Question Period Note: Information Technology Systems and Application Health

Shared Services Canada’s customer departments continue to manage most of their applications. These customer department applications are often aging and require constant maintenance. Shared Services Canada is working with customer departments to identify risks and mitigate service disruptions. Shared Services Canada is driving hosting renewal (with migration to its enterprise data centres and/or to be hosted within the Cloud) while customer departments are responsible for their application modernization plans.

·       While Shared Services Canada manages a significant portion of the Government of Canada’s information technology infrastructure, departments continue to manage most of their applications.
• These applications—roughly 12,000 across the Government of Canada—are critical in delivering services to Canadians.
• The health of this portfolio of applications is assessed annually based on the business value, technical condition, funding condition and criticality of the applications.
• SSC provides core services to departments and agencies by assessing application and data health. TBS provides departments and agencies with assistance in acquiring the expertise to accelerate their readiness to modernize their applications, as well as building tools and processes to monitor application performance and help manage the GC’s portfolio of applications as a whole.
• Over the last three years, the overall health of the application portfolio has increased from 28% to 35% which is progress, but the GC needs to continue this trend of improvement.
• The state of these applications varies greatly, and attention must be given in priority to those relying on legacy information technology infrastructure or where a high-value/mission critical application needs to be modernized to provide improved services to Canadians and/or GC employees.
• Shared Services Canada is working with client departments to identify risks associated with these applications, and the information technology infrastructure that hosts them, in order to mitigate potential service disruptions.
• Wherever possible, Shared Services Canada is supporting departments as they look to migrate their critical applications to more modern infrastructure available either through cloud-based solutions or Government of Canada enterprise data centres where cloud isn’t feasible.
• The government has indicated that it intends to make generational investments in updating information technology systems to modernize the way GC services are delivered.
• With sustained investments in information technology infrastructure, the applications themselves, and a prioritization of systems at risk, it is expected that the GC application health will continue to improve.

Some of the most critical projects being undertaken by Shared Services Canada to resolve these issues can be found below. A list of other ongoing and planned projects related to application health can be found in the Annex following this section.

Cloud Brokering Services
The Government of Canada has adopted a “Cloud First” strategy since it is the modern and flexible method for hosting applications. Government of Canada departments can review, purchase and provide public cloud services through Shared Services Canada Cloud Brokering Services. Cloud services provide access to shared information technology resources through “pay for use” models, similar to those for water and electricity utilities. Fully leveraging the speed, reliability and agility of modern cloud services, the Government of Canada will be able to improve its digital service delivery to Canadians. Shared Services Canada is the liaison between qualified external cloud service providers and Government of Canada departments, and its mandate is to ensure the best possible secure cloud solutions to meet the needs.

Moving Applications
Building on the work of the below Windows Upgrade Projects, and to continue to modernize the Government of Canada information technology infrastructure Shared Services Canada is helping departments move their applications from older data centres to modern data centre facilities or the cloud. The Workload Migration Program (WLM Program) will ensure that the infrastructure supporting critical applications and data is - reliable and secure, which will reduce the risk of service disruptions to Canadians.

The WLM Program’s objective is to improve application health and reliability by accelerating the modernization and migration of workloads from legacy data centres to the cloud and enterprise data centres to support Canada’s Digital Agenda. Hosting applications on modern enterprise services will allow for the standardization and harmonization of applications to support similar business functions across the GC, reducing duplication, service interruptions, streamlining operations, and takes advantage of emerging technologies to deliver digital services to Canadians. There are currently 13 active modernization and migration projects with two additional planned, to continue the transition of over 300 mission critical applications onto more modern and reliable enterprise services, and in support the GC Digital transformation agenda.

Planning to modernize and migrate critical applications from older hosting solutions to newer and more stable environments requires careful coordination with partner and customer departments to accommodate the departments’ peak business cycles and blackout periods. In addition, workload migration provides the opportunity for partner and customer departments to assess the strategic direction for their applications and their associated plans for application modernization, a critical component of service responsiveness, reliability and continuity.

Shared Services Canada is simultaneously working to consolidate 720 of its original data centres and move the Government of Canada hosting solutions to the Cloud or one of four enterprise data centres. As of December 31, 2020, a total of 414 legacy data centres still require consolidation. It is the Department’s long-term goal, as the GC Cloud Broker, to ensure that it facilitates the secure, modern and reliable hosting of applications in cloud as determined by the client departments.

Modernize Information Technology Infrastructure
To mitigate cyber security and stability risks, Shared Services Canada works closely with departments to ensure that aging technology is cyclically replaced, and that the Government of Canada does not run unsupported hardware or software. Shared Services Canada’s Information Technology Refresh and Replacement program aims to move Government of Canada users from Windows 2008 operating systems to Windows 2016, and keeping current information technology infrastructure assets up to date, through hardware and software updates and processes to identify the need to either upgrade or replace an information technology asset.

Of course, cyclical refreshing or replacing of technology is not enough. In an effort to keep pace with the rapidly changing information technology environment, Shared Services Canada created a Chief Technology Officer Branch in January 2019. The Branch is mandated to ensure federal programs for Canadians benefit from the latest digital technologies available. The Chief Technology Officer Branch’s Reliability and Security division is developing standards, tools and methodologies to conduct reliability assessments to support clients in improving the performance and reliability of their applications on Shared Services Canada Infrastructure.

