TSA Transition Plan Super Admin Offices Airports Administrators

TSA Transition Plan

Super Admin Offices Airports Administrators Publish Alerts End-Users Operators

AWS Team Support Roles Virtual System Admin: • Define and managing alert channels • Create and manage Operator accounts and assign roles • Perform system tasks and archive databases when necessary • Set up and maintain optional geo-targeting • Set up cross-virtual systems to enable publishing alerts across systems Alert Publisher: • Publish pre-defined alerts • Define new alerts • Create and manage alerting scenarios • Target the alert recipients • End alerts in progress • Analyze and print reports • Manage and monitor the queue of published alerts

Other Support Roles Distribution Lists Manager—Responsible for creating, populating and managing distribution lists. End User Manager—Manages the accounts of end users who receive targeted alerts. Security Policy Manager—Has exclusive access to security policy settings. Enterprise Administrator—Can access all virtual systems within a physical system. This role manages Operators across multiple virtual systems. Report Viewer—Can access only the Reports module for printing or exporting.

Reporting Structure Government Project Manager: Mark Goeringer Software Host: U. S. Coast Guard AWS Support Team: Vendor Project Manager Systems Administrator/Analyst Functional Analyst TSOC: Susan Jurist At. Hoc Contact: Neal Fontana

Stakeholders • Government Project Manager: Mark Goeringer • AWS Project Support Team • TSOC: Susan Jurist and Gary Mc. Neill • U. S. Coast Guard: Mark Hiet, Project Manager • At. Hoc: Neal Fontana • Airports and Offices • 52604 end-users (alert recipients) #based on last report count

Stakeholder Impact • Government Project Manager: ensures that the system scope is being realized and oversees enhancements to improve system functionality. • Contract Officer: controls the funds distributed to the contract items. GPM provides reporting information on progress of project. • AWS Support Team: provides Tier 1. 5 technical support to ensure that daily operations of the system remains reliable and available. Composes reports for management and contract officers on system usage and system regression testing. • Susan Jurist: helps ensure newly deployed and existing virtual private systems function efficiently and effectively. Helps ensure end-user database integrity. • Airports and Offices: responsible for publishing alerting information in a timely manner. • U. S. Coast Guard: provides Tier 2 technical support to maintain system operability and availability.

Stakeholder Impact • At. Hoc (vendor): provides Tier 3 technical support to ensure system reliability and availability. • End-Users: receives the alerting information and responds accordingly. The safety of the airport and office staff relies on endusers receiving timely alerting information. • CIC: provides Tier 3 support in the event of catastrophic outages that affect availability of the system. They provide call bridge information for stakeholders to dial in to participate and provide detailed information and additional support.

List of All Accounts Managed • Super Admins (Enterprise Admins) – – Accounts are created through a script run by USCG Account possess admin rights across VPS They can only be deleted by USCG AWS Support Team and Susan Jurist are SAs • VPS Admins – Accounts are created either through the Super Admins or created by another local VPS Admin – Account possess admin rights for VPS in which account is associated • VPS Operators – Accounts are created either through the Super Admins or local VPS Admin – Operators include various roles such as Advanced Alert Manager, Alert Publisher, End Users Manager, Report Manager, Distribution List Manager • VPS End-Users – Accounts are created and managed either through local VPS Admin or local End User Managers – End-users also update their account information through Self-Service portal

List of All Accounts Managed • Scenarios – Pre-defined alerts created for quick publish – Operators review and edit pre-defined scenario and publish to end-users – Scenarios created and managed by local Admin and local Advanced Alert Manager • Distribution List – Pre-defined group to be targeted – Targeted group is populated with specified end-users whether manual or dynamic – Distribution Lists created and managed by local Admin and Distribution List Manager

Daily Activities • Coast Guard POCs: (contact for Tier 2 technical support) OSC-Application. Support@uscg. mil • Support Site (Administrators List): (listing of administrators for airports and offices. Refer operators and end-users to their local administrators. Update list as needed. ) https: //team. ishare. tsa. dhs. gov/sites/CEDD/Pages/AWSAdministrat ors. aspx • Training Videos and Manuals: (provide administrator and operator training videos. Browse videos to get acclimated to system functionality. Refer new admin and operators to this resource. https: //ishare. tsa. dhs. gov/Offices/OIT/Pages/AWS. aspx

Daily Activities Common activities: Changing from VPS to the next VPS: • In the top banner, on the right hand side, click the Change System • Pop up box will display with listing of VPSs. • Select the VPS you would like to work in.

