Telstra has claimed productivity savings of $1 million to $1.5 million per year from implementing Tivoli Access Manager for Enterprise Single Sign-On (TAM ESSO) version 8 at its global operations centre (GOC) in Melbourne.
The GOC is the master control room for the entire Telstra network. Up to 400 operators are at work at any one time, according to the company, with total staff numbers between 800 and 1000.
Previously, employees had to sign on to each application with unique passwords, which was causing a problem. "On average teams would log in to 20 different applications out of around 400," Telstra support engineer Herman Recinos, told the IBM Pulse 2011 event in Melbourne yesterday. Operators would take between 15 and 20 minutes to log in at the start of every shift.
Operators typically needed another 20 log-ins through the course of their shift. Every mobile phone base station has its own unique password, for example.
"We were breaking every security IT policy: as in storing the passwords on spreadsheets, on notebooks, on printed paper, scratch paper, Post-it notes," Recinos said.
Testra had previously deployed TAM ESSO version 6 around three to four years ago, but there were problems. User credentials could be corrupted when the back-end database didn't synchronise properly after a password reset, or when a user obtained a new PC. The system didn't correctly handle users who were hot-desking to different computers, or when they logged in to up to four PCs simultaneously to display all the applications and alarms they had to monitor.
IBM upgraded its GOC to TAM ESSO version 8 in an eight-stage process:
- Application discovery
- User discussions
- Building a development environment
- Application modelling
- User testing
- More user testing
- Production server build
- Client roll-out
"In an environment like the GOC, just trying to work out what was there is a really difficult step," said Robert Trotter, Tivoli Software IT specialist at IBM.
"I turn up at Telstra and Herman goes, 'Here's a spreadsheet of applications', and [there were] two hundred and something different names, lots of question marks, lots of 'The person who was responsible for his application has now left the company and nobody knows quite what it is other than it's called FRED'," Trotter said.
"We need to discover what these applications are, where are they deployed, who uses them and how do they use them. One of the difficult questions we found at Telstra was 'Where is the authentication back end?'"
Users would often assume that two applications had the same authentication back-end because the passwords were the same, when in fact the passwords for two different systems had been manually set to the same value by systems administrators in the distant past. Comprehensive user discussions were essential for discovering the full range of applications and their interfaces.
From the very beginning of these discussions, five or six users were brought on board as beta testers for the testing and roll-out stages, something Trotter says was "most useful".
While the first three stages were vital for success, application modelling was the largest stage of the project. "This is where the time will be spent," Trotter said. The Telstra GOC project enabled 230 unique applications for single sign-on, with 87 unique application profiles.
The Telstra GOC server infrastructure is deployed across two Windows 2003 virtual machines with an F5 load balancer running in active-passive configuration.
During client roll-out, the TAM ESSO AccessAgent was installed in 714 desktops overnight. "Yes, it worked straight away," Recinos said, even across to Telstra GOC's secret backup centre.
Overall, the project took about three months to complete.
The TAM ESSO system has now run seamlessly in Telstra GOC for six months, said Recinos. It's being used by 396 staff including GOC operators, project managers, finance group and architects.
"It's like having a V8 Commodore rather than a V6 Commodore, it's that much faster," he said.
Stilgherrian attended Pulse 2011 as a guest of IBM.