STS Services

January 16, 2008

All requests for STS services must comply with the followings:
• All services require a Peregrine ticket and a justification paragraph to help STS with
prioritization.
• MOC approval is required for production, Test, and Training environments.
• Please plan ahead and note that prerequisites are not included in the duration. Although
most infrastructures that are defined in the prerequisites are in place, STS will notify the
requestor if additional work is required.
Database and Middleware Services:
• New database server setup (Duration: 5 business days)
• Prerequisites
◦ LPAR on IP and DNS entry (OS Services)
◦ Validate network 1GB connectivity bandwidth
◦ OS installed with appropriate level
◦ Filesystem's size and name are defined
◦ SAN fibre card in place for the server
◦ MOC approval for test and production environments
◦ Backup agents (TSM and TDPO) installed
◦ Security scan has been completed
◦ IP filtering completed for secure data (OS Services)
• Requirements
◦ Clearly defined justification
◦ Server/node name
◦ OS (Default: the latest release of AIX)
◦ Database release (Default: the latest available release)
◦ Database name
◦ Application name and schema names requested
◦ Estimated database size in GB
◦ Environment type(development/test/production/training/sandbox)
◦ Backup requirements - Default: required with 35 days Retention period.
◦ Does database contain protected data?
◦ Technical architecture diagram
◦ Does database have special character set requirements?
◦ Do any special database options need to be installed?
◦ User accounts and related privileges
• Application schema upgrades (Duration: 2 business days)
• Prerequisites
◦ Patch is available at the time of the request
◦ MOC approval for production environment
• Requirements
◦ Clearly defined justification
◦ Server/node name
◦ New database software release level (if any)
 ◦ Database name
◦ Schema name and application name
◦ Database size increase percentage
◦ Environment type (development/test/production/training/sandbox)
• DB refresh/data loads (non-DSS) (Duration: 3 business days)
• Prerequisites
◦ SAN storage availability (OS Services)
◦ Filesystem's expansions (if needed) completed
• Requirements
◦ Clearly defined justification
◦ Server/node name
◦ Application name and source database name
◦ Source schema names
◦ Target database name
◦ Target schema names
◦ What is the expected target database size increase percentage?
◦ Environment type (development/test/production)
• DB refresh/data loads (DSS) (Duration: 7 to 10 business days)
• Prerequisites
◦ SAN storage availability (OS)
◦ Filesystem's expansions (if needed) completed
• Requirements
◦ Clearly defined justification
◦ Server/node name
◦ Source database name
◦ Application name and source schema names
◦ Target database name
◦ Target schema names
◦ What is the expected target database size increase percentage?
◦ Environment type (development/test/production)
• New application server setup: ISIS (Duration: 2 business days
• Prerequisites
◦ HDW up on network IP and DNS entry
◦ CSM setup needs to be completed
◦ OS needs to be installed with appropriate level
◦ Backup agents (TSM and TDPO) installed
◦ SAN fibre card installed on server (if required)
◦ Filesystem's size and name are defined
◦ Software release/patches are available
• Requirements
◦ Clearly defined justification
◦ Server/blade name
◦ Application server software and release level
◦ OS version
◦ Web site URL
 ◦ Are instance/OC4J container names required?
◦ Application name
◦ Environment type (development/test/production)
◦ Domain name
◦ DMZ or not?
◦ SSL enabled?
◦ Are backups required? If so, what is the retention period?
◦ Is load balancing required?
◦ What application server components (e.g. HTTP, Web Cache, Portal, Discoverer/BI, reports,
J2EE) are required?
◦ Is SSO/OID authentication required?
◦ Does application handle sensitive data?
◦ Technical architecture diagram
◦ User accounts to create with privileges

• New application server setup: Portal with SSO/OID (Duration: 7 business days)
• Prerequisites
◦ HDW up on network IP and DNS entry
◦ CSM setup needs to be completed
◦ OS needs to be installed with appropriate level
◦ Backup agents (TSM and TDPO) installed
◦ SAN fibre card installed on server (if required)
◦ Filesystem's size and name are defined
◦ Software release/patches are available
• Requirements
◦ Clearly defined justification
◦ Server/blade name
◦ Application server software and release level
◦ OS version
◦ Web site URL
◦ Are instance/OC4J container names required?
◦ Application name
◦ Environment type (development/test/production)
◦ Domain name
◦ DMZ or not?
◦ SSL enabled?
◦ Are backups required? If so, what is the retention period?
◦ Is load balancing required?
◦ What application server components (e.g. HTTP, Web Cache, Portal, Discoverer/BI, reports,
J2EE) are required?
◦ Is SSO/OID authentication required?
◦ Does application handle sensitive data?
◦ Technical architecture diagram
◦ User accounts to create with privileges
• Application release migration/upgrade (2 days)
 • Prerequisites
◦ Availability of the vendor patch for download
◦ Testing by DBA-ASA completed
• Requirements
◦ Clearly defined justification
◦ Server/blade name
◦ Application server software and release level
◦ Web site URL
◦ Are there any instance/OC4J containers to upgrade?
◦ Application name
◦ Environment type (development/test/production/training/sandbox)
◦ What application server components (e.g. HTTP, Web Cache, Portal, Discoverer/BI, reports,
J2EE) should be upgraded?

