SKS Hosting Project Charter 1. Problem Statement and Background SKS, Japan’s Home Entertainment inventory and sales transaction system, is currently running on outdated, end-of-life (EOL) infrastructure that is no longer supported. Past audit has identified that the above poses risk from both a security and vulnerability standpoint. The opportunity exists to move the current infrastructure hosting from the SPE APAC that does not have the requisite platform/infrastructure expertise, to SPE’s Chandler Data Center, internally supported by the Enterprise Infrastructure Services (EIS) Group. By doing so, three EOL components will be upgraded and the infrastructure will be centrally managed by EIS Group to provide improved support and platform availability. Additionally, as a result, existing Level 4 and 5 infrastructure vulnerabilities will be reduced by approximately 60%. 2. Objectives The primary objective is to move the SKS application to Chandler Data Center to have its infrastructure hosted and supported by SPE’s EIS group. Additional objectives are to: Use supported technology Improve security via reduced vulnerabilities (*Please see Appendix for additional information) Improve availability Leverage operational and cost efficiencies Lower the Total Cost of Ownership (TCO), including support and maintenance costs 3. Scope Set up and provision Non-Production and Production infrastructure Procurement of licenses Installation, configuration, and testing of SKS Application and middle-tier components (WebSphere [WAS]) Migration of all batch/cron jobs Functional and Performance Testing of Application and batch/cron jobs
9
Embed
Project Charter - Template - WikiLeaks · Web viewSKS Hosting Project Charter Problem Statement and Background SKS, Japan’s Home Entertainment inventory and sales transaction system,
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
SKS Hosting ProjectCharter
1. Problem Statement and BackgroundSKS, Japan’s Home Entertainment inventory and sales transaction system, is currently running on outdated, end-of-life (EOL) infrastructure that is no longer supported. Past audit has identified that the above poses risk from both a security and vulnerability standpoint. The opportunity exists to move the current infrastructure hosting from the SPE APAC that does not have the requisite platform/infrastructure expertise, to SPE’s Chandler Data Center, internally supported by the Enterprise Infrastructure Services (EIS) Group. By doing so, three EOL components will be upgraded and the infrastructure will be centrally managed by EIS Group to provide improved support and platform availability. Additionally, as a result, existing Level 4 and 5 infrastructure vulnerabilities will be reduced by approximately 60%.2. Objectives The primary objective is to move the SKS application to Chandler Data Center to have its infrastructure hosted and supported by SPE’s EIS group. Additional objectives are to:
Use supported technology Improve security via reduced vulnerabilities (*Please see Appendix for additional
information) Improve availability Leverage operational and cost efficiencies Lower the Total Cost of Ownership (TCO), including support and maintenance costs
3. Scope Set up and provision Non-Production and Production infrastructure Procurement of licenses Installation, configuration, and testing of SKS Application and middle-tier components
(WebSphere [WAS]) Migration of all batch/cron jobs Functional and Performance Testing of Application and batch/cron jobs Vulnerability Testing Deployment and Hypercare Decommissioning of old infrastructureOUT OF SCOPE Application or middle-ware upgrade Application or batch job enhancements Any security or vulnerability-related issues tied to application or middle-ware
4. Options/Alternatives Leave as is: Maintain infrastructure hosting with SPE APAC: Does not have the requisite
platform/infrastructure expertise and vulnerabilities will remain Replace/upgrade application: Not cost effective ($1.5M)
SKS Hosting Project Charter Version 1.0, 2/14/20145. Assumptions
Project will upgrade Operating System (Application, Reporting, and Database Servers), Database only
Greenlight will require inputs from Information Security on security handling (e.g., exceptions)
Current security/vulnerability metrics for the application will remain the same ORMC will continue to provide SKS application support
Meet with Information Security to obtain agreement and/or apply for necessary exceptions and approvals
Set up separate, isolated virtual environment (infrastructure and platform)
Vulnerabilities Production Deployment / Go-Live Delay Procurement of necessary licenses Schedule delays Engage Procurement as early as possible
Old version of software Vendor will not support software running on newer version of Operating System (WebSphere v5 on Solaris 10, which will not be supported by IBM)WAS v5.1 is incompatible with Java v 1.6 and has to run on Java version 1.4.2 to make it compatible
Accept risk
Communication/Language Challenges Schedule delays Establish robust communication plan and meeting schedule
Complex network landscape to determine firewall ports to be opened
Schedule Engage Networking Team to assist defining existing landscape and in timely resolution of requests
External Labor $32,000Software and Licenses $6,000+?Hardware $50,000TOTAL
9. StakeholdersThese are the individuals who have a positive or negative vested interest in the project. Stakeholders can be project team members and most likely would be a part of the project Steering Committee. For clear definition of Stakeholder roles, please see the attached Appendix page.
Version 1.0 Page 2 of 7
SKS Hosting Project Charter Version 1.0, 2/14/2014
Business Unit Stakeholders Title/Role
IT Stakeholders Title/RoleStephen Andujar CIOSim Choo Regional CIO, Asia PacificFerdinand Fattorini sVP, Enterprise Infrastructure Services (EIS)Kenneth Lee Executive Director, Global Technology Services (GTS)Tsuboi Katsuyuki Director, IT, Asia PacificAlexander Glass Manager, IT, Asia Pacific
10. Resource PlanIn this section please detail out the resource plan for this project. Is the project managed by the BRM organization and the development work is to be done by ADM? Is design and development work being done by a 3rd party Vendor?
