Download presentation
Presentation is loading. Please wait.
1
JTAMS POST-CDR IT/SIS ISSUES
PM JTAMS Lesson Point of Contact: Name: Mike Thorne Length of Presentation: Presentation: .5 hours Exercise: 3 hours Lesson 20 – Practicum#4
2
Scope of Presentation Section 1: Post-CDR Agile Measures Section
Section 2: Post-CDR JTAMS Measures Section Section 3: SW Management Section Section 4: Lean SW Development Section Section 5: Cloud BCA Section
3
Agile Measures Section
Overview: It is approximately 3 months after CDR (May FY3). AMRU has continued STIM development and has produced measures and reports highlighting their progress as well as working software. Objective: Evaluate information and present an overview of the current status of STIM development (see Student Template) Section 1 SEE: Practicum 4\Exercise 1 Post-CDR Agile Measures . Section 1
4
AMRU S/W Release Schedule
Present an overview of the schedule and identify any updates to the overall JRATS/JTAMS scenario Joint Training and Maintenance System (JTAMS) Increment 1 Government Roadmap Schedule Showing STIM (in green) TODAY is 30 May FY3 FY 00 FY 01 FY 02 FY 03 FY 04 FY 05 FY 07 TECH DEV PROD & DEPLOYMENT Milestones & Phases MS A MS B IOC Final RFP Release Contract Award Technical Reviews CDR Development Testing IOT&E LFT&E Deliveries (Prototypes / EDMs) Operational FY 06 FRP DECISION EOA OA Post CDR Assessment EMD Prototype DT&E EDMs MDD FY 08 MSA MS C Engineering and Manufactuing Demonstration ITR ASR PDR SSR SRR TD JTAMS-1 IOC PRR FCA PCA MRU Development Block 1 Block 2 Block 3 Section 1 SEE: Practicum 4\Exercise 1 Post-CDR Agile Measures These charts come from the Release 4 report in the Section folder. The intent here is for the students to identify that we are now past release 2. most of the rest of their briefing will be based on this report and the charts and s. Instructor notes: Most notable aspect of the schedule is that AMRU is producing software that can be used by the rest of the MRES team as they proceed with their implementations. This means that other teams can use working STIM elements as part of their development instead of relying on interpreting interface documents. This will improve the quality of MRES as a whole. It also helps to identify interface and possibly architecture problems as well, which could be one of the contributors (certainly not the only one) to MRES being behind schedule overall. AMRU S/W Release Schedule 4
5
New interface spec released
Using the Cumulative Flow Diagram, explain what happened in April and May FY03. Explanation The bulk of the team’s effort was spent re-planning and understanding and decomposing the new interface spec and very little was expended developing / testing existing tasks. New interface spec released Production falls Section 1 SEE: Practicum 4\Exercise 1 Post-CDR Agile Measures Again, this chart comes from the release report. They should have briefed a version of this and explained the purpose of the chart in Practicum 3. Here we are pointing out that since we have now received the interface spec (a point missing from the risk slides), we see a large downturn in software developed and tested and a spike in the “ready” area as we learn how to develop the interface. We eventually catch up and continue an upward slope in development and testing. Additional instructor notes: Point out to students the difference between the overall rhythm of the Release 2 report (lots of variation in the bands) vs the early part of the Release 3 and 4 report. The Ready, Dev, and Test bands are much more consistent up until the time when the new interface spec comes into play. The CFD makes clear the effect of the extra definition work that has to be done on other activities, and at the very end you can see that the development pace is beginning to pick up agai. At this point, it is unclear if AMRU will be able to recover to achieve their release goals for the next block. Instructor notes: The answer correctly identifies that characterization of interface work as defects COULD be part of the defect story. One of the things that measurement visualizations provide is a new set of questions to ask when something anomalous shows up. The visualization (burn up chart) alone doesn’t provide the answer, typically.
6
Explain the defect closure measurement
Explain the defect closure measurement. Does it correlate with the other measurements? Why or why not? The chart visually shows the rate at which defects are being opened (blue line), the rate at which defects are being closed (red line); Cumulative closed rate decreased starting in sprint 17 As was seen in the CFD, the development effort, which incorporates bug fixes, was put on hold while the new interface spec was added. The Burn Up measurement shows an increase of 90 tasks added to the release effort. Defects continued to be identified during this timeframe. It’s possible AMRU identified the interface work that needed to be redone as defects. Section 1 SEE: Lesson 18 Practicum 4\Exercise 1 Post-CDR Agile Measures In the release report, there are some “burn” charts for the students to review. Instructor notes: The answer correctly identifies that characterization of interface work as defects COULD be part of the defect story. One of the things that measurement visualizations provide is a new set of questions to ask when something anomalous shows up. The visualization (burn up chart) alone doesn’t provide the answer, typically.
