eGovernment Program

1
eGovernment Program Technical Architecture
Version 11 January 2003
2
Table of Contents

• Introduction
• Technical Architecture - Conceptual Architecture
  Overview
• Conceptual Architecture Detail
• Logical Architecture
• Existing Physical Architecture
• Agency Roll-Out
• Relation to Other Enterprise Efforts
• Next Steps

3
Introduction

• USDA is creating a suite of enterprise services
  to support its strategic initiatives, enable
  agency and enterprise program delivery, leverage
  investments, and save costs

• Enterprise-level services allow USDA to
• Use its resources to focus on program delivery
  instead of technical infrastructure
• Leverage its current and future investments and
  realize significant cost avoidance
• Facilitate the sharing of best practices through
  collaborative design, development, and operations
• Implement standard technology and development
  methodology across the Department
• Decrease implementation times by leveraging best
  practices and utilizing a skilled central team
• Communicate as one voice to business partners,
  technology vendors, and employees
• This presentation will focus on the technology
  piece of the Enterprise Services concept

The creation of enterprise services does not only
mean the purchase and implementation of
technologies, but a holistic approach involving
people, operational processes, technology, and an
underlying delivery methodology
Agency programs and strategic initiatives
People
Standard Methodology
Enterprise Services
OperationalProcesses
Technology
4
Introduction

• We are taking the following approach in
  developing these enterprise services

2Q02
3Q02
4Q02
1Q03
2Q03
3Q03
4Q03
1Q04
Program Management Approach (Enterprise Solutions
Center)
Project Management

• Develop eGovernment Strategic Plan
• Strategic direction
• 24 Strategic initiatives
• Enabling initiatives
• Strategic initiatives

• Pre-Select Business Cases
• Initial vision
• Cost/benefit analysis
• Initial impact analysis

• Implementation and Investment Planning
• Functional Technical requirements
• Program management approach
• Comprehensive technical architecture
• Implementation Plans
• Cost/benefit analysis
• Impact analysis

• Vendor Assessment Detailed Planning
• Secure hosting SLAs
• Determine early adopters
• Issue vendor RFPs
• Conduct formal product selection

• Installation Testing
• Set up hardware
• Install software
• Perform necessary custom development
  (integration)
• System test

• Rollout of version 1 of eDeployment capabilities

(ongoing)

• eAuthentication Services
• Publish guide for application developers
• Build out service

(Basic services available)
(ongoing)
Early Adopter Development / Strategic Initiative
Development
Decision to plan and implement Enabling
initiatives
Signed Contracts Procurement

• Development of version X of eDeployment
  capabilities

Select-level Business Cases
Change Management Planning and Implementation
Marketing and Communications
5
Agency Roll-Out
Once the enterprise eGovernment components have
been deployed, agencies can roll-out these
capabilities to their users under a Subscriber
Agency Model or a Hosting Agency Model
Subscriber Agency Model
Hosting Agency Model

• Under this model agencies would use the shared,
  enterprise instance of the eGovernment
  capabilities
• Each agency would be provided with its own
  secure, virtual space on the enterprise solution
  which will contain
• Secure content storage area
• User and administrator accounts
• Workflows specific to the agencys business
  processes
• Content authoring, workflow authoring, user and
  application administration capabilities
• This model is cost effective to the agency and
  best leverages department and agency resources
• eGovernment team would provide rollout support

• The Hosting Agency Model would allow an agency to
  host and use its own instance of the enterprise
  eGovernment solutions
• This model is designed for agencies which have
  very unique business needs that require a high
  amount of customization and integration of the
  eGovernment solutions
• Under the Hosting Model, an agency would be
  provided with
• Copies of select eGovernment components to host
  on agency servers
• Strict guidelines on customization and
  integration of eGovernment components to ensure
  compatibility with future eGovernment releases
• Development support to install, customize and
  integrate eGovernment components
• This model would be more expensive for an agency
  to roll-out and maintain

