1

Information Technology DivisionExecutive Office for Administration and Finance

Springfield Data Center Program Alignment –

ITD Engineering

2

Springfield Data Center Alignment – ITD Engineering

Agenda

Alignment Process and Schedule

Program Alignment

Service Offering Alignment

Procurement Update/Standards

Current ITD projects

Planned ITD projects

Alignment planning

3

Springfield Data CenterIT Consolidation Alignment Process & Schedule

Core ProgramAlignment (3/8 – 3/26)

Core ProgramAlignment (3/8 – 3/26)

Key Dependencies & Stakeholder

Alignment(3/29 – 4/8)

Key Dependencies & Stakeholder

Alignment(3/29 – 4/8)

Review & Review & FinalizationFinalization

(4/12 – 4/30)(4/12 – 4/30)

Review & Review & FinalizationFinalization

(4/12 – 4/30)(4/12 – 4/30)

ANF Final ANF Final ReviewReview

5/45/4

ANF Final ANF Final ReviewReview

5/45/4Benefits, Financials, ScheduleBenefits, Financials, ScheduleBenefits, Financials, ScheduleBenefits, Financials, Schedule

ScheduleScheduleScheduleScheduleProcessProcessProcessProcess

Financials Lou Angeloni

Staffing/HR Ellen Wright

Procurement Linda Hamel

Facility Budget DCAM

Energy Strategy DOER 4/12

Services John Letchford

Technology Jason Snyder

IT Consolidation John McElhenny

Security Dan Walsh

IT Governance ITD 4/14

IT Executive Review ITD 4/16

Energy Strategy &Facility Budget Review

DCAM 4/20

ANF Review Preparation DCAM 4/28

44

SDC – Data Center Consolidation Alignment

DCC – WAVE 1DCC – WAVE 1Disaster Recovery Disaster Recovery

(Waves 1, 2(Waves 1, 2)

Primary Hosting Primary Hosting January 2012 January 2012 (Wave 3)(Wave 3)

Disaster Recovery Disaster Recovery

(Waves 1, 2(Waves 1, 2)

Primary Hosting Primary Hosting January 2012 January 2012 (Wave 3)(Wave 3)

Network, Storage, Security,DR, VPC

Network, Storage, Security,DR, VPC

Virtual Private CloudVirtual Private CloudVirtual Private CloudVirtual Private Cloud

TechnologyTechnology

IT Service ExcellenceIT Service ExcellenceAutomation, Service Desk,

ITIL, ChargebackAutomation, Service Desk,

ITIL, Chargeback

DR in Waves 1,2Evolution to Primary Hosting in Wave 3

DR in Waves 1,2Evolution to Primary Hosting in Wave 3

Data Center InfrastructureData Center InfrastructureData Center InfrastructureData Center Infrastructure

Security Framework ArchitectureSecurity Framework ArchitectureSecurity Framework ArchitectureSecurity Framework Architecture

Automated Tools:Automated Tools:Provisioning, Monitoring, TicketingProvisioning, Monitoring, Ticketing

Automated Tools:Automated Tools:Provisioning, Monitoring, TicketingProvisioning, Monitoring, Ticketing

New Chargeback ModelNew Chargeback ModelNew Chargeback ModelNew Chargeback Model

55

Services – ITD Service Models

Network & DataNetwork & Data-Backup & Recovery-Database Hosting

-Network, Storage, Telecom

ApplicationsApplications-CIW

-HRCMS-Mass.Gov

WorkgroupWorkgroup-Desktop and File

-Messaging, Print & Mail-Content Mgmt

ITD TodayITD Today6 lines of Business6 lines of Business

ITD Jan 2012 @ SDCITD Jan 2012 @ SDC

IntegrationIntegration-CommBridge

-Secure File / Email Delivery-XML Gateway

HostingHosting-Co-Location, Distributive Hosting

-DR-Mainframe

SecuritySecurity-Cert Mgmt

-Firewalls, VPN, IPS/IDS -UAID

-Vulnerability Assessment

HostingHostingVPC (Virtual Private Cloud Infrastructure)•Secure Resource Pools•Highly Available & Continuously Available DR•Secure Co-location•Actionable Service Catalog•Shared ITIL Services•Dynamic Provisioning

WorkgroupWorkgroupPrint / Mail

Network & DataNetwork & DataDCI (Data Center Infrastructure)•MAIN – High Speed Network Link•10 Gig Converged Ethernet Switching•Storage – Multi-Tiered•Backup & Recovery – Dedup

SecuritySecurity-Centralized Security Polices and Identity Mgmt-Higher Density Security (Firewalls, VPN, IPS/IDS)-Centralized Vulnerability Assessment

