cp 73 enterprise scale in the cloud : introducing the ... · deltek engineering, dev ops, quality...

CP 73

Enterprise scale in the cloud : Introducing

the Costpoint Enterprise Cloud

Deltek in the Cloud

Secure & Reliable

Trusted Provider

Project Focused

Solutions

Costpoint SaaS Offerings

Costpoint

Foundations

Cloud-only, packaged solution

• Costpoint Core

• Time Collection

• Expense (30%)

• Kona (10%)

• Enterprise Reporting (CER)

• Budgeting and Planning (5

Seats)

Available Add-ons

• Payroll

• Procurement

• Seller

• Fixed Assets

• Multi Currency/Multi-Company

Costpoint

Essentials

Cloud-based, packaged core

solution :

• Essentials

• Essentials Plus

Essentials Packaged Add-Ons

• People

• Operations

• Manufacturing

• Business Development

• Talent Management

A la carte Add-Ons

• CP Analytics

• MES/SFT

Features Include• Extensibility

• 2 Non Prod Environments

• Multiple Upgrade Windows

• Preview Environments

• Custom Database Objects

Add-ons Available

• US Citizen Offering

• ITAR Compliant

Deployment

• Additional Non-Prod

Costpoint

Enterprise Cloud

Small Business Mid Sized Enterprise

CONFIDENTIAL © Deltek, Inc. All Rights Reserved

Being

Released in

October

Deltek Costpoint Cloud


CostpointCostpoint Web

Services

Costpoint

Extensibility

ODBC Access to

Production db

Preview

Environment

Always On Dev &

Test Environment

Costpoint

Enterprise

Reporting (CER)

Custom Database

Objects

Content

Management

Integration (CMI)

Unrestricted CER

license

SQL Access to

Production

Database

Costpoint

AnalyticsCostpoint SSO Costpoint MFA

Costpoint Test

Automation Tools

Hosting 3rd Party

Applications

Time, Expense &

Employee Self

Service (TESS)

TESS Stored

Procedures

Oracle Database

SupportITAR Support

Costpoint

Budgeting &

Planning

B&P Stored

Procedures

Costpoint

Enterprise

Insights (CEI)

Capture

ManagementCapture Analytics

Contract

Management

(CDM)

Costpoint MES

GovWin IQDeltek Resource

Planning

Talent

ManagementDeltek CRM Kona

Costpoint Shop

Floor Time

AppGRC Open Plan winsight PM Compass Acumen Cobra

Available in Cloud

Requires Costpoint

Enterprise Cloud (CEC)

Available in Cloud

Currently Hosted by

TBS (moving to AWS)

US Only Operations

Support Available –

Requires CEC

Out of Policy - Not

Supported

Currently Not

Supported in Cloud

What is Costpoint PaaS? (aka Enterprise)



What is Enterprise PaaS?

BIRT Template

Extensibility

Add your own application functionality and modify reports to maximize your back office!

Costpoint Extensibility

What do Customers get with Enterprise?


Access to the Extensibility

Console via Citrix





Add-ons Available

• US Citizen Operation

• ITAR Compliant

Deployment


Enterprise Cloud

A Test Environment

A Dev Environment

Custom Database Objects

A Preview Environment

A Dev EnvironmentA Dev Environment

What do Customers get with CP PaaS?



Console via Citrix





Add-ons Available


• ITAR Compliant

Deployment


Costpoint

Enterprise Cloud

A Test Environment

A Dev Environment


A Staging Environment

Available Q4 2016

What do Customers get with CP PaaS?



Console via Citrix





Add-ons Available


• ITAR Compliant

Deployment


Costpoint

Enterprise Cloud

A Test Environment

A Dev Environment


A Staging Environment

Available 1H 2017

Deltek and the Cloud

Dedicated Cloud Operations Team

Dedicated Enterprise Cloud Operations Teams

Dedicated Security Team

24x7 NOC Staffing and Incident Response Protocols

© Deltek, Inc. Confidential. All rights reserved

Cloud Infrastructure

Long standing partnership

with AWS

Physical infrastructure (AWS):

Network, servers, storage, etc.

Physical Security:

2FA, Video, Redundancy

Virtual Security:

VPC, Access Management, Monitoring


Physical Security

Strict physical access, monitored at all times

Video surveillance 24X7

Double two factor check point for data

center access

Fire detection & Suppression

Redundant Power and Uninterruptible Power Supply

(UPS)

Climate & Temperature controlled environment

Hardware & Network monitoring

Storage Device Decommissioning

Deltek leverages Amazon Web Services (AWS) as our Infrastructure

as a Service (IaaS) provider.