Daily Activities Sending out email notification to inactive account users: • You will receive email notification in the TSA. AWS mailbox with subject line Operator Account Maintenance • Open the attached. txt file with the names and email addresses of those account users who have not logged into the system for 42 days. These are the accounts that will soon be deleted by the system. • Using the TSA. AWS email account, copy and paste the list of email addresses from the. txt file into a new email within the BCC portion to hide the distribution list. Add TSA. AWS@dhs. gov as the send TO email address. A copy of the email will be sent to the TSA. AWS mailbox and to the hidden list. Use the subject: Action Needed: AWS Account.

Daily Activities Sending out email notification to inactive account users: • The body of the email should state: Operators, You have not logged into AWS over the past 42 days. Your accounts will be disabled if no action is taken within the next 3 days. Please note, all operators are required to log into their account at least once every 30 days for the account to remain active. Please take action to prevent account deletion. Thank you, AWS Support

Daily Activities AWS Login issues (Only Administrators and Operators can access AWS not end-users (end-user accounts access Self-Service)): • Main issue: Administrator is setting up account using faulty username: – (METHOD ONE) Switch to the VPS with the account user having login issues – Along the left side, click Administration – Click Operators – Click on operator account to verify if correct TSA username is being utilized preventing authentication. – Account names cannot be changed so new account must be created using the correct TSA username and specified permissions.

Daily Activities AWS Login issues (Only Administrators and Operators can access AWS not end-users (end-user accounts access Self-Service)): • Main issue: Administrator is setting up account using faulty username: – (METHOD TWO) Log into the AWS – Along the left side, click Administration – Click Operators – Click drop-down list next to Virtual Systems: – Scroll up to select All Systems – Enter name of user in search field – Click Find button – Click on operator account to verify if correct TSA username is being utilized preventing authentication. – Account names cannot be changed so new account must be created using the correct TSA username and specified permissions.

Daily Activities • User Admin/Operator Account Valid but Access Denied: – First, check to ensure that account is active in the system. – Along the left side, click Administration – Click Operators – Select User – In the Basic tab below, you should see Active, Suspended or Locked. • If user is Active, send email response for user to reboot their computer. This usually fixes account access issues. • If user is Suspended, then click Active then hit SAVE. Send email response that their account has been reactivated.

Daily Activities Self Service Page: https: //team. ishare. tsa. dhs. gov/sites/CEDD/Pages/AWS-SS. aspx. Self-Service Issue: Go to the desired VPS in the system. Go to Users and Groups Click End Users Select the name of end-user in list (or you can filter by performing a search of the end-user in the search field) • Check to see if account name matches the TSA username. • • – Apply procedures on next slide

Daily Activities • If username is not correct, send message to end-user to have local administrator create another end-user account with the TSA username and input device data (or you can do the same thing). • If username correct, check the link used. Sometimes, end-users are sent a link from someone else and they attempt to access a system they are not affiliated. – For example, this is the link for Office of Information Technology: https: //aws. tsa. dhs. gov/Self. Service/Entry. aspx? pid=2148320. – Someone accessing this from the Office of Finance & Administration will receive an error, because their self-service link is https: //aws. tsa. dhs. gov/Self. Service/Entry. aspx? pid=2096532. – The 7 digit PID numbers at the end corresponds to the numbers listed by the names in each VPS. If you want to find the 7 digit number, then proceed to the VPS desired and copy the 7 digit PID number after the VPS name.

