Federated Model Service Definitions with LOB 2010-10-15 Consolidated

Federated Model

Service Team Deliverables

Service Definitions Functional Organizational Charts With Enhanced LOB Information

October 8, 2010 Updated 10/15/10

Desktop Computing (Updated) IT Service Desk

Network Management Security & Risk Management

Server Management & Database Administration

[page intentionally left blank]

Desktop Computing Service Definitions

Lifecycles and Customer-Facing Services: Desktop Hardware Desktop Software Multi-Function Devices

October 15, 2010

Service Definitions Desktop Computing

Table of Contents I. Overview ...............................................................................................................................4 II. Acronyms ..............................................................................................................................4 III. Desktop Hardware Lifecycle ..............................................................................................5

A. Planning.............................................................................................................................6 1. Exceptions to Standard Hardware..................................................................................6 2. Hardware Role Definition/Maintenance ..........................................................................6 3. Special Projects..............................................................................................................7

B. Procurement ......................................................................................................................7 1. Standard Desktop Hardware Purchasing (Monthly) .......................................................7 2. Expedited Hardware Purchasing ....................................................................................8 3. Exception Hardware Purchasing ....................................................................................8

C. Deployment ....................................................................................................................9 1. Hardware Configuration..................................................................................................9 2. Software Deployment ...................................................................................................10 3. Delivery to Users ..........................................................................................................11 4. Training (Users and IT Staff) ........................................................................................11

D. Management ................................................................................................................12 1. End-User Desktop Support...........................................................................................12 2. Training (Users and IT Staff) ........................................................................................12 3. Knowledge Management..............................................................................................13 4. Security ........................................................................................................................13 5. Asset Management.........................................................................................................14

E. Retirement .......................................................................................................................15 1. Hardware Removal.......................................................................................................15 2. Liability Release ...........................................................................................................15

IV. Desktop Software Lifecycle..............................................................................................16 A. Planning...........................................................................................................................17

1. Exceptions to Standard Software .................................................................................17 2. New Technology Research / Validation........................................................................18 3. Software Role Definition / Maintenance .......................................................................19 4. Special Projects............................................................................................................19

B. Procurement ....................................................................................................................20 1. Standard Desktop Software Purchasing.......................................................................20 2. Emergency Software Purchasing .................................................................................20 3. Exception Software Purchasing....................................................................................21

C. Deployment ..................................................................................................................21 1. Training (Users and IT Staff) ........................................................................................21

D. Management ................................................................................................................22 1. End-user Software Support ..........................................................................................22 2. Software Change Management....................................................................................23 3. Training (Users and IT Staff) ........................................................................................23 4. Knowledge Management..............................................................................................24

E. Retirement .......................................................................................................................24 1. Software Removal ........................................................................................................24

V. Multi-Function Device Lifecycle ...........................................................................................25 A. Planning...........................................................................................................................26

Page 2 of 39 10/15/2010


1. Exceptions to Standard Printers ...................................................................................26 2. Fleet Planning (Role Definition / Maintenance) ............................................................26 3. Special Projects............................................................................................................27

B. Procurement ....................................................................................................................28 1. Exception Printer Purchasing .......................................................................................28

C. Deployment ..................................................................................................................29 1. Delivery to Location......................................................................................................29 2. Training (Users and IT Staff) ........................................................................................30

D. Management ................................................................................................................31 1. End-User Printer Support .............................................................................................31 2. Training (Users and IT Staff) ........................................................................................32 3. Knowledge Management..............................................................................................33

E. Retirement .......................................................................................................................34 1. Printer Removal............................................................................................................34

VI. Additional LOB Services ..................................................................................................35 A. Desktop Hardware Configuration .....................................................................................35 B. Desktop Hardware Support..............................................................................................35 C. Desktop Application Management ...................................................................................35 D. Business Process Management ......................................................................................35 E. Compliance Management ................................................................................................36 F. Customer Relationship Management...............................................................................36

VII. Desktop Hardware – Functional Org. Chart .....................................................................37 VIII. Desktop Software – Functional Org. Chart ......................................................................38 IX. Multi-Function Devices – Functional Org. Chart...............................................................39

Page 3 of 39 10/15/2010


Page 4 of 39 10/15/2010

I. Overview The services in Desktop Computing include all aspects of the desktop computing lifecycle for three categories: hardware, software, and multi-function devices (printers, etc.). The lifecycle includes:

• Planning • Procurement • Deployment • Management • Retirement

This document describes the customer -facing services offered by desktop computing at each stage of the lifecycle for each of the three categories. Each section contains a diagram of the lifecycle for the category followed by a description of each service. The services that are listed in blue on the diagrams are the customer-facing services that are described in this document.

II. Acronyms APEX Hennepin County’s implementation of PeopleSoft BIO Business Information Officer CMDB Configuration Management Database EDS Enterprise Desktop Support EHD Enterprise Help Desk ERM Enterprise Risk Management IT Information Technology LOB Line of Business MFD Multi Function Device OS Operating System QA Quality Assurance SCCM System Center Configuration Manager TAMS Technology Asset Management System

http://en.wikipedia.org/wiki/System_Center_Configuration_Manager

III. Desktop Hardware Lifecycle

WF2232

Sticky Note

Planning should be customer facing what business requirements what features on equipment how long to keep new tech research


A. Planning

1. Exceptions to Standard Hardware

Service Summary: The Exceptions to Standard Hardware service provides a process to assess non-standard desktop hardware to meet unique situations. The standard hardware list was designed to meet most of the County’s desktop hardware needs. However, there are cases where the standard hardware isn't sufficient to meet the business needs. In these cases, IT will work with the Line of Business to select non-standard equipment that meets the business need while ensuring compatibility with our existing infrastructure.

Orderable: Yes

Authorized Requestors: LOB Liaison Supporting Team: Desktop Architect

Line of Business LOB Service Description LOB Support Role

All Develop and present business cases for exceptions to standard hardware.

LOB Liaison

PW Coordinate regulator changes on business line application software (i.e. MnDOT or Federally regulated changes, etc.)

LOB Technical Resource

2. Hardware Role Definition/Maintenance

Service Summary: The Hardware Role Definition service works with each Line of Business to define and maintain hardware roles to be used in the procurement and replacement of hardware. This service will ensure that the appropriate style of computer with the appropriate processing capacity will be assigned to staff (and public machines) based on a defined role. This service will work in conjunction with the Software Role Definition service to ensure that hardware roles are defined based on the requirements of the installed software and the users’ mobility needs. This service will also enable proactive replacement of hardware based on the equipment’s depreciation schedule. Communication will be established between the Line of Business and IT to ensure that roles are kept up to date. Orderable: Yes

Authorized Requestors: LOB Liaison Supporting Team: Desktop Architect, Desktop Engineering, IT Coordinator


All Work with IT Role Based services project on initial hardware user roles. Maintain roles as business needs and/or technology changes.

LOB Role Manager / LOB Liaison

Page 6 of 39 10/15/2010


3. Special Projects

Service Summary: The Special Projects service provides the Lines of Business with a way to meet their unique needs when the needs aren’t met by the defined processes. In these cases, IT will work with the Line of Business to create a Special Project to meet the user’s hardware needs. Examples of Special Projects include the need for a large number of PCs for a limited duration (elections) or planning for the opening of a new facility. Equipment purchased as a result of a special project may be handled as standard hardware or as an exception. Orderable: Yes

Authorized Requestors: BIO, LOB Liaison Supporting Team: IT Coordinator


All Develop and present business cases for special projects that arise. Depending on the scope and size of the project, additional project, business, and/or technical resources from the LOB and/or IT may be needed to support the effort.

LOB Liaison

B. Procurement

1. Standard Desktop Hardware Purchasing (Monthly) Service Summary: The Standard Desktop Hardware Purchasing service is the monthly consolidation and placement of hardware orders. The IT Department provides a Hardware Price List that contains the standard desktop hardware available for staff to purchase. The list outlines standard desktop hardware configurations and optional add-ons (with pricing information) that have been approved for Hennepin County business use. Hardware devices include desktop PCs, mobile PCs (laptops/tablets), monitors, and common accessories. Each Line of Business places its hardware order by the 15th of each month, and IT Purchasing places the order with the vendor by the 1st of the month. Orderable: Yes

Authorized Requestors: LOB Liaison Supporting Team: IT Purchasing


All Submit orders to IT Purchasing for standard desktop hardware.

LOB Hardware Coordinator / LOB Liaison

PW Monitor delivery of hardware orders and ensure timely replacement. Research issues or problems/delays in receipt with IT on behalf of the department.


Page 7 of 39 10/15/2010

WF2232

Sticky Note

need coordinator in LOB who decides which of the standards to order (to meet business need) - maintains the hardware role?


2. Expedited Hardware Purchasing

Service Summary: The Expedited Hardware Purchasing service provides a process to purchase hardware on an ad hoc basis outside of the monthly schedule. The County’s standard desktop hardware purchasing schedule is designed to meet most of the needs of County staff. However, there will always be situations where new hardware is needed outside of the monthly ordering process. An expedited order is an order that the Line of Business BIO has determined is critical to meet immediate business requirements and waiting for the monthly order would have an adverse effect on business operations. This process is also used internally to replace new equipment that is non-functioning when it arrives from the vendor. Orderable: Yes

Authorized Requestors: BIO, LOB Liaison Supporting Team: IT Purchasing


All Submit request to IT Purchasing for expedited hardware purchase.

LOB Hardware Coordinator / LOB Liaison BIO (approval)

3. Exception Hardware Purchasing Service Summary: The Exception Hardware Purchasing service provides a process to purchase non-standard desktop hardware to meet unique situations. Equipment may be ordered either on the monthly ordering cycle or as needed. The standard hardware list was designed to meet most of the County’s desktop hardware needs. However, there are cases where the standard hardware isn't sufficient to meet the business needs. Once the hardware is selected through the Exceptions to Standard Hardware process, IT will leverage existing hardware contracts to realize the lowest purchase price. Service Level Agreements will be written for long-term support of exception hardware. Orderable: Yes



All Submit order to IT Purchasing for approved hardware exception.


Page 8 of 39 10/15/2010


C. Deployment

1. Hardware Configuration Service Summary: The Hardware Configuration service is the customization of internal hardware settings as appropriate on desktops, notebooks and tablets to ensure compliance with County policy and efficient connectivity with the County’s IT network infrastructure. Rare cases may also include adding specific hardware to the computer as requested by the Lines of Business. However, instances of hardware additions to the standard configuration will need to be justified by the Lines of Business. Enhancements made to the PCs settings will have a positive effect upon its security (via password control) and the ability of notebooks and tablets to easily move between, and connect to County systems and data. Depending upon LOB and/or County policy, other features may be positively affected or even restricted in order to provide the appropriate and efficient functionality of the PCs. Orderable: Yes

Authorized Requestors: LOB Liaison Supporting Team: Enterprise Risk Management (ERM), Enterprise Desktop Services (EDS)


All Deployment of exception-based hardware configuration changes.


