Author: Marc Stamas
1.1 Combined effort on part of the (COMPANY) and the client Project Management Approach
Project Management is one of the most important factors to the overall success of any given engagement. Projects need to be evaluated against expected gains. Projects that are doomed to failure before they even commence carry a great business risk to (CLIENT) and to (COMPANY).
Projects do go wrong. However, project problems are normally due to a lack of clear objectives, poor organizational design, informal communication methods and inadequate structured planning and control methods. The project management approach described herein is intended to maximize the success of the engagement.
1.1.1 Ten Step Approach
(COMPANY) generally follows a ten-step approach for Project Management. By using this approach, many of the problems that typically impair a project from meeting its scheduled commitment dates are eliminated.
The steps involved with this process are as follows:
· Work Definition
· Planning
· Scheduling
· Estimation
· Cost Control
· Performance Measurement
· Risk Management
· Value Management
· Change Control
· Communication.
1.1.2 Key Outputs
Key outputs that result from this process include:
· A Project Plan
· A Project Schedule
· An Implementation Plan
· A Change Management process for the project
· Monthly Status Meetings to discuss progress, issues, concerns and provide needed recommendations to resolve issues
· Monthly Status Reports that define progress, the problems encountered, and the issues resolve on a continuous base throughout the life of the project
· An Issue Escalation and Resolution process for the project. Define roles and responsibilities
· Confirm Project Scope and Requirements
· Present “Living” Project Plan
· Establish lines and frequency of communication.
1.1.3 Staffing Structure
At (COMPANY), we recognize the importance of a mature approach not only to the implementation of customer projects and requirements but to their operational support as well. (COMPANY) understands how well one performs these functions not only determines the success or failure of a given project, but, more importantly, determines the long term business relationship of (COMPANY)’s customer base to (COMPANY). (COMPANY) further understands that a customer’s initial satisfaction serves as the fundamental building block to that goal.
The impending implementation of the (CLIENT) system architecture represents some distinct challenges for (COMPANY) and (CLIENT) from a program development, project management, design engineering, service rollout, and network support perspectives.
In order to effectively manage and control all the activities necessary to ensure success, (COMPANY) will assemble a project team that has the necessary expertise to meet (CLIENT)’s objectives. This project team will comprise both (COMPANY) internal resources and resources external to (COMPANY) to fortify the overall effort directed at (CLIENT).
1.1.4 Kick Off Meeting
Once the project is started, (COMPANY) will hold a kickoff meeting with (CLIENT). The purposes of this kickoff meeting are as follows:
1.04
1.05 By creating and utilizing a Priority Matrix within a simple two-axis matrix in which key frames or functions of the project deliverables are listed and prioritized according to their importance. Cross-referencing internal needs while examine backup contingencies based upon client’s request.
(COMPANY) creates an Information Management Council (IM Council), which is made up of each major (COMPANY) business departments where the client would place an agreement that would ensure (COMPANY) will follow through with commitments, without (CLIENT) having to be in a never ending Due Diligence Mode. (CLIENT) will not dictate the “how”, as far as how (COMPANY) provides the service. This was not a planned endeavor however, but grew from business requirements and the need to act quickly and decisively - the fact that the Internet is not done defining itself has also added to the problem. . It is important to understand that (CLIENT) is made up of many different business units and these business units are all connected by a wide area network called the “(CLIENT)” or (CLIENT), in accordance with (CLIENT)’s boundaryless nature
1.06
(CLIENT) currently outsources the management of their on premise Internet security architecture to (OUTSIDE CONSULTING SERVICES). With a relatively fixed amount of resources, (CLIENT) is unable to provide the resources and scalability necessary to support the growing needs of the (CLIENT) Businesses. This has resulted in (CLIENT)’s internal Internet resources not being able to support the needs of their internal customers which forces them to implement their Internet solutions with varying degree of security, operations, and support with no centralized control, quality inspection, or administration.
1.1.4 Business Requirements 2.1 Current Requirements
· Establish single consistent perimeter for corporation that is administered by a single vendor
· International presence
· Liability for vendor negligence
· Manage vendor to SLA
· Utilize third party audits and certifications as a means to perform due diligence of vendor
· Establish two year contract
· Quality program
· Bill (CLIENT) IDS only, not individual (CLIENT) Business Units.
