Labor Department Deputy CIO Dawn Leaf shares how the department's modernization of nine legacy units will support federal digital goals. (Rob Curtis/Staff)
A year ago, the Department of Labor completed a significant data center consolidation effort, and now it is putting final touches on the departmentwide rollout of a commercial cloud email service.
Next on tap is completing the perhaps Labor’s most ambitious IT modernization effort yet: the consolidation and modernization of nine legacy IT infrastructures supporting the department’s varied business units. When completed, the project will support federal digital government goals such as enterprise data analytics, mobile data applications, and offer Labor staff tools to enable greater productivity and efficiency.
Labor has requested $30 million in fiscal 2015 to launch the project. Dawn Leaf, the deputy CIO at Labor, said the project, which still awaits congressional funding approval, is vital to the department’s plans. The foundation for the digital platform includes bandwidth, integrated data and voice communications, video teleconferencing, wireless infrastructure, mobile device management, and secure logical and physical access. A key feature of the program is the Digital Government Integrated Platform (DGIP) that would be be used by all Labor agencies to build and deploy applications related to sharing data and mobile computing.
“We can sort of leapfrog and catch up on all those different agencies that maybe lag behind because they didn’t have the funding or support and get everybody caught up to the same place to build their apps,” Leaf said in a recent interview with Federal T
imes Editor Steve Watkins. Leaf, who has held IT executive positions at National Institute of Standards and Technology, Department of Commerce, the Smithsonian and the Patent and Trademark Office, also has as well as 20 years of experience in the private sector. She is playing an instrumental role in the program’s planning. Following are edited excerpts:
What are the biggest IT and data challenges that the Department of Labor faces, in your opinion?
All federal agencies — not just the Department of Labor — are going through what my old boss at NIST Pat Gallagher used to say was learning to fly a plane and building it at the same time. So we are transforming organizations, of course, because we are, as are most agencies are, consolidating our resources. We are adopting new technologies at the same time. And then culturally we are changing and adapting, not just within the IT department or group, but across Labor in terms of how we use technology. So that whole concept about open data and mobility — I think at all agencies, the staff wants to embrace those same capabilities that they use in their personal life for the work life — and that’s just a lot of change to absorb at the same time.
So what would be your top three priority projects then, in that context?
We are just finishing up the cloud email migration. We moved from nine different legacy email systems within Labor across our agencies to a single federal community cloud service provided commercially: the Microsoft 365 environment. That was huge in terms of giving our people the capability they most asked for in the 2011 listening tour, which is bigger mailboxes, better access to archives, which sounds like a simple thing, yet we figured out that, productivity-wise, it probably gives each of our 16,000 to 17,000 staff an extra two hours a month because they are not managing the mailboxes. So that is huge; it’s a big cost avoidance. They get 400 times as much storage as they had before. We went from 200 megabytes to about 50 gigabytes, and they also get the collaboration features.
Another one that is complementary is completing an overall network and security infrastructure assessment. I mentioned that we had nine separate legacy email systems, but also nine separate legacy infrastructures. In doing the network and security infrastructure assessment we are looking at how to fundamentally overhaul the overall Labor network and security infrastructure in 530 office locations throughout the U.S.
A challenge that Labor has is that most of our staff does not work in D.C.; they work out in the field. So right there, you’ve got more than 500 circuits that you have to look at and manage and watch and upgrade and increase the bandwidth on and ensure consistency. This is fundamental because we need secure, well-performing network services to support unified messaging, mobility and other priorities.
And then the third one is in the planning stage. It’s something we requested in the fiscal 2015 budget and is in the proposed budget, and we’ll see how that turns out. It’s a digital government integrated platform (DGIP). We basically developed that departmentwide with the goal of providing, as the name implies, a platform for our different agencies to build their applications. And that platform would include data management, data warehouse, data marts, the infrastructure layer, mobile device management, the unified messaging, geospatial information services — basically everything you need to build a mobile application and to do data analytics and to support open data. This is a huge undertaking, but a really important one. The reason why it’s such a great opportunity for Labor is we can sort of leapfrog and catch up on all those different agencies that maybe lag behind because they didn’t have the funding or support, and get all of our agencies and staff caught up to the same place to build their apps.
What are some real-life use cases from that that spring to mind?
We’ve not actually started building the DGIP yet because we have not received the 2015 budget – we’ve done some planning. We did complete a pilot of department-wide data analytics capability, installed that in our consolidated data center. I did not mention that before — consolidating Laborthe DOL into a single state-of-the-art commercially-hosted data center is also a major effort. Any new services, we’re building out there. We are doing mobile device management development pilots and preparation. We’re defining a target architecture, so that when we do get the funding we can right out of the gate work to put the platforms in place. We’ve piloted a customer service, customer relationship management package on an externally provided cloud platform. So all of those different pieces we are working on, defining the architecture and piloting and prototyping.
So you have a new consolidated data center. Will that support all of that, or is there going to be any off-site cloud infrastructure to help support that?
