bcgov / cloud-pathfinder Goto Github PK

We are engagnig with multiple ministries and stakeholders and we need a consistant way to keep track of touch points.

Related to Health, CAS, and RTB early adopters

Definition of done
Find a SaaS based CRM we can configure and use.

Describe the issue

• complete a corporate Privacy Impact Assessment (PIA) on the Dynamics platform for cloud
• PIA will cover the tool (Dynamics)
• PIA will not cover ministries' specific program/project use of Dynamics (ministries will have to do their own PIA on their program/project)

Which Sprint Priority is this issue related to?
The 'Milestone' should clearly list Sprint Priorities - which one is this issue related to?

Additional context
Add any other context, attachments or screenshots

Definition of done
Drafting complete, PIA reviewed (approval route TBD), PIA signed off and listed on the Personal Information Directory

Describe the issue
CAS requires storage

Additional context
Add any other context, attachments or screenshots

Definition of done
CAS team has a storage volume/endpoint in GCP.

Provisioning Plan Details:
CAS requests object storage in GCP Montreal

• 1TB quota (estimated) to house batch data dumps from Environment and Climate Change Canada to BC Climate Action Secretariat (historically bi-weekly, CR in progress to nightly)
• No PII in the data set (potentially business sensitive information only, per signed PIA#ENV19025/ENV26-2019)
• Zip file exports from the Single Window Reporting System (SWRS) containing xml data dumps plus attachments uploaded by citizens to SWRS (no filetype filter imposed by Canada)
• Standard Storage Class in GCP, retention managed by application code (no retention policy in cloud)
• Uniform bucket-level access (each service environment is isolated and cannot access another environment’s resources, but share the same bucket namespace)
• Bucket provisioning by restful application (api abstracting the cloud service)
• Bucket “environment” set provisioned per service: dev, test, prod, tools
• Bucket “service” names to match OCP namespace prefix: eg “wksv3k” service for “wksv3k-dev”, “wksv3k-test”, “wksv3k-prod”, “wksv3k-tools” namespaces
• Bucket “namespacing” by convention eg. “${service}.${environment}.gcp.gov.bc.ca”

Describe the issue
A clear and concise description of what you want to happen.

Which Sprint Priority is this issue related to?
The 'Milestone' should clearly list Sprint Priorities - which one is this issue related to?

Additional context
Add any other context, attachments or screenshots

Definition of done
Identify what will need to happen/be delivered for this to be completely done

Describe the issue

• Okta has been identified as a useful SaaS tool, this issue is a timeboxed activity around discovering it's value proposition

Which Sprint Priority is this issue related to?

Additional context

Definition of done

• one day of effort has been spent on discovering Okta
• slide or two describing: what problem(s) does it solve? how does it fit for bc gov? costs? demo if possible?

Describe the issue
The static visual model / diagram of the navigator needs to be transformed into an interactive tool via design and coding activities.

Which Sprint Priority is this issue related to?
Cloud Navigator

Additional context
Add any other context, attachments or screenshots

Definition of done
When a basic, interactive flow can be completed in the tool

Describe the issue
A development environment and deployment target for the web-based navigator tool

Which Sprint Priority is this issue related to?
Cloud Navigator

Additional context
Add any other context, attachments or screenshots

Definition of done
An envrionment and target where a "hello world" app can be built and deployed.

Describe the issue

• Torii has been identified as a useful SaaS tool, this issue is a timeboxed activity around discovering it's value proposition

Which Sprint Priority is this issue related to?
The 'Milestone' should clearly list Sprint Priorities - which one is this issue related to?

Additional context
Add any other context, attachments or screenshots

Definition of done

• one day of effort has been spent on discovering Torii
• slide or two describing: what problem(s) does it solve? how does it fit for bc gov? costs? demo if possible?

Here is a link to Justin Hewitt's docs:
https://docs.pathfinder.gov.bc.ca/s/boj0qcchpp5rkld1o0u0/ocio-cloud-pathfinder/d/boj46o4hpp5rkld1o11g/cloud-pathfinder-docs?currentPageId=bpbcdqumgo8985hct1mg

As part of the COVID19 response DSO has asked for a list of collaboration tools.