6
Introduction

• As part of the enterprise services vision, a
  robust technical architecture must be defined. In
  defining a technical architecture, we had the
  following goals in mind
• Support eGovernment initiatives throughout the
  Enterprise
• Enterprise-wide initiatives
• Cross-agency strategic initiatives
• Single-agency initiatives
• Federal Government initiatives
• Define a scalable and robust architecture that
  would integrate and leverage current capabilities
  at the Department and agency level
• Complement current initiatives already underway
  such as efforts around defining our Enterprise
  Architecture and expanding our telecommunication
  capabilities
• Support of initiatives that support common
  business processes
• Help define the technical layer of the enterprise
  architecture
• The definition of a technical architecture does
  NOT
• Replace existing business-specific agency
  applications
• Force agency applications to be hosted in a
  centralized location
• Take control of business applications from
  agencies

7
Introduction

• User requirements, assessment of existing USDA
  infrastructure and direction of other major
  enterprise initiatives were used as input into
  developing the technical architecture
• Functional and technical requirements were
  collected from agency representatives
• Working groups representing the different
  agencies within USDA were formed around different
  technology areas of the architecture. These
  groups generated and refined a list of
  requirements around each solution area
• Assessment of existing initiatives
  infrastructure to see how our effort fits into
  the bigger picture
• Meetings with Enterprise Architecture initiative.
  Read through and understood vision documentation
  for Enterprise Architecture
• Site visit of major USDA hosting facility (NITC).
  Planned visits of Service Center facilities
• Collaboration with UTN effort
• Leverage best practices from the private and
  public sectors
• Expertise and lessons learned from other Federal
  government agencies such as Department of
  Education, Department of Defense, Department of
  State and FCC proved to be valuable resources in
  developing our technical architecture
• Best practices from private sector organizations
  and standards bodies were used also used as input
  to the technical architecture process

8
Introduction

• Three main areas are being addressed to define
  the technical architecture
• Conceptual architecture
• The conceptual architecture shows the components
  of the architecture and how they relate to one
  another. It is the highest-level view of the
  architecture and is not specific to any
  particular technology
• Logical architecture
• The logical architecture takes the conceptual
  architecture and adds to it by showing the
  data/information flows and integration points
  between the components of the architecture
• The logical architecture shows how USDA expects
  the components of its architecture to work
  cohesively. It is not specific to particular
  technologies, but is an excellent tool to
  leverage during the vendor selection process
• Physical architecture
• The physical architecture defines the
  specifications for the hardware and software for
  the components discussed in the logical
  architecture. It also states where the hardware
  and software is located, number of licenses
  required, and other specific information
• The physical architecture will be defined as part
  of the vendor assessment phase of the eGovernment
  Program

9
Conceptual Architecture Overview
Support Capability
Non eGov Component
Enabler Initiative Component
Strategic Initiative Component
Standards Policies
Data/Content
Citizens
Employees
Business Partners
Customers
Web Presence / User Interface (Standards)
Presentation
eAuthentication (Single sign-on, Digital
Signatures)
Portal(s)
Non-Web Centric Application
Strategic Initiative (e.g. eLoans)
Agency Applications
DigiTop
Web Content Management
Document/ Records Management
eLearning
Inter-agency Applications
Business Logic/Application
Content Aggregation/Application Integration
(enterprise search)
Content Distribution
Shared Database
Agency Database
External Content Source
Enterprise Web Content
Enterprise Document Content
Data Management Program (Standards,Policies,Servi
ces)
Department Metadata and Taxonomy Standards
Data
Enterprise Architecture
USDA Strategic Plan
10
Conceptual Architecture Overview

• The following are definitions of the key
  components of the architecture
• Web Presence
• Web Presence will create standards and guidelines
  to standardize look and feel of web pages and
  applications across USDA
• Navigation standards will enhance usability of
  all internal and external USDA web sites
• Portal(s)
• A portal integrates application systems,
  knowledge systems, and content in a centralized
  place for a targeted audience
• Web Content Management
• An enterprise Web Content Management capability
  will provide tools to aid in the creation,
  review, deployments and maintenance of web
  application content
• Document/Records Management
• Through publishing and search tools, a document
  management system will orchestrate the sharing of
  document assets across USDA
• eAuthentication
• The eAuthentication component will provide user
  authentication and digital signature services to
  existing and future USDA applications