7
Measurement Section – JRATS/JTAMS
Overview: It is approximately 6 months after CDR. Your team in the JTAMS program office has received a set of slides from Juggernaut depicting the current status of the overall JTAMS development. Objective: Evaluate information and provide recommended alternatives. Assess the updated measures delivered by Juggernaut Recommend alternatives for the PM Section 2 Practicum 4\Practicum 4 Section 1 Post-CDR JTAMS Indicators V7 Section 2
8
JTAMS MEASURES ASSESSMENT
Summarize your analysis Worksheet #1 – Part 1 Problems Summarize any problems you identified, and identify root causes. 1. The program is seriously behind, and does not appear likely complete on time, within budget, and with acceptable quality. Multiple correlated measures validate this problem including earned value, code development, and the number of identified defects. Root causes appear to be the late requirements changes, lagging definition of subsystem interfaces, the delay in staffing for the program, and quality issues. Impacts Describe the source and scope of the problem and assess the potential impacts on project success. Current data indicates that the program will likely have a schedule that is late, will be over budget, and will not be at an acceptable level of quality. - Earned value shows that the work completed to date has cost 30% more than planned. Only 63% of the work schedule to be completed by now is done. - Only 80% of the planned staff hours to date have been expended. - About 90% of the code planned to be complete by now is done. MRES has only completed about 75% of what it was expected to. - The defect backlog is large, and growing. Large numbers of defects continue to be identified, in all components - Requirements volatility is still occurring. New requirements continue to be identified, even though a significant part of the system has already been developed. Outcome Predict the outcome if no action is taken, and indicate how this prediction was derived. If no action is taken, it is probable that the program performance parameters will need to be rebaselined. Based on the current data, if no additional requirements are changed, the program will likely require at least 30% additional funds, and a significant addition to the schedule. Section 2 SEE: Practicum 4\Exercise 2 Post-CDR JTAMS Measures Section The intent is for the students to be able to summarize the key problem areas and summarize the problems/impacts/outcomes. Again, they may see things differently based on the areas they choose to focus on given the slides they are reviewing.
9
Justification Overview
Display the key indicator slides that justify your analysis on the previous slide: Section 2 SEE: Practicum 4\Exercise 2 Post-CDR JTAMS Measures Section This slide depicts some of the charts the students have been given to analyze. They should present the relevant charts and provide some analysis that supports what they have explained on the earlier charts. They can present this any way they see fit and do not necessarily have to use the slide templates. Students may identify other slides to justify their conclusions
10
JTAMS MEASURES ASSESSMENT
Provide alternatives given your analysis Worksheet #1 – Part 2 (Alternatives) Alternatives List the alternative courses of action you would consider for the program. 1. Do a program replan, and rationalize remaining work, schedule, and costs. Develop a realistic plan, based on progress to date and demonstrated capability. Freeze requirements and program changes until the initial delivery is complete. 2. Put together an expert technical team to prioritize remaining functionality. The team should have representatives from each system component. This team should assess the criticality of any undefined items, based on required functionality and cost/schedule impacts. Consider delaying implementation of any functionality that is less critical to a future release. Work with all stakeholders to produce a revised development and release schedule 3. Put in place a more rigorous control process for requirements additions and changes. Carefully evaluate any proposed requirements additions or changes, for impacts to cost, schedule, and quality. Defer non-critical additions and changes to a future release of the system. (this was a recommendation from the last one, but it clearly did not happen) Section 2 SEE: Lesson 18 Practicum 4\Exercise 2 Post-CDR JTAMS Measures Section Finally, this is where the students are at liberty to present their recommended way ahead for the program office. You should be prepared to discuss their recommendations and note that some of these problems were identified in Practicum 3 and still have not been resolved – note that they may even have recommended similar actions in P3.
