1 Information Technology Division Executive Office for Administration and Finance Springfield Data...
-
Upload
edmund-henry -
Category
Documents
-
view
219 -
download
1
Transcript of 1 Information Technology Division Executive Office for Administration and Finance Springfield Data...
1
Information Technology DivisionExecutive Office for Administration and Finance
Springfield Data Center Program Alignment –
ITD Engineering
2
Springfield Data Center Alignment – ITD Engineering
Agenda
Alignment Process and Schedule
Program Alignment
Service Offering Alignment
Procurement Update/Standards
Current ITD projects
Planned ITD projects
Alignment planning
3
Springfield Data CenterIT Consolidation Alignment Process & Schedule
Core ProgramAlignment (3/8 – 3/26)
Core ProgramAlignment (3/8 – 3/26)
Key Dependencies & Stakeholder
Alignment(3/29 – 4/8)
Key Dependencies & Stakeholder
Alignment(3/29 – 4/8)
Review & Review & FinalizationFinalization
(4/12 – 4/30)(4/12 – 4/30)
Review & Review & FinalizationFinalization
(4/12 – 4/30)(4/12 – 4/30)
ANF Final ANF Final ReviewReview
5/45/4
ANF Final ANF Final ReviewReview
5/45/4Benefits, Financials, ScheduleBenefits, Financials, ScheduleBenefits, Financials, ScheduleBenefits, Financials, Schedule
ScheduleScheduleScheduleScheduleProcessProcessProcessProcess
Financials Lou Angeloni
Staffing/HR Ellen Wright
Procurement Linda Hamel
Facility Budget DCAM
Energy Strategy DOER 4/12
Services John Letchford
Technology Jason Snyder
IT Consolidation John McElhenny
Security Dan Walsh
IT Governance ITD 4/14
IT Executive Review ITD 4/16
Energy Strategy &Facility Budget Review
DCAM 4/20
ANF Review Preparation DCAM 4/28
44
SDC – Data Center Consolidation Alignment
DCC – WAVE 1DCC – WAVE 1Disaster Recovery Disaster Recovery
(Waves 1, 2(Waves 1, 2)
Primary Hosting Primary Hosting January 2012 January 2012 (Wave 3)(Wave 3)
Disaster Recovery Disaster Recovery
(Waves 1, 2(Waves 1, 2)
Primary Hosting Primary Hosting January 2012 January 2012 (Wave 3)(Wave 3)
Network, Storage, Security,DR, VPC
Network, Storage, Security,DR, VPC
Virtual Private CloudVirtual Private CloudVirtual Private CloudVirtual Private Cloud
TechnologyTechnology
IT Service ExcellenceIT Service ExcellenceAutomation, Service Desk,
ITIL, ChargebackAutomation, Service Desk,
ITIL, Chargeback
DR in Waves 1,2Evolution to Primary Hosting in Wave 3
DR in Waves 1,2Evolution to Primary Hosting in Wave 3
Data Center InfrastructureData Center InfrastructureData Center InfrastructureData Center Infrastructure
Security Framework ArchitectureSecurity Framework ArchitectureSecurity Framework ArchitectureSecurity Framework Architecture
Automated Tools:Automated Tools:Provisioning, Monitoring, TicketingProvisioning, Monitoring, Ticketing
Automated Tools:Automated Tools:Provisioning, Monitoring, TicketingProvisioning, Monitoring, Ticketing
New Chargeback ModelNew Chargeback ModelNew Chargeback ModelNew Chargeback Model
55
Services – ITD Service Models
Network & DataNetwork & Data-Backup & Recovery-Database Hosting
-Network, Storage, Telecom
ApplicationsApplications-CIW
-HRCMS-Mass.Gov
WorkgroupWorkgroup-Desktop and File
-Messaging, Print & Mail-Content Mgmt
ITD TodayITD Today6 lines of Business6 lines of Business
ITD Jan 2012 @ SDCITD Jan 2012 @ SDC
IntegrationIntegration-CommBridge
-Secure File / Email Delivery-XML Gateway
HostingHosting-Co-Location, Distributive Hosting
-DR-Mainframe
SecuritySecurity-Cert Mgmt
-Firewalls, VPN, IPS/IDS -UAID
-Vulnerability Assessment
HostingHostingVPC (Virtual Private Cloud Infrastructure)•Secure Resource Pools•Highly Available & Continuously Available DR•Secure Co-location•Actionable Service Catalog•Shared ITIL Services•Dynamic Provisioning
WorkgroupWorkgroupPrint / Mail
Network & DataNetwork & DataDCI (Data Center Infrastructure)•MAIN – High Speed Network Link•10 Gig Converged Ethernet Switching•Storage – Multi-Tiered•Backup & Recovery – Dedup
SecuritySecurity-Centralized Security Polices and Identity Mgmt-Higher Density Security (Firewalls, VPN, IPS/IDS)-Centralized Vulnerability Assessment
