Cogito Cloud Test East - Knowledge Transfer
Cogito Epic on Azure Knowledge Transfer
Key Stakeholders for Cogito Admin and SQL DBA Knowledge Transfer
| Name | Organization |
|---|---|
| Jordan Lambert | Optum |
| Maria Snelgrove | Optum |
| Nicholas Hester | Optum |
| Lakshminarayanan, Venkatesan | Optum |
| John Brownlee | Optum |
| Chung Chau | Optum |
| Angelea Morris | Accenture |
| Laura Vaughn | Accenture |
| Michael Yimer | Accenture |
Knowledge Transfer Requirements
The following items were identified as requiring Knowledge Transfer to transition the in-scope environments to the Optum Cogito and SQL DBA teams for ongoing support:
Server Names and Corresponding Epic Groups
- Kuiper CloudTest URL: https://epiccloudtestkuiper.uhc.com/Kuiper/
- SystemPulse URL: https://epiccloudtestsystempulse.uhc.com/SystemPulse/Monitor.aspx
- Clarity Console URL: https://zwtwclree01.msnonprod.dsnonprod.uhc.com/ManagementConsole_TST/
- Caboodle Console URL (Also found in SlicerDicer Kuiper): Caboodle Console Automation Template
- Azure CloudTest Citrix Login: Citrix Workspace
Server Naming Conventions
3.4 Virtual Machine Naming Convention
To ensure consistency across all resources, it is important to follow a standard naming convention. A standardized format will allow for resources, such as virtual machines, to be easily identifiable.
VM Naming Convention
This standard naming convention will be used for naming hosts in Azure VMs:
-
Position 1: Hosting Platform
Z= AzureA= AWSG= GoogleO= Oracle Cloud- etc.
-
Position 2: Region
E= EastC= CentralW= West
-
Position 3: Environment
P= ProdN= Non-ProdD= DevR= Disaster RecoveryS= Shared
-
Position 4: OS Platform Type
W= WindowsL= Linux
-
Position 5: Purpose
AD= Active DirectoryEPS= Epic Print ServerKUI= KuiperBCA= etc.
-
Position 6: Instance Identifier
EE= Epic EastEW= Epic WestCL= Community Lead
-
Position 7: Series Number
- Starting at
001, incrementing as required.
- Starting at
Note: Server hostnames will vary from 13–15 characters depending on role and/or purpose.
Confirm Server Access & Corresponding Tools Required for Access
Vault Access
- HashiCorp Vault: https://vault.uhgcom
- Namespaces:
Aide-0085665(West)Aide-0085666(East)
- Used for:
- Static secrets
- Local admin passwords
- Msnonprod service accounts
- EMPs or ESMP passwords
- CloudTest infrastructure – ONLY Epic infrastructure in
msnonproddomain - Domain:
msnonprod.dsnonprod.uhc.com
CyberArk Access
- CyberArk Portal: https://cyberark.optum.com/PasswordVault/v10/logon
- Used for:
- View and copy service account passwords
- Domain-based secrets
- Note: Naming convention is incorrect in CyberArk.
Service accounts are in the
ms.ds.uhc.comdomain and will work for MPI build.
Now accessible from Cloud SAW
Cloud SAW Access
-
VMWare Horizon: Cloud SAW is the preferred way to RDP into Azure VMs
-
Request Access via Secure:
- Application: Secure Workbench
- Choose Create New ID to populate with Secondary ID
- If one does not exist, it will create a secondary ID for use
- Role:
Cloud SAW
-
Ensure elevated credentials are in the following AD groups:
Optum_National_Epic_COE_Cogito_DBA_PrimaryOptum_National_Epic_COE_Cogito_DBA_SecondaryOPTUM_SQLSERVER_DBA01APPWIN
-
Verify Access: https://adlookup.optum.com
Azure Access
- Ensure log in and access to Virtual Machine details located in the portal https://portal.azure.com
List of Deliverables
- Artifactory Cogito Folder:
repo1.uhc.com - Quick Reference Guide:
Optum_Epic on Azure Infrastructure - Quick Reference Guide.xlsx - Low-level Design Document:
Low-Level_Design_v1.0.docx - Deployment Plans:
Deployment Plan - Epic IP Address Allocation:
EPIC IP Address Allocation-100%CDO.xlsx - Network Architecture Diagram: `Optum - Network Diagrams Draft v2.6-updated2
Architecture & Business Continuity
- This section is applicable only for Production environments.
- Includes Disaster Recovery (DR) considerations and configuration for specific environments.
Application Configuration Details
- This section is applicable only for Production environments.
Monitoring
-
System Pulse has been configured to match on-prem Alert Definitions.
-
Users have been added to appropriate groups.
-
Please ensure:
- Your account has Administrator access
- ECSA alerting group members are up-to-date
- All appropriate alerts are configured
-
System Pulse URL: https://epiccloudtestsystempulse.uhc.com/SystemPulse/Monitor.aspx
-
SMTP Server:
mailo2.uhc.com
SOP for Admin Tasks
Common administrative tasks include:
- Add New Disk
- Expand Disk
- Upgrade SKU
- Add New Machine
- Start/Stop Server
Disk Expansion / New Disk
- Work with Cloud Operations to update the managed disk prior to Cogito Admin or SQL DBA configuration.
- Refer to:
Expand Disks Instructions.docx
Upgrade SKU
- Work with the Optum Infrastructure Team to update the SKU.
Checklist #229784 - Cogito Install Task List Cloud TST (West)
Task 1: Cogito Deployment Notes
First-Time Server Login Commands
-
Delete RPC Registry Key
Remove-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\RPC" -Force -Recurse -
Turn Off Firewall
Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled False -
DNS/A Record Registration
- Each Cogito VM must be registered with the service desk.
- Example of request form available.
-
Install .NET 3.5
- Map to:
\\epicfilesnp.uhc.com\technical\Epic_Azure\WindowsUpdate\sources\sxs - Copy to:
C:\sxs - Update alternate path in install to:
C:\sxs
- Map to:
-
SSL Listener Configuration (Run only if listener exists)
winrm delete winrm/config/listener?Address=*+Transport=HTTPS winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="[certificate name]"} winrm enumerate winrm/config/Listener Setspn –L [server name]
PowerShell Validation Tasks
Task 2.3.5 & 5.3.5: Enable High Performance Mode
Powercfg /list
Task 2.4.4 & 5.4.3: Create Filesystems
Get-WmiObject Win32_Volume | select Label,Name,BlockSize | sort -Property Label
Task 2.4.6 & 5.4.5: Verify Kernel-Only Memory Dump Is Enabled
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl" | Select-Object -Property DumpType
Task 2.4.7 & 5.4.6: Configure Windows TCP Parameters
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" | Select-Object KeepAliveTime, TcpTimedWaitDelay, MaxUserPort
-
First-time login commands:
-
Delete RPC Reg key:
Remove-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\RPC" -Force -Recurse -
Turn off firewall:
Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled False
-
-
DNS/A Record Registration: Each Cogito VM must be registered with the service desk.
-
Install .NET