Session # 46

Federal Student Aid Technical Architecture Initiatives
Sandy England

Objective - Key Target State Vision Enablers
• Integrated Technical Architecture • Federal Student Aid Enterprise Portal • Enterprise Service Bus (ESB) • Security Architecture (SA) • Federal Student Aid Gateway

2

Target State Vision
Target State Vision
Students, Borrowers, Applicants Financial Partners Federal Agencies Service Providers

Customers & Partners

Schools

Department of Education

State Agencies

Integrated Technical Architecture

Portal / Gateway / Call Center Security Architecture Enterprise Service Bus Security Architecture

E nterprise Inform ation

Fin cial M an anagem ent

Integrate Partner d

Enterprise Ac cess

Co m S m on ervice s

Cam pus Based

for Borrow ers

M anage en m t

M anage en m t

A Dvanc e

S yste m

System

Enterprise Applications

Integrated Technical Architecture

Security Architecture Enterprise Service Bus

3

TSV Architecture Overview
• Integrated Technical Architecture, Portal, ESB, Security Architecture, Gateway and internal applications are integrated within the enterprise target state vision

4

Key Target State Vision Enablers
• Integrated Technical Architecture
• • • • Federal Student Aid Enterprise Portal Enterprise Service Bus (ESB) Security Architecture (SA) Federal Student Aid Gateway

5

What is Integrated Technical Architecture?
• • •

Common, shared, proven architecture using standardized tools, technology, and technical support services An effective technical architecture supports a business’ ability to deliver sufficient resources to users Provides strategic and economic benefits Standardized Methods • Methods, standards,  policies, and directives  for maintaining an  integrated environment • Structured approach to  evaluate/implement  changes into the  environment and support  problem resolution Product Specialist Support • Highly trained staff to  manage resources and  provide services • Manage daily operations,  controlled development  environment, maintain  software, and plan for  future requirements

Standardized Technology • Standardized configuration  Improved Access of hardware and software  platforms  • Standardized messaging  technology to support  communications across  varying hardware platforms,  projects and locations

6

Integrated Technical Architecture Benefits
• Leverage current investments and assets – Provides simplified, secure, and integrated access to Federal Student Aid services and resources – Facilitates an enterprise-wide perspective to planning, developing, and delivering IT application systems and services – Reduces hardware, software licensing, and support costs – Ability to share highly skilled product specialists among multiple teams

• Significant cost savings -

• Improved application performance – Architecture can be easily scaled to meet capacity and performance requirements

• Increase productivity and efficiency – Applications get “faster and smarter” by implementing best practices, common services, and lessons learned from previous projects

7

Integrated Technical Architecture
Students Schools Financial Partners Vendors Federal Student Aid Others

Public/Private Data Networks Firewall

Load Balancer Cisco ACE Oracle Web Servers IBM Internet HTTP (IHS) Application Layer Application Servers IBM WebSphere (WAS) Portal Servers IBM WebSphere Portal Customer Relationship Management Siebel Application

Supporting Technologies Web Content Management TeamSite, Portal WC M Search Engine Google Data Marts Microstrategy , WebFocus ETL Informatica

8

Product Selection Approach
Determine business and technical architecture requirements Research best practices and market research to determine industry leaders of products Investigate high-level functional and technical capabilities of each product to create a short list of vendors to evaluate

Create extensive set of criteria to evaluate the short list

Schedule technical briefings with each shortlist vendor

Evaluate technical capabilities of the products and ability to meet the evaluation criteria

Interview/talk with current customers that are using products to assess support quality, etc.

Conduct Technical Proofs of Concept to determine if products are technically compatible with existing architecture and meet requirements

Determine which products best fit by evaluating their ability to meet the detailed evaluation criteria and understanding their key differentiators

Provide product recommendation based on product’s ability to meet the key selection criteria.

9

Key Target State Vision Enablers
• Integrated Technical Architecture

• Federal Student Aid Enterprise Portal
• Enterprise Service Bus (ESB) • Security Architecture (SA) • Federal Student Aid Gateway

10

What is a Portal?
• • • An integrated and personalized access point to information, applications, and services Provides a single, secure, simplified, and personalized access point to business information Delivers integrated content and applications, within a unified, collaborative workplace Improved Access Simplified and standardized  Improved Access look and feel Customized information &  services to meet users needs Access content from multiple  sources Secure Information Integration • Expand portfolio of  online transactions • Increase self­services &  user self­sufficiency • Analyze "merged"  information Interaction • Improved internal use  of information • Secure data sharing  with external  organizations.