Technology – 4 Point Solution Model
7
Technology Virtual Private Cloud (VPC)
Virtual Private Cloud Description:
Supports heterogeneity of both Physical and Virtual Resources
Capacity:
960 Virtual Hosts 250 TB SAN
Technologies:
ITSM Service Desk – Incident, Asset, Change, Auto Discovery Capacity Management – Performance Monitoring, Analysis, Forecasting Events Management – Correlation of Events & Automated Responses
Shared ITIL Processes CMDB – Configuration Management Database Financial Management – Collection of Resource Utilization & Billing
Virtual Private Cloud Management Image Library – Standardized Image Management Actionable Service Catalog- Request Management, Automated Provisioning of OS and Storage Monitoring- Agent for OS, VM, Databases, Network and Server hardware Service Catalog Web Interface & Dynamic Provisioning – End User Driven Resource Management
Virtual Private Cloud Infrastructure VPC Infrastructure – Server & Supporting Network Infrastructure VPC Virtualization Software – Host & Systems management software VPC Storage – Tiered storage VPC Secure Pools – Secure resource pools abstracting applications from hardware
ITSM & VPC Management Shared InfrastructureHosts and software for ITSM & VPC
Management Tools
Virtual Private CloudInfrastructure
Private Virtual Pools
CMDB
Actionable Service Catalog
(Policies & Workflows)
Financial Management (Chargeback)
NETWORK
SERVICES
DCIDATA CENTER
INFRASTRUCTURE
Dynamic Provisioning
(Service Catalog)
Virtual Private CloudManagement
Image Library
BLADE SERVER
FARM
SecureZone
Storage Tiers
2
3
1
SecureZone
SecureZone
Service CatalogWeb Interface
Common Monitoring
Agent
Service Desk
Capacity Mgmt
Events Mgmt
Monitoring
ITSM Shared ITIL Processes
ITSM & VPC MANAGEMENT SHARED INFRASTRUCTURE
8
Technology Consolidated Disaster Recovery & SAN
Consolidated Disaster Recover & SAN Description:
Cost effective DR & SAN for any application which easily grows with the quantity of applications and throughput requirements.
Supports any OS, host, data source with high level of interoperability.
Capacity:
100TB Enterprise 250TB Mid Tier96 Hosts
Technologies:
Data Replication- Enterprise & mid-tier software disk-to-disk backup and appliances
Storage virtualization- Legacy host replication
SAN switching- 8Gb/s
Backup and Recovery- Enterprise Web enabled
Site Recovery Manager- Software to recover Virtual Environments
Storage Array – Fiber Channel/ SATA II/ Solid State
SA
N E
dge Fabric
Storage Area Network
HOSTS High/Mid-
Range
Tape Library
Mid Tier Storage
EnterPrise Storage
Rack/Virtual
SA
N C
ore Fabric
SA
N E
dge FabricS
AN
Core F
abric ReplicationAppliances/Software
MAINWide Area Network
SDCConsolidated Disaster Recovery
Business Continuity
MITCReplication
Appliances/Software
Enterprise Backup &
Recovery Servers
Et her net LA
N
Et her net LA
N
Et her net B
AC
KU
P LA
N
Mid Tier StorageBackup
Catalogs
Mid Tier StorageReplicaBackup
Catalogs
Enterprise Backup & RecoveryWeb Enabled
Enterprise Backup & RecoveryWeb Enabled
Remote Console
MITC Server Farm
9
Technology Data Center Infrastructure (DCI)
DCI Description:
Perimeter and distribution infrastructure for Springfield Data Center.
Capacity:
160 racks of Disaster Recovery and Primary Hosting Infrastructure.
Technologies:
Perimeter-
Carrier-class edge routers with integrated, high-density Ethernet switching; IP/MPLS routing 10 to 40 Gbps line cards
Aggregation Switching
720 Gbps supervisor engines; Gigabit to 10 Gigabit Ethernet I/O modules; Control (MAC) security with hardware based 128 bit AES encryption.
Security
Firewalls – Boundary protection and access controls for network resources
Intrusion detection system 0 detects and alerts on possible network attack
DNS – hierarchical naming system for computers and services
VPN Concentrator – allows secure remote access
Security Incident * Event Mgmt System – correlates from network systems to determine possible security incidents and events.