The AWS service provides physical controls for all of Deltek’s cloud offerings:


Costpoint Enterprise Cloud – Reference Architecture

Web Server Web Server

Zone 1 Zone 2ELB

Primary

DB

Failover

DB

Region 1 (Prod)

Web Server

App Server

DR DB

Region 2 (DR)

Near

Real Time

Replication

Primary

DBPrimary

DB

Failover

DBFailover

DB

DR DBDR DB

Near

Real Time

Replication

Shared

Across

Customers

Shared MS SQL

Server instance per

enterprise customer

Encryption At Rest

Nightly Full Backups

S3

Buckets

Encryption At Rest

Internal

ELB

UTM UTMDMZ

Shared

Web\Application

Server instance per

enterprise customer

SIEM/

MSSP

App Server App Server


Costpoint Cloud Regional Coverage

Enterprise offering hosting will depend Data Privacy and Geographical requirements

Costpoint Production

Americas (AWS US EAST)

(Future)

Costpoint DR

APAC

(Future)

Costpoint ITAR

Production (AWS

GovCloud)

Costpoint DR Americas

(AWS US WEST)


Deltek’s unwavering

commitment to

support and security

serves to make your

mission-critical Deltek

application available at any

time to everyone who

needs it—

while simultaneously

protecting your information

from anyone who shouldn’t

have it.

Security


Develops security features in product, works through and conducts assessments

Deltek Engineering, Dev Ops, Quality Engineering

Carries out internal

assessments works with

product & engineering

Enforces security policy and

procedure through operations

working with Security,

Engineering, and Product

Schedules security related

features into product roadmap

& assists with assessments

Deltek

Security

Deltek

Cloud Operations

Deltek

Product Management

Develops policy and dispositions program priorities and escalations

Deltek Security Council

Deltek’s Security Investment


Each product is tracked for multiple types

of security assessment. The Security

council presides over the prioritization of

the testing plan based on internal risk

factors and policy.

Deltek security authors policy on detailed

security topics which are reviewed,

approved, and enforced via Product

management

Security Testing & Policy

We have a robust security testing

program that is reviewed and

managed by the security council to

ensure each cloud solution is going

through routine internal and

external security testing of a range

of types


Segregation of Duties & Minimal Access

Deltek Cloud Operations is required to use 2 factor

authentication to access VPC’s

to provide support to each offering

Deltek is leveraging AWS Virtual Private Clouds (VPC) to

segregate cloud offerings.

Amazon personnel do not have access to Deltek’s offerings


Deltek Cloud Operations is built to segregate duties

and limit access critical components of the architecture

All access is provisioned through access administration

and vetted based on the operators role and responsibility

Segregation of Duties & Minimal Access


Deltek Cloud Operations: Access Administration

All DCO access requests are tracked

Approval is routed to DCO Leadership

Deltek Security and Network Assurance provisions

approved access

Support and Engineering only granted access to non-

Production for incident response

Consulting is granted access to non-production

environments by the customer

Non-DCO resources access expires in 30 days

Decommissioning of DCO employee access is triggered

by HR process when exiting the business


Deltek Cloud Operations: Business Continuity

Authority over Deltek Cloud Operations will be granted to the

VP of Product Strategy, or the EVP of Product Strategy in

the event of a disaster where the chain of command is broken

Authority can be delegated to each SaaS solution

offering’s Director in the event that leadership is not able to

preform their duties


Deltek Cloud Operations: Disaster Recovery

!

Each Deltek SaaS product DR plan:

Reviewed annually

Tested annually in a simulated environment

Updated if any changes to the

recovery infrastructure is made

Any changes communicated to all applicable resources

New employees are provided the Disaster Recovery policy

and trained


Operational Control Certifications

Deltek benefits from massive AWS physical and

logical Security investments & Certifications

Deltek Cloud Operations has completed SSAE

16 SOC 1 and SOC 2 Type I audits.

(as of 9/30/2015)

SOC 1, 2, & 3 Type II audits to be published

December 2016


Service Security:

VPC (network segmentation)

Endpoint protection (anti-malware, HIPS)

UTM (Unified Threat Management)

IPS, Web Firewall, Network Firewall

SIEM (System Information & Event Management)

Encryption in-flight (TLS)

Encryption at-rest (S3 Storage & TDE)

Secure FTP S


Service Features

Application Management

Service Requests & Guidelines

Software Licensing:

Database, OS, monitoring, etc.

