Enterprise Architecture Information Security Management ...
[Pages:8]= VITA's MSI Integrator
Sys Admin
Administrator / Developer
AUTH AD COV AD
Nessus Pro to be installed on MSI-operated and VITA-
approved PC's outside CESC.
p4/10 of 69
Financial Management System (FMS) Users
End Users
All SMS components, except Keystone Edge, are intended to
be accessed exclusively from within the COV network (directly
or via VPN connection) and do not provide an external, Internet-accessible user interface.
Reverse Proxy Server
p10 of 69
Okta Identity Provider (IDP)
Okta Bridge Active Directory
(AD) Agent
F5 Load Balancer
p31/35/39 of 69
Cloud Service
Keystone Edge
Keystone EdgeTM (KE) stores data within an Oracle relational database
accessible via the platform and via web services queries.
VA-170822-SAIC-03~30 Exhibit 3
CMDB
Customer data in ServiceNow can be exported in
Excel format.
Oracle Primavera KE supports Primavera. VA-170822-SAIC-02.3.1. MSI Services Solution.
ServiceNow Backup Miami, FL
Keystone Edge (ServiceNow) components are hosted in ServiceNow's data centers within FedRAMP moderate certified spaces subject to physical and logical security controls necessary to maintain compliance with that certification. ServiceNow instances are deployed on client-dedicated hardware (not multi-tenant) within their secured facilities. Primary data center location for these instances is Culpepper, VA with a secondary facility for redundancy and system availability during upgrades in Miami, FL. As part of compliance with the FedRAMP certification, all network access to these systems from the Internet is encrypted HTTPS (443/TCP) via TLS 1.2, and data is encrypted at rest via full disk encryption.
p10 of 69
Google Cloud Platform (GCP)
Microsoft Azure
Amazon Web Services (AWS)
Enterprise Architecture
SMS VAR Model Based on CDD v4 Document
p12/24 of 69
CENTERTM Suite
p12/24 of 69
MED
136pvotwapp001 4vCPU 16GB D-300GB
MS SharePoint Server ? MSI Bus Svce Management, Proj Management, Sys Eng, Ent Arch, Process Owners
MED
136pvotwapp002 4vCPU 16GB D-300GB
Project Server ? MSI Project Management, Sys Eng, and Ent Arch
Clustered Data Warehouse
136ppotwsql001 2CPU 8-Cores 32GB D-10200GB
136ppotwsql002 2CPU 8-Cores 32GB D-10200GB
MS SQL Server DWH ? MSI Business Service Management, Proj Management, Sys Eng, Ent Arch, Process Owners, GEN-9, 64-bit
Financial Management
Systems
p44 of 69
SM DigitalFuel
136pvotlapp001 2vCPU 8GB D-568GB
136pvotlapp002 2vCPU 8GB D-568GB
DigitalFuel Application ? Front-end financial management portal, COV ITFM Users
Database Server ? COV ITFM Users and Agency Financial Management. Leveraging the Application Integration Services (AIS) program's VITA managed Oracle RAC environment.
DigitalFuel
Information Security Management System (ISMS) Platform
p4/5/10 of 69
A VITA owned and provided Governance, Risk and Compliance platform. Will be the source of policy and audit. Archer assists in the control of the audit lifecycle, enabling governance of audit-related activities, while also providing integration with risk and control functions. (Manual integration today) Security Policy and Audit source. Risk Management Framework, Controls Framework, Audit Lifecycle Control, Security Dashboards, and Security Governance.
Splunk ? Central Logging Security Visibility
136ppotlapp001 2CPU 8-Cores 128GB D-1100GB
Search Head ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
136ppotlapp002 2CPU 8-Cores 128GB D-1100GB
Index Server ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
Vault Cluster Partner
IAM
CPM-1
CPM-2
CPM-2
Central Policy Mgr (CPM)
PVWA
PVWA
Password Vault Web
Access (PVWA)
PSM-1
PSM-2
PSM-3
Privileged Session Mgr
(PSM)
PSM for secure access
p31 of 69
Application Identity Manager (AIM) Appliance
Password Vault Cluster
Privileged Account Security
Privileged Session Mgr (PSM) Archives p31 of 69
Workforce Identity Management: Privileged User Management: Credential Distribution Threat and Vulnerability Management: Password
Vaulting
MED
136PVOTLAPP010 4vCPU 16GB D-128GB
Keystone Edge Broker
136PVOTLAPP011 4vCPU 16GB D-128GB
SNOW MID Server ? ServiceNow Management, Information, and Discovery server; SMS Admin, STS Integration Services, Core Infrastructure Demand
VMware vRealize Automation (vRA) ? Cloud Management Platform ? Cloud Brokerage Service ? IaaS
p39/40 of 69
MED
136PVOTWAPP003 4vCPU 8GB D-140GB 136PVOTWAPP004 4vCPU 8GB D-140GB
Infrastructure Appliance ? Handles API calls from brokerage platform, Web Services, Manager Service, Distributed Execution Manager (DEM), DEM Orchestrator (DEO), Agent(s)
MED
136PVOTLAPP003 4vCPU 18GB D-158GB 136PVOTLAPP004 4vCPU 18GB D-158GB
Automation Application ? Front end portal for cloud brokerage platform, MSI SMS Admin, Core Infrastructure Demand, OVF SUSE v11SP4
SM
p63 of 69
136PVOTLAPP005 2vCPU 8GB D-328GB 136PVOTLAPP006 2vCPU 8GB D-328GB
Operations App ? MSI SMS Admin and API for cloud brokerage platform to use, OVF SUSE v11SP2
SM
136PVOTLAPP008 2vCPU 8GB D-458GB 136PVOTLAPP009 2vCPU 8GB D-458GB
Log Insight Application ? MSI SMS Admin, end-user portal and API for cloud brokerage platform to use (Administration), OVF SUSE v11SP4
p39/40 of 69
MED
136PVOTWSQL001 4vCPU 16GB D-520GB
Automation IaaS Database ? MSI SMS Administration and Cloud Brokerage
SM
136PVOTLAPP007 4vCPU 16GB D-400GB
Operations Database ? MSI SMS Administration and Cloud Brokerage OVF SUSE v11SP2
SailPoint Identity IQ ? Identity & Access Management (IAM)
136PPOTWAPP003 2CPU 8-Cores 16GB D-300GB 136PPOTWAPP004 2CPU 8-Cores 16GB D-300GB
UI Hosts ? MSI Service Desk, IAM Admin, SAML Authentication, Core Infrastructure Demand; Gen-9 64-bit
136ppotwsql003 2CPU 8-Cores 128GB D-1150GB
136ppotwsql004 2CPU 8-Cores 128GB D-1150GB
Database Server Host ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
136ppotwapp001 2CPU 8-Cores 16GB D-300GB 136ppotwapp002 2CPU 8-Cores 16GB D-300GB
Batch / Task Hosts ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
p35 of 69
Syslog Servers
Email Gateway
Domain Controllers
SMTP Servers
NTP Servers
Time Source Interface
SNMP Servers
= Security Focused Apps
= DR
PURPOSE: To depict MSI SMS CDD v4 document in a graphical format for VAR analysis and template diagram examples within the document.
VITA Draft Discussion Document // Rev: Nov-8-2018
This fit-for-purpose view is intended for a minimum 11x17 sized paper.
Robert Kowalke ~ Enterprise Architecture ~ robert.kowalke@vita. Relationship Management & Governance (RM&G) @ Virginia Information Technologies Agency (VITA)
Commonwealth Enterprise Solutions Center (CESC) Architectural Artifacts/Graphs/Views/Matrices/etc. reference page:
= VITA's MSI Integrator
Keystone Edge / ServiceNow Application Interaction View
Arrow = Communication Initiation Direction
p11 of 69
AUTH AD
Sys Admin
Administrator / Developer
COV AD
Nessus Pro to be installed on MSI-operated and VITA-
approved PC's outside CESC.
p4/10 of 69
Financial Management System (FMS) Users
End Users
All SMS components, except Keystone Edge, are intended to
be accessed exclusively from within the COV network (directly
or via VPN connection) and do not provide an external, Internet-accessible user interface.
