New MOBILE INFRASTRUCTURE · 2019. 6. 16. · Module 1: Front Ends and Back Ends mGovernment 17...
Transcript of New MOBILE INFRASTRUCTURE · 2019. 6. 16. · Module 1: Front Ends and Back Ends mGovernment 17...
MOBILE INFRASTRUCTUREInstructor Guide
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 4
CONTENT
This module starts a series that describe how the traditional IT Infrastructure is
impacted by the introduction of mobile services.
THEMES
• Architecture.
• Accessed through the web browser
• Deployed over Internet
• Can develop/design one application for all platforms
• A cross-platform mobile application
• Provides uniformity across all platforms
• Near-instant updates
• Updates to the application are actually updates to the website,
happening on the back-end
Introduction
SDLC: Service Delivery Lifecycle
GLOSSARY
mGovernment 5
Module 1: Front Ends and Back Ends
Front Ends And
Back Ends
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 6
CONTENT
This module first explains the differing perspectives of front and back ends,
second to learn the terminology of an IT infrastructure. The IT infrastructure is
impacted by the migration to mobile government services in important ways
that will be discussed in this and the follow-on modules of instruction.
This module has three objectives:
1. Define the Front End and the Back End from the traditional perspective and
from the perspective of the mobile app developer.
2. Convey the message that while there are differences in perspective that the
two need to work together
3. Define at a high level key other key aspects of the IT Infrastructure:
Load Balancing, Storage and the DMZ.
Module 1: Front Ends and Back Ends
mGovernment 7
Front End: Traditionally the “front end” is comprised of the servers (file, web,
application) in the data center. However, the application developers think of the
mobile devices as the “front end” and the entire data center as the back end.
Back End: Traditionally the data storage servers. However, the application
developers think of the entire data center as the back end.
DMZ: In this context, the Demilitarized Zone or DMZ is a part of the IT
Infrastructure where web servers are traditionally placed. It is delineated by one
or more firewalls positioned outward facing to the Internet and inward facing to
protect the internal IT infrastructure.
GLOSSARY
• Define the terminology of “front end” and “back end”…
• And the differing points of view.
• Define some of the components that make up the IT Infrastructure.
• Front End and Back End Components.
• And the impact that the transition to mobile services has on this
infrastructure.
Objectives
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 8
CONTENT
In the data center point of view, the terms front and back end have traditionally
referred to the servers such as web application servers as being the “front end”
and the storage as being the “back end.” Application Developers, however, have
a different perspective for these terms.
In their point of view, the “front end” is the smart device (smartphone or tablet)
where the application is running as the front end and the entire data center as the
“back end.” This difference of perspective has the potential to drive inconsistent
design considerations at a minimum.
It is important that these differences be resolved in the migration from the more
traditional eGovernment to the new mGovernment services architecture.
1. Convey the concept that “front end” and “back end” take on different
meanings depending on perspectives.
2. Establish the need to resolve this inconsistency in perspectives.
Module 1: Front Ends and Back Ends
mGovernment 9
Perspectives: Front End or Back End?
Data Center
Application Developers
Front EndBack End
IT Systems & Network Staff
Front EndBack End
Data Storage Data Servers Mobile Devices
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 10
Front End: Traditionally the “front end” is comprised of the servers (file, web,
application) in the data center. However, the application developers think of the
mobile devices as the “front end” and the entire data center as the back end.
Back End: Traditionally the data storage servers. However, the application
developers think of the entire data center as the back end.
GLOSSARY
• The terms “Front End” and “Back End”:
A. Have different meanings depending on the differences of perspective
between the traditional data center staff and the application developers for
smart mobile devices. (correct)
B. Remains the same in mobile services (mGov) as it was for web based
services (eGov)
Test Questions
Module 1: Front Ends and Back Ends
mGovernment 11
Perspectives: Front End or Back End?
Data Center
Application Developers
Front EndBack End
IT Systems & Network Staff
Front EndBack End
Data Storage Data Servers Mobile Devices
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 12
CONTENT
A server in the simplest definition is a computer that serves information. The
term server can be used interchangeably for the hardware or a service. It differs
in the context of the discussion.
Specialization of servers (or services) has been the trend. Today we have web
servers, file servers, database servers as three examples. They are configured
with respect to amount of memory, CPU capacity and other features of the
server. The configuration is sized on the needs of the organization that is using
them and the role or operational requirement.
In the transition from electronic or eGovernment to mobile or mGovernment
services the role of servers will continue the trend to greater specialization. An
example of this is servers for video or those configured for processing a large
volume of online transactions.
• This slide is one of several slides that start to define the full range of
components that make up an IT Infrastructure. The server is introduced in
the context of the transition to mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services as they will apply to the UAE Smart Government
Initiative.
1. Introduce the servers as essential elements of the mGovernment
architecture.
Module 1: Front Ends and Back Ends
mGovernment 13
GLOSSARY
Server: A server is a computer that serves information.
• “A computer which serves information”
• The term “Server” can be used interchangeably
• As Hardware or as a Service
• The difference is in the context of the discussion
• Discussed as network assets or as functions
• Specialization increasing
• Web server, Database server, File server
• One per role, or many roles on one device
• Organizational and operational requirements
• Mobile will continue the trend towards specialization
Front End - Servers
• Servers are all the same and the only option left to the IT operations is
deciding how many to put in place.
a. True
b. False (correct)
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 14
GLOSSARY
Load Balancing: Load balancing is the technique to allow for an even
distribution of traffic and other resources (such as memory and CPU). It is a
network management technique.
CONTENT
Load balancing is necessary to evenly distribute the resources to the demand
such as online transactions or video. It works much like traffic police.
Load balancing not only helps keep the system load evenly distributed, but also
serves when conducting maintenance updates without taking down the service.
In this diagram the load balancer is operating as an “intelligent switch” gathering
network diagnostics data about the connections status of the destination servers
and routing the traffic based on established capacity metrics.
Traffic to a server that is starting to reach capacity may be routed to the other
servers to share the load.
• This slide is one of several slides that define the full range of components
that make up an IT Infrastructure. The load balancer is introduced in the
context of the transition to mobile services.
1. Introduce the concept of load balancing as an essential element of the
mGovernment architecture.
Module 1: Front Ends and Back Ends
mGovernment 15
• Traffic & resource management.
• Like a traffic police.
• Maintenance without taking the apps offline.
Front End – Load Balancing
Internet
• Load balancing is a technique to: (Pick all the apply).
a. Balance network traffic [Correct]
b. Balance server loads [Correct]
c. Balance network routes [Correct]
d. Balance user demand
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 16
CONTENT
The DMZ is an essential component of any modern-day IT network architecture.
DMZs are typically served by one or more firewalls.
On the inside of the DMZ organizations place web servers for the purpose of
being accessible to anyone with a web browser.
These same servers can serve as the gateway to information stored in databases
on the inside of the network.
In mobile government services one can expect this interflow of information
to increase making it more essential for this flow to have the proper security
controls.
And there are other reasons such as the creation of compartments called
enclaves of information processing. It is general rule that if it does not need to
respond to the Internet, then don’t put it in a DMZ.
• This slide is one of several slides that define the full range of components
that make up an IT Infrastructure. The DMZ is introduced in the context of
the transition to mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Introduce the concept of the DMZ as an essential element of the
mGovernment architecture.
Module 1: Front Ends and Back Ends
mGovernment 17
DMZ: The acronym DMZ stands for DeMilitarized Zone. It is a term borrowed
from the military and applied to describe a security border zone allowing for the
exchange of information with outside networks while protecting the internal
network resources.
GLOSSARY
• Separates your network from the internet for security.
• Separates services by function (example: web, email).
• Good Rule: If it doesn’t need access to the internet, don’t put it in a
DMZ.
Front End – The DMZ
Internet
FIREWALL
FIREWALL
Your Network DMZ The World
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 18
CONTENT
A SAN is a dedicated part of the network for the storage of data. The actual
storage devices can be tape, disk or optical. They are typically put in place for
organizations with a need for keeping large volumes of data.
SANs are expensive, complex and require a high degree of planning, administration,
monitoring and maintenance to ensure proper operation.
They are also designed for ease of adding, removing or reassigning storage space
with security controls to protect the data.
SANs are particularly attractive for organizations that will rapidly expand the
volume of data that is collected. These increases will likely come from the growth
in the use of video and image data as is expected with the transition to mobile
services.
• This slide is one of several slides that define the full range of components
that make up an IT Infrastructure. The SAN is introduced in the context of
the transition to mobile services.• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government Initiative.
1. Introduce the concept of the Storage Area Network (SAN) in the IT
architecture.
GLOSSARY
Module 1: Front Ends and Back Ends
mGovernment 19
SAN: The acronym SAN stands for Storage Area Network. A SAN is a dedicated
and specialized piece of hardware for the storage of large volumes of data. SANs
store the data in data blocks – not in the file system format.
• Very complex, expensive.
SANs are entire systems unto themselves which require planning,
administration, monitoring and maintenance to properly operate.
• Very scalable, manageable.
• Simple to add/remove/reassign storage space.
• Security controls exist to protect data on shared hardware.
Back End - Storage Area Network (SAN)
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 20
GLOSSARY
CONTENT
NAS: The acronym NAS stands for Network Attached Storage. A NAS is a
dedicated and specialized server for the storage of data. It differs from a SAN in
various respects but primarily that it stores the data in file formats as opposed
to blocks of data.
A NAS is another type of data storage specialization inside of the network.
