Session # 46

Federal Student Aid

Technical Architecture
Initiatives

Sandy England
Objective - Key Target State
Vision Enablers

• Integrated Technical Architecture

• Federal Student Aid Enterprise Portal
• Enterprise Service Bus (ESB)
• Security Architecture (SA)
• Federal Student Aid Gateway

2
Target State Vision
Target State Vision
Students, Borrowers,
Financial Partners Federal Agencies Service Providers
Applicants

Customers &
Department of
Partners Schools State Agencies
Education

Portal / Gateway / Call Center

Integrated
Security Architecture
Technical
Architecture Enterprise Service Bus
Security Architecture

Enterprise Information
Financial Management
Integrated Partner
Enterprise Access

Common Services
Campus Based

for Borrowers
Management

Management

ADvance

System
System
Enterprise
Applications

Integrated Security Architecture

Technical Enterprise Service Bus
Architecture

3
TSV Architecture Overview
• Integrated Technical Architecture, Portal, ESB, Security Architecture,
Gateway and internal applications are integrated within the enterprise
target state vision

4
Key Target State Vision Enablers

• Integrated Technical Architecture

• Federal Student Aid Enterprise Portal
• Enterprise Service Bus (ESB)
• Security Architecture (SA)
• Federal Student Aid Gateway

5
What is Integrated Technical
Architecture?
• Common, shared, proven architecture using standardized tools, technology,
and technical support services
• An effective technical architecture supports a business’ ability to deliver
sufficient resources to users
• Provides strategic and economic benefits

Standardized Technology Standardized Methods Product Specialist Support

• Standardized configuration  • Methods, standards,  • Highly trained staff to 
Improved Access
of hardware and software  policies, and directives  manage resources and 
platforms  for maintaining an  provide services
• Standardized messaging  integrated environment
technology to support  • Structured approach to  • Manage daily operations, 
communications across  evaluate/implement  controlled development 
varying hardware platforms,  changes into the  environment, maintain 
projects and locations environment and support  software, and plan for 
problem resolution future requirements

6
Integrated Technical Architecture
Benefits
• Leverage current investments and assets -
– Provides simplified, secure, and integrated access to Federal Student Aid
services and resources
– Facilitates an enterprise-wide perspective to planning, developing, and
delivering IT application systems and services

• Significant cost savings -

– Reduces hardware, software licensing, and support costs
– Ability to share highly skilled product specialists among multiple teams

• Improved application performance -

– Architecture can be easily scaled to meet capacity and performance
requirements

• Increase productivity and efficiency -

– Applications get “faster and smarter” by implementing best practices,
common services, and lessons learned from previous projects

7
Integrated Technical Architecture
Students Schools Financial Partners Vendors Federal Student Aid Others

Public/Private Data Networks

Firewall

Load Balancer
Cisco ACE

Oracle Web Servers

IBM Internet HTTP (IHS)

Application Layer
Application Servers Portal Servers Customer Relationship Management
IBM WebSphere (WAS) IBM WebSphere Portal Siebel Application

Supporting Technologies

Web Content Management Search Engine Data Marts ETL

TeamSite, Portal WC M Google Microstrategy , WebFocus Informatica

8
Product Selection Approach
Determine business and
technical architecture
requirements
Create extensive set of
criteria to evaluate the
short list
Interview/talk with current
customers that are using
products to assess support
quality, etc.
Research best practices
and market research to
determine industry
leaders of products
Schedule technical
briefings with each
shortlist vendor
Conduct Technical Proofs of
Concept to determine if products
are technically compatible with
existing architecture and meet
requirements
Investigate high-level functional
and technical capabilities of
each product to create a short
list of vendors to evaluate
Evaluate technical capabilities of the
products and ability to meet the evaluation
criteria
Determine which products best
fit by evaluating their ability to
meet the detailed evaluation
criteria and understanding their
key differentiators
Provide product
recommendation based on
product’s ability to meet the
key selection criteria.
9
Key Target State Vision Enablers

• Integrated Technical Architecture

• Federal Student Aid Enterprise
Portal
• Enterprise Service Bus (ESB)
• Security Architecture (SA)
• Federal Student Aid Gateway

10
What is a Portal?
• An integrated and personalized access point to information, applications, and
services
• Provides a single, secure, simplified, and personalized access point to
business information
• Delivers integrated content and applications, within a unified, collaborative
workplace

Improved Access Integration Interaction

• Simplified and standardized  • Expand portfolio of  • Improved internal use 
Improved Access of information
look and feel online transactions
• Customized information &  • Secure data sharing 
• Increase self­services & 
services to meet users needs with external 
user self­sufficiency
• Access content from multiple  organizations.
• Analyze "merged" 
sources
information
• Secure Information

11
Portal Benefits
• Leverage current investments and assets
• Increase productivity and efficiency
• Improve decision-making
• Strengthen constituent goodwill and trust
• Improved customer service and cost savings
• Standard look and feel