Reverse Proxy Server
p10 of 69
Okta Identity Provider (IDP)
Okta Bridge Active Directory
(AD) Agent
F5 Load Balancer
p31/35/39 of 69
Cloud Service
Keystone Edge
Keystone EdgeTM (KE) stores data within an Oracle relational database
accessible via the platform and via web services queries.
VA-170822-SAIC-03~30 Exhibit 3
CMDB
Customer data in ServiceNow can be exported in
Excel format.
Oracle Primavera KE supports Primavera. VA-170822-SAIC-02.3.1. MSI Services Solution.
ServiceNow Backup Miami, FL
Keystone Edge (ServiceNow) components are hosted in ServiceNow's data centers within FedRAMP moderate certified spaces subject to physical and logical security controls necessary to maintain compliance with that certification. ServiceNow instances are deployed on client-dedicated hardware (not multi-tenant) within their secured facilities. Primary data center location for these instances is Culpepper, VA with a secondary facility for redundancy and system availability during upgrades in Miami, FL. As part of compliance with the FedRAMP certification, all network access to these systems from the Internet is encrypted HTTPS (443/TCP) via TLS 1.2, and data is encrypted at rest via full disk encryption.
p10 of 69
Google Cloud Platform (GCP)
Microsoft Azure
Amazon Web Services (AWS)
Enterprise Architecture
SMS VAR Model Based on CDD v4 Document
p12/24 of 69
CENTERTM Suite
p12/24 of 69
MED
136pvotwapp001 4vCPU 16GB D-300GB
MS SharePoint Server ? MSI Bus Svce Management, Proj Management, Sys Eng, Ent Arch, Process Owners
MED
136pvotwapp002 4vCPU 16GB D-300GB
Project Server ? MSI Project Management, Sys Eng, and Ent Arch
Clustered Data Warehouse
136ppotwsql001 2CPU 8-Cores 32GB D-10200GB
136ppotwsql002 2CPU 8-Cores 32GB D-10200GB
MS SQL Server DWH ? MSI Business Service Management, Proj Management, Sys Eng, Ent Arch, Process Owners, GEN-9, 64-bit
Financial Management
Systems
p44 of 69
SM DigitalFuel
136pvotlapp001 2vCPU 8GB D-568GB
136pvotlapp002 2vCPU 8GB D-568GB
DigitalFuel Application ? Front-end financial management portal, COV ITFM Users
Database Server ? COV ITFM Users and Agency Financial Management. Leveraging the Application Integration Services (AIS) program's VITA managed Oracle RAC environment.
DigitalFuel
Information Security Management System (ISMS) Platform
p4/5/10 of 69
A VITA owned and provided Governance, Risk and Compliance platform. Will be the source of policy and audit. Archer assists in the control of the audit lifecycle, enabling governance of audit-related activities, while also providing integration with risk and control functions. (Manual integration today) Security Policy and Audit source. Risk Management Framework, Controls Framework, Audit Lifecycle Control, Security Dashboards, and Security Governance.
Splunk ? Central Logging Security Visibility
136ppotlapp001 2CPU 8-Cores 128GB D-1100GB
Search Head ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
136ppotlapp002 2CPU 8-Cores 128GB D-1100GB
Index Server ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
Vault Cluster Partner
IAM
CPM-1
CPM-2
CPM-2
Central Policy Mgr (CPM)
PVWA
PVWA
Password Vault Web
Access (PVWA)
PSM-1
PSM-2
PSM-3
Privileged Session Mgr
(PSM)
PSM for secure access
p31 of 69
Application Identity Manager (AIM) Appliance
Password Vault Cluster
Privileged Account Security
Privileged Session Mgr (PSM) Archives p31 of 69
Workforce Identity Management: Privileged User Management: Credential Distribution Threat and Vulnerability Management: Password
Vaulting
MED
136PVOTLAPP010 4vCPU 16GB D-128GB
Keystone Edge Broker
136PVOTLAPP011 4vCPU 16GB D-128GB
SNOW MID Server ? ServiceNow Management, Information, and Discovery server; SMS Admin, STS Integration Services, Core Infrastructure Demand
VMware vRealize Automation (vRA) ? Cloud Management Platform ? Cloud Brokerage Service ? IaaS
p39/40 of 69
MED
136PVOTWAPP003 4vCPU 8GB D-140GB 136PVOTWAPP004 4vCPU 8GB D-140GB
Infrastructure Appliance ? Handles API calls from brokerage platform, Web Services, Manager Service, Distributed Execution Manager (DEM), DEM Orchestrator (DEO), Agent(s)
MED
136PVOTLAPP003 4vCPU 18GB D-158GB 136PVOTLAPP004 4vCPU 18GB D-158GB
Automation Application ? Front end portal for cloud brokerage platform, MSI SMS Admin, Core Infrastructure Demand, OVF SUSE v11SP4
SM
p63 of 69
136PVOTLAPP005 2vCPU 8GB D-328GB 136PVOTLAPP006 2vCPU 8GB D-328GB
Operations App ? MSI SMS Admin and API for cloud brokerage platform to use, OVF SUSE v11SP2
SM
136PVOTLAPP008 2vCPU 8GB D-458GB 136PVOTLAPP009 2vCPU 8GB D-458GB
Log Insight Application ? MSI SMS Admin, end-user portal and API for cloud brokerage platform to use (Administration), OVF SUSE v11SP4
p39/40 of 69
MED
136PVOTWSQL001 4vCPU 16GB D-520GB
Automation IaaS Database ? MSI SMS Administration and Cloud Brokerage
SM
136PVOTLAPP007 4vCPU 16GB D-400GB
Operations Database ? MSI SMS Administration and Cloud Brokerage OVF SUSE v11SP2
SailPoint Identity IQ ? Identity & Access Management (IAM)
136PPOTWAPP003 2CPU 8-Cores 16GB D-300GB 136PPOTWAPP004 2CPU 8-Cores 16GB D-300GB
UI Hosts ? MSI Service Desk, IAM Admin, SAML Authentication, Core Infrastructure Demand; Gen-9 64-bit
136ppotwsql003 2CPU 8-Cores 128GB D-1150GB
136ppotwsql004 2CPU 8-Cores 128GB D-1150GB
Database Server Host ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
136ppotwapp001 2CPU 8-Cores 16GB D-300GB 136ppotwapp002 2CPU 8-Cores 16GB D-300GB
Batch / Task Hosts ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
p35 of 69
Syslog Servers
Email Gateway
Domain Controllers
SMTP Servers
NTP Servers
Time Source Interface
SNMP Servers
= Keystone Edge / ServiceNow Application View
= Security Focused Apps
= DR
PURPOSE: To depict MSI SMS CDD v4 document in a graphical format for VAR analysis and template diagram examples within the document.
VITA Draft Discussion Document // Rev: Nov-8-2018
This fit-for-purpose view is intended for a minimum 11x17 sized paper.
Robert Kowalke ~ Enterprise Architecture ~ robert.kowalke@vita. Relationship Management & Governance (RM&G) @ Virginia Information Technologies Agency (VITA)
Commonwealth Enterprise Solutions Center (CESC) Architectural Artifacts/Graphs/Views/Matrices/etc. reference page:
= VITA's MSI Integrator
CENTER Application Interaction View
Arrow = Communication Initiation Direction
p12 of 69
Sys Admin
Administrator / Developer
AUTH AD COV AD
Nessus Pro to be installed on MSI-operated and VITA-
approved PC's outside CESC.
p4/10 of 69
Financial Management System (FMS) Users
End Users
All SMS components, except Keystone Edge, are intended to
be accessed exclusively from within the COV network (directly
or via VPN connection) and do not provide an external, Internet-accessible user interface.
