cp 73 enterprise scale in the cloud : introducing the ... · deltek engineering, dev ops, quality...
TRANSCRIPT
CP 73
Enterprise scale in the cloud : Introducing
the Costpoint Enterprise Cloud
Deltek in the Cloud
Secure & Reliable
Trusted Provider
Project Focused
Solutions
Costpoint SaaS Offerings
Costpoint
Foundations
Cloud-only, packaged solution
• Costpoint Core
• Time Collection
• Expense (30%)
• Kona (10%)
• Enterprise Reporting (CER)
• Budgeting and Planning (5
Seats)
Available Add-ons
• Payroll
• Procurement
• Seller
• Fixed Assets
• Multi Currency/Multi-Company
Costpoint
Essentials
Cloud-based, packaged core
solution :
• Essentials
• Essentials Plus
Essentials Packaged Add-Ons
• People
• Operations
• Manufacturing
• Business Development
• Talent Management
A la carte Add-Ons
• CP Analytics
• MES/SFT
Features Include• Extensibility
• 2 Non Prod Environments
• Multiple Upgrade Windows
• Preview Environments
• Custom Database Objects
Add-ons Available
• US Citizen Offering
• ITAR Compliant
Deployment
• Additional Non-Prod
Costpoint
Enterprise Cloud
Small Business Mid Sized Enterprise
CONFIDENTIAL © Deltek, Inc. All Rights Reserved
Being
Released in
October
Deltek Costpoint Cloud
CONFIDENTIAL © Deltek, Inc. All Rights Reserved
CostpointCostpoint Web
Services
Costpoint
Extensibility
ODBC Access to
Production db
Preview
Environment
Always On Dev &
Test Environment
Costpoint
Enterprise
Reporting (CER)
Custom Database
Objects
Content
Management
Integration (CMI)
Unrestricted CER
license
SQL Access to
Production
Database
Costpoint
AnalyticsCostpoint SSO Costpoint MFA
Costpoint Test
Automation Tools
Hosting 3rd Party
Applications
Time, Expense &
Employee Self
Service (TESS)
TESS Stored
Procedures
Oracle Database
SupportITAR Support
Costpoint
Budgeting &
Planning
B&P Stored
Procedures
Costpoint
Enterprise
Insights (CEI)
Capture
ManagementCapture Analytics
Contract
Management
(CDM)
Costpoint MES
GovWin IQDeltek Resource
Planning
Talent
ManagementDeltek CRM Kona
Costpoint Shop
Floor Time
AppGRC Open Plan winsight PM Compass Acumen Cobra
Available in Cloud
Requires Costpoint
Enterprise Cloud (CEC)
Available in Cloud
Currently Hosted by
TBS (moving to AWS)
US Only Operations
Support Available –
Requires CEC
Out of Policy - Not
Supported
Currently Not
Supported in Cloud
What is Costpoint PaaS? (aka Enterprise)
CONFIDENTIAL © Deltek, Inc. All Rights Reserved
CONFIDENTIAL © Deltek, Inc. All Rights Reserved
What is Enterprise PaaS?
BIRT Template
Extensibility
Add your own application functionality and modify reports to maximize your back office!
Costpoint Extensibility
What do Customers get with Enterprise?
CONFIDENTIAL © Deltek, Inc. All Rights Reserved
Access to the Extensibility
Console via Citrix
Features Include• Extensibility
• 3 Non Prod Environments
• Multiple Upgrade Windows
• Custom Database Objects
Add-ons Available
• US Citizen Operation
• ITAR Compliant
Deployment
• Additional Non-Prod
Enterprise Cloud
A Test Environment
A Dev Environment
Custom Database Objects
A Preview Environment
A Dev EnvironmentA Dev Environment
What do Customers get with CP PaaS?
CONFIDENTIAL © Deltek, Inc. All Rights Reserved
Access to the Extensibility
Console via Citrix
Features Include• Extensibility
• 3 Non Prod Environments
• Multiple Upgrade Windows
• Custom Database Objects
Add-ons Available
• US Citizen Operation
• ITAR Compliant
Deployment
• Additional Non-Prod
Costpoint
Enterprise Cloud
A Test Environment
A Dev Environment
Custom Database Objects
A Staging Environment
Available Q4 2016
What do Customers get with CP PaaS?
