Navigation
OperationsUpdated July 3, 2026

Cogito Cloud Test East - Knowledge Transfer

operationsknowledge-transfercogitoanalyticscloudtesteast-regionazureepicsql-dbamonitoring

Cogito Epic on Azure Knowledge Transfer


Key Stakeholders for Cogito Admin and SQL DBA Knowledge Transfer

NameOrganization
Jordan LambertOptum
Maria SnelgroveOptum
Nicholas HesterOptum
Lakshminarayanan, VenkatesanOptum
John BrownleeOptum
Chung ChauOptum
Angelea MorrisAccenture
Laura VaughnAccenture
Michael YimerAccenture

Knowledge Transfer Requirements

The following items were identified as requiring Knowledge Transfer to transition the in-scope environments to the Optum Cogito and SQL DBA teams for ongoing support:

Server Names and Corresponding Epic Groups

Server Naming Conventions

3.4 Virtual Machine Naming Convention

To ensure consistency across all resources, it is important to follow a standard naming convention. A standardized format will allow for resources, such as virtual machines, to be easily identifiable.

VM Naming Convention

This standard naming convention will be used for naming hosts in Azure VMs:

  • Position 1: Hosting Platform

    • Z = Azure
    • A = AWS
    • G = Google
    • O = Oracle Cloud
    • etc.
  • Position 2: Region

    • E = East
    • C = Central
    • W = West
  • Position 3: Environment

    • P = Prod
    • N = Non-Prod
    • D = Dev
    • R = Disaster Recovery
    • S = Shared
  • Position 4: OS Platform Type

    • W = Windows
    • L = Linux
  • Position 5: Purpose

    • AD = Active Directory
    • EPS = Epic Print Server
    • KUI = Kuiper
    • BCA = etc.
  • Position 6: Instance Identifier

    • EE = Epic East
    • EW = Epic West
    • CL = Community Lead
  • Position 7: Series Number

    • Starting at 001, incrementing as required.

Note: Server hostnames will vary from 13–15 characters depending on role and/or purpose.

Confirm Server Access & Corresponding Tools Required for Access

Vault Access

  • HashiCorp Vault: https://vault.uhgcom
  • Namespaces:
    • Aide-0085665 (West)
    • Aide-0085666 (East)
  • Used for:
    • Static secrets
    • Local admin passwords
    • Msnonprod service accounts
    • EMPs or ESMP passwords
    • CloudTest infrastructure – ONLY Epic infrastructure in msnonprod domain
    • Domain: msnonprod.dsnonprod.uhc.com

CyberArk Access

  • CyberArk Portal: https://cyberark.optum.com/PasswordVault/v10/logon
  • Used for:
    • View and copy service account passwords
    • Domain-based secrets
  • Note: Naming convention is incorrect in CyberArk. Service accounts are in the ms.ds.uhc.com domain and will work for MPI build.

Now accessible from Cloud SAW


Cloud SAW Access

  • VMWare Horizon: Cloud SAW is the preferred way to RDP into Azure VMs

  • Request Access via Secure:

    • Application: Secure Workbench
    • Choose Create New ID to populate with Secondary ID
    • If one does not exist, it will create a secondary ID for use
    • Role: Cloud SAW
  • Ensure elevated credentials are in the following AD groups:

    • Optum_National_Epic_COE_Cogito_DBA_Primary
    • Optum_National_Epic_COE_Cogito_DBA_Secondary
    • OPTUM_SQLSERVER_DBA01APPWIN
  • Verify Access: https://adlookup.optum.com


Azure Access


List of Deliverables

  • Artifactory Cogito Folder: repo1.uhc.com
  • Quick Reference Guide: Optum_Epic on Azure Infrastructure - Quick Reference Guide.xlsx
  • Low-level Design Document: Low-Level_Design_v1.0.docx
  • Deployment Plans: Deployment Plan
  • Epic IP Address Allocation: EPIC IP Address Allocation-100%CDO.xlsx
  • Network Architecture Diagram: `Optum - Network Diagrams Draft v2.6-updated2

Architecture & Business Continuity

  • This section is applicable only for Production environments.
  • Includes Disaster Recovery (DR) considerations and configuration for specific environments.

Application Configuration Details

  • This section is applicable only for Production environments.

Monitoring

  • System Pulse has been configured to match on-prem Alert Definitions.

  • Users have been added to appropriate groups.

  • Please ensure:

    • Your account has Administrator access
    • ECSA alerting group members are up-to-date
    • All appropriate alerts are configured
  • System Pulse URL: https://epiccloudtestsystempulse.uhc.com/SystemPulse/Monitor.aspx

  • SMTP Server: mailo2.uhc.com


SOP for Admin Tasks

Common administrative tasks include:

  • Add New Disk
  • Expand Disk
  • Upgrade SKU
  • Add New Machine
  • Start/Stop Server

Disk Expansion / New Disk

  • Work with Cloud Operations to update the managed disk prior to Cogito Admin or SQL DBA configuration.
  • Refer to: Expand Disks Instructions.docx

Upgrade SKU

  • Work with the Optum Infrastructure Team to update the SKU.

Checklist #229784 - Cogito Install Task List Cloud TST (West)

Task 1: Cogito Deployment Notes

First-Time Server Login Commands

  • Delete RPC Registry Key

    Remove-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\RPC" -Force -Recurse
    
  • Turn Off Firewall

    Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled False
    
  • DNS/A Record Registration

    • Each Cogito VM must be registered with the service desk.
    • Example of request form available.
  • Install .NET 3.5

    • Map to: \\epicfilesnp.uhc.com\technical\Epic_Azure\WindowsUpdate\sources\sxs
    • Copy to: C:\sxs
    • Update alternate path in install to: C:\sxs
  • SSL Listener Configuration (Run only if listener exists)

    winrm delete winrm/config/listener?Address=*+Transport=HTTPS
    winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="[certificate name]"}
    winrm enumerate winrm/config/Listener
    Setspn –L [server name]
    

PowerShell Validation Tasks

Task 2.3.5 & 5.3.5: Enable High Performance Mode

Powercfg /list

Task 2.4.4 & 5.4.3: Create Filesystems

Get-WmiObject Win32_Volume | select Label,Name,BlockSize | sort -Property Label

Task 2.4.6 & 5.4.5: Verify Kernel-Only Memory Dump Is Enabled

Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl" | Select-Object -Property DumpType

Task 2.4.7 & 5.4.6: Configure Windows TCP Parameters

Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" | Select-Object KeepAliveTime, TcpTimedWaitDelay, MaxUserPort
  • First-time login commands:

    • Delete RPC Reg key:

      Remove-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\RPC" -Force -Recurse
      
    • Turn off firewall:

      Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled False
      
  • DNS/A Record Registration: Each Cogito VM must be registered with the service desk.

  • Install .NET