1 Company confidential DSMP2 Technical Architecture High Level Design - Overview This document is...

1 Company confidential

DSMP2 Technical ArchitectureHigh Level Design - Overview

This document is confidential and is intended solely for the use and information of Barclays

Authors: Eric Shaw, Ian Wilkins

Version: 1.0

Version date: 05/06/2006

Status: Issued

Audience: CIO Architecture Board

Authors: Eric Shaw, Ian Wilkins

Version: 1.0

Version date: 05/06/2006

Status: Issued

Audience: CIO Architecture Board


The current Desktop environment is complex, aged, unstable, non-performant, difficult & expensive to maintain and an inhibitor for collaboration across clusters, business units, sites and teams

Ageing Hardware

Poor performance and frequent breakages SLAs for fix or replacement are too longToo many different makes/models of hardware and peripherals make support difficult

Ageing Software

NT4 support only available via “special” (high cost) support arrangements with Microsoft NT4 compatible hardware not generally available anymore and often requires additional components Difficult to manage business critical data across older (97 & 2000) Microsoft Access databases and current (2003) ones

Complex Operating EnvironmentHuge number / variety of domains and supporting infrastructure makes the integration of business processes expensive and difficult to achieveUsers often have to queue to use dedicated machines with certain “special” applicationsLack of commonality across different networks (CIPE, GIPE and WIPE) make some cross-site working impossible

Executive Summary – Issues with Current Desktop Environment

Poor Collaboration

Lack of integrated email and calendar capability makes it difficult to do simple tasks such as co-ordination of diariesUsers on different versions of applications makes data sharing across sites and business units difficult and/or impossible

Poor Service Offering

Mobile users forced to use a low bandwidth, telephone based dial-up solution resulting in loss of productivityIMAC process does not meet agreed SLAs or reflects the true business needsDR / WAR environment is not robust or not fit for purpose

Poor User Satisfaction

Employee opinion survey scores across UKB constantly shows staff are unhappy about the quality of the desktop service they are given e.g. ageing and unreliable desktops, laptops and printers Mobile works frustrated at time wasted in waiting for data to be synchronised across the low bandwidth dial-up service


DSMP is working to a set of fundamental principles in line with Barclays and industry best practices

Executive Summary – The Principles

Simplify engagement processes

Improves speed of delivery for all services, lowers cost and increases user satisfaction

Allow business unit and user flexibility

Meets business units and user requirements, helps support future business change (e.g. M&A activities), increases overall business unit and users satisfaction

Standardise where possible Lowers costs, drives economies of scale, increases stability, enables collaboration and makes future upgrades much easier, faster and at a reduced cost.

Centralise IT hardware Lowers “total cost of ownership” (TCO), provides a more robust, stable & scalable platform and increases business flexibility

Centralise applications hosting

Lowers costs, provides a more standardised set of applications and increases business agility

Use latest (proven) technologies

Improves performance, increases security & stability, provides support for new business applications and allows access over new access channels

Meet regulatory requirements

Meets DDA requirements (ensuring accessibility for all staff), mandatory email / data retention requirements and Sarbanes Oxley logical access controls

Dual source where possible Ensures competitive pricing and access to a wider variety of vendor offerings

Be fully secure Implements industry standards, enables common authentication, protects against unauthorised access to applications and business data


Working in partnership with Getronics, DSMP will build a secure, standardised, scaleable set of IT infrastructure & services to users across the CIO, UKB and Wealth Management Clusters. Starting in Q4 2006, DSMP will deliver:

A new IT Desktop Service30,000 new Desktop PCs and laptops will replace the current obsolete environmentsLatest versions of Microsoft Windows and Office productivity toolsRapid desktop deployment process speeds delivery Differentiated service models supports different user / cluster requirements

Increased Business AgilityCentralised hosting of applications improves performance, stability & flexibility and ensures consistent versions of applications are delivered to all sitesImproved testing and development platform increases speed of delivery and lowers costsAutomation of common IMAC processes via an integrated provisioning solution enables user self-servicingCentralised storage increases business units flexibility around storage limits, lowers cost and improves “back-up & recovery” times

