“Increase Value of IT Services Through Application Portfolio Management” delivered by Benoit...
-
Upload
kbizeau -
Category
Technology
-
view
211 -
download
3
description
Transcript of “Increase Value of IT Services Through Application Portfolio Management” delivered by Benoit...
Shared Services Canada Perspective
GTEC Panel: Increase Value of IT Services Through Application Portfolio Management
Government Technology Exhibition and Conference (GTEC) October 9, 2013 Ottawa Convention Centre Room: Room 211, 2nd Level Time: 1:00 p.m. – 1:45 p.m.
Benoît Long Senior Assistant Deputy Minister Transformation, Service Strategy and Design
2
Conceptual End State (updated July 2013)
Service Management
• ITIL ITSM Framework • Standardized Service
Levels/Availability Levels • Inclusive of Scientific and
special purpose computing • Standardized Application
and Infrastructure Lifecycle Management
• Smart Evergreening • Full redundancy – within
data centres, between pairs, across sites
Enterprise Security
• All departments share one Operational Zone
• Domains and Zones where required
• Classified information below Top Secret
• Balance security and consolidation
• Consolidated, controlled, secure perimeters
• Certified and Accredited infrastructure
Virtualized Platforms
Off-line / Backup
Archive
Near-line
Tier 3
Tier 2
On-line Tier 1
SAN NAS
Virtualized Storage
IP PBX App. Email
WAN Node
Data Centre Core Network Domains & Zones
V.Conf. Bridge
Web
File/ Print
Database Th.Client
VDI
Internet PoP
Business Intent
• Business to Government • Government to Government • Citizens to Government
Sys. z App / DB Containers
z/OS
Any Special Purpose / Grid / HPC
Operating System
Consolidation Principles
1. As few data centres as possible
2. Locations determined objectively for the long term
3. Several levels of resiliency and availability (establish in pairs)
4. Scalable and flexible infrastructure
5. Infrastructure transformed; not ‘’fork-lifted’’ from old to new
6. Separate application development environment
7. Standard platforms which meet common requirements (no re-architecting of applications)
8. Build in security from the beginning
x86 Web / App / DB Containers
Windows
x86 Web / App / DB Containers
Linux
En
terp
ris
e
Secu
rit
y
GC Private Domain
Application Migration
• Standard platforms and product versions
• Migration guidance • Committed timeline for
product evolution
Workload Mobility
Service Level
… Service Level
Application Service Levels
Standard
Enhanced
Mission Critical
Regional Carriers
International Carriers GCNet
(3,580 buildings)
Public Cloud
Services
Internet
B2G
C2G
G2G
Regional WAN Accelerators
Virtual Private Cloud
Several, highly-secure Internet access points
Stand-alone centre for GC super-computing (HPC) – e.g. Weather
Development
Dev1 Dev2
Production
Prod3
B
U
U
Prod4
C
U
U
Production
Prod1
S
A
B
Prod2
S
B
U
Servic
e
Man
ag
em
en
t
Virtualized Services
Classified Data
Confidential
Secret
C
S
Protected Data A Protected A
B Protected B
C Protected C HPC
Sci1
3
Storage
Server HW
Network
Servers
Virtualization
Runtimes
Applications
Security &
Integration Ma
na
ged
by s
ha
red
se
rvic
es
pro
vid
ers
Storage
Server HW
Network
Servers
DBMS
Virtualization
Runtimes
Applications
Security &
Integration
Storage
Server HW
Network
Servers
Databases
Virtualization
Runtimes
Applications
Security &
Integration
IaaS PaaS SaaS
CIO
ma
na
ge
d
CIO
ma
na
ge
d
DBMS
ICT Deployment Models and Evolving Degrees of
Accountabilities
•IaaS: Infrastructure as a
Service
•PaaS: Platform as a Service
•SaaS: Software as a Service
(non Dept/Agency
program Applications)
Ma
na
ged
by s
ha
red
se
rvic
es
pro
vid
ers
Ma
na
ged
by s
ha
red
se
rvic
es
pro
vid
ers
4
GC Cloud Conceptual (updated July 2013)
SSC Partner Department
GC other Gov’t Depts GCnet
GC-Community
GC-Public GCTravel
Public-facing web sites
GCdrive Pay
Pension Collab
Intranet sites
Canada.gc.ca
Jobs
GEDS
Directory
GCDocs MySchool
GC Community Cloud • Internal services for GC community
• SSC-provided cloud services to the GC
• Secured perimeter
• Multi-Domain (Protected B to Secret)
GC-SRA
GC Public Cloud • Some public-facing GC presence
• Limited Development / Test capacity
GC Hybrid Cloud • Secured extension of GCNet to vendor
• Vendor-provided cloud services to the GC
Directory
Free / Busy Mobile Integration
GC-Hybrid
5
Cloud Computing: Opportunities & Challenges
Opportunities • On-demand self service
V storage
• Ubiquitous network access
Community cloud (CWA, GCDocs)
• Resource pooling (location
independence, homogeneity)
Hybrid cloud - STSI
• Rapid elasticity
• Measured service
• Private clouds
Data Centre Consolidation and
Telecommunications
consolidations
• Data sovereignty, privacy and security Data in motion, data processing
and data at rest
Challenges • Connecting resources across clouds and customer
premises
Cloud service management and cloud brokerage – SSC evolving and increasing roles
• Managing identity, federation, and access control
Cloud auditor; ICAM federation
• Isolating tenants in a multi-tenancy environment
GC community cloud – single operational zone
Location of data – data sovereignty, yes; critical GC data within SSC private cloud
• Extending on-premises security & operations management practices to the cloud
SSC cloud broker and auditor roles
• Latency and other performance-related considerations
Centralization of data and federation of processing; virtualization; network design and operationalization
• Network capacity and capability
Enterprise requirements for two domains, single network (unclassified and classified) in evolving data, usage and security landscape; moving from dept specific domains
Platform Technologies – Directions
TBD Sustain
Sunset Grow Technologies
where investments
will be made,
transformation will
focus, and new
business and
workloads will be
directed
Technologies
whose disposition
will be determined
over the coming
months
Technologies which
will be phased out
over the course of
the transformation;
workloads will be
migrated to “Grow”
platforms
Technologies that
will be maintained
at current business
volumes, with
organic current
business growth;
no new business or
workloads will be
directed here
Linux on
System z z/OS
Linux on
x86
Windows
HP-UX
AIX
Solaris
MCP
6
7
SSC Cloud Computing Reference Architecture
Source: NIST