Department of Veterans Affairs Cloud Strategy Roadmap...

Department of Veterans Affairs Cloud Strategy Roadmap, FY18 & FY19 May 9, 2018 | Enterprise Program Management Office Demand Management Division

OFFICE OF INFORMATION TECHNOLOGY Enterprise Program Management Office

Cloud Strategy Roadmap | i

Table of Contents 1 Introduction ..........................................................................................................................2

Background........................................................................................................................................... 2 Purpose ................................................................................................................................................ 2 Audience ............................................................................................................................................... 3 Development ........................................................................................................................................ 3

2 Scope ....................................................................................................................................4 Interrelationship with VA Modernization ............................................................................................ 4

3 Actions and their Dependencies .............................................................................................6 4 Roadmap ...............................................................................................................................7 5 Next Steps ........................................................................................................................... 17

Planned Development Activities ........................................................................................................ 17

Appendix A: References ....................................................................................................... 18

Appendix B: Acronyms......................................................................................................... 19


Cloud Strategy Roadmap | 2

1 Introduction

Background

The VA Enterprise Cloud (VAEC) is an enterprise class Hybrid Cloud consisting of the Microsoft Azure Government (MAG) community cloud, Amazon Government Cloud community cloud and the VA Private cloud. The VAEC is supported by the Enterprise Cloud Solutions Office (ECSO), Office of Information Security (OIS), and Information Operations Cloud Service Line (ICSL). The VAEC implements the VA cloud-first policy described in VA Directive 6517, Cloud Computing Services [1] and amplified in the joint Strategic Sourcing and Demand Management Office’s Use of the VA Enterprise Cloud (VAEC) to Host Applications [2] memorandum, as well as the Use of Cloud Native Technologies and Approaches [3] memorandum. These authoritative sources respond to mandates issued by the White House, Congress, the Federal Chief Information Officer (CIO), and the Secretary of Veterans Affairs.

VA envisions the VA Enterprise Cloud (VAEC) as a business enabler that will efficiently provide Veterans, their dependents, VA employees and contractors, and VA partners with innovative, Veteran-focused services, applications, and access to information on demand using Veteran-preferred devices and technologies. The VAEC will become the foundation of an agile, interoperable, scalable, and secure cloud computing environment that can adapt to evolving business needs. It will offer elastic, metered data storage and computing capability to support innovative approaches for the delivery of integrated services to Veterans. An enterprise cloud infrastructure, platform, and software services characterized by costs shared across a broad customer base and supported by leading, internal and external technology providers, will improve VA’s ability to target its efforts toward key mission areas focused on the Veteran. This will result in more efficient and responsible stewardship of taxpayer dollars. VA recognizes that, to fully realize the benefits associated with using the VAEC, the Department must also invest in the personnel- and process-related elements of change. For example, projects such as VA.gov employed agile methodologies in combination with cloud technologies to rapidly deliver a quality solution. VA is also considering implementation of accelerated review and governance processes to help further reduce the “time to market” for delivery of Veteran-focused solutions.

Additional background information is available in the VA Cloud Strategy [4] and on the VA Enterprise Cloud SharePoint site at https://vaww.portal.va.gov/sites/ECS/SitePages/Home.aspx.

Purpose

A supplement to the VA Cloud Strategy, this VA Cloud Strategy Roadmap serves as a strategic management tool that documents the initiatives, activities, and projects that VA is currently pursuing or planning to achieve its enterprise cloud capability.

https://vaww.portal.va.gov/sites/ECS/SitePages/Home.aspx



The Roadmap:

Facilitates management and governance decisions by outlining the relationships between the Office of Information and Technology (OIT) Comprehensive Information Technology (IT) Plan [5] activities and the tactical actions in the Roadmap that support the VAEC strategic goals

Provides an overview of the activities that contribute to establishing the foundation of the VA Enterprise Cloud, defining its success criteria, and establishing how that success will be measured

Delineates expected timeframes for delivering capabilities and achieving outcomes.

Audience

The Roadmap provides senior OIT Leadership and governance bodies with an understanding of the expected delivery dates of key cloud capabilities and outcomes. Multiple entities across VA will benefit from this document. For example:

Project Managers will gain insight into when/what cloud capabilities will be available, what development environments are available, and will have instructions and training on how to acquire capabilities in the cloud as well as develop them natively.

Portfolio Managers will gain visibility into when/what cloud capabilities will be available, learn about additional options for portfolio management, and have increased incentive to move toward cloud-based Enterprise capabilities.

IT Governance Boards and Councils will gain insight into decisions that must be made, efforts that must be monitored, and tracking and reporting on performance.

