Data Center Services
Production Support
Enterprise SFTP
Providing the customer a single point of control to manage SFTP across the Johns Hopkins Enterprise
SFTP Request Form link
The Johns Hopkins Health Systems
And
The Johns Hopkins University
Service Level Provision
Prepared by; ETSO Data Center Services – Production Support
Date: 11/24/09
Table of Contents
1 TABLE OF CONTENTS ... 2
2 DATA CENTER SERVICES ... 3
3 ENTERPRISE SFTP ... 3 4 SUPPORT HOURS ... 4 5 CONTACTS ... 4 6 SFTP ENGINEERING SERVICES ... 5 7 ENTERPISE SFTP REQUESTS ... 5 8 ENTERPISE SFTP MONITORING ... 5 8.1 Priority Levels ... 6 8.2 Expectations ... 6
9 ROLES AND RESPONSIBILITES ... 6
9.1 Sftp Admin ... 6
9.2 Application Developer ... 7
10 FUNCTIONS AND PERMISSIONS ... 8
11 ATTACHMENTS ... 9
A SFTP Architecture ... 9
B Enterprise SFTP Request Form ... 10
IT@ Johns Hopkins’ primary focus is to support the missions of the Johns Hopkins Institutions.
We provide technology solutions for our faculty, staff, patients, and students in support of
2
Data Center Services
Data Center Services provides 24/7 operations of the Data Centers located on the Mt. Washington and East Baltimore campuses. These operations include:
• Timely processing of data and backups on the various platforms housed within the Data Centers • Production and delivery of printed and electronic reports
• Control of the production environment through change management • Physical security of the Data Centers
• Monitoring of the various platforms and network
• Management of supported problems reported through the Support Center (Help Desk). Data Center Services consists of four groups:
• Computer Operations - 24hr/365day organization that supports and monitors JHH and JHU systems and applications.
• Facilities – manages the data centers for Mt. Washington and East Baltimore.
• Production Support – bridges the processes and procedures between application development, technical support, and operational areas for application implementation management and support services.
3
Enterprise SFTP; Production Support
Production Support bridges the processes and procedures between application development, technical support, and operational areas for application implementation management and support services.
One of many support services offered by Production Support is Enterprise SFTP.
MoveIT-DMZ is a software solution that provides a mechanism to securely transfer data between external entities and internally networked Johns Hopkins departments. Sensitive data is transferred over secure
connections to the DMZ Server (JHSFTP01). MoveIT-DMZ incorporates a powerful module (MoveIT Central) which allows customized scripts to run on the DMZ Server and automate data transfer from within MoveIT-DMZ to a designated location safely behind the Hopkins Firewall.
Our goal is to provide the customer a single point of control to transfer files using SFTP processes across the Johns Hopkins Enterprise. With the use of MoveIT-DMZ, we provide our customers the ability to safely and securely distributes sensitive information across the Enterprise from a single point.
4 Support
Hours
Support Hours identify the level of support, support staff, and support hours.
Level of Support Support Staff Hours of Support Requirements Response
Time Production Incidents System Outages Special FTP Requests SFTP Admin Helpdesk Application Developer
24hr/365days a year ServiceCenter Incident Ticket 30 minutes Emergency Change Controls; Production Only SFTP Request Application Developer
24hr/365days a year Change Control Director Approval 30 minutes Test Incidents System Outages SFTP Admin Helpdesk Application Developer Normal Business Monday through Friday 8:30 to 16:00. ServiceCenter Incident Ticket 1 business day Job Requests Receipt and Processing
New SFTP Process Normal Business Monday through Friday 8:30 to 16:00. SFTP Request Form Change Control 5 business days
5 Contacts
Manager of Production Support Ned Fields
(410) 735-4014
efields@jhmi.edu
Production Support Midrange Analyst/SFTP Admin/ Chad Garrison
(410) 735-4269
cgarris@jhmi.edu
Production Support Midrange Analyst/SFTP Admin/ Jemyle Ringgold
(410) 735-4016
Jringo1@jhmi.edu
Production Support Midcrange Analyst/SFTP Admin/ Jim South
(410) 735-6956
jsouth@jhmi.edu
Helpdesk (410) 735-4357
6
SFTP Engineering Services
Production Support adheres to existing sftp techniques that have been proven to work and are currently used in existing production environments. The scheduler implements these techniques to the customer’s schedules as appropriate. Production Support, in collaboration with the customer, can develop new techniques to meet complex dependencies across multiple applications within the Johns Hopkins Enterprise. Some of these techniques include:
• Trigger Files
• EBCIDIC-ASCII Conversions • HTTP Uploads and Downloads • Custom Schedule
7
Enterprise SFTP Requests
Customers are required to fill out a “SFTP Request Form” on the web at
http://it.jhu.edu/restricted/etso/datacenterservices/forms/sftprequest.html to initiate the process for scheduling jobs within the Johns Hopkins Enterprise. All requests will be evaluated by the designated internal review group prior to being forwarded to Production Support. This ensures integrity, criticality, and priority of the request before moving forward.