Daily Activities At-Hoc Mobile Notification App won’t install: • The unique codes for the installation of the app will take on the format: oit. tsa. dhs. gov. This is OIT’s install code. MSY will be msy. tsa. dhs. gov. (You will be provided documentation with a list of OIT codes) • If they are having an issue with installation, it is most likely that their end-user profile data within AWS does not have a valid work email address populated, or the email address they are attempting to validate against is invalid. A lot of people at TSA seem to be under the false assumption that their email addresses are john. doe@dhs. gov and not the correct email address john. doe@tsa. dhs. gov.

Daily Activities End-User Data Import (doubtful that you will need to perform it): • Go to desired VPS. Ensure that you are in the VPS that you wish to import the end-user data. • Go to Users and Groups • Go to Import/Export Users • Click the browse button to locate the appropriate. csv file on your laptop • Click Import button. • After import has completed, click View Log to view the error messages that may have occurred during import.

Weekly Activities Schedule Test Alerts for next week: • Duplicate the existing 9: 00 a. m. daily test alert for each day of the next week (excluding weekends and holidays) – This alert is to test the Email, Phone, and SMS alert functionality during the work week. – The AWS Support Team receives the notifications on specified devices. • Duplicate the existing 9: 30 a. m. daily test alert for each day of the next week (excluding weekends and holidays) – This alert is to test the At. Hoc Mobile alerting functionality during the work week. – The AWS Support Team and Susan Jurist receives the notifications on specified devices. Vo. IP daily test alert for each day of the next week (excluding weekends and holidays) will probably be incorporated into the 9 a. m. daily test alert.

Weekly Activities Complete and submit Weekly Status Report and accompanying DSAF: • • • Template will be distributed to AWS Support Team Email to be labeled: AWS_Weekly. Status_<YYYYMMDD> (Friday’s date ending for the week) Status Report Document label: – AWS_Weekly. Status_<YYYYMMDD> DSAF Document label: – DSAF_AWS_Status_Report<YYYYMMDD> Group Document is to be disseminated: – – – – – Mark Goeringer Polly Hall Amit Kumar Richard Melrose Dianne Randolph Sung Lee Diahanna Garcia AWS Support Team (any other stakeholders specified by Project Managers)

Monthly Activities • Monthly Usage Report: documents the total end-users of the system. It also documents the Total Number of Alerts over Time and the Total Number of Messages over Time. – Navigate to: Reports tab Alerts Usage Summary Report Type: Total Number of Alerts over Time, Reports Month Range: select range of report, click Generate Report. Record the total number of alerts sent for the month. – In drop down bar next to Report Type: select Total Number of Messages over Time and click Generate Report. Record the total number of messages sent for the month.

Activities Performed as Needed • Regression Testing: perform regression testing on newly deployed versions of the AWS system. Also, perform testing on newly implemented enhancements to the system to ensure that system functionality is occurring as expected. (Usual format for regression testing is an Excel document)

Resolution Information • AWS Outages – Contact appropriate USCG queue – CIC may be called into outage to resolve quickly through call bridge • Email functionality degrade – Contact USCG queue – Request restart of email services to resolve issue (usual problem)

Currently Outstanding Issues Request #: REQ 000001623713 Request #: REQ 000001623857 • Original PAD latency issue. ran an accountability drill using AWS. Overall, the system performed efficiently helping us to reach all but two of our employees in the end (due to nonresponse by those two employees). However, during the test we had several employees report back that they had replied to the alert, via text message, but the system did not report their response. We checked the user report for that alert and it shows that the system successfully sent the message, but no response. (UPDATE: For the PAD latency issues, a request has been made to At. Hoc to provide a script to address the issue. )

Currently Outstanding Issues Request #: REQ 000001361713 • TSA deployed a domain controller allowing USCG to "pull" profile alert data from TSA's Active Directory (AD) using Lightweight Directory Access Protocol (LDAP). This controller was configured, network connected and tested by USCG and TSA in October 2015. Next steps were to have USCG extract profile information for entry into the AWS database. In November a support staff change has slowed progress. TSA management was/is anticipating this service to be in place by COB CY 2016 Q 1. This date appears to be at risk. (UPDATE: USCG is working with Larry to address this. A meeting was tentatively planned for January 19. Larry was unable to make meeting and another meeting has not yet been scheduled; there are issues with the application that have taken up Larry’s time. Hopefully USCG will be better able to provide an estimate for when we can begin moving forward. )