Technology – 4 Point Solution Model

7

Technology Virtual Private Cloud (VPC)

Virtual Private Cloud Description:

Supports heterogeneity of both Physical and Virtual Resources

Capacity:

960 Virtual Hosts 250 TB SAN

Technologies:

ITSM Service Desk – Incident, Asset, Change, Auto Discovery Capacity Management – Performance Monitoring, Analysis, Forecasting Events Management – Correlation of Events & Automated Responses

Shared ITIL Processes CMDB – Configuration Management Database Financial Management – Collection of Resource Utilization & Billing

Virtual Private Cloud Management Image Library – Standardized Image Management Actionable Service Catalog- Request Management, Automated Provisioning of OS and Storage Monitoring- Agent for OS, VM, Databases, Network and Server hardware Service Catalog Web Interface & Dynamic Provisioning – End User Driven Resource Management

Virtual Private Cloud Infrastructure VPC Infrastructure – Server & Supporting Network Infrastructure VPC Virtualization Software – Host & Systems management software VPC Storage – Tiered storage VPC Secure Pools – Secure resource pools abstracting applications from hardware

ITSM & VPC Management Shared InfrastructureHosts and software for ITSM & VPC

Management Tools

Virtual Private CloudInfrastructure

Private Virtual Pools

CMDB

Actionable Service Catalog

(Policies & Workflows)

Financial Management (Chargeback)

NETWORK

SERVICES

DCIDATA CENTER

INFRASTRUCTURE

Dynamic Provisioning

(Service Catalog)

Virtual Private CloudManagement

Image Library

BLADE SERVER

FARM

SecureZone

Storage Tiers

2

3

1

SecureZone

SecureZone

Service CatalogWeb Interface

Common Monitoring

Agent

Service Desk

Capacity Mgmt

Events Mgmt

Monitoring

ITSM Shared ITIL Processes

ITSM & VPC MANAGEMENT SHARED INFRASTRUCTURE

8

Technology Consolidated Disaster Recovery & SAN

Consolidated Disaster Recover & SAN Description:

Cost effective DR & SAN for any application which easily grows with the quantity of applications and throughput requirements.

Supports any OS, host, data source with high level of interoperability.

Capacity:

100TB Enterprise 250TB Mid Tier96 Hosts

Technologies:

Data Replication- Enterprise & mid-tier software disk-to-disk backup and appliances

Storage virtualization- Legacy host replication

SAN switching- 8Gb/s

Backup and Recovery- Enterprise Web enabled

Site Recovery Manager- Software to recover Virtual Environments

Storage Array – Fiber Channel/ SATA II/ Solid State

SA

N E

dge Fabric

Storage Area Network

HOSTS High/Mid-

Range

Tape Library

Mid Tier Storage

EnterPrise Storage

Rack/Virtual

SA

N C

ore Fabric

SA

N E

dge FabricS

AN

Core F

abric ReplicationAppliances/Software

MAINWide Area Network

SDCConsolidated Disaster Recovery

Business Continuity

MITCReplication

Appliances/Software

Enterprise Backup &

Recovery Servers

Et her net LA

N

Et her net LA

N

Et her net B

AC

KU

P LA

N

Mid Tier StorageBackup

Catalogs

Mid Tier StorageReplicaBackup

Catalogs

Enterprise Backup & RecoveryWeb Enabled

Enterprise Backup & RecoveryWeb Enabled

Remote Console

MITC Server Farm

9

Technology Data Center Infrastructure (DCI)

DCI Description:

Perimeter and distribution infrastructure for Springfield Data Center.

Capacity:

160 racks of Disaster Recovery and Primary Hosting Infrastructure.

Technologies:

Perimeter-

Carrier-class edge routers with integrated, high-density Ethernet switching; IP/MPLS routing 10 to 40 Gbps line cards

Aggregation Switching

720 Gbps supervisor engines; Gigabit to 10 Gigabit Ethernet I/O modules; Control (MAC) security with hardware based 128 bit AES encryption.

Security

Firewalls – Boundary protection and access controls for network resources

Intrusion detection system 0 detects and alerts on possible network attack

DNS – hierarchical naming system for computers and services

VPN Concentrator – allows secure remote access

Security Incident * Event Mgmt System – correlates from network systems to determine possible security incidents and events.