11
Section 3 Software Management
You will find data in the Job Aids relating to an emerging software management issue. The PM wants a summary of this issue and any insights your team has regarding the issue (see the Software Error Report included below and other artifacts in the Job Aids). Are there procedures to ensure that management information is transmitted throughout the software organization, and does the plan call for integrated information across all subcontracts as well as prime contractor developed software? Have plans been developed for resolution of actual and potential problems? Section 3 The intent of this Section is to move the program (and the students) past CDR considerations and on to (or past) Milestone C. This Section brings in aspects of CPI (Lean, Six sigma, and TOC) and aspects of the software quality lesson. The intent is to have them integrate a variety of aspects, including software quality, into an overall assessment of the overall JRATS-JTAMS effort. Section 3
12
Suggested resolution:
Are there procedures to ensure that management information is transmitted throughout the software organization, and does the plan call for integrated information across all subcontracts as well as prime contractor developed software? Answer (Justify your answer): No. There are no procedures in effect for controlling parallel software development for the software development teams. Development and testing takes place in 4 locations w/ little communication between them Juggernaut has no plan documented Suggested resolution: Work with Juggernaut to improve communication among development teams. Identify and track appropriate measures Section 3 The students are provided with a “Software Error Report”. They also have error metrics “software error metrics” where they can identify variation. From these documents they can identify the answers to slides 40 and 41. These teams have very little communication with each other and each has about a third of the effort. Each team is responsible for their own quality assurance with respect to meeting the requirements of their respective software requirements documents. Completed modules are sent to the system integration lab for subsystem and system level integration testing. Any problems with software modules are documented and returned to the originating activity for correction. Students are provided with software error metrics for all software development and an individual breakdown on each team as well as earned value reports for each team. The overall software metric showing errors discovered and errors corrected shows a potential problem trend for the program in that new errors are being discovered at a rate that is greater than the errors are being corrected. This has the potential to cause a schedule overrun if there is a great deal of unplanned software corrections that must be made. Note: software integrator is the one that has to get subordinate software developers communicating with each other
13
Answer (Justify your answer):
Have plans been developed for resolution of actual and potential problems? Answer (Justify your answer): Errors are building up faster than they are being corrected and there is no evidence of any process improvement for either teams 1 and 3. Two of three software development teams (Teams 1 and 3) have special causes of variation in their software development processes. In addition, their EVs show negative cost and schedule variance. Suggested resolution: Work with Juggernaut to improve communication among development teams. Migrate the practices of Team 2 that has repeatable processes to Teams 1 and 3. Section 3 SEE: Section 3 CPI\JOB AIDS The student is provided a normal distribution curve for six months of performance for each of the three teams. Team 2 has a low error rate with consistent errors over all six months. Teams 1 and 3 have higher overall error rates and a great deal of variation between months. The variation has no trend (i.e. teams 2 and 3 are not getting better or worse). The students are also provided Earned Value data for each team. Team 2 had negative variances over the first 3 months but has improved since then and the trend is that they will complete with positive cost and schedule variances. Teams 1 and 3 show the opposite trend starting with positive variances in the first three months and then declining variances. Teams 1 and 3 are on track to end with negative variances in both cost and schedule. This task is to evaluate the performance variances. The intended response is that team 2 used the first three months to eliminate special causes of variation and establish a repeatable process. Teams 1 and 3 have not implemented repeatable processes and therefore have inconsistent performance with higher errors and variation. Both of these teams have failed to eliminate special causes of variation in their coding processes. As a result, team 2 EV variances continue to improve as they have very little rework of integration testing errors. Teams 1 and 3 both have negative EV variances as extra work piles up from the higher number of errors returned for corrections. The assignment asks the student to recommend corrective action in terms of both variation and best practices. For variation, the student should recommend that the contractor institute communications between the three teams. Team 2 has established repeatable processes that deliver quality software. Those practices should be migrated to teams 1 and 3.
