ECSA West WPJX - Knowledge Transfer
ECSA Epic on Azure Knowledge Transfer (West WPJX)
The following Optum and Accenture team members were identified as key stakeholders for ECSA related knowledge transfer:
| Name | Organization |
|---|---|
| Jordan Lambert | Optum |
| Jerry Bennett | Optum |
| Damian Cardoso | Optum |
| Moses Preston-Holder | Optum |
| Michael Mansfield | Optum |
| Matthew Senter | Accenture |
| Charles Pahl | Accenture |
| Jonathan Saucier | Accenture |
The following items were identified as requiring Knowledge Transfer to transition the in-scope environments to the Optum ECSA team for ongoing support:
Server names and corresponding Epic groups
- West/Lead Prod Copy VMs: Current Machines in Kuiper.csv
- Kuiper URL: https://kuiper.uhc.com
- System Pulse URL: https://systempulse.uhc.com
Confirm Server Access & corresponding tools required for access
-
Ensure access to Hashicorp Vault https://vault.uhg.com
-
Namespaces: Aide-0085665 (West), Aide-0085666 (East)
-
Used for Static secrets
-
Local admin passwords
-
Follow-up with Infrastructure team to get naming decoder ring for local admin passwords Followed up with Indhu and Jeff 4/22 -
-
Ms service accounts
-
MS Domain ms.ds.uhc.com
-
EMPs or ESMP passwords etc.
-
Ensure access to Cyberark (same as on-prem) https://cyberark.optum.com/PasswordVault/v10/logon
-
View and Copy service account passwords
-
Domain based secrets
-
Epic service accounts: Epic on Azure Service Accounts.xlsx
-
It is now accessible from Cloud SAW
-
Ensure access to Cloud SAW
-
VMWare Horizon
-
Cloud SAW is the preferred way to RDP into Azure VMs
-
Request Cloud SAW access via Secure
-
Application: Secure Workbench
-
Choose Create New ID to populate with Secondary ID
-
If one does not exist, it will create a secondary ID for use.
-
Role: Cloud SAW
-
Ensure your elevated credentials are in the AD group below:
-
GPO is applied to Epic on Azure Windows VMs to allow admin access to this AD group
-
Check adlookup.optum.com to ensure access has been granted
Azure Access
- Ensure log in and access to Virtual Machine details located in the portal https://portal.azure.com
- Currently not aware of the process to get “Contributor” access in Azure – Placeholder follow-up (Optum Cloud Operations – Followed up with Indhu and Jeff – 4/22 jm)
- Use for Azure Bastion – Console level access to VMs if they are unreachable via RDP
List of deliverables
- Quick Reference Guide: Optum_Epic on Azure Infrastructure - Quick Reference Guide.xlsx
- Low-level Design Document: Low-Level_Design_v1.0.docx
- ECSA Discovery Documents: ECSA
- Deployment Plans: Deployment Plan
- Epic IP Address Allocation: EPIC IP Address Allocation-100%CDO.xlsx
- Network Architecture Diagram: Optum - Network Diagrams Draft v2.6-updated2.vsdx
Architecture & Business Continuity (DR considerations/config for specific environments)
- This will be applicable for Production. It is not applicable for non-prod.
Server configuration details
- Please see the Bill of Materials that were used to request the infrastructure that has been deployed here: Deployed
Application Config details
- This will be applicable for Production. It is not applicable for non-prod.
Monitoring
- System Pulse has been configured to match on-prem Alert Defs and users have been added to appropriate groups. Please ensure your account has Administrator access, the ECSA alerting group members are up-to-date, and that all the appropriate alerts are configured. (https://systempulse.uhc.com/SystemPulse)
- SMTP server:
mailo2.uhc.com
- SMTP server:
- Netscaler VIP Status
- Follow up with Benny on read account to look at VIP status and configuration ("followed up with Benny 4/22 -jm")
- Domain account? Local account?
SOP for admin tasks (e.g. add new disk, expand disk, upgrade SKU, add new machine, start/stop server, etc.)
- This is out of scope for the Epic on Azure team and details should be shared by Cloud Operations.
Patching Schedule/Process
- This is out of scope for the Epic on Azure team and details should be shared by Cloud Operations.
Accenture Team will provide Hypercare through Friday, April 18, 2025; Optum’s ECSA team will take over ongoing support for this environment starting Monday, April 21, 2025.
Acknowledgement section
| Name | Organization | Acknowledged |
|---|---|---|
| Jordan Lambert | Optum | |
| Jerry Bennett | Optum | |
| Damian Cardoso | Optum | |
| Moses Preston-Holder | Optum | |
| Michael Mansfield | Optum | |
| Matthew Senter | Accenture | |
| Charles Pahl | Accenture | |
| Jonathan Saucier | Accenture |