Page 9 of 39 10/15/2010

WF2232

Highlight

WF2232

Sticky Note

Need to retain LOB IT to support Kofax, scanners


2. Software Deployment Service Summary: The Software Deployment service packages and delivers enterprise and Line of Business applications to County-approved standard desktops for all departments via a centralized and managed tool. This service shall provide a standard tool set and process to be used enterprise-wide for the request and creation of application packages that can be tested against county and departmental-approved operating systems and applications. In addition, the tool allows for robust distribution of packaged applications both via scheduled (push) and on demand (pull) deployments per predefined hardware and/or software criteria. Finally, the tool set allows for appropriate logging, auditing, and reporting to appropriate staff of distribution, or failure of, packages to designated desktop systems. Once software is packaged, it is put in SCCM for easy deployment. The goal is for 85% of software deployment to be through packaged deliveries. For software that is not packaged, IT will follow standard installation processes to install the software manually. For replacement machines, the software will be installed by Desktop Support. New applications for a user will be installed by the Help Desk. This service will also ensure that all software deployments have the proper licenses for use. Orderable: Yes

Authorized Requestors: LOB Liaison Supporting Team: Enterprise Help Desk, Desktop Support, LOB support (for custom LOB applications)


All Deployment and configuration of LOB software that is not deployed via SCCM or another automated tool as agreed to. A list of software included in this category will be created and maintained.


Page 10 of 39 10/15/2010

WF2232

Highlight


3. Delivery to Users Service Summary: The Delivery to Users service is a turn-key service that ensures employees of Hennepin County receive a fully working and suitably-configured PC at the appropriate time. Delivery to the User ensures that the operating systems and applications have been installed and verified to the required standard in order for the users to perform the roles expected of them. This service also includes tracking that all components have been received by the customer in the case of partial orders. Several different methods of delivery may be used including delivery directly to a user’s workspace or through a deployment site. Orderable: No (delivery is scheduled when equipment arrives)

Authorized Requestors: N/A Supporting Team: Desktop Support / Deployment Team


All Deployment and configuration of non-supported hardware LOB Technical Resource/LOB Liaison/Vendors

PW Coordinate and troubleshoot delivery of equipment to users to ensure business activities can continue without interruption. Ensure line of business specific hardware and software modifications are included before replacement is made (i.e. solid waste equipment, etc.)


4. Training (Users and IT Staff) Service Summary: The Training service provides training resources to enable users to effectively use desktop hardware technology. The Training service provides templates and guidelines to allow technical resources to develop meaningful training materials. It provides instructions for proper set-up, use and care of devices. This may be in the form of written instruction, web-based reference, trouble-shooting tips, self-help knowledge database, or other forms. The service provides clear instructions for reporting equipment problems and requesting and obtaining replacement equipment, including the use of swap sites. Orderable: Yes

Authorized Requestors: LOB Liaison Supporting Team: Desktop Support


All Provide materials and/or training on LOB-specific hardware. LOB Technical Writer, Trainer

Page 11 of 39 10/15/2010

WF2232

Sticky Note

need for installation of scanners

WF2232

Sticky Note

coord with staff dev


D. Management

1. End-User Desktop Support Service Summary: The End-User Desktop Support service resolves issues that are received when the Level I Service Desk staff is unable resolved an issue on a county-approved device Level II and III support issues will be received based on referrals from the Service Desk. Using remote control diagnostics Desktop Support will evaluate the reported problem and attempt to resolve it. If the problem cannot be resolved within the defined Service Level Agreement, arrangements will be made with the customer to have their equipment replaced or repaired. Desktop Support will arrange an equipment swap, backing up a limited number of business files located on the desktop, where feasible and defined by best practices. On an exception basis, the support may require a visit to the customer’s location. For example printers, training room, conference room, networked and non-networked devices, and ADA devices may require a limited amount of desk-side support. Orderable: Yes

Authorized Requestors: End users Supporting Team: Desktop Support


All Desktop Hardware support of non-standard hardware. LOB Desktop Support

2. Training (Users and IT Staff) Service Summary: The Training service provides training resources to enable users to effectively use desktop hardware technology. The Training service provides templates and guidelines to allow technical resources to develop meaningful training materials. It provides instructions for proper set-up, use and care of devices. This may be in the form of written instruction, web-based reference, trouble-shooting tips, self-help knowledge database, or other forms. The service provides clear instructions for reporting equipment problems and requesting and obtaining replacement equipment, including the use of swap sites. Orderable: Yes



All Provide materials and/or training on LOB specific hardware. LOB Technical Writer, Trainer

Page 12 of 39 10/15/2010

WF2232

Highlight

WF2232

Highlight

WF2232

Highlight


3. Knowledge Management Service Summary: The Knowledge Management service is the collection of processes that govern the creation, dissemination, and utilization of knowledge. The process is responsible for gathering, analyzing, storing, and sharing knowledge and information related to desktop hardware within the County. The primary purpose is to improve efficiency by reducing the need to rediscover knowledge. The major focus of this service is to identify and gather content/information from various resources (documents, reports, manuals, and people) and other sources and to be able to search that content for meaningful relationships regarding desktop computing. Desktop related knowledge articles are created as an artifact to assist resources in knowledge understanding. The knowledge created by this service will be stored in the County Knowledge Management System and available to other staff (internal and external). Orderable: Yes

Authorized Requestors: All Supporting Team: EHD, all IT Staff (writing knowledge articles), LOB (LOB specific articles), Security (limiting access of articles to the appropriate people)


All Develop, publish, and maintain knowledge for LOB-specific services, applications, hardware, etc.

LOB Knowledge Management / Technical Writer / Subject Matter Expert

4. Security Service Summary: The Security service reduces the County’s risk exposure in the event of lost or stolen hardware. This is achieved by implementing hard drive encryption, asset tracking, and recovery software. The appropriate administration of workstation groups is then achieved via the establishment and management of Group Policies. Group Policies, managed by the Enterprise Risk Management team, provide centralized management and configuration of operating systems, applications and users' settings in an Active Directory environment and therefore all the IT Department to manage all servers, software, users and PCs in the user community in a consistent manner without individual intervention. Additional agility within the Group Policies allows for the implementation of exceptions. This additional flexibility affords the Lines of Business and employees the option of a highly tailored environment. Orderable: Yes

Authorized Requestors: LOB Liaison, project technical resources Supporting Team: Enterprise Risk Management, EDS, QA Test team


All Ensure physical and data security of non-supported hardware.

End User

Page 13 of 39 10/15/2010


5. Asset Management

Service Summary: The Asset Management service is the management of the County’s desktop hardware assets. This service includes the development and maintenance of policies, standards, processes, systems and measurements that enable the organization to manage the desktop hardware assets with respect to risk, cost, control, IT Governance, compliance and business performance objectives as established by the County. This service tracks and reports on all County hardware purchases using approved management tools such as APEX, TAMS, and/or the Configuration Management. This service monitors and reports on the County’s hardware inventory using management tools such as SCCM and CMDB. The service includes working with the LOBs to coordinate the equipment replacement schedule based on depreciation and business needs, matching inventory against deployment reports/install base, investigating any discrepancies, and taking the necessary corrective action. Orderable: No

Authorized Requestors: N/A Supporting Team: IT Equipment, LOB Liaison, Asset Manager


All Track and inventory non-supported hardware. LOB Asset Manager

Page 14 of 39 10/15/2010

http://en.wikipedia.org/wiki/IT_Governance


Page 15 of 39 10/15/2010

E. Retirement

1. Hardware Removal

Service Summary: The Hardware Removal service is the removal of hardware that will no longer be used by the customer. The hardware is picked up at the customer’s desk, dropped off at a Deployment Site, or exchanged at a Swap Site. When hardware is removed at the customer’s work area, IT will follow a checklist to uninstall the software and to remove the computer equipment. All backup steps will be completed to ensure that no data is lost. When a Deployment Site is used for hardware removal, the customer will bring the hardware to a central location for drop off. Instructions will be provided in order for the customer to backup the data stored on the equipment prior to turning it in. A Swap Site may be used if the hardware cannot be repaired quickly and is exchanged for replacement hardware. Once the hardware has been removed, IT will securely dispose of the hard drive and will prepare the equipment to be donated to charity. IT will ensure system records are updated. If a liability release was requested for the device, the necessary paperwork will be completed and be mailed to the appropriate area. Orderable: Yes

Authorized Requestors: LOB Liaison Supporting Team: Asset Manager, Equipment Deployment, Desktop Support


All Remove non-supported hardware, including the destruction of the hard drive.

LOB Technical Resource / Hardware Coordinator / Vendor

2. Liability Release

Service Summary: The Liability Release standard provides a mechanism for handling witnessed hard drive destruction. As a standard, when PCs are decommissioned, the hard drive is removed and destroyed using a common process. In cases where a Line of Business requires documentation proving the hard drive was destroyed, this service will be used. Certain lines of business have liability concerns or legal obligations surrounding the PCs that have been removed from the environment after replacement. There are procedures that must be followed to comply with those regulations. By centralizing this function, the County can realize consistent application of these procedures to the appropriate departments. This service will also provide a process to obtain documentation releasing liability from the department and County. Orderable: Yes

Authorized Requestors: LOB Liaisons, Role Manager Supporting Team: IT Equip, Asset Manager


All Request a liability release for hardware. LOB Liaison

WF2232

Highlight

WF2232

Highlight

WF2232

Highlight

WF2232

Highlight


IV. Desktop Software Lifecycle

Page 16 of 39 10/15/2010


A. Planning

1. Exceptions to Standard Software Service Summary: The Exceptions to Standard Software service provides a process to approve non-standard desktop software for purchase to meet unique situations. The application portfolio should meet most of the County’s desktop software needs. However, there may be cases where the application portfolio does not contain an application that is sufficient to meet the business needs. IT will work with the Line of Business to select a new application that meets the Line of Business’s business requirements while ensuring that the software is compatible on the existing computers, fits into the existing architecture, and aligns with the various technology roadmaps. Orderable: Yes



All Develop and present business cases for Exceptions to standard software.

LOB Liaison

All Test exceptions to standard software. LOB Liaison/Tech

Page 17 of 39 10/15/2010


2. New Technology Research / Validation Service Summary: The New Technology Research/Validation service provides a process to evaluate software technology that is new to the county and bring it into the enterprise in order to meet business requirements. This service includes periodically evaluating existing software to ensure that it aligns with both our IT vision and the direction of the industry as a whole. It also includes aligning our technology visions and roadmaps to the business strategies of the County and the creation of a strategic plan that identifies software technologies to meet the business requirements. Once new software is identified for purchase, it will be incorporated into the application portfolio. The desktop architect will evaluate if the technology needs to be reviewed by the Architecture Review Board. The Lines of Business will have already approved a business case for the software before submitting a request for this service. Orderable: Yes



All Request evaluation of software that is new to the county. LOB Liaison All Test software with business for usability within the business. LOB Liaison PW Research, acquire, implement, test, and provide support for

specialized desktop application software used uniquely by business line (i.e. turn analysis software, round-about modeling software, pavement analysis software, etc.)


PW Determine best fit with ARB and management for software implementation (i.e. outsourced or in-house, etc.).


