Integrity Data Hub (IDH)Overview PresentationJuly 26, 20181:00-2:00 PM EST

Webinar Administration/Ground Rules Session will be recorded and posted We will respond to questions on a preliminary basis Please hold question until the end – raise hand function Official responses will be posted to questions received via email Questions should be submitted electronically [email protected] All questions and official responses will be posted on theRFP webpage at:

Agenda To provide background information UI Integrity Center (the Center) Integrity Data Hub (IDH) project To review the IDH Request for Proposal Purpose Response requirements Solicit feedback/questions To review the Data Hub technical architecture3

UI Integrity Center In 2012, USDOL selected New York State Dept. of Labor(NYSDOL) to lead the development of the UI IntegrityCenter NYSDOL subsequently passed leadership responsibilities forthe Center to NASWA/CESER The Center is charged with developing: “innovative UI program strategies to reduce improper payments,prevent and detect fraud and recover any improper paymentsmade” (UIPL 28-12). Additional information about the Center

NASWA Data Hub Project TeamJim Van ErdenSr. Policy AdvisorEvan LittrellSt. Engagement PMRandy GillespieLou AnsaldiProject DirectorAmy SmithTrng. Academy PMSara Hall-PhillipsBev. Analytics PMITSC Technical Dir.James CotterData Hub PMJody McMillanCenter StaffUI SMEsLearning StrategistsInstructional DesignersDigital LibrariansBus. AnalystITSC Staff/ConsultantsMark FuiniBusiness AnalystsTechnical ArchitectsProgrammersDatabase AnalystsSr. Soln. Arch.5

Integrity Data Hub (IDH)

Expanding the Data Hub Future enhancements Filtering function Partial IP addresses Future capabilities Suspicious green-dot card accounts Fraud alerting Multi-state database Participation Engage all State Workforce Agencies Expanded use benefits all participants

Background Many states collecting information on suspicious actors IP addresses Email addresses/domains Emergent need to focus on prevalence of ID theft Build a repository to allow states to submit and retrieveinformation on suspicious actors Allow participation of states with varying levels of technologyand volume Minimize potential issues with data sharing Develop a foundation on which to achieve larger IDH vision

Data Hub OperationInitial/ContinuedClaimsID 1ID 1AddressID 1AddressPhoneAddressPhoneBk Acct RtgPhoneBk Acct RtgIP AddressBk Acct RtgIP Time StampEmailIP Time StampEmailStateEmailStateEff DateStateEff DateEff DateInactive DateInactive DateINTEGRITY CENTERMatchesAddressPhoneBk Acct RtgIP AddressEmailStateEff DatePROVIDECLAIMS DATASuspiciousActor DataID 1MMATCHMSSUSPICIOUSMATCHBinary CrossMatchSUBMIT SUSPICIOUS ACTOR DATALOOKUP/MATCH1. states submit information on suspicious actorsPilot states provide similar information initial/weekly claimsSystem compares claims data fields to suspicious actors to identify matches and sourceSystem highlights matches in report/outputSystem deletes states’ claims data after matchingBinary CrossMatch

Submit/Lookup Processes SAR accommodates different methods forcollecting data Manual Data entry Upload System-to-System Secure FTP (sFTP) Web service

Data Hub Key Functionality Submit Lookup Modify Reporting Administrative Analytical Administration User access/roles

Data Hub Documentation Participation agreement Not to be used to auto-block claims Specify SAR state administrator Fact sheet User guide Technical info and products SAR FTP and web service integration guides Clients Java client/.NET client Data transmission and security summary

Data Hub Status Data Hub Phase 1 is complete SAR launched Fall 2017 SAR data has been loaded into database (over 13,000 suspicious actors) Working with 26 states to integrate in UI systems and processes Data Hub Phase 2 initiatives SAR enhancements Ongoing security assessment/testing SAR application and database monitoring/optimization Expanded capabilities

Data Hub IPA MD NJDEWYNENH MAIn-ProcessCTWashington D.C.