14
Lean SW Development Section 4
The PM has indicated he would like an assessment of any aspect of the program that is using Agile software development. The PM understands that there are some Lean concepts that should be implemented as part of any Agile development and he wants to ensure that increment 2 of JTAMS fully leverages Lean concepts as part of any Agile development approach. For the lean-Agile assessment you will find an article the PEO provided. You will assess AMRU’s current Agile development approach and determine which aspects are in keeping with a lean approach. You will also recommend areas where AMRU might benefit from investigating additional Lean concepts. Section 5 SEE: Section 5 Cloud BCA Section 4
15
Agile / Lean assessment recommendations: Description
Agile/Lean Assessment: The team recommends the following areas where AMRU and/or Juggernaut might benefit from investigating additional Lean concepts. Agile / Lean assessment recommendations: Lean Concept Description Addressed in AMRU overview Recommended for AMRU Sw Dev Plan (Describe expected benefit) Inventory in software development. In knowledge work such as software development, we can think of inventory as being maintained in documentation and in non-deployed software. No Establish a policy or procedures for documentation; minimize non-deployed SW Motion in software development. Motion in team members is manifested through activities like travel time, walking to meetings, task-switching between projects and work interruptions Minimize task switching Reduce meetings Address reasons for work interruptions Waiting in software development. Examples include waiting for milestone and change request approvals and sign-offs, waiting for clarifications and elaborations from sponsors and analysts, waiting for builds and testing to complete, waiting for your turn in meetings and conference calls, waiting for deployment schedules and architectural and code reviews. Yes Adequately addressed in AMRU overview; recommend Juggernaut investigate options Over-production in software development. over-production in software development occurs when we build features that are either 1: never or rarely used or that are 2: deployed prematurely Adequately addressed in AMRU overview Over-processing in software development. Over or redundant processing in software includes low and no value meetings and conference calls, duplicative approvals, redundant reporting, redundant specifications, over-engineering code and gold-plating specifications, design and code reviews that don’t result in technical improvements Transport in software development. waste of translating and handing-off customer requirements through subsequent phases such as functional specifications, UML diagrams, source code and tests Yes/No While not specifically addressed, the AMRU approach indicates they already adequately address this aspect of Lean Defects in software development. Testing and inspections that do not result in finding bugs are considered defect waste in software development. Other examples are features that were implemented but were never requested, inaccurate specifications, production bugs, and substandard user experience. The testing process seems adequate – however, additional emphasis could be placed in this area Section 3 SEE: CPI\JOB AIDS\Software Dev\when-you-are-agile-you-get-lean-solutionsiq-charlie-rudd-white-paper Note: compare/contrast the AMRU approach as described in their overview documents with the Lean/Agile article. The students will likely identify additional or other areas. The intent here is to provide an opportunity to discuss what AMRU is doing and the Lean concepts in the white paper. Inventory in software development. In knowledge work such as software development, we can think of inventory as being maintained in documentation and in non-deployed software. Software work-in-process (WIP) is all activity (and therefore expense) subsequent to business case approval but preceding deployment to production. This includes requirements documents, project plans, functional and design specifications, source code, test plans, and tests plus the time to create these artifacts. If a project is a year or more in duration, WIP continues to build up over the entire period prior to production use. WIP is also tantamount to the accumulation of write-off risk for software investments because if the project ends prematurely or never is delivered, no business value is generated and the WIP investment is lost. Motion in software development. Motion in team members is manifested through activities like travel time, walking to meetings, task-switching between projects and work interruptions. A 30 second work interruption can result in a five-minute think time reset for a developer. Waiting in software development. Examples include waiting for milestone and change request approvals and sign-offs, waiting for clarifications and elaborations from sponsors and analysts, waiting for builds and testing to complete, waiting for your turn in meetings and conference calls, waiting for deployment schedules and architectural and code reviews. Any elapsed time in excess of what is needed to execute the added value step is a form of waiting. Looked at in that manner, even the most efficient operations still have a great deal of waiting in principle, leaving plenty of opportunity for future improvements. Over-production in software development. Since the model for software use is that one unit (i.e., one release) is shared by many users (even more so in SAAS environments) and the physical material cost of a software unit is minimal, over-production is not expressed as producing units in excess of demand. Rather, over-production in software development occurs when we build features that are either 1: never or rarely used or that are 2: deployed prematurely. Over-processing in software development. Over or redundant processing in software includes low and no value meetings and conference calls, duplicative approvals, redundant reporting, redundant specifications, over-engineering code and gold-plating specifications, design and code reviews that don’t result in technical improvements. Overly detailed work breakdown structures and overly precise estimations are also forms of processing waste. Transport in software development. Since software comprises information electronically stored and accessed, the physically transport of materials or finished goods is of little concern. However, there is the analogous waste of translating and handing-off customer requirements through subsequent phases such as functional specifications, UML diagrams, source code and tests. In addition, there is also information loss (or the introduction of noise) that damages the information just as finished goods and materials are sometimes damaged through transportation. Defects in software development. Testing and inspections that do not result in finding bugs are considered defect waste in software development. Other examples are features that were implemented but were never requested, inaccurate specifications, production bugs, and substandard user experience.