Improved Regulatory complianceCentralised storage and archiving solution implements regulatory requirements around email and document archiving/retention.Revised data centre approach offering greatly improved work area recovery and disaster recovery

Increased MobilityUse of modern connectivity techniques offers mobile workers faster, more reliable access to Bank resources from a wider range of locations while lowering the cost of service

Use of modern office tools allows email access by staff from non-bank PCs and a wider range of handheld devices

Improved Messaging

New group wide email solution provides almost immediate internal mail delivery and enables calendar / diary sharing across clusters, business units and sitesSecure email provides secure communications between Barclays and external partnersInstant messaging capability allows users to communicate immediately lowering emails / telephone call volumes

Improved CollaborationNew corporate portal promotes cross business unit / cluster collaboration and provides a place where cross-site teams can share knowledgeIntegrated user authentication improves user experience New virtual meeting capabilities improves remote users participation in meetings by enabling them to see/share documents and participate in “virtual whiteboard” sessions

Executive Summary – Programme Overview


Desktop and Laptops

New, improved hardwareWindows XP SP2 - Office Professional 2003 SP2Delegated administration for business customisationGetronics RDX for rapid delivery

Active Directory

Windows Server 2003 R2Common LDAP based authentication for all usersGPOs enable consistent configuration of systems and flexibility for business customisation3 ADs reduces risk, increases flexibility of service offering & speeds migration processScaled for 100,000 + users

Mobile Working

ADSL, wireless, 3G, GPRS accessOutlook web access for browser based emailBlackberry enterprise V 4.1

Internet Gateway

Hardened internet appliancesSpeed, stability - better utilisation of bandwidthSMime and PGP based secure email

Executive Summary – The Technology

Email / Collaboration

Single centralised Exchange 2003 platformNew SharePoint 2007 portal Scalable to 100,000+ usersAvailable to all business units

Data Centre

Blade technology for high density server deploymentASDRF data replication between data centresCentralised enterprise class EMC DMX SAN and backupEnterprise vault archiving solution delivers regulatory requirements

Server Based Computing

Citrix Presentation Server V4 Separate zones / farms for different business units > 1,500 servers supporting > 1,000 applications

Provisioning

Offers user self serviceAutomates frequent IMAC processesReduced manual operationsFlexibility to integrate with existing bank systems

DSMP will exit the obsolete NT4 platform and deliver the latest (proven) technologies


Technology Vision Key Facts

DesktopStandard hardware with a small number of optional extrasSingle kernel consisting of XP SP2, SMS and Citrix clientAutomated and rapid deployment model

25,500 desktops, 7,700 laptopsFuture option for thin client (tbc Q406)

ServersDual vendor strategyBlade technologyAutomated and rapid deployment model

Windows 2003 release 2Approx 2,000 servers (across live, dev & DR/WAR) Mainly centralised in data centre and DR site

ApplicationsStandard deployment models (fat, thin, COE, virtual)Centralised application hosting platformCentral application asset management solution

Approx. 1,100 applicationsMultiple Citrix farms built to same standardsPeregrine asset management (tbc)

Email & Collaboratio

n

Centralised email platform providing core messaging functionalityCentralised portal provides collaboration across business unitsAdditional services for mobility support, instant messaging etc.

