EA Technology PoliciesEA Technology Policies

An Emerging ICT StrategyAn Emerging ICT Strategyfor HA Transformationfor HA Transformation

Positioning IS/IT Policies

• Business-driven (Top-down).

• Focus is on the “To-Be” not “As-Is”.

• Based on the maxim:

“One Agency = One Enterprise Architecture”

As-is situation

• Two separate technical infrastructures

• OSS vs. BSS

• OSS is 16x greater in financial terms

• Two “parallel universes” - competing architectures

• Fails “One Agency = One EA” maxim

Network Convergence

• One Agency = One network

• Expand NRTS – leverage investment in national fibre network

• Standardise on IP for Data, Voice and Video

• Single terminal access via a UOI

• Economies of scale

• Integration

• Flexibility

Unified Operator Interface

• Single “terminal” access

• Mosaic/Model Office

• Supersedes tactical KVM/SKRIBE

• ESSO - Enterprise Single Sign-On

• Builds on NTCC Model (HAbIT network integration)

• Effectively the Strategic HA Desktop

• Universal Access

Single Virtual Data Centre

• Delivered as a “Metro” Cluster across [at least] two geographically separate locations

• Cluster Interconnect via resilient NRTS CWDM• Fibre-Channel SAN

Universal Access

• The 3 C’s:• Centralisation• Consolidation• Convergence

• Location transparency• Independent of Agency’s

organisational structures• ‘Martini’ virtualised access:

• Any Time• Any Place• Anywhere

• Resilient/Disaster Tolerant• No Single Point of Failure• Business Continuity

Server Consolidation

• Server sprawl:• Adding dedicated servers for new projects• Growth in capacity especially data storage

• Inefficiencies – low utilisation of individual servers• Rising costs and increased carbon footprint:

• Cost of managing lots of servers• Cost of power now exceeds the cost of the server

(system fans are biggest drain)• ….• Resulting trend is towards consolidated ‘server farms’

Server Virtualisation (Example)

Server

Virtual Machines

ESX Server

Server Farm

ESX Server

ESX Server

ESX Server

ESX Server

ESX Server

ESX Server

Virtual Machines

Enterprise Virtualisation

VMware Infrastructure

ESX Server

Network

Storage

• Partition CPU and memory in multiple virtual machines

• Store virtual machine disks on local or shared storage. VMFS cluster file system manages virtual machine disk storage

• Build networks within or across ESX Servers.

Modular Data Centres

• 21st Century Data Centres now focus on power (watts/sq. metre) as most critical factors in design

• Implements densely packed commodity clusters• Utilises macro-modules based on standard

shipping containers for ease of transport• Modular building blocks• Extends the idea of blade servers• Improved efficiency• Addresses “Green” issues• Implement via Managed Service contract

Domains

• Although one logical network…

• Physically, a network of networks as per the Public Sector Network (PSN)

• Supports the DfT concept for a “System of Systems”

• Concept of domains and “Circle of Trust”

• Federated identities (Single Sign-On)

Identity ManagementBusiness Value

“Identity management projects are much more than technology implementations — they drive real business value by reducing direct costs, improving operational efficiency and enabling

regulatory compliance.”

Explosion of ID’s

Pre 1980’s 1980’s 1990’s 2000’s

# ofDigital IDs

Time

Applicatio

ns

Mainframe

Client Server

Internet

BusinessAutomation

Intra-Agency (B2E)

Partners (B2B)

Customers (B2C)

Mobility

The Disconnected Reality

• “Identity Chaos”

• Lots of users and systems required to do business

• Multiple repositories of identity information; Multiple user IDs, multiple passwords

