Submitted by:

David Alexander, Director Geospatial Management Office

245 Murray Lane SW, Building 410 Washington, DC 20528

P: 202-447-3727 F: 202-447-3500

David.Alexander1@dhs.gov

May 10, 2013

Award Submittal

URISA EXEMPLARY SYSTEMS IN GOVERNMENT AWARD (ESIG)

The Department of Homeland Security Geospatial Information Infrastructure (GII)

URISA ESIG AWARD NOMINATION

Geospatial Information Infrastructure Page 1 of 9

A. SYSTEM A.1 NAME OF SYSTEM AND ESIG CATEGORY The Department of Homeland Security (DHS) Geospatial Management Office (GMO) submits the Geospatial Information Infrastructure for an URISA ESIG Award in the category of Enterprise Systems. A.2 LETTER FROM THE EXECUTIVE ADMINISTRATOR AUTHORIZING THE SUBMISSION – APPENDIX A

URISA ESIG AWARD NOMINATION

Geospatial Information Infrastructure Page 2 of 9

A.3 ONE PAGE SUMMARY ON SYSTEM ACCOMPLISHMENTS AND WHY IT’S EXEMPLARY The Department of Homeland Security (DHS) Geospatial Management Office (GMO) is directed to coordinate geospatial activities for the Department under the authorities described in Public Law 108-458, December 17, 2004 Section 8201 b.2.ii. This authority is further clarified in DHS Management Directive 4030, November, 2004 which directs the DHS GMO to ensure interoperability across DHS geospatial systems and to facilitate integration of DHS geospatial information and technology required to meet the needs of all DHS operational elements. Under the auspices of MD 4030, the DHS GMO initiated the Geospatial Information Infrastructure (GII) program in 2006 as the common operating environment for geospatial services across the Department. The DHS Under Secretary for Management (USM) further designated the GII as the Enterprise geospatial solution platform for the Department by memorandum in December 2007. The GII is constructed based on the Department’s Enterprise geospatial software, with a customized interface that provides “Common Operating Picture” (COP) views of geospatial and mission data to end users using the Homeland Security Information Network (HSIN). Geospatial Common Operating Data (COD) is provided by the Homeland Security Infrastructure Protection (HSIP) Gold data incorporated into the existing GII data architecture. DHS achieves its federally mandated objective through the GII by providing robust geospatial services, including capabilities supporting Common Operating Pictures and User Defined Operating Pictures (UDOP), supporting centralized archive and storage of COD and federated access to mission and real time data, and supporting services that will include geocoding, imagery map and feature services, and support real time streaming video from both land based and airborne sensors. Since its inception, GII has delivered Enterprise level geospatial services including access to Bing Map, Google and Esri Enterprise Level Agreements for imagery and GIS server processing. The GII has also brokered access to DHS licensed data products through secure access controls, established map visualization and analytical tools like OneView, and facilitated access to both sensitive but unclassified (SBU) geospatial content as well as public facing content through a seamless geospatial content platform, called GeoPlatform. Delivery of these Enterprise geospatial services and the establishment of a robust user community have made the GII a tremendously critical asset to the Department allowing it to meet its congressionally required objectives, contribute to the mission, and serve its homeland security partners. A.4 THREE USER TESTIMONIALS – APPENDIX B

Figure 1 GII’s map visualization geoanalytics tool, OneView

URISA ESIG AWARD NOMINATION

Geospatial Information Infrastructure Page 3 of 9

B. JURISDICTION B.1 NAME OF JURISDICTION Developed and Maintained by DHS Office of the Chief Information Officer (OCIO) – Geospatial Management Office (GMO). B.2 POPULATION SERVED BY THE ORGANIZATION/AGENCY The GII is the Sensitive but Unclassified (SBU) geospatial services environment for the Homeland Security community – Federal, State, Local & Governments as well as the NGOs and private sector entities that support the Homeland Security mission. The vast user support provided by the GII makes this system not only the enterprise geospatial platform the Department of Homeland Security but also the go to SBU geospatial platform for the entire community. B.3 ANNUAL TOTAL BUDGET FOR JURISDICTION $1.75 million B.4 NAME, TITLE, AND ADDRESS OF CHIEF OF ELECTED AND OR APPOINTED OFFICIALS Margie Graves DHS Chief Information Officer (Acting) 245 Murray Lane SW, Building 410 Washington, DC 20528 B.5 NAME, TITLE, ADDRESS, TELEPHONE, FAX, AND EMAIL FOR THE CONTACT PERSON FOR THE SYSTEM David Alexander Director Geospatial Management Office 245 Murray Lane SW, Building 410 Washington, DC 20528 P: 202-447-3727 F: 202-447-3500 David.Alexander1@dhs.gov