11
Conceptual Architecture Overview

• Conceptual Architecture components continued
• eLearning
• eLearning provides self-paced and collaborative
  learning experiences, delivered over the web,
  designed to promote comprehension and retention
• Data Management
• The Data Management component represents
  standards, policies and services around
  database/data design and implementation. These
  standards will reduce data redundancy, improve
  data quality, promote interoperability and data
  reuse
• Content Aggregation/Application Integration
• The Content Aggregation/Application Integration
  component provides integration of content and
  application services for use by portals and other
  agency and cross agency applications
• A centralized index will allow ubiquitous
  searching of distributed, heterogeneous
  content/data repositories
• Content Distribution
• The Content Distribution component will
  facilitate the deployment of content to
  distributed servers for optimal delivery of
  content. Distribution of content will reduce
  application response time, ultimately enhancing
  the user experience

12
Logical Architecture Overview
Firewall
User name, Pass
Database
Portal Server
User Info Token
Citizen
Web Server
eAuthentication
Hypertext Link
authenticate
Enterprise Portal Application
Index, Search, Integrate
App Integration
Index, Search
Business Partner
eLearning
Index
Database
Web Server
Web Server
Content aggregation/ Indexing server
Deploy Content
Application Server
EAI Server
Employee
Agency I Application
Access
App Integration
App Integration
Central Data Repositories
Index
Existing Legacy Integration
Web Server
Agency II Application
Index
Legacy Systems
13
Portal Services Overview
A portal integrates application systems,
knowledge systems, and content in a centralized
place for a targeted audience
KEY FEATURES/CAPABILITIES/REQUIREMENTS
INTEGRATION

• Aggregate existing agency and enterprise
  applications and content
• Integrate with existing legacy systems to provide
  web-based user experience, access to legacy
  system business logic and data
• Work tightly with web content management solution
  to drive standard user-interface design and
  content automation
• eAuthentication

• Flexible feature set based on the type of portal
  being created
• Internal and External Horizontal portals span a
  large range of information topics or large range
  of services
• Internal and External Vertical portals cover one
  or multiple topic areas very deeply or are
  integrated with specific applications
• Internal workgroup portals focus on aggregating
  internal services and information and often house
  collaboration capabilities
• Legacy system integration
• Personalization of user experience
• Personalization of the user interface
• Personalization of content delivery / application
  functionality
• Role-based personalization
• Integration with eAuthentication solutions
• Single/enterprise sign-on

COMPONENT VALUE PROPOSITION
Vital to the aggregation of content across
agencies helps achieve goal of intentions-based
design vs. organization-based design
14
Logical Architecture Detail Portal(s)
The following is the detailed logical
architecture as it relates to portals
eAuthentication
Internet Firewall
Web Servers
Email Servers
Portal Server
Internet
Legacy Apps
Database
Citizen, Employee, Business Partner
Collaboration Server
Reporting Server
Indexing Server
Media Server
Production Environment
Web Content Management
Database
App Integration/ Content Aggregation
Load Simulation Server
Portal Server
Web Server
Document Management
Media Server
Load Testing Environment
Intranet
Employee
Databases
Database
Web Server
Media Server
Agency/Cross-Agency Web Applications
Development/Configuration Environment
15
Web Content Management Overview
Web Content Management provides a suite of tools
that enable the creation and maintenance of web
application content more efficiently and with
higher quality
KEY FEATURES/CAPABILITIES/REQUIREMENTS
INTEGRATION

• Integration with document management solution to
  make documents available via the web when
  applicable
• Integration with common content repositories and
  common data repositories
• Support of portal component to deliver content

• Supports the lifecycle of content for web-based
  applications
• Create -The development and maintenance of
  standard templates that dictate standard layout
• Review Workflow capabilities to enable reviews
  of content by the right people during a
  designated period of time
• Aggregate and Manage Aggregating content from
  multiple content sources and supporting the
  classification of content using meta-data and
  other techniques
• Distribute and Deliver -- Content is published to
  one or multiple production environments
• Archive and Delete Automated processes to
  archive or delete content
• Enables the publishing of content to alternative
  platforms such as PDAs and cell phones
• Supports the creation and delivery of interactive
  forms online