Reverse Proxy Server
p10 of 69
Okta Identity Provider (IDP)
Okta Bridge Active Directory
(AD) Agent
F5 Load Balancer
p31/35/39 of 69
Cloud Service
Keystone Edge
Keystone EdgeTM (KE) stores data within an Oracle relational database
accessible via the platform and via web services queries.
VA-170822-SAIC-03~30 Exhibit 3
CMDB
Customer data in ServiceNow can be exported in
Excel format.
Oracle Primavera KE supports Primavera. VA-170822-SAIC-02.3.1. MSI Services Solution.
ServiceNow Backup Miami, FL
Keystone Edge (ServiceNow) components are hosted in ServiceNow's data centers within FedRAMP moderate certified spaces subject to physical and logical security controls necessary to maintain compliance with that certification. ServiceNow instances are deployed on client-dedicated hardware (not multi-tenant) within their secured facilities. Primary data center location for these instances is Culpepper, VA with a secondary facility for redundancy and system availability during upgrades in Miami, FL. As part of compliance with the FedRAMP certification, all network access to these systems from the Internet is encrypted HTTPS (443/TCP) via TLS 1.2, and data is encrypted at rest via full disk encryption.
p10 of 69
Google Cloud Platform (GCP)
Microsoft Azure
Amazon Web Services (AWS)
Enterprise Architecture
SMS VAR Model Based on CDD v4 Document
p12/24 of 69
CENTERTM Suite
p12/24 of 69
MED
136pvotwapp001 4vCPU 16GB D-300GB
MS SharePoint Server ? MSI Bus Svce Management, Proj Management, Sys Eng, Ent Arch, Process Owners
MED
136pvotwapp002 4vCPU 16GB D-300GB
Project Server ? MSI Project Management, Sys Eng, and Ent Arch
Clustered Data Warehouse
136ppotwsql001 2CPU 8-Cores 32GB D-10200GB
136ppotwsql002 2CPU 8-Cores 32GB D-10200GB
MS SQL Server DWH ? MSI Business Service Management, Proj Management, Sys Eng, Ent Arch, Process Owners, GEN-9, 64-bit
Financial Management
Systems
p44 of 69
SM DigitalFuel
136pvotlapp001 2vCPU 8GB D-568GB
136pvotlapp002 2vCPU 8GB D-568GB
DigitalFuel Application ? Front-end financial management portal, COV ITFM Users
Database Server ? COV ITFM Users and Agency Financial Management. Leveraging the Application Integration Services (AIS) program's VITA managed Oracle RAC environment.
DigitalFuel
Information Security Management System (ISMS) Platform
p4/5/10 of 69
A VITA owned and provided Governance, Risk and Compliance platform. Will be the source of policy and audit. Archer assists in the control of the audit lifecycle, enabling governance of audit-related activities, while also providing integration with risk and control functions. (Manual integration today) Security Policy and Audit source. Risk Management Framework, Controls Framework, Audit Lifecycle Control, Security Dashboards, and Security Governance.
Splunk ? Central Logging Security Visibility
136ppotlapp001 2CPU 8-Cores 128GB D-1100GB
Search Head ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
136ppotlapp002 2CPU 8-Cores 128GB D-1100GB
Index Server ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
Vault Cluster Partner
IAM
CPM-1
CPM-2
CPM-2
Central Policy Mgr (CPM)
PVWA
PVWA
Password Vault Web
Access (PVWA)
PSM-1
PSM-2
PSM-3
Privileged Session Mgr
(PSM)
PSM for secure access
p31 of 69
Application Identity Manager (AIM) Appliance
Password Vault Cluster
Privileged Account Security
Privileged Session Mgr (PSM) Archives p31 of 69
Workforce Identity Management: Privileged User Management: Credential Distribution Threat and Vulnerability Management: Password
Vaulting
MED
136PVOTLAPP010 4vCPU 16GB D-128GB
Keystone Edge Broker
136PVOTLAPP011 4vCPU 16GB D-128GB
SNOW MID Server ? ServiceNow Management, Information, and Discovery server; SMS Admin, STS Integration Services, Core Infrastructure Demand
VMware vRealize Automation (vRA) ? Cloud Management Platform ? Cloud Brokerage Service ? IaaS
p39/40 of 69
MED
136PVOTWAPP003 4vCPU 8GB D-140GB 136PVOTWAPP004 4vCPU 8GB D-140GB
Infrastructure Appliance ? Handles API calls from brokerage platform, Web Services, Manager Service, Distributed Execution Manager (DEM), DEM Orchestrator (DEO), Agent(s)
MED
136PVOTLAPP003 4vCPU 18GB D-158GB 136PVOTLAPP004 4vCPU 18GB D-158GB
Automation Application ? Front end portal for cloud brokerage platform, MSI SMS Admin, Core Infrastructure Demand, OVF SUSE v11SP4
SM
p63 of 69
136PVOTLAPP005 2vCPU 8GB D-328GB 136PVOTLAPP006 2vCPU 8GB D-328GB
Operations App ? MSI SMS Admin and API for cloud brokerage platform to use, OVF SUSE v11SP2
SM
136PVOTLAPP008 2vCPU 8GB D-458GB 136PVOTLAPP009 2vCPU 8GB D-458GB
Log Insight Application ? MSI SMS Admin, end-user portal and API for cloud brokerage platform to use (Administration), OVF SUSE v11SP4
p39/40 of 69
MED
136PVOTWSQL001 4vCPU 16GB D-520GB
Automation IaaS Database ? MSI SMS Administration and Cloud Brokerage
SM
136PVOTLAPP007 4vCPU 16GB D-400GB
Operations Database ? MSI SMS Administration and Cloud Brokerage OVF SUSE v11SP2
SailPoint Identity IQ ? Identity & Access Management (IAM)
136PPOTWAPP003 2CPU 8-Cores 16GB D-300GB 136PPOTWAPP004 2CPU 8-Cores 16GB D-300GB
UI Hosts ? MSI Service Desk, IAM Admin, SAML Authentication, Core Infrastructure Demand; Gen-9 64-bit
136ppotwsql003 2CPU 8-Cores 128GB D-1150GB
136ppotwsql004 2CPU 8-Cores 128GB D-1150GB
Database Server Host ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
136ppotwapp001 2CPU 8-Cores 16GB D-300GB 136ppotwapp002 2CPU 8-Cores 16GB D-300GB
Batch / Task Hosts ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
p35 of 69
Syslog Servers
Email Gateway
Domain Controllers
SMTP Servers
NTP Servers
Time Source Interface
SNMP Servers
= Keystone Edge / ServiceNow Application View
= Security Focused Apps
= DR
PURPOSE: To depict MSI SMS CDD v4 document in a graphical format for VAR analysis and template diagram examples within the document.
VITA Draft Discussion Document // Rev: Nov-8-2018
This fit-for-purpose view is intended for a minimum 11x17 sized paper.
Robert Kowalke ~ Enterprise Architecture ~ robert.kowalke@vita. Relationship Management & Governance (RM&G) @ Virginia Information Technologies Agency (VITA)
Commonwealth Enterprise Solutions Center (CESC) Architectural Artifacts/Graphs/Views/Matrices/etc. reference page:
= VITA's MSI Integrator
Splunk Application Interaction View
Arrow = Communication Initiation Direction
p13 of 69
Sys Admin
Administrator / Developer
AUTH AD COV AD
Nessus Pro to be installed on MSI-operated and VITA-
approved PC's outside CESC.
p4/10 of 69
Financial Management System (FMS) Users
End Users
All SMS components, except Keystone Edge, are intended to
be accessed exclusively from within the COV network (directly
or via VPN connection) and do not provide an external, Internet-accessible user interface.
