OperationsUpdated July 3, 2026
Cogito WTST - Knowledge Transfer
operationsknowledge-transfercogitoanalyticswtsttestazureepicsql-dbanon-prod
Cogito Epic on Azure Knowledge Transfer CloudTest WTST
The following Optum and Accenture team members were identified as key stakeholders for Cogito Admin and SQL DBA related knowledge transfer:
Key Stakeholders for Cogito Admin and SQL DBA Knowledge Transfer
| Name | Organization |
|---|---|
| Jordan Lambert | Optum |
| Maria Snelgrove | Optum |
| Nicholas Hester | Optum |
| Lakshminarayanan, Venkatesan | Optum |
| John Brownlee | Optum |
| Chung Chau | Optum |
| Angelea Morris | Accenture |
| Laura Vaughn | Accenture |
| Michael Yimer | Accenture |
The following items were identified as requiring Knowledge Transfer to transition the in-scope environments to the Optum Cogito and SQL DBA teams for ongoing support:
Server names and corresponding Epic groups
- CloudTest WTST Non-Prod VMs: Current Machines in Kuiper.csv
- Kuiper URL: https://kuiper.uhc.com
- System Pulse URL: https://systempulse.uhc.com
- CloudTest WTST BOM: 11-22-24_Epic_Automation_Bom_Template - Cogito - Cloud Test 02.12.25.xlsx
- Azure Citrix Login - CloudTest WTST Citrix Workspace
Server Naming Conventions
3.4 Virtual Machine Naming Convention
Confirm Server Access & corresponding tools required for access
- Ensure access to Hashicorp Vault https://vault.uhg.com
- Namespaces: Aide-0085665 (West), Aide-0085666 (East)
- Used for Static secrets
- Local admin passwords
- Msnonprod service accounts
- Cloudtest infrastructure – ONLY Epic infrastructure in msnonprod domain
- Msnonprod.dsnonprod.uhc.com
- EMPs or ESMP passwords
- Etc.
- Ensure access to Cyberark (same as on-prem) https://cyberark.optum.com/PasswordVault/v10/logon
- View and Copy service account passwords
- Domain based secrets
- Naming convention is incorrect in Cyberark. The service accounts are in the ms.ds.uhc.com domain and will work for # Checklist #229784 - Cogito Install Task List Cloud TST (West)
SOP for admin tasks (e.g. add new disk, expand disk, upgrade SKU, add new machine, start/stop server, etc.)
-
Disk Expansion/New Disk
-
Work with Cloud Operations to update managed disk prior to the Cogito Admin or SQL DBA making the configuration
-
Expand Disks Instructions.docx
-
Upgrade SKU
-
Work with Optum Infrastructure Team to update SKU.
U. Patching Schedule / Process (Windows)
- This is out of scope for the Epic on Azure team.
- Details should be shared by Cloud Operations.
Environment Servers
- West Hub
- Central Hub
- East Hub
- Training
- Development
- Confirm
- Full Sized Copies
- Disaster Recovery (DR)
- Prod Support
Production Patching Schedule
- 3rd Sunday
- Time: 8 PM – 11 PM CST
Support Transition
- Accenture Team will provide Hypercare through Monday, August 4, 2025
- Optum’s Cogito and SQL DBA teams will take over ongoing support starting Monday, August 16, 2025
Task 1: Cogito Deployment Notes
First-Time Server Login Commands
-
Delete RPC Registry Key
Remove-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\RPC" -Force -Recurse -
Turn Off Firewall
Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled False -
DNS/A Record Registration
- Each Cogito VM must be registered with the service desk.
- Example of request form available.
-
Install .NET 3.5
- Map to:
\\epicfilesnp.uhc.com\technical\Epic_Azure\WindowsUpdate\sources\sxs - Copy to:
C:\sxs - Update alternate path in install to:
C:\sxs
- Map to:
-
SSL Listener Configuration (Run only if listener exists)
winrm delete winrm/config/listener?Address=*+Transport=HTTPS winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="[certificate name]"} winrm enumerate winrm/config/Listener Setspn –L [server name]
PowerShell Validation Tasks
Task 2.3.5 & 5.3.5: Enable High Performance Mode
Powercfg /list
Task 2.4.4 & 5.4.3: Create Filesystems
Get-WmiObject Win32_Volume | select Label,Name,BlockSize | sort -Property Label
Task 2.4.6 & 5.4.5: Verify Kernel-Only Memory Dump Is Enabled
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl" | Select-Object -Property DumpType
Task 2.4.7 & 5.4.6: Configure Windows TCP Parameters
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" | Select-Object KeepAliveTime, TcpTimedWaitDelay, MaxUserPort
``` build.
- It is now accessible from Cloud SAW
- Ensure access to Cloud SAW
- VMWare Horizon
- Cloud SAW is the preferred way to RDP into Azure VMs
- Request Cloud SAW access via Secure
- Application: Secure Workbench
- Choose Create New ID to populate with Secondary ID
- If one does not exist, it will create a secondary ID for use.
