Office 365 (O365) Migration - (and related Agency IT initiatives) Jeff Simpson Code 600 IT Manager Email
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Office 365 (O365) Migration
(and related Agency IT initiatives)
Jeff Simpson
Code 600 IT Manager
Email: Jeffrey.M.Simpson@nasa.gov
Computational and Information Sciences and Technology Office (CISTO)Agenda
1. OCIO memo/policy on Unauthorized Devices (UD)
2. PIV-M
3. Agency VPN
4. O365 Migration
5. Q&A
2Policy on Unauthorized Devices (UD) – What Is it?
• Signed April 16th, 2018 by Agency CIO
– Link available at end of this presentation
• Stipulates that only authorized devices* can connect to non-
public NASA network or service (including NASA email)
– Unauthorized devices including personal devices cannot
be used on NASA networks/services
• Authorized devices (computers, cell phones, tablets) are only
those that are documented in an IT Security Plan with an
approved Authorization to Operate (ATO)
– *Personal cell phone/tablets can be used if register via MDM
3Policy on Unauthorized Devices (UD) – What To Do
• Implementation being conducted in three phases
– Phase 1 specifies migration to O365, use of MDM and
related controls
• Only authorized computers allowed to access NASA
email/calendar services, VPN use will be required
when not on a NASA network, and use of PIV for two
factor authentication.
– This is both for Outlook and OWA (Outlook Web
Access)
– Phases 2&3 specifies access controls for partner devices
(not O365 specific)
4PIV-M – What is it?
• Personal Identity Verification (PIV) - Mandatory (M)
• Use of PIV cards to log into computer systems are specified in:
– Homeland Security Presidential Directive-12 (HSPD-12)
– Federal Information Security Modernization Act (FISMA)
– and other Federal and NASA directives and standards
• Provides two-factor authentication for user account login to computer systems and
services (non-public)
– Two-factor authentication for account login combines something that a user
physically has (e.g. PIV card) with something that a user knows (e.g. PIN)
– Two-factor authentication is replacing password-based (single-factor) authentication
• Password-based authentication much more easily compromised
• For more information about PIV visit:
https://inside.nasa.gov/ocio/piv
5PIV-M – What to do?
• PIV-M was mandated by NASA to be implemented by December 31, 2018
– Implementation status on all GSFC computers:
• Windows PC near 100% complete
• Apple Mac approximately 65% complete
• Linux computers approximately ~30% complete
• If the computer you use to access NASA email is not “PIV’ed”, ensure it is
implemented NOW
– To do so, contact your system administrator for assistance with PIV implementation
• Consequences for not implementing PIV is the ultimate loss of access to NASA email,
other Agency/Center resources and computer access when network blocks follow
• Exceptions can be granted on a very limited basis upon OCIO approval
6Agency VPN – What is it?
• VPN (Virtual Private Network)
– Provides authenticated remote access to NASA networks and non-public NASA
services
• Cisco AnyConnect - the new Agency VPN
– Centralized VPN solution that all centers must transition to
– Required for access to O365 NASA email when working off-site or from home
– It also addresses the enforcement of NASA policy
• UD policy and authorized devices
• PIV enabled for two-factor authentication
– User support provided by Agency Service Desk (ESD Help Desk)
• Juniper Pulse Secure – GSFC’s VPN is in the process of decommissioned
Related Information:
https://nics.larc.nasa.gov/vpn/index.html
7Agency VPN – What to do?
• Users who need to work offsite are expected to
begin using the Agency VPN (Cisco AnyConnect)
immediately.
• Submit an idMax (NAMS) request titled:
– Agency VPN GSFC Teleworker - Add (IT Asset)
• Please contact your System Administrator for
assistance with migrating to the Agency VPN.
8Office 365 (O365) Migration Schedule
• Full GSFC 0365 deployment will occur March 18 - 22, 2019
– Includes Greenbelt, GISS, WFF and WCF
• Requests for early migrations/limited deferments due to
critical work conflicts were compiled/submitted to Agency
migration team
– Code 600_All survey distributed on February 5th to identify
work conflicts (e.g. travel, proposals due, Linux-only users)
• Other Directorates distributed similar surveys
– Responses were due February 22nd
– ~25% response, leaving 75% ???
– Scheduling some users either one week before/after
migration week
9Office 365 – What is it?
• Cloud-based Office productivity suite
– Standard Office Package includes
• Outlook, Word, Excel, PowerPoint, Skype
• Available as desktop and online web-based apps
• Additionally provides
– OneNote, SharePoint, OneDrive (for non-sensitive data storage)
• Benefits
– Increased mailbox sizes (100 GB), OneDrive (unlimited storage, 10 GB
file size), improved data security, improved Skype, easier collaboration
• Replaces legacy NOMAD email services
– Migration involves user email accounts and online email (non archived)
being moved from NOMAD to O365 servers
10Office 365 – Notification of Migration
• Multiple notifications have been distributed GSFC-wide announcing
the migration along with instructions.
