AFRH Works with 8(a) Ciracom and Microsoft on Cloud-Based Messaging Platform
December 12th, 2016 - by Ciracom, Inc. | Share on:
Ciracom was selected by AFRH as Prime Contractor and Microsoft as subcontractor (Team Ciracom) to implement the cloud-based messaging and collaboration service for AFRH's two CONUS based facilities. The AFRH's objective was to consolidate all its email, SharePoint, Live Meeting and Office Communications systems under a single environment. To meet this requirement, Team Ciracom's solution was Microsoft Government Community Cloud environment using Microsoft Business Productivity Online Services (BPOS)/Federal (F) architecture and suite of services.
The AFRH required the consolidation of 300 email users across two facilities to an enterprise-wide system supporting up to 400 mailboxes. The AFRH required the system to improve productivity and inter-agency communication and collaboration while reducing costs across the Department. All services were required to have >99.9% availability and successfully complete the Federal Certification and Accreditation(C&A) process to validate FISMA compliance.
The Microsoft cloud solution was selected based on the maturity of the Microsoft product suite on which the cloud-based solution was built. Ciracom implemented this solution using a combination of Ciracom personnel and was provided technical reach back to Microsoft Office 365 subject matter experts and technical personnel from Microsoft Consulting Services (MCS), to provide project management, design, preparation, integration, implementation, migration and ongoing support of the cloud-based messaging and collaboration system.
Operational Constraints. Migrating the AFRH environment to the cloud presented a number of operational constraints identified during deployment. These included:
• Active Directory cleanliness and "health" could impact stability for an Agency and complicate mailbox migrations.
• Agencies had to remediate their Network Address Translation (NAT) networks to either publicly addressable IPs or to NAT pools of less than 100.
• Notes migrations have additional complexities to provide an Agency with co-existence during the migration. Ciracom addressed the issue of email co-existence through detailed project planning and known tools specific to Lotus Notes to Office 365 migration requirements.
• There are a great number of requirements that had to be met (network, firewall, account, groups, test workstation, etc.) that must be completed to get to Service Ready to start migration.
• At AFRH it was impossible to get all Agencies to SR (service ready) at the same time. Ciracom worked with AFRH's IT Director and leadership to provide the flexibility to allow Agencies to migrate in different phases and groups.
Technical Characteristics of the Products, Solution and Services Developed or Provided. The Ciracom solution was the Office 365 GCC cloud environment using the following technologies, services and features:
Office 365 for Government - The AFRH Office 365 environment is built on Microsoft® Exchange Online, a hosted enterprise messaging solution running on a dedicated Microsoft Exchange Server 2010 infrastructure. Exchange Online gave AFRH the e-mail security it required, ubiquitous access to all services by system users, and lower costs with higher operational efficiency. The Exchange Online service includes advanced e-mail features, calendaring, contact, and task management capabilities. Exchange Online also provides built-in spam control and virus scanning to reduce common security risks that are associated with e-mail
Number of Users: 400
Legacy environments: Lotus Notes environment.
Transition. In addition to the implementation and support of all of the services described above, it was critical for Ciracom to provide AFRH with a controlled and risk mitigated process to move from their traditional email systems to the cloud-based environment. Working with Microsoft Consulting Services and Microsoft Premier Support Services, Ciracom's implementation process ensured that all prerequisite requirements and dependencies were met for successful deployment and migration to the cloud.
Directory Services Integration - AFRH will be working towards future TEC to establish a one-way mailbox and group provisioning and ongoing synchronization of their directory information to the Active Directory of the Community Cloud environment
The work performed by Ciracom in conjunction with Microsoft Consulting Services included:
• Firewall / Port configuration
• Perform a Directory Attribute clean-up
• Migrate, validate and support accounts
• Establish migration, validation and support workstations
• Solve complex integration issues
Data Migration and Cutover (including number of mailboxes, if applicable). When all prerequisites were met, Ciracom worked directly with the Department of Interiors' MSO "Move Team" to coordinate the migration of mailboxes from the legacy email system to the new cloud environment. The strong coordination and communication between these groups allowed for the migration of 300 mailboxes in 90 days. The migration was so effective that the team set new records for the number of mailboxes migrated in a single night, a single week and a single month.
Before large migrations went into effect, it was necessary for the MSO team to train the AFRH personnel and partners on how to properly support their system and how to engage Microsoft Online Services during an issue escalation. All training was delivered to AFRH and their assigned partners and has resulted in a highly effective support model that delivers high customer satisfaction across the Department.
Implementation Challenges. Team Ciracom developed solutions to many complex integration issues during the deployment phase of the project. These issues included DNS, networking, application and third-party compatibility. All issues identified during the project were solved to the satisfaction of the customer.
Service Support Challenges. Ciracom worked with Microsoft to provide AFRH with help desk call data (Tier 1, Tier 2, Tier 3) from other clients with similar size/complexity. This allowed AFRH to use its existing Tier 1 Help Desks to support the implementation and escalate issues to a new AFRH centralized Tier 2 help desk. Their Tier 1 Help Desks know their customers, their needs and their environments and were best positioned to support the implementation. They escalated to Tier 2 for more complex or enterprise-wide tasks/activities. Tier 2 also was responsible for handling all escalations and change requests up to Tier 3, the MSO help desk. The five-person Tier 2 help desk supports the entire AFRH system on a 24/7 capacity.
To further improve support, Ciracom worked with AFRH to develop documentation for end users and administrators that prepared them for migration, gave detailed instructions on the migration process, and trained them on how to use the new technologies. The Agencies and users were trained under a "Training-minus x # of days" scenario, delivering training to immediately precede the migration.
Successes. The AFRH had a number of successes associated with this project, including:
• All AFRH mailboxes (300) were migrated in 90 days
• Mailboxes including the converting of the Lotus Notes .NSF file to .PST files were migrated
• Ciracom had a 100% data migration success rate; including public folders, contacts and calendars
• Audio, Desktop Sharing, Video and IM all being used on system
The system has been in production since September 2013. The system has been extremely robust with Ciracom meeting or exceeding all SLAs set for the system.
Security Compliance Requirements and Approaches. FISMA C&A and ATO. Team Ciracom worked closely with the AFRH Security team to generate all FIPS compatible FISMA documentation during a complex and lengthy certification and accreditation process, which resulted in the first Authority to Operate (ATO) at a Moderate Level for a Federal Cloud-based messaging and collaboration system. Additional work was done to ensure security compliance.
Security Safeguards. The data center is fully compliant with all Federal standards for a medium security posture, and the system itself is physically secured and segregated from other systems in the data center. There is no physical server infrastructure (keyboards, USB, CDROM, etc.) by which changes to the system could be made. The only access to the environment is via the AFRH UTN (AFRH's trusted WAN connection). There is no Internet connectivity; everything goes through AFRH. All personnel supporting the system have been cleared by AFRH and have undergone relevant security checks and processing.