Typically used in smaller enterprises than its larger cousin the SAN, a NAS is
networked in logical, redundant storage containers called RAID (Redundant Array
of Independent Disks).
• This slide is one of several slides that define the full range of components
that make up an IT Infrastructure. The NAS is introduced in the context of the
transition to mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the context
of mobile services, as they will apply to the UAE Smart Government Initiative.
1. Introduce the concept of the Network Attached Storage (NAS) in the IT
architecture.
Module 1: Front Ends and Back Ends
mGovernment 21
• Less complex, less expensive.
• Operates as an extension to a
server(s) meant for sharing files
across a network. Stores data
in a file system (unlike SANs).
The application server sees the
NAS as just another file server.
• Scalable, manageable but for
smaller IT operations.
• Simple to add/remove/
reassign storage space by
clustering.
Back End - Network Attached Storage (NAS)
• Security controls exist to
protect data on shared
hardware.
• The IT infrastructure to support mGov services can include: (Pick all that
apply)
A) Load balancing for servers and network traffic throughput
B) Data storage such as Storage Area Networks (SAN) and Network Attached
Storage (NAS)
C) Servers inside of a DMZ dedicated to support the mobile apps. (all correct)
Test Questions
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 22
CONTENT
The Objectives of this module were to understand the differing perspectives
that exist between the traditional data center view and the view of mobile
app developers. We defined the terminology and how the migration to mobile
government services starts to change the traditional view of the IT infrastructure.
We also established the importance of other aspects of this expanding mobile
IT Infrastructure architecture including the DMZ and the specialized storage to
handle the growth of data.
mGovernment 23
Module 1: Front Ends and Back Ends
• Define the terminology of “front end” and “back end”…
• And the differing points of view.
• Define some of the components that make up the IT
Infrastructure….
• Front End and Back End Components.
• And the impact that the transition to mobile services has on this
infrastructure.
Review of Objectives
mGovernment
It is now time to review your knowledge
of this material
QUIZ
24
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 25
fModule 1: Front Ends and Back Ends
Quiz – Question 2
Quiz – Question 1
1. A DMZ is a security zone allowing for the exchange of
information to outside networks while protecting the internal
network resources. It will still be as important or more so in a
mobile IT infrastructure.
a. True [Correct]
b. False
2. Back-end Data Centers: As more mobile users come online
using newly deployed mGov applications, resource demands in
the back-end datacenters will:
a. Decrease
b. Remain the same
c. Increase [Correct]
End of Module
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 28
CONTENT
This module introduces three different types of data center services and the
idea that mobile government services will have an impact on the selection and
design decisions.
THEMES
• Architecture.
• Accessed through the web browser
• Deployed over Internet
• Can develop/design one application for all platforms
• A cross-platform mobile application
• Provides uniformity across all platforms
• Near-instant updates
• Updates to the application are actually updates to the website,
happening on the back-end
Introduction
SDLC: Service Delivery Lifecycle
GLOSSARY
mGovernment 29
Module 1 : Front Ends and Back Ends
Data Centers
Module 2: Data Centers
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 30
CONTENT
This module identifies the types of data centers with respect to degree of control
and establish how mobile changes the direction from owning to sharing the data
center resources.
This module has two objectives:
1. Identify the types of data centers with respect to degree of control
2. Establish how mobile changes the direction from owning to sharing or
outsourcing the data center resources
Module 2: Data Centers
mGovernment 31
• Define three types of data center services.
• Define the advantages and disadvantages to the different choices.
• Convey the idea that these choices will be influenced by the move
to mobile services.
Objectives
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 32
CONTENT
The internally owned data center is defined by complete ownership of all the
assets, the building facility, the equipment and the data. Because control rests
entirely with the owning organization the security, both the physical plant and
the logical (IT System) can be managed entirely by the internal organization with
no restrictions. This type of data center is the most expensive and can include
the costs for the facility itself, all the utilities, fuel for the generators, and the
personnel costs including training.
• This slide is the first of several slides that define the types of data centers
with respect to who controls the assets and at what cost.
1. Define the Internal On-Site type of data center.
Module 2: Data Centers
mGovernment 33
You own the building, equipment and data.
Very Secure
• Strict access control to building.
• Many layers protecting assets.
• Network security controls/configuration.
Very Expensive
• Facility: Electricity, Heating, Ventilation, Cooling
• Fuel for generators.
• Personnel: you manage the people, train them.
Internal On-Site
• Internally Owned Data Centers are the least expensive model between the
three model types that were presented.
A) True
B) False (correct)
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 34
CONTENT
The Hosted or Co-Lo data center is defined by a shared ownership of the assets.
In this type of arrangement the facility and associated utility such as electricity
costs are owned by the owner of the building.
The equipment such as the servers and racks and the data is owned by the
organization that is leasing the space. Control is established in a contractual
agreement. The physical security rests with the data center facility owner but
can be a shared responsibility.
The logical or network security is typically shared by defining network ownership
boundaries. This type of data center is the middle of the road in terms of expense.
• This slide is the second of several slides that define the types of data centers
with respect to who controls the assets and at what cost.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Define the Hosted, also known as Co-Located type of data center.
Module 2: Data Centers
mGovernment 35
Someone else owns the building and the equipment
Data remains with you.
Moderate Security
• Physical access controls at various levels
(facility, building, cage, rack).
• Government customers have limited control.
• Network access controls exist but only to a degree.
• Government customers have limited network control.
• Moderately Expensive.
• Leased space, electricity.
Hosted Co-Located
• Hosted Co-Located Data Centers can give a government client:
A) No physical access control. It is typically not allowed for the government to
have any physical access to audit its servers in a co-located model
B) A degree of physical access control that can be negotiated up front with
the Data Center Provider [Correct]
C) Free access to the data center with no limits since it is the government
that is the client.
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 36
CONTENT
In this model designated as “The Cloud” or “X as a Service” the data center is
defined by an arrangement where all the assets with the exception of the data
are owned by the service provider and provided on a leased basis to clients. The
three types of Cloud Models are Public, Private and Hybrid.
In the Public Cloud type arrangement physical security control is entirely under
the control of the data center Provider with little to no ability for the government
to audit or exercise any influence.
The data and network security is typically shared by defining network ownership
boundaries. This type of data center is the least expensive and flexible for getting
started.
• This slide is the third of several slides that define the types of data centers
with respect to who controls the assets and at what cost.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Define the Cloud, also known as X as a Service where X can stand for
“Intrastructure, Platform, or Software” type of data center
Module 2: Data Centers
mGovernment 37
Provider’s building and equipment, Your data
Difficult to assure security.
• No physical access control by the government.
• Government customers may not even be allowed entry.
• No ability to control the equipment that runs the apps.
• Maintenance windows, decommissioning, security of data on
storage devices, etc.
• Least expensive model
• Leased space, equipment, staff.
The Cloud - XaaS
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 38
GLOSSARY
Cloud XaaS: This term is used to describe architecture of shared services where X
is meant to denote Platform, Infrastructure, Software, Security or other emerging
designations. The term cloud is an IT industry term intended to convey the idea
that the data center is a leveraged (shared) asset and is also typically (not always)
associated with the use of virtualization. There are various use-cases of cloud
including Private, Public and Hybrid.
• Cloud XaaS Data Centers can give a government client:
A) A high degree of flexibility with respect to being able to conduct physical
and logical security audits. Cost is in the middle range between the three
types of data center models.
B) A very limited to no degree of flexibility with respect to being able to
conduct physical access audits. Depending on the agreement, logical security
controls can be a shared responsibility. Cost is in the least range between the
three types of data center models. [Correct]
C) The best of all the needs: full access control and least expensive.
Test Questions
Module 2: Data Centers
mGovernment 39
Provider’s building and equipment, Your data
Difficult to assure security.
• No physical access control by the government.
• Government customers may not even be allowed entry.
• No ability to control the equipment that runs the apps.
• Maintenance windows, decommissioning, security of data on
storage devices, etc.
• Least expensive model
• Leased space, equipment, staff.
The Cloud - XaaS
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 40
CONTENT
In this decision matrix aid we begin with a series of questions about security
control and cost in the left most column arrayed against the three types of
choices from Internal to hosted to cloud.
In the last row the table provides respective examples of each of these three
types of data centers. An organization opting for least cost with low concern for
security would be best suited to a cloud type of data center.
On the other extreme where security control is paramount and cost is not a
major consideration then the Internally owned option suits best. The middle
option is the tradeoff where both security and cost are concerns but can be
provided in a shared arrangement.
• This slide is the fourth of several slides that define the types of data centers
with respect to who controls the assets and at what cost.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. The decision matrix is provided as an aid for IT decision-makers on selecting
the type of data center for hosting the IT services.
Module 2: Data Centers
mGovernment 41
Decision Matrix Aid
• Using the data center selection decision aid is intended as:
A) A formula for picking the right kind of data center that fit your organiza-
tion’s needs and budget.
B) A way to organize the analysis process for help in deciding your organi-
zations needs and budget. There may be other considerations to take into
account needed in making the decision (Correct)
C) Is only a theoretical analysis and cannot be applied in making real-world
decisions
Do I Need To Internal / On-site Hosted / Co-located “The Cloud” / IaaS
Own the building? Yes No No
Own the equipment? Yes Yes No
Have Direct Security Control? Yes Yes Yes
Have Physical Access? High Moderate Low
Lower My Cost? High Moderate Low
An Example Ministry-owneddata center
Leasing data center from Etisalat/Du
Amazon Web Services
Test Questions
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 42
INSTRUCTOR GUIDANCE
CONTENT
The migration to mobile services parallels the trend to decentralization of control
where cost and other considerations push to a shared model as previously
described. This table lists the different types of data considerations that IT
decision makers should ask: “where is my meta-data, my multimedia data, etc.