Reverse Proxy Server
p10 of 69
Okta Identity Provider (IDP)
Okta Bridge Active Directory
(AD) Agent
F5 Load Balancer
p31/35/39 of 69
Cloud Service
Keystone Edge
Keystone EdgeTM (KE) stores data within an Oracle relational database
accessible via the platform and via web services queries.
VA-170822-SAIC-03~30 Exhibit 3
CMDB
Customer data in ServiceNow can be exported in
Excel format.
Oracle Primavera KE supports Primavera. VA-170822-SAIC-02.3.1. MSI Services Solution.
ServiceNow Backup Miami, FL
Keystone Edge (ServiceNow) components are hosted in ServiceNow's data centers within FedRAMP moderate certified spaces subject to physical and logical security controls necessary to maintain compliance with that certification. ServiceNow instances are deployed on client-dedicated hardware (not multi-tenant) within their secured facilities. Primary data center location for these instances is Culpepper, VA with a secondary facility for redundancy and system availability during upgrades in Miami, FL. As part of compliance with the FedRAMP certification, all network access to these systems from the Internet is encrypted HTTPS (443/TCP) via TLS 1.2, and data is encrypted at rest via full disk encryption.
p10 of 69
Google Cloud Platform (GCP)
Microsoft Azure
Amazon Web Services (AWS)
Enterprise Architecture
SMS VAR Model Based on CDD v4 Document
p12/24 of 69
CENTERTM Suite
p12/24 of 69
MED
136pvotwapp001 4vCPU 16GB D-300GB
MS SharePoint Server ? MSI Bus Svce Management, Proj Management, Sys Eng, Ent Arch, Process Owners
MED
136pvotwapp002 4vCPU 16GB D-300GB
Project Server ? MSI Project Management, Sys Eng, and Ent Arch
Clustered Data Warehouse
136ppotwsql001 2CPU 8-Cores 32GB D-10200GB
136ppotwsql002 2CPU 8-Cores 32GB D-10200GB
MS SQL Server DWH ? MSI Business Service Management, Proj Management, Sys Eng, Ent Arch, Process Owners, GEN-9, 64-bit
Financial Management
Systems
p44 of 69
SM DigitalFuel
136pvotlapp001 2vCPU 8GB D-568GB
136pvotlapp002 2vCPU 8GB D-568GB
DigitalFuel Application ? Front-end financial management portal, COV ITFM Users
Database Server ? COV ITFM Users and Agency Financial Management. Leveraging the Application Integration Services (AIS) program's VITA managed Oracle RAC environment.
DigitalFuel
Information Security Management System (ISMS) Platform
p4/5/10 of 69
A VITA owned and provided Governance, Risk and Compliance platform. Will be the source of policy and audit. Archer assists in the control of the audit lifecycle, enabling governance of audit-related activities, while also providing integration with risk and control functions. (Manual integration today) Security Policy and Audit source. Risk Management Framework, Controls Framework, Audit Lifecycle Control, Security Dashboards, and Security Governance.
Splunk ? Central Logging Security Visibility
136ppotlapp001 2CPU 8-Cores 128GB D-1100GB
Search Head ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
136ppotlapp002 2CPU 8-Cores 128GB D-1100GB
Index Server ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
Vault Cluster Partner
IAM
CPM-1
CPM-2
CPM-2
Central Policy Mgr (CPM)
PVWA
PVWA
Password Vault Web
Access (PVWA)
PSM-1
PSM-2
PSM-3
Privileged Session Mgr
(PSM)
PSM for secure access
p31 of 69
Application Identity Manager (AIM) Appliance
Password Vault Cluster
Privileged Account Security
Privileged Session Mgr (PSM) Archives p31 of 69
Workforce Identity Management: Privileged User Management: Credential Distribution Threat and Vulnerability Management: Password
Vaulting
MED
136PVOTLAPP010 4vCPU 16GB D-128GB
Keystone Edge Broker
136PVOTLAPP011 4vCPU 16GB D-128GB
SNOW MID Server ? ServiceNow Management, Information, and Discovery server; SMS Admin, STS Integration Services, Core Infrastructure Demand
VMware vRealize Automation (vRA) ? Cloud Management Platform ? Cloud Brokerage Service ? IaaS
p39/40 of 69
MED
136PVOTWAPP003 4vCPU 8GB D-140GB 136PVOTWAPP004 4vCPU 8GB D-140GB
Infrastructure Appliance ? Handles API calls from brokerage platform, Web Services, Manager Service, Distributed Execution Manager (DEM), DEM Orchestrator (DEO), Agent(s)
MED
136PVOTLAPP003 4vCPU 18GB D-158GB 136PVOTLAPP004 4vCPU 18GB D-158GB
Automation Application ? Front end portal for cloud brokerage platform, MSI SMS Admin, Core Infrastructure Demand, OVF SUSE v11SP4
SM
p63 of 69
136PVOTLAPP005 2vCPU 8GB D-328GB 136PVOTLAPP006 2vCPU 8GB D-328GB
Operations App ? MSI SMS Admin and API for cloud brokerage platform to use, OVF SUSE v11SP2
SM
136PVOTLAPP008 2vCPU 8GB D-458GB 136PVOTLAPP009 2vCPU 8GB D-458GB
Log Insight Application ? MSI SMS Admin, end-user portal and API for cloud brokerage platform to use (Administration), OVF SUSE v11SP4
p39/40 of 69
MED
136PVOTWSQL001 4vCPU 16GB D-520GB
Automation IaaS Database ? MSI SMS Administration and Cloud Brokerage
SM
136PVOTLAPP007 4vCPU 16GB D-400GB
Operations Database ? MSI SMS Administration and Cloud Brokerage OVF SUSE v11SP2
SailPoint Identity IQ ? Identity & Access Management (IAM)
136PPOTWAPP003 2CPU 8-Cores 16GB D-300GB 136PPOTWAPP004 2CPU 8-Cores 16GB D-300GB
UI Hosts ? MSI Service Desk, IAM Admin, SAML Authentication, Core Infrastructure Demand; Gen-9 64-bit
136ppotwsql003 2CPU 8-Cores 128GB D-1150GB
136ppotwsql004 2CPU 8-Cores 128GB D-1150GB
Database Server Host ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
136ppotwapp001 2CPU 8-Cores 16GB D-300GB 136ppotwapp002 2CPU 8-Cores 16GB D-300GB
Batch / Task Hosts ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
p35 of 69
Syslog Servers
Email Gateway
Domain Controllers
SMTP Servers
NTP Servers
Time Source Interface
SNMP Servers
= Keystone Edge / ServiceNow Application View
= Security Focused Apps
= DR
PURPOSE: To depict MSI SMS CDD v4 document in a graphical format for VAR analysis and template diagram examples within the document.
VITA Draft Discussion Document // Rev: Nov-8-2018
This fit-for-purpose view is intended for a minimum 11x17 sized paper.
Robert Kowalke ~ Enterprise Architecture ~ robert.kowalke@vita. Relationship Management & Governance (RM&G) @ Virginia Information Technologies Agency (VITA)
Commonwealth Enterprise Solutions Center (CESC) Architectural Artifacts/Graphs/Views/Matrices/etc. reference page:
= VITA's MSI Integrator
CyberArk Application Interaction View
Arrow = Communication Initiation Direction
p14 of 69
Sys Admin
Administrator / Developer
AUTH AD COV AD
Nessus Pro to be installed on MSI-operated and VITA-
approved PC's outside CESC.
p4/10 of 69
Financial Management System (FMS) Users
End Users
All SMS components, except Keystone Edge, are intended to
be accessed exclusively from within the COV network (directly
or via VPN connection) and do not provide an external, Internet-accessible user interface.
