to be reviewed.

7.2 Architectural Principles

The principles listed below provide guidance for the design and selection of technology components that will support the distributed systems management needs of Interior-wide IT initiatives.

Principle 1: Provide Reliable Metrics
	Select appropriate tools to provide reliable metrics information and reports for proactive distributed systems management. Rationale: Creates reliable metrics and reports to measure success, provide feedback and enable future planning. Implications Need to develop and follow an appropriate use policy for using measurement tools. Need to understand and follow the laws and regulations governing monitoring. Need to develop metrics definitions and select tools that support those definitions. 4. Need to ensure that the “overhead” of management tools ~~are~~is not too intrusive so that it outweighs the value they provide. Need to overcome resistance to having machines touched by monitoring tools; need management buy-in. 6. Need appropriate training for tools to understand and utilize full capabilities.

Principle 2: Maintain Network Interoperability
	Use networks management, systems management and performance monitoring tools to maintain the interoperability of the network. Rationale: Enhances sharing of data and information. Enable near-real-time fault identification. Implications Will drive Interior to standardized network architectures. Requires changes to the network environment (money and resources). Enables optimization of IT resources.

Principle 3: Support Business Continuity
	Use distributed systems management tools to support business continuity planning and operations. Rationale: Contributes to capturing total cost of ownership information and utilization. Enables assessment and development of continuity of operations and disaster recovery plans; thereby, enabling better ability to recover from a disaster. Allows the Interior to better recognize failure by establishing baselines and monitoring the IT infrastructure. Reduces the downtime resulting from failures. Supports compliance with Office of Management and Budget (OMB) A-130, “Management of Federal Information Resources.” Enhances public trust. Enables future planning. Implications Need identified owners responsible for establishing and maintaining the baseline. Need to develop an understanding of cost/risk relationship; costs will increase to mitigate the risk of disaster. Need an agreed upon process/approach to conducting and maintaining the baseline. Requires a cultural change for IT staff to report changes in the IT environment. Better baseline information enables better planning and decision-making.

Principle 4: Information Access
	Ensure that information is stored so that it is accessible for short and long term needs. Rationale: Enables data reuse. Enable data and disaster recovery. Ensures access to current information in a format that is useful internally and externally. · Provides capacity and growth planning metrics. Implications Software must be distributed that enables stewards to provide their data to users. Need replication technology as appropriate for the information. Need to follow departmental records management policies and procedures. Need to ensure that storage products are industry standard and included as part of the data or information when retired; need to identify storage media and hardware that has a significant expected longevity. Need to maintain a controlled information storage environment. Will require proper capacity planning, performance monitoring, network, ~~LAN~~and LAN/systems tools.

Principle 5: Reuse Technology Components
	Use distributed systems management tools to determine the availability and appropriateness of reusable technology components. Rationale: Allows redistribution of resources. Enables proactive planning. Helps inform reuse, buy, or build decisions. Implications Need to establish and maintain a baseline. Enables the appropriate allocation of budget dollars. Need to dedicate resources to actively monitor systems performance and assets. 4. Need a formal mechanism to proactively promote technology reuse opportunities.

Principle 6: Support Security, Privacy and Confidentiality
	Select distributed systems management tools that are aligned with security, privacy and confidentiality legislation and policies. Rationale: · Reduces the likelihood of divulging employee and customer privacy information or sensitive systems information. · Enhances Interior’s security posture. · Reduces Interior’s legal risk. · Enhances public trust. Implications 1. Need to be aware of unintended consequences (i.e., using certain tools increases the risk of exposing sensitive information). 2. DSM tools and IT staff need to have a high level of authority to function; therefore, the IT staff needs higher security awareness and accountability. 3. Need to know which security, privacy and confidentiality legislation and policies are in place. 4. IT staff needs appropriate training on DSM tools; users and managers need to be informed about the purpose, appropriate use, functionality, capabilities and limitations of DSM. 5. DSM tool usage needs to be limited to the appropriate operational levels.

9.37.3 Technology Components

The Distributed Systems Management components in this domain include:

· Authentication / Single Sign-on (SSO) – Refers a method that provides users with the ability to log-in one time, getting authenticated access to all their applications and resources.

· Supporting Network Services - These consist of the protocols that define the format and structure of data and information that is either accessed from a directory or exchanged through communications.

· Deployment Management – Refers to the capability of software delivery to remote networked desktops, servers, and mobile devices across an enterprise.

· Other Applications – Refers to software applications that do not fit in any of the other aforementioned software categories. Due to the nature of distributed systems management application is this category will be differentiated by the TRM Sub-component.

The classifications for any products or standards within this domain are:

Life Cycle Definition/

Classifications Meaning

Preferred Product/standard of choice; support available; recommended.