2.2 Hosting Services
(CLIENT) estimates that they currently maintain 50 external web and/or ftp servers available on the Internet. It is their intention to migrate these servers to a (COMPANY)-provided environment over a scheduled time frame yet to be determined. The capacity of (COMPANY) to handle a number of concurrent projects will be a gating factor in this interval. Future hosted server requirements will accelerate over time at an undefined rate beyond this initial volume.
(CLIENT) has the following hosting requirements for all types of hosted servers where available:
· Operating system and server hardening
· 7x24x365 intrusion monitoring
· 7x24x365 break/fix hardware and software maintenance support
· Back-up and restore of the entire system
· Disaster recovery plan and documentation
· Upgrades and patches for both operational and security issues
· Scaleable, dedicated Internet bandwidth to the hosted server.
(COMPANY) should offer potential solutions for both (COMPANY)-provided and (CLIENT)-provided hardware scenarios.
(CLIENT) expects (COMPANY) to develop a unitized pricing list for offering hosting services. The resultant output should define various levels or categories of standard hosting services offered. Each hosting level or category should then describe the features and functions that are included and performed for a fixed price, identify limitations of the functions associated with the fixed price that is quoted, and identify the process to evaluate pricing increments when such limitations are reached.
(CLIENT) requires the optional availability of a staging server environment that is a best-effort exact duplicate of the targeted production host. Such a staging environment would be utilized by (CLIENT) Business Units only as a “final last step” in testing web applications and content prior to moving it into production. (CLIENT) Business Units will retain server environments within the (CLIENT) corporate network to support typical development and testing functions.
(CLIENT) further desires (COMPANY) to offer “high availability” hosting platforms in support of those (CLIENT) business applications that require significant up-time. High availability platforms should be designed to meet 99.9% and 99.99% availability targets.
2.2.1 Stand-alone Servers
(CLIENT) defines “stand-alone” servers as those web servers that require no connectivity in addition to the Internet community for standard TCP/IP services. (CLIENT) requires support for NT- and Unix-based platforms for the hosting of “stand-alone” servers. Web engines supported should include Microsoft IIS for NT platforms and Netscape Enterprise Server for Unix platforms. (CLIENT) intends to deploy multiple static web sites per physical server hardware within performance and operational limitations.
A secure mechanism must be offered to promote static content into production from both (CLIENT) corporate network locations as well as (CLIENT)-authorized web application development partners.
One unique instance of a stand-alone server that (CLIENT) requires is an https “drop” box. This server provides the ability for users to upload or download files securely over the Internet using only a browser.
2.2.2 Enhanced Servers
(CLIENT) defines “enhanced” servers as any web server with functionality beyond the publishing of static content. This includes the use of server-side executable scripts, third party or (CLIENT)-customized application software, and/or back-end connections to additional servers. (CLIENT) expects the volume of dynamic content, true “e-commerce” applications to grow significantly within the foreseeable future.
In addition to the requirements for all hosted services stated in the introduction of Section 4.7, (CLIENT) requires the vendor to perform Security Reviews in support of dynamic servers.
2.2.3 Housing Services
(CLIENT) defines “housing” as those minimal services that are required to host a “black box” on the Internet for which (COMPANY) is not performing additional value-added functions. Minimal housing services required by (CLIENT) include:
· Power
· Back-up and movement of tapes
· 7x24x365 SNMP monitoring
· Secure physical and logical access
· Floor and/or rack space.
(CLIENT) expects (COMPANY) to quote pricing for “housing” to the degree that these services performed are less than those provided for standard hosting services
2.3 Service Level Agreement
2.3.1 Service Level Measurement
(CLIENT) will utilize the following two-tier approach in managing the performance of (COMPANY).
2.3.1.1 Vendor Performance Against Defined Service Levels
(CLIENT) expects to negotiate a Service Level Agreement (SLA) as a Schedule to the Agreement for Services. The SLA will include defined metrics, target levels of performance, and remedies associated with the failure to meet the targeted levels. (CLIENT) will periodically review (COMPANY)’s performance against the SLA as a primary means of managing the overall relationship.