COMPONENT VALUE PROPOSITION
To achieve strategic goals, cannot continue to
manage content manually. At the crux of changing
the way we do business by exposing information
and business processes to our stakeholders
16
Logical Architecture Detail Web Content
Management
The following is the detailed logical
architecture as it relates to web content
management
eAuthentication
Employee
Template Development Desktop
Document Management
Web Server
App Integration/ Content Aggregation
Media Server
Database
Template/ Content Development Server
Legacy Apps
Employee
Portal
Content Development Workstation
Web Server
Database
Application Server
Email Servers
Agency/Cross-Agency Web Applications
Content Staging Environment
Employee
Content Approval Workstation
Database
Web Server
Applications on Wireless Devices
Application Server
Load Simulation Server
Load Testing Environment
Content Delivery Mediums
17
Document/Records Management Overview
Document Management facilitates the sharing of
document assets across an enterprise reducing
rework, enhancing productivity and quality of
work
KEY FEATURES/CAPABILITIES/REQUIREMENTS
INTEGRATION

• Integration with content aggregation component to
  provide robust searching
• Integration with web content management solution
  to push documents/assets to the web
• Integration with common content repositories and
  common data repositories

• Supports the lifecycle for documents and other
  electronic assets
• Create - Support for all commonly used file types
  and appendage of meta-data upon creation of asset
• Review - Web-based or desktop-based workflow
  tools for contributors or reviewers of content
• Aggregate and Manage - Check-in and check-out
  capabilities to control versions. Automated
  processes to maintain integrity of assets and
  clean up asset repositories
• Distribute and Deliver - Multiple search
  mechanisms to find information, including
  browsing subject hierarchies, keyword, natural
  language, etc.
• Archive and Delete - Integration with the
  National Archives to preserve electronic assets
• Collaboration tools
• Support for a dynamic corporate taxonomy, i.e.
  classification of assets can be changed

COMPONENT VALUE PROPOSITION
Key to meeting goals around records management.
Enables information to stay in electronic format
throughout its lifecycle and enables robust
information retrieval capabilities through the
classification of all assets - promotes knowledge
sharing through asset sharing
18
Logical Architecture Detail Document/Records
Management
The following is the detailed logical
architecture as it relates to document/Records
management
eAuthentication
Deploy Documents
Portal
Employee
Desktop Publishing Tools
Batch Import Process
Document Management Server
Agency/Cross-Agency Applications
Application Integration/Content Aggregation
Application Integration/Content Aggregation
Employee
Document Approval Workstation
Print
Email
Agency File Servers
File Server
Scanning Station
Content Management
eFax
Document Delivery Mediums
Legacy Systems
Fax
Fax Server
Citizen
19
eLearning Overview
eLearning provides self-paced and collaborative
learning experiences, delivered over the web,
designed to promote comprehension and retention
KEY FEATURES/CAPABILITIES/REQUIREMENTS
INTEGRATION

• Aggregate existing Agency and enterprise
  applications and content
• Integrate with existing legacy training systems,
  access to legacy system business logic and data
• eAuthentication

• Features to improve learning management and
  training administration activities such as
• Administration of curriculum
• Self-registration
• Content creation and publishing tools
• Standardized skills assessment
• Enhanced training experiences through new
  technologies
• Individualized training
• Online course delivery
• Collaboration tools
• Seamless integration with legacy training data,
  human resources systems, and financial systems

COMPONENT VALUE PROPOSITION
Mandated by the Presidential Management Agenda
and required for USDA to maintain an effective
and productive of workforce
20
Logical Architecture Detail eLearning
The following is the detailed logical
architecture as it relates to eLearning
eAuthentication
Internet Firewall
Email Servers
LMS/LCMS Server
Legacy Apps
Internet
Web Servers
Database
Learner (employee, citizen, partner)
Media Server
Production Environment
Document Management
App Integration/ Content Aggregation
Database
Portal
Load Simulation Server
LMS/LCMS Server
Web Server
Learner (employee)
Media Server
Intranet
Load Testing Environment/Content Staging
Environment
Web Content Management
eLearning Administrator
Database
Web Server
Media Server
Agency/Cross-Agency Web Applications
Content Development/Software Configuration
Environment
Instructional Content Designer
21
eAuthentication Overview
eAuthentication offers common authentication
services to applications within USDA
KEY FEATURES/CAPABILITIES/REQUIREMENTS
INTEGRATION