Scaled for 100,000 mailboxesAdditional functionality with SPS/WSS 07 Support for Blackberrys, IM, Smartphones

Mobility Comprehensive mobility support including ADSL, WIFI, 3G, GPRSRemote network access provided via IPSec & SSL based VPNs

Initially scaled to 6,000 UsersDesign can be scaled as required

ActiveDirectory

Unified Active Directory, 3 forest designUsers / key resource management automated via the use of a “provisioning engine” tied into a self-service portal

Forests for users, collaboration and appsProvisioning engine (tbc via RFP) will automate common IMAC tasks re: User/Resource creation/ amendment

Data Storage

Centralised file services and back-up based on EMC DMX SANsSingle instance archive for mail, instant messaging & SharePoint dataEnables efficiency and meets regulatory requirements

Faster, lower overall cost, more reliable storageEstimate around 180 TBFull DR support and email Archiving via enterprise vault

PrintCentrally managed print service serving multi-functional devicesRoaming staff able to easily find and print to devices in remote sites

Users to be able to locate printers close to themCompression improves printing to smaller sites

Virtualisation

Small number of environments support multiple test environmentsHosts production systems for consolidation Deliver legacy applications that are unsupported on Windows 2003

VMWare ESX provides the virtualisation platform5 virtual servers hosted on 1 physical server

NetworksBuild on the MPLS upgrade and provide network quality of serviceOptimise server / application delivery to ensure efficient use of bandwidth

Quality of service enables prioritisation of important network traffic over general file transfers etc.[N.B. This will require changes to the BT contract]

Target State - Key Technology Summary


Overall End-to-End Architecture Overview with Centralised Server Infrastructure


End-to-End Design Overview - 1Strategy

Address current key business issues around desktop technologiesCentralisation of IT hardwareCentralised hosting of applications and delivery via thin mechanismsConsistent user experience interface for applicationsUse of latest proven technologiesCompliance with regulatory and previous audit requirementsDual sourcing strategySimplification of the engagement processIncreased security in the design from day oneIncreased flexibility and speed of business customisationLocal infrastructure deployments by exception onlyDSMP AD to contain no legacy systemsImproved internet connectivityImproved remote working options

Desktops and Laptops

New hardware - 2 laptops and 1 desktopOptions for developers e.g. multi display, increased memory, faster processorsWindows XP SP2 and MS Office 2003 R2Getronics RDX delivers build in-situ within minutesLaptops wireless enabledThin layer of CORE apps the rest delivered using SMS

Client Interface

2 Main interfaces for applications supportedApplication portalWindows “Start menu”

Both local and thin applications can be delivered by eitherUsers will utilise one interface as default

ServersWindows Server 2003 SP2Blades primary server device-higher density and lower TCOSAN and non SAN optionsGetronics RDX to deploy single OS imageUse of MOM for alerting and monitoring

Data CentreCentralised systems in Gloucester data centreSynchronous replication of SAN data between Gloucester A&B [n.b. not possible today due to DC constraints]Asynchronous replication of SAN data to DR siteWater cooling of systems

Site TopologySmall sites to have no local infrastructure. All services are centralised to minimise costsMedium sites with centralised infrastructure but may require local print server. No local data.Larger sites optionally have local infrastructure but data, email and application services will be centralised wherever possibleLarge savings from centralised data storage due to reduced backup needs, archival and single instance capability


End-to-End Design Overview - 2Active Directory

Windows Server 2003 Release 2Three forest models, users, collaboration and applicationsReduced risk exposure through additional forestsEnables core services (e.g. email) to be served to non BDS+ users (e.g. Barclaycard)Single Exchange email organisationCommon authenticationAbility to trust other domainsDelegation of OU’s allows AD service offering to non BDS+ users XP/Windows 2003 with other versions by exception only

NetworkHigh availability and resilient design for all data centre server infrastructureSystems segregated into VLANs to reduce risk802.1x authenticationUse of management LAN for serversLink upgrades and QoS to support centralisationWireless LAN for campus sites - future consideration

Remote AccessMultiple access options for network connectivity via ADSL, wireless, 3G, GPRSIPSEC VPN to support 6,000 concurrent connectionsSSL VPN scalable to support 2,500 connectionsCurrent two factor authentication solution reusedCisco firewall and VPN client for all laptopsQuarantine of laptops on connection

