Case Study: Addressing Security Concerns and Legacy System Retirement
Background
A customer in the healthcare vertical had an aging authentication system that they no longer wished to maintain or support. They had made the move to Microsoft 365 and wanted their users to leverage the Single Sign On (SSO) capabilities of that platform using industry-standard protocols such as OAuth. Nearly a dozen applications were utilizing the legacy authentication system. In addition, the applications and the platforms they were running on needed some upkeep to address security concerns. The scope of the project also included switching applications to point to a major version upgrade of the Oracle Database.
The business value gained included a streamlined authentication experience for employees, reduced maintenance workload through elimination of a legacy authentication service and database, as well as enhanced security and support by bringing systems current.
Challenge
It’s not uncommon for a maintenance need to set off a chain reaction of related needs. In this case, the client chose to upgrade to new hardware, operating system, web server, and application server (In this case Red Hat JBoss Application Server) versions. With “End of Life” dates looming for some of these architectural components, the added complexity was deemed necessary.
Migrating to updated versions of the software components would necessitate changes to the code. In some cases the changes would be significant enough to require complete regression testing of the application, which was a significant investment.
Solution
While setting up new environments for the applications, a plan was developed for deployment. The collective E-g and client team decided that pointing the existing applications to the new database would be best to relieve the inter-dependency issues. The applications were analyzed to determine if any proprietary Oracle features were in use that could create migration issues. The risk was deemed very low and the applications were migrated to the new Oracle database, tested and deployed with minimal business interruption.
With the database dependency out of the way, we focused on establishing a priority for the applications and resolving the technology and security related challenges. Some applications required very little work while others required moderate changes. It’s always tempting to expand scope and fix or enhance applications “while you’re there”. We resisted! We had some time-sensitive objectives so our goal was to stay focused on those.
We successfully tested and deployed the applications. For all the changes, the issues found in production were extremely few and very minor.
Key Takeaways
Software requires care and feeding. If you never change the oil in your gas-powered car, it will eventually fail. Software requires this kind of maintenance while also requiring updates to address security and support concerns.
As the number of concerns addressed during a single project grows, so does the complexity. This project required a lot of detailed coordination and planning to orchestrate the upgrade of all the necessary components.
Conclusion
Do we like to build new shiny things? Of course. However, we recognize that software must be maintained and security and system concerns are the reality. We’re here to help our customers maintain and care for their systems. It was fulfilling to know that we were helping our customer achieve greater data security, operational efficiency, better performance and a better user experience through SSO.