Senior OIT Leadership will gain visibility into when/what cloud capabilities will be available, how they can leverage those capabilities, and what their role is in the cloud space.

The Chief Information Officer (CIO) will gain clarity on the goals being set for cloud hosting and visibility into the progress being made toward achieving those goals.

Development

This Roadmap was developed using a combination of primary and secondary data collected throughout the creation of the VA Cloud Strategy. Roadmap development followed a top-down approach, beginning with interviews of key stakeholders within the Demand Management Division (DMD), OIS, ICSL, and other available stakeholders involved in the planning and execution of the various capabilities and processes that make up the VAEC. Details of activities, initiatives, and projects were garnered from these stakeholder interviews as well as from stakeholder-provided planning documents. Subsequent research into information provided during the interviews and supporting documentation yielded additional insight.



2 Scope The Roadmap provides direction as to how VA will address people, processes, and technology to achieve the goals and objectives outlined in the VA Cloud Strategy [4]. The Roadmap is limited to the actions that directly relate to achieving the following goals and objectives:

Goal 1: Build the foundation for the VA Enterprise Cloud capability

Objective 1.1: Establish a comprehensive suite of cloud capabilities and processes that serve all VA cloud business and IT needs

Objective 1.2: Migrate and Transform enterprise systems using the VAEC first

Goal 2: Introduce new, innovative capabilities and services for Veterans faster

Objective 2.1: Optimize agile, timely processes

Objective 2.2: Leverage modern technologies and innovation to deliver improved mission capabilities for Veterans

Goal 3: Expand enterprise computing capability while improving Veteran and VA data privacy and security

Objective 3.1: Safeguard cloud services

Goal 4: Transform the IT workforce

Objective 4.1: Strengthen the current OIT workforce to enable staff members to better use cloud technologies to deliver services

Interrelationship with VA Modernization

VAEC activities are just one component of a larger comprehensive plan for VA IT Modernization. As specified in VA’s Fiscal Year (FY) 2018-2024 Strategic Plan [6]:

Management Objective 4.3: VA IT Modernization will quickly deliver effective solutions that will enable VA to provide improved customer service and provide a secure and seamless experience while decreasing its rate of spend.

IT modernization reduces VA’s reliance on legacy systems and creates new capabilities for a modern VA. Cloud technology is a key enabler for IT modernization, as cloud-based capabilities can support faster development and provide the most modern, capable, supportable, cost-effective, and flexible solution. Cloud is therefore an enabler of several other IT Modernization efforts specified in the OIT Comprehensive IT Plan [5], to include Data Center Consolidation and Legacy System Modernization and Decommissioning. As data centers are consolidated, many systems hosted within those data centers become natural candidates for migration to the cloud. Similarly, as VA makes decisions regarding modernization of legacy systems, moving the legacy system to the cloud and modifying it to take advantage of the capabilities offered by cloud is one of the options for consideration. When VA chooses to decommission a legacy



system, procuring a new cloud-based capability to replace the legacy system is also an option. Therefore, where appropriate, the touch points with these activities are called out in the Roadmap. For further details on the broader IT Modernization efforts, see the OIT Comprehensive IT Plan [5].

While cloud technology is key to many IT Modernization efforts within VA, it in turn depends on network modernization, which must precede hosting of applications in the cloud. Moving an existing application from a data center to the cloud or implementing a new application in the cloud can increase both network traffic and latency, possibly leading to observable performance degradation for the application and potentially degrading the performance of the network itself. Therefore, VA network modernization must be closely monitored and coordinated with cloud migrations to ensure optimal performance of applications hosted in the cloud. For a more detailed discussion of network modernization see Section 4 of the VA Cloud Strategy [4].



3 Actions and their Dependencies Figure 1 lays out the high-level actions and their dependencies at a macro level, depicting them along a notional timeline spanning 18 months of activities. Some activities are anticipated to initiate within the 18-month window and continue. Current accomplishments are outlined in the introduction to Section 4. The Roadmap presented in the following section provides greater detail on each of the actions and timelines.

