Navigation
OperationsUpdated July 3, 2026

Cogito WPRD - Knowledge Transfer

operationsknowledge-transfercogitoanalyticswprdproductionazureepicsql-dbamonitoring

Cogito Epic on Azure Knowledge Transfer WREL

Key Stakeholders for Cogito Admin and SQL DBA Knowledge Transfer

NameOrganization
Jordan LambertOptum
Maria SnelgroveOptum
Nicholas HesterOptum
Lakshminarayanan, VenkatesanOptum
John BrownleeOptum
Chung ChauOptum
Angelea MorrisAccenture
Laura VaughnAccenture
Michael YimerAccenture

Cogito Epic on Azure Knowledge Transfer WPRD

The following Optum and Accenture team members were identified as key stakeholders for Cogito Admin and SQL DBA related knowledge transfer:

Server names and corresponding Epic groups

  • WREL WREL Non-Prod VMs: Current Machines in Kuiper.csv
  • Kuiper URL: https://kuiper.uhc.com
  • System Pulse URL: WREL WWREL BOM: 11-22-24_Epic_Automation_Bom_Template - Cogito - WREL Azure Citrix Login - WREL WWREL Citrix Workspace Azure Cogito Server List - Azure Cogito Server List.xlsx

Server Naming Conventions

3.4 Virtual Machine Naming Convention

To ensure consistency across all resources, it is important to follow a standard naming convention. A standardized format will allow for resources, such as virtual machines, to be easily identifiable.

VM Naming Convention

This standard naming convention will be used for naming hosts in Azure VMs:

  • Position 1: Hosting Platform

    • Z = Azure
    • A = AWS
    • G = Google
    • O = Oracle Cloud
    • etc.
  • Position 2: Region

    • E = East
    • C = Central
    • W = West
  • Position 3: Environment

    • P = Prod
    • N = Non-Prod
    • D = Dev
    • R = Disaster Recovery
    • S = Shared
  • Position 4: OS Platform Type

    • W = Windows
    • L = Linux
  • Position 5: Purpose

    • AD = Active Directory
    • EPS = Epic Print Server
    • KUI = Kuiper
    • BCA = etc.
  • Position 6: Instance Identifier

    • EE = Epic East
    • EW = Epic West
    • CL = Community Lead
  • Position 7: Series Number

    • Starting at 001, incrementing as required.

Note: Server hostnames will vary from 13–15 characters depending on role and/or purpose.

Confirm Server Access & corresponding tools required for access

  • Ensure access to Hashicorp Vault https://vault.uhg.com
  • Namespaces: Aide-0085665 (West), Aide-0085666 (East)
  • Used for Static secrets
  • Local admin passwords
  • Msnonprod service accounts
  • Cloudtest infrastructure – ONLY Epic infrastructure in msnonprod domain
  • Msnonprod.dsnonprod.uhc.com
  • EMPs or ESMP passwords
  • Etc.
  • Ensure access to Cyberark (same as on-prem) https://cyberark.optum.com/PasswordVault/v10/logon
  • View and Copy service account passwords
  • Domain based secrets
  • Naming convention is incorrect in Cyberark. The service accounts are in the ms.ds.uhc.com domain and will work for WREL build.
  • It is now accessible from Cloud SAW
  • Ensure access to Cloud SAW
  • VMWare Horizon
  • Cloud SAW is the preferred way to RDP into Azure VMs
  • Request Cloud SAW access via Secure
  • Application: Secure Workbench
  • Choose Create New ID to populate with Secondary ID
  • If one does not exist, it will create a secondary ID for use.
  • Role: Cloud SAW
  • Ensure your elevated credentials are in the AD group below for your secondary account:
  • Optum_National_Epic_COE_Cogito_DBA_Primary
  • Optum_National_Epic_COE_Cogito_DBA_Secondary
  • OPTUM_SQLSERVER_DBA01APPWIN
  • Check adlookup.optum.com to ensure access has been granted

Azure Access

List of deliverables

  • Artifactory Cogito Folder: repo1.uhc.com
  • Quick Reference Guide: Optum_Epic on Azure Infrastructure - Quick Reference Guide.xlsx
  • Low-level Design Document: Low-Level_Design_v1.0.docx
  • Deployment Plans: Deployment Plan
  • Epic IP Address Allocation: EPIC IP Address Allocation-100%CDO.xlsx
  • Network Architecture Diagram: Optum - Network Diagrams Draft v2.6-updated2.vsdx

Architecture & Business Continuity (DR considerations/config for specific environments)

This will be applicable for Production. It is not applicable for non-prod.