• • • •

11

Portal Benefits
• Leverage current investments and assets • Increase productivity and efficiency • Improve decision-making • Strengthen constituent goodwill and trust • Improved customer service and cost savings • Standard look and feel

12

Portal Framework
Students Schools Financial Partners Vendors FSA Others

Web/Intranet/Telephony
Security Architecture Portal(s)
Presentation Layer: Provides user interface for access channels, such as Web and Telephony Services Layer Personalization Search & Categorize Collaboration & Communication Task Mgmt. & Workflow Administration & Security

Content Management

Framework provides a taxonomy for describing portal capabilities

Business Information and System Services Integration Layer: Provides connectivity to enterprise information sources and services

Enterprise Service Bus (ESB) Enterprise Business System (s) Structured & Unstructured Data External Data Feeds

13

Key Target State Vision Enable
• Integrated Technical Architecture • Federal Student Aid Enterprise Portal

• Enterprise Service Bus (ESB)
• Security Architecture (SA) • Federal Student Aid Gateway

14

What is a Enterprise Service Bus?
• • • Architecture and an infrastructure that unifies and connects services, applications, and resources within a business Provides the open, standards-based connectivity infrastructure for a service oriented architecture (SOA) Provides communication between systems through shared services IT Benefits   • Quickly respond to changing  Improved Access business needs  • Leverage existing assets in  new ways  • Reduce software development  and maintenance cost  • Improve system security,  scalability, availability and  robustness  SOA Enabler • Promotes reuse • Foster  interoperability • Supports  incremental  implementation  Integration • Standardize  interfaces • Integrate with all  new and existing  applications • Leverages existing  Security  Architecture 

15

Enterprise Service Bus Benefits
• Provides the following Web services mediation capabilities – Centrally apply security (encryption, authentication, & authorization) by leveraging Security Architecture – Audit service requests/replies – Data transformation – Dynamic routing

• Invoke and reuse shared services across the enterprise – Business logic is accessible at an enterprise level, rather than just the application level

• Choreograph business flows across the enterprise • Standards-based - vendor neutral

16

Current State EAI
Students Schools Financial Partners Vendors Federal Student Aid ov’t Agency G Others

EAI Core Capabilities – – – – – – – – – Assured Message Delivery Location Transparency Platform Independence Protocol Independence Single Multi-platform API Data Transformation Context-based Routing Publish-Subscribe High-speed Bulk Transfers (> 100 MB)

Public/Private Data Networks

FTP HTTP

HTTP HTTP

HTTP

SAIG FAFSA
Messages/Files

eMPN

eCB

eZ-Audit
Messages/Files

Messages/Files Messages/Files

Messages/Files

EAI Infrastructure
Enterprise Application Integration (EAI)

Messages/Files

Messages/Files

Messages/Files

Messages/Files

Messages/Files

Messages/Files

Messages/Files

DLSS/ CSB NSLDS

CPS

PEPS

DataMart

FMS

COD

Current State Applications

17

Transition State ESB
Students Schools Financial Partners Vendors Federal Student Aid Gov’t Agency Others

Public/Private Data Networks
HTTP FTP HTTP HTTP HTTP HTTP TBD

Security Architecture

SAIG FAFSA
Messages /Files

eMPN eZ-Audit

eCB

HTTP

TBD

Portal

Gateway

Messages /Files Messages /Files

Messages /Files Service Service

Messages /Files

ESB Infrastructure
Enterprise Application Integration (EAI)
ESB/EAI Bridge

Security Architecture

Enterprise Service Bus (ESB)

Messages /Files

Messages /Files

Messages/Files

Messages/Files

Service

Service

Service

Service

Service

Service

Messages/Files

Messages /Files

Messages/Files

DLSS/ CSB NSLDS

CPS

PEPS

DataMart

IPM

CSB

FMS

Other

IF/SAHM

ADvance

FMS

COD
Target State Applications

Current State Applications

18

Target State ESB
Students Schools Financial Partners Vendors Federal Student Aid Gov’t Agency Others

ESB Technologies
IBM WebSphere DataPower IBM WebSphere Process Server IBM WebSphere Message Broker IBM WebSphere MQ

Public/Private Data Networks

HTTP

TBD

Security Architecture IBM WS RR
HTTP TBD

Metastorm Data Integrator

Portal
Service

Gateway
Service

Security Architecture

Enterprise Service Bus (ESB)

Service

Service

Service

Service

Service

Service

IPM

CSB

FMS

Other

IF/SAHM

ADvance

Target State Applications

19

Key Target State Vision Enablers
• Integrated Technical Architecture • Federal Student Aid Enterprise Portal • Enterprise Service Bus (ESB)

• Security Architecture (SA)
• Federal Student Aid Gateway

20

What is Security Architecture?
• • Provides a single, integrated authentication, and authorization framework Enables consistent Authentication, Authorization, and Accountability – Authentication: Who are you? – Authorization: What are you allowed to do? – Accountability: What did you do? Consistent Security  •Decrease security risks Improved Access •Improves maintainability  of systems •Offloads “ADHOC”  application security from  application teams Services –Single sign­on for  web applications –Simplified  registration/approval  processing –Delegated  administration Enterprise Security  Management –Consolidated security  views and reporting –Flexibility to  accommodate new or  redeployed systems –Lowers security  development and  operational costs