PW Represent business line interests in ARB and IT reviews; ensure cost benefit is fully considered in architected solutions.


Page 18 of 39 10/15/2010


3. Software Role Definition / Maintenance Service Summary: The Software Role Definition service works with each Line of Business to define and maintain software roles to be used to install the correct software for each user. This service will ensure that each user has the appropriate software based on the user’s defined role. This service will work in conjunction with the Hardware Role Definition service to ensure that hardware roles are defined based on the requirements of the installed software. This service will also enable the installation of software on proactively-replaced hardware. Communication will be established between the Line of Business and IT to ensure that roles are kept up to date. Orderable: Yes

Authorized Requestors: LOB Liaison Supporting Team: Software Role Manager


All Work with IT Role Based services project on initial software user roles. Maintain roles as business needs and/or technology changes.

LOB Role Manager / LOB Liaison

4. Special Projects

Service Summary: The Special Projects service provides the Lines of Business with a way to meet their unique needs when the needs aren’t met by the defined processes. The standard software processes are designed to meet most of the County’s desktop software needs. However, there are cases where these processes are not sufficient to meet the business needs. In these cases, IT will work with the Line of Business to create a Special Project to determine if the user’s software needs can be met. If a Special Project is repeated multiple times, it may be added as a standard process. Orderable: Yes

Authorized Requestors: BIO/LOB Liaison Supporting Team: IT Coordinator



LOB Liaison

Page 19 of 39 10/15/2010


B. Procurement

1. Standard Desktop Software Purchasing

Service Summary: The Standard Desktop Software Purchasing service is used to purchase software from the list of standard desktop software available in the Application Portfolio. Software is ordered on an as-needed basis through a list of defined vendors. By standardizing on a limited number of desktop software applications and suppliers, the County is in a position to realize significant savings and consistent service levels for all staff. The Application Portfolio outlines standard desktop software applications that have been approved for Hennepin County business use. Additional licenses needed for enterprise applications (for example, MS Office) are managed and purchased through the vendor management role in the IT Department. The majority of software is purchased through a list of contracted resellers providing pre-defined discounts. If the software is not available through one of these sources, the purchasing department will go directly to the software vendor. Software roles may be updated based on software purchases. Orderable: Yes

Authorized Requestors: LOB Liaison Supporting Team: IT Purchasing, Software Role Manager


All Submit orders to IT Purchasing for standard desktop software.


2. Emergency Software Purchasing Service Summary: The Emergency Software Purchasing service provides a process for purchasing software that is in the Application Portfolio on a more aggressive timeline than is typically planned or on an emergency basis. An emergency order is defined as an order that the Line of Business BIO has determined is critical to meet the LOB’s immediate business requirements and that, if not placed on an emergency basis, would cause adverse effects for the LOB. Orderable: Yes

Authorized Requestors: BIO, LOB Liaison Supporting Team: IT Purchasing


All Submit request to IT Purchasing for emergency software purchase

LOB Hardware Coordinator / LOB Liaison BIO (approval)

Page 20 of 39 10/15/2010


3. Exception Software Purchasing Service Summary: The Exception Software Purchasing provides a process to order software that is not identified in the Application Portfolio. The Application Portfolio is designed to meet most of the County’s desktop software needs. However, there are cases where the standard software isn't sufficient to meet the business needs. Once the software is approved through the Exceptions to Standard Software process, IT will purchase the software for the Line of Business. Orderable: Yes



All Submit order to IT Purchasing for approved software exception.


C. Deployment

1. Training (Users and IT Staff) Service Summary: The Training service provides training resources to enable users to effectively use desktop hardware technology. The Training service provides templates and guidelines to allow technical resources to develop meaningful training materials. It provides instructions for proper set-up, use and care of devices. This may be in the form of written instruction, web-based reference, trouble-shooting tips, self-help knowledge database, or other forms. The service provides clear instructions for reporting software problems. Orderable: Yes



All Provide materials and/or training on LOB specific software. LOB Technical Writer, Trainer

Page 21 of 39 10/15/2010


D. Management

1. End-user Software Support Service Summary: The End-user Software Support service resolves issues that are received when the Level I Service Desk staff is unable to resolve an enterprise software application issue within their defined parameters. The IT Department provides application support to a defined user base via remote control/management of end user hardware. Level II and III support issues for Enterprise Applications will be received based on referrals from the Service Desk. Using remote control diagnostics, Desktop Support will evaluate the reported problem and attempt to resolve it. If the problem cannot be resolved within the defined Service Level Agreement, an estimate of time to resolve will be provided to the users and the reason why. A new resolution date will then be negotiated for the incident. On an exception basis, the support may require a visit to the customer’s location. For example printers, training room, conference room, networked and non-networked devices, and ADA devices may require a limited amount of desk-side support for software-related issues. Orderable: Yes

Authorized Requestors: End users Supporting Team: Desktop Support, Enterprise Help Desk


All Provide Enterprise IT desktop support with known documented errors and their fixes for knowledgebase. If error is not resolved with known documentation then will be escalated to LOB application support of software.

LOB Application Support

All Consultation on challenging issues to IT Supported applications for a business user


All Participation on Desktop Support “SWAT” team for problems that cross over between the IT Department and LOB application issues


Page 22 of 39 10/15/2010


2. Software Change Management Service Summary: The Software Change Management service is the management of software changes (e. upgrades, versions, patches, group policy). This service follows the county-wide change management process. The service includes communicating information regarding the changes. Orderable: Yes

Authorized Requestors: LOB Liaison Supporting Team: Varies depending on change


All Manage changes on non-supported software. LOB Technical Resource

PW Review software license agreements periodically to determine if software maintenance payments are economical, determine best strategy for exit or change to new applications, etc.


PW Maintain working knowledge of vendor products and versions to determine best fit or upgrades for future planning (i.e. move to SQL, new hardware tools like credit card technology, etc.).


3. Training (Users and IT Staff) Service Summary: The Training service provides training resources to enable users to effectively use desktop hardware technology. The Training service provides templates and guidelines to allow technical resources to develop meaningful training materials. It provides instructions for proper set-up, use and care of devices. This may be in the form of written instruction, web-based reference, trouble-shooting tips, self-help knowledge database, or other forms. The service provides clear instructions for reporting software problems. Orderable: Yes



All Provide materials and/or training on LOB specific software. LOB Technical Writer, Trainer

Page 23 of 39 10/15/2010


Page 24 of 39 10/15/2010






E. Retirement

1. Software Removal Service Summary: Software removal is a service that is provided when a user no longer needs software that they currently have installed. This may be due to a change in position, change in role within a position, or a separation of service. The software will be removed from the user’s computer and the license will be made available for another user or cancelled. Orderable: Yes

Authorized Requestors: LOB Liaison Supporting Team: EHD, Enterprise Desktop Support, Software Role Manager, License Manager


All Remove non-supported software. LOB Technical Resource / Hardware Coordinator / Vendor

All Re-use licensing. LOB Software Coordinator


V. Multi-Function Device Lifecycle

Page 25 of 39 10/15/2010


NOTE: The term “printer” in the following services includes multi-function devices, copy machines, fax machines, printers, scanners, etc.

A. Planning

1. Exceptions to Standard Printers Service Summary: The Exceptions to Standard Printers service provides a process to approve non-standard printers for purchase to meet unique situations. The standard multi-function devices should meet most of the County’s desktop printing needs. However, there will be cases where the lines of business have requirements that cannot be met by our standard multi-function devices. IT will work with the Line of Business to order a printer that meets the Line of Business’s business requirements. Orderable: Yes

Authorized Requestors: LOB Liaison Supporting Team: Fleet Planner


All Develop and present business cases for Exceptions to standard printers.

LOB Liaison

All Test exception printers. LOB Liaison PW Develop business requirements, research equipment

alternatives, schedule vendor demonstrations, obtain demonstration equipment, etc., for exceptions to printing standard.

LOB Liaison

2. Fleet Planning (Role Definition / Maintenance)

Service Summary: The Fleet Planning service identifies defines and manages the use of the fleet of multi-function devices based on usage patters and depreciation cycles. The initial installation of the multi-function devices will be based on the usage patterns of each group. The fleet will be actively managed to ensure that printer needs are continuing to be met as usage patterns change over time. Orderable: Yes



All Working with Business and Hennepin County IT and effective placement of MFD to meet LOB needs.

LOB Key Operator / LOB Liaison

All Storage, inventory, and appropriate distribution of consumables (i.e. toner, staples, etc.).

LOB Key Operator / LOB Liaison

PW Validate business requirements when changes are pending to ensure best fit of equipment to business need. Review current uses or equipment to consider relocation, larger or smaller devices, etc. Coordinate with fleet planning staff.

LOB Liaison

Page 26 of 39 10/15/2010


3. Special Projects Service Summary: This service is designed to meet the unique needs of a Line of Business managing a Special Project, and their printer needs fall outside the standards. Examples might include the need for extra printers for a limited duration or planning for the opening of a new facility. In the case of Special Projects, the IT Department will work with the individual Lines of Business to meet the multi-function device needs of a unique situation. Orderable: Yes




LOB Liaison

PW Develop business requirements, research equipment alternatives, schedule vendor demonstrations, obtain demonstration equipment, etc., for specialized equipment used by operating department (i.e. ticket printing for solid waste, bar code printers, large format copy equipment for plotters, plotters, etc.

LOB Liaison

Page 27 of 39 10/15/2010


B. Procurement

1. Exception Printer Purchasing Service Summary: Although the County’s Standard Printer Hardware is designed to meet most of the County’s needs, there will always be a need for exceptions. The Exception Printer Purchasing service refers to hardware that needs to be purchased that is not one of the defined County standard models. By making sure non standard hardware is purchased only for legitimate business reasons, the County will ensure that the savings obtained by having established a Standard Printer Price List are realized. Non-standard equipment will be purchased by the IT Department at the request of Lines of Business if their needs are properly documented and approved. To make a request outside the norm, follow the Exceptions to Standard Printer service. Once the appropriate non-standard equipment has been defined and approvals gained, the order should be submitted via normal ordering channels. Some examples of exception printers are barcode printers and fingerprint readers. Orderable: Yes



All Submit order to IT Purchasing for approved printer exception. LOB Hardware Coordinator / LOB Liaison

Page 28 of 39 10/15/2010


C. Deployment

1. Delivery to Location Service Summary: This is a turn-key service, provided by the contracted printer vendor will ensure the Lines of Business of Hennepin County will receive a fully working and suitably configured printer device at the appropriate time. Delivery, installation, and/or removal of all printer devices include the following:

• Installation - Vendor must work closely with the County technical staff to network and install equipment. Connectivity service support is to be available to coordinate installation with County personnel and be available to answer questions and concerns on the equipment installed. Service support personnel, knowledgeable in digital equipment and in networking equipment, will be required to provide all necessary maintenance and repair. The vendor must be ensure that the machine calibrated and configured to be fully functional at the location.