Server configuration details

  • Please see the Bill of Materials that were used to request the infrastructure that has been deployed here: Deployed

Application Config details

This will be applicable for Production. It is not applicable for non-prod.

Monitoring

  • System Pulse has been configured to match on-prem Alert Defs and users have been added to appropriate groups. Please ensure your account has Administrator access, the ECSA alerting group members are up-to-date, and that all the appropriate alerts are configured. https://systempulse.uhc.com/SystemPulse
  • SMTP server: mailo2.uhc.com

SOP for admin tasks (e.g. add new disk, expand disk, upgrade SKU, add new machine, start/stop server, etc.)

  • Disk Expansion/New Disk

  • Work with Cloud Operations to update managed disk prior to the Cogito Admin or SQL DBA making the configuration

  • Expand Disks Instructions.docx

  • Upgrade SKU

  • Work with Optum Infrastructure Team to update SKU.

U. Patching Schedule / Process (Windows)

  • This is out of scope for the Epic on Azure team.
  • Details should be shared by Cloud Operations.

Environment Servers

  • West Hub
  • Central Hub
  • East Hub
  • Training
  • Development
  • Confirm
  • Full Sized Copies
  • Disaster Recovery (DR)
  • Prod Support

Production Patching Schedule

  • 3rd Sunday
    • Time: 8 PM – 11 PM CST

Support Transition

  • Accenture Team will provide Hypercare through Monday, August 4, 2025
  • Optum’s Cogito and SQL DBA teams will take over ongoing support starting Monday, August 16, 2025

Task 1: Cogito Deployment Notes

First-Time Server Login Commands

  • Delete RPC Registry Key
powershell
  Remove-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\RPC" -Force -Recurse
```text

- **Turn Off Firewall**

```text
powershell
  Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled False
```text

- **DNS/A Record Registration**
  - Each Cogito VM must be registered with the service desk.
  - Example of request form available.

- **Install .NET 3.5**
  - Map to: `\\epicfilesnp.uhc.com\technical\Epic_Azure\WindowsUpdate\sources\sxs`
  - Copy to: `C:\sxs`
  - Update alternate path in install to: `C:\sxs`

- **SSL Listener Configuration** *(Run only if listener exists)*

```text
powershell
  winrm delete winrm/config/listener?Address=*+Transport=HTTPS
  winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="[certificate name]"}
  winrm enumerate winrm/config/Listener
  Setspn –L [server name]
```text

---

## PowerShell Validation Tasks

### Task 2.3.5 & 5.3.5: Enable High Performance Mode

```text
powershell
Powercfg /list
```text

### Task 2.4.4 & 5.4.3: Create Filesystems

```text
powershell
Get-WmiObject Win32_Volume | select Label,Name,BlockSize | sort -Property Label
```text

### Task 2.4.6 & 5.4.5: Verify Kernel-Only Memory Dump Is Enabled

```text
powershell
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl" | Select-Object -Property DumpType
```text

### Task 2.4.7 & 5.4.6: Configure Windows TCP Parameters