URISA ESIG AWARD NOMINATION

Geospatial Information Infrastructure Page 4 of 9

C. SYSTEM DESIGN C.1 WHAT MOTIVATED THE SYSTEM DEVELOPMENT? DHS required an enterprise geospatial capability to support the diverse missions of the Homeland Security Enterprise. DHS has substantial investment of ad-hoc and stove-piped geospatial capability. The GII provided an opportunity for rationalizing core requirements for geospatial capability to promote operational efficiency and effectiveness. The GMO implemented the GII by leveraging best of class capabilities already deployed within DHS. These capabilities were consolidated and relocated to the DHS data center to provide a foundation for the GII. C.2 WHAT SPECIFIC SERVICE OR SERVICES WAS THE SYSTEM INTENDED TO IMPROVE? The GII was intended to improve the delivery and provisioning of core geospatial technology requirements for shared system hosting, computing, processing, data, analytics, and visualization capabilities. It was intended to provide secure, common access, authoritative and trusted data feeds, and reliable and interoperable infrastructure for hosting geospatial applications and services as well as publishing and serving common operating data and basemaps. The GII provides an enterprise class, strategic resources to general users, geospatial analysts and professional, and GIS developers and systems architects. C.3 WHAT, IF ANY, UNEXPECTED BENEFITS DID YOU ACHIEVE? End users are able to create and share maps on the fly during an emergency event across federal, state and local agencies. The appetite from state, local, tribal and territorial partners to use GII services to enable their missions. The re-use of GII services to power business functions supporting cyber security, human capital planning, financial and grant administration and a variety of front line operations across US Coast Guard and Border Security.

C.4 WHAT SYSTEM DESIGN PROBLEMS WERE ENCOUNTERED? Implementing clustering was an unfamiliar territory especially with the DHS security requirements. SQL Server requires use of Active Directory that posed challenges and the necessity to work with other business units across the DHS data Center to configure the load balance within the network and security architecture. Clustering allows for better reliability with a failover component and has a multi-thread routing component to relay requests from a busy machine to avoid backups. Two database servers were clustered and eight ArcGIS 10.1 servers were clustered. Implementing application load balance in tandem with DHS access controls protocols based a significant challenge as the GII requires the ability to support external access at the user and system level based on individual user accounts and system tokens. This required collaboration with the DHS IT security and data center staff through joint effort to implement an extranet type enclave for the GII that operated within the trusted internet connection fabric of the DHS network that met federal security requirements and still allowed for approved external user access.

URISA ESIG AWARD NOMINATION

Geospatial Information Infrastructure Page 5 of 9

C.5 WHAT DIFFERENTIATES THIS SYSTEM FROM OTHER SIMILAR SYSTEMS? The technical upgrade differentiates itself from the former technology as it is scalable. When the need arises more machines can be added with technologies’ latest software. The new upgrade also allows for interoperability with open source and 3rd party data. For example, GII is pulling FEMA’s IPAWS via GII to deliver to HSIN. This capability addresses budget cuts as it leverages information already being gathered.

D. IMPLEMENTATION

D.1 WHAT PHASES DID YOU GO THROUGH IN DEVELOPING THE SYSTEM? The phases of implementation include:

• Phase 1: Budgeting discussions were held to determine the system infrastructure. The initial infrastructure was inherited from a previous system and costs were contained by re-using hardware for initial efforts. As the system was materialized it became more cost effective to migrate to virtual infrastructure and systems. Availability of funding is always a consideration.

• Phase 2: System Architecture discussions were held resulting in the design of a high-performance, high-visibility, secure system based upon industry standards and DHS requirements. The Architects created system diagrams and work flows in support of the comprehensive System Design Document.

• Phase 3: Extensive peer review of system design documentation was conducted and numerous modifications and clarifications were included with the final architecture.

• Phase 4: A formal approval process was undertaken with appropriate sign-offs from leadership on the design documentation and architecture.

• Phase 5: The underlying API and custom application components were developed and initial testing conducted in the development environment.

• Phase 6: Initial installation and configuration of the system in the to-be Production environment was carried out within an enterprise data center.

• Phase 7: Continuous unit testing was performed throughout development as part of the Agile Development process followed by full regression testing prior to interim releases. User Acceptance Testing was performed prior to Production Releases

• Phase 8: Final installation and configuration in the Production environment was carried out with the end result being a fully capable highly available, scalable enterprise level system.