• Provide authentication for electronic services
• Interaction with Agency/Enterprise Web Based
  applications to provide authentication
• Agency/Department Legacy Applications interface
  via a web based proxy
• Agency applications to support GPEA

• The following types of authentication may be
  created or leveraged over time, as requirements
  dictate
• PKI Class 4 (High) Certificate
• Biometric
• PKI Class 3 (Medium) Certificate
• Password
• PKI Class 2 (Basic) Certificate
• Using these authentication techniques, the
  Department will be able to offer a comprehensive
  authentication service
• Corroborative Authentication Mechanisms
• Used in conjunction with each other
• Additive Authentication Mechanisms
• Independent use of same type of authentication
• Strong Authentication mechanisms
• Independent use of different types of
  authentication

• Synchronous Token
• Asynchronous Token
• Cognitive Password
• PIN
• PKI Class 1 (Rudimentary)

COMPONENT VALUE PROPOSITION
Critical capability in allowing stakeholders to
conduct secure transactions with agencies.
Legislative mandate states transactions must be
conducted online - major cost avoidance in doing
enterprise solution
22
Logical Architecture Detail eAuthentication
The following is the detailed logical
architecture as it relates to eAuthentication
Credential
Store
Federal
CA
Authentication
Bridge
Data Store(s)
CA
IDS
Document Management
Audit Log/
Reporting
Store
eGov
Portal
IDS
USDA Web
Credential
Authenticator
Presence
Manager
Citizens
IDS
Web Content Management
USDA Web
Applications
Report
Customers
Registration
Generator
Business
Partners
USDA
Portal
IDS
Internal
Applications
Employees
23
Central Data Repositories Overview
Central data repositories allow re-use of data
and decrease the burden on our customers during
data collection processes
KEY FEATURES/CAPABILITIES/REQUIREMENTS
INTEGRATION

• eGovernment Strategic initiatives will leverage
  shared data repositories
• Based on data needs Agency/Enterprise web and non
  web based applications may use shared data
  repositories
• Sharing of data outside of the department
  (business partners, educational institutions,
  government bodies etc)

• Will facilitate sharing of data
• Groups of applications that need the same data
  will leverage centralized repositories
• Data stewardship processes defined within the
  Data Management Program result in database of
  records to ensure integrity and quality of shared
  data
• Central repositories will allow packaging of data
  from different sources to enhance existing USDA
  services and define new data centric services
• Data Warehouses will power Enterprise and Agency
  applications
• Effort around system integration and data
  migration tasks during system development will be
  greatly reduced resulting in USDA cost savings

COMPONENT VALUE PROPOSITION
Redundant and inaccurate data hinders our ability
to provide optimal value to our customers.
Shared data repositories will heighten
availability, integrity and quality of relevant
data to our clients. This will help improve
quality of existing services and create
opportunities to define new services
24
Logical Architecture Detail Central Data
Repositories
The following is the detailed logical
architecture as it relates to central data
repositories
Agency/Cross-Agency Web Application
Shared Data
Shared Data
Legacy Systems
Data Warehouse
Strategic Initiative
External Database Repositories (Universities,
other government organizations etc)
25
Content Aggregation / Application Integration
Overview
Content aggregation spawns re-use of content and
enables powerful information retrieval
capabilities
KEY FEATURES/CAPABILITIES/REQUIREMENTS
INTEGRATION

• Portal search capability will leverage enterprise
  content index and application integration to
  aggregate content and services
• eGovernment Strategic and Enabler initiatives
• Agency/Department web and non-web Based
  applications