Although the actual SLA will be a negotiated item, (CLIENT) expects Service Levels to be defined for the following items:
expects Service Levels to be defined for the following items:
|
Service
Level
|
Definition
|
|
|
The availability of Internet Access through (COMPANY)’s
network, where Access is inclusive of
·
Internet browsing
·
Internet email
·
DNS queries
·
Connectivity from Hosting Servers to (CLIENT) back-end
computers
·
Connectivity from VPN Servers to (CLIENT) corporate network
|
|
Hosting Availability
|
The availability of Hosted Services provided by
(COMPANY)
|
|
Network Utilization Performance
|
The ability to monitor and detect the quality or
speed of throughput through (COMPANY)’s network
|
|
Service Request Performance
|
The ability to meet committed intervals for Service
Requests inclusive of
·
Security Reviews
·
Service Change Requests
|
2.3.1.2 Third Party Assessments
In order to reduce the amount of direct (CLIENT) resources engaged in performing vendor performance due diligence, (CLIENT) intends to use the following third party certification and/or audit mechanisms as an ongoing means of reviewing (COMPANY)’s capabilities.
2.3.1.2.1 Statement on Auditing Standards No. 70 (SAS 70)
SAS 70 audits will be employed as the means to provide an independent assessment of (COMPANY)’s deployment of operations and control procedures, and how well those controls have been implemented.
2.3.2 Relationship Management
The (COMPANY) (CLIENT) Global Alliance Director and (CLIENT) IDS Internet Project Manager (MEMBER’S NAMES), respectively, as of this writing) will proactively monitor and manage the ongoing health of the joint partnership between (COMPANY) and (CLIENT). This shall include, but not be limited to:
· Monitoring and management of (CLIENT) Service Levels
· Accountability for managing the prompt resolution of all issues (e.g., implementation, processing of new business, operations) as final point of escalation when they can not be resolved through normal procedures
· Intelligent and effective management of the process by which (CLIENT) requests (COMPANY) to respond to and support new business opportunities. Such potential growth of the relationship (through possible channels such as increased requirements in bandwidth or hosting volumes or diversity; integration of new security technologies or operational features into the solution) will be managed and negotiated in a manner that promotes and balances increased business success of both parties (see Section 9).
3 Service Implementation Management
The purpose of this section is to outline a proposed project management approach and high-level milestones that must be achieved to implement the services described in this Statement of Work. Whereas this text will clearly identify stages of activities that must be conducted, it does not attempt to set overall time intervals nor specify a detailed project schedule with firm date commitments. Such a schedule can only be determined after having agreed upon a final scope of initial services to implement, an associated detailed design, and identifying the level of resources available from (COMPANY) and (CLIENT) to participate in the project. That stated, (COMPANY) will negotiate in good faith with (CLIENT) to balance the speed of implementation against all other factors.
The baseline configuration described in the Solution Overview is one that provides a fundamental architecture which not only supports (CLIENT)’s initial requirements, but provides the inherent modularity to easily expand and facilitate growth. Even though (COMPANY) recognizes and embraces the strategic value of (CLIENT)’s long term business direction and objectives, we also recognize the critical importance of using an evolutionary process to control and manage this growth based on real life operational considerations. Like (CLIENT), (COMPANY) understands that uncontrolled and unmanaged growth and expansion can directly compromise operational security and the business delivery of services to its clients. Therefore, it is essential to the overall success of the (CLIENT) and (COMPANY) working partnership that speed not be sacrificed for quality throughout this process. Furthermore, there are critical elements to the overall process that have solidly fixed time frames that are extremely difficult to be changed, such as network turn-up, hardware procurement cycles, site considerations and data line provisioning. Attempting to compress the time elements associated in these areas directly increases the level of risk to implementation success as well as the timely delivery of business services and the cost to both parties.
Figure 8 on the following page portrays the implementation phases and services that are involved in the engagement, and maps these to the remaining sections within the Service Implementation Management arena. Section 6.1 will outline the project management approach used successfully by (COMPANY) for endeavors of this magnitude. Sub-sections 6.2.1, 6.2.2, and 6.2.3 will describe the milestones associated with the implementation of the base Secure Internet Services solution. Sections 6.3 and 6.4 will give consideration to similar milestones for Hosting and VPN Services although additional discussion with (CLIENT) is required in these areas. Finally, Section 7 of this Statement of Work outlines our Proposed Solution. Each sub-section therein further provides additional levels of implementation milestones associated with each dimension of (COMPANY)’s service offerings.