Will also work in conjunction with ES : Cindy Beaton has reached out wanting to help.

Work is currently roadmapped for the Next Generation Security Project for a scalable method of managing admin and provisioning accounts across multiple tools, platforms and providers.

This architecture create the picture for the collaboration with the next gen. sec team on that initiative.

Working assumptions:
Github id and active directory as MVP identity providers
Verified credentials a distributed trust multi factor
key cloak as authentication/authorization manager
DevHub as discoverability/ front door

As discussed please see the email below; please reach out to David Ell and discuss timelines for the project below to be able to use the Gov MS tenancy.

Please note, there is no PI and we’re looking at creating a dev and maybe test environments only. This is a proof concept.

It would be good to have the ability to gain access to the tenancy next week….
the required services listed out below, extracts from an email from Nick Nastic.

Here is the project background info:

1.  Project Sponsor: Martin Wright – ADM Health Sector Information, Analysis and Reporting
   

2.  Project Scope: Deliver Proof of Concept/Pilot with modern “Chat Bot” conversation interface to Health Ideas specifically for the pharmacy related data ; non-PII data only
   

3.  Project Systems Integrator: Deloitte ; Joyce Drohan – Deloitte Partner engaged
   

4.  Azure Resources required for Project:
   

Need a new Azure Subscription (easier and simpler from Shared services engagement) or a resource group within existing Azure Subscription with the following services enabled:
· Cognitive Services
· Storage Accounts
· Azure Bot Services
· Web App Services
· Application Insights
· QnA Maker API
· Cosmos DB
· Virtual Machines (with disk storage)
In addition to these services, accounts will need access to the Luis and QNA Maker cognitive service components.
5) Project timeline : ASAP
6) Azure procurement for Project: NONE ; Microsoft is willing to create a Azure Credit Offer specifically for this project and Azure consumption will be MSFT responsibility, amount estimated at $10k

Describe the issue
We should have a knowledge of how other jurisdictions have implemented tools to help provide guidance around cloud options before we build something for BC Gov.

Which Sprint Priority is this issue related to?
Cloud Navigator

Additional context
Add any other context, attachments or screenshots

Definition of done
A list of a couple or more similar tools with notes about each, and possible ways to leverage.

• Security contact to write it- done ( Ryan)
• Business owner for it it -done ( Rumon)

All tasks related to technically enabling Azure storage provisioning.

This epic covers all the task to technically enable a new Dynamics instance online.

Collaborate with google and delivery partner on appropriate org structure and provisioning plan
Provision storage for CAS

• Working with NCCS for the path forward.
  definition of done
• access to gov azure
• access to bcgov subscription

Here is the meta data we add to an openshift namespace:
In the background we use the GAL codes for the org structure, notably missing is the standard GL coding from iStore orders because we wanted to force the conversation of rolling up quota to the IMB level as a single "digital investment" instead of a chargeback.
Labels:
bus_org_code=CITZ
bus_org_unit_code=BCDEV
category=venture
environment=prod
mcio=CITZ-IM
miso=CITZ-IMBSPC
mpo=CITZ-IMBSPC
name=devhub
product=devhub
project_type=user
team=DevOps
Annotations:
openshift.io/description=The home and supporting services for the BC Government Developer program (developer.gov.bc.ca) (prod)
openshift.io/display-name=BC Developer Hub (prod)
product-lead=[email protected]
product-owner=[email protected]

Describe the issue
A first look at the cloud operational model.

Which Sprint Priority is this issue related to?

Additional context
This is one of the first steps in building the cloud technical roadmap.

Definition of done

Describe the issue
A cloud technical roadmap that we can work backwards from. This will necessarily include the operational model.

Which Sprint Priority is this issue related to?

Additional context

Definition of done
TBD

Describe the issue
We need to set up a relationship with the Google AR to get the right technical input into the Org creation and Project templates we will use for the POC.

Additional context

Definition of done

• Plenary call
• Follow up meeting scheduled

In order to test out the provisioning of Azure storage resources, we need a resource group in BC Gov Azure tenant.