STS Services: AIX/OS

• Server builds (5 days)
• Requirements
◦ Network connection: Network connection must be physically connected to new LPAR/server
prior to server build.
◦ DNS/IP address: IP address and DNS name need to be defined prior to server build.
◦ SAN connection (if needed): Fibre card and cabling need to be connected prior to server build.
◦ Server hostname
◦ Server purpose
◦ Filesystem requirements
◦ OS tuning parameters
◦ Backup requirements (e.g. TDP, filesystem exceptions, retention)
◦ Monitoring requirements
◦ Scheduling requirements (if using TWS)
• Filesystem requests (4 days)
• Requirements
◦ Name of filesystem(s): Indicate whether each filesystem is either new or existing.
◦ Size of filesystem(s): Indicate total filesystem size including existing size.
◦ Reason for change
◦ Server name or hostname
• Account management (2 days)
• Requirements
◦ Name of host or server
◦ User/group account
◦ Reason for change (e.g. New user, old user, forgot password)
◦ Task to be performed (e.g. Create account, delete account, reset password for rmiyata)
◦ Justification
• NFS request (3 days)
• Requirements
◦ NFS server name
◦ Client server name
 ◦ Filesystem to export or mount
◦ Reason for change (e.g. I don't have network access to files.)
◦ Task to be performed (e.g. Create/remove/configure/export NFS mount point.)
• SANFS request (3 days)
• Requirements
◦ Server name
◦ Fileset name
◦ Reason for change (e.g. I can't configure the host.)
◦ Task to be performed (e.g. Configure host with root access.)
• Backup management (3 days)
• Requirements
◦ Server name
◦ Reason for change (e.g. I want to backup/test/restore files.)
◦ Task to be performed (e.g. Install TDP/TSM client, test/restore/archive files.)
◦ Retention
• IP filtering (2 days)
• Requirements
◦ Server name
◦ Reason for change (e.g. I want to allow/block access.)
◦ Task to be performed (e.g. Define ports and IP addresses.)
• Hardware changes/install (3 days)
• Requirements
◦ Server name
◦ Reason for change (e.g. Database queries are unacceptably slow.)
◦ Task to be performed (e.g. Add 2 more CPUs, more memory, new hardware.)
◦ Justification
• Scheduling changes/install (2 days)
• Requirements
◦ Server name
◦ Reason for change (e.g. Job X needs to run at 6PM instead of 5PM.)
◦ Task to be performed (e.g. Add/remove/change batch job/schedule, install/remove TWS.)
• OS hardening (2 days)
• Requirements
◦ Server name
◦ Reason for change (e.g. CERT published vulnerability note X.)
• OS upgrades/maintenance (2 days)
• Requirements
◦ Server name
◦ Reason for change (e.g. I want the new features in version X of Apache Tomcat.)
◦ Task to be performed (e.g. Upgrade Java from version Y to version Z.)
◦ Justification
• OS tuning/performance management (2 days)
• Requirements
◦ Server name
◦ Reason for change (e.g. Backups used to take X hours; now, they take Y hours.)
 ◦ Task to be performed (e.g. Install NMON and gather data for Z days.)