CONFIDENTIAL © Deltek, Inc. All Rights Reserved
Access to the Extensibility
Console via Citrix
Features Include• Extensibility
• 3 Non Prod Environments
• Multiple Upgrade Windows
• Custom Database Objects
Add-ons Available
• US Citizen Operation
• ITAR Compliant
Deployment
• Additional Non-Prod
Costpoint
Enterprise Cloud
A Test Environment
A Dev Environment
Custom Database Objects
A Staging Environment
Available 1H 2017
Deltek and the Cloud
Dedicated Cloud Operations Team
Dedicated Enterprise Cloud Operations Teams
Dedicated Security Team
24x7 NOC Staffing and Incident Response Protocols
© Deltek, Inc. Confidential. All rights reserved
Cloud Infrastructure
Long standing partnership
with AWS
Physical infrastructure (AWS):
Network, servers, storage, etc.
Physical Security:
2FA, Video, Redundancy
Virtual Security:
VPC, Access Management, Monitoring
© Deltek, Inc. Confidential. All rights reserved
Physical Security
Strict physical access, monitored at all times
Video surveillance 24X7
Double two factor check point for data
center access
Fire detection & Suppression
Redundant Power and Uninterruptible Power Supply
(UPS)
Climate & Temperature controlled environment
Hardware & Network monitoring
Storage Device Decommissioning
Deltek leverages Amazon Web Services (AWS) as our Infrastructure
as a Service (IaaS) provider.
The AWS service provides physical controls for all of Deltek’s cloud offerings:
© Deltek, Inc. Confidential. All rights reserved
Costpoint Enterprise Cloud – Reference Architecture
Web Server Web Server
Zone 1 Zone 2ELB
Primary
DB
Failover
DB
Region 1 (Prod)
Web Server
App Server
DR DB
Region 2 (DR)
Near
Real Time
Replication
Primary
DBPrimary
DB
Failover
DBFailover
DB
DR DBDR DB
Near
Real Time
Replication
Shared
Across
Customers
Shared MS SQL
Server instance per
enterprise customer
Encryption At Rest
Nightly Full Backups
S3
Buckets
Encryption At Rest
Internal
ELB
UTM UTMDMZ
Shared
Web\Application
Server instance per
enterprise customer
SIEM/
MSSP
App Server App Server
© Deltek, Inc. Confidential. All rights reserved
Costpoint Cloud Regional Coverage
Enterprise offering hosting will depend Data Privacy and Geographical requirements
Costpoint Production
Americas (AWS US EAST)
(Future)
Costpoint DR
APAC
(Future)
Costpoint ITAR
Production (AWS
GovCloud)
Costpoint DR Americas
(AWS US WEST)
© Deltek, Inc. Confidential. All rights reserved
Deltek’s unwavering
commitment to
support and security
serves to make your
mission-critical Deltek
application available at any
time to everyone who
needs it—
while simultaneously
protecting your information
from anyone who shouldn’t
have it.
Security
© Deltek, Inc. Confidential. All rights reserved
Develops security features in product, works through and conducts assessments
Deltek Engineering, Dev Ops, Quality Engineering
Carries out internal
assessments works with
product & engineering
Enforces security policy and
procedure through operations
working with Security,
Engineering, and Product
Schedules security related
features into product roadmap
& assists with assessments
Deltek
Security
Deltek
Cloud Operations
Deltek
Product Management
Develops policy and dispositions program priorities and escalations
Deltek Security Council
Deltek’s Security Investment
© Deltek, Inc. Confidential. All rights reserved
Each product is tracked for multiple types
of security assessment. The Security
council presides over the prioritization of
the testing plan based on internal risk
factors and policy.