- Role: Cloud SAW
- Ensure your elevated credentials are in the AD group below for your secondary account:
- Optum_National_Epic_COE_Cogito_DBA_Primary
- Optum_National_Epic_COE_Cogito_DBA_Secondary
- OPTUM_SQLSERVER_DBA01APPWIN
- Check adlookup.optum.com to ensure access has been granted
# Azure Access
- Ensure log in and access to Virtual Machine details located in the portal <https://portal.azure.com>
# List of deliverables
- Artifactory Cogito Folder: repo1.uhc.com
- Quick Reference Guide: Optum_Epic on Azure Infrastructure - Quick Reference Guide.xlsx
- Low-level Design Document: Low-Level_Design_v1.0.docx
- Deployment Plans: Deployment Plan
- Epic IP Address Allocation: EPIC IP Address Allocation-100%CDO.xlsx
- Network Architecture Diagram: Optum - Network Diagrams Draft v2.6-updated2.vsdx
# Architecture & Business Continuity (DR considerations/config for specific environments)
This will be applicable for Production. It is not applicable for non-prod.
# Server configuration details
- Please see the Bill of Materials that were used to request the infrastructure that has been deployed here: Deployed
# Application Config details
This will be applicable for Production. It is not applicable for non-prod.
# Monitoring
- System Pulse has been configured to match on-prem Alert Defs and users have been added to appropriate groups. Please ensure your account has Administrator access, the ECSA alerting group members are up-to-date, and that all the appropriate alerts are configured. <https://systempulse.uhc.com/SystemPulse>
- SMTP server: mailo2.uhc.com
# SOP for admin tasks (e.g. add new disk, expand disk, upgrade SKU, add new machine, start/stop server, etc.)
- Disk Expansion/New Disk
- Work with Cloud Operations to update managed disk prior to the Cogito Admin or SQL DBA making the configuration
- Expand Disks Instructions.docx
- Upgrade SKU
- Work with Optum Infrastructure Team to update SKU.
# Patching Schedule / Process (Windows)
- This is **out of scope** for the Epic on Azure team.
- Details should be shared by **Cloud Operations**.
---
## Environment Servers
- **West Hub**
- **Central Hub**
- **East Hub**
- **Training**
- **Development**
- **Confirm**
- **Full Sized Copies**
- **Disaster Recovery (DR)**
- **Prod Support**
---
## Production Patching Schedule
| Environment | Day | Time (CST) |
| ----------- | ---------- | ----------- |
| Prod | 3rd Sunday | 2 AM – 4 AM |
| Prod | 3rd Sunday | 3 AM – 5 AM |
---
## Support Transition
- **Accenture Team** will provide **Hypercare** through **Friday, June 13, 2025**
- **Optum’s Cogito and SQL DBA teams** will take over ongoing support starting **Monday, June 16, 2025**
---
# Checklist #229784 - Cogito Install Task List Cloud TST (West)
## Task 1: Cogito Deployment Notes
### First-time Server Login Commands
- **Delete RPC Registry Key**:
```powershell
Remove-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\RPC" -Force -Recurse
This is out of scope for the Epic on Azure team and details should be shared by Cloud Operations.
Accenture Team will provide Hypercare through Friday, June 13, 2025; Optum’s Cogito and SQL DBA teams will take over ongoing support for this environment starting Monday, June 16, 2025.
Checklist #229784 - Cogito Install Task List Cloud TST (West)
Task 1. Cogito Deployment Notes
First time logging into each server the following commands must be run:
Delete RPC Reg key
Remove-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\RPC" -Force -Recurse
Turn-off firewall
Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled False
Each Cogito VM DNS/A record must be registered with the service desk. Example of request form.
Install 3.5 .Net to all Cogito Servers
To install .NET 3.5 this can be done by mapping to this folder and copying \\epicfilesnp.uhc.com\technical\Epic_Azure\WindowsUpdate\sources\sxs to C:\sxs. Update the alternate path in the install to C:\sxs
After the CA certificates have been installed and SSL setup is complete on all Cogito servers the following command must be run.
(Only run this command if the listener already exists)winrm delete winrm/config/listener?Address=*+Transport=HTTPS
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="[certificate name]"}
winrm enumerate winrm/config/Listener
Setspn –L [server name]
Task 2.3.5. Enable High Performance Mode - Powershell command to check for high performance mode
Powercfg /list
Task 2.4.4. Create Filesystems - Powershell command to check filesystems setup
Get-WmiObject Win32_Volume | select Label,Name,BlockSize | sort -Property Label
Task 2.4.6. Verify that Kernel-Only Memory Dump is Enabled - Powershell command to confirm that Kernel-Only Dump is Enabled
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl" | Select-Object -Property DumpType
Task 2.4.7. Configure Windows TCP Parameters - Powershell command to confirm TCP Parameters
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" | Select-Object KeepAliveTime, TcpTimedWaitDelay, MaxUserPort
Task 5.3.5. Enable High Performance Mode - Powershell command to check for high performance mode
Powercfg /list
Task 5.4.3. Create Filesystems - Powershell command to check filesystems setup
Get-WmiObject Win32_Volume | select Label,Name,BlockSize | sort -Property Label
Task 5.4.5. Verify Kernel-Only Memory Dump Is Enable- Powershell command to confirm that Kernel-Only Dump is Enabled
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl" | Select-Object -Property DumpType
Task 5.4.6. Configure Windows TCP Parameters - Powershell command to confirm TCP Parameters
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" | Select-Object KeepAliveTime, TcpTimedWaitDelay, MaxUserPort