One can readily see that the three different types of data centers follow from
a situation of greater control when you own the data center assets to one of
less control when the data center is a leased service arrangement as is found
with public clouds. Data location and data control are essential elements for
consideration in making these data center decisions especially with mobile
services. Note that in the last row there is a different kind of consideration with
respect to compliance. In this case the compliance is for security policy. In the
cloud data center model security compliance can become a challenge.
• This slide is the last of several slides intended to highlight the question of
control in a decentralized IT architecture. Knowing where the data is going
to be kept and establishing strong audited rules is needed to stay compliant
with national laws.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE mGov Initiative.
1. In the continuing trend towards decentralization of control and geographical
location for outsourced services, there is a growing question about where the
data actually resides. National laws often make requirements for data to stay
inside the political boundaries of the country. This slide briefly touches on this
subject.
Module 2: Data Centers
mGovernment 43
Where’s My Data?
Internal / On-site Hosted / Co-located “The Cloud” /
XaaS
Metadata Yes Yes, but… Depends
Multimedia Data Yes Depends Depends
The App Yes Depends Depends
Security Data N/A Both Limited
System Logs? Yes Both Depends
Can I still Comply? Yes Depends More Difficult
More Control Less
• The trend to decentralized computing represented by the Cloud XaaS model
brings up data control concerns that are often written in national laws or
regulations for:
A) Just the end-user data such as database records and document type files
B) All the many types of data types including machine generated (meta-data),
and end-user (of all media type), system logs and security data. (correct)
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 44
CONTENT
With respect to the Smart Government Initiative, the choice of data center
types is made more obvious. The national program called the National Network
Infrastructure Initiative, when fully implemented, will provide a Federal Cloud
that offers both a dedicated protected network and carrier-grade data center
services for all the UAE federal entities.
It is also important to note that the mobile services is intended to be a public and
private partnership involving the carriers, app stores and other private entities.
The key advantage of the initiative is that it will provide the benefits of a cloud
service while still keeping the assets described earlier under UAE government
control.
• This is the last of the slides that describe the choices between the three
different types of data center models. In this slide the student is introduced
to a program called the National Network Infrastructure Initiative. When fully
implemented, this initiative will provide a federal cloud with both a dedicated
protected network and data center services for federal entities.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. To relate the data center alternatives to the topic of mobile and smart
government.
Module 2: Data Centers
mGovernment 45
• National Network Infrastructure Initiative.
• Will be much like a Federal Cloud.
• Provides the MPLS Network for federal entities.
• And data center services.
• Not planned for Local entities at this stage.
• Also a partnership with the Carriers, App Store providers, many
others.
• Co-Lo, IaaS, PaaS, SaaS can all apply in the future.
• Key Advantage: will keep the data inside the government and inside
your own borders.
Applying this to Smart Government
• The National Network Infrastructure Initiative once deployed is intended to be:
A) A Public Cloud available to all government entities that will keep costs
down as the primary consideration
B) A Private Cloud data center model available to the Federal Entities to pro-
vide a shared but protected environment for government entities to host their
servers in support of the Smart Government Initiative. [Correct]
Test Questions
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 46
CONTENT
The objectives of this module were to understand that data centers continue
to play an essential role. There are choices to be made with respect to degree
of control going from internal to the cloud models. It is clear that mobile
computing services will likely drive solutions that employ more outsourced
assets. Typical enterprise IT activities like asset management, access control
become significantly more challenging in these less centralized models of data
center usage. The coming deployment of the National Network Infrastructure
Initiative was also introduced to provide a government private cloud.
mGovernment 47
Module 2: Data Centers
• Define three types of data center services.
• Define the advantages and disadvantages to the different choices.
• Convey the idea that these choices will be influenced by the move
to mobile services.
Review of Objectives
mGovernment
It is now time to review your knowledge
of this material
QUIZ
48
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 49
fModule 2: Data Centers
Quiz – Question 1
Quiz – Question 2
1. Data center services are generally categorized in the
following way: (Pick all that apply)
a. Internal On Site where the organization owns and manages
the data center facility and its information systems. (correct)
b. Google Cloud provided by Google
c. Hosted / Co-Located where a separate company provides
the facility and you, the client own the servers, the applications
and the data on the servers. (correct)
d. The Cloud (Infrastructure as a Service) where the facility,
the application and the servers are all owned by another party
(other than your organization) but the data remains yours.
(correct)
2. The National Network Infrastructure Initiative is expected
to be the central provider of a federal level network and data
center services when operational.
a. True (correct)
b. False
End of Module
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 52
CONTENT
This module introduces several topics that touch on the expected growth on the
demands of the IT Infrastructure that come with mobile services.
THEMES
• Scalability.
• Accessed through the web browser
• Deployed over Internet
• Can develop/design one application for all platforms
• A cross-platform mobile application
• Provides uniformity across all platforms
• Near-instant updates
• Updates to the application are actually updates to the website,
happening on the back-end
Introduction
SDLC: Service Delivery Lifecycle
GLOSSARY
mGovernment 53
Module 1 : Front Ends and Back Ends
Scaling for
Growth
Module 3: Scaling for Growth
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 54
CONTENT
This conveys the idea that the migration to mobile services will create additional
IT Infrastructure demands,
Explain that the IT Infrastructure growth can be managed with existing concepts
of scaling such as high availability and load balancing
This module has two objectives:
1. Convey the message that mobile services will create additional IT
Infrastructure demands
2. Explain that some of the IT Infrastructure growth can be managed with
existing concepts of scaling such as high availability and load balancing
mGovernment 55
Module 3: Scaling for Growth
• Recognize that mobile will create additional IT infrastructure de-
mands.
• Mobile services can be managed with scaling, HA, Load Balancing.
• Services need to be prioritized for criticality.
Objectives
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 56
CONTENT
GLOSSARY
Host Scaling: adding sufficient “hosts” (servers) to a “scale” (quantity) needed
for the operations (like processing video streaming requests. Hosts can be
added as physical devices (physical servers) or as virtual machines (virtual
instances of a server) to support heightened demands. The idea is to “scale”
the number of servers to the circumstances…never having too many or too few.
Servers are the computers that host applications and data. They can be added
as physical devices (physical servers) or as virtual machines (virtual instances of
a server) to support the system demands. The idea is to “scale” the number of
servers to the circumstances where the system resources match the demands.
IT operations need to be able to adjust according to this demand and to know
the indicators when the system resources are insufficient to the demand. One
such indicator is called Thrashing.
• This slide is one of several slides that define the concepts of scaling in the IT
Infrastructure.
1. Define the concept of servers and services.
mGovernment 57
Module 3: Scaling for Growth
Host Scaling
• When do we need more servers?
• What are we serving?
• Thrashing
• How do we add servers?
• Physical
• Virtual
Scaling Servers and Services
• This slide identifies two ways to add servers. These are:
A) Physical [Correct]
B) Virtual [Correct]
C) Call Amazon
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 58
CONTENT
• This slide is the second of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Provide use case examples why scaling in mobile services becomes necessary
with the growth in data demands.
When are more servers needed to meet demand? That is a question that every
IT operation should ask as part of the planning process. Planning in this case
means anticipating the need prior to facing a crisis where the system resources
are exhausted and you are facing a potential system outage. The answer is often,
“It Depends.” In the migration to mobile services we can anticipate a growth in
the demand for multimedia such as images or videos. This trend is clear. A large
number of mobile applications launched from smart phones such as can occur
in registering for services like a country visa application is another example.
Whether it is a high number of video requests utilizing the system CPU and
Memory or many concurrent connections as in the visa application example, the
result may be the same – degraded system performance.
mGovernment 59
Module 3: Scaling for Growth
GLOSSARY
RAM: Random Access Memory
CPU: Central Processing Unit
When do we need more servers? It depends!
What are we serving?
• Multimedia (YouTube)
• Bandwidth intensive, especially for video streaming services
• Monitor resources (RAM, CPU) closely. As utilization increases,
server performance begins to decay.
• Registration sites (Visa Applications)
• Retains a large amount of session-state information
• Monitor concurrent connection thresholds. As connections
increase, so does server response time. This can cause
connections to drop.
When are they Needed?
• Some of the reasons for the expected growth in data demands and hence the
need to scale the host services are:
A) The expected rise in the use of rich media content [Correct]
B) Increased use of mobile devices for transactions such as registrations
[Correct]
C) Increases in bandwidth availability
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 60
GLOSSARY
Thrashing: A server starts to thrash when it has insufficient physical memory for
the operation.
CONTENT
In operational settings the IT staff must allocate sufficient server resources to
ensure that the servers do not get into a condition of “thrashing.” In a Thrashing
condition the random access memory or RAM is consumed to a degree that the
CPU is also consumed but with swapping data between the swap partition on the
hard drive. Once this condition has started it can be difficult to stop and often
results in a system crash.
• This slide is one of several slides that explain key concepts in the IT Infrastruc-
ture impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the con-
text of mobile services, as they will apply to the UAE Smart Government Ini-
tiative.
1. Define thrashing as one indicator that system resources are being exhausted.
mGovernment 61
Module 3: Scaling for Growth
SOURCES
A condition when a computer is using up the CPU cycles swapping data from
memory to the swap partition on the drive.
Thrashing is a clear indicator…
• Thrashing begins when RAM resources are exceeded, and the OS
must swap data between the RAM and the page file (or swap parti-
tion).
