On one fine Monday morning:'HOT - SSO is not working. What's happened?' Email came down like thunder from a senior executive. 'I will check and get back to you' - I replied and forwarded the message to our technical team. 'Everything was working fine on Friday when we left. Nothing seems to be different or changed at this point' - reply came back from a portal administrator. If nothing appears to have changed in the portal then what went wrong? Background:
The customer that I was working with had defined several success factors for corporate-wide Enterprise Portal deployment. One of the key drivers was to integrate somewhere around a few hundred applications with simplified SSO. The basic requirement was that the portal and most of the applications, which are accessed through the portal, will be protected by centralized authentication software. Every application should use a single authentication ticket generated by the portal.
Everything was ready for User Acceptance Testing to start on Monday. And then came that Monday and the rest is history. A few hours of investigation into the problem and we found the culprit. Over the weekend, the IT Security team went ahead with their scheduled upgrade on the test authentication server, which protects most of the backend applications. The portal uses its own authentication server and was not on the upgrade list. We were about to trigger the 'who to blame game' but instead we realized that there is a gap and we had an opportunity to improve.
Here are some of the gaps and challenges that we came across in the existing change control management.
Gaps:
- Traditional applications are meant for and operated in silos.
- Maintenance windows are well defined for a specific application, but not enough for integrated scenarios.
- Communication on any maintenance activity gets reported to a targeted audience.
- IT applications with their own change control board may not take into consideration any impact their change may have at a global level.
- Infrastructure and landscape information do not cover the global picture.
Challenges:
- Mis/Unalignment of customer requirements with support organization's processes.
- Lack of defined crossover roles and responsibilities for the support team in a global spectrum.
- Lack of alignment and prioritization between various software releases and business needs.
- Lack of clear understanding of the global impact of a local change.
Recommendations: We put together an 'Operational Workshop' to discuss and brainstorm these gaps and challenges. Below are some of the recommendations that helped improve the 'Global Change Control Management'.
Governance: Proper portal operational governance should be formed and should include members of infrastructure operations, support, portal administrators and representatives of business users. The operational governance should outline the operational charter, rules and policies, processes, and procedures. The governance team should be responsible for implementing, monitoring, and compliance as well.
Global Change Control Board (G-CCB): Members of CCB will represent Steering committee, Portal Project Management Office (PMO), Communication group, Infrastructure support team, Businesses, Development, and portal administrators. Main responsibility of G-CCB is to oversee IT changes going on at every level and understand the impact on the portal. Below are some details:
- Alignment of all IT changes
- Alignment of business needs with software release cycles
- Form a global communication channel
- Conduct regular CCB meetings
- Streamline testing and approval process.
Education: Create crossover roles and responsibilities and organizational metrics for an individual or a team to understand the role that they are playing in a global portal deployment and educate everyone on the term 'local change - global impact'.
Global landscape: Create a global infrastructure landscape database to combine all software components and applications that compliment and/or integrate with the portal. This should be detailed down to specific versions of related components.
Global maintenance schedule: Create a global calendar covering maintenance windows for all associated components to understand and communicate on uptime and downtime for the portal.
In the end, this is just the beginning to improve the portal operations and optimize the user experience. It is not possible to come up with a 'one size fits all' type of solution but the above experience may give you an idea of how you can tackle some of the challenges that Portals may bring in an ever changing IT organization.