IDH RFP Purpose To identifying industry partners to augment the Center projectteam in the ongoing development of Data Hub Phase 2capabilities The Center is seeking assistance in the following areas: Project Strategy/Management Data Architecture/Management Software Engineering/Development Database Architecture/Management IT Security ETL Management System Monitoring/Administration Program Analysis Requirements Development System Architecture15

RFP Structure/Process1 Award1 Award1 AwardMultiple Award16

Phase 2 RFP Elements Strategic Support Weekly project status meetingsPeriodic virtual/on-site meetings and working sessionsQuarterly strategic planning sessionsPreparing, reviewing and maintaining project plans and documents Development Environment Assessment Implementation Support Tools (emphasis on open-source) Processes and Methods Standards Project Governance

Phase 2 RFP Elements Business Analysis/Requirements Management Requirements gathering sessions Interviewing state end users and other stakeholders Use cases and design documentation Test plans and procedures Planning and coordinating testing Software Development Software engineering/development System architecture review/assessment Data architecture/management IT and data security System monitoring/administration Database architecture/management Extract/Transform/Load (ETL) management

RFP Structure/ProcessSpec RFQQuote(s)TaskOrder19

RFP TimelineProject ActivityTimelineData Hub RFP Webinar26 Jul 18Final Clarification Questions2 Aug 18Questions and Responses Posted9 Aug 18Proposals Due7 Sep 18Offeror PresentationsWeek of 17 Sep 18Best and Final Offer Pricing (optional)28 Sep 18Award (anticipated)12 Oct 1820

RFP Response (1 response per organization) Company Overview – 1 page Brief description of the company, products/services, sizeand Point of Contact (PoC) for communication Project Summary Citations – Up to 3 citations – 3pages total each citation Experience in providing strategic/technical support forprojects of similar content, size and scope to the Data Hub Include: summary, size/scope, initial/final budget, agency,agency PoC21

RFP Response (per SOW area) Technical/Management Approach – 10 pages per SOW area How will personnel from your organization be selected to provide selectedservices? How will you organize and manage providing strategic services? How will you ensure availability of key staff? What deliverables will you develop and/or maintain? Key Personnel Resumes – 3 resumes, 2 pages, per SOW area Provide three resumes (two pages maximum per resume) for key personnel tobe assigned to the project for each SOW area The same resume may be provided for multiple SOW areas Include: name, proposed labor category, percentage of time allocated to theData Hub project, and relevant work experience22

RFP Response Cost Complete cost template sections as appropriatePart A: Program Strategic Services – Firm Fixed-PriceProvide annual firm-fixed pricing for up to 30 hours per month for program strategic services.Base YearOption Yr. 1Option Yr. 2Option Yr. 3Total23

RFP ResponsePart B: Program Strategic Services – Firm Fixed-Price/Time & MaterialsProvide a firm fixed-price for conducting a comprehensive assessment and preparation of a detailed report providing recommendations forestablishing an independent, stand-alone distributed development environment within the Center. Also, please provide T&M pricing for the laborcategories listed to support implementation.Assessment Report and RecommendationsDeliverablePriceComprehensive assessment report and recommendationsImplementation SupportLabor CategoryEducation &ExperienceSr. Implementation SpecialistMS 5Implementation SpecialistBS 5, MSJr. Implementation SpecialistBS 2Base Yr.Labor RateOption Yr. 1Labor RateOption Yr. 2Labor RateOption Yr. 3Labor Rate24

RFP ResponsePart C: Requirements Development/Business Analysis Services – Firm Fixed-Price/Time & MaterialsProvide T&M hourly rates for the following labor categories for base period and all option periods. Please use a 3% escalation.Labor CategoryEducation &ExperienceSr. Business AnalystMS 5Business AnalystBS 5, MSJr. Business AnalystBS 2Base Yr.Labor RateOption Yr. 1Labor RateOption Yr. 2Labor RateOption Yr. 3Labor Rate25

RFP Response26

RFP Administrative Items and Guidance Confidentiality Mark all confidential information as such Format MS Word or Adobe Acrobat 8.5” x 11”, 12-point font, ½ inch margins, page numbers Questions Submit to: [email protected] Please put “RFP QUESTION” in the subject line RFP Responses Submit to: [email protected] Due: 5:00pm ET September 7, 201827

RFP Administrative Items and Guidance RFP Information Webinar recording Webinar presentation Questions andresponses Updates (as needed)28

Integrity Data Hub (IDH)Applications, Architecture &Technology Stack

IDH Applications SAR Portal Lookup & Submit SAR Records User Administration Reporting SAR Web Services Real-time Lookup and Submit SAR Records SAR FTP Processing Batch Lookup and Submit SAR Records SSO PortalSubmit - putting suspicious actor data into the system.Lookup - searching suspicious actor data.30