12
Portal Framework
Students Schools Financial Partners Vendors FSA Others

Web/Intranet/Telephony
Security Architecture
Framework
Portal(s)
provides a
Presentation Layer: Provides user interface for access channels, such as Web and Telephony
taxonomy for
Services Layer describing
Personalization Search & Categorize Collaboration & Task Mgmt. & Workflow portal
Communication
Content Management Administration & Security capabilities
Business Information and System Services

Integration Layer: Provides connectivity to enterprise information sources and services

Enterprise Service Bus (ESB)

Enterprise Business System (s) Structured &

External Data Feeds
Unstructured Data

13
Key Target State Vision Enable

• Integrated Technical Architecture

• Federal Student Aid Enterprise Portal
• Enterprise Service Bus (ESB)
• Security Architecture (SA)
• Federal Student Aid Gateway

14
What is a Enterprise Service Bus?
• Architecture and an infrastructure that unifies and connects services,
applications, and resources within a business
• Provides the open, standards-based connectivity infrastructure for a service
oriented architecture (SOA)
• Provides communication between systems through shared services

IT Benefits   SOA Enabler Integration

• Quickly respond to changing  • Standardize 
Improved Access • Promotes reuse
business needs  interfaces
• Foster 
• Leverage existing assets in  interoperability • Integrate with all 
new ways  • Supports  new and existing 
• Reduce software development  incremental  applications
and maintenance cost  implementation 
• Improve system security,  • Leverages existing 
scalability, availability and  Security 
robustness  Architecture 

15
Enterprise Service Bus Benefits
• Provides the following Web services mediation
capabilities -
– Centrally apply security (encryption, authentication, & authorization) by
leveraging Security Architecture
– Audit service requests/replies
– Data transformation
– Dynamic routing

• Invoke and reuse shared services across the

enterprise -
– Business logic is accessible at an enterprise level, rather than just the
application level

• Choreograph business flows across the enterprise

• Standards-based - vendor neutral

16
Current State EAI
Students Schools Financial Partners Vendors Federal Student AidGov’t Agency Others
EAI Core Capabilities -
Public/Private Data Networks
– Assured Message Delivery
FTP HTTP HTTP
– Location Transparency
HTTP HTTP
– Platform Independence
SAIG eMPN eCB
– Protocol Independence
– Single Multi-platform API
FAFSA eZ-Audit

Messages/Files Messages/Files Messages/Files

– Data Transformation
Messages/Files Messages/Files – Context-based Routing
EAI Infrastructure
Enterprise Application Integration (EAI)
– Publish-Subscribe
– High-speed Bulk Transfers
Messages/Files Messages/Files Messages/Files Messages/Files (> 100 MB)
Messages/Files Messages/Files Messages/Files

DLSS/
CPS PEPS DataMart
CSB

NSLDS FMS COD

Current State Applications

17
Transition State ESB
Students Schools Financial Partners Vendors Federal Student Aid Gov’t Agency Others

Public/Private Data Networks

HTTP TBD

FTP HTTP HTTP

HTTP HTTP
Security Architecture

HTTP TBD
SAIG eMPN eCB

Portal Gateway
FAFSA eZ-Audit

Messages /Files Messages /Files Messages /Files

Service Service
Messages /Files Messages /Files

ESB Infrastructure
Security Architecture
Enterprise Application Integration (EAI) ESB/EAI Bridge Enterprise Service Bus (ESB)

Messages /Files Messages /Files Messages/Files Messages/Files

Service Service Service Service Service Service
Messages/Files Messages /Files Messages/Files

DLSS/
CPS PEPS DataMart IPM CSB FMS Other IF/SAHM ADvance
CSB

NSLDS FMS COD

Current State Applications Target State Applications

18
Target State ESB
Students Schools Financial Partners Vendors Federal Student Aid Gov’t Agency Others
ESB Technologies
Public/Private Data Networks IBM
IBM IBM
WebSphere
WebSphere WebSphere
Process
DataPower MQ
HTTP TBD Server

IBM
Security Architecture Metastorm
WebSphere
IBM WS RR Data
Message
Integrator
Broker
HTTP TBD

Portal Gateway

Service Service

Security Architecture

Enterprise Service Bus (ESB)

Service Service Service Service Service Service

IPM CSB FMS Other IF/SAHM ADvance

Target State Applications

19
Key Target State Vision Enablers

• Integrated Technical Architecture

• Federal Student Aid Enterprise Portal
• Enterprise Service Bus (ESB)
• Security Architecture (SA)
• Federal Student Aid Gateway

20
What is Security Architecture?
• Provides a single, integrated authentication, and authorization framework
• Enables consistent Authentication, Authorization, and Accountability
– Authentication: Who are you?
– Authorization: What are you allowed to do?
– Accountability: What did you do?