```text
powershell
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" | Select-Object KeepAliveTime, TcpTimedWaitDelay, MaxUserPort
```text

 build.

- It is now accessible from Cloud SAW
- Ensure access to Cloud SAW
- VMWare Horizon
- Cloud SAW is the preferred way to RDP into Azure VMs
- Request Cloud SAW access via Secure
- Application: Secure Workbench
- Choose Create New ID to populate with Secondary ID
- If one does not exist, it will create a secondary ID for use.
- Role: Cloud SAW
- Ensure your elevated credentials are in the AD group below for your secondary account:
- Optum_National_Epic_COE_Cogito_DBA_Primary
- Optum_National_Epic_COE_Cogito_DBA_Secondary
- OPTUM_SQLSERVER_DBA01APPWIN
- Check adlookup.optum.com to ensure access has been granted

# Azure Access

- Ensure log in and access to Virtual Machine details located in the portal <https://portal.azure.com>

# List of deliverables

- Artifactory Cogito Folder: repo1.uhc.com
- Quick Reference Guide: Optum_Epic on Azure Infrastructure - Quick Reference Guide.xlsx
- Low-level Design Document: Low-Level_Design_v1.0.docx
- Deployment Plans: Deployment Plan
- Epic IP Address Allocation: EPIC IP Address Allocation-100%CDO.xlsx
- Network Architecture Diagram: Optum - Network Diagrams Draft v2.6-updated2.vsdx

# Architecture & Business Continuity (DR considerations/config for specific environments)

This will be applicable for Production. It is not applicable for non-prod.

# Server configuration details

- Please see the Bill of Materials that were used to request the infrastructure that has been deployed here: Deployed

# Application Config details

This will be applicable for Production. It is not applicable for non-prod.

# Monitoring

- System Pulse has been configured to match on-prem Alert Defs and users have been added to appropriate groups. Please ensure your account has Administrator access, the ECSA alerting group members are up-to-date, and that all the appropriate alerts are configured. [https://systempulse.uhc.com/SystemPulse](https://systempulse.uhc.com/SystemPulse)
- SMTP server: mailo2.uhc.com

# SOP for admin tasks (e.g. add new disk, expand disk, upgrade SKU, add new machine, start/stop server, etc.)

- Disk Expansion/New Disk
- Work with Cloud Operations to update managed disk prior to the Cogito Admin or SQL DBA making the configuration
- Expand Disks Instructions.docx

- Upgrade SKU
- Work with Optum Infrastructure Team to update SKU.

# Patching Schedule / Process (Windows)

- This is **out of scope** for the Epic on Azure team.
- Details should be shared by **Cloud Operations**.

---

## Environment Servers

- **West Hub**
- **Central Hub**
- **East Hub**
- **Training**
- **Development**
- **Confirm**
- **Full Sized Copies**
- **Disaster Recovery (DR)**
- **Prod Support**

---

## Production Patching Schedule

| Environment | Day | Time (CST) |
| ----------- | ---------- | ----------- |
| Prod | 3rd Sunday | 2 AM – 4 AM |
| Prod | 3rd Sunday | 3 AM – 5 AM |

---

## Support Transition

- **Accenture Team** will provide **Hypercare** through **Friday, June 13, 2025**
- **Optum’s Cogito and SQL DBA teams** will take over ongoing support starting **Monday, June 16, 2025**

---

# Checklist #229784 - Cogito Install Task List Cloud WPRD (West)

## Task 1: Cogito Deployment Notes

### First-time Server Login Commands

- **Delete RPC Registry Key**:

```text
powershell
  Remove-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\RPC" -Force -Recurse

This is out of scope for the Epic on Azure team and details should be shared by Cloud Operations.

Accenture Team will provide Hypercare through Friday, June 13, 2025; Optum’s Cogito and SQL DBA teams will take over ongoing support for this environment starting Monday, June 16, 2025.

Checklist #229784 - Cogito Install Task List Cloud WPRD (West)
Task 1. Cogito Deployment Notes
First time logging into each server the following commands must be run:
Delete RPC Reg key
Remove-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\RPC" -Force -Recurse
Turn-off firewall
Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled False
Each Cogito VM DNS/A record must be registered with the service desk. Example of request form.
Install 3.5 .Net to all Cogito Servers
To install .NET 3.5 this can be done by mapping to this folder and copying \\epicfilesnp.uhc.com\technical\Epic_Azure\WindowsUpdate\sources\sxs to C:\sxs. Update the alternate path in the install to C:\sxs
After the CA certificates have been installed and SSL setup is complete on all Cogito servers the following command must be run.
(Only run this command if the listener already exists)winrm delete winrm/config/listener?Address=*+Transport=HTTPS
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="[certificate name]"}
winrm enumerate winrm/config/Listener
Setspn –L [server name]
Task 2.3.5. Enable High Performance Mode - Powershell command to check for high performance mode
Powercfg /list
Task 2.4.4. Create Filesystems - Powershell command to check filesystems setup
Get-WmiObject Win32_Volume | select Label,Name,BlockSize | sort -Property Label
Task 2.4.6. Verify that Kernel-Only Memory Dump is Enabled - Powershell command to confirm that Kernel-Only Dump is Enabled
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl" | Select-Object -Property DumpType
Task 2.4.7. Configure Windows TCP Parameters - Powershell command to confirm TCP Parameters
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" | Select-Object KeepAliveTime, TcpTimedWaitDelay, MaxUserPort
Task 5.3.5. Enable High Performance Mode - Powershell command to check for high performance mode
Powercfg /list
Task 5.4.3. Create Filesystems - Powershell command to check filesystems setup
Get-WmiObject Win32_Volume | select Label,Name,BlockSize | sort -Property Label
Task 5.4.5. Verify Kernel-Only Memory Dump Is Enable- Powershell command to confirm that Kernel-Only Dump is Enabled
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl" | Select-Object -Property DumpType
Task 5.4.6. Configure Windows TCP Parameters - Powershell command to confirm TCP Parameters
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" | Select-Object KeepAliveTime, TcpTimedWaitDelay, MaxUserPort