21

Security Architecture Benefits
• Provides consistent security services & configurations across Federal Student Aid systems – Decrease security risks – Improves maintainability of systems – Offloads ad-hoc application security from application teams

• Gives better service to our customers/partners – Simplified sign-on for web applications – Simplified registration/approval processing – Delegated administration

• Promote enterprise security management – Consolidated security views and reporting – Flexibility to accommodate new or redeployed systems – Lowers security development and operational costs

22

Security Architecture
FSA and Trading Partners FSA Target State Vision Systems
System Response FSA Users

Accrediting Agencies

Auditors

access management tools , identity management tools , enterprise policy repositories, enterprise user repositories , and other related security components

3
Access Management Lenders

FSA Security Architecture

Access

School Users

State & Federal Agencies

4 1 Integrated Partner Management 2
Audit

School Servicers

Enrollment

Identity Management

Guaranty Agencies

Other Users

Collection Agencies

Manages trading partner eligibility, enrollment, and oversight

23

Target State Security Architecture
Students Schools Financial Partners Vendors Federal Student Aid Others

Public/Private Data Networks

FSA Enterprise Bounary Demilitarized Zone

Protocol Firewall
Reverse Proxy Tivoli Access Manager WebSEAL

Domain Firewall

Authorization Database

Tivoli Access Manager Servers TAM Policy Server TAM Authorization Server Tivoli Directory Server

Portal Application Server(s) Portal Server(s) Service Portlets Authorization Database Federal Student Aid Applications

User Registry

Enterprise Zone TIM Server TIM User Registry SA RCS

COD

FMS

NSLDS

Other

IPM Application Servers
Roles Wizard Approval Workflow IPM DB

24

Key Target State Vision Enablers
• • • • Integrated Technical Architecture Federal Student Aid Enterprise Portal Enterprise Service Bus (ESB) Security Architecture (SA)

• Federal Student Aid Gateway

25

What is Gateway?
• • • It is part of an organization's technical architecture that facilitates the communication between internal applications and external systems Provides separation and security between the outside world and an internal network Acts as a proxy to broker requests between external partners and Federal Student Aid systems

Business Objectives • Standardizes external  Improved Access exchange of data through a  single, virtual, secure gateway  • Enables access to key  business services for the  external community • Right­time exchange of data  with trading partners

• • • •

Customer Benefits Simplifies trading partner data exchange Enables right-time data exchange Reduces the number of different data exchange formats Reduces effort required for integration within FSA

IT Considerations • Supports a wide range  of transport protocols  and industry data  formats • Improves visibility of  transaction workflows  with external partners • Web services will be used to facilitate data exchange

26

Gateway Benefits
• Creates an enterprise view of external interface information exchanged with Federal Student Aid • Enables centralized management of external interfaces • Provides the capability for an external partner to upload and download files • Provides a layer of security between Federal Student Aid and external partners • Creates well defined procedures for integrating with Federal Student Aid services • Validates and enforces the use of a standard data schema between systems and enables data consistency throughout data exchange process

27

Current State
• • • Multiple communication channels and entry points into Federal Student Aid are not centrally tracked or managed No real-time data interchanges Security architecture is not being leveraged
Sends and receives batch files via Student Aid Internet Gateway (SAIG)
Federal Student Aid School
Gateway (SAIG)
/ TP

Some External Partners

Other External Partners
N VP

EAI

F

FSA Systems (NSLDS, COD, CBS, etc…)

Email

Federal Agency

Lender

Ta pe

State Agency

Guaranty Agency, etc

Sends and receives data via other communication channels, e.g. FTP, Computer Tape

Guaranty Agency, etc.

28

Target State Gateway Solution
TSV Gateway solution will be a single communication channel between Federal Student Aid, external partners and external service providers
External Partners

External partners can send batch and real-time data transmissions. External partners can invoke exposed Federal Student Aid shared services via the gateway.
Federal Student Aid Security Architecture
Enterprise Service Bus (ESB)

School

Lender

Guaranty Agency

Gateway

Communication Layer Shared Service Shared Service

Applications

WS Interface

IRS, SSA, etc...
Service

WS Interface

External Service Providers
Service

Internal Federal Student Aid applications and services can invoke external web services via the gateway.

Other

29

Gateway Framework

30

Contact Information
I appreciate your feedback and comments. I can be reached at:
• Name:Sandy England • Phone:202-377-3537 • Email:Sandy.England@ed.gov

31

Questions?

32