EOTSS Annual Report 2022: Enterprise Network, Core IT Infrastructure & Hosting

Along with strengthening the Commonwealth’s cybersecurity posture, EOTSS’ other main priority has been the deployment of a Standard Operating Environment (SOE) with a consistent technology architecture across the Executive Branch.  

Historically, IT infrastructure and services have been organized in the Commonwealth at the individual secretariat and agency level. The eight secretariats maintained their own strategic network objectives, deployed a disparate array of technology services and solutions, and hosted most business applications, systems, and infrastructure in aging, on-premises agency data centers or other state-owned facilities.  

This decentralized model presented numerous logistical challenges and security concerns for the enterprise – to say the least. Ultimately, these challenges and concerns drove the Baker-Polito Administration and the Legislature to create EOTSS as the ninth cabinet member in 2017. 

To achieve its goal of deploying a SOE with a consistent technology architecture, EOTSS made critical investments in the modernization of enterprise network and IT infrastructure and the migration of legacy applications and systems from state-run data centers to contemporary third-party hosting solutions – including cloud services.  

These investments set the Commonwealth on the path towards unified networking, infrastructure, and hosting standards that ensure resiliency, redundancy, and business applications availability. 

Below, please find highlights of recent network, core infrastructure, and hosting initiatives undertaken by EOTSS in the past two years.

To address the concerns and challenges of having different secretariat and agency networks scattered across the enterprise, EOTSS launched the One Network initiative in 2019.

One Network is a cross-secretariat program involving all Executive Branch state agencies aimed at folding all secretariats and agencies into a single core network operated by EOTSS. The core network serves as the foundation for all Commonwealth information services including e-mail, data center operations, network communications, business applications, and internet service.

The initial phase of the One Network initiative was completed from 2019-2020 and centered around two main objectives.

Read the text of the graphic.

These two objectives set the foundation for the recent redesign and build out of the Commonwealth's core network into contemporary, privately-managed data centers over the past 18 months – as well as for wide area network (WAN) optimization efforts and the long-term IP address strategy.  

2021 saw EOTSS achieve two additional One Network milestones.

Read the text of the graphic.

With this build-out and operation of the enterprise-wide One Network will lead to uniform, scalable, and secure connectivity across the enterprise for all agencies and customers. 

Over the past two years, EOTSS expanded its Enterprise Voice platform -- MassVoice, eliminating independently operated voice services, and moving towards cloud managed voice service for Executive Branch agencies. The “MassVoice Enterprise Solutions” are secure private-cloud Unified Communications services tailored exclusively to Massachusetts state and local government clients. 

The next generation of MassVoice will allow for a modern, feature-rich, common experience, whether employees are working in an agency location or remote. The connectivity provided will allow for complete business continuity to any location where needed, including seamless inbound and outbound calling, whether in normal operations or if the individual locations become isolated from the core environment.

Since 2018, the EOTSS Office of the Chief Technology Officer (CTO) and Operations and Service Management Division (OSMD) have been working with state agencies to aggressively decommission aging infrastructure and move computing operations to the cloud and EOTSS-approved hosting solutions to ensure resiliency, redundancy and business applications availability. 

The “Cloud First” Approach

EOTSS originally set legacy modernization in motion with a "cloud first" position where cloud hosting was to be considered before all other possible solutions. Cloud solutions could offer availability, scalability, and security above and beyond the existing on-premises options.   

In this first wave, there was an initial push to migrate older legacy applications and systems in dire need of maintenance and service to the commercial and government cloud. While these initial efforts were successful and services were well received by agencies, EOTSS learned that it needed to mature its internal processes before proceeding with future migrations.  The team regrouped and refined the planning process so that EOTSS would gain a better understanding of the agency business needs, priorities, and readiness ahead of migrations – as well as the associated financial impacts. 

Cloud Smart: Multi-Cloud/Hybrid-Cloud

In October of 2019, the EOTSS Secretary implemented a significant policy change for infrastructure hosting (Cloud, Services, Migration) and transitioned from "cloud first" with a single provider to a hybrid/multi-cloud hosting model.  

This “cloud smart” approach improved the process based on lessons learned from the “cloud first” wave of migrations. EOTSS prioritized up-front planning with the agency businesses and developed a workflow to determine which hosting platform provides the better option based on several considerations: need, priority, readiness, budget, delivery, management, and security. 

Today, EOTSS offers multiple cloud offerings and hosting solutions – Hybrid Cloud, On-premises, 3rd-Party Hosting, Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-service (SaaS). Agencies are now relying less on state-owned data centers and moving infrastructure to modern hosting environments and state-of-the-art facilities. 

Almost 400 applications and services have been migrated since 2017 under the cloud-first, hybrid cloud, and more-recent approved hosting solutions.