• Thrashing usually results in an unstable system, which can cause
the system to crash.
• Once thrashing begins, it can be difficult to stop without discon-
necting from the network or rebooting.
Thrashing is One Indicator
• Thrashing represents:
A) A condition when a computer is using up the CPU cycles swapping data
from memory to the swap partition on the drive. [Correct]
B) A condition when the computer runs out of storage space.
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 62
CONTENT
Adding physical servers in operationally demanding environments (meaning
live) is a time consuming and costly activity. It often takes months progressing
through many if not all of the steps outlined here beginning with making the
purchase after defining the precise configuration and going through a bidding
process. The eight steps provided here mean that this is not a process that can
meet immediate needs. The addition of physical servers should be something
that is planned well in advance of the growth in need and sets the stage for
a conversation about adding virtual machines (VMs) in order to meet the
immediate on-demand need.
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Describe the process for adding physical servers. This process is time
intensive.
mGovernment 63
Module 3: Scaling for Growth
Ways to add servers: Physical Servers
• Purchase new server hardware …wait for delivery
• Confirm delivery of all ordered parts and inventory the server com-
ponents, software
• Install in best available location in the data center
• Connect to nearest available network switch
• Configure switch ports correctly
• Install OS onto server, and application software
• Update load balancer configuration to include new server
• Update maintenance plan to include new server
This can take anywhere from three to six months (or longer)
Adding Physical Servers
• The point of this slide is:
A) To provide a process for how to order and install physical servers
B) To show that it is a long process and not suitable for immediate needs of
increased server capacity. [Correct]
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 64
GLOSSARY
Virtual Machine: A software based emulation of a computer.
CONTENT
In order to add virtual servers, the physical server farm has to be in place with
sufficient physical capacity already built in to operate many instances of virtual
machines. This means CPUs and memory. Under immediate demand conditions
when adding physical servers takes days if not weeks and months there is
another option. By using virtual machines the task of adding servers to a load is
simply one of “right click and clone.”
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Describe the process of adding virtual servers.
mGovernment 65
Module 3: Scaling for Growth
• Ways to add servers: Virtual Servers.
Adding Virtual Servers
Right-click, “Clone”
• The point of this slide is:
A) To provide a process for how to order and install virtual servers
B) To show that it is as simple a process as point, click and clone – exactly the
purpose of this lesson demonstrating the techniques for adding serve capaci-
ty as it is needed on demand. [Correct]
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 66
CONTENT
GLOSSARY
Virtual Machine: A software based emulation of a computer
Load Balancing: This is a simple concept of distributing the traffic or computer
load among different resources. Load balancing is discussed in terms of servers,
network and applications.
The table in this slide is an example of load balancing. In this case there are twelve
virtual machines or VMs configured the same way operating on three physical
servers with the same system resources. You should ALWAYS balance according
to hardware resource utilization – not machine count! The example on the left is
one of imbalance. The example on the right is one of a well-balanced load where
the VMs are arrayed in balance across the three physical servers.
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Describe the process of load balancing with virtual servers.
mGovernment 67
Module 3: Scaling for Growth
• Balancing Resources for Virtual Servers
• Prevents hypervisor latency
• Improves application speed
Load Balancing - Virtual Servers
BAD! GOOD!Server01 Server02 Server03 Physical
ServersServer0
1 Server02 Server03
• VM01• VM02• VM03• VM04• VM05• VM06• VM07• VM08
• VM09• VM10• VM11
• VM12
Virtual Servers
• VM01• VM02• VM03• VM04
• VM05• VM06• VM07• VM08
• VM09• VM10• VM11• VM12
• Server capacity in the datacenter may be increased by:
A) Adding physical servers to the rack [Correct].
B) Adding blades to the chassis [Correct].
C) Right click, select “clone” adding virtual servers [Correct].
D) None of the above
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 68
GLOSSARY
Load Balancing: This is a simple concept of distributing the traffic or computer
load among different resources. Load balancing is discussed in terms of servers,
network and applications.
CONTENT
Load balancing of network connections involves using an intelligent switch that
is monitoring device connections and traffic throughput. The technique is useful
in a variety of ways from optimizing network flow to supporting maintenance or
unplanned outages.
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Describe the process of load balancing network connections.
mGovernment 69
Module 3: Scaling for Growth
Balancing Network Connections
• Prevent server thrashing
• Improve application
Load Balancing - Network Connections
Internet
• Load Balancing is a technique that applies to: (Pick all correct answers).
a) Establishing spare offline systems
b) Servers [Correct]
c) Network connections [Correct]
d) Planning for maintenance and outages [Correct]
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 70
GLOSSARY
Load Balancing: This is a simple concept of distributing the traffic or computer
load among different resources. Load balancing is discussed in terms of servers,
network and applications.
CONTENT
Balancing for maintenance is the practice of applying the previous two balancing
methods as a tool for supporting routine, non-emergency maintenance.
If a server needs to be taken offline for maintenance, physical or virtual, the
traffic is shifted or balanced to the other servers. This maintenance could be
for hardware (upgrade, troubleshoot, repair) or software (service packs, patches,
etc.). This same process can work for unplanned outages such as a hardware
failure.
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Describe the process of load balancing for maintenance and unplanned
outages.
mGovernment 71
Module 3: Scaling for Growth
Balancing for Maintenance & Outages
• Maintenance – Allows taking servers down for maintenance without
taking the application down
• Outages – Allows user services to continue uninterrupted in the
event of a failure
Load Balancing – Maintenance and Outages
Internet
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 72
GLOSSARY
HA: High Availability.
RAID: Redundant Array of Independent Disks.
CONTENT
High Availability is a set of techniques to provide failover capabilities for
maintenance or unplanned outages. It can be applied at the hardware as
in the servers, at the network as in switches and at the application level. For
the hardware the typical approach is to provide RAID (Redundant Array of
Independent Disks). For the network the approach is to create redundant routes
through a virtual network interface and for applications the technique is called
“keep-alive-heartbeats.” Database log shipping is a complementary approach to
provide application level high availability.
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Describe the concept of High Availability.
Module 3: Scaling for Growth
mGovernment 73
• Hardware HA
• RAID
• Failover Spare
• Network HA
• Redundant Routes
• Virtual Interfaces
• Application HA
• Keep-alive “heartbeats”
• Database log shipping
High Availability (HA) Concepts
• There are three forms of High Availability (HA) presented in this module. What
are they?
A) Hardware [Correct]
B) RAID
C) Network [Correct]
D) Applications [Correct]
E) Heartbeat
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 74
CONTENT
Server hardware high availability or HA is a technique that allows an active server
to be replaced by a passive (or alternate) server in the case of a scheduled outage
such as when needing to perform maintenance or for an unscheduled event as
may occur in a hardware failure. In order for the passive or alternate server to
become active it needs to have the most current state of data that the active
server had prior to going offline. To make this happen in an automated way, the
IT operations uses a technique called RAID, which stands for Redundant Array of
Independent Disks. There are several forms of RAID that can be applied. Which
form is applied depends on various factors such as the degree of assurance that
the data between the active and the passive is in a perfect mirrored state. The
typical forms of RAID that are used include:
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Describe HA for hardware.
Module 3: Scaling for Growth
mGovernment 75
High Availability – Hardware
CONTENT
RAID – Redundant Array of Independent Disks
RAIDTYPE
STRIPING MIRROR PARITY CHECK
0 YES NO NO
1 NO YES NO
5 YES NO YES
1+0 YES YES NO
Failover Spare
RAID 0: Striping w/o parity. Minimum of 2 disks required.
RAID 1: Mirroring. Minimum of 2 disks required.
RAID 5: Striping w/ parity. Minimum of 3 disks required.
RAID 10 (1+0): Mirroring of striped (no parity) disks.
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 76
GLOSSARY
• There are three forms of High Availability (HA) presented in this module. Pick
the appropriate technology that matches Hardware HA.
A) RAID [Correct]
B) Virtual Interfaces
C) Heartbeat
Test Questions
RAID: Redundant Array of Independent Disks.
Module 3: Scaling for Growth
mGovernment 77
High Availability – Hardware
RAID – Redundant Array of Independent Disks
RAIDTYPE
STRIPING MIRROR PARITY CHECK
0 YES NO NO
1 NO YES NO
5 YES NO YES
1+0 YES YES NO
Failover Spare
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 78
RAID: Redundant Array of Independent Disks.
GLOSSARY
CONTENT
Network high availability can be applied using redundant route techniques to
provide dual network paths that in some cases can be self-aware and adjusting
- called virtual interfaces. Adding a second network interface card can achieve
this. Externally, adding a second outbound connection to the Internet is also
possible although it is necessary that the separate connections don’t have the
same point of failure.
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Describe HA for the network.
Module 3: Scaling for Growth
mGovernment 79
Redundant Routes
• Internal
• External Connections
High Availability – Network
Server
Switch 2Switch 1
• There are three forms of High Availability (HA) presented in this module. Pick
the appropriate technology that matches Application HA.
A) RAID
B) Redundant Routes
C) Heartbeat [Correct]
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 80
CONTENT
Application high availability can be applied with a technique called “Keep-
Alive-Heartbeats.” Heartbeats can be paired together in an “active/standby”
configuration as described for hardware high availability. In this example, the
“Standby” host will continually ping the “Active” host. If it does not receive a
reply, it will initiate a “self-promotion”, and assume the “Active” role.
Applying both of these high availability techniques can ensure that the system
remains online and with no down time experience by end-users.