Data Storage and ArchiveDual centralised SANs based on EMC DMXCapacity for 180TB of data, scalable well beyond thisLocated in Gloucester A & B buildings (n.b. Target state, not currently possible due to environment constraints in Gloucester)Synchronous replication between Gloucester A&B Appliance hardware for single instancingEnterprise vault for email archival (meets regulatory requirements)Server boot images stored on SANSnapshot capabilities for improved backup

Messaging & CollaborationSnapshot capabilities for improved backupCentralised clustered Exchange 2003 serversLive communications Server 2005 Enterprise Office Communicator for messagingNew SharePoint 2007 solutionSystem scaled for 100,000 usersAll collaboration systems in one resource forestExternal OWA access for email across internet from browser PCsInternal OWA access to support email from legacy environmentsEnterprise search capability

Server Based ComputingWindows Terminal Server 2003 and Citrix Presentation Server 4Solution supports roaming and reconnectionFarm split with 75% capacity across Gloucester Towers A & BEstimated at 30-40 users per serverApplications will be delivered more effectively to remote locations and licences can be managed more efficiently


VirtualisationVMWare ESX 2.5.3 Supports production, development, test and hosting of legacy systemsProvides consolidation of serversVMotion provides increased flexibilitySAN attached for guest images5 to 15 virtual guest hosted per physical server

Provisioning• Interfaces to existing Bank solutions (ESP)• Automates common IMAC tasks (new user,

password reset, new share, etc.)• Removes need for technical tooling for staff• Ensures consistency / management of user roles

Printing• Managed print service within office locations• Provides B/W and multifunction devices• Mobile users can connect to locally attached

printers• Citrix application print from central print servers

Automation• Getronics RDX solution with SMS Server 2003 for

software, image and patch distribution• Supports “wake on LAN” and “PXE boot”• Deploys standard server images in minutes• Predictable and repeatable solution• Support for mobile users

DR/WAR/BCMAll platform components are resilientSynchronised SAN replication would allow failover to Gloucester B without data lossReverts to DR site with minimal data lossSAN attached devices brought online very quicklyLocal Backup – no shipping tapesWAR provided by virtualised desktops hosted centrally

Development and Test EnvironmentsServer development supported via virtualisation and physical systems – physical systems where performance evaluation is importantClient development environments supported via relaxation of policy on local PCs plus virtual client desktopsRevised support model for developer desktopsTesting environments supported through virtualisation primarilySAN images provides for rapid deployment, “snapshots” and “point in time” restoresVirtualisation speeds development as systems can be rebuilt in a few minutes

End-to-End Design Overview - 3


BDS+ Client Interface OverviewApproach

Supported across all client types (PC, laptop, “thin client”)Easy to use interface delivering applications in a consistent manner regardless of how application is hostedUsers only presented with applications they are entitled to accessSupports copy and paste between local and server based applicationsSupports user roaming between different network scenarios (e.g. users accessing applications over the mobility solution)

Target DesignTo be confirmed as part of a “Proof of Concept”

Option 1: Citrix program neighbourhood – Applications presented to the user via the local “Start Menu”

Option 2: Web “Portal” – Applications are presented to the user via a browser based interface

Files associated with an application (e.g. a “.doc” file for a Word document) will be configured to ensure it opens (seamlessly) in the correct environment.Citrix-based applications will be integrated as “published” applications, allowing copy and paste between them and locally installed applications

Key benefitsConsistent user interface ensures easy access to all applicationsSeamless integration between applications enables users to easily copy data between local and Citrix-based applicationsIntuitive user interface requires minimum user training


Key Technologies – Citrix (Server Based Computing)

Approach

Deliver majority of client side applications “Thin”Support central delivery of applications to all sites Ease desk/office moves and support roaming usersEnsure optimal use / management of software licensesEnsure minimum impact on NetworkHigh availability and performant

Target Design

Citrix Presentation Server V 4.0 used to host client applications All clients (including non BDS+) can use an ICA client to connect to the Citrix Farms allowing access from any deskSoftware tool (tbc) is installed allowing control of licensingWAN capacity is estimated at 15 Kbits per concurrent usersNumber users per server (currently estimated at 30) is monitored to ensure high performanceCitrix Farms split across Gloucester A & B (n.b. currently not possible due to environment constraints) + capacity for DR