16
Section Requirements:
Cloud BCA Section The JTAMS PM is looking for a Cloud Service Provider (CSP) as an alternative hosting solution for its web-based applications because the Army has not designated the current Program Director Hosting Service (PD HS) at Fort Lincoln as an enduring data center. Section Requirements: Provide an overview (Executive Summary) of the overall scenario and the Section requirements to include the presentation overview. Identify and justify the IIL required for the program; Describe the impacts to the program Provide an overview of the program Cloud transition requirements Compare and contrast the capabilities of the two cloud service providers Identify 3 risks to the program (based on the requirements and capabilities provided) Provide an Section summary/conclusion/recommendation Section 5 SEE: Section 5 Cloud BCA Section 5
17
Scenario and Presentation Overview
The JTAMS PM is looking for a Cloud Service Provider (CSP) as an alternative hosting solution for its web-based applications because the Army has not designated the current Program Director Hosting Service (PD HS) at Fort Lincoln as an enduring data center. JTAMS PM is looking for a CSP that can provide: resource pooling self-service on-demand capabilities for DEV and TEST environments only elasticity capability JTAMS PM needs a CSP that: will manage all aspects up to the application level Can provide monthly reporting on utilization and critical issues A CSP that is accredited to impact level 4, due to the current ATO for JTAMS including PII The CSP must be accessed via a DoD CAP or a facility hosted on DoD premises with in a facility operated under DoD security policies and control JTAMS PM requires the CSP to: Provide a COOP environment An SLA or capability consistent with cloud services JTAMS PM would like: to leverage a pay-for use model JTAMS will need to migrate its data with the help of a tested migration plan. Section 5 SEE: Section 5 Cloud BCA Use the Cloud BCA Scenario and Instructions
18
Scenario and Presentation Overview (CONT)
In this Section we will: - provide an overview of the scenario - define IIL, identify IIL for program, describe program impact of IIL - provide an overview of cloud transition requirements - compare and contrast the 2 CSP’s presented - identify 3 risks to program/risk statements -provide overall summary and recommendation Section 5 SEE: Section 5 Cloud BCA
19
Information Impact Level
Identify and justify the IIL required for the program: JTAMS requires IIL level 4 because the system contains PII; must be accessed via DoD CAP or hosted at DoD location/under DoD control Describe the impacts to the program inherent in the required impact level: JTAMS must use a CSP that is authorized at the FedRamp Moderate baseline; limits CSP options, location, level of required effort/who maintains responsibility for governance, risk management, and compliance Section 5 SEE: Section 5 Cloud BCA Controlled Unclassified Information (CUI): Export Control Privacy Information (PII) Protected Health Information (PHI) Other information requiring explicit CUI designation FOUO Official Use Only Law Enforcement Sensitive Critical Infrastructure Information Sensitive Security Information
20
Overall Rec. Primary Rationale
Overview of Program Cloud Transition Requirements / Provider Capability Comparison Capability Overview of Capability/Terminology AWS* DISA MilCloud* Derived Requirements / Explanations / Discussion Cloud Capabilities NIST-defined characteristics: Resource Pooling / Self-Service on Demand / Broad Network Access / Elasticity / Metered Usage 5 4 AWS: well beyond the five cloud characteristics that NIST has identified DISA: four of the five cloud characteristics; not available to customers is metered usage Security Ability to demonstrate security/IA requirements 3 Neither AWS or DISA provided full security capabilities. Derived: Is security Integrated with RMF?What Physical, Logical security controls in place? Which security controls must be implemented by the organization? AWS: Logical security seems to be pushed to the customer level. Physical security controls in place. DISA: JIE compliant. Shared responsibility of VDCs as specified in overview document. Ease of Migration Ability to provide a mechanism and defined process to migrate apps and data into the HP infrastructure. 2 Derived: Do migration paths both to and from the HP exist? What support areas are in place? AWS: Significant challenges due to proprietary format. See derived requirements for exit/support strategy questions. DISA: Multiple options using VMWare and standardized tools/processes Management / Monitoring Ability to manage and monitor network and storage infrastructure. 