• Decentralised management, ad hoc data sharing

Enterprise Directory

HRSystem

InfrastructureApplication

Web Apps

In-HouseApplication

COTSApplication

NOS

In-HouseApplication

•Authentication•Authorisation•Identity Data

•Authentication•Authorisation•Identity Data

•Authentication•Authorisation•Identity Data

•Authentication•Authorisation•Identity Data

•Authorisation•Identity Data

•Authentication

•Authentication•Authorisation•Identity Data

•Authentication•Authorisation•Identity Data

Our AGENCY and EMPLOYEES

Our SUPPLIERS

Our PARTNERSOur REMOTE andVIRTUAL EMPLOYEES

Our CUSTOMERS

Customer satisfaction & customer intimacyCost competitivenessReach, personalisation

CollaborationOutsourcingFaster business cycles; process automationValue chain

Mobile workforceFlexible/temp workforce

Multiple Contexts

BusinessOwner

End UserIT Admin DeveloperSecurity/ Compliance

Too expensive to reach new partners, channels

Need for control

Too many passwords

Long waits for access to apps, resources

Too many user stores and account admin requests

Unsafe sync scripts

Pain Points

Redundant code in each app

Rework code too often

Too many orphaned accounts

Limited auditing ability

To-Be Authentication• Should only have to

login once

• Identity is federated across domains

• Access permissions determined by Role(s), Groups and Policies

• Automated provisioning linked to ERP Systems• Employees

joining/leaving (HR)

• Contractors (Procurement)

Federated Identities

• Cross domain trust using:• Security Access Markup Language (SAML)

• Liberty Alliance (ID-FF)/WS-Federation protocols

• Digital Certificates

The Connectivity challenge

• Point-to-point, many-to-many interfaces

• Batch latencies

• Complex processes and systems

• Difficult to modify

• High maintenance cost

Enterprise Service Bus

• ESB - Next Gen Enterprise Application Integration (EAI)• Distributed – Fault-tolerant• Standards-based• Lower TCO

Is ESB just the latest“flavour of the month”?

• The term “ESB” was first coined by the Sonic Software division of Progress Software in 2002 to describe its then new Extensible Markup Language (XML)-enabled Message-Oriented Middleware (MOM) product, SonicXQ, which is now known as Sonic ESB.

Real-world ITS Example• Founded in 1972, Brisa is Portugal's largest highway

management concessionaire.

• ITSIBus - Intelligent Transportation Systems Interoperability Bus is a Service-Oriented Architecture originally developed by ISEL in 2002.

• In production since 2004.

Other Transport ESB Example:Transport for London

Trackernet2

LUIM Network

Signal

Feed

Signal

Feed

Signal

Feed

Signal

Feed

Signal

Feed

Signal

Feed

Signal

Feed

Signal

Feed

Signal

Feed

Signal

Feed

Signal

Feed

Signal

FeedSignal

Feed

The lightweight MQ Telemetry Transport (MQTT) protocol is used to delivery messages via Micro Brokers - these in turn deliver to Message Managers which assure delivery of Messages to ESB. Transport is resilient, with logging and audit of message delivery.

Event Driven Services

Enterprise Service Bus

Routing TransformationServiceOrchestration(Mediation)

Data Services

ESB provides basic message delivery services - Complex Event Processing (CEP) is used to enhance error identification. A State Engine is configured from basic logic components.

Tracker Net UI is a subscriber to events from the ESB.

Other ESB Examples in Government:Police (www.iss4ps.police.uk)

Customs & Excise

Defra’s INSPIRE Blueprint

EU Federated Approach

Member State Member State Member State

EU

Integration of service buses allows application and data services to be shared across EU and between Member States

Architecture replicated in each Member State for ‘local’ services and in EU for ‘EU-wide’ services

Federated ESB’s

• Supports multiple domains.• Requires unified Governance, Security and Management.• Highly distributed geographic locations across the Agency.• Best practice requirements to isolate operationally critical

environments.• Differing ESB requirements across the Agency and, potentially beyond

to other third-parties.• The need for asynchronous development and incremental deployment.