Currently Outstanding Issues Request #: REQ 000001634827 • PAD latency issues. Multiple VPS are having issues with SMS message response validating in the system. Checked the response report and email and phone seems to be validating. Request #: REQ 000001113416 • Distribution Lists: Administrators are not being able to ADD/EDIT distribution lists under CRITERIA. It times out for Tim Papadam, Susan Jurist and myself, Eugene Caster. It is not letting us edit distribution lists in TSA Enterprise VPS. (UPDATE: USCG having a difficult time tracking down the request. That request number is associated with an unrelated, non. AWS work order. They will keep looking. )

Currently Outstanding Issues Request #: REQ 000001763098 • Quick publish scenario Review and Edit link times out. Operators cannot review scenario to make the appropriate edits and publish to end-users. (USCG noted that they received a similar call over the weekend. It has been proposed that if it isn't something that gets used a lot the application pool that the website behind what you are doing will "spin down". When you hit the website it "times out" because the app pool doesn't spin up fast enough. Once the app pool spins up the website should answer. The call he had over the weekend two people had tried it but it didn't work, by the time he called the user back 30 minutes later it was working. Link is still non-functional).

Planned for Next Period(s) • New update from v 85, v 87 (formerly known as Pegasus), to be released by At. Hoc. No Beta will be released. USCG stated v 87 expected release will be around January 2017. Looking to deploy new version within 2016 calendar year within a new hosting environment.

Reporting • Weekly Status Reports • • Documents progress of AWS project as well as issues outstanding and resolved. (Template of document to be provided) • Monthly Usage Reports – Documents end-user totals and VPS alert and message usage – Report created from a sample of VPS within AWS due to reporting capabilities non-functional – (Template of document to be provided) – (Job Aid will provide steps to creation of monthly usage report)

Known Risks • USCG to cease hosting AWS system December 31, 2016 • Mitigation: M. Goeringer researching options for hosting. Plans to have new release of AWS deployed this calendar year. • USCG SPOC queue not proving to be efficient nor effective. There are no quick resolution times nor timely responses to AWS Support team. – Customers experience disruptions in their operations. Customers do not receive timely updates and resolutions to resume normal operations. – Mitigation: Request POC to be specified by USCG • USCG POCs changing on a regular basis without notification – Issues are sent to POC who fails to respond to AWS, because they are no longer associated with the project – Issues are eventually resolved when the new POC is forwarded issue for resolution

Known Risks • Email STMP connections fail – Prevents end-users from receiving alerts via email – Places our end-users at risk. Vital information cannot be delivered to ensure the personal safety of the TSA staff and surrounding civilians – Mitigation: have requested USCG to regularly restart email services to ensure that email capabilities remain operational. They have stated that they are looking into automating the restart of services. • Reporting feature is non-functional and not robust – Cannot effectively determine accurate AWS usage trends – Cannot create an AWS plan to target those VPS under-utilizing the system (finding out the possible reasons for VPS embracing the system) – Mitigation: finding new host to deploy more robust reporting contained in v 87

Known Risks • AWS system outage occurs – Timely notification of outage to USCG. AWS admin and operators are prevented from utilizing the system across the geographic regions – Long disruptions in the system can cause major inconveniences to several VPS and cause personal safety of airports and offices to decrease – Mitigation: USCG immediate response to issue. CIC also involved in contacting necessary stakeholders to take part in immediate resolution to resume normal operations. • New team require training – Efficiency and effective of new team will be achieved through training. This may decrease resolution time of issues and possible increased disruptions in system performance in various VPS. – Mitigation: Effective training to the new team to reduce learning curve and ensure quicker efficiency and effectiveness

Known Issues • Reporting functionality is not working. The feature is to be resolved through deployment of v 87. • Email connection regularly shuts down preventing end-users from receiving email alerts. • AWS web parts time out occasionally. Network issue