D.2 WERE THERE ANY MODIFICATIONS TO THE ORIGINAL SYSTEM DESIGN? WHY? WHAT? While the initial design satisfied all of the system requirements, it was determined that functionality could be improved. In order to support an improved user experience, Portal for ArcGIS was added. This improved search capabilities and allows users to search, discover and add data from outside sources. Additionally, users can create maps, add data on the fly, save and share those maps with others.

URISA ESIG AWARD NOMINATION

Geospatial Information Infrastructure Page 6 of 9

These changes added additional complexity in the authentication components due to the hierarchical nature of the new data and maps. The system was then modified to manage this complexity and deliver a successful integration. The initial design used Oracle as the database. It was determined that SQL Server would be a more cost effective solution and the system was upgraded to use the new database. This allows for the use of SQL Spatial and eliminates the issues associated with Oracle licensing.

E. ORGANIZATIONAL IMPACT E.1 WHAT USER COMMUNITY DOES THE SYSTEM SERVE AND HOW? The DHS GII serves a broad community including DHS Headquarters, the DHS Common Operating Picture, DHS components, other federal agencies, and many state and local fusion centers. With such a robust user community, the GII is essentially providing services to tens of thousands of users. These users, made up of senior decision makers, national security staff, intelligence and analysis personnel, and first responders rely on the DHS GII to support their missions. The DHS GII provides critical mission information and support through data layers, services, common APIs users can develop from, and geospatial mapping applications that allow these users to track, prepare for, respond, and recover from countless manmade and natural disasters every year. E.2 WHAT ARE THE ULTIMATE DECISIONS/OPERATIONS/SERVICES BEING AFFECTED? The DHS GII supports the DHS mission of responding to threats and hazards to the nation by collecting, sharing and displaying multi-dimensional information that facilitates collaborative planning and responses to these threats. The DHS GII is supporting decisions, operations, and services from individuals throughout the federal government, state and local governments, and private partners that assist our country in areas such as: identifying threats both domestically and abroad, preparing for natural disasters, responding to myriad of incidents that happen on a daily basis, and helping America recover as quickly as possible when necessary. E. 3 WHAT WERE THE QUANTITATIVE AND QUALITATIVE IMPACTS OF THE SYSTEM? Given the high number of users the DHS GII must support and the need for it to be available 24/7/365 with hardly any downtime it’s not surprising that the system encounters a lot of traffic. With the expansion of new and improved services, however, the utilization of DHS GII services has been overwhelming. The use of map services averages around 350,000 pulls a month (OGC map services – WMS, WFS, KML as well as Esri REST map services). During Super Storm Sandy, this number reached over 1,000,000 showing the direct impact and importance the DHS GII has on supporting mission goals. As the importance of information sharing continues to grow, the DHS GII is at the forefront in helping the federal government leverage data with higher quality. E.4 WHAT EFFECT HAS THE SYSTEM HAD ON PRODUCTIVITY? The DHS GII has had several positive effects on productivity. The first is that many users no longer have to go to disparate sources to gather the data they need. Through the use of the GII, users are automatically connected to over 400 data layers without having to piece-meal a

URISA ESIG AWARD NOMINATION

Geospatial Information Infrastructure Page 7 of 9

solution together. Additionally, through the use of the sharable API, other agencies are able to grab a 90% complete GOTS product and customize the last 10% for their specific needs instead of having to start from scratch. E.5 WHAT, IF ANY, OTHER IMPACTS HAS THE SYSTEM HAD? The services provided by the GII have created standard map visualization and data processing tools that are utilized in applications across the Department of Homeland Security, thus reducing the need for recreating these tools. By providing tools and services for the enterprise, it allows DHS components to instead focus on mission specific needs. E.6 HOW DID THE SYSTEM CHANGE THE WAY BUSINESS IS CONDUCTED WITH AND/OR SERVICE DELIVERED

TO CLIENTS? • Created a more stable environment for users to connect to. • Allowed for significant cost savings throughout the department by allowing everyone to

connect to enterprise services. • Started a conversation within DHS and to an extent in the federal government about the

importance of data sharing and standards that everyone should be using to ensure advanced information sharing.