Components Quantity Discounted CostCore Routing & Switching 4 $278,400Aggregation Switching 6 $1,386,200Cabling systems; Cable organizers <160 Racks> $40,600
Perimeter Firewalls 2 $91,640
Interior Firewalls 2 $91,640Intrusion Detection System 2 $49,560Domain Name System (DNS) 2 $6,469VPN Concentrator 2 $29,500
Security Incident & Event Management system 1 $590,000
Total: $2,564,009
Technology - MAIN Network
MAIN Description:
High speed fiber optic transport backbone WAN (Wide Area Network) link from MITC to SDC
Capacity:
Scalable bandwidth capacity for 10 Gbps (Gigabit per second) up to 100 Gbps speeds
Technologies:
Network: Redundant connectivity using Multiprotocol Label Switching (MPLS) makes it easy to create "secure virtual links" between distant nodes
Multiplexing Backbone Network: Gigabit Ethernet switching; ATM, MLPS, WDM, SONET, Carrier Ethernet Optical Transport, ROADM 3 Degree
Components Quantity Discounted Cost
ROADM 3 Degree 3 $ 940,800
SONET Demarc 3 $ 285,600
Carrier Ethernet Switch 3 $ 268,800
Fiber Routers <3 sites> TBD
Total: $ 1,495,200
SDCSpringfield
MITCChelsea
MAIN
Perimeter and Interior Defenses
Firewalls enforce access policies for the data center and provide a line of defense for data center assets.
Domain Name System (DNS)
DNSSEC will provide a secure hierarchical naming system for computers and services
Intrusion Detection System
Detects and alerts on possible network attacks,Passive sniffer, inline bridge, inline Proxy-ARP, inline
router and daily and emergency signature updates VPN Concentrator/ACE Server
Allows secure remote access with two factor authentication
Security Incident and Event Management system
*Log Management: Collects, stores, and mines all network, security, and application information from IT
infrastructures.* Threat Management: Correlates and detects threats
across heterogeneous network and security technologies.
* Compliance Management: Delivers comprehensive validation for compliance and policy monitoring.
Trusted Zone Architecture
Trust Zone Architecture is the base principle of ITD’s new Information Security Framework. It helps to logically segment applications in a pragmatic way that optimizes operations and provides for Confidentiality, Integrity, and
Availability based on certain predefined criteria.
Firewalls Firewalls
Technology – Zone Based Security Model
12
Technology – Capability Matrix
Domain Efficiency Scalability Flexability
Network
Unify and Minimize Physical Connectivity of Multiple Network Functions into One Chassis
More bandwidth in fewer connection to multiple hosts
Ability to scale efficiently to support future technology solutions without re-architecture
SecurityConsolidates separate security functions into a centralized security architecture
Ability to scale protection of data from least to most sensitive levels within centralized architecture
Greater adapability to detect and respond new threat vectors
Storage
Consolidation of physical storage and implementation of new efficiency technologies
Greater levels of storage density and performance standards
Ability to offer multi-tiered storage with dynamic resource allocation
Systems Management
Fully automated integrated services management with virtual and physical assets
Enterprise class large scale platform scaling with the environment
Provides automation platform for present and future demands
Disaster Recovery Cost effective DR for any applicationEasily grows with quantity of applications and thruput requirements
Supports any OS, host, data source with high level of interoperatbility
HostingOptmizes use of system resources in a high density virtualized model
Dynamically add resources and applications with no impact to production
Physical infrastructure is abstracted from applications managed as resource 'as needed' model
13
Standards
Category Standard Scope Process Status Next Step
VPC Servers2 Rack Mountable Server Vendors
TGB & IT Sourcing Process with Legal
In Review with TGBProcurement Issued in May/June 2010
VPCVirtualization Software
Single or 2 Hypervisor Provider Vendors
TGB & IT Sourcing Process with Legal
Being developed as part of Unisys Engagement
Finalization of Standards post Unisys engagement in June 2010
Consolidated DR / SAN
StorageConsolidation of EMC Storage for DCC and MITC
Consolidation procurement with EMC, & TGB/IT Sourcing Process, Provide standard for FY11 Rate Business Plans
EMC proposal in review with TFG; Coordinating with FY11 rate process
Finalize proposal with EMC in May 2010, Identify timing from FY11 rate process
DCI NetworkLossless Gigabit Ethernet; Unified Fabric
TGB & IT Sourcing Process with Legal
Being developed as part of SDC program
Meet with vendors to discuss technology
DCI Service Desk ToolsCommon Platform for Asset Mgmt, Capacity
Requirements gathering process with ITD
Being developed as part of SDC program
Meet with ITD to validate capacity, cost, scope
DCI Monitoring
MITC and SDC server, storage, network, database, apps
TGB & IT Sourcing Process with Legal
Being developed as part of SDC program
Meet with ITD to validate capacity, cost, scope
DCIEnterprise Backup & Recovery
MITC and SDC common backup architecture
TGB & IT Sourcing Process with Legal
Being developed as part of SDC program
Meet with ITD to validate capacity, cost, scope