Consistent Security  Services Enterprise Security 

–Single sign­on for  Management
•Decrease security risks
Improved Access web applications –Consolidated security 
•Improves maintainability 
views and reporting
of systems –Simplified 
•Offloads “ADHOC”  registration/approval  –Flexibility to 
application security from  processing accommodate new or 
application teams redeployed systems
–Delegated 
administration –Lowers security 
development and 
operational costs

21
Security Architecture Benefits
• Provides consistent security services & configurations
across Federal Student Aid systems -
– Decrease security risks
– Improves maintainability of systems
– Offloads ad-hoc application security from application teams
• Gives better service to our customers/partners -
– Simplified sign-on for web applications
– Simplified registration/approval processing
– Delegated administration
• Promote enterprise security management -
– Consolidated security views and reporting
– Flexibility to accommodate new or redeployed systems
– Lowers security development and operational costs

22
Security Architecture
FSA and Trading
Partners FSA Target
State Vision
Systems

System Response

FSA Users

access management tools , identity

management tools , enterprise policy
repositories, enterprise user repositories ,
Auditors and other related security components
Accrediting
Agencies 3
FSA Security
Access Management Access
Architecture
Lenders

State & Federal 4

School Users Agencies Integrated
Partner Audit
1 Management 2
School Servicers Enrollment Identity Management

Guaranty
Other Users
Agencies

Collection
Agencies
Manages trading partner
eligibility, enrollment,
and oversight

23
Target State Security Architecture
Students Schools Financial Partners Vendors Federal Student Aid Others

Public/Private Data Networks

Protocol Firewall
FSA
Enterprise
Bounary Reverse Proxy
Demilitarized Zone Tivoli Access Manager WebSEAL

Domain Firewall

Tivoli Access Manager Servers Portal Application Server(s)

Authorization
TAM Policy Server Portal Server(s)
Database
TAM Authorization Server Service Portlets Authorization
Database
User Registry
Tivoli Directory Server
Federal Student Aid Applications

Enterprise Zone COD FMS NSLDS Other

TIM Server IPM Application Servers

TIM User SA RCS Roles Wizard

Registry
IPM DB
Approval Workflow

24
Key Target State Vision Enablers

• Integrated Technical Architecture

• Federal Student Aid Enterprise Portal
• Enterprise Service Bus (ESB)
• Security Architecture (SA)
• Federal Student Aid Gateway

25
What is Gateway?
• It is part of an organization's technical architecture that facilitates the
communication between internal applications and external systems
• Provides separation and security between the outside world and an internal
network
• Acts as a proxy to broker requests between external partners and Federal Student
Aid systems

Business Objectives Customer Benefits IT Considerations

• Standardizes external  • Simplifies trading partner • Supports a wide range 
Improved Access
exchange of data through a  data exchange of transport protocols 
single, virtual, secure gateway  • Enables right-time data and industry data 
• Enables access to key  exchange formats
business services for the  • Reduces the number of • Improves visibility of 
external community different data exchange transaction workflows 
• Right­time exchange of data  formats with external partners
with trading partners • Reduces effort required for • Web services will be
integration within FSA used to facilitate data
exchange

26
Gateway Benefits
• Creates an enterprise view of external interface
information exchanged with Federal Student Aid
• Enables centralized management of external interfaces
• Provides the capability for an external partner to
upload and download files
• Provides a layer of security between Federal Student
Aid and external partners
• Creates well defined procedures for integrating with
Federal Student Aid services
• Validates and enforces the use of a standard data
schema between systems and enables data consistency
throughout data exchange process

27
Current State
• Multiple communication channels and entry points into Federal Student Aid are
not centrally tracked or managed
• No real-time data interchanges
• Security architecture is not being leveraged

Sends and receives batch files via Student Aid Internet

Some External Other External
Partners Gateway (SAIG) Partners

Federal Student Aid

N
/ VP
School F TP Federal
EAI FSA Systems
Email Agency
Gateway (NSLDS, COD,
(SAIG) CBS, etc…)
Ta
pe
Lender State
Agency

Guaranty Sends and receives data via other communication

Agency, etc channels, e.g. FTP, Computer Tape Guaranty
Agency, etc.

28
Target State Gateway Solution
TSV Gateway solution will be a single communication channel between
Federal Student Aid, external partners and external service providers
External Partners External partners can send batch and real-time data
transmissions.

School External partners can invoke exposed Federal Student Aid

shared services via the gateway.

Lender
Federal Student Aid

Security Architecture
Enterprise Service Bus (ESB)
Guaranty
Agency Gateway Communication Layer Applications

Shared Shared
External Service Service Service
Providers
WS Interface
Service

IRS, SSA,
etc...
WS Interface

Internal Federal Student Aid applications and services can

Service

invoke external web services via the gateway.

Other

29
Gateway Framework

30
Contact Information
I appreciate your feedback and
comments. I can be reached at:

• Name:Sandy England
• Phone:202-377-3537
• Email:Sandy.England@ed.gov

31
Questions?

32