Production Support requires 5 business days upon receipt of the Request Form.
Once Production Support has reviewed the request, the administrator contacts the customer to create a task in SFTP Sharepoint site. The administrator begins working with the customer to develop and test the sftp job. All information about testing and the outcome of the customer’s sftp job is documented within the SFTP
Sharepoint site.
Completion times for requests will vary, based on complexity, priority, and number of requests in the queue. Any additional lead time which can be provided for requests, would be beneficial to help meet requestor requirements.
8
Enterprise SFTP Monitoring
SFTP tasks are monitored by Production Support through the Central Admin Report Window. SFTP problems and error conditions are clearly visible. SFTP tasks have emails based on success or failure of a SFTP process. This makes the customer aware that they have a problem with SFTP process. SFTP addition and removal is the responsibility of the Production Support Systems Administrator. Once the Customer receives a failure email they should contact the Help Desk and open an incident in Service Center. SFTP alert Priority Levels are color coded. These views are defined below.
8.1 Priority Levels
8.2 Expectations
1) It is up to the customers to validate the creation of the source file(s) on their application server(s) to account for the delivery in a timely manner meeting the business needs.
2) The recipient are responsible for processing the file(s) once received from the Enterprise SFTP server. Any inconsistencies in reference to the file(s) arrival will be the responsibility of the customer to notify the originating application group.
3) The SFTP administrators can provide automated notifications via email on the successful/failure transmission of the file from the SFTP server. A recipient group is preferred for email
notifications.
4) The SFTP administrators will provide assistance to the application/system administrators for creation/exchange of fingerprints/Keys.
5) Issues identified with the SFTP server, must be reported to the helpdesk, and escalated to Production Support Midrange.
9
Roles and Responsibilities
The following describes the roles and responsibilities of key personnel for Enterprise Job Scheduling.
9.1
SFTP Admin
The SFTP Admin maintains and manages the jhsftp01 server.
• Define a host, such as ssh, ftp over ssl, windows shared drive or MoveIT-DMZ server. • Password and Public Key Authentication
• Creation of Service Accounts for access to Hopkins SFTP server • Configure Tasks
o Zip/unzip files
o Only retrieve new files o Only retrieve old files
o Only retrieve small or large files o Transfer available files in batches o Never overwrite existing files o Append to existing files
o Create outbound folders if they do not already exist
o Run simultaneously with many other tasks, even to different hosts o Ignore specified files or folders
o Delete, rename or move source files after a successful transfer o Run command-line applications against files
o Use macros to rename outbound files or select source files o Use macros to look for inbound files
o Kick off other tasks or send email notifications in response to reponses and failures o React to and/or parse “trigger files”
o Execute custom VBScript against any file • Monitor a task
o Running “debug log” with extensive debugging information o Display of active and inactive tasks
• Maintain and Enforce Standards. • Maintain Documentation.
• Statistical Reports and Charts.
• Respond to Production Incidents within 30 minutes.
• Communication between Source Contact and Destination Contact • Schedule Sftp task to specific schedule
9.2 Application
Developer
The Application Developer is responsible for creation of application programs/scripts. • Adhere to all Enterprise SFTP standards.
• Fill out the Enterprise SFTP Form as appropriate. • Create/Modify SFTP documentation.
10 Functions and Permissions
The following table details entitlements for each role within the Enterprise SFTP Environment. The only role that has Admin to the folders on the MoveIT-DMZ server is the SFTP Admin. All other roles have access granted through Jhsftp website https://jhsftp01.hosts.jhmi.edu/.
* [Key: F = Full Access; L = Limited Access; Y = Yes; N = No; P = Permission Based] Permission Based – access granted for account by account special circumstances; approved by the SFTP Admin.
Function SFTP
Admin AccountsService Application Developer
Enterprise SFTP Production Instance *Access Level F L L Admin Y N N Subs Y Y Y Notify Y P P List Y Y Y Read Y Y Y Write Y P P Delete Y P P