Needs Assessment and Environment Relocation
About the Organization
This Washington, DC-based government agency has a staff of 30 and a five-member, non-partisan Board of Directors. The agency was experiencing the challenges of relying on hosting and IT solutions by another government agency. Rather than jump into a migration and independent solution, the agency requested a Needs Assessment better understand the areas of focus and steps necessary to upgrade to a new and more secure technological environment.
As a government agency dealing with sensitive data, the agency knew that security and employee-centric procedures were essential to a smooth transition. With IT being housed in by another government agency, this agency could not make the necessary upgrades and didn’t feel the desired service response in order to make their changes. In addition, the agency did not have the resources, expertise or bandwidth to recommend or implement a Microsoft Azure solution.
Using the Needs Assessment Process, Canalini executed three phases (Evaluation, Assessment and Recommendation). During the Evaluation Phase, Canalini analyzed the current environment, applications, compliance requirements, and best practices. With a focus in these, areas Canalini carefully considered the agency’s security requirements, regulatory compliance, high availability and disaster recovery needs, service level agreements, business criticality of applications, need priority regulatory compliance, and desired envisioned state goals.
During the Assessment Phase, Canalini conducted a Gap Analysis that identified deficits from the current to future environment including applications, network, operations and IT support. Canalini also reviewed the existing infrastructure owned by the agency and the future needs of the organization.
Following the Assessment Phase, Canalini developed and presented the agency with The Asset and Procedures Report, The IT Infrastructure and Operational Needs Assessment, Separation Recommendations and The Pain Point Priority List.
With clear reports and recommendations, the agency is moving forward with a precise plan to migrate to a new environment.
Physical Move with AD FS Deployment
About the Organization
This medical trade association has over 235 employees and a budget of over $50M+. They serve over 33,000 medical professionals throughout the country. As part of their modernization and upgrade, the association decided to move their offices from Arlington, Virginia to a brand-new location in Washington, DC.
With an aging technological infrastructure, tightening office move deadline and a massive membership base to serve, the association’s employees and volunteers employees needed immediate access throughout the upgrade and migration.
Canalini was requested to assess the current environment, make upgrade recommendations and execute a seamless migration during the organization’s office move.
The Canalini team started with the Discovery Phase by assessing the organization’s current environment including applications and / or cloud services that will leverage new SSO capabilities, on premises design meetings and whiteboard sessions, new Active Directory Federation Services (AD FS) design Visio, and new multi-factor authentication design Visio.
During the Configuration Phase, Canalini executed the Azure Active Directory Federation Services including deploying the Azure virtual networks, configuring network security groups, associating network security groups with Internal subnet and DMZ subnet, creating connections from cloud to on-premises, creating Azure storage accounts, creating availability sets, deploying virtual machines and domain controllers, configuring AD FS, deploying internal load balancer for AD FS servers, configuring DNS for AD FS service and web application proxy servers, deploying internet facing public load balancer, and securing Azure virtual network.
Canalini worked ahead of the scheduled move date to ensure that employees and members wouldn’t experience any disruptions on or before the schedule move date.
Prior to the transition day, Canalini crafted and orchestrated the communication strategy to provide explanation and instructions for the new interface. Canalini successfully migrated the client to their new environment prior to their expected move date to allow their team to focus on the mountain of boxes and physical files to put in place (unfortunately not everything went to the cloud!). The client
“Thanks for the welcome and for the great help you and your team gave us. Everything works well, indeed!”
Office 365 Migration and Training
About the Organization
This Alexandria, Virginia non-profit organization has been in business for over 70 years. With two lines of business and over 180 employees to serve, this organization has mountains of data and permission-based needs.
The organization requested Canalini for the migration of its servers to OneDrive and to ease the transition to a new platform, requested best practice and efficient training for Outlook2016 Skype for Business, and One Drive. As a non-profit organization, budget and timeliness was paramount.
Canalini worked with the organization’s internal staff to ensure a thorough discovery of the current environment, and hosted on-site white boarding sessions to ensure a full understanding the new architecture changes as well as the overall migration roadmap. A Canalini Solutions Architect was on-site through this critical phase.