Figure 1 Actions and Dependencies

Goal 1: Build the

foundation for the VA

Enterprise Cloud

capability

Action 1.1.1 Establish ECSO

Action 1.1.2a Architect VAEC

Action 1.1.3 Operate, maintain, and support VAEC

Action 1.1.5 Develop VAEC financial management strategy

Action 1.1.2c Establish VA Private Cloud

Action 1.1.6 Establish a cloud performance management capability

Near-Term (0-6 months) Mid-Term (6-18 months)

Goal 2: Introduce new,

innovative capabilities and services for Veterans

faster

Action 1.2.2 Migrate commodity applications

Action 1.2.1 Develop and execute an application migration strategy

Action 1.2.3 Ensure new applications conform to the VAEC architecture

Action 1.2.4 Create operational cloud service management strategy

Action 2.1.1 Continually improve processes for acquiring cloud capacity and services

Action 2.1.2 Streamline process for provisioning environments

Action 2.1.3 Provide cloud migration and management tools

Action 2.1.4 Continually improve security timelinesAction 2.2.1 Enhance COTS/GOTS adoption and

adaptation speedAction 2.2.2 Enable research community

Action 2.2.3 Enable mobile/

IoT medical devices

Action 1.1.2b Establish public clouds (Azure and AWS)

Goal 3: Expand enterprise computing capability

while improving

Veteran and VA data

privacy and security


Action 3.1.1 Revise VA Security Policies, processes, procedures

Action 3.1.2 Cybersecurity visibility of the VA cloud

Action 4.1.1 Develop cloud OCM approach

Action 1.1.4 Implement and exercise VAEC governance

Action 3.1.3 Expand VA response and recovery

capabilitiesAction 3.1.4 New

technologies for cloud security

Action 4.1.2 Develop communications plan

Action 4.1.3 Determine existing/needed capabilities

Action 4.1.4 Develop/execute cloud training plan

Action 4.1.5: Develop incentive programs and performance criteria

Acronyms:AWS = Amazon Web Services COTS = Commercial Off-The-ShelfFOC = Full Operating CapabilityGOTS = Government Off-The-ShelfIoT = Internet of ThingsOCM = Organizational Change Mgmt.VAPC = VA Private Cloud

Pre

FOC

FOC



4 Roadmap Table 1 shows the Roadmap which describes, at a high level, the goals, objectives and actions needed to implement the VA Cloud Strategy [4]. This document is intended to identify the challenges in the areas of technology, process, and people that VA must overcome to execute the VA Cloud Strategy and achieve its targeted outcomes. The dates included in this Roadmap are notional and will be finalized in the project plan development step based on OIT priorities and available resources.

VA has already made significant progress towards realizing its cloud vision. Among other achievements, VA has:

Identified an executive cloud sponsor

Established the Enterprise Cloud Solutions Office

Established Information Operations Cloud Service Line

Established two enterprise cloud capacity vehicles offering streamlined way to acquire cloud capacity for next five years o Enterprise Cloud Capacity (ECC) contract - $500M capacity o Microsoft Enterprise Agreement - $250M capacity

Created and implemented the Enterprise Cloud Service Request (ECSR) process

Developed the VAEC, an enterprise hybrid cloud o VAEC has reached Initial Operating Capability (IOC) o Provides shared General Support Services (GSS)

Established the OIT Cloud First policy, requiring the use of VAEC, as well as the Cloud Native policy requiring the use of cloud native technologies and approaches

Awarded the Cloud Operations and Migration Services (COMS) contract

Added Cloud support tasks to Infrastructure Operations Support Services (IOSS) contract

Executed an EPMO focused communications plan that includes the creation of an ECSO Portal

A lead has been identified for each of actions described in the roadmap. It is anticipated that the lead is the one responsible for executing the action, with the consultation and assistance of the other organizations involved in achieving the cloud objectives.

Goal Objective Action Action Description Lead Pre 3Q18 4Q18 1Q19 2Q19 3Q19 4Q19

Goal 1: Build the foundation for the VA Enterprise Cloud capability

Objective 1.1: Establish a comprehensive suite of cloud capabilities and processes that serve all VA cloud business and IT needs




Action 1.1.1: Establish the Enterprise Cloud Solutions Office (ECSO) within the OIT EPMO Demand Management Division (DMD)

Develop the ECSO charter Formalize the establishment of ECSO within DMD. ECSO X

Staff the organization

Utilize the VAEC Concept of Operations (CONOPS) to determine skills needed and open positions and utilize USAJobs to staff open positions.

ECSO X X

Establish business processes Regularly scheduled meetings, processes for managing contractors, assignment tracking, risk management.

ECSO X X X

Action 1.1.2: Architect and establish an enterprise hybrid cloud environment

1.1.2a Establish Architecture

Set up Architecture and Engineering Prototype Environment

Environment available for architecture prototyping and engineering.

ECSO X

Cloud Migration Pilot

Migration pilot of the VA Cemetery Locator Application. Verified ability to create repeatable processes to re-host application, provision, develop, test and deploy.