Contained Develop solutions using these standards or products only if there are no suitable alternatives categorized as preferred; if a preferred product is available that will meet the requirements, plans should be developed to move from contained to preferred as soon as practical.

Obsolete Being phased out; (e.g., vendor support ending); plans should be developed to rapidly phase out and replace (often to avoid substantial risks).

Research Product/standard to be used in conjunction with technology research efforts only (e.g., testing, pilots).

Rejected Product/standard has been evaluated and found not to meet technical architecture needs.

7.3.1 Authentication / Single Sign-on (SSO)

Authentication / Single Sign-on (SSO) refers a method that provides users with the ability to log-in one time, getting authenticated access to all their applications and resources.

Use of Novell eDirectory (Version 8.7+) is classified as Preferred

7.3.2 Supporting Network Services

Supporting Network Services consist of the protocols that define the format and structure of data and information that is either accessed from a directory or exchanged through communications.

Standards:

Use of LDAP is classified as Preferred

Use of Simple Network Management Protocol (SNMP) (Version 1 or 3) is classified as Preferred

Use of Management Information Base (MIB) (Version II) is classified as Preferred

Products:

Use of Novell eDirectory (Version 8.7+) is classified as Preferred

Use of Microsoft Active Directory is classified as Preferred

7.3.3 Deployment Management

Deployment Management refers to the capability of software delivery to remote networked desktops, servers, and mobile devices across an enterprise. Deployment automation tools provide centralized and accelerated delivery of applications to users via push technologies, eliminating the need for manual installation and configuration.

Use of Microsoft Systems Management Server (SMS) is classified as Preferred

Use of Novell Zenworks is classified as Preferred

7.3.4 Other Applications

Other Applications refers to software products that do not fit in any of the other aforementioned software categories but also are used in conjunction with data management processes. Applications in this category perform a wide range of distributed systems management functions and are represented by TRM Service Sub-standard.

Network Element Manager:

Use of Cisco Campus Manager is classified as Preferred
Use of Cisco VPN Management Solutions is classified as Preferred
Use of Cisco Works is classified as Contained
Use of Fore Systems Foreview is classified as Contained
Use of Nortel Networks Optivity is classified as Contained
Use of Prism TechSpectrum View is classified as Contained
Use of Express Software Manager is classified as Contained
Use of Internet Performance Manager is classified as Contained
Use of NetManager is classified as Contained
Use of Legato NetWorker is classified as Contained
Use of NetViz is classified as Research

LAN and System Element Manager: (See Network Element Manager above for the preferred tool.)

Use of Network Associates ZAC is classified as Contained
Use of Tivoli Tivoli Suite is classified as Contained
Use of Intel LanDesk is classified as Contained
Use of LANview is classified as Contained
Use of Microsoft LAN Workplace is classified as Contained

Software Distribution:

Use of Microsoft Systems Management Server (SMS) is classified as Preferred
Use of Novell Zenworks is classified as Preferred
Use of Network Associates ZAC is classified as Contained
Use of Tivoli Tivoli Suite is classified as Contained
Use of Intel LanDesk is classified as Contained

Asset Management:

Use of Cisco Cisco Works 2000 is classified as Preferred
Use of Microsoft Systems Management Server (SMS) is classified as Preferred
Use of Sun StorEdge Volume Manager Server Administration is classified as Preferred
Use of Novell Zenworks is classified as Preferred
Use of Computer Associates Unicenter is classified as Contained
Use of Tivoli Tivoli Suite is classified as Contained
Use of Network Associates ZAC is classified as Contained
Use of WRQ Express Meter (16-bit) is classified as Contained
Use of WRQ Express Software Manager Client (16-bit) is classified as Contained
Use of Zero Administration Kit for Windows NT is classified as Contained
Use of NetCensus is classified as Obsolete
Use of Powerquest BootMagic is classified as Research

Help Desk:

Use of Front Range HEAT is classified as Preferred
Use of Magic Magic Total Service is classified as Preferred
Use of Remedy Action Request System is classified as Contained
Use of Blue Ocean Track IT is classified as Contained
Use of Clarify Clarify Suite is classified as Contained
Use of Siebel Siebel Suite is classified as Contained
Use of Vantive Helpdesk is classified as Contained

Performance Management:

Use of Cisco Cisco Works 2000 is classified as Preferred
Use of Microsoft Microsoft Operations Manager is classified as Preferred
Use of Novell Zenworks is classified as

Principle 2: Maintain Network Interoperability

Principle 3: Support Business Continuity

Principle 4: Information Access

Principle 6: Support Security, Privacy and Confidentiality