A specialized version of high availability for database applications is called
Database Log Shipping. Log shipping between database servers is used to create
a pool of databases, which are identical to each other, and become the failover
data source in the event of a primary database outage.
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Describe HA for the applications.
Module 3: Scaling for Growth
mGovernment 81
GLOSSARY
Heartbeats is a term used in the context of High Availability for applications
Database Log Shipping is a term used in the context of High Availability for data-
base applications
High Availability – Applications
Keep-alive “heartbeats”
Database log shipping
Server AActive
Server BStandby
Server
Standby DatabaseOne Way OnlyActive
Database
Are You There?
Switch Active
• There are three forms of High Availability (HA) presented in this module. Pick
the appropriate technology that matches Application HA.
A) RAID
B) Virtual Interfaces
C) Heartbeat [Correct]
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 82
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
CONTENT
Bandwidth is also one of the other resources that need to be considered.
Unplanned peak demand and security such as a denial of service attack can
negatively impact the available bandwidth and the other IT infrastructure
resources. Planning ahead is an imperative. This is especially true in mobile
services where the trend is towards a higher use of rich media content such as
images and video. There are ways to plan ahead for these type contingencies. One
of them is to distribute web content using a service called Content Distribution
Network (CDN). A CDN works by making copies of the content and getting that
content closer to the end-user. Another way is to work with your service provider
to create contingency based burst bandwidth capabilities. In all cases think of
the user experience in planning for these types of contingencies.
1. Describe how bandwidth needs to be a critical resource consideration in
planning for mobile services.
Module 3: Scaling for Growth
mGovernment 83
Plan ahead – Mobile changes everything
• Rich Media
• Images and Video
• Mitigate against Unplanned Demand
• Peaks
• Denial of Service
• Multiple ways to get to the information
• Distribute the content: called distributed content network
• Get it closer to where it will be used
• Burst bandwidth
• Think of the user experience
Bandwidth as a Semi-Fixed Resource
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 84
CONTENT
This scenario is a hypothetical event that is based on real occurrences. In this
scenario a web site is introducing video downloads for the first time. The public
and journalists visit the web site to download the video of an important policy
speech. What happens when a large number of people try to download the speech
at the same time? It is fairly predictable. The demand for the video streaming
exceeds the available Internet connection bandwidth. Browsers around the world
return a “site not available” banner. The IT operations use this experience to
plan ahead for the next year by ordering a content distribution network (CDN)
service to distribute the web site content. What happens next in the story is
not as predictable but in our present day in age it should be. Many months after
the CDN capability is put in place there is a massive denial-of-service attack on
the web site. What happens? The answer is nothing. Despite a ten-fold rise in
traffic above the bandwidth allocation what users around the world continue to
• This slide is the last in the series of several slides that explain key concepts in
the IT Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Describe a real world example of planning ahead for contingencies involving
bandwidth availability.
Module 3: Scaling for Growth
mGovernment 85
CONTENT
Plan for Future Growth
in Bandwidth
• Peak Utilization
• The unpredictable
security situation
Example
Unplanned Peak
100 MBPS
Bandwidth
1 GBPS
Planned Peak
see the same web content. By planning ahead for these type contingencies both
the “normal” peak traffic and the “abnormal” denial of service attack peak traffic
are both met with a very normal user experience. This is a real world example of
what can be done to mitigate against this kind of situation that is only going to
increase as more people are connected and using mobile services.
• The purpose of this example is:
A) To explain the need to plan ahead for the coming demand (correct)
B) To recognize that in the middle of the crisis for IT resources it will be too
late to do anything (correct)
C) To show that a denial of service attack is not solvable
D) To demonstrate that video mobile services can create the same kind of
situation of peak demand overwhelming the available bandwidth (correct)
Test Questions
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 86
CONTENT
This module covered two objectives:
To convey the idea that the migration to mobile services will create additional IT
Infrastructure demands,
To establish that the IT Infrastructure growth can be managed by planning ahead
with existing concepts of scaling such as high availability, load balancing and
bandwidth contingencies
Module 3: Scaling for Growth
mGovernment 87
• Recognize that mobile will create additional IT infrastructure
stresses
• Mobile services can be managed with scaling, HA, Load Balancing
• Services need to be prioritized for criticality
Review of Objectives
mGovernment
QUIZ
88
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
It is now time to review your knowledge
of this material
mGovernment 89
fModule 3: Scaling for Growth
Quiz – Question 1
1. Thrashing is a condition: (Pick the best answer)
A) Of too many resources on the server all competing for
attention
B) That occurs when the head on a hard drive starts to spin
out of control
C) That occurs when the memory resources are exceeded
and the operating system is consumed with swapping data
between the RAM and the page file (or swap partition) on the
hard drive. [correct]
End of Module
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 92
CONTENT
This module introduces logging as an essential component of any IT Operation.
Mobile IT architectures make logging ever more important but also more
challenging.
THEMES
• Architecture.
• Accessed through the web browser
• Deployed over Internet
• Can develop/design one application for all platforms
• A cross-platform mobile application
• Provides uniformity across all platforms
• Near-instant updates
• Updates to the application are actually updates to the website,
happening on the back-end
Introduction
SDLC: Service Delivery Lifecycle
GLOSSARY
mGovernment 93
Module 1 : Front Ends and Back Ends
Logging
Module 4: Logging
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 94
CONTENT
The objectives of this module are to convey the fundamental nature of logs
in an IT Infrastructure and for IT Operations. This module covers how timing
is synchronized, Syslog, Log Servers, Log Retention and Non-Repudiation. It
closes with a discussion on how mobile impacts the operations of collecting
and maintaining logs. Lastly, a basic statement of the necessity of proper log
operations is the statement, “If it isn’t documented (logged), then it didn’t
happen.”
1. This module has two objectives:
• Describe how logs are fundamental to IT Operations
• Timing Essentials
• Syslog
• Log servers
• Log retention
• Non-Repudiation
• Examine the impact of mobile on log collection and maintenance
Module 4: Logging
mGovernment 95
GLOSSARY
• Logs are fundamental
• Timing Essentials
• Syslog
• Log servers
• Log retention
• Non-Repudiation
• How does mobile impact log operations.
OBJECTIVES
Logs: To record an action. For example, to enter a record into a log file.
http://www.webopedia.com/TERM/L/log.html
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 96
GLOSSARY
Network Time Protocol (NTP): an Internet standard protocol (built on top of
IP) that assures accurate synchronization to the millisecond of computer clock
times in a network of computers. Based on UTC, NTP synchronizes client work-
station clocks to the U.S.
http://www.webopedia.com/TERM/N/NTP.html
CONTENT
The Network Time Protocol provides a common time reference to correlate
the logs from multiple sources. It is a way to synchronize all the clocks. Almost
all network devices such as servers, routers and computers have NTP and it is
available for free. There are 15 levels of synchronization called Strata. Stratum
0 is the reference clock. Each increment from 0 to 15 represents a “hop” away
from the reference. So Strata 12 is 12 hops from Strata 0. Stratum 16 means that
it is unsynchronized.
• This is the start of establishing the basics of logs.
• Situational Awareness: Students are expected to have a background. This
is a high level overview of logs to set up the discussion on the impact of the
mobile architecture on the requirement to collect and process logs.
1. To define NTP and how it works.
Module 4: Logging
mGovernment 97
A common time reference is essential to allow correlation of logs
from multiple sources.
• Network Time Protocol (NTP) – Use it
• Synchronizes all connected system clocks
• Available on almost all devices
• Available for free
• NTP has 15 “strata”
• Each stratum reflects how many “hops” away it is from the Stratum
0 Reference Clock
“Stratum 16” = Unsynchronized
Network Time Protocol
• Logs for servers that are operated by separate entities should: (Pick the
correct answer)
a) Use a common source for time synchronization (as can be provided by
using the Network Time Protocol.) (correct)
b) Not need to use a common synchronize time stamp as the administrator
can tell when things happened on the network.
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 98
CONTENT
There are two pictures presented here of two atomic clocks that are kept in
Boulder Colorado in the United States. The Strata 0 Reference Clocks calculate
time by measuring the microwave signals that are emitted by the electrons as
they change energy levels in Cesium atoms. To measure this requires that the
atoms be cooled to near absolute zero temperature. How precise is this time
measurement? A Stratum 0 atomic reference clock will not gain or lose a single
second within 138 million years.
• This continues providing an overview of log basics.
• Situational Awareness: Students are expected to have a background. This
is a high level overview of logs to set up the discussion on the impact of the
mobile architecture on the requirement to collect and process logs.
1. To define Stratum 0 in NTP.
Module 4: Logging
mGovernment 99
Strata 0 Reference Clocks
Atomic Clocks
• Calculate time by measuring the mi-
crowave signals emitted by electrons
as they change energy levels around
cesium atoms which have been cooled
to a near absolute-zero temperature
• Will not gain or lose a single second
within 138 million years
Timing is Everything
SOURCES
https://upload.wikipedia.org/wikipedia/commons/4/45/Usno-amc.jpg
https://upload.wikimedia.org/wikipedia/commons/4/45/Usno-amc.jpg
The US Naval Observatory (USNO) Alternate Master Clock, Schriever Air Force Base, Colorado
https://upload.wikimedia.org/wikipedia/commons/0/0c/Atomic_clocks.jpg
NIST-F1 Cesium Fountain Atomic ClockNIST Laboratories, Boulder, Colorado
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 100
SOURCES
CONTENT
Syslog is standardized under IETF RFC 5424. The syslog messages are defined
two ways: by a facility code that provides information about the type of software
that is generating the log and also by a severity code (including emergency, alert,
critical, error, warning, notice, info and debug). Syslog is used in a variety of ways
but primarily for network management and for security. Syslogs are generally
sent to a separate log server that serves as a central log repository where it is
then used for the management and security functions. In integrating a network
ensure that all the vendors provide documentation and definitions for all the log
messages including the key words and the respective definitions.