AES1 X

Establish Enterprise Development Environment (EDE) Azure labs

Provide cloud based development environment where VA and contractors can be rapidly onboarded, new and innovative software can be tested, and developers can work in a sandbox while waiting for access to VA network.

ECSO X

Network modernization

Begin network analysis and modernization to ensure network modernization takes place ahead of cloud migrations and stand up of new applications in the cloud.

ITOPS X

Define the VAEC cloud architecture

Define vision/framework/reference architecture. Identify cloud solution constraints and engineering requirements early in the systems life cycle process. Establish cloud architecture in Enterprise Architecture Repository so business, information, and technology architectures can be used consistently at various levels of the project within and between VA agencies.

ECSO X

Define Service Level Agreements (SLAs) Publish Cloud Service Provider (CSP) SLA's, develop and publish GSS SLA's.

ECSO X

Refine security control requirements Continue to refine and evolve the security controls provided by GSS.

OIS X

1 AES - Architecture and Engineering Services – an organization within the Demand Management Division




Establish cloud computing Enterprise Design Patterns (EDPs)

Guiding principles, best practice approaches, and constraints will be established for acquiring cloud services and incorporating them as reusable enterprise capabilities.

AES X

Approved Software-as-a-Service (SaaS)/cloud services

Establish approval process and maintain list of authorized SaaS and cloud services.

TS2 X

Establish and support cloud toolkits

Establish toolkits for utilizing the General Support Services (GSS), Application Program Interfaces (APIs), etc.

ECSO X

Set up cloud architecture prototypes Prototype overall architecture. Develop cloud native architecture for use by applications and projects.

AES X

Prototype migration and development scenarios

Execute prototyping activities within VAEC to increase automation, demonstrate Infrastructure as Code, and test/develop/streamline migration techniques.

AES X

Develop cloud modular app development

Establish development criteria and standards for modular app development.

AES

X

1.1.2 b Establish public clouds (Microsoft Azure Government (MAG) and Amazon Web Services (AWS))

Establish VA Enterprise Cloud Capacity

Contracts for cloud credits in both MAG and AWS available for cloud ready applications.

ECSO/TAC3

X

Establish VAEC environment Initial Operational Capability (IOC) – Phase 1

Initial VAEC environment established and ready for hosting.

ECSO X

Operationalize the VAEC Determine roles and responsibilities for management and operation of the VAEC and put staff into place.

ECSO X X

Establish VAEC environment – Full Operating Capability (FOC) VAEC environment fully operational.

ECSO

X

1.1.2c Establish VA Private Cloud (VAPC)

Develop VAPC Request for Proposal (RFP)

RFP for VAPC hosted within Austin and other data centers.

ECSO X

Award VAPC contract VAPC awarded. TAC

X

Establish VAPC environment - IOC

Initial VAPC environment established and ready for hosting. Initial VAEC-hosted applications in production.

ITOPS

X

Achieve VAPC FOC VAPC Environment fully operational. ITOPS

1Q20

Action 1.1.3: Operate, maintain, and support VAEC

2 TS - Technology Strategies – an organization within the Demand Management Division

3 TAC – Technology Acquisition Center




Establish Enterprise Cloud Service Request (ECSR) Process

Initial process developed for coordinating queue of applications moving to the cloud.

ECSO X

Update Demand Management intake to incorporate cloud

Provide single intake for Demand Management, that includes existing process, Enterprise Cloud Service Request (ECSR) process, SaaS applications, and VAPC.

I&A4 X X X

Award Infrastructure Operations (IO) Cloud Service Line contract.

Contract covers Architecture, Integration, Shared Services, Migration Support, Automation, Policy, Process and Procedures, Program Management and Contract Oversight.

TAC X

Award Cloud Operations and Migration Services (COMS) support contract

Acquire contractor to assist with VAEC Operations and support project migrations.

TAC X

Incorporate COMS into cloud management and operations

Embed COMS contractor staff into appropriate management, operations, and governance groups.

ECSO X

Award Cloud Advisory Services (CAS) support contractor

Acquire contractor to provide advisory services to VA on cloud governance and enterprise migration planning and to advise applications looking to migrate to the cloud.

TAC X

Incorporate CAS into cloud management and operations

Embed CAS contractor staff into appropriate management, operations, and governance groups.

ECS X

Award VAEC Operations Tools contract

Establish independent enterprise Cloud Management Platform (CMP) to focus on multi cloud management and reporting across VAEC/VAPC clouds.

TAC

X

Enhance VAEC management and monitoring functions

Adjust cloud management and monitoring functions to incorporate CMP.

