XPAND - Imagination....Delivered

Influenza Reagent Resource (IRR)

Spacer
Technology
  • DotNetNuke
  • SQL Server
  • .NET Framework
  • IIS
  • Urchin 
  • Sub Version 
  • MS 2008

Business Needs

A U.S. Federal agency needed a secure, efficient, and reliable way for researchers, developers, and public health officials to access repositories of influenza viruses, test kits, and other reagents approved for laboratories. By improving the accessibility, it is expected that diagnostic tests, antiviral drugs and vaccines will be commercially available sooner. This will be extremely beneficial given the recent global outbreak of the H1N1 virus and the declaration by the World Health Organization as a swine flu pandemic.

In March 2009, XPAND Corporation was awarded a contract to design, develop, and host the website, a content management-enabled portal. It was expected that a production version of the website be operational within 90 days of the contract award.

Solution

Collaborating with our client, XPAND Corporation gathered both functional and technical requirements, and performed analysis using a modified Agile methodology with a strict configuration management process. Through this process, XPAND identified the following high-level requirements and critical success factors:

  1. Provide a highly-scalable, highly-available and highly-secure web portal enabling our client the ability to efficiently manage and update web contents in a timely manner
  2. Successfully pass the Certification and Accreditation audit process and to obtain Authority To Operate (ATO)
  3. Implement SSO for internal content management users through LDAP integration
  4. Integrate with existing e-Commerce platform that operates on a non-Microsoft platform
  5. Conform to Section 508 of the Rehabilitation Act
  6. Provide a highly reliable hosting infrastructure and 24/7/365 operational support center

Security and Certification and Accreditation Audit Process

The Federal Information Security Management Act (FISMA) mandates that all United States federal government agencies have their IT systems and infrastructure certified and accredited, a process known as Certification and Accreditation (C&A). This process is a manual audit of policies, procedures, controls, and contingency planning in order to safeguard the government's IT assets and data including:

  • Periodic risk assessments
  • Information security policies and procedures
  • An assessment of threats, including their likelihood and impact
  • Policies and procedures for detecting security vulnerabilities
  • Evaluation and periodic testing of how well security policies are working
  • An inventory of software and hardware assets
  • Security awareness training and expected rules of behavior for end-users
  • An evaluation of the technical, management, and operational security controls
  • Procedures for reporting and responding to security incidents
  • A process for addressing any deficiencies reported
  • Contingency plans to ensure continuity of operations in the face of a disaster

Scalability and High-Availability

The first step that XPAND took when the project was awarded was to choose a secure, reputable, and highly-available hosting facility. XPAND required that the hosting facility meet the following minimum capabilities:

  1. A tightly controlled and highly secured facility to prevent authorized access. This includes the physical access into the facility, controlled and monitored area, cage, and servers
  2. Power, cooling, and backup generator to support a "nominal-interruption" scenario in the event of a major power loss
  3. Support and monitoring to have a 99.9% uptime
  4. Network redundancy to mitigate risk of network outages, providing reliable, stable, and consistent connectivity
  5. Security auditing capability to track and monitor building, cage, and servers access

Cross-Platform Integration

Our client required XPAND to leverage existing e-Commerce servers for shopping cart functionality via Web Services as part of the technical solution. This involves working with the client to configure the J2EE platform to implement redundancy, ensure that the web services are highly-available, secure the network connection between the DotNetNuke application and web services, and define the change management process with our client to ensure that no code are inadvertently deployed without close coordination among the teams. This approach enabled XPAND to successfully integrate the DNN application with back-end e-Commerce server.

Privacy Policy Copyright © 2010, XPAND Corporation, All Rights Reserved. Disclaimer
Join us on Facebook
 		  Login