• An enterprise content index will deliver powerful
  searching capabilities across a multitude of data
  repository types
• Content Management Repositories
• Document Management Repositories
• Databases
• Web Servers
• File Servers
• Content originated outside of USDA and migrated
  to USDA Databases/File Servers
• An enterprise application integration framework
  will allow the integration of disparate
  applications in a cost effective manner
• Out of the box connectors will minimize custom
  development
• Promote industry standard integration mechanisms
  such as XML

COMPONENT VALUE PROPOSITION
This is a key component in allowing the
integration of eGovernment capabilities into our
current infrastructure. Enables ubiquitous
access of data and content in a heterogeneous,
distributed environment
26
Logical Architecture Detail Content Aggregation
/ Application Integration
The following is the detailed logical
architecture as it relates to content aggregation
and application integration
Search Results
Search Results
Agency/Cross-Agency Web Application
Portal
Enterprise Index Database
Content/data Index
Content/Data Index
Content Aggregation Server
Document Management
Web Content Management
Agency/ Cross Agency databases
Agency/Cross Agency File Server
Web Servers, Existing CM and WCM Repositories
External Database Repositories
27
Content Distribution Overview
Content distribution ensures timely delivery of
content and services by physically locating
content in specific geographic areas
KEY FEATURES/CAPABILITIES/REQUIREMENTS
INTEGRATION

• Portal content will be distributed via content
  distribution scheme
• Web Content Management solution will integrate
  with Content Distribution during content
  deployment
• Agency/Department Web Based applications

• Content distribution scheme will determine the
  optimal location to place content based on
• User physical location
• Network infrastructure
• Available bandwidth
• System administrator settings
• Ensure consistency of content across distributed
  servers

COMPONENT VALUE PROPOSITION
Application performance is a key criteria for the
success of a solution. A content distribution
scheme will allow us to ensure minimal response
time for enabler, strategic and agency
applications
28
Logical Architecture Detail Content Distribution
The following is the detailed logical
architecture as it relates to content
distribution
Web Content
Web Content
Portal Location 1
Agency/Cross-Agency Web Application Location 1
Monitoring/Configuration Station
Database
Content Distribution Server
Deploy
Web Content
Web Content
Agency/Cross-Agency Web Application Location 2
Portal Location 2
Web Content Management
29
Existing Physical Architecture

• We will leverage existing assets within USDA to
  rollout the proposed architecture
• We understand the existing infrastructure at the
  NITC hosting center
• As part of the architecture development effort,
  an assessment of the current capabilities was
  conducted
• Storage, physical security, redundant power
  supply, onsite and offsite backup, Storage Area
  Network, and application monitoring amongst other
  services offered by the hosting center will be
  critical to the successful of our architecture
• Service Centers and agency field offices will
  play a critical role in the deployment of a
  distributed architecture
• The Service Center Common Computing
  Environment(CCE) effort will provide a technology
  and operational infrastructure for our proposed
  architecture
• Service Center Interoperability Lab provides an
  environment for evaluating technologies which may
  be part of the architecture
• Agency business specific applications that will
  leverage the proposed, common architecture will
  reside in the preferred location and under the
  control of the agency

30
Relationship to Other Enterprise Efforts

• The technical architecture has been designed to
  function within the context of other enterprise
  efforts
• Enterprise architecture
• Contributes to the technology, data and
  application layers of enterprise architecture in
  supporting the information and business layers
• Lays the groundwork for enabling enterprise
  applications supporting common Department-wide
  business processes
• Universal telecommunications network
• Proposed use of data centers in the architecture
  support UTN vision of having centralized data
  centers as high-bandwidth centers
• Common Computing Environment / Service Center
  Modernization Efforts
• Potential for distributed architecture will
  utilize service center data centers
• Potential to leverage existing hardware already
  available in web farms

31
Technical Architecture Next Steps

• Upon completion of the technical architecture,
  the following next steps are necessary to
  continue towards the goal of developing
  enterprise services
• Confirm feasibility of conceptual and logical
  architecture with agencies
• Create Requests for Proposal (RFPs) based on
  technical architecture and implementation
  approach
• Conduct formal product selection process
• Develop physical architecture based on products
  selected
• Determine custom development efforts to achieve
  stated goals for initial rollout of architecture
• Finalize level of effort estimates based on
  delivery of physical architecture