ECSO X

CMP - IOC CMP initially operational. ECSO

X

CMP - FOC CMP fully operational. ECSO

X

Create or modify IT Operations and Services (ITOPS) processes for VAEC

Create new ITOPS process under the ICSL to support the VAEC. Integrate VAEC into existing ITOPS systems where appropriate.

ITOPS X X

Action 1.1.4: Implement and exercise VAEC governance

Designate VA OIT Cloud Executive Sponsor

Senior Executive Sponsor responsible for Cloud formally named.

CIO X

Define cloud vision and strategy

Cloud vision and strategy developed and communicated.

ECSO X

Formally establish VAEC First Policy

Memo establishing the VAEC as the target for applications and ECSO as the office to contact directly.

DMD X

4 I&A – Intake and Analsis, an orgnaization within the Demand Management Division




Formally establish Use of Cloud Native Policy Memo requiring the use of cloud native technologies and approaches found within the AWS or MAG clouds.

DMD X

Update cloud governance assessment

Utilize cloud governance assessment previously delivered by KPMG, as well as Enterprise Cloud Adoption Framework (ECAF), to update the VA cloud governance assessment.

ECSO X

Revise VAEC First Policy Memo Current cloud policy memo points new contract actions to ECSO team - revise to reflect DM Intake.

DMD X

Establish ECSO governance group

Charter, membership, Measures, meeting frequency, decision process, risk management, continuous improvement.

ECSO X

Develop cloud dashboard

Utilizing the ECAF Heatmap developed in the initial governance assessment, track the progress of items being addressed through the Plan of Actions & Milestones (POA&M).

ECSO X

Periodic ECSO lessons learned and adjustment

Capture and leverage cloud governance lessons learned and ensure continuous improvement.

ECSO

X X X X

Integrate ECSO governance with VA IT Governance Boards

Integration of cloud governance with newly refined IT governance boards.

ECSO

X

Action 1.1.5: Develop cloud services financial and acquisition management strategy

Develop Multi-Year Plans (MYPs) Develop ECSO (MYP) on an annual basis ECSO X X

Update contract management lifecycle to support cloud

Working with the Technology Acquisition Center (TAC), define and integrate appropriate cloud “wording” into system acquisitions. Define how VA will track/rationalize all its contracts that include cloud computing.

TAC X X

Define and implement chargeback mechanism

Transparent cost of services and customer consumption. Monthly Capacity costs + ECSO costs for operations and management.

ECSO X

Manage cloud cost and performance

Defined constructs for governing cost and performance of service providers; shift toward managing providers to be outcome-based.

ECSO

X

Action 1.1.6: Establish a cloud performance management capability

Define cloud metrics Define metrics needed to support VA’s cloud strategy. ECSO

X

Institutionalize metrics

Plan metrics implementation including data collection mechanisms and integration with existing organizational and people metrics.

ECSO

X

Monitor performance Periodically collect data, provide management visibility into performance.

ECSO X

Report performance versus goals Periodically roll up performance against the VA Cloud Strategy goals and report to senior VA leadership.

ECSO X




Review and adjust Reward performance and/or identify root causes of performance issues and adjust as needed.

ECSO X X

Objective 1.2: Migrate and Transform enterprise systems using the VAEC first

Action 1.2.1: Develop and execute an application migration strategy

Migrate applications

Sequence migrations into waves and initiate migrations, use lessons learned from each wave for continuous process improvement. Successfully migrate apps at an increasing quarterly rate per quarter.

ECSO/PMs5

X X X X X X

Develop technical roadmap for VAEC migration

Develop an FY19+ cloud migration roadmap for all remaining applications.

ECSO

X

Perform suitability assessment

Start performing perform engineering and performance optimization analysis on applications prior to migration to assess readiness and determine type of migration applicable (6R's)6.

ECSO X

Develop automated migration services Increasingly convert manual migration processes to automated migration services.

ECSO X

Action 1.2.2: Migrate commodity applications to CSPs

Migrate commodity applications

ECSO will coordinate viable applications, including infrastructure, collaboration, and storage, with migrations to VAEC CSPs.

PMs X X X X

Action 1.2.3: Ensure new applications developed conform to the VAEC architecture

Ensure cloud compliance of new developments

New applications will be architected to be cloud-aware or cloud-native going forward.

AES

X X X

Action 1.2.4: Operate and maintain the VAEC

Create and provide cloud governance High level guidance on operations and management of VAEC

ECSO X X X X X

Implement operational governance

Implementing, maintaining, and enforcing VAEC operating policies, procedures, and mechanisms for all cloud environments

ITOPS X X X X X

Implement incident management process

Clearly identified touchpoints and handoffs between CSPs OIT teams to include help desk. Operating in a multi-vendor environment, with many handoffs between suppliers introduces additional complexity for incident triage and resolutions activities.