Deltek security authors policy on detailed
security topics which are reviewed,
approved, and enforced via Product
management
Security Testing & Policy
We have a robust security testing
program that is reviewed and
managed by the security council to
ensure each cloud solution is going
through routine internal and
external security testing of a range
of types
© Deltek, Inc. Confidential. All rights reserved
Segregation of Duties & Minimal Access
Deltek Cloud Operations is required to use 2 factor
authentication to access VPC’s
to provide support to each offering
Deltek is leveraging AWS Virtual Private Clouds (VPC) to
segregate cloud offerings.
Amazon personnel do not have access to Deltek’s offerings
© Deltek, Inc. Confidential. All rights reserved
Deltek Cloud Operations is built to segregate duties
and limit access critical components of the architecture
All access is provisioned through access administration
and vetted based on the operators role and responsibility
Segregation of Duties & Minimal Access
© Deltek, Inc. Confidential. All rights reserved
Deltek Cloud Operations: Access Administration
All DCO access requests are tracked
Approval is routed to DCO Leadership
Deltek Security and Network Assurance provisions
approved access
Support and Engineering only granted access to non-
Production for incident response
Consulting is granted access to non-production
environments by the customer
Non-DCO resources access expires in 30 days
Decommissioning of DCO employee access is triggered
by HR process when exiting the business
© Deltek, Inc. Confidential. All rights reserved
Deltek Cloud Operations: Business Continuity
Authority over Deltek Cloud Operations will be granted to the
VP of Product Strategy, or the EVP of Product Strategy in
the event of a disaster where the chain of command is broken
Authority can be delegated to each SaaS solution
offering’s Director in the event that leadership is not able to
preform their duties
© Deltek, Inc. Confidential. All rights reserved
Deltek Cloud Operations: Disaster Recovery
!
Each Deltek SaaS product DR plan:
Reviewed annually
Tested annually in a simulated environment
Updated if any changes to the
recovery infrastructure is made
Any changes communicated to all applicable resources
New employees are provided the Disaster Recovery policy
and trained
© Deltek, Inc. Confidential. All rights reserved
Operational Control Certifications
Deltek benefits from massive AWS physical and
logical Security investments & Certifications
Deltek Cloud Operations has completed SSAE
16 SOC 1 and SOC 2 Type I audits.
(as of 9/30/2015)
SOC 1, 2, & 3 Type II audits to be published
December 2016
© Deltek, Inc. Confidential. All rights reserved
Service Security:
VPC (network segmentation)
Endpoint protection (anti-malware, HIPS)
UTM (Unified Threat Management)
IPS, Web Firewall, Network Firewall
SIEM (System Information & Event Management)
Encryption in-flight (TLS)
Encryption at-rest (S3 Storage & TDE)
Secure FTP S
© Deltek, Inc. Confidential. All rights reserved
Service Features
Application Management
Service Requests & Guidelines
Software Licensing:
Database, OS, monitoring, etc.
Infrastructure Support:
Database tuning, patching, OS hardening,
patching, application upgrades, performance,
security.
Cloud Services
© Deltek, Inc. Confidential. All rights reserved
Quarterly Patching Cycle
Fixes & Features in each patch cycle
Preview environment for each upgrade
Core extensions supported
API access, ODBC read only access
2 non-production Environments
(monthly db refreshes) Additional environments
available as add-on
Enterprise Service Includes
© Deltek, Inc. Confidential. All rights reserved
Enterprise Service IncludesPhysical infrastructure (AWS)
Network, servers, storage, etc.
Software Licensing
Database, OS, monitoring, etc.
Infrastructure support
Database tuning, patching, OS hardening, patching, application upgrades, performance, security
Select upgrade window from two pre-determined dates
Direct read-only access to databases through 3rd party cloud based ODBC
Preview environments for feature upgrades
Customer Extensions supported
Custom Database Objects
Additional integration options supported:
SFTP for file based bulk loads
Outbound database backup
© Deltek, Inc. Confidential. All rights reserved
Service Includes
Secure, Highly Available Production Deployment in AWS regions 99.98% Availability to date
Full DR-250 based production location
Critical DR Service Level Objectives 24hr RTO 8hr RPO Yearly DR testing by DCO
© Deltek, Inc. Confidential. All rights reserved
What do Customers get with Enterprise?
