Enterprise Applications Technical Health

Assessment

BSMBFebruary 12, 2015

Overview

The Portfolio Tool provides an objective view of the health of an application

Systems, applications and tools are assessed based upon the criteria resulting in a ‘stoplight-like coloring scheme’

Criteria and assessed ‘color’ is derived based upon NEACC best practices/standards, Agency policies and guidelines

The information will be used to make investment decisions, influence prioritization of work and identify consolidation opportunities

Page 2

Status

Phase 1 - Complete Design and development of tool to address requirements for Application

Portfolio Management Consolidated listing of enterprise systems, tools and applications with

descriptions and key points of contact Complete assessments for customer facing enterprise applications and load of

data into tool Reviews with NEACC Line of Business (LOB) product leads and LOB managers to

review/validate the results and make any necessary adjustments Develop the NAMS workflow for Portfolio tool

Establish initial Portfolio tool access with a mass NAMS request beginning with key POC listing and other key management personnel

Build out help text within tool to explain assessment criteria Create a general help document that explains the tool and the intended use of

the data Migrate to production

Phase 2 – In process Load the data for infrastructure meta-data elements and associate with

applicable applications Perform detailed reviews with Agency stakeholders for each line of business

Phase 3 – Not started Build-out additional capabilities (e.g., additional tree reports) Assess internal NEACC applications (i.e., not customer facing)

Page 3

Reporting by Application Categories

Applications are assigned to 1 of 3 categories at the beginning of the assessment to serve as one dimension of reporting

Page 4

System of Record System where business critical data is entered and

stored (Core Financial, Contract Management Module,

FedTraveler) Data Aggregator

System that aggregates data from systems of record and facilitate data usage or analysis

(Business Warehouse, HR Portal, bReady Portal) Process Facilitator

Systems / Tools / Software / Applications that make it easier to perform business processes

(NPROP, WebTADS Mobile)

Summary of Enterprise Assessments

High-level Assessment Categories

Summary of Deductions for Enterprise Assessments

Application Development• Server language, language versions and client

language

Application Utilization• Authentication, authorization• NAMS (workflow, provisioning)• Analytics• Monitoring

• Two primary areas, which are:• Roles maintained solely within the application instead of using ICAM

standard of NASA Enterprise Directory (NED) or Active Directory (AD).• Roles being manually assigned rather than being assigned automatically

utilizing the ICAM NAMS auto-provision capability.

Compliance• 508 Accessibility• Application scans• Data retention policy

• One primary area, which is:• Outstanding medium and low vulnerabilities detected through routine

scans of the environment

Logging• Application log• Load balanced, Local Failover• Business Impact Assessment (BIA)

• One primary area, which is:• Logging at the server level only (i.e., checking if processes are running).• The NEACC standard is to monitor at both the server and application

layer.• Application monitoring monitors data files for changes and

confirms authorization for those changes. • Application monitoring of web applications checks the response of

a URL to confirm it’s up.

Maintenance• Maintenance agreement• End of life• Alignment with vendor’s roadmap

Page 5

App administrators answer a set of objective questions in the following categories

NEACC Programming Language Roadmap

Page 6

12:00-3:00 – Emerging3:00-6:00 – Early Mainstream6:00-9:00 – Mature Mainstream9:00-12:00 – Legacy or Market End

Back-up

Page 7

Portfolio Tool Design

Portfolio Solution Web-front end that serves as the reporting layer, includes heat map,

application tree, and application listing with POCs Drilldown to assessment results of an individual application is

available from the heat map (pdf) and from the application listing (MetaHouse view)

Existing MetaHouse tool houses the metadata and the detailed assessments

MetaHouse was augmented to capture the additional Portfolio metadata elements and assessment criteria

Page 8

MetaHouse

What is MetaHouse? A way to keep track of entities such as applications,

databases, and web services located throughout NEACC and NASA. Once an entity is tracked by MetaHouse you can determine this entity's dependencies on other entities, view changes made to the entity on an interactive timeline, and see which versions of the entity are deployed to which environments. 

Supplies a calendar feature which tracks all NEACC activities and incidents, and allows for those authorized users to create activities and incidents on the calendar and send emails via the MetaHouse platform to defined user lists.  Additional features of the calendar will allow for RSS feeds and iCal integration.

How do I access MetaHouse? MetaHouse is accessible via the Internet behind the NASA

firewall When was MetaHouse deployed?

August 2011

Page 9

Why MetaHouse?

“…To provide the right level of information about our services to the right customers at the right

time…” Stay on top of scheduled activities and unplanned incidents

Frustrated because you weren't aware an outage event was taking place? The MetaHouse calendar tracks all events that happen throughout NEACC. In addition to viewing this calendar within MetaHouse you can also add the calendar iCal feed to your favorite calendar client.

Find which entities are available across the NASA landscape Need to automate some business function? There may already be an app for that. Use

MetaHouse to search for existing applications, web services, databases, and more to see what's currently available.

View relationships among entities Ever wonder what other systems an application you use depends on? MetaHouse tracks

dependency relationships between the entities and visually displays these in a graph. Find which environments entities are deployed in

Do you have trouble keeping track with which version of an application is deployed in which environments? We do too. With MetaHouse you can quickly see which versions of an entitiy are active and where those versions are currently deployed.

Receive notifications when changes are made to entities Tired of getting spammed with email about changes made to entities you aren't

interested in? With MetaHouse you tell us which entities you want to receive notifications on when changes are made. In addition to email you can also setup a personal RSS feed that will contain all updates to your entities so you these notifications from your favorite RSS reader.

What’s new in MetaHouse? Expansion of the number of metadata elements captured on our

applications, web services, databases and more Integration of MetaHouse with Portfolio, which

Provides one central location for the maintaining the metadata elements regarding our applications, web services, databases and more that can be used for a multitude of purposes

Page 10

Pulse captures three types of analytic information: • Technology analytics

• Types of hardware and software used to access application

• For example, type of mobile device (e.g., Android, iOS) or type of browser (e.g., Chrome, Firefox, Internet Explorer) used to access either the mobile or web application

• Audience analytics• Who is accessing an

application(s)• For example, the number of

visits to the application by center

• Application analytics (mobile focus)

• Visits by application version• Number of downloads from

apps@NASA of the application

Pulse Analytics – Mobile and Web Applications

Page 12

Pulse Analytics - Web Application Example

Page 13

Pulse Analytics - Mobile Application Example