• Supplies - An extra set of supplies are to be delivered upon initial setup of the device. • Cost Savings Setup - The Contract Vendor(s) or its reseller must set the device up with the most

environmentally responsible defaults including, but not limited to: recycled paper, duplexing, color/toner reduction, and energy star savings features. Any cost saving methods for using the MFD must be set up upon install. The vendor must return upon request if these features continue to set back to an unacceptable level and resolve issues. The Contract Vendor cannot charge for color copies, when the machine has been designated to be installed without color.

• Electrical. The Contract Vendor must provide information on any special wiring required when the wiring is not the normal 110/15 amp, 3-prong, grounded outlet and/or requires a dedicated line. Special wiring and dedicated lines are the responsibility of the County to furnish and install. Vendor must notify County in advance of any special electrical requirements. All equipment requires surge protection and this must be included in the price and installed upon delivery.

Orderable: Yes

Authorized Requestors: LOB Liaison Supporting Team: Vendor


All Deliver non-supported printers. LOB Hardware Coordinator

Page 29 of 39 10/15/2010


2. Training (Users and IT Staff) Service Summary: Provide training resources to enable users to effectively use enterprise printing devices. Following installation, the Contract Vendor shall provide a minimum of two (2) training sessions per Multi-function Device placement at no cost to the user’s satisfaction. Training can be defined as online, webinar or in person. The County will select the type of training desired. Training is to include, but is not be limited to the basic features and functions of the Multi-function Device, standard functional use of machine to networked users, technical staff advisement on networking and security, and associated websites the entity may need to utilize in managing their account. This training must be conducted at the County’s location with in five (5) working days of installation. Follow up training must be provided upon request of the County. Orderable: Yes



All Provide materials and/or training on LOB specific-printers. LOB Technical Writer, Trainer

PW Answer specific questions on printer functionality for business staff due to new employees, transfers, etc.

LOB Liaison

Page 30 of 39 10/15/2010


D. Management

1. End-User Printer Support Service Summary: Printer Support issues are received when the Level I Service Desk staff is unable to resolve the issue within their defined parameters. Level II and III support issues will be received based on referrals from the Service Desk. The Service Desk will assign the problem calls to the contracted printer vendor for the following areas:

• Maintenance: Service must be provided during normal business hours for both preventive and emergency service. All equipment maintenance and/or replacement must be on-site, unless otherwise approved by the customer. Included in maintenance are the following features:

o Supplies. When included in the maintenance cost, supplies include normal operating, toners (black & color), developers, fuser oil, staples or any item required to make the machine run. Normal operating supplies do not include paper. All Multi-function Devices must be able to operate on the recycled copy paper.

o Preventive Maintenance. With each service visit, the County requires service technicians to adhere to a preventive maintenance standard each time the unit is repaired.

o Excessive Service. Equipment that develops a trend of requiring excessive service calls must be reported

o Loaner Equipment. If the equipment, any accessories, or software become inoperable for a period of twenty four (24) consecutive working hours

• Equipment Relocation/Transfer: The Contract Vendor will provide relocation services within the same building a minimum of once per year per machine at no charge. The Contract Vendor is responsible for repairs that may be required following any relocation performed by the Contract Vendor.

Orderable: Yes

Authorized Requestors: End-user (Level I), Enterprise Help Desk (Level II or III) Supporting Team: Vendor


All Desktop hardware support of non-standard printers. LOB Support All Desktop software support of non-standard printers. LOB Support PW Relocation of specialized printing equipment within business

line, at remote locations, etc. Often requires set up and testing, ensuring network connectivity, etc.

LOB Liaison

Page 31 of 39 10/15/2010


2. Training (Users and IT Staff) Service Summary: Provide training resources to enable users to effectively use enterprise printing devices. Following installation, the Contract Vendor shall provide a minimum of two (2) training sessions per Multi-function Device placement at no cost to the user’s satisfaction. Training can be defined as online, webinar or in person. The County will select the type of training desired. Training is to include, but is not be limited to the basic features and functions of the Multi-function Device, standard functional use of machine to networked users, technical staff advisement on networking and security, and associated websites the entity may need to utilize in managing their account. This training must be conducted at the County’s location with in five (5) working days of installation. Follow up training must be provided upon request of the County. Orderable: Yes



All Provide materials and/or training on LOB specific-printers. LOB Technical Writer, Trainer

PW Answer specific questions on printer functionality for business staff due to new employees, transfers, or emergency rush work activities.

LOB Liaison

Page 32 of 39 10/15/2010







PW Contributes information on unique or special problems, functionality, etc., identified in day to day operations. Develops, publishes and shares information with other staff, knowledge base, etc.

LOB Liaison

Page 33 of 39 10/15/2010


E. Retirement

1. Printer Removal Service Summary: Printer Removal is the removal of printer hardware that will no longer be used by the County. This service is performed by the contract vendor. Before removing the equipment, the vendor will remove the hard drive on site and leave it with the IT Department for proper disposal. The IT Department is responsible for physically securing the hard drive and arranging for hard drive disposal. The Equipment Processor also notifies Fleet Management to update the system records. The contract vendor recycles the machines. Orderable: Yes

Authorized Requestors: LOB Liaisons Supporting Team: Vendor


All Remove non-supported printers, including the destruction of the hard drive.

LOB Technical Resource / Hardware Coordinator / Vendor

All Remove non-supported printer driver software, if necessary. LOB support PW Coordinates timing of equipment removal so that business

operations are least impacted. LOB Liaison

Page 34 of 39 10/15/2010


VI. Additional LOB Services

A. Desktop Hardware Configuration Line of

Business LOB Service Description LOB Support Role All Provide detailed hardware configuration needs. LOB Technical

Resource All Analyze proposed configurations to ensure functionality with

LOB systems. LOB Technical Resource

PW Implement and modify hardware configurations for specialized equipment (solid waste operating equipment, credit card, high end graphics equipment, etc.) used in business line.


B. Desktop Hardware Support Line of

Business LOB Service Description LOB Support Role All Support offsite hardware such as projectors, checkout

laptops, etc. LOB Desktop Support

PW Manage and provide set up assistance to video wall equipment, emergency operations set up, and troubleshoot connectivity issues, etc. for smart boards and conference area projection equipment.


PW Provide connectivity assistance for video conferencing equipment, troubleshoot as required, train new users, etc.


C. Desktop Application Management Line of

Business LOB Service Description LOB Support Role All Application Architecture: Integration of service/application into

business systems, architecture review, architecture planning, LOB Application Architecture

All Application life cycle management. LOB Application Management

All Application Vendor Management: Federal / State / City Systems, Purchased Systems, Purchased components.

LOB Vendor Management

D. Business Process Management Line of

Business LOB Service Description LOB Support Role All Business Process Architecture. LOB Process

Management All Process Change Management: Discovery, Negotiation,

Implementation: Between service areas owners. LOB Process Management

All Process Improvement: Internal to area. LOB Process Management

Page 35 of 39 10/15/2010


Page 36 of 39 10/15/2010

E. Compliance Management Line of

Business LOB Service Description LOB Support Role All Compliance Management: SLA Compliance, Review

Measure Compliance: Make sure we are meeting our goal. LOB Compliance Management

PW Coordinate regulator changes on business line application software (i.e. MnDOT or Federally regulated changes, etc.)


F. Customer Relationship Management Line of

Business LOB Service Description LOB Support Role All Customer Advocate. Customer Advocate /

LOB Liaison All Customer Management: User Notification of system outage,

informational updates. Customer Management, Change Management, LOB Liaison

PW Meet with Directors and Managers frequently to ensure technology needs are being met, discuss technology plan, etc.



VII. Desktop Hardware – Functional Org. Chart

Page 37 of 39 10/15/2010


VIII. Desktop Software – Functional Org. Chart

Page 38 of 39 10/15/2010

Service Definitions Desktop Computi

IX. Multi-Function Devices – Functional Org. Chart ng

Page 39 of 39 10/15/2010

Hennepin County

IT Incident Management

Service Definition

Hennepin County IT Service Desk Service Definitions

Last Modified on: 10/15/2010 Page 2 of 4

Service Name: Incident Management Question: What is the service, and how do I get it? Service Summary The objective of the Incident Management service is to ensure standardized methods and procedures are used for efficient recording and prompt handling of all incidents. The goal is to restore normal service operation as quickly as possible in a prioritized fashion with minimum disruption to the business. An incident is any event that is not part of the standard operation of a service that causes an interruption to or a reduction in the quality of that service. Background/context: The Incident Management process requires three levels of expertise: Level 1 – First call for help: In this role, IT Service Desk analysts are the initial contact for users when they encounter an incident / problem and will use tools and knowledge solutions to resolve the incident / problem as quickly as possible (goal: Level 1 incident management centralized and performed in the IT Department only). Level 2 – Triage: If an incident is not resolved by the first level of support, then the incident is escalated to this level for further diagnosis and the potential engagement of technical experts from other IT service teams, vendors or even business experts (goal: IT Department establishes/enhances Level 2 support for the services that are consumable by the lines of business and that are centralized under the Federated Model. LOB IT continues to provide triage for LOB unique IT services.) Level 3 – Subject Matter Experts: This includes individuals either within the LOB, within IT, or outside vendors that might be asked to work exclusively or in combination with other teams to resolve the incident. (goal: by definition, not centralized) Features & Functions:

• Efficient and effective prioritization and escalation of issues for resolution when necessary

• Tracking and management of the incident ensuring that incidents are being managed and resolved in timeframes acceptable to the lines of business

• Incident reporting and metrics, enterprise wide information as well as specific reporting requested by LOB

• Continuous communication as appropriate on incident status

• Level 1 Support o Resolve incidents considered to be standard or common such as password

Version 3

WF2232

Sticky Note

Jodie is using 6 minute to resolve

WF2232

Highlight

WF2232

Highlight

WF2232

Highlight

WF2232

Highlight

WF2232

Highlight

WF2232

Highlight


Last Modified on: 10/15/2010 Page 3 of 4

resets, common questions regarding personal computing devices, or enterprise software such as Lotus Notes

o Route incidents considered to be LOB specific to LOB level 2 support teams

o Work with level 2 LOB support when necessary to resolve common or standard incidents

• IT Department Level 2 Support

o Resolve incidents/ problems for the applications IT supports o Resolve incidents / problems for the services that are consumable by the

lines of business and centralized under the Federated Model o When necessary will work with Level 2 support resources from the LOB to

triage and resolve issues. o When necessary engages Level 3 support to triage and resolve issues

How to get Incident Management services:

• Self-Help: Access knowledge databases to find the answer to the problem and resolve it without further assistance from Service desk staff

• Call the IT Service Desk • Submit an incident case through the incident management tool for the Service

Desk to address • Call the IT Service Desk • Email the IT Service Desk

Availability Varies, but up to 7 Days a week – 24x7 (goal: availability determined by business need for each LOB, documented in SLA) Question: How does IT support this service? Eligibility for service (who are the customers) Level 1 - This service is eligible to all Hennepin County staff, consultants and external customers who report IT incidents. It is a goal to have as many incidents as possible recorded, tracked and reported through the Enterprise IT Service Desk Level 2 – This service is available when incidents require escalation and triage through the Level 1 service. Also if requested by Level 2 support in the LOB. Process Flow

Version 3

WF2232

Highlight

WF2232

Highlight


Last Modified on: 10/15/2010 Page 4 of 4 Version 3

Best guess determination of Incident Management Process

Level 1Service Desk

Ticket Created and Logged

Level 2LOB

SupportLevel 2Service Desk

Receives and Owns Final Resolution

Service Desk LOB Incident

Internal & ExternalIncident Detected:

CallEmail

Reporting ToolOther

Service Desk Resolves Incident?