STS Services: Windows/E-mail

• Server builds (5 days)
• Prerequisites
◦ OS license
◦ Network connection: Network connection must be physically connected to new server/blade
prior to server build.
◦ DNS/IP address: IP address and DNS name needs to be defined prior to server build.
◦ Server hostname
◦ Server purpose
◦ SAN volume (if needed): HBA card with SAN fabric connection and approved/configured SAN
allocation space from UNIX OS team.
◦ Filesystem requirements (logical drive partitions)
◦ Backup requirements (TDP, filesystem exceptions, retention) (Unix OS team)
◦ Monitoring requirements (e.g. Cricket, Nagios)
• SAN/local volume requests (2-5 days)
• Prerequisites
◦ For local storage, drives must be onsite.
◦ For additional SAN space, authorization must be approved and SAN space configured by UNIX
OS team.
◦ Name of volume(s): Indicate whether each volume is either new or existing.
◦ Size of volume(s): Indicate total filesystem size including existing size.
◦ Reason for change
◦ Server name or hostname
◦ Change management request
◦ Time might be longer if large amounts of data need to move.
• Account management (2 days)
• Requirements
◦ Server name
◦ Local user/group account
◦ Reason for change (e.g. New user, old user, forgot password)
◦ Task to be performed (e.g. Create account, delete account, reset account, grant administrator
rights)
◦ Justification
◦ Security approval (if required)
• Backup restore (2 days)
• Requirements
◦ Server name
◦ Directory/files to be restored
◦ File overwrite
• IP filtering (2 days)
• Requirements
◦ Server name
◦ Reason for change (e.g. I want to allow/block access.)
 ◦ Task to be performed (e.g. Define ports and IP addresses.)
◦ Security approval (if required)
• Hardware changes/install (3 days)
• Requirements
◦ Server name
◦ Reason for change (e.g. Database queries are unacceptably slow.)
◦ Task to be performed (e.g. Add 2 more CPUs, more memory, new hardware.)
◦ Justification
◦ Change management request
• Scheduling changes/install (2 days)
• Requirements
◦ Server name
◦ Reason for change (e.g. Job X needs to run at a different time or interval.)
◦ Task to be performed (e.g. Add/remove/change batch job/script.)
• OS hardening (2 days)
• Requirements
◦ Server name
◦ Reason for change (e.g. CERT published vulnerability note X.)
• OS upgrades/maintenance (2 days)
• Requirements
◦ Server name
◦ Reason for change (e.g. I want the malware protection features and new version of Solitaire in
the latest Windows release.)
◦ Task to be performed (e.g. Install OS, service pack, OS component; install/configure IIS, FTP,
SFTP; install/update SSL certificate.)
◦ Justification
• OS tuning/performance management (2 days)
• Requirements
◦ Server name
◦ Reason for change (e.g. Backups used to take X hours; now, they take Y hours.)
◦ Task to be performed (e.g. Configure PerfMon, parameters/metrics to capture.)
◦ What to modify (e.g. page file size, boot.ini parameters)
◦ Change management request
• Public folder requests (2 days)
• Requirements
◦ Public folder name
◦ Root folder name
◦ Owner and other user permissions
◦ Items to be created (e.g. subfolders, calendars)
• List on list server (only for offices) (3 days)
• Requirements
◦ Purpose for list
◦ Name of list
◦ Type of list
◦ Owner, editor, moderator
 ◦ Import users (if needed)
• Shared folder (3 days)
• Requirements
◦ Purpose of shared folder
◦ Size requested
◦ Does group need to be created?
◦ Members of group
◦ Name of subdirectories (if needed)
• Mailbox size increase (2 days)
• Requirements
◦ Reason for request
◦ Authorization from E-mail Administrator

STS Services: Data Processing Operations

• 24x7/After hour onsite support

• After-hours access monitoring
• Maintaining security protocol
• Reset user ports
• Reset “LU” ports
• Monitor Nagios
• Telephone support
• Maintain daily production logs

• Mainframe Production Batch possessing (IFS, SIS, Trans, Unisys)

• Monitor
• Production job setup
• Job stream setup
• Backups
• System Error escalation processes

• Tivoli Workload Scheduler (TWS)

• Monitor
• Production job creation/setup
• Job stream setup
• Backups
• Scheduling definitions

• Printing
• Production Printing
• Payroll Warrants/ Stubs
• Sealing of warrants and stubs
• User ad hoc Printing
• Quality assurance
 • Preventive maintenance on printers
• Report Distribution

• DCIMS
• Main Data Center Equipment Inventory

• Tivoli Storage Manager(TSM)

• Monitor
• Coordinate offsite data storage/retrieval
• ATL volume quantity assurance

• Inventory
• Maintain inventory of consumables

STS Services: Security

• Audit
◦ centralized logging (Syslog)
◦ file integrity (TripWire)
◦ event correlation (MARS)

• Access Control (Helpdesk)

◦ assist users with userid issues

• Content Filtering
◦ web (Websense)
◦ email (Symantec Mail Security)
◦ application (Packeteer)

• File Transfers Controls

◦ securely transfer files between LAUSD and third parties
◦ maintain PGP keys used for transfers

• Network security
◦ Virtual Private Network
◦ Firewalls
◦ Intrusion Detection System

• Systems security
◦ userids (Active Directory, OID/SSO, RACF)
◦ Domain Naming Services (DNS)

• Policies
◦ sets policies on
 ▪ system hardening
▪ handling of student and other sensitive information
◦ interface with Legal (OGC) on privacy policy
◦ provide guidances to ITD and other District units on information security