1 Derived: Ability to Manage/Monitor to Application level? What percentage of tools are automated? Manual? AWS: Monitoring not included in IL4. Options available, but at additional (unrealized?) cost DISA: Responsibility of customer. New toolsets, processes, and capabilities would all need to be developed and implemented. DR / COOP Demonstrated and proven DR/COOP process with secondary site. Derived: Distance from primary to secondary site, Hot or Cold site AWS: Substantial DR/COOP processes, but secondary site location is an issue requiring waiver. DISA: DR and COOP functionality in place. We would have to learn CONS3RT in order to fully take advantage of COOP. Governance Governance and RM processes in place. CC SRG impact level 4 or above. AWS: provides a great governance, risk management, and compliance solution - Host operating system up is our responsibility. IL4 - CAP required DISA: IL5 – more governance/risk transferred to customer Total (less Cost) 19 21 Costs Include Up Front and Ongoing for Development, Test, and Production. Minimized cost with maximized capabilities. Pay-for-use model desired $110k $327k Derived: What Development and test requirements beyond FY18 exist? AWS: many additional costs may be required, which may drive this cost up. DISA: does not include COOP cost and some additional services. Section 5 SEE: Section 5 Cloud BCA Cloud BCA Scenario and Instructions Overall Rec. Primary Rationale *1: No Capability; 2: /Low Capability; 3: Some Capability 4: Most Capability 5: Full Capability
21
Provider Capability Comparison Cost (Back-up slide)
AWS Cost Overview: Environment Upfront Annual Payment Monthly Payment Total Annual Costs Development $9,650.01 $1,948.95 $33,037.41 Test $11,788.39 $1,890.74 $34,477.27 Production $13,071.79 $2,461.85 $42,613.99 Total $34,510.19 $6,301.54 $110,128.67 DISA Cost Overview Environment Connection Fee Monthly Payment Total Annual Costs Development $8,580 $7,584.04 $99,588.48 Test $8,970 $7,715.87 $101,560.44 Production $10,530 $9,663.49 $126,491.88 Total $28,080 $24,963.40 $327,640.08 Cost Comparison and Overview Section 5 SEE: Section 5 Cloud BCA Costs Overview AWS DISA MilCloud Explanations / Comment / Discussion Include Up Front and Ongoing for Development, Test, and Production. Minimized cost with maximized capabilities. Pay-for-use model desired $110,128.67 $327,620.08 Derived: What Development and test requirements beyond FY18 exist? AWS: many additional costs may be required, which may drive this cost up. DISA: does not include COOP cost and some additional services.
22
Overall Recommendation (use as needed)
Based upon the scores alone, AWS looks like the preferred option. Two areas that might impact an eventual decision might be: The AWS initial migration: AWS’ proprietary processes and virtual instances practically guarantee that the initial migration costs associated with the effort will be substantial. Furthermore, should we choose to migrate *away* from AWS in the future, moving from the AWS proprietary environment to another would also prove to be substantial. DISA/milCloud does have challenges of its own, especially in the areas of management and monitoring. However, we feel that we can leverage not only our own experience in this area, but also the experiences of other providers and some of the available tools to overcome these challenges. For these reasons, a recommendation of AWS may be offered based on similar capability and the costs provided. The DISA/milCloud recommendation may be the choice if the as yet undefined cost risks (combined with other factors discussed earlier) are seen as involving too much risk. Section 5 SEE: Section 5 Cloud BCA Use the Cloud BCA Scenario and Instructions
23
Risk Analysis – choosing DISA
Identify 3 risks to the program (based on your selected provider). Present risk statements for your three risks and present your risks using a risk cube. Focus your risk analysis on the following categories: Security, Support, Staffing, and Governance. 1p 1. Security Risk: If the gap between hosting and program security and IA support is not closed then the program will loose it Authority To Operate (ATO). 2c 3c,s 2. Data Migration Risk: If data migration cannot be completed without significant redesign, then migration to the cloud may not be possible within cost and schedule. 1 2 3 4 5 Section 5 SEE: Section 5 Cloud BCA 3. Monitoring Risk: If the CSP’s management and monitoring services are not readily available and automated, then external tools may be required to provide management and monitoring services. P C S P C S P C S Yellow = Medium Risk Green = Low Risk Red = High Risk
24
Risk Analysis— choosing AWS