Service Desk Enters Resolution

Ticket Closed

Service Desk Resolves Incident?

Level 2Service Desk

Triage and ResolveEngage Level 3 Until Resolution

Level 3LOB

Support

Service DeskIncident Management

High Level Process FlowBest Guess Determination

10-8-10

ITYes

LOB Resolves Incident?

Yes

No

No

Yes

Service Desk Enters Resolution

Ticket Closed(Assumption:

continue to use current state

process)

Yes

LOB Engages IT Level 3 Service Teams When Needed Until Resolution

No

No

Level 1 – First Call For Help

LOB

Level 2 – Triage Coordination

Level 3

NetworkDesk TopServer

Management

Security

Level 3 – Technical Experts

All Else

Last Modified on: 10/15/2010 Version 2

Hennepin County

IT Enterprise Network

Service Definitions

Hennepin County IT Network Services

Last modified on: 10/15/2010 Page 2 of 5

TABLE OF CONTENTS TABLE OF CONTENTS ............................................................................................................................. 2 OVERVIEW OF ENTERPRISE NETWORK SERVICES ..................................................................... 3

Network Architect............................................................................................ Error! Bookmark not defined. Line of Business Service Function................................................................................................................. 3/4 Network Management.................................................................................................................................... 3/4 Line of Business Service Function................................................................................................................. 3/4

FUNCTIONAL DIAGRAM ........................................................................................................................ 5



OVERVIEW OF ENTERPRISE NETWORK SERVICES The Hennepin County enterprise network is a geographically dispersed and interconnected communications infrastructure under the county’s jurisdiction. The network currently supports more than 14,000 network devices in 14 downtown campus sites and 75 leased and owned satellite locations with two active data centers. In the future the network will also support all Hennepin County Libraries. Network Architect:

Service Summary: Architect standardized solutions that span multiple business areas to maintain consistency and simplicity in design as well as compatibility with enterprise wide goals and objectives.

Provide enterprise wide data network planning, design, analysis, project management, implementation and monitoring to ensure network, security, and voice resources maintain the highest level of reliability, availability, scalability, and cost-effectiveness.

Orderable: Yes Request Process: Initiated through ARB or through a direct request Availability / Metrics & Statistics: NA Eligible Clients / Service: Any Line of Business Authorized Requestors: Line of Business Management approval needed Clients and services affected: NA Escalation Process: NA Supporting Team: Network Architect

Line of Business (LOB) LOB description of service function that may stay with the LOB APEX NA Criminal Justice (County Atty & Public Defender) NA DOCCR NA General Govt. NA HSPH NA Library NA MHP NA North Point NA PW NA TSD NA



Network Management: Service Summary: This service provides local and remote connectivity to the county network via direct-connect Ethernet, microwave high-speed backbone, remote VPN broadband, or wireless connectivity

• Network Administration – This service includes Outages, Capacity

Planning, Network Administration, Support and Troubleshooting • Network Hardware – This service includes data circuits, modems, routers,

switches and hubs Orderable: Yes Request Process: Service can be ordered via Network Sevices Request (NSR) Availability / Metrics & Statistics: 365 days / year 24 hrs /day 7 days / wk Eligible Clients / Service: Any Line of Business

Authorized Requestors: Currently the NSR can be submitted by anyone but needs to be approved by an individual within the Line of Business

Clients and services affected: All Employees within Hennepin County as well as any External partners that may be using our services e.g., vendors / contractors

Escalation Process: Currently the NSR has no escalation process built within it. If an escalation is needed, this is done via e-mail or over the phone.

Supporting Team: Network Management group

Line of Business (LOB) LOB description of service function that may stay with the LOB APEX NA Criminal Justice (County Atty & Public Defender) NA DOCCR NA General Govt. NA HSPH NA Library NA MHP NA North Point NA PW NA TSD NA

WF2232

Sticky Note

need coordinator - submits NSRs; works with business staff; coordinates testing with users



Functional Diagram


Hennepin County

IT Security and Risk Management Services

Service Definitions

Hennepin County IT Security and Risk Management Services

Last modified on: 10/15/2010 Version 2 Page 2 of 17

TABLE OF CONTENTS ====================================================================

Overview of Core Information Security Services ______________________________ 3 1.0 Identity Management_____________________________________________________ 3

1.1 Account Lifecycle Management __________________________________________________ 3 1.2 Department Application Accounts and Access _______________________________________ 4 1.3 Password Management _________________________________________________________ 4 1.4 Directory Design ______________________________________________________________ 4

2.0 Risk Management _______________________________________________________ 5 2.1 Risk Assessment Program:_______________________________________________________ 5 2.2 Business Continuity and Disaster Recovery _________________________________________ 5 2.3 Project Consulting _____________________________________________________________ 6 2.4 Security Architecture (Strategic and Business-Centric)_________________________________ 6

3.0 IT Policy and Compliance _________________________________________________ 7 3.1 Variance and Exception Requests _________________________________________________ 7 3.2 IT Policy Management__________________________________________________________ 7 3.3 Security Awareness ____________________________________________________________ 8 3.4 Data Privacy Compliance________________________________________________________ 8

4.0 Security Information Management _________________________________________ 9 4.1 Secure Service Requests ________________________________________________________ 9 4.2 System Account Auditing _______________________________________________________ 9 4.3 User Access Auditing___________________________________________________________ 9 4.4 Log Management and Reporting _________________________________________________ 10

5.0 Application and System Access____________________________________________ 11 5.1 Enterprise Application Security __________________________________________________ 11 5.2 Role Based IT Services* _______________________________________________________ 11

6.0 Infrastructure Security __________________________________________________ 12 6.1 Security Incident Management __________________________________________________ 12 6.2 Group Policy ________________________________________________________________ 12 6.3 Digital Certificates and Public Key Infrastructure____________________________________ 12 6.4 Hardware Security Standards (Server, Workstation, Mobile) ___________________________ 13 6.5 Partnered Security Services _____________________________________________________ 13



OVERVIEW OF CORE INFORMATION SECURITY SERVICES Information Security safeguards county information assets (e.g. government data, information systems, applications and devices, technical infrastructure) from unauthorized disclosure, use, modification, or loss by developing proactive technical and non-technical measures to help identify and prevent security risks. The following primary services fall under this category:

1.0 Identity Management This service provides identities using a central repository to eligible users, including: employees, contractors, business partners, and external customers. These users are authorized for access to enterprise applications, systems and services.

1.1 Account Lifecycle Management

Service Summary: This service encompasses all aspects of user access provisioning – new hires, changes for all accounts, and the deletion of accounts – as well as the management of all service accounts (accounts used for application integration, job and service management, etc), training accounts, and temporary non-employee accounts (vendors and consultants). This includes the provisioning of network access, email, and various enterprise applications. NOTE: The delivery method for this and all Identity Management services is a priority for the next 24 months. There will be changes to this service (clearer process, faster delivery, more automation, better reporting) and these changes will occur with the full involvement of the lines of business. Orderable: Yes Request Process: Currently varies by department (email, RequestIT, or direct SAA submittal). The SAA system is the current “system of record” for all user and account access requests and an SAA must be created regardless of the method of contact by the line of business. Authorized Requestors: Specific to the given line of business Supporting Team: Security Access Management

Line of Business LOB Service Description LOB Support Role All Complete SAA/other requests until these systems

are replaced or business process changes.

LOB Liaison

All Definition and maintenance of approval process for LOB security and user access provisioning requests

LOB Liaison

WF2232

Highlight



1.2 Department Application Accounts and Access

Service Summary: This service exists to allow lines of business to request access to their LOB specific applications via the existing SAA process. NOTE: Some lines of business currently fully manage these requests. To expedite account management, we will be working closely with these groups during 2011 and beyond to document their requirements and existing processes to effectively include them, where appropriate, in the overall enterprise provisioning process. Orderable: Yes Request Process: Currently varies by department (internally managed, RequestIT, or direct SAA submittal). Authorized Requestors: Specific to the given line of business Supporting Team: Security Access Management, LOB IT Security Staff

Line of Business

LOB Support Role

All Manage security configuration of LOB administered applications where the security and system administrator duties cannot be separated. This role would have tasks in an enterprise-wide security provisioning process.


1.3 Password Management

Service Summary: Password Management is a service currently provided by ERM and implemented via the Passlogix vGO tool. Support included the develop of new application templates, changes to existing templates, and troubleshooting user access issues that are not due to a workstation configuration issue. Orderable: Yes Request Process: Email IT.PrivacyServices, user issues should follow the Incident Management process (EHD) Authorized Requestors: Project Managers and Application Owners are typically requested, but we will follow up on any request emailed to IT.PrivacyService regarding this service. Supporting Team: Security Access Management, Risk Management and Security Architecture Services

1.4 Directory Design

WF2232

Highlight

WF2232

Sticky Note

Not to transfer until 2011 - need to negotiate with the state - handling of internal HSPHD apps (ECF, EPF, HSIS)



Service Summary: Directory Design services are typically requested in the event of an significant organizational change, the addition of a new application that integrates with an enterprise directory, or as the result of an upgrade or change to an internal IT service (e.g. Group Policy or an upgrade to the Windows Server Environment). Typically, the requestor will be asked to supply their business-specific requirements and ERM will determine the best technical methods to be used in implementation. Orderable: Yes Request Process: Email IT.PrivacyServices Authorized Requestors: Varies Supporting Team: Risk Management and Security Architecture Services, Infrastructure Security

2.0 Risk Management Offers customers expertise and guidance related to information security architecture and planning, identifying, evaluating and mitigating IT risk, and providing for business continuity and disaster recovery in the event of a major outage or emergency.

2.1 Risk Assessment Program:

Service Summary: The Risk Assessment Program is designed to be used by project teams and application owners, in the IT Department as well as in the lines of business (LOBs), to provide assessment of information security and technical risk at any stage in the application development lifecycle. This service may be requested for strong security requirements in the early stages of acquiring a product (RFP/RFI) up until the retirement and/or replacement of a product is being considered. This service critical for applications that manage and provide access to data that falls under one or more regulations or compliance standards that require regular assessments and documented controls. Orderable: Yes Request Process: Email IT.PrivacyServices Authorized Requestors: Project Managers, Application Owners, IT Leadership Supporting Team: Risk Management and Security Architecture Services

2.2 Business Continuity and Disaster Recovery Service Summary: The Business Continuity and Disaster Recovery (BCDR) service provides disaster and emergency planning for both the business use of technology and


All Provide technical and business process information necessary for the completion of Risk Assessments at various stages of the software development lifecycle.