© Deltek, Inc. Confidential. All rights reserved
Access to the Developer Tools via
Citrix
Features Include• Extensibility
• 2 Non Prod Environments
• Multiple Upgrade Windows
• Custom Database Objects
Add-ons Available
• Additional Non-Prod
Enterprise Cloud
A Test Environment
A Dev Environment
Custom Database Objects via
Service Requests
A Preview Environment
A Dev EnvironmentA Dev Environment
Extension Manager reviews the Feature or Error Correction requirement and plan the
Extension Development. This should include a release schedule, level of required testing
and extension documentation. The Issue Ticket is updated with this information.
Extension Manager creates a Feature branch out of the Development branch in the
Extender for Features or a Hotfix branch out of the Master branch for Error Corrections.
The Issue Ticket is updated with this information.
Extension Manager assigns the Issue Ticket to the Extension Developer
Extension Developer develops the Extension according to the requirements described in
the Feature Design document or based on the description of the error reported for Error
Corrections.
Extension Developer deploys to a Development environment for Extension Test &
Verification.
Extension Developer conducts the Extension Documentation which should include a
decision log for the extension, setup and configuration requirement and installation details
for the extension deployment. Extension Developer updates the Issue Ticket and assigns
to Extension Tester.
Extension Tester setup and configure the Extension according to the Extension
Documentation.
Extension Tester tests the Extension and updates the Issue Ticket. The Issue Ticket is
assigned to the Extension Developer in case of a failed test.
Extension Tester approves the Extension on a successful test and updates the Issue
Ticket.
Extension Tester conducts Extension Release Documentation, which is a summary
description to be used by the Release Management
Extension Tester notifies the Extension Manager and assigns the Issue Ticket to the
Extension Manager.
Plan & Schedule
Extension Development
Create Feature or Hotfix
branch
Assign
Extension Developer
Write code
Deploy to
Development system
Conduct Extension
Documentation
Extension
Setup & Configuration
Extension
Test & Verification
Approve Extension
Conduct Extension
Release Documentation
Notify
Extension Manager
Customer ResponsibilityRelease & Configuration Management
Determining when configurations move from Dev, to Test, to Production
Coordinating release activities internally
Maintaining an inventory of configurations between environments
Leveraging service requests for moving configurations
Extension Testing & break fix
Testing core configurations & extensions for each cloud release
Fixing any issues resulting from core Costpointchanges
Compliance with SaaS guidelines
Costpoint SaaS Administrator Guide
Costpoint SaaS Consulting Guide
Costpoint SaaS SDLC
SaaS Customer Development Process
Cu
sto
me
r D
eve
lop
me
nt
Co
ord
inat
or
Cu
sto
me
r D
eve
lop
er
Cu
sto
me
r D
eve
lop
me
nt
QE
/QA
DC
OC
ust
om
er
·
Development
· ·
Setup/Design
Start
Change Request
Approved
Request access to the Customer
Development Environment
DCO provisions account and provides version, patch level, solution, language
list
Setup Workstation
environment to begin
development
Setup Demo data on
workstation
Update/Create Design Doc
Create Feature Branch in
GitHub
Develop Unit Test
Merge Feature Branch into Dev Branch
Merge developers’ code
into Feature Branch Successful
Yes
No
Deploys Dev Branch to
Customer Dev Env. Successful
No
End to End Testing
System Testing
Yes
System Testing Passed
Open RNT ticket and assign to DCO
For Test Deployment
Yes
No
No
Security Check passed?
Include:· Project Evaluation· Design Doc· Implementation Guide· Test evidence
Include:· Design
Review· Libraries
© Deltek, Inc. Confidential. All rights reserved
Extension Manager reviews the Feature or Error Correction requirement and plan the
Extension Development. This should include a release schedule, level of required testing
and extension documentation. The Issue Ticket is updated with this information.
Extension Manager creates a Feature branch out of the Development branch in the
Extender for Features or a Hotfix branch out of the Master branch for Error Corrections.
The Issue Ticket is updated with this information.
Extension Manager assigns the Issue Ticket to the Extension Developer
Extension Developer develops the Extension according to the requirements described in
the Feature Design document or based on the description of the error reported for Error
Corrections.