• This continues providing an overview of log basics, now discussing syslogs.
• Situational Awareness: Students are expected to have a background. This
is a high level overview of logs to set up the discussion on the impact of the
mobile architecture on the requirement to collect and process logs.
1. To define syslog as a standard for system and application logging.
http://en.wikipedia.org/wiki/Syslog
Module 4: Logging
mGovernment 101
GLOSSARY
Syslog is a standard for computer message logging. It permits separation of
the software that generates messages from the system that stores them and
the software that reports and analyzes them. Syslog can be used for computer
system management and security auditing as well as generalized informational,
analysis, and debugging messages. It is supported by a wide variety of devices
(like printers and routers) and receivers across multiple platforms. Because of this,
syslog can be used to integrate log data from many different types of systems
into a central repository.
http://en.wikipedia.org/wiki/Syslog
Syslog is a standard for system & application logging
• The Internet Engineering Taskforce (IETF) has standardized Syslog
under RFC 5424.
• Establishes “Facility Levels” to identify the application generating
the log entry
• Establishes “Severity Levels” to identify the importance and
contents of the log entry
• Confirm that all your vendors include complete documentation
and definitions of all the log messages their system/application
generates, including key words and definitions!
Syslog
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 102
CONTENT
The central log repository is the single location for keeping logs. Logs are,
therefore, not stored within the same system as the application that generated
them - but separated and kept centralized where they are used for a variety
of functions. Some of the main reasons include system maintenance, security
detection, forensics and correlation of events. Interestingly Windows does not
store the log messages in plain text. They store it in binary and interpret it on
display when viewed. There are many reasons for keeping the logs separate and
one of the most important is for the security of the logs. By keeping the logs
separate the principle of separation of duties is supported so that the person
who has system administration duties (as an example) is not the same person
who can alter the logs of the activities that were conducted.
• This continues the instruction on logs by providing an overview of log basics,
now discussing the log servers that serve as a central repository for the log
messages.
• Situational Awareness: Students are expected to have a background. This
is a high level overview of logs to set up the discussion on the impact of the
mobile architecture on the requirement to collect and process logs.
1. To define log servers as a central repository for the collection of logs from
various network element sources.
Module 4: Logging
mGovernment 103
Central Log Repository
• Enables system/application analysis & auditing by collecting the
logs of multiple systems and applications in
a single location
• “Single” is misleading – log servers can be clustered, so if one fails,
the other takes over and no logs are lost (Application HA)
• Separates the software and hardware that stores the logs from the
software and hardware that generates them
• An extra layer of security
Log Servers
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 104
CONTENT
One of the key functions of keeping the logs in a central repository is for
intelligent analysis of the logs and for reporting purposes. This is done with
software tools. There are some log handling tools that are free, but others are
commercial products that can be very expensive. The logs can be used for cross-
system and cross-application review, comparison and assessment of logs
The different parts of the IT operation needs access to the logs so they can pull
them very quickly, and get a great amount of detailed about when things took
place and what took place. They are used to identify trends, problems, and help
to build intelligence and forecast future behaviors. Trying to do this manually
is no longer practical given the volume of log traffic that is generated within a
network. This is the point where it starts to become obvious what happens with
a mobile architecture that is by nature dispersed. When one starts to add in cloud
• This continues the instruction on logs by describing other functions
(intelligence and reporting).
• Situational Awareness: Students are expected to have a background. This
is a high level overview of logs to set up the discussion on the impact of the
mobile architecture on the requirement to collect and process logs.
1. To define log servers as a central repository intelligence analysis and
reporting
Module 4: Logging
mGovernment 105
• Intelligent Analysis & Reporting
• Cross-system and cross-application review, comparison and assess-
ment of logs
• We can pull these very quickly, and they are very detailed. They
easily identify trends, problems, and help to build intelligence and
forecast future behaviors
• Detailed reporting of events from a single location instead of pull-
ing logs from numerous sources and manually evaluating them –
very time & labor intensive
• Software products exist to manage all of this data. The more sophis-
ticated ones are very expensive but create a level of intelligence
analysis not possible with simply manual capabilities.
Log Servers
CONTENT
computing and virtual machines, cross- organizational sharing, it becomes clear
that log maintenance gets more challenging. All the requirements for logs do not
go away just because of mobile.
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 106
CONTENT
Logs are essential in any IT operation. That is clear. They should be retained for all
the reasons already explained. But retention is not something that is indefinite.
Retention should be based on a clear policy that takes into account various
factors of the data and the system, like how critical is it, and whether the systems
can be exposed to external access like the Internet. The primary reasons are
often legal or regulatory ones.
Another question is why they become more important in mobile services and by
extension in mobile government services. The reason is the distributed nature of
the mobile nTier architecture described in the previous chapter.
• This continues the instruction on logs by discussing retention policy and other
aspects of log retention like the practical consideration of storage space.
• Situational Awareness: Students are expected to have a background. This
is a high level overview of logs to set up the discussion on the impact of the
mobile architecture on the requirement to collect and process logs.
1. To define the activities and responsibilities of log retention.
Module 4: Logging
mGovernment 107
How long do you keep the logs? It depends!• What is the source of the log data?
• How critical is the system?
• High criticality systems should have their logs retained for longer
than low criticality systems.
• Where was the system located?
• DMZ systems more prone to attack – retain DMZ logs longer.
• What are the legal/regulatory requirements?
• Logs are evidence
• What does your policy say?
• Keep exactly as the policy requires, not less or more
Log Retention
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 108
CONTENT
In eGovernment the IT systems assets are typically under the same organizational
roof. The trend in the future of shared systems is towards less organizational
ownership and more shared arrangements. This is the simple reason.
However, just because the computing platforms are shared and possibly leased
from a cloud provider does not remove the requirement for collecting the logs
that pertain to the organization. There is also the reason that government
services may be combined. Security is a perfect candidate for bringing under
a specialized team of people with the right tools. Logs are essential in these
arrangements as they serve to establish the chain of evidence for “who did what
when” and must be kept separate to meet compliance requirements. Shared
does not mean intermixed without the ability to associate the source.
While it is important to keep the log records, it is equally important that they are
kept according to a published policy to establish the duration and nature of how
the logs are administered. The policy is essential even for the basic reason that all
computer systems (desktops, servers, everything) can generate logs.
Collecting everything from everywhere is logistically not feasible for most IT
shops. The problem is that logs take up storage space – a great deal of storage
space. Left unchecked this data can grow and grow until it consumes all the
available storage. The policy for log retention should be explicit and follow best
practices to ensure that it is reasonable to the mission of the organization.
Module 4: Logging
mGovernment 109
How long do you keep the logs? It depends!• What is the source of the log data?
• How critical is the system?
• High criticality systems should have their logs retained for longer
than low criticality systems.
• Where was the system located?
• DMZ systems more prone to attack – retain DMZ logs longer.
• What are the legal/regulatory requirements?
• Logs are evidence
• What does your policy say?
• Keep exactly as the policy requires, not less or more
Log Retention
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 110
CONTENT
Repudiation means to deny. Non-repudiation means to not be able to deny. A user
cannot perform some action, and credibly deny it afterwards. Non-repudiation
then is a property of information security which makes it difficult or impossible
for someone to repudiate, and thus is highly desirable. In an operational sense it
means that Party A cannot repudiate (deny) the sending of an email sent to Party
B (as an example). The only way to prove the event is with the logs, which provide
the evidence needed to confirm the transaction of sending an email from one
party to another.
Without the logs there is no way to make the confirmation and everything that
allows the Internet to function is undermined. Without logs there is not root-
of-trust. Email is simply an example. Machine to machine non-repudiation is
• This continues the instruction on logs by discussing retention policy and other
aspects of log retention like the practical consideration of storage space.
• Situational Awareness: Students are expected to have a background. This
is a high level overview of logs to set up the discussion on the impact of the
mobile architecture on the requirement to collect and process logs.
1. To define what is non-repudiation in the context of the topic og logs.
Module 4: Logging
mGovernment 111
Repudiation = Refute
Refute means to deny.
Non-repudiation means that it cannot be denied
“The ability to prove authenticity when it is refuted”
Has significant importance in the world of information security, criminal
/ civil law, and computer forensics.
Scenario: A group of employees in your business is known to cause
trouble for others. Recently, a very insulting email was sent by one of
them to the General Manager of the company. The individuals claim
they never wrote the email, even though it came from one of their
accounts…..
Non-repudiation
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 112
CONTENT
another form. Without these foundational capabilities trustworthiness is made
more difficult and so there is no basis for the higher-level functions of financial
transactions.
Without the capabilities of non-repudiation the Internet of trusted transactions
would not function, as we know it. It is indeed elemental. The logs are the basis
for establishing non-repudiation.
GLOSSARY
Non-Repudiation in digital security: Regarding digital security, the cryptologic
meaning and application of non-repudiation shifts to mean: a service that provides
proof of the integrity and origin of data and n authentication that can be asserted
to be genuine with high assurance.
http://en.wikipedia.org/wiki/Non-repudiation
Module 4: Logging
mGovernment 113
Repudiation = Refute
Refute means to deny.