Reverse Proxy Server
p10 of 69
Okta Identity Provider (IDP)
Okta Bridge Active Directory
(AD) Agent
F5 Load Balancer
p31/35/39 of 69
Cloud Service
Keystone Edge
Keystone EdgeTM (KE) stores data within an Oracle relational database
accessible via the platform and via web services queries.
VA-170822-SAIC-03~30 Exhibit 3
CMDB
Customer data in ServiceNow can be exported in
Excel format.
Oracle Primavera KE supports Primavera. VA-170822-SAIC-02.3.1. MSI Services Solution.
ServiceNow Backup Miami, FL
Keystone Edge (ServiceNow) components are hosted in ServiceNow's data centers within FedRAMP moderate certified spaces subject to physical and logical security controls necessary to maintain compliance with that certification. ServiceNow instances are deployed on client-dedicated hardware (not multi-tenant) within their secured facilities. Primary data center location for these instances is Culpepper, VA with a secondary facility for redundancy and system availability during upgrades in Miami, FL. As part of compliance with the FedRAMP certification, all network access to these systems from the Internet is encrypted HTTPS (443/TCP) via TLS 1.2, and data is encrypted at rest via full disk encryption.
p10 of 69
Google Cloud Platform (GCP)
Microsoft Azure
Amazon Web Services (AWS)
Enterprise Architecture
SMS VAR Model Based on CDD v4 Document
p12/24 of 69
CENTERTM Suite
p12/24 of 69
MED
136pvotwapp001 4vCPU 16GB D-300GB
MS SharePoint Server ? MSI Bus Svce Management, Proj Management, Sys Eng, Ent Arch, Process Owners
MED
136pvotwapp002 4vCPU 16GB D-300GB
Project Server ? MSI Project Management, Sys Eng, and Ent Arch
Clustered Data Warehouse
136ppotwsql001 2CPU 8-Cores 32GB D-10200GB
136ppotwsql002 2CPU 8-Cores 32GB D-10200GB
MS SQL Server DWH ? MSI Business Service Management, Proj Management, Sys Eng, Ent Arch, Process Owners, GEN-9, 64-bit
Financial Management
Systems
p44 of 69
SM DigitalFuel
136pvotlapp001 2vCPU 8GB D-568GB
136pvotlapp002 2vCPU 8GB D-568GB
DigitalFuel Application ? Front-end financial management portal, COV ITFM Users
Database Server ? COV ITFM Users and Agency Financial Management. Leveraging the Application Integration Services (AIS) program's VITA managed Oracle RAC environment.
DigitalFuel
Information Security Management System (ISMS) Platform
p4/5/10 of 69
A VITA owned and provided Governance, Risk and Compliance platform. Will be the source of policy and audit. Archer assists in the control of the audit lifecycle, enabling governance of audit-related activities, while also providing integration with risk and control functions. (Manual integration today) Security Policy and Audit source. Risk Management Framework, Controls Framework, Audit Lifecycle Control, Security Dashboards, and Security Governance.
Splunk ? Central Logging Security Visibility
136ppotlapp001 2CPU 8-Cores 128GB D-1100GB
Search Head ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
136ppotlapp002 2CPU 8-Cores 128GB D-1100GB
Index Server ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
Vault Cluster Partner
IAM
CPM-1
CPM-2
CPM-2
Central Policy Mgr (CPM)
PVWA
PVWA
Password Vault Web
Access (PVWA)
PSM-1
PSM-2
PSM-3
Privileged Session Mgr
(PSM)
PSM for secure access
p31 of 69
Application Identity Manager (AIM) Appliance
Password Vault Cluster
Privileged Account Security
Privileged Session Mgr (PSM) Archives p31 of 69
Workforce Identity Management: Privileged User Management: Credential Distribution Threat and Vulnerability Management: Password
Vaulting
MED
136PVOTLAPP010 4vCPU 16GB D-128GB
Keystone Edge Broker
136PVOTLAPP011 4vCPU 16GB D-128GB
SNOW MID Server ? ServiceNow Management, Information, and Discovery server; SMS Admin, STS Integration Services, Core Infrastructure Demand
VMware vRealize Automation (vRA) ? Cloud Management Platform ? Cloud Brokerage Service ? IaaS
p39/40 of 69
MED
136PVOTWAPP003 4vCPU 8GB D-140GB 136PVOTWAPP004 4vCPU 8GB D-140GB
Infrastructure Appliance ? Handles API calls from brokerage platform, Web Services, Manager Service, Distributed Execution Manager (DEM), DEM Orchestrator (DEO), Agent(s)
MED
136PVOTLAPP003 4vCPU 18GB D-158GB 136PVOTLAPP004 4vCPU 18GB D-158GB
Automation Application ? Front end portal for cloud brokerage platform, MSI SMS Admin, Core Infrastructure Demand, OVF SUSE v11SP4
SM
p63 of 69
136PVOTLAPP005 2vCPU 8GB D-328GB 136PVOTLAPP006 2vCPU 8GB D-328GB
Operations App ? MSI SMS Admin and API for cloud brokerage platform to use, OVF SUSE v11SP2
SM
136PVOTLAPP008 2vCPU 8GB D-458GB 136PVOTLAPP009 2vCPU 8GB D-458GB
Log Insight Application ? MSI SMS Admin, end-user portal and API for cloud brokerage platform to use (Administration), OVF SUSE v11SP4
p39/40 of 69
MED
136PVOTWSQL001 4vCPU 16GB D-520GB
Automation IaaS Database ? MSI SMS Administration and Cloud Brokerage
SM
136PVOTLAPP007 4vCPU 16GB D-400GB
Operations Database ? MSI SMS Administration and Cloud Brokerage OVF SUSE v11SP2
SailPoint Identity IQ ? Identity & Access Management (IAM)
136PPOTWAPP003 2CPU 8-Cores 16GB D-300GB 136PPOTWAPP004 2CPU 8-Cores 16GB D-300GB
UI Hosts ? MSI Service Desk, IAM Admin, SAML Authentication, Core Infrastructure Demand; Gen-9 64-bit
136ppotwsql003 2CPU 8-Cores 128GB D-1150GB
136ppotwsql004 2CPU 8-Cores 128GB D-1150GB
Database Server Host ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
136ppotwapp001 2CPU 8-Cores 16GB D-300GB 136ppotwapp002 2CPU 8-Cores 16GB D-300GB
Batch / Task Hosts ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
p35 of 69
Syslog Servers
Email Gateway
Domain Controllers
SMTP Servers
NTP Servers
Time Source Interface
SNMP Servers
= Keystone Edge / ServiceNow Application View
= Security Focused Apps
= DR
PURPOSE: To depict MSI SMS CDD v4 document in a graphical format for VAR analysis and template diagram examples within the document.
VITA Draft Discussion Document // Rev: Nov-8-2018
This fit-for-purpose view is intended for a minimum 11x17 sized paper.
Robert Kowalke ~ Enterprise Architecture ~ robert.kowalke@vita. Relationship Management & Governance (RM&G) @ Virginia Information Technologies Agency (VITA)
Commonwealth Enterprise Solutions Center (CESC) Architectural Artifacts/Graphs/Views/Matrices/etc. reference page:
= VITA's MSI Integrator
Privileged Session Management (PSM) Application Interaction View
Arrow = Communication Initiation Direction
p15 of 69
AUTH AD
Sys Admin
Administrator / Developer
COV AD
Nessus Pro to be installed on MSI-operated and VITA-
approved PC's outside CESC.
p4/10 of 69
Financial Management System (FMS) Users
End Users
All SMS components, except Keystone Edge, are intended to
be accessed exclusively from within the COV network (directly
or via VPN connection) and do not provide an external, Internet-accessible user interface.