ITOPS X X X X X

5 PM – Project Manager

6 The 6Rs refer to cloud migration options: Remove, Retain, Replatform, Rehost, Repurchase, and Refactor




Implement access management process

Clearly identify process for granting authorized users the right to use cloud services, while preventing access by non-authorized users.

ITOPS X X X X X

Implement request fulfillment process

Clearly define process for fulfilling user requests; communicate with users to ensure they know what standard services request fulfillment can perform.

ITOPS X X X X X

Implement event management / monitoring

Mature event monitoring practices in place as service providers are increasingly integrated into the business.

ITOPS X X X X X

Manage problems Evaluate multiple incidents to identify common root causes and fixes.

ITOPS X X X X X

Monitor services proactively

Implement proactive service monitoring and self-healing, specifically for compute, network and storage Quality of Service (QoS).

ITOPS X X X X X

Manage change (configuration)

Increased automation and integration of IT service management capabilities. Facilitated review/approval of all changes to production environment(s).

ITOPS X X X X X

Manage release and deployment Cross-functional, collaborative approach to testing and transitioning products/services into production.

ITOPS X X X X X

Manage service catalog

Catalog provides clear understanding of cloud migration and management services offered. Will be critical to integrate services into easily accessible self-service portal closely tied to service pricing. As the vendor landscape broadens, critical to ensure services are defined and consolidated into a single point of access for consumers.

ITOPS X

Manage SLAs

As number of cloud models increase with external CSPs, key is to define SLAs to monitor and measure performance on services delivered. Incorporate security and exit SLAs (how a system or application can move from the cloud) .

ECSO X

Goal 2: Introduce new, innovative capabilities and services for Veterans faster

Objective 2.1: Optimize agile, timely processes

Action 2.1.1: Continually improve processes for acquiring cloud capacity and services

Analyze acquisition process

The ECSO, in conjunction with the TAC, will develop a streamlined process for acquiring cloud capacity and services.

ECSO/TAC

X

Reengineer and improve Continuously improve the resulting cloud acquisition process based on lessons learned.

ECSO/TAC

X

Action 2.1.2: Streamline processes for provisioning environments

Develop and utilize IT automation toolbox Acquire and train on toolsets e.g. CMP, GitHub. ECSO X X X X X X X

Automate provisioning

Leverage the CMP to provide automated provisioning, release, and deployment of infrastructure, platform, and end-user computing services, all delivered through

ITOPS X X




a self-service portal.

Develop pre-approved templates Reduce design effort via pre-approved templates. AES X X

Develop automated workflow approvals Automate workflow approvals for pre-approved templates and catalog items.

ITOPS X X

Action 2.1.3: Provide cloud migration and management tools

Increase automation and DevOps capabilities to manage multiple and continuous deployments Iterate and implement a DevOps model .

ITOPS

X X X X

Employ Continuous Integration (CI) / Continuous Deployment (CD) tools

Integrate CI/CD tools into VAEC for policy enforcement.

ITOPS

X X X X

Action 2.1.4: Continually improve security timelines

Shorten ATO timelines

Target reductions in Authority to Operate (ATO) decision timelines through ATO inheritance from CSP Federal Risk and Authorization Management Program (FedRAMP) inheritable controls and VAEC General Support Services ATOs.

ECSO X

Implement Secure DevOps

Incorporate agile and automated methods to continually integrate and deliver cybersecurity capabilities (Secure DevOps).

ITOPS X X X X

Objective 2.2: Leverage modern technologies and innovation to deliver improved mission capabilities for Veterans

Action 2.2.1: Enhance adoption and adaptation speed for third-party commercial or Government-off-the-shelf (COTS/GOTS) cloud capabilities.

Develop SaaS strategy Develop strategy for rapid incorporation of SaaS offerings.

TS X X

Identify high priority applications and fund FedRamp evaluation

For select SaaS applications that are not currently FedRamp certified, and are high priority targets for VA, fund FedRamp evaluation.

DMD X

Action 2.2.2: Provide the VA research community and external partners with ubiquitous cloud computing capabilities and data access

Develop policies and strategies for supporting research communities using cloud based technologies

Working with the VA research community, the ECSO will develop policies for funding capacity and hosting the software and data associated with research programs that have specific security, privacy, and data ownership requirements.

ECSO

X X X

Action 2.2.3: Enable applications for mobile devices; enable Internet of Things (IoT) medical devices

Develop a microservices strategy

Develop microservices strategy with Veterans Health Administration (VHA) and IT Account Managers (ITAMs).