– Subject: Your Office O365 (O365) Migration is Coming! Thursday 2/21/19
– Subject: Reminder: Request to Enroll in MDM… Monday 3/4/19
• Notifications to individuals will be sent to specify the exact day of their
migration.
– T-7
• Migration will occur overnight starting at 10pm the night before your
migration day, finishing by 7am the day of.
11Office 365 – What to do (Windows PCs)?
If you are a user of a Microsoft Windows PC as your
primary workstation used to access NASA email:
– Ensure PIV-M is configured
– Ensure Agency VPN account for remote access
– Ensure Office 2016 or O365 (2019) installed*
• Contact your SA to obtain these applications.
• *Office 2013 may work but with known
problems
– If all the above criteria has been met, your Outlook
migration should be transparent.
12Office 365 – What to do (Apple Mac)?
• If you are a user of an Apple Mac OSX as your primary workstation used to
access NASA email:
– Mac OSX 10.12 or earlier: Upgrade NOW to at least 10.13
– Mac OSX 10.13:
• Ensure PIV-M is configured
• Ensure Agency VPN account for remote access
• Ensure Office 2016 or O365(2019) installed, unless:
– Apple Mail, Thunderbird, or other IMAP users
» Contact your SA for assistance to implement DavMail Solution
– Mac OSX 10.14
• All of the above under Mac OSX 10.13
• Provides the best user experience
13Office 365 – What to do (Linux)?
• If you are a Linux user as your primary workstation used
to access NASA email:
• The Agency provided solution is Evolution 3.27 or
greater.
– Limited success to-date.
• Thunderbird or other IMAP applications
– Contact your SA for assistance to implement
DavMail Solution
14MDM – Phone / Tablets
• Mobile Device Management (MDM) required on all mobile
devices accessing NASA mail/calendar services
– Refer to the Goddard-wide notifications for enrollment requests
• Subject: “Reminder: Request to Enroll in MDM….” Monday - 3/4/19
– ACES Mobile Devices
• Users who are migrated to Office 365 will be required to unregister/re-
register their ACES–issued NASA device in MDM. Instructions to
complete the unregister/re-register process can be found at:
https://aces.ndc.nasa.gov/subnav/mdm.html
– Personal (PFE) or Division non-ACES (GFE)
• Agency has authorized non-ACES Government Funded Equipment
(GFE) and personal mobile devices (PFE) upon request.
– Do the SATERN training NOW if you think you MIGHT want to
use PFE MDM
15Helpful Links
• Related Information: https://go.usa.gov/xEwq7
• O365 User Guides
https://inside.nasa.gov/office-365
• PIV Information
http://inside.nasa.gov/pivsmartcard
https://inside.nasa.gov/ocio/piv
• AD/UD information
Authorized Devices & Software Management Initiative: https://go.usa.gov/xEwq3
Full UD Memo: https://go.usa.gov/xEwqr
• MDM (Mobile Device Management)
https://mdr.nasa.gov/
• VPN
https://nics.larc.nasa.gov/vpn/index.html
16Questions???
17Code 600_All survey notice
From: "Peirce, Robert (GSFC-6060)"
Date: Tuesday, February 5, 2019 at 11:35 A
To: "600_All@nccs.nasa.gov"
Cc: "Simpson, Jeffrey M. (GSFC-7300)"
Subject: Requested Action: SED Office 365 Survey
All:
The Agency’s Office 365 (O365) initiative is tentatively scheduled to be deployed to all GSFC NOMAD users between in Feb 25 through March 29. To better prepare
for this transition and lesson’s learned from other Centers who have already transitioned to O365, a quick questionnaire has been created to help identify critical users
and special use cases where an alternate migration to O365 may be the best case. Your participation in this quick questionnaire is highly encouraged, as the data will
help us determine what migration path is best for you in order to avoid any work stoppages and risks to your project as a result of an inability to access email,
calendaring, and other Outlook functions which may be critical to your project.
This questionnaire is being distributed to collect user information to identify business use cases to assist with the Agency’s migration planning activities. Examples
include those on business international travel, mission critical work activities and those who use Linux workstations as their sole means for accessing NASA email.
Please take a few minutes to complete the O365 migration questionnaire. By finishing this questionnaire, you are providing the Agency O365 Migration Team with
information that should help make your transition to O365 more efficiently. Your response is requested by Friday, February 22nd.
https://www.surveymonkey.com/r/BV7GGLW
If you have any questions about O365, please email the Goddard O365 Team at gsfc-o365migration-itcd@mail.nasa.gov.
For more information about O365, FAQs, and training videos, visit: https://inside.nasa.gov/office-365
Thank you.
-Bob Peirce
____________________________________________________________________________
Robert Peirce
Associate Chief, Computational and Information Sciences and Technology Office (CISTO)
Code 606
NASA Goddard Space Flight Center
301.286.4497 Direct Line
301.286.9426 CISTO Office
robert.peirce@nasa.gov
18You can also read