Windows Upgrade Projects and Linux/Unix Operating System Modernization Initiative
As software and operating systems age, companies generally support their products with security patches and updates to ensure ongoing performance and stability. Eventually, most software and operating systems age beyond a point where it is supported—at which point continuing to use them begins to carry escalating risks associated with both security and stability. Shared Services Canada manages certain foundational software licences necessary to run data and application hosting systems. For example, the Department is responsible for the life cycle of approximately 23,000 operating system licences for Microsoft Windows Server 2008, which are necessary to run many critical data and application hosting systems. As Microsoft ends standard support and updates for this operating system, Shared Services Canada is working with all its partners and customers to ensure that servers running these operating systems are either updated with newer supported versions, or where possible, decommissioned. As of March 15, 2021, 79% of Windows 2008 servers across the Government of Canada have been upgraded (17,871 of 22,582 servers). The remaining servers will be updated in 2021-22.

Another example is the Linux/Unix Operating System Modernization Initiative (OSMI). OSMI is a multiyear initiative designed to identify and upgrade obsolete and/or unsupported Linux/Unix Operating Systems. The initiative will target obsolete and/or unsupported server infrastructure hosted in legacy environments, and reduce the number of different types of Linux/Unix operating systems, enforce a standard and prepare partners environments for migrations to an Enterprise or cloud environment.

This work ensures the Government of Canada minimizes costs associated with buying specialized support, as well as mitigates security and stability risks inherent to running outdated software and operating systems. As part of this work, Shared Services Canada and Treasury Board of Canada Secretariat have been working closely with departmental chief information officers to take stock of older applications running on these systems and consider replacing them with newer applications that can be hosted either in the cloud, or on more stable infrastructure.

Annex
The following key projects and programs aim to ensure the reliability and security of information technology systems and applications. They will also enable Shared Services Canada to work with customers to determine the best hosting solutions—whether cloud or enterprise data centres.

Other Shared Services Canada-led Active Projects
(2019–2020 and ongoing)
Database as a Service: This project will determine the need and viability of establishing an optional Database-as-a-Service for customer departments to realize efficiencies and economies of scale across the GC.

Enterprise Data Centre Borden Facility Expansion and Information Technology Establishment Projects: Facility enhancements have been achieved through a public/private partnership, and have been constructed in a modular design providing maximum flexibility to Shared Services Canada for future upgrades. The Information Technology Establishment project will implement Data Centre Enabling Services to provide improved customer services. It will implement initial compute, storage, network, and security footprint in the newly established Enterprise Data Centre Borden.

Enterprise Data Centre Montréal Facility Establishment and Information Technology Establishment Projects: Facility enhancements have been achieved through a contract with a private sector provider to house the specialized information technology server, storage and network infrastructure for computing intensive workloads associated with Government of Canada scientific applications. The Information Technology Establishment project will implement Data Centre Enabling Services to provide improved customer services. This project will implement initial compute, storage, network, and security footprint in the newly established Enterprise Data Centre Montréal. Additionally, this project will implement infrastructure to streamline preparations for the Dorval Data Centre migration project.

Government of Canada Cluster: This activity will analyze the potential to group customer departments by infrastructure requirements (business and technology clusters) and propose opportunities for these departments to work together to achieve business and fiscal efficiencies and efficacies.

SAP HANA Implementation: This activity will support a standardized platform to support the Government of Canada SAP HANA financial software implementation, and will support departments that are planning to migrate to this latest version of the software in the coming years.

Software Asset Management: This project will implement an enterprise software asset management system, including a tool to improve the management of licenses for data centre, network, email and security software. Once operational, software asset management will generate savings by avoiding costs associated with paying for vacant or unused software licences.

Reliability and Security: SSC is developing standards, tools and methodologies to conduct reliability assessments to support clients in designing reliable Enterprise Applications. As well, SSC is developing a revised Infrastructure Re-zoning Security Strategy (working closely with ESDC) as we determine how systems in GC data centres will interact with systems in the cloud.

Reliability is a key driver of customer and end-user satisfaction. SSC is designing and implementing a Performance and Reliability program focused on elevating Performance & Reliability for the GC and SSC Infrastructure to support of departments’ applications. The program will support workload modernization and migration and provide departments with Application Reliability Assessment services and tools, guidance, and best practices.

SSC-led Workload Migration Projects:
The following departments are currently in the scope of active WLM projects, from pre-planning to implementation activities:
• Canadian Food Inspection Agency
• Canada Revenue Agency and Canada Border Services Agency
• Correctional Services Canada
• Department of National Defence
• Employment and Social Development Canada
• Environment and Climate Change Canada
• FINTRAC
• Global Affairs Canada
• Health Canada
• Innovation, Science and Economic Development Canada
• Natural Resources Canada
• Public Services and Procurement Canada
• Statistics Canada
• The Privy Council Office
• Transport Canada

·       Some of the key projects and programs being undertaken by Shared Services Canada with regard to information technology systems and application health include:
o modern cloud solutions;
o migration of critical applications to more stable hosting environments; and
o updating obsolete operating systems such as Microsoft Windows and various Linux/Unix server technologies, where the operating system is no longer supported by the vendors.
o Updates to and/or modernization of applications, or migration as-is lies with the customer departments to identify as part of their application modernization plans. SSC supports and works with the customer departments in developing the required plans