3.1 SIS Implementation Milestones
As depicted in Figure 8, the SIS implementation will be performed via three, slightly overlapping phases; Project Definition, Proof of Concept, and Production Rollout.
3.1.1 Phase 0 – Project Definition
The Project Definition phase consists of the following milestones and associated activities.
Identify Resources:
· Identification of (COMPANY), (CLIENT), and third party vendor (e.g., network and equipment provider) resources
· Establishment of roles and expected levels of participation
· Documentation of contact information
· General calendar planning.
Establish Project Procedures:
· Status Meetings and Reports
· Issue resolution
· Change management
· Documentation repositories
· Version control
· Communication methods.
Conduct Project Review:
· Scope of services
· Physical and logical demarcations
· Confirm documented requirements.
Develop Project Schedule:
· Project plan
· Required inputs
· Dependencies and critical path
· Deliverables.
Confirm SIS Conceptual Design:
· Network connectivity
· Routing
· Security Policy
· Email
· DNS
· Operational Procedures
· Network News.
Create SIS Detailed Design:
· Network connectivity
· Routing
· Security Policy and Procedures
· Email
· DNS
· Operational Procedures
· Network News.
SIS Design Acceptance:
· Presentation of final design
· Assessment against requirements
· Acceptance.
3.1.2 Phase 1 – Proof of Concept
The Proof of Concept phase consists of the following milestones and associated activities.
Establish Proof of Concept Certification Criteria:
· Proof of Concept scope
· Test plan and procedures
· Expected results.
Deploy Proof of Concept Solution Components:
· Procurement
· Provisioning
· Installation
· Staging
· Configuration.
Conduct Component and System Testing:
· Network connectivity
· Routing
· Security Policy and Procedures
· Email
· DNS
· Operational Procedures
· Network News.
Achieve Certification and Approval:
· Results documentation
· Assessment against Criteria
· Modification as needed of solution and supporting procedures/documentation
· Acceptance of Concept.
3.1.3 Phase 2 – Production Rollout
The Production Rollout phase consists of the following milestones and associated activities.
Pre-Implementation Planning:
· Roll-out schedule.
Implementation and Configuration:
· Additional Service Centers
· Additional (CLIENT) gateways
· (CLIENT) domains
· (CLIENT) internal SMTP servers.
Testing:
· Component and system testing
· Fail-over
· Operational readiness.
Certification and Acceptance:
· Results documentation
· Assessment against Criteria
· Modification as needed of solution and supporting procedures/documentation
· Acceptance of solution.
Production Turnover:
· Final cut into production.
3.1.3.1.1.1 Test & Integration
Prior to the production deployment, it will be important to review and test all individual components of the Internet Access design as well as the performance of the overall architecture.
(COMPANY) will perform the following activities in support of this milestone:
· Define testing elements
· Develop a test plan and test criteria for each element
· Define and jointly agree with (CLIENT) upon a testing methodology that will permit clear observations of expected performance
· Conduct system component “burn-in” during staging
· Confirm IP connectivity from the serving (COMPANY) Service Center to the (CLIENT) provided CPE equipment
· Conduct system integration tests to determine the functionality, stability, interaction and performance characteristics of the design
· Verify security configuration against the documented (CLIENT) security policy
· Create documentation that verifies the functionality and performance of the design
· Present documentation to (CLIENT) for their approval.
(CLIENT) will perform the following activities in support of this milestone:
· Participate in the definition and development of the testing methodology and acceptance criteria to be used
· Participate in the testing
· Review and not unreasonably withhold approval of the performance of the service.
*****Creating Milestone and Milestone Acceptance Criteria
Technical escalation – detection, confirmation and customer notice forChange Management
Whitepaper - Phase role out Author: Marc Stamas
Note: Incorporated and Implementation for: GE Corporate, NTT, Sanyo Electric, Marvel Comics,...