To-Be Architecture – TMC’s

• Real-time data flow.• Publish & Subscribe message exchange pattern.• Example adapters (e.g. JCA, JMS).

Common Control Room Framework

• Common Services supporting:• Incident Management• Traffic Management

• Custom Business Process Orchestrations:• NTCC• RCC’s• Role-Based Access Control (RBAC)

Traffic Management• With increasing

demand for travel, more and more road networks are experiencing Traffic Congestion.

• In many cases this could be reduced if more real-time information was available to traffic engineers and drivers.

Drivers for change

• Shared Operational Picture• Increasing need for real-time access to a common

operational picture.

• Increased Data Volumes• Real-time dissemination of massive data volumes, often on

a large scale.

• Loosely coupled, Plug & Play• Need to cope with emerging ITS demands such as CVHS.

• Interoperability• Need to share information end-to-end, in the new emerging

System of Systems.

• Interoperability is a key enabler to meeting new demands.

Intelligent Highways

Increasing amounts and sophistication now and in the future…

…More devices (IPv6)

…More data

…in Real-Time….

“The right data at the right place at the right time … … all the time”.

Roadside Devices

• Signs and Signals

• Sensors:• Inductive loops

• ANPR

• Weather

• DSRC (e-Toll)

• Past, present and future

• Multi-vendor

• V2I/I2V

Roadside UTMC-basedReference Architecture

UnifiedOperatorInterface

Information as a Service

ESB andLegacyIntegration

NRTS NetworkLayers

Software as a Service

Encapsulated internals

UTMC MIB’s,Datex II XML

Service-Oriented Device Architecture

When modelled as services, device access and control can be made available to a wide range of enterprise application software using service-oriented architecture mechanisms.

SODA Architecture• In this model, responsibility for

encapsulating services can be appropriately shifted to the suppliers who know them:• One side deals with their device

specific connections and protocol

• Other side deals with network interfaces needed to pump the data over a streaming protocol.

• A standard specified service can have a wide variety of underlying hardware, firmware, software and networking implementations.

SODA Objectives

• To insulate SOA from device interfaces and proprietary vendor implementations.

• To facilitate integration.

• To accelerate and focus the convergence of technologies through a combination of:• Standards

• Open source software

• Reference implementations

• Partners and community building

…to achieve these objectives it builds upon the OSGi Service Platform…

SODA Device Kit

• Modeling Driven Design (MDD)

• Control Markup Language (CML)

• Auto-generate OSGi code for all four layers of the device adapter

• Contains more than 200 plug-ins for design time and runtime

OSGi(Formerly known as the Open Services Gateway initiative)

• The OSGi Service Platform spans:• Digital mobile phones

• Vehicles

• Telematics

• Embedded appliances

• Residential gateways

• Industrial computers

• Desktop PCs

• High-end servers

OSGi ArchitectureThe framework is conceptually divided into the following areas:

• Bundles - Bundles are normal jar components with extra manifest headers.

• Services - The services layer connects bundles in a dynamic way by offering a publish-find-bind model for Plain Old Java objects(POJO).

• Services Registry - The API for management services (ServiceRegistration, ServiceTracker and ServiceReference).

• Life-Cycle - The API for life cycle management (install, start, stop, update, and uninstall bundles).

• Modules - The layer that defines encapsulation and declaration of dependencies (how a bundle can import and export code).

• Security - The layer that handles the security aspects by limiting bundle functionality to pre-defined capabilities.

• Execution Environment - Defines what methods and classes are available in a specific platform.

Transport Example:Global System for Telematics

• GST Open Systems Implementation Guide

• Building Blocks for a Global System for Telematics

• Builds on OSGi Service Platform

• Runs on Java Virtual Machine

Device Management

• OSGi Network Management is protocol agnostic.

Streaming services

• The real world never shuts up!!!

• Sensors and actuators do not match an HTTP request-response model.

• Data must be streaming.