ECSO

X

Goal 3: Expand enterprise computing capability while improving Veteran and VA data privacy and security (Note that this goal and associated objectives/actions will be revised as the OIS Cloud Security Strategy Roadmap is developed)

Objective 3.1: Safeguard cloud services




Action 3.1.1: Revise VA security policies, processes and procedures to support the transition to a cloud-based environment

OIS

X

Action 3.1.2: Monitor and provide complete cybersecurity visibility of the VA cloud-based environment

OIS X

Action 3.1.3: Expand VA response and recovery capabilities to incorporate the VA cloud-based environment

OIS X

Action 3.1.4: Incorporate new technologies and technical solutions to ensure the security and resilience of the VA cloud-based environment

OIS X


Objective 4.1: Strengthen the current OIT workforce to enable staff members to better use cloud technologies to deliver services

Action 4.1.1: Develop cloud OCM approach

Review and update existing OCM plan Engage OIT leadership to understand change management challenges from a cross-OIT perspective, not just within individual OIT stovepipes.

ECSO X

Identify existing organizational change management capabilities

Leveraging existing change management training, tools and skills where possible (e.g., in ITOPS) building on previous, successful change programs.

ECSO X

Strengthen ownership and sponsorship of cloud-related change

Review existing sponsors, identify new sponsors and engage all sponsors to review and "buy off” on the OCM approach and key strategies.

Cloud Exec

X

Action 4.1.2: Develop a phased, integrated communications plan to engage stakeholders, including OIT, business leaders, and others

Phase 1: Develop an EPMO focused communications plan

Develop a communications plan focused on EPMO. ECSO X

Phase 2: Expand communications plan to include ITOPS

Analyze ITOPS stakeholders, develop key messages and leverage existing communications channels or develop new channels to deliver critical messages.

ECSO X

Phase 3: Expand Communications plan to include business stakeholders

Analyze business stakeholders, develop key messages and leverage existing communications channels or develop new channels to deliver critical messages.

ECSO X

Action 4.1.3: Determine existing and needed OIT and acquisition capabilities to support rapid, cloud-based development/migration and efficient, secure operations

Execute OIT-wide, integrated study to identify needed skills and skill gaps

Working with VA Human Resources (HR), determine needed cloud-specific (e.g., AWS, MAG), VAEC specific (how to write modular code), acquisition and complementary skills (e.g., agile) critical to fully

ECSO w/HR&A7

X

7 HR&A – Human Resources and Administration




leveraging cloud-based technologies. Compare against existing skills to determine skill gaps.

Determine overall strategies for addressing gaps Develop a plan for addressing gaps across OIT.

HR&A X

Action 4.1.4: Develop an integrated staff development and training plan

Review available cloud-specific training

Identify existing (e.g., in the Talent Management System (TMS)) or other off-the-shelf training capabilities.

ECSO/ ITWD8

X

Identify commercial certifications and develop a funding and promotion plan for them

Identify commercial certifications and develop a plan for funding and promoting these to existing employees. Use these as incentives to retain key employees and attract new talent.

ECSO/ITWD

X

Make staff aware of available training Integrate with communications plan. ECSO X

Establish training for acquisition professionals

As deployment models shift toward the cloud, nurture the skillsets with commercial knowledge to develop standard contracting language with defined performance metrics and controls.

TAC X

Develop customized courses to address OIT-specific cloud capabilities

Where necessary, supplement existing courses with custom-developed courses.

ECSO X

Review existing organizational structures and roles & responsibilities and adjust as needed

Review existing organizational structures and roles & responsibilities and adjust as needed.

Org. Leader

X

Establish cybersecurity professional training

Develop and train the VA cybersecurity workforce to be able to plan, build, operate and maintain the VA cloud-based environment.

OIS X

Action 4.1.5: Develop incentive programs and performance criteria

Review executive and management incentives and update if necessary

Integrate with the cloud performance management strategy.

HR&A X

Develop staff incentive programs to promote and reward effective use of cloud-based technologies

Reward and recognize successful cloud implementation and promote early wins. Integrate with communications plan.

HR&A X

Update job descriptions and performance criteria for cloud-related OIT positions

Work with VA HR&A to update job descriptions and performance criteria for cloud-related OIT positions.

