[ about ]
[ misc ]
[ wishlist ]
[ projects ]
[ resume ]
[ stats ]
[ media ]
[ recipes ]
DevOps: Onboarding and Offboarding WorkflowPosted under Work Stuff on Saturday, April 21, 2018 @ 8:06:16 PM
Show Previous Article Show Next Article
a big part of the ops work at my place of employment deals with the onboarding and offboarding of staff. we have around 30-40 new hires / terminations a year, and as a manual process that probably represents somewhere around 60-80 hours of work.
some of the big challenges we used to face are:
we implemented a system comprised of five main components:
the new hire form
this form uses active directory authentication and restricts access to members of our hr team. it collects all of the basic information we require such as name, contact info, job title, department, manager, office location, and start date.
it also collects additional information that can be used to kick off additional notifications / workflow tasks. for example:
fig 1 - the new hire form
the equipment request form
this form is filled out by the hiring manager to let it know what equipment their new employee will require.
the form provides information about the equipment policies (i.e. budget info, etc) and collects information related to:
if any of the selected equipment requires budget approval, a notification is automatically sent from the hiring manager to their elt (exec leadership team) representative (i.e. the big boss). the elt rep can approve or deny the request. in the case of approval, the relevant tickets to procure and issue the equipment are raised in our helpdesk software via an api call, in the case of a denial a notification is sent back to the hiring manager informing them. the elt rep can send a comment to note their specific objection and the hiring manager can refill the form and try again.
some items are handled by different teams (i.e. ip phone provisioning is handled by a different team than pc provisioning) and thus get separate tickets. tickets are automatically assigned to the appropriate person / team.
fig 2 - the equipment request form
the account creation script
the account creation script is a web form used by it to actually provision accounts.
it performs the following functions via api calls, vbscript and/or powershell scripts:
the termination form
hr has a web app where they can enter terminations in to the system. since this is a very basic form that only captures a limited amount of information i've omitted a screenshot.
the hr form collects the following information:
once hr submits the form, a link to the termination form is sent to the terminating manager so they can provide the required information to it.
the termination form collects the following information:
once the form is filled out, relevant tickets are raised in our helpdesk software via api call.
when we terminate an employee, we archive their pc files, e-mail (as a .pst) and voicemail. we then upload this data to amazon s3 and store it for 60 days. we have a web form that it uses to send the terminating manager links to this data and information on accessing it. the form uses a standard template informing the manager that they have 60 days to review the data before it's deleted. these notifications are frequently ignored and it gets requests for employee data, so it's handy for us to be able to tell folks to reference the automated e-mail they received because that prevents us from needing to take on additional work or deal with people (lazy is good).
fig 3 - the termination form
there is a collection of scripts running as scheduled tasks. they perform the following tasks:
all in all, this is a collection of systems that have been developed over a period of 3-4 years. they largely eliminate the need for ops to ever deal with a human being related to employee changes. it ensures we have all the information we need in a centralized location.
the web components are all developed in classic asp (that's just what i know, i haven't been a developer in 20 years). most of the scripts are in vbscript (same reason), though some needed to be done in powershell (i.e. interfacing with office 365, etc).
i've considered genericizing it and open sourcing, and may do so at some point in the future when i have more time to devote to it.