They all worked for a single state government. But until recently, Missouri's executive branch employees were dwelling in a wilderness of isolated IT villages.
Each of the 14 departments used its own Microsoft Active Directory system, the framework that organizes, secures and controls access to network resources, services and user accounts. Some departments used more than one, giving the state about 20 separate IT communities. Each community managed its own infrastructure -- controlled its desktops, looked after its security, operated its peripherals and updated its software. Each ran a separate e-mail system. If employees in different communities needed to share data files, or even schedule multidepartment meetings on electronic calendars, they had to give employees special access to one another's systems, saddling workers with extra user names and passwords to remember.
The quality of life in these IT communities varied widely, said Bill Bott, former deputy CIO of Missouri, who resigned in January 2009 to join the Change and Innovation Agency. "Some people were living in mansions; some people were living in shacks." Some, for example, had excellent antivirus protection, while others scraped by with shareware.
Over the past few years, though, Missouri replaced its hodgepodge of IT neighborhoods with a single, full-service community. As part of a broader effort to consolidate IT under the state CIO, it moved all 40,000 of its end-user accounts onto a single e-mail system and a single Active Directory.
This strategy, state officials said, streamlined IT administration and gave users more equitable access to IT resources. It's also saving Missouri millions of dollars.
Missouri consolidated its data centers into a single facility 10 years ago. But the state government was still running numerous IT operations. When departments failed to collaborate on business challenges, many people blamed that failure on the fact that they couldn't share data. Departments also conducted IT projects in isolation -- for example, implementing content management systems with no thought to how they might share resources.
To address these problems, then-Gov. Matt Blunt promoted a move to put all of the state's IT budgets, employees and equipment under the control of a single IT division. As IT officials discussed how to launch this consolidation, two ideas rose to the top. They would merge the Active Directory systems, also known as "forests," and they would bring the whole executive branch onto a single e-mail system.
One Pair of Keys
The new environment would be like a gated community with well run, shared services, Bott said. To access any of those services, a resident would need just a single user name and password -- one pair of keys, not a crowded, jangling key ring.
By migrating all users to one Active Directory system, Missouri was bucking a trend. Many organizations instead choose to build links among their separate directories, so data can pass back and forth among systems. That approach, however, requires some users to maintain multiple identifications, Bott said. And as the environment evolves, it develops features that aren't well documented. "It's cluttered, and it makes changes to the directory much harder to do," he said. "It's harder to manage."
Missouri started planning the consolidation in July 2005. Implementation began in January 2006 and wrapped up in November 2007, a month ahead of schedule. The project cost about $250,000, which was spent mostly on new equipment. Because in-house, salaried employees performed all the work, the state has not broken out the labor costs, Bott said.
The main challenges the project team contended with were political rather than technical. "One of the biggest battles we had with the agencies was over who was going to control security