There are a lot of moving parts. The consolidated data center that we built out in 2013 has the new core network infrastructure, and the security architecture. When I said overhauling the network infrastructure, what I was referring to is that, again, we’ve had nine different infrastructures, different standards for things as simple as routers, firewalls, different infrastructure components. Some agencies had unified messaging, integrated voice response, some didn’t. We do not have wireless installed throughout our building; we do not have consistent desktop infrastructure, desktop virtualization. So what we are doing is taking a look at that and there is a natural tech refresh cycle for all of those things, so what you want to do is, as you do the tech refresh, make sure you target it.
What are your top priority projects in the cybersecurity area and specifically how does continuous diagnostics and mitigation (CDM) and identity, credential and access management (ICAM) fit into your program?
We incorporate it. Again, our security team is actually leading our whole identity access management project, which of course fits in tightly with mobile device management. Like every other federal agency, our goal is to improve what we have and to be compliant at the same time. I do not think there is anything Labor is doing unique in this area, so let me put it that way.
Where do you stand in terms of the CDM implementation at this point in terms of getting continuos diagnostics and mitigation tools in place?
Again, we have nine different infrastructures that we are working to consolidate. We are taking advantage of the DHS toolset. We are implementing continuous monitoring on an ongoing basis throughout the agencies that are managed out of the [Office of the Chief Information Officer] — we provide reporting. I do not think we are any further ahead or behind than any others on that. We have got a lot of work to do. If you are doing an infrastructure overhaul, then, by definition, you are also moving not just to implement the capabilities, but just something as simple as getting agents deployed to all the devices and making sure that they are updated and upgraded to the point where you can do that.
A lot of the modernization initiatives that you want to roll out in some ways necessarily have to tag along with the overhaul project itself.
They do. For instance, in terms of achieving cost reductions and cost avoidances associated with data center consolidation, there is a lag time. We can open a data center as we did, but it is not just the lag time in moving the systems and the data — you have contract constraints. You do not just automatically get rid of the old contractors that supported the old agency data centers; that takes time, and procurement in the federal government right now is a process that is fraught with additional increased, I would say, complexity in terms of the process. There are more protests. Everything takes longer.
Something that should be as simple as consolidating a help desk, which you do when you consolidate, is not simple because it may take years before you can actually effect that change and achieve the savings. You would not want to fail to utilize hardware, software and services that are already purchased and not fully get the value from those. It’s natural to look for price points and points at which you can then do something again as simple as an Adobe license consolidation. It’s not like building something out new where you can just set your project plan and go forward; you have got to deal with the old stuff at the same time.
What is the big vision for the department in terms of cloud services?
It really goes back to that project, the DGIP. I think it’s not just cloud services. Although all those models — software, platform, infrastructure as a service, commercial, federal, community and providing cloud services ourselves from a data center — are all valid. We’re also moving toward federal shared services. We’ve moved to the Treasury Department-supported HR Connect and WebTA systems this year. We went to a commercial cloud provider for acquisition management. So it’s really a matter of choosing those services and delivery models that best support our objectives and making sure to integrate them.
Is the data center consolidation completed now or is there more yet to do?
The data center is complete. We opened it on Memorial Day weekend in 2013, a little over a year ago. We met our [Office of Management and Budget] objectives to move three data centers out there. However, now what we have to do is — as the mission applications and the legacy applications evolve — go through the steps needed to move them there. We’re not doing a forklift model. An easy way to say you did a data consolidation is to move everything, right? We are, in fact, making sure that everything is virtualized. We’re making sure that agencies that ran on old platforms are not the most current in terms of patches, that we’re taking care of that before we move on. We are looking at opportunities to standardize on products and services — storage is a good example.
Under the old federated model, different agencies used different storage. We have quite a few projects in the backlog where agencies would like to move to the data center, and then when you go to examine it, they’re really not quite ready. Either they’re not on the most current database, or maybe there needs to be some work done to modify how they operate to work in zones for a development zone, quality assurance zone, production zone. We do all that upfront before we actually move the application to be supported there. Our goal is to have everything in the D.C. area run out of the facility and to free up all our data centers here in this building to recover the office space.
Where is the data center?
It is the ByteGrid hosted facility in Silver Spring, Maryland. The Labor data center is stood up in that facility. One of the reasons that we chose that is that the center had been stood up for the financial industry before. So what we needed in terms of power and improved power supply, improved ability to extend our own disaster recovery planning, security, all that was already there. And then of course, we’re working with a commercial provider to support the services there. Everything in D.C. will move to the ByteGrid Silver Spring facility. Just as a point – as we’ve got agencies and offices all over the U.S., we do have other data centers that over time we may consolidate in the Midwest and the West. We’re just starting basically in D.C.
Is there a goal in terms of what you might want to consolidate down to?
Not in terms of absolute numbers. You do it in a way that makes sense and when it makes sense logically, and consolidate when it makes sense. If an agency already has something externally hosted, you wouldn’t bring that inside to a government-consolidated data center. When it comes time to renew that service, you would analyze to determine whether it makes sense to move them to another commercially hosted site, to a federal shared service site, or to one of the Labor sites. The model is to complete this analysis each time you plan an investment—based on what the tech refresh cycle is.