Non-repudiation means that it cannot be denied
“The ability to prove authenticity when it is refuted”
Has significant importance in the world of information security, criminal
/ civil law, and computer forensics.
Scenario: A group of employees in your business is known to cause
trouble for others. Recently, a very insulting email was sent by one of
them to the General Manager of the company. The individuals claim
they never wrote the email, even though it came from one of their
accounts…..
Non-repudiation
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 114
CONTENT
The Objectives of this module were to understand the fundamental nature
of logs in an IT Infrastructure and for IT Operations. This module covers how
timing is synchronized, Syslog, Log Servers, Log Retention and Non-Repudiation.
It closes with a discussion on how mobile impacts the operations of collecting
and maintaining logs. Lastly, a basic statement of the necessity of proper log
operations is the statement, “If it isn’t documented (logged), then it didn’t
happen.”
Module 4: Logging
mGovernment 115
• Logs are fundamental
• Timing Essentials
• Syslog
• Log servers
• Log retention
• Non-Repudiation
• How does mobile impact log operations
OBJECTIVES
“If it isn’t documented, it didn’t happen”
mGovernment
It is now time to review your knowledge
of this material
QUIZ
116
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 117
fModule 4: Logging
Quiz – Question 2
Quiz – Question 1
1. Logs for servers that are operated by separate entities
should: (Pick the correct answer)
A) Use a common source for time synchronization (as can be
provided by using the Network Time Protocol.) (correct)
B) Not need to use a common synchronize time stamp as the
administrator can tell when things happened on the network.
2. Log retention: (Pick all the correct answers)
A) Should follow a pre-established policy for location, duration
and other factors (correct)
B) Should be on the same server as what is running the
application or the database
C) Should also be kept for forensics – finding how who did
what when (correct)
D) Is essential to provide for non-repudiation. (correct)
E) Should be based on a policy of keeping data for as long as
there is room in the network storage.
End of Module
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 120
CONTENT
This module introduces the topic of determining the criticality of IT systems.
Everything in the IT operation is not of the same importance. Making this
determination up front can be the difference between knowing what to do in a
crisis to achieve a speedy recovery or wasting precious time.
THEMES
• Architecture.
• Accessed through the web browser
• Deployed over Internet
• Can develop/design one application for all platforms
• A cross-platform mobile application
• Provides uniformity across all platforms
• Near-instant updates
• Updates to the application are actually updates to the website,
happening on the back-end
Introduction
SDLC: Service Delivery Lifecycle
GLOSSARY
mGovernment 121
Module 1 : Front Ends and Back Ends
Criticality Analysis
Module 5: Criticality Analysis
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 122
CONTENT
This module serves to establish the importance of determining the criticality
of systems linked to the importance of the organizational functions. The
designations can be as simple as low to high. And the benefits can accrue in
better maintenance planning to crisis management and to the allocation of
resources
1. This module has one objective: Establish the importance of determining the
criticality of systems linked to the importance of the organizational functions.
Module 5: Criticality Analysis
mGovernment 123
The importance of establishing a criticality designation for the IT
systems:
• Based on a priority hierarchy
• Can use low, medium, high
• Many benefits from maintenance to crisis management to alloca-
tion of resources
Objectives
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 124
INSTRUCTOR GUIDANCE
CONTENT
Far too many IT operations don’t know what is critical and what is not. Knowing
this up front has many benefits. It begins with establishing a criticality scheme
from Low to Medium to High with the appropriate definitions. The words on this
slide are provided only as an example. The most important of these designations
being those IT applications and the corresponding IT systems determined to be
High because there could be lives lost if the system were to become unavailable
for whatever the reason. The Medium designation is for important applications
that do not otherwise meet the High criteria. Email systems are typically in
this category. The Low designation applies to systems determined to be non-
essential. Applications that can be out of service for multiple days without impact
fit this category.
• This slide is one of several slides that define the concepts of criticality in the
IT Infrastructure.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Define the concept of system criticality in three tiers: high, medium, low. A
determination of High is typically associated with the criteria that lives could
be lost if the application crashes.
Module 5: Criticality Analysis
mGovernment 125
“How bad will it be if this application crashes?”
• High – Critical Applications
• Loss of application access is unacceptable, devastating impact
• Entity is immediately incapable of performing its duty
• Lives could be lost
• Medium – Important Applications
• Loss is unacceptable, but not quickly damaging
• Entity is able to function without application for a short time
• Service and support can be delayed or degraded
• Low – Non-essential Applications
• Loss can be tolerated without significant impact on organization
• Organization can operate without impact for prolonged periods
• Service and support could be delayed or degraded
Prioritizing for Contingencies
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 126
GLOSSARY
Criticality: In this context, criticality means the making a determination as to
the priority of IT systems for reasons of assignment of resources and managing
a crisis situation.
• The most critical type of application or system is one where a failure could
result in:
A) More work for the System Administrator
B) Increased load on the Help Desk Staff
C) A higher bill from the ISP for increased bandwidth usage
D) Loss of Life [Correct]
E) Increased power consumption
F) Extra load on the cooling systems in the Data Center
Test Questions
Module 5: Criticality Analysis
mGovernment 127
“How bad will it be if this application crashes?”
• High – Critical Applications
• Loss of application access is unacceptable, devastating impact
• Entity is immediately incapable of performing its duty
• Lives could be lost
• Medium – Important Applications
• Loss is unacceptable, but not quickly damaging
• Entity is able to function without application for a short time
• Service and support can be delayed or degraded
• Low – Non-essential Applications
• Loss can be tolerated without significant impact on organization
• Organization can operate without impact for prolonged periods
• Service and support could be delayed or degraded
Prioritizing for Contingencies
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 128
GLOSSARY
Criticality: In this context, criticality means the making a determination as to
the priority of IT systems for reasons of assignment of resources and managing
a crisis situation.
CONTENT
Why do we designate application criticality? There are several answers. One
is simply a matter of resources such as budget that helps determine the
allocation of other resources in terms of support staff, developers, security and
maintenance. A second reason is to know the interdependency between the
subsystems. A general-purpose switch in the network closet may be the reason
for a critical application outage. Knowing this before the outage occurs can
speed the recovery time by knowing which systems to begin repairing first.
• This slide is one of several slides that define the concepts of criticality in the
IT Infrastructure.
• Situational Awareness: Be mindful of putting this series of slides in the con-
text of mobile services, as they will apply to the UAE Smart Government Ini-
tiative.
1. Explain the reasoning behind why determining criticality is essential in IT
operations
Module 5: Criticality Analysis
mGovernment 129
Why do we designate application criticality?
As criticality increases, budget also increases, impacting:
• Support Staff
• Developers
• Security
• Maintenance
Establishes dependence hierarchy:
• A massive system outage has occurred – everything has crashed
and needs to be repaired.
• Some systems will not work unless other systems are functional.
• Which system(s) do you begin repairing?
Why Designate Priorities (Criticality)
• Criticality determinations are done for several reasons. What are they?
A) Assignment of resources.
B) Security
C) Knowing what to recover first
D) To meet inspection requirements (all others correct)
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 130
GLOSSARY
Enterprise Architecture (EA): EA is a type of business discipline that deals
with the complexity in business functions and the supporting IT systems.
CONTENT
This is a conversation about the alignment between IT and the business. IT
operations need to ensure that this alignment is always maintained. One
approach is to use the discipline of Enterprise Architecture also known as EA.
The EA process creates the conditions for prioritizing knowing what is important
and why will be the basis for making smarter disaster recovery type decisions
within the IT domain.
• This slide is one of several slides that define the concepts of criticality in the
IT Infrastructure.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Provide a list of considerations in determining the criticality of applications.
Module 5: Criticality Analysis
mGovernment 131
• Begins with Enterprise Architecture
• Prioritizing Functions
• Prioritizing Services
• Servers and Networks
• Knowing where the functions take place will tell you where
the data is
• And what to protect the most
Prioritizing What Matters
• The outcome of the criticality analysis is an assignment of priority. The most
critical systems that support the most important government or business
functions get assigned the highest priority.
A) True (correct)
B) False
Test Questions
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 132
CONTENT
This module covered two objectives:
To convey the idea that the migration to mobile services will create additional IT
Infrastructure demands,
To establish that the IT Infrastructure growth can be managed by planning ahead
with existing concepts of scaling such as high availability, load balancing and
bandwidth contingencies
mGovernment 133
Module 5: Criticality Analysis
The importance of establishing a criticality designation for the IT
systems:
• Based on a priority hierarchy
• Can use low, medium, high
• Many benefits from maintenance to crisis management to alloca-
tion of resources
Review of Objectives
mGovernment
It is now time to review your knowledge
of this material
QUIZ
134
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 135
fModule 5: Criticality Analysis
Quiz – Question 1
1. Criticality is about: (Pick all correct answers)
A) Prioritizing (correct)
B) Knowing what to fix first in a large network outage. (correct)
C) Applying the best security to the most important assets
(correct)
D) Having a plan of what to do in case of a crisis (correct)
E) Knowing that all customers are going to want equal
attention and so all the systems are going to need to be treated
with equal importance
F) Knowing what could potentially impact life (correct)
End of Module
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 138
CONTENT
This module is designed to make use of the lessons from the preceding modules
to challenge the student with troubleshooting the problem.
THEMES
• Scalability.