F. SYSTEM RESOURCES F.1 WHAT ARE THE SYSTEM’S PRIMARY HARDWARE COMPONENTS? The infrastructure for the GII recently underwent a significant technology refresh to keep pace with an ever increasing user community. With the upgrade the Department looked to leverage virtual machines, which would allow them to consolidate servers, increase utilization, and promote faster recovery time in case of failure. Prior to the refresh the GII footprint consisted of six physical servers. Today the primary hardware components consist of three blade servers hosting 22 virtual machines, a significant increase in capacity and computing power. Using blade servers and virtual machines reduces the GII’s environmental footprint while also being economically affordable. The increased capacity and overall improvements allows the Department to continue to expand the GII offering to its homeland security partners. F.2 WHAT ARE THE SYSTEM’S PRIMARY SOFTWARE COMPONENTS? The systems primary software components are Windows Server 2008 r2, IIS 7.5 (webserver), ArcGIS Server 10.1 and SQL Server 2008 r2. The GII recent technology refresh not only implemented new hardware but also drastically revised its software environment. Some of the major transitions included migration of the Java based ArcGIS Server 9.3.1 web services to ArcGIS Server 10.1 .NET based services, migration of the Bing API to the Esri API and transitioning the web server from Apache Tomcat to Internet Information Server 7.0. In addition, the GII will be implementing the SBU GeoPlatform that is being built in coordination with the Federal GeoPlatform (Public GeoPlatform). This close coordination allows for the Homeland Security community to have access to both SBU geospatial content as well as public facing content through a seamless geospatial content platform.

URISA ESIG AWARD NOMINATION

Geospatial Information Infrastructure Page 8 of 9

F.3 WHAT DOES THE SYSTEM WORK WITH? The GII architecture consists of both private and public cloud infrastructure. DHS’s private cloud services, hosted in DHS’s hardened datacenter, support access to secure but unclassified data, including the Homeland Security Infrastructure Protection (HSIP) Gold, DHS mission data, geoanalytics software and data feeds from mission partners like USGS, NOAA, NORTHCOM, etc. Data feeds and services leverage Open Geospatial Consortium (OGC) standards such as Web Map and Web Features Services, GeoRSS, KML/KMZ and other common standards such as Esri REST (json) and Common Alert Protocol (CAP) conversion tools. Additionally, the base map, imagery services, geocoding and other services leverage public cloud infrastructures including Microsoft, Google and Esri. The DHS Homeland Security Information Network (HSIN) identity management services are used to perform user access control to the GII. The GII user community is able to use their HSIN credential to access map services and OneView, a map visualization tool. Re-use of the DHS HSIN identity management services both reduces the overall cost of the GII program and also provides a single sign on capability to both HSIN and the GII mission partners. The GII has a broad range of homeland security partners who are accessing the GII including the following:

• Charlotte Fire Department • City of Tampa • Defense Threat Reduction Agency • DHS National Protection and

Programs Directorate / Information Infrastructure Collection Division

• DHS Office of Health Affairs • DHS Office of Infrastructure

Protection • DHS OPS/HSIN • DHS US Citizenship and Immigration

Services • DHS US Coast Guard

• DHS US Secret Service • FAA Emergency Operations

Network • Governor Commonwealth of

Virginia • Idaho Bureau of Homeland

Security • Montana DoJ • NOAA/ NOS/ Office of Response

and Restoration • NORTHCOM • State of Oregon • State of Wyoming • Veterans Affairs

URISA ESIG AWARD NOMINATION

Geospatial Information Infrastructure Page 9 of 9

F.4 WHAT STAFF RESOURCES WERE REQUIRED TO IMPLEMENT THE SYSTEM? The team was bi-coastal with offices in Reston, VA and Kihei, Maui, Hawaii. This allowed for a 14-hour engineering day helping the development happen quickly while offering DC-Metro area clients after hours support from the Maui Software Development Center.

F.5 COMMENT ON ANYTHING UNUSUAL ABOUT THE RESOURCES USED TO DEVELOP THE SYSTEM? The project team includes a project director, a GIS architect, .NET developer and third party consultants for security component and networking. The team used an Agile development methodology to successfully design, develop, and deploy the GII infrastructure and complimentary software. Agile software development is a group of software development methods based on iterative and incremental development, where requirements and solutions evolve through collaboration between self-organizing, cross-functional teams.

DEPARTMENT OF HOMELAND SECURITY GEOSPATIAL INFORMATION INFRASTRUCUTRE (GII)

Appendix A – Authorization Letter

Appendix A

DEPARTMENT OF HOMELAND SECURITY GEOSPATIAL INFORMATION INFRASTRUCUTRE (GII)

Appendix B –

User Testimonials

Appendix B