IDH Applications Java Programming Language Java Server Faces (JSF) Spring Framework CXF Web Services Web Service Clients31

IDH Architecture Key Features Open Source AWS Cloud Based Environment Flexibility, Availability, Scalability Redundancy - separate servers in different availabilityzones Platform tools allow small team to manage manyservers Security – Developed with NIST Based BestPractices Interface Channel Flexibility State Integration SFTP, Lookup File, Web Services32

Open Source Ecosystem33

IDH AWS Cloud Environment34

Apache Httpd – Web Server Handles Web Requests from the Internet SAR Portal Application Requests on urls protected by OpenAM policy agent Validates if the OpenAM security token exists with OpenAM and is valid SAR SSO Application Forward To Internal Load Balancers for Application Servers35

Apache Tomcat – Application Custom applications written in Java perform application levelprocessing1. SAR Portal2. SAR SSO Login3. SAR Web Service4. SAR FTP Service Open AM - SSO software runs on Tomcat36

Apache Cassandra – Database NOSQL Database DataStax Community Edition 3.0 Distributed Key-Value Store, Low Latency, Lookup By Key UseCases 4-Node Cluster (m4.2xlarge 8 vCPU 32GB RAM) High Availability - Cluster can still function if one node is not performing 2TB disk space per node (SSD, gp2) Currently 184 MB of data allocation per node Predictable Linear Scalability with Added Nodes37

Open AM - Single Sign On Open Source Configurable Application By Forge RockAdministration Console for Single Sign On (Tomcat)Configuration Store is Configured to Use Open DJAPIs Validate Users and Manage PasswordsPolicy Agent API for Request Validation LDAP Server for Open AM to store user configurationdedicated replicated Open DJ LDAP Servers User Store Replicated38

IDH AWS Cloud Environment Production 16 Servers (Web, App, DB, LDAP) Staging Same Topology as Production Facilitates Load Testing Available during core hours 7AM-7PM EST* Development SAR server and SAR SSO server39

IDH AWS Cloud Environment Activities By EnvironmentDEVNASWA Development Testing No PII DataSTAGINGNASWA ApplicationTesting Load TestingSTATES System Training FTP & WebServiceIntegration No PII DataPRODUCTIONNASWA Sys Admin App AdminSTATES App Users FTP Web Service PII Data40

IDH Redundancy – Web Tier Load Balancing SSO Web Servers SSO Login Application Servers SAR Web Servers SAR Core Application Servers LDAP Servers - Replication41

IDH Redundancy – Data Tier Cassandra cluster Replication factor of 2 Each piece of data isautomatically replicated42

IDH Redundancy – Data Tier One Node Is Down Data Still Available Tradeoff for Disk Space Replication Factor of 3Common to Increaseprobability ofAvailability Currently in oneRegion but acrossmultiple availabilityzones43

IDH Scalability - Application Horizontal Scaling Architectural foundation for expandability with loadbalancing Web servers Application servers Web services FTP processors can also be added Vertical Scaling Increase processing power and capability of servers44

IDH Scalability - Auto Scaling UI demand changes with changesin economics Nationwide peak times will vary Monitor server usage andautomatically deploy more serversto handle the load within minutes Servers can then automatically beshutdown when demand is lowersaving costs which saves capacity Scheduled or On aling/ec2/userguide/as-using-sqs-queue.html45

IDH Scalability - DataCassandra Ability to add nodes as throughput or storage needs increase Distributed key value storage allows linear scalability4 Nodes1000 Transaction/Sec8 Nodes2000 Transaction/Sec46

Security Data is encrypted in motion and at rest Extensive use of https internally and public facing traffic Encrypted AWS drives for the database cluster Captcha two factor SAR portal authentication Secure Data Channels SFTP using asymmetric encryption keys Soap 1.1 Secure Web Service using asymmetric encryption Security IV&V on going Continuous activity

IDH Architecture Summary AWS Cloud Based Scalable Architecture Secured through NIST best practices Extensive use of open source software Flexible state integration channels toaccommodate state level of technicalresources

Data Hub Phase 1 is complete SAR launched Fall 2017 SAR data has been loaded into database (over 13,000 suspicious actors) Working with 26 states to integrate in UI systems and processes Data Hub Phase 2 initiatives SAR enhancements Ongoing security assessment/testing SAR application and database monitoring .