LOB Liaison



IT’s ability to make applications and services available in a variety of emergency and outage scenarios. Orderable: Yes Request Process: Email IT.PrivacyServices Authorized Requestors: LOB IT and Business Leadership, Application Owners, IT Leadership, Supporting Team: Risk Management and Security Architecture Services

2.3 Project Consulting Service Summary: The Project Consulting services offers general guidance in all areas of Information Security and can be requested at any stage of a project. It is, however, recommended that we be engaged as early as possible to ensure timely and cost-effective security solutions. Orderable: Yes Request Process: Email IT.PrivacyServices Authorized Requestors: Project Managers, Business Analysts, Application Owners, IT Leadership, LOB IT Leadership Supporting Team: Risk Management and Security Architecture Services

2.4 Security Architecture (Strategic and Business-Centric) Service Summary: The Security Architecture service is provided as foundational service to many other orderable services within IT. We provide the expertise across many different information security disciplines. This breadth and depth of knowledge is required to ensure the right controls exist for IT processes and technologies. Orderable: No - Although our team members are always available for consultation as needed by the business, this service is included in such orderable services as security Project Consulting, and established processes like the Architecture Review Board, and the Change Advisory Board so there is currently no need for a stand alone request process. Request Process: Not Applicable Supporting Team: Risk Management and Security Architecture Services


All Provide business application and business process information critical to Business Continuity and Disaster Recovered planning activities

LOB Liaison

WF2232

Sticky Note

IT is responsible for DR; LOB for business continuity and LOB app dR



3.0 IT Policy and Compliance Offers customers, countywide, help in complying with laws, regulations, standards and best practices related protecting data privacy and general information security controls.

3.1 Variance and Exception Requests Service Summary: The Variance and Exception Request process is a service provided to both the IT Department and the LOBs to ensure business need and context are reviewed and considered when they seem to be in conflict with our ability to comply with IT policies, standards and information security best practices. We work with the requestor to document each variance request, review the request, and either offer a decision, a recommendation, or an escalation to the appropriate governance group. Orderable: Yes Request Process: Email IT.PrivacyServices Authorized Requestors: Project Managers, Business Analysts, Application Owners, System Administrators, IT Staff, IT Leadership, LOB IT Staff, LOB IT Leadership Supporting Team: Because we do not limit these requests to a specific technology or process, all teams within the IT Security and Risk Management (ERM) area work together to support this service


All Develop and present business case for Exceptions to standard security

LOB Liaison

3.2 IT Policy Management Service Summary: The IT Policy Management Service encompass all stages of IT policy development, implementation, and maintenance. The IT Policy and Compliance team can be enlisted to provide guidance on existing policy, to modify existing policy, or create new policy if warranted by a change in the law, a change in a relevant technical standard, or a in the event a significant change to the delivery of a Hennepin County service. Orderable: Yes Request Process: Email IT.PrivacyServices Authorized Requestors: Because this service spans all functions related to the direct management of Hennepin County policy, a request could be initiated by any level of an organization. This does not, however, mean that all requests are approved. Changes to Hennepin County IT Policy follow the appropriate governance as defined in the policy itself.



Supporting Team: IT Policy and Compliance


All Participate in and review changes to county-wide IT Policy (Policies and Standards in the IT Policy Manual, not technical practices and procedures). Communicate policy updates to LOB business leaders as needed.

LOB TSC Representative (BIO or delegated person)

3.3 Security Awareness Service Summary: Security Awareness is basic, non-technical information security education provided by our staff upon request. We have also created pamphlets and documentation that has been used as a part of the new-employee on-boarding process. Mid-range to long range goals for this service include a website with Hennepin County specific and industry standard information security standards, as well as computer-based staff awareness training and technical security training. Orderable: Yes

Request Process: Email IT.PrivacyServices Authorized Requestors: All employees in all lines of business (with approval from a supervisor or manager as required by the line of business) Supporting Team: IT Policy and Compliance


All Primary contact to ensure all Security Awareness materials are properly distributed, online Security Awareness resources are communicated to all employees, and provide feedback to ensure all materials continue to meet the business and business-related compliance needs.

LOB Liason

3.4 Data Privacy Compliance Service Summary: As a government organization, we are required to comply to a number of state and federal data privacy statutes and laws. Although these are reflected in our Hennepin County IT Policy, we realize that policy only provides us with what we need to do, not how we need to do it. The Data Privacy Compliance service exists to provide hands-on expertise in establishing the specific IT security controls necessary to ensure data privacy in our information systems. Orderable: Yes Request Process: Email IT.PrivacyServices



Authorized Requestors: Project Managers, Business Analysts, Application Owners, System Administrators, IT Staff, IT Leadership, LOB IT Staff, LOB IT Leadership Supporting Team: IT Policy and Compliance

4.0 Security Information Management This service provides system-centric access reviews and audits. Individuals request reports regarding application logs, security information, and other sensitive data related to various IT systems. Requestors may ask for general or very specific access or usage information.

4.1 Secure Service Requests

Service Summary: The Secure Service Request process provides lines of business a controlled method of requesting access to and reports from our non-public system security logs. Requests follow an approval process and must meet the standards designed and approved by ERM, Forensics, Human Resources, and the County Attorney. Orderable: Yes Request Process: Email SecureServiceRequests Authorized Requestors: Forensics, Department Directors and their designees, and others as determined on a case by case basis. Supporting Team: Risk Management and Security Architecture Services

4.2 System Account Auditing

Service Summary: The System Account Audit Service can be requested when a line of business or application owner requires a comprehensive review of accounts and their associated access in a given system. While this service is performed on a scheduled basis for key enterprise systems, it may also be requested by the lines of business as needed or as defined by policy or audit requirements. Orderable: Yes Request Process: Email IT.Security Authorized Requestors: LOB IT and Business Leadership, Application Owners, IT Leadership, Supporting Team: Security Access Management, Risk Management and Security Architecture Services

4.3 User Access Auditing

Service Summary: This service provides user-specific access reviews. This is often performed when and employee is transferred or promoted. It may also be requested on

WF2232

Sticky Note

Kristi Lahti-Johnson has role for HSPHD

WF2232

Sticky Note

need coord for IA and external audits of HSPHD & state applications



an ad hoc basis by supervisors and managers to ensure their employees have only the access required to perform their job function. This service can not be requested to track the actions of a specific employee. Orderable: Yes Request Process: Email IT.Security Authorized Requestors: LOB IT and Business Leadership, Application Owners, IT Leadership, Supporting Team: Security Access Management, Risk Management and Security Architecture Services

4.4 Log Management and Reporting

Service Summary: This service includes system log collection, management and reporting for all relevant IT systems. This data is considered non-public by state statute. Access to the data collected via this service is typically provided in aggregate as metrics and in detail via the Security Service Request process. In some cases (such as a security incident or the troubleshooting of a critical incident), the data may be made available to IT staff from the IT Department and LOB IT to ensure the incident resolved in a timely manner and service is restore quickly to impacted users and business processes. NOTE: This service is still considered immature, largely because the systems that support it are not fully implemented at this time. Over the course of 2011, there will be a priority placed of ensure these systems are fully functional and this information is available. Orderable: Yes – in some cases as noted above Request Process: For aggregate metrics, Email IT.PrivacyServices. For details information, please follow the Secure Service Request Process. If the information is needed during the course of a critical or security incident, it may be provided within the scope of incident resolution at the discretion of ERM. Authorized Requestors: LOB IT and Business Leadership, Application Owners, IT Leadership, or invoked by the Incident Management Process Supporting Team: Security Access Management, Risk Management and Security Architecture Services, Infrastructure Security


All Coordinate access to and reporting from any LOB application that may provide relevant security information.

LOB Liason.

WF2232

Sticky Note

Forensics



5.0 Application and System Access

Service Summary: Enterprise application security is managed under this service. Users can request to have new or modified accesses established for specific applications or databases supported by the IT Department. The focus on this work is to create standardized access methods for data and applications, as well providing technical support for many of our security-specific tools and systems. Line of

Business LOB Service Description LOB Support Role All Coordinates large scale changes to LOB

security (e.g. department reorgs). LOB Liaison

5.1 Enterprise Application Security

Service Summary: This service includes the implementation of technical security controls for a given application or platform, and the technical support of tools that perform these functions. Currently, the most commonly ordered service would be Active Directory integration for business application to allow central identity and access management. This service would also include the technical support of identity management tools. Orderable: Yes Request Process: Email IT.PrivacyServices Authorized Requestors: Varies by department. Supporting Team: Infrastructure Security

5.2 Role Based IT Services Role Based IT Services is an industry standard in provisioning security access to users. We have begun an effort to adopt this practice at Hennepin County. Although this service isn’t directly orderable at this time, each line of business with be heavily engaged in design and decision making for their business roles. These roles will be related to technical security access that meets the need of a given job function. Technical details about security access will be translated to business language and the lines of business will then be able to tell what their employees can and cannot do or see on the Hennepin County network. The use of roles will also greatly improve IT’s ability to create accounts for new employees, adjust an employee’s access due to a change in duties, and remove access when an employee leaves the organization. This effort will involve all areas of the current ERM organization, but the primary implementation and production support of this function will fall on the Risk Management and the Infrastructure Security teams.


All Work with IT Role Based services project on initial user roles (access). Maintain roles as business needs and/or technology changes.

Role Manager / LOB Liaison

WF2232

Sticky Note

need to ensure appropriate access is given to individual and appropriate profile; need to coord signing of agency agreements



6.0 Infrastructure Security This service provides tools and policies to protect the network against vulnerabilities, unauthorized and/or malicious access, while ensuring critical functions perform correctly. Also included are services that monitor and filters network traffic, blocks certain categories of websites, and provides network and personal device level antivirus protection.

6.1 Security Incident Management

Service Summary: This service involves a timely and coordinated response to major security events, such as virus outbreaks and data breaches. We would provide coordination between various IT groups working to close any security gaps and ensure business continuity for key LOB services. Orderable: As a part of the overall Incident Management Process Request Process: Follow the Incident Management Process Authorized Requestors: Varies Supporting Team: Risk Management and Security Architecture, Infrastructure Security, any impacted IT team

6.2 Group Policy

Service Summary: This service involves the creation and approval of technical security policy that is centrally managed and applies to may IT devices and systems. The primary example of this is Windows Server and Workstation Group Policy. This service is often not requested directly by a line of business, but may be used to address a business issue (often a security issue) that requires widespread implementation. At times, project teams may request group policies to meet a technical or business requirement for their project. At times, server and workstation teams may design group policies. Prior to the implementation of these policies, there must be review and approval by Risk Management. Orderable: Yes Request Process: RequestIT process is currently being designed. In the interim, IT.PrivacyServices can be emailed. Authorized Requestors: Varies by department Supporting Team: Infrastructure Security, Risk Management and Security Architecture

6.3 Digital Certificates and Public Key Infrastructure

Service Summary: This service involves the request for and implementation of digital certificates and other technologies that enable secure (encrypted) digital

WF2232

Highlight



communications. The requests for these services are typically from other technical teams rather than LOB customers. For instance, a department may be implementing an application that requires sensitive data be submitted on a web server and then stored in another location. Digital certificates allow this information be encrypted while it moves between the specific servers used by the application. Orderable: Yes Request Process: Email IT.PrivacyServices Authorized Requestors: Project Managers, Business Analysts, Application Owners, System Administrators, IT Staff, LOB IT Staff, Supporting Team: Risk Management and Security Architecture, Infrastructure Security

6.4 Hardware Security Standards (Server, Workstation, Mobile)

Service Summary: This service involves the creation of technical security standards based on best practices and relevant regulatory requirements. Our teams will work with other technical support groups (both IT and LOB IT) to ensure the correct device hardening is performed. This service is not typically ordered by business users. Orderable: Yes Request Process: Email IT.PrivacyServices Authorized Requestors: Varies by department Supporting Team: Risk Management and Security Architecture, Infrastructure Security

6.5 Partnered Security Services These services are supported by other IT teams, with input and guidance from Risk Management. There are listed here for informational purposes only. In depth descriptions service request information will be found in the supporting teams’ documentation.