From FY21 to March of 2022, 88 business applications will have been successfully migrated to the cloud, including, but not limited to:

• HR/CMS 

• Commonwealth Information Warehouse (CIW) 

• DPH Mass Immunization Information System 

• DPH Electronic Disease Surveillance System 

• EOHHS Health Information Exchange 

• DDS Home and Community Services Information System 

Third-party Hosting Solutions

For instances in which cloud migrations are unattainable due to policy, financial limitations, or other circumstances, EOTSS works with agencies to secure on-premises hosting within a 3rd party colocation center. This approach provides the Commonwealth more opportunities and options for success in building out and maintaining resilient and available government services. 

Colocation delivers significant reductions in upfront capital costs while offering custom solutions, tailored security, uninterruptable power, and backup systems. 

While EOTSS assumed oversight of core IT and cybersecurity infrastructure and services, the management of the business application layer was preserved at the agency and secretariat level where there resides deep subject matter expertise and knowledge of an application’s role and impact with respect to daily operations.   

However, agencies are actively working with EOTSS on the enterprise Application Rationalization program – where SCIOs strategically identify their critical legacy application footprint and decide which should be kept, replaced, retired, or consolidated. Action items are prioritized over a three to five-year time horizon as part of the SCIO IT strategic planning process.  

Once prioritized, applications remaining in service are migrated to approved hosting options referenced in the above sections.  

Last year, the EOTSS Secretary and Commonwealth CIO issued an administrative directive on the Retirement of the Windows 7 Operating System (OS) and Server OS Modernization as part of the EOTSS SOE rollout. 

Retiring Windows 7

SCIOs have been collaborating with EOTSS to remove all Windows 7 devices from their respective secretariat’s fleet of computers and the core network. EOTSS, in partnership with the Executive Office for Administration and Finance (A&F), has provided a funding mechanism under the Modern Workplace Program (MWP) to upgrade existing devices to Windows 10 where possible and replace the remaining fleet with new devices.

To date 19,500 devices have been upgraded to Windows 10 through the MWP – with 6,115 Windows 7 devices retired since November 2021 alone.

Server OS Modernization

Similarly, secretariat IT organizations are working to modernize their remaining on-premises server fleet to ensure that they are no longer utilizing unsupported operating systems that no longer receive critical security patches from their manufacturers.

EOTSS is committed to implementing an enterprise-wide Azure Active Directory to consolidate numerous on-premises forests/domains into an enterprise forest within Azure – with Multi-Factor Authentication (MFA) enabled.  

The Azure Active Directory (AD) Identity Access Management (IAM) framework supports strategic and tactical goals of promoting government business and technical resiliency, offering enhanced citizen experiences, and enabling the state workforce with a modern and mobile technology platform in support of good government. 

To date, the efforts have focused on eliminating redundant and often competing technologies, and with the adoption of the Azure AD framework as the enterprise standard, the move to retire previous IAM platforms was prioritized. This program began in 2019 and will be completed with the full migration off the legacy system in 2022. There are four applications left to be migrated to the Azure platform as of the publication of this report. The implementation of the Azure AD framework is the cornerstone of our SOE that provides resiliency and accessibility of and to systems. 

The EOTSS Office of the CTO offers strategic guidance, project management, and support for application and system migrations. This organization also develops and maintains the enterprise architecture framework as part of the EOTSS SOE and advises the Contract Management Office on procurements and enterprise software licensing compliance. 

Enterprise Architecture Center of Excellence 

This group, under the office of the CTO, provides strategic oversite and guidance on enterprise programs and projects being implemented by our partner agencies and secretariats in the Executive Branch.  Services include (but are not limited to): 

• Provide technical subject matter expert (SME) review of vendor RFR submissions 

• Provide technical SME review for EOTSS standards and best practices 

• Guidance on migration and modernization of data center workloads to cloud 

• Partnership with EOTSS Office of Strategy Management (OSM) to provide technical guidance 

• Guidance on application upgrades, stabilization, and strategic direction 

Cloud Hosting Platform Architecture Model 2.0

The CTO and team continues to manage and evolve the enterprise standards as well as provide agencies technical consulting in cloud services, as well as ensuring compliance of these standards and technology implementations.  In summary, these services include but are not limited to: 

• Develop policies and procedures for secure cloud account access 

• Create flexible, secure, supportable least privileged permission model for delegated access to cloud accounts 

• Direct and manage cloud service engagements with agencies and cloud service providers 

• Provide technical expertise and oversight in cloud financial planning and operations 

EOTSS teams work at the direction of the Commonwealth CTO to maintain and support certain business applications across the enterprise. These efforts are spearheaded by the Enterprise Platform, Application Services, and Integration Services teams.

Enterprise Platform Team - Jira, OnBase, Rational & O365 

This team assists with project management workflows and setup, user access requests, training, support issues, licensing and contractual obligations, reporting and dashboard creation, and general application support for the Jira, OnBase, Rational, and MS Office 365 enterprise platforms.  