ECSO X

8 ITWD - IT Workforce Development



5 Next Steps VA intends this Roadmap to be a living document that will be updated regularly to show progress and incorporate changes in tactics driving toward strategic outcomes. VA decision making will be better informed if the roadmap is successfully maintained, since it is intended to aid in validating alignment between activities and a specific set of strategic objectives. Maturing the roadmap will require regularly monitoring the organization and documenting new initiatives that arise due to governance board decisions, executive sponsorship, or mandates. VA can initially measure success by reviewing adherence to predicted completion deadlines, and determining capabilities gained upon the completion of each activity outlined in the roadmap and its corresponding goals and objectives. Ultimately, VA will measure success by examining the outcomes achieved and how closely they approximate the goals and objectives established at the beginning of the roadmap. To aid in this assessment, VA will update the roadmap regularly to reflect the planned outcomes of activities, expected delivery dates, and alignment with the four goals, as well as when projects are completed, terminated, or suspended.

Planned Development Activities

To increase the effectiveness of the Roadmap, the following strategic management/planning activities are approved and planned:

1. Align the VA Cloud Strategy Roadmap with other Enterprise Portfolio initiatives in the OIT Comprehensive IT Plan.

2. Coordinate schedules based on the activities listed in this Roadmap 3. Update communications plan to include communications for VA Cloud Strategy and

Roadmap 4. Develop a process for regularly updating/refreshing the Strategy and the Roadmap

quarterly. 5. Identify the metrics that will be utilized to measure progress towards achieving the

goals and objectives outlined in the VA Cloud Strategy



Appendix A: References

[1] Department of Veterans Affairs, "VA Directive 6517, Risk Management Framework for Cloud Computing Services," Department of Veterans Affairs, Washington, DC, 15 Nov 2016.

[2] J. Everett and L. Jones, "Use of VA Enterprise Cloud (VAEC) to Host Applications," Department of Veterans Affairs, Washington, DC, 16 Jan 2018.

[3] B. James, "Use of Cloud Native Technologies and Approaches," Department of Veterans Affairs, Washington, DC, 10 Apr 2018.

[4] Department of Veterans Affairs, "VA OIT EPMO Cloud Strategy," Department of Veterans Affairs, Washington, DC, 8 Feb 2018.

[5] Office Of Information Technology, "OIT Comprehensive IT Plan," Department of Veterans Affairs, Washington, DC, 20 Sep 2017.

[6] Department of Veterans Affairs, "FY1 2018 - 2024 Strategic Plan," Department of Veterans Affairs, Washington, DC, 2018.



Appendix B: Acronyms AES Architecture and Engineering Services

API Application Program Interface

ATO Authority to Operate

AWS Amazon Web Services

CAS Cloud Advisory Services

CD Continuous Deployment

CI Continuous Integration

CIO Chief Information Officer

CISO Cyber and Information Security Officer

CMP Cloud Management Platform

COMS Cloud Operations and Migration Services

CONOPS Concept of Operations

COTS Commercial Off-The-Shelf

CSL Cloud Service Line

CSP Cloud Service Provider

DM Demand Management

DMD Demand Management Division

ECAF Enterprise Cloud Adoption Framework

ECS Enterprise Cloud Solutions

ECSO Enterprise Cloud Solutions Office

ECSR Enterprise Cloud Service Request

EPMO Enterprise Program Management Office

FedRAMP Federal Risk and Authorization Management Program

FISMA Federal Information Security Management Act

FOC Final Operating Capability

FY Fiscal Year

GOTS Government Off-The-Shelf

GSS General Support Services

HR Human Resources

HR&A Human Resources and Administration

I&A Intake and Analysis

ICSL Information Operations Cloud Service Line

IO Infrastructure Operations

IOC Initial Operating Capability

IoT Internet of Things

IT Information Technology

ITAM IT Account Manager



ITOPS IT Operations and Services

ITWD IT Workforce Development

MAG Microsoft Azure Government

MYP Multi-Year Plan

NCA National Cemetery Administration

NIST Federal Information Security Management Act

OCM Organizational Change Management

OIS Office of Information Security

OIT Office of Information and Technology

PM Project Manager

POA&M Plan of Action & Milestones

QoS Quality of Service

RFP Request for Proposal

SaaS Software-as-a-Service

SLA Service Level Agreement

SLO Service Level Objective

SME Subject Matter Expert

TAC Technology Acquisition Center

TIC Trusted Internet Connection

TMS Talent Management System

TRM Technical Reference Model

TS Technology Strategies

VA Department of Veterans Affairs

VAEC VA Enterprise Cloud

VAPC VA Private Cloud

VASI VA System Inventory

VBA Veterans Benefits Administration

VHA Veterans Health Administration

Department of Veterans Affairs Cloud Strategy Roadmap...

Documents

Transcript of Department of Veterans Affairs Cloud Strategy Roadmap...