Infrastructure Support:

Database tuning, patching, OS hardening,

patching, application upgrades, performance,

security.

Cloud Services


Quarterly Patching Cycle

Fixes & Features in each patch cycle

Preview environment for each upgrade

Core extensions supported

API access, ODBC read only access

2 non-production Environments

(monthly db refreshes) Additional environments

available as add-on

Enterprise Service Includes


Enterprise Service IncludesPhysical infrastructure (AWS)

Network, servers, storage, etc.

Software Licensing

Database, OS, monitoring, etc.

Infrastructure support

Database tuning, patching, OS hardening, patching, application upgrades, performance, security

Select upgrade window from two pre-determined dates

Direct read-only access to databases through 3rd party cloud based ODBC

Preview environments for feature upgrades

Customer Extensions supported


Additional integration options supported:

SFTP for file based bulk loads

Outbound database backup


Service Includes

Secure, Highly Available Production Deployment in AWS regions 99.98% Availability to date

Full DR-250 based production location

Critical DR Service Level Objectives 24hr RTO 8hr RPO Yearly DR testing by DCO


What do Customers get with Enterprise?


Access to the Developer Tools via

Citrix





Add-ons Available


Enterprise Cloud

A Test Environment

A Dev Environment

Custom Database Objects via

Service Requests

A Preview Environment

A Dev EnvironmentA Dev Environment

Extension Manager reviews the Feature or Error Correction requirement and plan the

Extension Development. This should include a release schedule, level of required testing

and extension documentation. The Issue Ticket is updated with this information.

Extension Manager creates a Feature branch out of the Development branch in the

Extender for Features or a Hotfix branch out of the Master branch for Error Corrections.

The Issue Ticket is updated with this information.

Extension Manager assigns the Issue Ticket to the Extension Developer

Extension Developer develops the Extension according to the requirements described in

the Feature Design document or based on the description of the error reported for Error

Corrections.

Extension Developer deploys to a Development environment for Extension Test &

Verification.

Extension Developer conducts the Extension Documentation which should include a

decision log for the extension, setup and configuration requirement and installation details

for the extension deployment. Extension Developer updates the Issue Ticket and assigns

to Extension Tester.

Extension Tester setup and configure the Extension according to the Extension

Documentation.

Extension Tester tests the Extension and updates the Issue Ticket. The Issue Ticket is

assigned to the Extension Developer in case of a failed test.

Extension Tester approves the Extension on a successful test and updates the Issue

Ticket.

Extension Tester conducts Extension Release Documentation, which is a summary

description to be used by the Release Management

Extension Tester notifies the Extension Manager and assigns the Issue Ticket to the

Extension Manager.

Plan & Schedule

Extension Development

Create Feature or Hotfix

branch

Assign

Extension Developer

Write code

Deploy to

Development system

Conduct Extension

Documentation

Extension

Setup & Configuration

Extension

Test & Verification

Approve Extension

Conduct Extension

Release Documentation

Notify

Extension Manager

Customer ResponsibilityRelease & Configuration Management

Determining when configurations move from Dev, to Test, to Production

Coordinating release activities internally

Maintaining an inventory of configurations between environments

Leveraging service requests for moving configurations

Extension Testing & break fix

Testing core configurations & extensions for each cloud release

Fixing any issues resulting from core Costpointchanges

Compliance with SaaS guidelines

Costpoint SaaS Administrator Guide

Costpoint SaaS Consulting Guide

Costpoint SaaS SDLC

SaaS Customer Development Process

Cu

sto

me

r D

eve

lop

me

nt

Co

ord

inat

or

Cu

sto

me

r D

eve

lop

er

Cu

sto

me

r D

eve

lop

me

nt

QE

/QA

DC

OC

ust

om

er

·

Development

· ·

Setup/Design

Start

Change Request

Approved

Request access to the Customer

Development Environment

DCO provisions account and provides version, patch level, solution, language

list

Setup Workstation

environment to begin

development

Setup Demo data on

workstation

Update/Create Design Doc

Create Feature Branch in

GitHub

Develop Unit Test

Merge Feature Branch into Dev Branch

Merge developers’ code

into Feature Branch Successful

Yes

No

Deploys Dev Branch to

Customer Dev Env. Successful

No

End to End Testing

System Testing

Yes

System Testing Passed

Open RNT ticket and assign to DCO

For Test Deployment

Yes

No

No

Security Check passed?