Extension Developer deploys to a Development environment for Extension Test &
Verification.
Extension Developer conducts the Extension Documentation which should include a
decision log for the extension, setup and configuration requirement and installation details
for the extension deployment. Extension Developer updates the Issue Ticket and assigns
to Extension Tester.
Extension Tester setup and configure the Extension according to the Extension
Documentation.
Extension Tester tests the Extension and updates the Issue Ticket. The Issue Ticket is
assigned to the Extension Developer in case of a failed test.
Extension Tester approves the Extension on a successful test and updates the Issue
Ticket.
Extension Tester conducts Extension Release Documentation, which is a summary
description to be used by the Release Management
Extension Tester notifies the Extension Manager and assigns the Issue Ticket to the
Extension Manager.
Plan & Schedule
Extension Development
Create Feature or Hotfix
branch
Assign
Extension Developer
Write code
Deploy to
Development system
Conduct Extension
Documentation
Extension
Setup & Configuration
Extension
Test & Verification
Approve Extension
Conduct Extension
Release Documentation
Notify
Extension Manager
Quality Assurance
Robust Release Management & System
Development Life Cycle
Clearly defined approval process
Unit, Integration, and Business testing required for
code promotion
SOC compliant SDLC - Segregation of Access &
Duties between Test & Production vs. Development
Mandatory use of Source Code Control
Mandatory Security Review for all customer code
Tracked Service Requests for promoting
configurations\code to Test & Production
Nightly, Weekly, Backups to support roll back
SaaS Customer Development Process
Cu
sto
me
r D
eve
lop
me
nt
Co
ord
inat
or
Cu
sto
me
r D
eve
lop
er
Cu
sto
me
r D
eve
lop
me
nt
QE
/QA
DC
OC
ust
om
er
·
Development
· ·
Setup/Design
Start
Change Request
Approved
Request access to the Customer
Development Environment
DCO provisions account and provides version, patch level, solution, language
list
Setup Workstation
environment to begin
development
Setup Demo data on
workstation
Update/Create Design Doc
Create Feature Branch in
GitHub
Develop Unit Test
Merge Feature Branch into Dev Branch
Merge developers’ code
into Feature Branch Successful
Yes
No
Deploys Dev Branch to
Customer Dev Env. Successful
No
End to End Testing
System Testing
Yes
System Testing Passed
Open RNT ticket and assign to DCO
For Test Deployment
Yes
No
No
Security Check passed?
Include:· Project Evaluation· Design Doc· Implementation Guide· Test evidence
Include:· Design
Review· Libraries
© Deltek, Inc. Confidential. All rights reserved
Service Requests
© Deltek, Inc. Confidential. All rights reserved
Deltek Costpoint Cloud
Standard Service Does Not Include
Creation, testing or modification of any customer specific
content including web services and extensions
Deltek Select Care
Provides customers with a single point of contact to work
with on any customer support.
This champion will be able to provide you with the extra level
of attention that is often required by larger enterprise
organizations
© Deltek, Inc. Confidential. All rights reserved
Costpoint Enterprise Cloud Quality of Service
A continual focus on security
Redundancy: Locally, DR250, Backups Nightly,
Weekly, Monthly
Robust monitoring and proactive threat management
!I/O bandwidth to the SAN
I/O
Application & 3RD party Patching & Upgrading
Storage built in
Robust, highly available, highly scalable environment
Deltek’s Costpoint SaaS offering is robust and provides an excellent quality of service
© Deltek, Inc. Confidential. All rights reserved
Building the Case for Cloud
Backup & Retention
Database Software
Operating System
Software
Malware &
Monitoring Software
Hardware
Manage VPN’s Maintain & Upgrade
Deltek Applications
Deltek Maintenance
& Support
Single Subscription
PriceIT Personnel
Quality of Service
Costpoint Cloud
Solution
Costpoint On
Premise Solution
Security &
Vulnerability Testing
Business Continuity
Planning
Opportunity Costs
One Time Migration
Costs
Network and SANIT Facilities
© Deltek, Inc. Confidential. All rights reserved
Thank you!
© Deltek, Inc. Confidential. All rights reserved