This is a prerequisite to a number of tasks in coming sprints. For this current sprint, it's related to #4.

COS:

• We have a Azure resource group (RG) in non-production subscription
• We have the appropriate grants to be able to provision storage resources in the RG

Describe the issue

• Provide a document that highlights the best practices of MSFT against government requirements for adoption at OCIO or Ministry level

What is the value add to product/MVP?
-Security and the responsibility to citizen's data doesn't change if the data is in the cloud or not.
-Repeatable questions and answers that can be used by ministries to ensure security practices are in place.

Which Sprint Priority is this issue related to?
-sprint 8

Additional context
n/a

Definition of Done:

• Document showing comparison of items in cloud security schedule against one or more services in AWS and how they meet or not.
• Reviewed by one (or more) member of CP
• Reviewed by ISB management
• Submitted for approval to ISB management

There is a need to develop an easy-to-use tool for technical and non-technical project users to help explore and select appropriate categories of solutions for a given need. Specifically:

• choosing between on-prem COTS, SaaS, or custom developed solutions
• choosing between a set of technical cloud services

The concept is t create a web-based "wizard" / survey that users can navigate through easily and end up with some results suitable to their needs.

Describe the issue

• we will need a BC government organization in GCP in order to provision storage for the CAS team

Which Sprint Priority is this issue related to?

• 1. Create a Google presence

Additional context

Definition of done

• org has been created, org structure and provisioning plan identified, admin/owner roles established

Working with business units with acute deployment issues as a guide to what needs are to be met.

RTB - Ritch McKlay
CAS - Moral or Alec

once we have a good idea of needs we can look at the best target for the workload

Create the work flow diagram and high level architecture for provisioning a storage instance.

Assumptions:
Start with DevHub Login
Populate meta data to tag storage instance with billing/branch info
Leverage Azure service account
Provision storage via Azure API
Return endpoint and keys for access

**business need/pathfinder client (Epic) **

• maral needs a place to put her stuff
• task: provide endpoint
• prevent running out of space - long term, elastic/growing, infrequently accessed

**team technical de-risk (informational) **

• alec wants to do new fun fancy stuff
• how to integrate into existing app in a portable way, eg - does GCP support S3?
• how to integrate into pipeline
• how to segregate
• credential management (RBAC)
• choose 'tier'
  -distinct dev, test prod buckets, dynamically created
• migration between buckets

**cloud pathfinder enterprise need de-risking learning (issues) **

• how to pay? Marals pcard?
• set up "tenancy" / enterprise account?
• poc for cloud pathfinder to make repeatable/valuable for enterprise
• create bucket, hand over keys - provide endpoint to store stuff at lower cost to business
• we want to figure out:
• how to get metrics, costs, monitoring
• bill/cost analysis
• how to provision manually? portable automation?
• how to track owners/metadata
• quota
• access model
• provide storage bucket with an endpoint. no other services (transfer services)
• focus on access model and provisioning model
• lifecycle: config changes, decommissioning, backup

other considerations/things that need discovery

• do we need to automate this if it happens 3 times per year?
• provisioning storage instances should be automated, clusters not so much
• many unknowns, eg. adding new users?
• maral doesnt need anything fancy, alec sometimes creates fancy stuff, we will ride sidecar to make sure it is consumable by maral/next team, as button's contract might not be renewed.
• potential risk around orphaning, maral is aware, might have to put in budget for a $20k code with us fix

order of operations

1. business needs/technical team will do their homework first, address app dependencies.
2. provisioning is cloud pathfinder's homework,

Describe the issue
A clear and concise description of what you want to happen.

Which Sprint Priority is this issue related to?
The 'Milestone' should clearly list Sprint Priorities - which one is this issue related to?

Additional context
Add any other context, attachments or screenshots

Definition of done
Identify what will need to happen/be delivered for this to be completely done

Describe the issue
A clear and concise description of what you want to happen.

Which Sprint Priority is this issue related to?
The 'Milestone' should clearly list Sprint Priorities - which one is this issue related to?

Additional context
Add any other context, attachments or screenshots

Definition of done
Identify what will need to happen/be delivered for this to be completely done