Reverse Proxy Server
p10 of 69
Okta Identity Provider (IDP)
Okta Bridge Active Directory
(AD) Agent
F5 Load Balancer
p31/35/39 of 69
Cloud Service
Keystone Edge
Keystone EdgeTM (KE) stores data within an Oracle relational database
accessible via the platform and via web services queries.
VA-170822-SAIC-03~30 Exhibit 3
CMDB
Customer data in ServiceNow can be exported in
Excel format.
Oracle Primavera KE supports Primavera. VA-170822-SAIC-02.3.1. MSI Services Solution.
ServiceNow Backup Miami, FL
Keystone Edge (ServiceNow) components are hosted in ServiceNow's data centers within FedRAMP moderate certified spaces subject to physical and logical security controls necessary to maintain compliance with that certification. ServiceNow instances are deployed on client-dedicated hardware (not multi-tenant) within their secured facilities. Primary data center location for these instances is Culpepper, VA with a secondary facility for redundancy and system availability during upgrades in Miami, FL. As part of compliance with the FedRAMP certification, all network access to these systems from the Internet is encrypted HTTPS (443/TCP) via TLS 1.2, and data is encrypted at rest via full disk encryption.
p10 of 69
Google Cloud Platform (GCP)
Microsoft Azure
Amazon Web Services (AWS)
Enterprise Architecture
SMS VAR Model Based on CDD v4 Document
p12/24 of 69
CENTERTM Suite
p12/24 of 69
MED
136pvotwapp001 4vCPU 16GB D-300GB
MS SharePoint Server ? MSI Bus Svce Management, Proj Management, Sys Eng, Ent Arch, Process Owners
MED
136pvotwapp002 4vCPU 16GB D-300GB
Project Server ? MSI Project Management, Sys Eng, and Ent Arch
Clustered Data Warehouse
136ppotwsql001 2CPU 8-Cores 32GB D-10200GB
136ppotwsql002 2CPU 8-Cores 32GB D-10200GB
MS SQL Server DWH ? MSI Business Service Management, Proj Management, Sys Eng, Ent Arch, Process Owners, GEN-9, 64-bit
Financial Management
Systems
p44 of 69
SM DigitalFuel
136pvotlapp001 2vCPU 8GB D-568GB
136pvotlapp002 2vCPU 8GB D-568GB
DigitalFuel Application ? Front-end financial management portal, COV ITFM Users
Database Server ? COV ITFM Users and Agency Financial Management. Leveraging the Application Integration Services (AIS) program's VITA managed Oracle RAC environment.
DigitalFuel
Information Security Management System (ISMS) Platform
p4/5/10 of 69
A VITA owned and provided Governance, Risk and Compliance platform. Will be the source of policy and audit. Archer assists in the control of the audit lifecycle, enabling governance of audit-related activities, while also providing integration with risk and control functions. (Manual integration today) Security Policy and Audit source. Risk Management Framework, Controls Framework, Audit Lifecycle Control, Security Dashboards, and Security Governance.
Splunk ? Central Logging Security Visibility
136ppotlapp001 2CPU 8-Cores 128GB D-1100GB
Search Head ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
136ppotlapp002 2CPU 8-Cores 128GB D-1100GB
Index Server ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
Vault Cluster Partner
IAM
CPM-1
CPM-2
CPM-2
Central Policy Mgr (CPM)
PVWA
PVWA
Password Vault Web
Access (PVWA)
PSM-1
PSM-2
PSM-3
Privileged Session Mgr
(PSM)
PSM for secure access
p31 of 69
Application Identity Manager (AIM) Appliance
Password Vault Cluster
Privileged Account Security
Privileged Session Mgr (PSM) Archives p31 of 69
Workforce Identity Management: Privileged User Management: Credential Distribution Threat and Vulnerability Management: Password
Vaulting
MED
136PVOTLAPP010 4vCPU 16GB D-128GB
Keystone Edge Broker
136PVOTLAPP011 4vCPU 16GB D-128GB
SNOW MID Server ? ServiceNow Management, Information, and Discovery server; SMS Admin, STS Integration Services, Core Infrastructure Demand
VMware vRealize Automation (vRA) ? Cloud Management Platform ? Cloud Brokerage Service ? IaaS
p39/40 of 69
MED
136PVOTWAPP003 4vCPU 8GB D-140GB 136PVOTWAPP004 4vCPU 8GB D-140GB
Infrastructure Appliance ? Handles API calls from brokerage platform, Web Services, Manager Service, Distributed Execution Manager (DEM), DEM Orchestrator (DEO), Agent(s)
MED
136PVOTLAPP003 4vCPU 18GB D-158GB 136PVOTLAPP004 4vCPU 18GB D-158GB
Automation Application ? Front end portal for cloud brokerage platform, MSI SMS Admin, Core Infrastructure Demand, OVF SUSE v11SP4
SM
p63 of 69
136PVOTLAPP005 2vCPU 8GB D-328GB 136PVOTLAPP006 2vCPU 8GB D-328GB
Operations App ? MSI SMS Admin and API for cloud brokerage platform to use, OVF SUSE v11SP2
SM
136PVOTLAPP008 2vCPU 8GB D-458GB 136PVOTLAPP009 2vCPU 8GB D-458GB
Log Insight Application ? MSI SMS Admin, end-user portal and API for cloud brokerage platform to use (Administration), OVF SUSE v11SP4
p39/40 of 69
MED
136PVOTWSQL001 4vCPU 16GB D-520GB
Automation IaaS Database ? MSI SMS Administration and Cloud Brokerage
SM
136PVOTLAPP007 4vCPU 16GB D-400GB
Operations Database ? MSI SMS Administration and Cloud Brokerage OVF SUSE v11SP2
SailPoint Identity IQ ? Identity & Access Management (IAM)
136PPOTWAPP003 2CPU 8-Cores 16GB D-300GB 136PPOTWAPP004 2CPU 8-Cores 16GB D-300GB
UI Hosts ? MSI Service Desk, IAM Admin, SAML Authentication, Core Infrastructure Demand; Gen-9 64-bit
136ppotwsql003 2CPU 8-Cores 128GB D-1150GB
136ppotwsql004 2CPU 8-Cores 128GB D-1150GB
Database Server Host ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
136ppotwapp001 2CPU 8-Cores 16GB D-300GB 136ppotwapp002 2CPU 8-Cores 16GB D-300GB
Batch / Task Hosts ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
p35 of 69
Syslog Servers
Email Gateway
Domain Controllers
SMTP Servers
NTP Servers
Time Source Interface
SNMP Servers
= Keystone Edge / ServiceNow Application View
= Security Focused Apps
= DR
PURPOSE: To depict MSI SMS CDD v4 document in a graphical format for VAR analysis and template diagram examples within the document.
VITA Draft Discussion Document // Rev: Nov-8-2018
This fit-for-purpose view is intended for a minimum 11x17 sized paper.
Robert Kowalke ~ Enterprise Architecture ~ robert.kowalke@vita. Relationship Management & Governance (RM&G) @ Virginia Information Technologies Agency (VITA)
Commonwealth Enterprise Solutions Center (CESC) Architectural Artifacts/Graphs/Views/Matrices/etc. reference page:
= VITA's MSI Integrator
Application Identity Management (AIM) Application Interaction View
Arrow = Communication Initiation Direction
p16 of 69
AUTH AD
Sys Admin
Administrator / Developer
COV AD
Nessus Pro to be installed on MSI-operated and VITA-
approved PC's outside CESC.
p4/10 of 69
Financial Management System (FMS) Users
End Users
All SMS components, except Keystone Edge, are intended to
be accessed exclusively from within the COV network (directly
or via VPN connection) and do not provide an external, Internet-accessible user interface.