Include:· Project Evaluation· Design Doc· Implementation Guide· Test evidence

Include:· Design

Review· Libraries


Extension Manager reviews the Feature or Error Correction requirement and plan the

Extension Development. This should include a release schedule, level of required testing

and extension documentation. The Issue Ticket is updated with this information.

Extension Manager creates a Feature branch out of the Development branch in the

Extender for Features or a Hotfix branch out of the Master branch for Error Corrections.

The Issue Ticket is updated with this information.

Extension Manager assigns the Issue Ticket to the Extension Developer

Extension Developer develops the Extension according to the requirements described in

the Feature Design document or based on the description of the error reported for Error

Corrections.

Extension Developer deploys to a Development environment for Extension Test &

Verification.

Extension Developer conducts the Extension Documentation which should include a

decision log for the extension, setup and configuration requirement and installation details

for the extension deployment. Extension Developer updates the Issue Ticket and assigns

to Extension Tester.

Extension Tester setup and configure the Extension according to the Extension

Documentation.

Extension Tester tests the Extension and updates the Issue Ticket. The Issue Ticket is

assigned to the Extension Developer in case of a failed test.

Extension Tester approves the Extension on a successful test and updates the Issue

Ticket.

Extension Tester conducts Extension Release Documentation, which is a summary

description to be used by the Release Management

Extension Tester notifies the Extension Manager and assigns the Issue Ticket to the

Extension Manager.

Plan & Schedule

Extension Development

Create Feature or Hotfix

branch

Assign

Extension Developer

Write code

Deploy to

Development system

Conduct Extension

Documentation

Extension

Setup & Configuration

Extension

Test & Verification

Approve Extension

Conduct Extension

Release Documentation

Notify

Extension Manager

Quality Assurance

Robust Release Management & System

Development Life Cycle

Clearly defined approval process

Unit, Integration, and Business testing required for

code promotion

SOC compliant SDLC - Segregation of Access &

Duties between Test & Production vs. Development

Mandatory use of Source Code Control

Mandatory Security Review for all customer code

Tracked Service Requests for promoting

configurations\code to Test & Production

Nightly, Weekly, Backups to support roll back

SaaS Customer Development Process

Cu

sto

me

r D

eve

lop

me

nt

Co

ord

inat

or

Cu

sto

me

r D

eve

lop

er

Cu

sto

me

r D

eve

lop

me

nt

QE

/QA

DC

OC

ust

om

er

·

Development

· ·

Setup/Design

Start

Change Request

Approved

Request access to the Customer

Development Environment

DCO provisions account and provides version, patch level, solution, language

list

Setup Workstation

environment to begin

development

Setup Demo data on

workstation

Update/Create Design Doc

Create Feature Branch in

GitHub

Develop Unit Test

Merge Feature Branch into Dev Branch

Merge developers’ code

into Feature Branch Successful

Yes

No

Deploys Dev Branch to

Customer Dev Env. Successful

No

End to End Testing

System Testing

Yes

System Testing Passed

Open RNT ticket and assign to DCO

For Test Deployment

Yes

No

No

Security Check passed?

Include:· Project Evaluation· Design Doc· Implementation Guide· Test evidence

Include:· Design

Review· Libraries


Service Requests


Deltek Costpoint Cloud

Standard Service Does Not Include

Creation, testing or modification of any customer specific

content including web services and extensions

Deltek Select Care

Provides customers with a single point of contact to work

with on any customer support.

This champion will be able to provide you with the extra level

of attention that is often required by larger enterprise

organizations


Costpoint Enterprise Cloud Quality of Service

A continual focus on security

Redundancy: Locally, DR250, Backups Nightly,

Weekly, Monthly

Robust monitoring and proactive threat management

!I/O bandwidth to the SAN

I/O

Application & 3RD party Patching & Upgrading

Storage built in

Robust, highly available, highly scalable environment

Deltek’s Costpoint SaaS offering is robust and provides an excellent quality of service


Building the Case for Cloud

Backup & Retention

Database Software

Operating System

Software

Malware &

Monitoring Software

Hardware

Manage VPN’s Maintain & Upgrade

Deltek Applications

Deltek Maintenance

& Support

Single Subscription

PriceIT Personnel

Quality of Service

Costpoint Cloud

Solution

Costpoint On

Premise Solution

Security &

Vulnerability Testing

Business Continuity

Planning

Opportunity Costs

One Time Migration

Costs

Network and SANIT Facilities


Thank you!


cp 73 enterprise scale in the cloud : introducing the ... · deltek engineering, dev ops, quality...

Documents