Among the Platform Team’s accomplishments over the past two years, the Platform Team was integral in the Jira cloud migration and implementation, increasing PowerBI utilization, and creating MS Teams sites and SharePoint communications sites for agency customers.

Enterprise Application Services – HR/CMS & CIW

This EOTSS team maintains and supports the Human Resources Compensation Management System (HR/CMS) and Commonwealth Information Warehouse (CIW) services for the Commonwealth.  

Human Resources Compensation Management System (HR/CMS)  

HR/CMS is the system that handles HR components such as position data, employee profiles, and evaluations, as well as time & labor functions like payroll, leave balances, timesheets, and tax information. The system is technically supported by EOTSS on behalf of the Comptroller’s Office and HRD.  

The EOTSS team works regularly on collective bargaining changes, federal/state tax mandates, quarterly critical patches, data maintenance, and environment sizing and cost. It supports over 2,000 Admin users and 90,000+ employees throughout the Commonwealth.  

Recent accomplishments include enrolling health and welfare benefits for MBTA retirees, upgrading to a simplified and more intuitive user interface, and implementing Azure AD for the 2,000 core application users. The team also facilitated changes tied to federal and state COVID-19 mandates, vaccination requirements, and new telework agreements. These are in addition to moving the on-premise hosting from our data center at MITC to the AWS Cloud.

The Commonwealth Information Warehouse (CIW) 

The CIW consolidates a subset of the financial, budgetary, human resources, payroll, and time reporting data maintained across separate systems by different Commonwealth agencies. The Application Services team ensures access to the integrated, common data in CIW that supports timely, well-informed business decisions to authorized users through a centralized and integrated repository. 

Recent accomplishments include the CIW static data migration to AWS Redshift, a new interface with AlertsMA in support of emergency employee notifications, and the deployment of a new CIW SharePoint Site for users.

Integration Services - MOVEit / Interchange, Mobius View & API Services 

The EOTSS Integration Services Team powers three valuable enterprise services: 

1. MOVEit/Interchange: Managed file transfer service 

2. Mobius View: Online report viewing, distribution, and print services  

3. API Services: API security and integration service supporting real-time application, mobile, and web access to enterprise services and data managed by Commonwealth agencies 

Move IT / Interchange

In June of 2020, EOTSS began the migration from the legacy Interchange file transfer system to MOVEit – a cloud-based, out-of-the-box file transfer technology providing security, efficiency, and usability improvements for agency users.   

To date, 90% of the MOVEit Phase 2 Migration has been completed involving 294 interfaces, 23 customers, and 63 business partners. 17TB of data has been transferred through more than 2.2 million file transfers using the new service. Phase 3 began in August 2021 and will be completed in the beginning of FY23 at which point Interchange will be decommissioned.   

Mobius View

Over the past year, more than 3,000 Commonwealth users took advantage of the Mobius View for viewing more than 1.2 million online reports. Additionally, over 12.6 million print jobs were processed for various agency customers.   

The system was migrated from the mainframe to the cloud in FY22 allowing for the decommissioning of the old legacy platform.  

API Services  

The Application Programming Interface (API) Team provides security and integration services supporting real-time application, mobile, and web access to enterprise services and data managed by Commonwealth agencies.   

They work on interfaces for more than 100 services. Their top three customers (outside of EOTSS managed applications and systems) include EOHHS, the Group Insurance Commission (GIC), and EOPSS.   

EOTSS is in the process of retiring the on-premise mainframe environment. One of the largest mainframe customer agencies (the RMV) was able to completely move off the legacy mainframe in 2020-2021, and EOTSS is working on a plan with EOHHS to retire the on-premise mainframe hosting of the MA-21 application next.

EOTSS remains committed to its enterprise goals of retiring old infrastructure and mainframes, moving out of state-owned data centers, and migrating applications and systems to approved hosting solutions as part of the Standard Operating Environment (SOE). 

Maintaining a SOE with a consistent, well-defined approach to budgeting, spending, technology architecture, service delivery and technical support provides for the greatest opportunity to ensure that Commonwealth systems remain available and secure for our agencies and constituents. 

For One Network, EOTSS plans to make further enhancements by building out the wide area network (WAN) and security services to account for and support increased resiliency, mobility, and remote management.  

Furthermore, EOTSS will continue to migrate Commonwealth systems from on premise data centers to the cloud and other approved 3rd-party hosting solutions.  Especially in today’s work environment, cloud services strengthen security services to support remote access to our systems from any location, further enabling the Commonwealth’s remote workforce.  

Lastly, EOTSS will work to finalize the Cloud Hosting Platform and Infrastructure Architecture Models for publication as part of the EOTSS Standard Operating Environment.