Reverse Proxy Server
p10 of 69
Okta Identity Provider (IDP)
Okta Bridge Active Directory
(AD) Agent
F5 Load Balancer
p31/35/39 of 69
Cloud Service
Keystone Edge
Keystone EdgeTM (KE) stores data within an Oracle relational database
accessible via the platform and via web services queries.
VA-170822-SAIC-03~30 Exhibit 3
CMDB
Customer data in ServiceNow can be exported in
Excel format.
Oracle Primavera KE supports Primavera. VA-170822-SAIC-02.3.1. MSI Services Solution.
ServiceNow Backup Miami, FL
Keystone Edge (ServiceNow) components are hosted in ServiceNow's data centers within FedRAMP moderate certified spaces subject to physical and logical security controls necessary to maintain compliance with that certification. ServiceNow instances are deployed on client-dedicated hardware (not multi-tenant) within their secured facilities. Primary data center location for these instances is Culpepper, VA with a secondary facility for redundancy and system availability during upgrades in Miami, FL. As part of compliance with the FedRAMP certification, all network access to these systems from the Internet is encrypted HTTPS (443/TCP) via TLS 1.2, and data is encrypted at rest via full disk encryption.
p10 of 69
Google Cloud Platform (GCP)
Microsoft Azure
Amazon Web Services (AWS)
Enterprise Architecture
SMS VAR Model Based on CDD v4 Document
p12/24 of 69
CENTERTM Suite
p12/24 of 69
MED
136pvotwapp001 4vCPU 16GB D-300GB
MS SharePoint Server ? MSI Bus Svce Management, Proj Management, Sys Eng, Ent Arch, Process Owners
MED
136pvotwapp002 4vCPU 16GB D-300GB
Project Server ? MSI Project Management, Sys Eng, and Ent Arch
Clustered Data Warehouse
136ppotwsql001 2CPU 8-Cores 32GB D-10200GB
136ppotwsql002 2CPU 8-Cores 32GB D-10200GB
MS SQL Server DWH ? MSI Business Service Management, Proj Management, Sys Eng, Ent Arch, Process Owners, GEN-9, 64-bit
Financial Management
Systems
p44 of 69
SM DigitalFuel
136pvotlapp001 2vCPU 8GB D-568GB
136pvotlapp002 2vCPU 8GB D-568GB
DigitalFuel Application ? Front-end financial management portal, COV ITFM Users
Database Server ? COV ITFM Users and Agency Financial Management. Leveraging the Application Integration Services (AIS) program's VITA managed Oracle RAC environment.
DigitalFuel
Information Security Management System (ISMS) Platform
p4/5/10 of 69
A VITA owned and provided Governance, Risk and Compliance platform. Will be the source of policy and audit. Archer assists in the control of the audit lifecycle, enabling governance of audit-related activities, while also providing integration with risk and control functions. (Manual integration today) Security Policy and Audit source. Risk Management Framework, Controls Framework, Audit Lifecycle Control, Security Dashboards, and Security Governance.
Splunk ? Central Logging Security Visibility
136ppotlapp001 2CPU 8-Cores 128GB D-1100GB
Search Head ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
136ppotlapp002 2CPU 8-Cores 128GB D-1100GB
Index Server ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
Vault Cluster Partner
IAM
CPM-1
CPM-2
CPM-2
Central Policy Mgr (CPM)
PVWA
PVWA
Password Vault Web
Access (PVWA)
PSM-1
PSM-2
PSM-3
Privileged Session Mgr
(PSM)
PSM for secure access
p31 of 69
Application Identity Manager (AIM) Appliance
Password Vault Cluster
Privileged Account Security
Privileged Session Mgr (PSM) Archives p31 of 69
Workforce Identity Management: Privileged User Management: Credential Distribution Threat and Vulnerability Management: Password
Vaulting
MED
136PVOTLAPP010 4vCPU 16GB D-128GB
Keystone Edge Broker
136PVOTLAPP011 4vCPU 16GB D-128GB
SNOW MID Server ? ServiceNow Management, Information, and Discovery server; SMS Admin, STS Integration Services, Core Infrastructure Demand
VMware vRealize Automation (vRA) ? Cloud Management Platform ? Cloud Brokerage Service ? IaaS
p39/40 of 69
MED
136PVOTWAPP003 4vCPU 8GB D-140GB 136PVOTWAPP004 4vCPU 8GB D-140GB
Infrastructure Appliance ? Handles API calls from brokerage platform, Web Services, Manager Service, Distributed Execution Manager (DEM), DEM Orchestrator (DEO), Agent(s)
MED
136PVOTLAPP003 4vCPU 18GB D-158GB 136PVOTLAPP004 4vCPU 18GB D-158GB
Automation Application ? Front end portal for cloud brokerage platform, MSI SMS Admin, Core Infrastructure Demand, OVF SUSE v11SP4
SM
p63 of 69
136PVOTLAPP005 2vCPU 8GB D-328GB 136PVOTLAPP006 2vCPU 8GB D-328GB
Operations App ? MSI SMS Admin and API for cloud brokerage platform to use, OVF SUSE v11SP2
SM
136PVOTLAPP008 2vCPU 8GB D-458GB 136PVOTLAPP009 2vCPU 8GB D-458GB
Log Insight Application ? MSI SMS Admin, end-user portal and API for cloud brokerage platform to use (Administration), OVF SUSE v11SP4
p39/40 of 69
MED
136PVOTWSQL001 4vCPU 16GB D-520GB
Automation IaaS Database ? MSI SMS Administration and Cloud Brokerage
SM
136PVOTLAPP007 4vCPU 16GB D-400GB
Operations Database ? MSI SMS Administration and Cloud Brokerage OVF SUSE v11SP2
SailPoint Identity IQ ? Identity & Access Management (IAM)
136PPOTWAPP003 2CPU 8-Cores 16GB D-300GB 136PPOTWAPP004 2CPU 8-Cores 16GB D-300GB
UI Hosts ? MSI Service Desk, IAM Admin, SAML Authentication, Core Infrastructure Demand; Gen-9 64-bit
136ppotwsql003 2CPU 8-Cores 128GB D-1150GB
136ppotwsql004 2CPU 8-Cores 128GB D-1150GB
Database Server Host ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
136ppotwapp001 2CPU 8-Cores 16GB D-300GB 136ppotwapp002 2CPU 8-Cores 16GB D-300GB
Batch / Task Hosts ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
p35 of 69
Syslog Servers
Email Gateway
Domain Controllers
SMTP Servers
NTP Servers
Time Source Interface
SNMP Servers
= Keystone Edge / ServiceNow Application View
= Security Focused Apps
= DR
PURPOSE: To depict MSI SMS CDD v4 document in a graphical format for VAR analysis and template diagram examples within the document.
VITA Draft Discussion Document // Rev: Nov-8-2018
This fit-for-purpose view is intended for a minimum 11x17 sized paper.
Robert Kowalke ~ Enterprise Architecture ~ robert.kowalke@vita. Relationship Management & Governance (RM&G) @ Virginia Information Technologies Agency (VITA)
Commonwealth Enterprise Solutions Center (CESC) Architectural Artifacts/Graphs/Views/Matrices/etc. reference page:
= VITA's MSI Integrator
SailPoint Identity IQ Application Interaction View
Arrow = Communication Initiation Direction
p17 of 69
Sys Admin
Administrator / Developer
AUTH AD COV AD
Nessus Pro to be installed on MSI-operated and VITA-
approved PC's outside CESC.
p4/10 of 69
Financial Management System (FMS) Users
End Users
All SMS components, except Keystone Edge, are intended to
be accessed exclusively from within the COV network (directly
or via VPN connection) and do not provide an external, Internet-accessible user interface.