Identify 3 risks to the program (based on your selected provider). Present risk statements for your three risks and present your risks using a risk cube. Focus your risk analysis on the following categories: Security, Support, Staffing, and Governance. 1) PM JTAMS desires a PaaS capability. IF the cloud provider is unable to offer a PaaS offering, THEN the program will have to continue to manage more than just the application level, which will have a cost impact. 1C 3C,S 2C,S,P 2) IF PM JTAMS is unable to develop a tested migration path, THEN the environment will not be successfully migrated without operational impact. 1 2 3 4 5 Section 5 SEE: Section 5 Cloud BCA P C S P C S 3) IF the hosting environment does not provide security controls that can be inherited, THEN additional products and services will be needed to ensure adequate security controls are in place, which will have a cost and schedule impact. P C S Yellow = Medium Risk Green = Low Risk Red = High Risk
25
Cloud Section Summary/Conclusion
1. Summarize the Requirement The program desires to move to a cloud provider who provides the greatest benefit to the government, while meeting defined program and project requirements related to IIL. 2. Summarize the Cloud Provider Capability Comparison Results Overall, while the providers are nearly “equal” in terms of capabilities – technically DISA/milCloud exceeds AWS in terms of capability. 3. Summarize the risks and impacts to the program: The AWS initial migration: AWS’ proprietary processes and virtual instances practically guarantee that the initial migration costs associated with the effort will be substantial. Furthermore, should we choose to migrate *away* from AWS in the future, moving from the AWS proprietary environment to another would also prove to be substantial. DISA/milCloud does have challenges of its own, especially in the areas of management and monitoring. However, we feel that we can leverage not only our own experience in this area, but also the experiences of other providers and some of the available tools to overcome these challenges. 4. Provide an overall Recommendation/Conclusion: a recommendation of AWS may be offered based on similar capability and the costs provided. The DISA/milCloud recommendation may be the choice if the as yet undefined cost risks (combined with other factors discussed earlier) are seen as involving too much risk. Section 5 SEE: Section 5 Cloud BCA
26
PRACTICUM 4 LO’S: Description LO’s Slide PRACTICUM 2
TLO 2.1.1 TLO: Given a notional Information Technology (IT) system, analyze the needed documentation and decisions necessary for an Information Technology (IT)/Software Intensive System (SIS) to support a Milestone decision. ELO Apply the five components of the DoD Risk Management Process Model to a given IT acquisition scenario 20-21 ELO Given a description of an IT acquisition need, assess documentation to ensure specific information provides a clear understanding of the intended IT acquisition objectives from program outset. 16-22 ELO Given a DoD acquisition scenario, apply laws and DoD directives to ensure successful IT systems management throughout the acquisition life cycle. 11-22 ELO Given an IT acquisition scenario, identify the most appropriate software methodology (or a combination of methodologies) to meet the expectations of the government. 3-6 ELO Identify the key principles of an agile software development process ELO Given an acquisition scenario, identify key issues with using agile software development processes in a DoD environment ELO Given an IT acquisition scenario, apply the measurement results to support IT program decisions. 5-10 ELO Assess set of program IT measures that are linked to the program decision information requirements. Apply the measurement results to support IT program decisions. ELO Given a software acquisition scenario, recognize the preferred method for identifying and tracking defects ELO Given acquisition scenarios with several software-reliant program issues, analyze how each issue may affect achieving the program's software quality objectives 4-15 ELO Given a Department of Defense (DoD) Information Technology (IT) acquisition scenario, apply the principles of Continuous Process Improvement (CPI) to evaluate a vendor’s potential to deliver quality software products within cost and schedule parameters 11-15 ELO Identify relevant considerations that influence the acquisition lifecycle of a software-reliant system. 3-15 ELO Identify the criteria necessary for transitioning to sustainment. ELO Given a specific DOD IT acquisition scenario, appraise secure data archiving and storage practices. ELO Identify areas that must be transitioned from the development environment to the sustainment environment ELO Analyze software sustainment planning considerations. ELO Recognize the five essential characteristics of a cloud service. ELO Describe the problems with Legacy software applications and Cloud. ELO Summarize some Program concerns when purchasing cloud services from a vendor. ELO Recognize public, private, community and hybrid cloud deployment models (NIST). PRACTICUM 2
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.