• Anti Virus • Asset Protection and Recovery • Secure FTP • Remote Access • Virtual Desktop and Server Security • SAAS (Cloud Computing) Security • Network Security



Security Role during Process Re-engineering effort


All • Work with Project Manager and Business Analysts to define and document current access provisioning processes for users and LOB specific applications

• Work with Security Service Refinement team to develop centralized processes that meet business needs and enable business goals

• Participate heavily in any LOB-specific planning or gap analysis activities

• Stay informed on overall Security Service Refinement effort and progress

• Other LOB-specific duties as determined necessary by LOB leadership and Security Service Owner

LOB Liasons and LOB Business Process SMEs

_____ General IT Roles and Functions (All Services)


All Develop and present business case for special projects that arise. Depending on the scope and size of the project, additional project, business, and/or technical resources from the LOB and/or IT may be needed to support the effort.

LOB Liaison


All •Level 2 Application support of LOB-unique software. Software included in this category




can be found xxxxxxx. •Consultation on challenging issues related to IT-Supported applications for a business user •Participation on Desktop Support SWAT team for problems that cross over between IT Department issues and LOB application issues. •Level 3 Application Support,


All •Application Architecture: Integration of service / application into business systems

LOB ???

Line of

Business LOB Service Description LOB Support RoleAll •Business Process Architecture LOB Business

Process Architecture

Line of

Business LOB Service Description LOB Support RoleAll •Application Vendor Management: Federal /

State / City Systems, Purchased Systems, Purchased components.

LOB Vendor Management


All •Knowledge Management, Review Data to determine need, Document Creation, Document Review, Document Removal

Knowledge Management

Line of

Business LOB Service Description LOB Support RoleAll •Process Change Management :Discovery,

Negotiation, Implementation: Between service areas owners

Process Change Management

Line of

Business LOB Service Description LOB Support RoleAll •SLA Compliance: view Measure

Compliance: Make sure we are meeting our LOB IT Management



goal


All •Process Improvement: Internal to area Process Improvement

Line of

Business LOB Service Description LOB Support RoleAll •Customer Advocate Customer

Advocate


All •Customer Management: User Notification of system changes, informational updates

Customer Management



Appendix: High Level Functional Organizational Chart

IT Security Functions

3.0 IT Policy and Compliance

5.0 Application and System Access

2.0 Risk Management

6.0 Infrastructure Security

4.0 Security Information Management

1.0 Identity Management

Risk Mgmt and Security Architecture Services

User Provisioning Infrastructure Security

IT Policy and Compliance

Operational Security and Access Management (SAM)

Security Design and Governance Page 1


Hennepin County

IT Server Management Services

Service Definitions

TABLE OF CONTENTS Overview of Server Management Services........................................................................ 3

1.0 Server Provisioning............................................................................................................. 3 1.1 Server Provisioning – Linux, Windows, VMware ESX ________________________________ 3 1.2 Server infrastructure Maintenance & Monitoring _____________________________________ 3 1.3 Backup and Recovery for Infrastructure ____________________________________________ 4 1.4 Domain and Directory Support ___________________________________________________ 4 1.5 Last call for Help ______________________________________________________________ 5 1.6 Virtual Server Performance and Tuning ____________________________________________ 5 1.7 Web Services _________________________________________________________________ 5 1.8 Capacity Planning _____________________________________________________________ 6 1.9 Stress and Performance testing for ESX ____________________________________________ 6 1.10 Consulting Services ___________________________________________________________ 6 1.11 Print Management ____________________________________________________________ 7 1.12 Infrastructure Application Support _______________________________________________ 7 1.13 Server Security_______________________________________________________________ 7 1.14 File Management _____________________________________________________________ 8 1.15 General OS/Utility System Administration _________________________________________ 8 1.16 Citrix ______________________________________________________________________ 8 1.16 Research and Development _____________________________________________________ 9

2.0 Mainframe ......................................................................................................................... 10 2.1 Last Call for Assistance _______________________________________________________ 10 2.2 Software Installation and Maintenance ____________________________________________ 10 2.3 Mainframe Network Security____________________________________________________ 10 2.4 Consulting Services ___________________________________________________________ 10 2.5 Mainframe Storage Services ____________________________________________________ 11 2.6 RACF/LDAP ________________________________________________________________ 11 2.7 Mainframe System Automation __________________________________________________ 11 2.8 Mainframe Hardware Maintenance _______________________________________________ 11 2.9 Capacity Mainframe Planning ___________________________________________________ 12 2.10 Mainframe Disaster Recovery Disaster Recovery __________________________________ 12 2.11 Mainframe CL/SS ___________________________________________________________ 12 2.12 Mainframe Research and Recovery _____________________________________________ 12

3.0 Storage Management ........................................................................................................ 13 3.1 Data Recovery _______________________________________________________________ 13 3.2 SAN _______________________________________________________________________ 13 3.3 Storage Provisioning __________________________________________________________ 13 3.4 Consulting __________________________________________________________________ 14 3.5 Research and Development _____________________________________________________ 14

4.0 DataBase Administration ................................................................................................. 14 4.1 Mainframe IMS/DB2 __________________________________________________________ 14 4.2 Other Databases ______________________________________________________________ 15 4.3 DBA Consulting______________________________________________________________ 16 4.4 General DataBase Services, and Environments other than Production ____________________ 16 4.5 Research and Development _____________________________________________________ 17

Page 2 of 17

OVERVIEW OF SERVER MANAGEMENT SERVICES Information Security safeguards county information assets (e.g. government data, information systems, applications and devices, technical infrastructure) from unauthorized disclosure, use, modification, or loss by developing proactive technical and non-technical measures to help identify and prevent security risks. The following primary services fall under this category:

1.0 Server Provisioning This service provides identities using a central repository to eligible users, including: employees, contractors, business partners, and external customers. These users are authorized for access to enterprise applications, systems and services.

1.1 Server Provisioning – Linux, Windows, VMware ESX

Service Summary: This service encompasses all aspects of server provisioning – regardless of physical or virtual: 1. Provide technical consulting for server procurement and right-sizing. 2. Configure, provide purchase order information and coordinate physical

installation of new servers. 3. Install Operating System and configure new devices. 4. Review server age and create project teams to remove/replace obsolete server

and software 5. 4. Decommission old physical/Virtual servers. 6. 4. Set up and scheduling of production system environments through Change

Control (LOB & Infrastructure) 7. 5. Design and implementation of Active Directory domain, AntiVirus

infrastructure, and Server monitoring systems (Microsoft Operations Manager, HP systems insight manager, Nagios, NTSMF, Virtual Center)

8. 6. Installation and configuration of Web Infrastructure components (IIS, .Net framework. Apache). Installation, configuration, patching, and upgrades, of the infrastructure components only. Applications belong to the LoB.

9. VDI Setup and configuration 10. CITRIX installation, configuration, patching, administration, configuration,

and support of LoB IT. Orderable: Yes Request Process: SLAWS/RequestIT workflow process. E-mail requests Supporting Team: Sever Provisioning

1.2 Server infrastructure Maintenance & Monitoring

Page 3 of 17

Service Summary: 1. Maintain monitoring systems (Operations Manager, HP systems insight manager, Nagios, NTSMF, Virtual Center) 2. Monitor operational health of Hosts and Servers, respond to Host/Server and Operating System issues identified by monitoring systems and resolve. 3. Provide virus and malware status of affected devices to support staff by device. Quick and rigorous response to virus incidents. 4. Apply changes required to ensure servers remain stable, secure and reliable (software and firmware) 5. Perform File Level restores as requested by customers. 6. Provide Web Infrastructure configuration changes as required by customers. 7. SCCM Server inventory

Orderable: Yes Request Process: RequestIT/Remedy/E-Mail Supporting Team: Server Provisioning

1.3 Backup and Recovery for Infrastructure

Service Summary: 1. Provide backup and recovery for server image including Operating System and application configuration (excluding customer data) via the appropriate software product (BESR, VCB, Acronis) 2. Image backups are maintained to recover the infrastructure and are retained at alternate Data Center. 3. Active Directory infrastructure disaster recovery planning and testing. 4. Maintain backups of server registries

Orderable: No Request Process: Technology Management Services standard policies; E-mail Supporting Team: Storage Management Team

1.4 Domain and Directory Support

Service Summary: 1. Directory domain support: make changes required to Active Directory due to changing network topology, departmental Organizational Unit revisions, etc. Provide content recommendations to Risk Management and other organizations.

Page 4 of 17

2. Provide monitoring, second and third level incident management and resolution for Active Directory Infrastructure (Authentication, Replication, DNS, DHCP, WINS). 3. Provide Forest & Domain configuration enhancements including; implementation of new Schema; maintaining group policy standards

Orderable: Yes Request Process: Remedy/RequestIT/E-Mail Supporting Team: Server Provisioning Team

1.5 Last call for Help

Service Summary: Last call for help on system level and application problems. If so requested by the LoB, Central IT will look further up the software layer at potential application related issues from an infrastructure perspective. Orderable: Yes Request Process: Remedy/RequestIT Supporting Team: All Technology Management Systems Teams

1.6 Virtual Server Performance and Tuning

Service Summary: Provide ongoing performance and tuning of the virtual infrastructure to maintain best performance for all virtual applications. Orderable: No Request Process: Remedy Supporting Team: Server Provisioning Team

1.7 Web Services

Service Summary: Provide web services, to underlay applications. This includes installation, configuration, troubleshooting, and customer assistance. The specific web services software supported will be selected from among the software currently used at the county, and will definitely include Websphere Application Services and IIS. Orderable: Yes

Page 5 of 17

Request Process: Remedy/RequestIT Supporting Team: Content and Collaboration Team

1.8 Capacity Planning

Service Summary: Provide capacity planning for servers or hosts managed by Central IT. Orderable: Yes Request Process: E-mail Supporting Team: Server and VM teams

1.9 Stress and Performance testing for ESX

Service Summary: Facilitate server load and stress/performance testing, to determine the best mix of VMs on a given VM cluster, and the associated memory needs. Orderable: Yes Request Process: E-mail Supporting Team: Server and VM Teams

1.10 Consulting Services

Service Summary: Assisting customers with finding solutions to their infrastructure issues only, at the request of LoB. Ensure that the mainframe-based infrastructure services are represented at the ARB. Provide cost and budgeting assistance. Orderable: Yes Request Process: E-mail Supporting Team: Any Technology Management Services Team.