Role Named Resource Responsible Organization Project Manager Laura Pastoriza SPEBRM, APAC Alexander Glass SPETechnical Director, APAC Tsuboi Katsuyuki SPETechnical Lead, ORMC Ashish Deopuria ORMCApplication Sys Admin Madhu Siddula, Konatham
11. Project BenefitsIf your project’s proposed budget is under $100,000, you do not need to complete the section below. Please list your project benefits by bullet point. If your project’s proposed budget is above $100,000, please complete the section below. This will assist with the Benefits Realization of your project.
Benefit Accountable Person Metric Tracking Time Frame
TrackingStart Date Report Source
Version 1.0 Page 3 of 7
SKS Hosting Project Charter Version 1.0, 2/14/2014
Security Improvements Reduced number of Vulnerabilities
WebInspect and Qualys Scans
Increased Data Center Availability Data Center Up time
Service-Now
Hosting Cost Savings Hosting Costs Removed
Current Infrastructure Hosting Costs
Improved Visibility via Centralized Change Management and Tracking IT Change Control
Service-Now
ANYTHING ELSE????
12. Required Signatures
Required SignaturesLine of Business CFOSignature Name Date
Architecture and EIS signatures are required prior to the Greenlighting Board and will be received as a result of the Plan Check Review. Executive Sponsor, Project Sponsor, Project Manager, and Sponsoring DCIO signatures will also need to be obtain prior to the Greenlighting Board. CIO signatures will be reeived as a result of being approved within the Greenlighting Board.
SKS Hosting Project Charter Version 1.0, 2/14/2014The purpose of this Project Charter is to define a business problem/opportunity. The information contained in this document is preliminary and by no means certain. Cost estimates and schedule dates are contingent upon findings discovered within the Inception and Elaboration Phases of the project. The total project cost is currently only an estimate and should be viewed as only an estimate. The anticipated benefits are subject to change as well but once defined may be tracked for benefits realization post go live.
13. Appendix
The following Appendix includes the security and vulnerability issues discovered during the Proof of Concept (POC) to have as reference for Information Security review for future handling.
Old version of softwareo WebSphere v5: IBM Only Supports WebSphere v5 on Solaris 9; we plan on running
WebSphere on Solaris 10, which will not be supported by IBMo Java: WAS v5.1 is incompatible with Java v 1.6 and has to run on Java version 1.4.2
to make it compatible Security Issues
o Hardcoded user ids/passwords in application and batch jobso Batch jobs use ftp, not sftpo Storage of Password in DB table not encrypted
Vulnerabilitieso *POC Server Level: o **POC App Level: Apache Expect Header Cross-Site Scriptingo ***Current SKS Production Environmento ****Summary Comparisono *****Future Plans post SKS Hosting Project
SKS Hosting Project Charter Version 1.0, 2/14/2014
**POC Application Level Report Summary:
Sr. # Vulnerability Severity Problem / QC
Ticket Remarks
Current ScanSR0044439 Issue Status
1 Apache Expect Header Cross-Site Scripting High PRB0060949 Must be fixed
2 Possibility Of Session Fixation Medium NA Should be fixed before moving into production.
3 Malicious HTTP Method Enabled Medium NA Should be fixed before moving into production.
4 SSL Cookie Not Used Medium NA Should be fixed.
5 Cross-Frame Scripting Medium NA Dangerous to steal click. Need to fix at earliest.
6 Information Leakage Low NA Should be fixed.7 Form Autocomplete Active Low NA Should be fixed in production
***Current SKS Production Report Summary:
Production SKS Japan (86 in total):Level 5 confirmed: 28 vulnerabilitiesLevel 4 confirmed: 58 vulnerabilities
****Summary Comparison: The decrease in vulnerabilities is caused by the following upgrades that were made to the POC environment. • Solaris 10 vs. Solaris 9.• Oracle 10g vs. Oracle 8i.• AIX Web Farm vs. Solaris database server• Java version 1.4.2 to make it compatible with WAS 5.1 vs. Java 1.2
*****Future Plans Post-SKS Hosting Project:Future plans are around upgrading/potential re-platforming after the SKS Hosting Move, which would be up to the business to make the decisions on future investments. See below for additional details:
• Future plans for SKS (e.g., replacement, retirement, re-platform): Java platform upgrade (Websphere upgrade or migration to other platform) Subsystem integration to SKS (IOS : Initial Order System)
Version 1.0 Page 6 of 7
SKS Hosting Project Charter Version 1.0, 2/14/2014 Reporting enhancement. (Tableau?) Job scheduler upgrade (JP1 upgrade for Windows 2012 platform or migration to other
scheduler)• Timeframe for that plan (e.g., in next 2 years, next 4, 8, etc.):
Java platform upgrade to be started after server relocation. Other timelines are unknown.