During the configuration and implementation phase, a Canalini team member was on-site to work closely to deploy the various components of the new environment, including making preparations for the training classroom and scheduling. During this phase Canalini worked with the client to produce a comprehensive user acceptance testing plan, and then ensured all tests were validated and the client was comfortable with proceeding to the migrationphase. Canalini engineers worked on-site and remotely through this phase.
During the migration and training phase, the Canalini Corporate trainer worked with the client’s administrative staff first to ensure they were able to support end-users. The corporate trainer then delivered the three methods of training for end-users on-site for 1 week. As users attend the courses the client determined when the users would be cut over (at the completion of training or a later date). Canalini cut over the batch of users at night and was on-site the following day to augment the helpdesk for support calls.
Canalini successfully trained and transitioned the client’s 180 employees. Employees were able to first learn in the classroom and then go back to their desk and start applying their knowledge in Outlook2016. By provided training content that was tailored to their culture and best practices, employees learned exactly what they needed. The corporate trainer was also available on site for follow up questions and additional training following the initial offerings.
Back Up System Assessment and Modernization (Microsoft Azure)
About the Organization
This law firm has over 350 attorneys and 145 support staff across their four domestic offices including Colorado, New York, Los Angeles and Washington, DC.
With a backup system in disarray, the law firm was paying over $30,000 a month for 300 terabytes of storage. The system was clunky and managed by a system that made it impossible to see what they were paying for. It was taking days to back up files for their internal IT department. The CIO knew there had to be a better cost-effective and time-efficient way.
The CCG team worked behind the scenes to uncover the redundancies and bugs that were creating overcharging. Working in partnership with Microsoft, Canalini negotiated a freeze on billing until the issues were resolved. Canalini streamlined the backup process using Microsoft Azure to host the files in the cloud and increased security by modernizing the environment.
The back up process that used to take days now only takes a few hours. The $30,000 spent each month for the 300 terabytes of data was reduced to $8,000-10,000 a month for 90 terabytes. Canalini was able to reduce 70% of the file redundancy.
The law firm was thrilled with the savings and the uptick in efficiency.
Active Directory Security Risk Assessment and Remediation
About the Organization
This law firm is recognized as one of the largest law firms in Washington, DC with over 250 lawyers and a robust support team. With the approaching deadline of the ISO 27001 compliance requirements, the firm sought out Canalini to assess their current security risk within their environment and ensure its systems comply with the firm’s security policies and controls involving Active Directory Security Modernization.
As a highly respected law firm servicing high-profile clientele on sensitive issues in litigation, security and continuation of service was at the top of the law firm’s priority list. ISO 27001 compliance required heightened data security and safeguard protocols along with mandatory reporting if a data breach occurred. The firm was under a tight deadline and needed seamless execution for its clients and employees.
Using The CCG Process, the team started in the Discovery Phase by fully assessing the current environment. identifying potential threats, understanding key applications and building an implementation plan that successfully remedies the noted issues. Canalini also prioritized integral tasks ensure 27001 compliance.
Following the Discovery Phase Debrief Meeting with key points of contact, Canalini incorporated mutually agreed upon recommendations and remedies to develop an Implementation Plan with specific tasks and target completion dates.
The Implementation Plan consisted of four phases: Housekeeping, Modernization, Hardening and Close Out. Housekeeping involved assessment and clean-up of GPOs, permissions, stale users and computers; baseline security deployment with GPO; assessment and remediation of non-standard permissions on Domain partitions; enforce complex password policies with GPO and FGPP; and best practice implementation of domain time settings.
Modernization tasks included upgrading the ADFS Environment to 2016[ implementing protected user groups, SMB Signing, FGPP, Credential Guard; assessing on-premise applications for SaaS or PaaS options; deploying infrastructure components with respect to supporting a hybrid could environment; and assessing and federating non-AD integrated applications.
Hardening activities included assessing and converting service accounts to GMSA, disabling unsecure protocols (SMB v1, NTLM v1), implementing tier environment and authentication policy silos, implement Azure Privileged Identity Management, and implementing Microsoft SCM Templates for Domain Hardening.
During Project Close Out Canalini, presented findings and recommendations from the project and potential next steps.
The law firm was thrilled with their clear road map to compliance and requested Canalini to complete the Active Directory Security Modernization project.