Networks & Servers & Firewalls, Oh My!
CIT’s De La Torre and Team Make Mass Teleworking Safe, Seamless
The fact that more than 31,303 folks working at NIH—but not physically at NIH, due to Covid-19 “stay home, stay healthy” measures—can telework safely and almost seamlessly cannot be taken for granted.
Try to imagine thousands of moving parts, operating simultaneously, together, alone and in hundreds of small groupings. Servers, networks, firewalls, applications, users—all being called to perform at once. That’s the challenge that faced Victor De La Torre, director of the business application services division, and his team in CIT’s Office of IT Services Management Directorate earlier this year.
He was just a few months into his new position at NIH when the global pandemic began forcing employers large and small all over the country to adopt social-distancing measures and allow nearly universal remote access to work. NIH, which employs many thousands of people in all sorts of roles, was no different. Would the IT infrastructure withstand the new volume of logins? De La Torre and coworkers—responsible for getting folks, systems and software up and running at home safely—would be the first to find out.
“It’s pretty packed,” he said, describing his schedule of late. “Our team burned a lot of hours. I know there were times we had 2,000-something records, and there were times we had like, 3,000 to 4,000, and then there were days where it was just hundreds, and we would just go for it.”
Fortunately throughout his career, De La Torre has become accustomed to big asks. Before arriving at NIH, he worked as division chief for software development, for IT copyright liaison and for storage management at the Library of Congress. Prior to that, he was in the Department of Defense for 22-plus years on active duty as a medical service corps health IT officer.
Not long after he started here, De La Torre began to reorganize his group to improve efficiency and beef up capacity. Then Covid-19 struck.
“It was one of those things,” he lamented. “We had a lot of plans. We had our roadmap. I was almost done with the whole restructure. I was at the tail end and I had to put all that stuff on hold and start working on this.”
For several weeks, his team had been preparing to upgrade the agency’s global email list—the NIH Enterprise Directory (NED). In fact, the NED release 5.2 development test environments were nearly ready for their trial run. From Mar. 27 to 29, De La Torre and crew successfully tested and deployed the updated NED and trained the NED user advisory group.
In addition, the division led multiple teams for long hours over the past few months to plan, develop, test and establish checklists and coordinate emergency change requests as part of NIH’s Covid-19 response.
Some of his team’s other accomplishments include:
- Conducted bulk uploads for 17,000-plus additional staff for Virtual Private Network (VPN) access.
- Established both single-factor and multi-factor VPN technical processes, which improved cybersecurity and reduced risk.
- Generated an integrated report that provides VPN, personal identity verification (PIV) and badge status through NED, the active directory (AD) and the Division of Personnel Security and Access Control.
- Created a comprehensive report combining data from NED, nVision and AD so that institutes and centers know which staff have expiring badges and certifications.
- Generated daily ITAS data that the Office of Human Resources is required to report every day to HHS about the number of NIH employees teleworking.
- Generated a daily report that provides the total number of staff authorized for VPN, categorized according to group—federal employees, contractors, fellows, volunteers, tenants and guests, and showing increases by day.
- Established and coordinated an IT incident and problem management disaster-recovery work group to respond to service disruptions and security incidents and analyze root causes.
- Completed a script to revoke single-factor VPN for more than 2,450 staffers. This tool also improved cybersecurity by preventing hackers from accessing those accounts and the NIH network.
- Completed emergency NED bulk updates to give VPN access to several lists of staff including NIAID, CIT, IMOD, OCIO, NCI, NEI and many others, to support Covid-19 working groups.
In addition, De La Torre’s days (as well as some nights and into the wee hours of some mornings) are full of briefings with NIH, IC and CIT leaders about the status of IT systems. About 80 percent of the group’s work can be done remotely, but 20 percent—visiting a storage system or application server at a data center, for instance—requires on-site attention.
De La Torre remains enthused and optimistic despite the pressing demands of IT in the age of a coronavirus pandemic.
“We’re establishing a partner engagement process as well as a design branch and a program management office that is going to provide all of the governance, change management and joint application development,” he explained. “And then we have another branch that is going to be responsible for the integration and transition of all development security operations.”
In addition, a platform services unit will provide all the service-oriented architecture, a configuration management database as well as “Service Now Platform” to be able to respond to incidents, get root cause analysis and enable network vulnerability response, security incident management, asset management and orchestration.
“These services will enhance NIH’s ability to detect and resolve IT service disruptions and security incidents faster,” De La Torre concluded. “That’s why I’m restructuring our division to be able to support all of that better. Currently, it’s not the way a system development lifecycle is supposed to be…I think that going through all of this [Covid-19 detour] really helps us. I think we’re well prepared.”