Page 6 of 17

1.11 Print Management

Service Summary: Create new print queues and file shares as requested by customers. Trouble shoot printer issues from the perspective of servers and print queues. Migrate printers to multi-function devices and support Toshiba printer management applications including RightFax integration.. Provide support for Xerox Docutech system. Maintain print monitor program for statistical analysis. Orderable: Yes Request Process: Remedy/RequestIT Supporting Team: Print Team

1.12 Infrastructure Application Support

Service Summary: 1. Tumbleweed Secure file transfer installation, configuration, and customer support 2. Maintaining and enhancing the Server Inventory Database System to meet operational needs 3. Maintain accurate maintenance contracts for all centrally supported servers, regardless of the vendor. 4. RightFax installation, configuration, and customer support 5. BlueZone installation, configuration, and customer support 6. TWS: installation, configuration, administration, and support.

Orderable: Yes Request Process: E-mail/Remedy Supporting Team: All Technology Management Services Teams

1.13 Server Security

Service Summary: Server and file hardening, in conjunction with best industry server practices. Set initial access and audit parameters, in collaboration with ERM. Orderable: Yes Request Process: Remedy/E-mail

Page 7 of 17

Supporting Team: Server Provisioning Team

1.14 File Management

Service Summary: Electronic file and storage management of files found in our file directory servers, such as Paris and Nairobi. Orderable: Yes Request Process: Remedy/E-mail Supporting Team: Server Provisioning Team

1.15 General OS/Utility System Administration

Service Summary: Central IT will be responsible for: installation, configuration, patching, upgrading, and making ready for the application installation, This includes responsibility for:

• Developing best practices • Baseline Configuration • System Standards • Documentation of standards

Central IT will be responsible for all system software system administration services. (Functions performed by the LOB include advanced configuration of the Web Infrastructure components and installation of the application software, where such skills exist within the LOB.) Central IT may delegate authority to Lines of Business to perform certain advanced or specialized configuration services, when this is in the best interests of Lines of Business and Central IT. Orderable: Yes Request Process: RequestIT/Remedy Supporting Team: Server Provisioning Team; Database Administration Team

1.16 Citrix

Service Summary: Central IT Server Provisioning provides:

Page 8 of 17

• Windows Servers with a base-image using the Windows Terminal Server role. Windows configuration changes will be made to deliver optimal performance and provide consistent "look and feel" for system users.

• Central IT installs and configures the Citrix software. • Citrix Group Policy Objects will be applied.

Citrix has several additional server based components that Central IT will install and administer from centrally Provisioned Windows Servers. These components include the Citrix Web Interface, Edgesight Monitoring, Citrix License Server, and SQL Server data stores. Users outside the local Hennepin campus network access the Citrix system through a Citrix Netscaler gateway. Configuration and management of the Netscaler gateway is a shared responsibility of Central IT’s NetComm group and Server Provisioning. End-user experience is monitored and enhancements will be monitored to both the Citrix environment and the individual hosted applications as needed to maintain user functionality. Central IT (via Desktop Engineering) will:

• Deploy the Citrix client to SCCM supported devices. • Package applications to be deployed via Citrix

LoB Comment

HSPH LoB Citrix activities will gradually migrate to Central IT based upon a to be defined transition plan.

Orderable: Yes Request Process: E-mail Supporting Team: Server Provisioning Team

1.16 Research and Development

Service Summary: Investigate, test, and implement new infrastructure components for use at the county. End user applications are not included. Orderable: Yes Request Process: E-mail Supporting Team: Server Provisioning Team

Page 9 of 17

2.0 Mainframe Offers systems expertise in maintaining and enhancing the IBM mainframe environment.

2.1 Last Call for Assistance Service Summary: Last call for help on any system or application problems. Orderable: Yes Request Process: Remedy/E-Mail Supporting Team: Mainframe Team

2.2 Software Installation and Maintenance Service Summary: Install and maintain Z/OS, IMS, CICS Orderable: No Request Process: None Supporting Team: Mainframe Team

2.3 Mainframe Network Security Service Summary: Configure VTAM, SNA, TCP/IP Orderable: No Request Process: Remedy/E-mail Supporting Team: Mainframe Team

2.4 Consulting Services Service Summary: Assisting customers with finding solutions to their infrastructure issues only, at the request of LoB. Ensure that the mainframe-based

Page 10 of 17

infrastructure services are represented at the ARB. Provide cost and budgeting assistance. Orderable: Yes Request Process: RequestIT Supporting Team: Mainframe Team

2.5 Mainframe Storage Services Service Summary: Storage Services Orderable: Yes Request Process: RequestIT/Remedy Supporting Team: Mainframe Team

2.6 RACF/LDAP Service Summary: Mainframe security support, in conjunction with ERM. Orderable: Yes Request Process: E-mail Supporting Team: Mainframe Team

2.7 Mainframe System Automation Service Summary: Automate operational tasks such as jobs, workflow, or usage of system utilities. Orderable: No Request Process: None Supporting Team: Mainframe Team

2.8 Mainframe Hardware Maintenance

Page 11 of 17

Service Summary: Perform scheduled host server maintenance. Orderable: No Request Process: None Supporting Team: Mainframe Team

2.9 Capacity Mainframe Planning Service Summary: Capacity planning as needed. Orderable: No Request Process: None Supporting Team: Mainframe Team

2.10 Mainframe Disaster Recovery Disaster Recovery Service Summary: Mainframe disaster recovery. Orderable: No Request Process: None Supporting Team: Mainframe Team

2.11 Mainframe CL/SS Service Summary: Support mainframe application session manager. Orderable: No Request Process: None Supporting Team: Mainframe Team

2.12 Mainframe Research and Recovery Service Summary: Plan and conduct mainframe disaster recovery plans.

Page 12 of 17

Orderable: No Request Process: None Supporting Team: Mainframe Team

3.0 Storage Management Offers customers, countywide, with storage services for their data, and conducts backup and recovery operations.

3.1 Data Recovery Service Summary: Backup of files. Recovery and restore of files Orderable: Yes Request Process: RequestIT/NSR/Remedy Supporting Team: Storage Services Team

3.2 SAN Service Summary: Networking of storage devices Orderable: Yes Request Process: RequestIT/NSR/Remedy Supporting Team: Storage Services Team

3.3 Storage Provisioning Service Summary: Purchasing, allocation, capacity planning, troubleshooting, and future directions of all storage capabilities. Orderable: Yes Request Process: RequestIT/Remedy/NSR Supporting Team: Storage Services Team

Page 13 of 17

3.4 Consulting Service Summary: Assisting customers with finding solutions to their infrastructure issues only, at the request of LoB. Ensure that the storage-based infrastructure services are represented at the ARB.above. Provide cost and budgeting assistance. Orderable: Yes Request Process: RequestIT/E-mail Supporting Team: Storage Services Team

3.5 Research and Development Service Summary: Investigate, test, and implement new infrastructure relating to storage. Orderable: Yes Request Process: E-mail Supporting Team: Storage Services Team

4.0 DataBase Administration This service provides database installation, configuration, and troubleshooting, of county-selected standard databases that are found on the Central IT database support list.

4.1 Mainframe IMS/DB2

Service Summary: 1. Mainframe Decommissioning Efforts

2. Continued application support for non-decommissioned applications 3. Job troubleshooting/re-running 4. Backup/Recovery 5. Database replication 6. Issue troubleshooting 7. Job code changes/screen changes

Orderable: Yes

Page 14 of 17

Request Process: RequestIT/Remedy Supporting Team: Database Administration Team

4.2 Other Databases

Service Summary: Non-supported databases include MS Access and “embedded” databases. Embedded databases are defined as those which are not intended for use outside of the application which encompasses them. Selected database management systems be supported with the following services:

1. Backup/Recovery 2. Production issue troubleshooting/resolution 3. Project task implementation 4. Database Architecture Planning/Design 5. Code reviews 6. Package/function/stored procedure coding/changes 7. Object design/changes 8. Database creation 9. Database performance monitoring/tuning 10. User/application security 11. High Availability/Failover architecture design/implementation 12. 24x7 on-call rotation 13. Capacity planning 14. Database maintenance 15. database system monitoring 16. SQL Server agent job: setup/monitoring 17. Database replication 18. SQL Server Reporting Service (install & config only, no tool support) 19. database monitoring tool configuration/implementation 20. All environments supported (dev, test, QA, prod, etc.). Access determined by

role, app, & environment 21. Software installation / upgrades /patching

LoB Comment

All LoB will provide all requirements and testing functions surrounding the database activities

APEX APEX will continue to provide its own Oracle DBA functionality.

All Customers will be given “DBO” (db_owner role) access (in the development environment only) to permit them to make changes to stored procedures, tables, jobs, etc. in a specific database related to their application. Customers will have the option of using Central IT DBA services in lieu of their own development resource should they so choose.

Page 15 of 17

WF2232

Sticky Note

LOB developers doing DB stay in line of business LOB = requirements gathering, testing, and coordination of any of the server functions initial system installation, config = central any unique needs based on the applic = lob

Orderable: Yes Request Process: RequestIT/Remedy Supporting Team: Database Administration Team

4.3 DBA Consulting

Service Summary: 1. Project planning 2. Kick-off meetings 3. Database Architecture SME for RFP's 4. Application database infrastructure design 5. ARB Representation 6. CAB Representation 7. Cost and budgeting assistance 8. Software license renewal/purchasing

Orderable: Yes Request Process: RequestIT/Remedy Supporting Team: Database Administration Team

4.4 General DataBase Services, and Environments other than Production

Service Summary: Central IT will be responsible for database servers including: installation, configuration, patching and upgrading of the Oracle and SQL Server database software. Central IT will support all environments including development, test, staging, UAT/QA and production. CIT will be responsible for standard database administration tasks including, but not limited to: backup/recovery, tuning, optimization, maintenance, availability, and job scheduling. For SQL Server environments, access in development environments for LoB developers will be open to enhance development (specifically, DBO/DB_owner access will be granted). Access will be restricted in non-development environments to what is needed by the application – DBO access will not be granted to individuals in non-development environments. CIT will provide environment migration of code to non-development environments. CIT will also

Page 16 of 17

of 17

provide database development (create and maintain stored procedures, functions, triggers, etc.) where such skills do not exist in the Line of Business. Orderable: Yes Request Process: RequestIT/Remedy Supporting Team: Database Administration Team

4.5 Research and Development

Service Summary: Investigate, test, and implement new infrastructure relating to the databases Orderable: Yes Request Process: Email Supporting Team: Database Administration

Federated Model Service Definitions with LOB 2010-10-15 Consolidated

Documents

Transcript of Federated Model Service Definitions with LOB 2010-10-15 Consolidated