Components Quantity Discounted CostCore Routing & Switching 4 $278,400Aggregation Switching 6 $1,386,200Cabling systems; Cable organizers <160 Racks> $40,600

Perimeter Firewalls 2 $91,640

Interior Firewalls 2 $91,640Intrusion Detection System 2 $49,560Domain Name System (DNS) 2 $6,469VPN Concentrator 2 $29,500

Security Incident & Event Management system 1 $590,000

Total: $2,564,009

Technology - MAIN Network

MAIN Description:

High speed fiber optic transport backbone WAN (Wide Area Network) link from MITC to SDC

Capacity:

Scalable bandwidth capacity for 10 Gbps (Gigabit per second) up to 100 Gbps speeds

Technologies:

Network: Redundant connectivity using Multiprotocol Label Switching (MPLS) makes it easy to create "secure virtual links" between distant nodes

Multiplexing Backbone Network: Gigabit Ethernet switching; ATM, MLPS, WDM, SONET, Carrier Ethernet Optical Transport, ROADM 3 Degree

Components Quantity Discounted Cost

ROADM 3 Degree 3 $ 940,800

SONET Demarc 3 $ 285,600

Carrier Ethernet Switch 3 $ 268,800

Fiber Routers <3 sites> TBD

Total:   $ 1,495,200

SDCSpringfield

MITCChelsea

MAIN

Perimeter and Interior Defenses

Firewalls enforce access policies for the data center and provide a line of defense for data center assets.

Domain Name System (DNS)

DNSSEC will provide a secure hierarchical naming system for computers and services

Intrusion Detection System

Detects and alerts on possible network attacks,Passive sniffer, inline bridge, inline Proxy-ARP, inline

router and daily and emergency signature updates VPN Concentrator/ACE Server

Allows secure remote access with two factor authentication

Security Incident and Event Management system

*Log Management: Collects, stores, and mines all network, security, and application information from IT

infrastructures.* Threat Management: Correlates and detects threats

across heterogeneous network and security technologies.

* Compliance Management: Delivers comprehensive validation for compliance and policy monitoring.

Trusted Zone Architecture

Trust Zone Architecture is the base principle of ITD’s new Information Security Framework. It helps to logically segment applications in a pragmatic way that optimizes operations and provides for Confidentiality, Integrity, and

Availability based on certain predefined criteria.

Firewalls Firewalls

Technology – Zone Based Security Model

12

Technology – Capability Matrix

Domain Efficiency Scalability Flexability

Network

Unify and Minimize Physical Connectivity of Multiple Network Functions into One Chassis

More bandwidth in fewer connection to multiple hosts

Ability to scale efficiently to support future technology solutions without re-architecture

SecurityConsolidates separate security functions into a centralized security architecture

Ability to scale protection of data from least to most sensitive levels within centralized architecture

Greater adapability to detect and respond new threat vectors

Storage

Consolidation of physical storage and implementation of new efficiency technologies

Greater levels of storage density and performance standards

Ability to offer multi-tiered storage with dynamic resource allocation

Systems Management

Fully automated integrated services management with virtual and physical assets

Enterprise class large scale platform scaling with the environment

Provides automation platform for present and future demands

Disaster Recovery Cost effective DR for any applicationEasily grows with quantity of applications and thruput requirements

Supports any OS, host, data source with high level of interoperatbility

HostingOptmizes use of system resources in a high density virtualized model

Dynamically add resources and applications with no impact to production

Physical infrastructure is abstracted from applications managed as resource 'as needed' model

13

Standards

Category Standard Scope Process Status Next Step

VPC Servers2 Rack Mountable Server Vendors

TGB & IT Sourcing Process with Legal

In Review with TGBProcurement Issued in May/June 2010

VPCVirtualization Software

Single or 2 Hypervisor Provider Vendors

TGB & IT Sourcing Process with Legal

Being developed as part of Unisys Engagement

Finalization of Standards post Unisys engagement in June 2010

Consolidated DR / SAN

StorageConsolidation of EMC Storage for DCC and MITC

Consolidation procurement with EMC, & TGB/IT Sourcing Process, Provide standard for FY11 Rate Business Plans

EMC proposal in review with TFG; Coordinating with FY11 rate process

Finalize proposal with EMC in May 2010, Identify timing from FY11 rate process

DCI NetworkLossless Gigabit Ethernet; Unified Fabric

TGB & IT Sourcing Process with Legal

Being developed as part of SDC program

Meet with vendors to discuss technology

DCI Service Desk ToolsCommon Platform for Asset Mgmt, Capacity

Requirements gathering process with ITD

Being developed as part of SDC program

Meet with ITD to validate capacity, cost, scope

DCI Monitoring

MITC and SDC server, storage, network, database, apps

TGB & IT Sourcing Process with Legal

Being developed as part of SDC program

Meet with ITD to validate capacity, cost, scope

DCIEnterprise Backup & Recovery

MITC and SDC common backup architecture

TGB & IT Sourcing Process with Legal

Being developed as part of SDC program

Meet with ITD to validate capacity, cost, scope