Reverse Proxy Server
p10 of 69
Okta Identity Provider (IDP)
Okta Bridge Active Directory
(AD) Agent
F5 Load Balancer
p31/35/39 of 69
Cloud Service
Keystone Edge
Keystone EdgeTM (KE) stores data within an Oracle relational database
accessible via the platform and via web services queries.
VA-170822-SAIC-03~30 Exhibit 3
CMDB
Customer data in ServiceNow can be exported in
Excel format.
Oracle Primavera KE supports Primavera. VA-170822-SAIC-02.3.1. MSI Services Solution.
ServiceNow Backup Miami, FL
Keystone Edge (ServiceNow) components are hosted in ServiceNow's data centers within FedRAMP moderate certified spaces subject to physical and logical security controls necessary to maintain compliance with that certification. ServiceNow instances are deployed on client-dedicated hardware (not multi-tenant) within their secured facilities. Primary data center location for these instances is Culpepper, VA with a secondary facility for redundancy and system availability during upgrades in Miami, FL. As part of compliance with the FedRAMP certification, all network access to these systems from the Internet is encrypted HTTPS (443/TCP) via TLS 1.2, and data is encrypted at rest via full disk encryption.
p10 of 69
Google Cloud Platform (GCP)
Microsoft Azure
Amazon Web Services (AWS)
Enterprise Architecture
SMS VAR Model Based on CDD v4 Document
p12/24 of 69
CENTERTM Suite
p12/24 of 69
MED
136pvotwapp001 4vCPU 16GB D-300GB
MS SharePoint Server ? MSI Bus Svce Management, Proj Management, Sys Eng, Ent Arch, Process Owners
MED
136pvotwapp002 4vCPU 16GB D-300GB
Project Server ? MSI Project Management, Sys Eng, and Ent Arch
Clustered Data Warehouse
136ppotwsql001 2CPU 8-Cores 32GB D-10200GB
136ppotwsql002 2CPU 8-Cores 32GB D-10200GB
MS SQL Server DWH ? MSI Business Service Management, Proj Management, Sys Eng, Ent Arch, Process Owners, GEN-9, 64-bit
Financial Management
Systems
p44 of 69
SM DigitalFuel
136pvotlapp001 2vCPU 8GB D-568GB
136pvotlapp002 2vCPU 8GB D-568GB
DigitalFuel Application ? Front-end financial management portal, COV ITFM Users
Database Server ? COV ITFM Users and Agency Financial Management. Leveraging the Application Integration Services (AIS) program's VITA managed Oracle RAC environment.
DigitalFuel
Information Security Management System (ISMS) Platform
p4/5/10 of 69
A VITA owned and provided Governance, Risk and Compliance platform. Will be the source of policy and audit. Archer assists in the control of the audit lifecycle, enabling governance of audit-related activities, while also providing integration with risk and control functions. (Manual integration today) Security Policy and Audit source. Risk Management Framework, Controls Framework, Audit Lifecycle Control, Security Dashboards, and Security Governance.
Splunk ? Central Logging Security Visibility
136ppotlapp001 2CPU 8-Cores 128GB D-1100GB
Search Head ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
136ppotlapp002 2CPU 8-Cores 128GB D-1100GB
Index Server ? MSI Security & Service Desk, Core Infrastructure Demand; Gen-9 64-bit
Vault Cluster Partner
IAM
CPM-1
CPM-2
CPM-2
Central Policy Mgr (CPM)
PVWA
PVWA
Password Vault Web
Access (PVWA)
PSM-1
PSM-2
PSM-3
Privileged Session Mgr
(PSM)
PSM for secure access
p31 of 69
Application Identity Manager (AIM) Appliance
Password Vault Cluster
Privileged Account Security
Privileged Session Mgr (PSM) Archives p31 of 69
Workforce Identity Management: Privileged User Management: Credential Distribution Threat and Vulnerability Management: Password
Vaulting
MED
136PVOTLAPP010 4vCPU 16GB D-128GB
Keystone Edge Broker
136PVOTLAPP011 4vCPU 16GB D-128GB
SNOW MID Server ? ServiceNow Management, Information, and Discovery server; SMS Admin, STS Integration Services, Core Infrastructure Demand
VMware vRealize Automation (vRA) ? Cloud Management Platform ? Cloud Brokerage Service ? IaaS
p39/40 of 69
MED
136PVOTWAPP003 4vCPU 8GB D-140GB 136PVOTWAPP004 4vCPU 8GB D-140GB
Infrastructure Appliance ? Handles API calls from brokerage platform, Web Services, Manager Service, Distributed Execution Manager (DEM), DEM Orchestrator (DEO), Agent(s)
MED
136PVOTLAPP003 4vCPU 18GB D-158GB 136PVOTLAPP004 4vCPU 18GB D-158GB
Automation Application ? Front end portal for cloud brokerage platform, MSI SMS Admin, Core Infrastructure Demand, OVF SUSE v11SP4
SM
p63 of 69
136PVOTLAPP005 2vCPU 8GB D-328GB 136PVOTLAPP006 2vCPU 8GB D-328GB
Operations App ? MSI SMS Admin and API for cloud brokerage platform to use, OVF SUSE v11SP2
SM
136PVOTLAPP008 2vCPU 8GB D-458GB 136PVOTLAPP009 2vCPU 8GB D-458GB
Log Insight Application ? MSI SMS Admin, end-user portal and API for cloud brokerage platform to use (Administration), OVF SUSE v11SP4
p39/40 of 69
MED
136PVOTWSQL001 4vCPU 16GB D-520GB
Automation IaaS Database ? MSI SMS Administration and Cloud Brokerage
SM
136PVOTLAPP007 4vCPU 16GB D-400GB
Operations Database ? MSI SMS Administration and Cloud Brokerage OVF SUSE v11SP2
SailPoint Identity IQ ? Identity & Access Management (IAM)
136PPOTWAPP003 2CPU 8-Cores 16GB D-300GB 136PPOTWAPP004 2CPU 8-Cores 16GB D-300GB
UI Hosts ? MSI Service Desk, IAM Admin, SAML Authentication, Core Infrastructure Demand; Gen-9 64-bit
136ppotwsql003 2CPU 8-Cores 128GB D-1150GB
136ppotwsql004 2CPU 8-Cores 128GB D-1150GB
Database Server Host ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
136ppotwapp001 2CPU 8-Cores 16GB D-300GB 136ppotwapp002 2CPU 8-Cores 16GB D-300GB
Batch / Task Hosts ? MSI Service Desk, IAM Admin, Core Infrastructure Demand; Gen-9 64-bit
p35 of 69
Syslog Servers
Email Gateway
Domain Controllers
SMTP Servers
NTP Servers
Time Source Interface
SNMP Servers
= Keystone Edge / ServiceNow Application View
= Security Focused Apps
= DR
PURPOSE: To depict MSI SMS CDD v4 document in a graphical format for VAR analysis and template diagram examples within the document.
VITA Draft Discussion Document // Rev: Nov-8-2018
This fit-for-purpose view is intended for a minimum 11x17 sized paper.
Robert Kowalke ~ Enterprise Architecture ~ robert.kowalke@vita. Relationship Management & Governance (RM&G) @ Virginia Information Technologies Agency (VITA)
Commonwealth Enterprise Solutions Center (CESC) Architectural Artifacts/Graphs/Views/Matrices/etc. reference page:
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- navy information security website
- information security classification standards
- information security data classification
- dod introduction to information security answers
- introduction to information security cdse
- information security risk register
- introduction to information security stepp
- introduction to information security usalearning
- top information security risks
- information security risk list
- information security classification levels
- information security maturity model