Key BenefitsCentralised delivery of applications increase business flexibility and eases desk / office movesRoaming users can access their applications Can deliver applications to remote users if required (e.g. Virtual Contact Centre)Ensures future desktop upgrades are easier, quicker and cheaper to implement

*30 users per server is a very conservative figure, further investigations may well prove that this is more like 60+ Users

Overview SBC target farm design:


Key Technologies – VMWare (Virtualisation)Approach

A cost effective, stable and scalable platform forHosting Development & Testing Consolidating servers with low to medium utilisationHosting legacy applications that will not run on the

current versions of windows Hosting client images to support work area recovery

Indistinguishable to Physical environments in terms of automated build, patch management, backup / recovery and monitoringHigh availability and performant

Target Design

ESX provides a highly scalable, cost effective platform for hosting Virtual Machines & can support 5 – 15 virtual servers per physical machineAll virtual machine images will be held on the SAN with the option to use snapshot technologies to facilitate fast recovery in the DR siteDeployment model for physical and virtual windows servers is identicalVMotion will be used to seamlessly move a virtual server or workstation from one physical machine to another.Virtual Center will be used to provide failover capability within the data centre and to DR site

Key Benefits

Greatly reduces number of physical servers requiredOffers flexibility in the migration / hosting of legacy applications Facilitates a quicker, cheaper and more flexible WAR / DR capabilityHigh-availability ensures SLA requirements are met

Virtual MachinePhysical Machine


Provisioning Approach

Increase automation & enable user self-servicing for common tasks Provide delegated administration capability to enable support areas to effectively support their users / applicationsSimplified / standardised interface allows non-technical staff to useControl access rights across the whole of the environmentIntegrate with existing Barclays solutions (e.g. ESP, Service Centre)

Target Design (tbc via RFP)

Selection of an automated provisioning engine that will integrate with existing / updated ESP and Service CentreAll common tasks will be automated, including

User creation / change / deletionPassword resetsAdditional / reduced user access to services /

resources / groupsEmail account creation / change of mail limits /

deletionPrinter creation / access

Key Benefits

Greatly reduces support / administration costs for common tasksAllows business users to self service thus increasing response times and user satisfactionImplements more standardised access to services making the environment less complex and easier to supportImproves controls around user logical access rights helping to meet Sarbanes Oxley regulatory requirements

Internet

Provisioning Integration Layer

SBC

Service Center

Print

email

SharedServices

Barclays LAN802.1x

VPN

BarclaysEnterprise Directory AD

ProvisioningManagement

CMDB

ProvisioningDB

GetronicsOperational

team

First LevelBusiness IT staff

UsersSelf

services


Work Area Recovery and Disaster RecoveryApproach

Standardised WAR services supporting multiple business units & sitesAll services are available and meet agreed / acceptable service levels All critical Business services are available in a DR situation and perform to agreed / acceptable levels

Target Design

Small number of WAR sites supporting multiple Business UnitsVMWare ESX will host a virtual representation of the Users desktop (including applications/data) allowing access from commodity PC hardwareCentralisation of Applications enables delivery to WAR site much simplerAll critical Services will be replicated in the Disaster Recovery site but will only be invoked in the event of a complete Data Centre loss

Key Benefits

Small number of WAR sites reduces costs and increases service offeringBusiness Units remain operational in the event of a local or DC failure Full business operations can be recovered much faster in a WAR scenarioIn the event of a Disaster Recovery situation, critical services can be recovered quickly with Data Loss being limited to 2 hours (where required) in comparison to today’s situation of 24 hours

1 Company confidential DSMP2 Technical Architecture High Level Design - Overview This document is...

Documents

Transcript of 1 Company confidential DSMP2 Technical Architecture High Level Design - Overview This document is...