• Enterprise Service Bus (ESB) streaming protocols include:• Proprietary Message-Oriented Middleware (MoM).

• Java Messaging Service (JMS) for Java-centric busses.

• Extensible Messaging and Presence Protocol (XMPP) for low-band device data.

• Real-time Transport Protocol (RTP) for broadband device data.

• OMG Data Distribution Service (DDS) for mission-critical data.

Life at the Edge: Traffic Management Example

The Gap:Differing Requirements

Data Distribution:Middleware choices

• Really only three choices:• Use proprietary middleware

• MQ Series, Tibco, BEA

• Java Messaging Service (JMS)• Standards-based

• Popular in the “Enterprise” domain

• API only, no wire interoperability

• Data Distribution Service (DDS)• Standards-based

• Popular in the “Edge” domain

DDS Applicability

Global Data Space –Publish & Subscribe

The Real-Time Enterprise Service Bus

DDS Benefits

• OMG standard - Established since 2003

• Fully distributed, Peer-to-peer, Fault tolerant

• Quality of Service (QoS) per data flow

• Plug and Play Architecture with dynamic discovery

• Wire protocol standard (RTPS)

• Designed for unreliable transports like UDP and wireless networks

• Scalable, high performance, low latency - 10x faster than JMS

Geographic Information (GIS)

• Geographic Information (GI) and Location referencing is a UK-wide issue

• External influences include:• HMG’s transformational government strategy

• The Location Strategy for the UK

• INSPIRE (Infrastructure for Spatial Information in the European Community)

• The Pan Government Agreement (PGA2)

• The Traffic Management Act

• The Civil Contingencies Act

Application of location information to public policy

Source: “Place matters: the Location Strategy for the United Kingdom”

Strategic implications

• To ensure that the UK exploits the full value of its information the Location Strategy requires a programme of strategic actions which ensure that:• we know what data we have, and avoid duplicating it

• we use common reference data so we know we are talking about the same places

• we can share location-related information easily through a common infrastructure of standards, technology and business relationships

• Each department and public sector body should ensure that its IS/IT strategy and work programme describes clearly its policies and implementation plans for location data systems.

Layers of Transportation Data(Source: ArcGIS UNETRANS Data Model)

• The Events Layer – contains objects such as vehicles moving across the network.

• The Routing Layer – contains more complex features such as “No exit”, e.g. at the intersection of a bridge and tunnel.

• The Reference Network Layer – contains all of the base road data . This data has a linear spatial representation and has an underlying topological structure that defines the connectivity and adjacency of links in the road network.

The Unified Network Model

National State of the Network

Why EA=SOA

The HA’s policy is to move away from purchasing “islands of technology” to the procurement of modular,

loosely-coupled, managed services.

This lends itself to a Service-Oriented Architecture (SOA) style.

The resulting service-layer provides a buffer between the Business and Technology Layers.

Relationship to ITILService Management

Service Supply Chains

• BSS

• Atos Origin (ITIL v3)

• OSS

• NRTS

• Area Teams (TechMAC’s):

• Conceptually similar to the multi-service provider environment of the Public Sector Network (PSN)

• Requires similar competitive, multi-supplier environment

• Services need to be managed in a consistent manner (ITIL)

Service/Contract Model

Programme/Contract Mappings

NRTS

ICT+

ICT+

New (OSS)

NEW - IEP

NEW - IEPNew - IEP

ICT+

ICT+New (OSS)

NTCC/TI2011+

TCP/MM IAM

New - IEP

ICT+ (BI)

Implications for Legacy Systems

• Existing Systems become embedded into new Business Services

• Projects must specify their requirements in terms of Business Services in future procurements

• Need to focus on interfaces and their contracts including dependencies on other HA Services

• Bidders determine the most cost-effective solution

• Legacy Integration (Encapsulation) becomes the responsibility of the Service Providers (SP’s)

• It’s therefore up to SP’s whether to re-use HA Legacy or replace with COTS