• Accessed through the web browser
• Deployed over Internet
• Can develop/design one application for all platforms
• A cross-platform mobile application
• Provides uniformity across all platforms
• Near-instant updates
• Updates to the application are actually updates to the website,
happening on the back-end
Introduction
SDLC: Service Delivery Lifecycle
GLOSSARY
mGovernment 139
Module 1 : Front Ends and Back Ends
Troubleshooting Challenge
Module 6: Troubleshooting Challenge
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 140
CONTENT
This module presents troubleshooting challenges. It’s objectives are to learn
to identify the signs of problems in mobile app performance and consider the
kinds of solutions that would mitigate the problem. There is no single correct
answer in these scenario-driven exercises but the lessons of the past modules
provide indicators of where to look first and what possible solutions will solve the
problem. Ultimately, the lesson is that mobile services do create challenges to
the traditional IT infrastructure that was suitable for eGov.
This module has three objectives:
1. Learn to identify the signs of problems in mobile app performance
2. Consider where to look for the solution
3. Continue to stress the idea that mobile services will require changes in the IT
infrastructure in ways that are different from eGov.
Module 6: Troubleshooting Challenge
mGovernment 141
• Learn to identify the signs of problems in mobile app performance
• Consider where to look for the solution
• Continue to stress the idea that mobile services will require
changes in the IT infrastructure in ways that are different
from eGov.
Objectives
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 142
INSTRUCTOR GUIDANCE
CONTENT
The task for these next series of slides to determine where to start to investigate
the problem as presented. The student is presented with a scenario that indicates
a performance problem with a mobile government application.
The short description provides enough clues to consider the cause of the
problem
Your role is to: Pick one of the choices of where to begin the investigation and
also pick one of the potential solutions.
• This slide is one of several slides that present a problem solving challenge.
The purpose is to get the student to start applying the lessons of the past
modules.
• Situational Awareness: This series of slides presents the student with
scenarios designed to apply the information conveyed in the previous
modules.
1. Apply the lessons of the previous modules in working through a mobile
government app performance problem.
Module 6: Troubleshooting Challenge
mGovernment 143
• Each scenario presents a performance problem with a mobile
application.
• Enough clues provided to consider the cause of the problem
• Your role is to: Pick one of the choices of where to begin the
investigation
Where is the Problem
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 144
CONTENT
Users complain that your entity’s mGov application takes too long to respond.
You investigate the front end servers, and none of them show high levels of RAM
or CPU utilization.
Consider two possible answers to the Scenario 1 problem. First the RAM
and Processor might be fine, but if the network bandwidth isn’t sufficient
to support the user load, users will experience slow response times, even
fail to connect entirely. The load may be the result of a combination of
the data traffic type like videos and the number of transactions taking
place at any given moment. This problem may only manifest itself under
certain conditions. Check the router performance logs to identify if there
is insufficient bandwidth. The simple solution may be to add bandwidth.
• This slide is one of several slides that present a problem solving challenge.
The purpose is to get the student to start applying the lessons of the past
modules.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Apply the lessons of the previous modules in working through a mobile
government app performance problem.
Module 6: Troubleshooting Challenge
mGovernment 145
The mGov application takes too long to respond.
Front end servers show normal RAM and CPU utilization readings
What should you investigate next?
• The back end database storage?
• No. There is no indication that this is the problem.
• The application on the smartphone devices.
• Yes, This is an alternative answer. Why?
• The bandwidth connection?
• Yes. Start here.
Scenario 1
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 146
CONTENT
It begins here. The final answer may need more sophisticated solutions such as
were discussed in the previous module about conducting a bandwidth analysis.
Is the performance always happening or does it only appear under certain use
conditions? Logs can help.
There are other potential areas to investigate. An Alternative Answer concerns the
application. Was the application tested thoroughly enough prior to deployment
to verify that the slow response time is, in fact, related to the IT infrastructure
and not the design of the application’s code? What is the baseline performance
while under a minimal or moderate load? The answers to these questions will
lead to possibly needing a redesign of the application.
• Bandwidth problems are difficult to determine from strictly the user
experience. There are so many considerations. What would be some of the
variables to consider in determining if the bandwidth is the source of the
problem?
A) What is the connection capacity at the mobile phone?
B) What kind of data – video streaming?
C) How many concurrent users are accessing the data?
D) What is the phone memory capacity
E) What type of connection is being made – WiFi, 3G, other?
F) All of the above apply. (correct)
Test Questions
Module 6: Troubleshooting Challenge
mGovernment 147
The mGov application takes too long to respond.
Front end servers show normal RAM and CPU utilization readings
What should you investigate next?
• The back end database storage?
• No. There is no indication that this is the problem.
• The application on the smartphone devices.
• Yes, This is an alternative answer. Why?
• The bandwidth connection?
• Yes. Start here.
Scenario 1
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 148
CONTENT
Your entity provides an HTML5 mobile government application designed to be
used with the latest generation smartphones.
New users complain that they cannot sign up for an account.
Existing users complain that they cannot login.
The application loads fast, but user-specific information – such as name, account
number, etc. are missing.
Scenario 2 Answer – This is a scenario where it sounds like there is a problem
with the back end, or the connection to it from the front end. If the front end
had been the problem, we wouldn’t see the main page on the web site. If it were
a network congestion problem, the page would load slowly. However, since we
don’t have these problems, it looks like we cannot interact with the database.
This is where to start the investigation.
• This slide is one of several slides that present a problem solving challenge.
The purpose is to get the student to start applying the lessons of the past
modules.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Apply the lessons of the previous modules in working through a mobile
government app performance problem.
Module 6: Troubleshooting Challenge
mGovernment 149
An HTML5 mGov application. New users complain that they cannot sign
up for an account. Existing users complain - they cannot login.
The application loads fast but user-specific information – such as name,
account number, etc. – are missing. What should you investigate next?
• The back end data storage?
• Yes. This is definitely one consideration. The indication is that there
is a problem with the database or the connection to the database
possibly in the connection path.
• The application loaded on the smartphone devices.
• Yes, This is an alternative answer. Why?
• The bandwidth connection?
• No. The application loads quickly without a problem
Scenario 2
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 150
CONTENT
And there could be an Alternative Answer – This application likely depends on
Application Programming Interface (API) software calling up routines for data
from the database. This is a second potential area to investigate.
• As we learned in a previous module HTML5 applications place greater
resource demands on the servers. That is why it is important to stress test
mobile applications in near live conditions using the end-to-end system
resources.
A) True (correct)
B) False
Test Questions
Module 6: Troubleshooting Challenge
mGovernment 151
An HTML5 mGov application. New users complain that they cannot sign
up for an account. Existing users complain - they cannot login.
The application loads fast but user-specific information – such as name,
account number, etc. – are missing. What should you investigate next?
• The back end data storage?
• Yes. This is definitely one consideration. The indication is that there
is a problem with the database or the connection to the database
possibly in the connection path.
• The application loaded on the smartphone devices.
• Yes, This is an alternative answer. Why?
• The bandwidth connection?
• No. The application loads quickly without a problem
Scenario 2
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 152
CONTENT
Your entity supports an HTML5 mGov application. It has become so popular you
have implemented load balancers to support the high user demand.
Users begin reporting problems with this application. Sometimes there are no
problems, but sometimes it is very slow to respond, and sometimes connections
time-out.
There is no consistency between what users are reporting this problem, where
they are located, or when they are experiencing it.
Scenario 3 Answer – Check the front end servers for resource utilization and the
metrics being used on the load balancers. Load balancers can query the servers
they pass traffic to, or receive status reports from them, about the server’s
general health. If a server is running high on utilization, this can be reported to
the load balancer, which will then reduce the number of connections it forwards
to that server.
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Apply the lessons of the previous modules in working through a mobile
government app performance problem.
Module 6: Troubleshooting Challenge
mGovernment 153
A very popular HTML5 mGov application with extremely high user de-
mand. You implemented load balancers
Users experiencing intermittent problems with this application: some-
times slow to respond, and sometimes connections time-out.
There appears to be no consistent reason, not location dependent, or
time of day. What should you investigate next?
• The back end data storage?
• Possibly, but the back end is not the place to start investigating.
• The bandwidth?
• No. Bandwidth is not correlated to any peak demand issues.
• The servers have insufficient resources: memory and CPU capacity?
• Yes. This is a potential answer. The report from the load balancers
Scenario 3
• Load balancing can capture metrics of server performance that would
provide an indication of resource problems.
A) True (correct)
B) False
Test Questions
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 154
CONTENT
This module presented three troubleshooting challenges. The objectives were:
To learn to identify the signs of problems in mobile app performance and consider
the kinds of solutions that would mitigate the problem. There is no single correct
answer in these scenario-driven exercises but the lessons of the past modules
provide indicators of where to look first and what possible solutions will solve the
problem. Ultimately, the lesson is that mobile services do create challenges to
the traditional IT infrastructure that was suitable for eGov.
mGovernment 155
Module 6: Troubleshooting Challenge
• Learn to identify the signs of problems in mobile app performance
• Consider where to look for the solution
• Continue to stress the idea that mobile services will require
changes in the IT infrastructure in ways that are different
from eGov.
Review of Objectives
mGovernment
It is now time to review your knowledge
of this material
QUIZ
Quiz – Question 1
156
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
1. Scenario 1 is intended to challenge the student to see: (Pick
all correct answers)
A) See network congestion as one area of concern
impacting the end-user experience.(correct)
B) Recognize that network bandwidth is always the first
place to start looking for a diagnosis of a problem.
mGovernment
Quiz – Question 2
157
fModule 6: Troubleshooting Challenge
Quiz – Question 3
3. Scenario 3 is intended to challenge the student to see: (Pick
all correct answers)
A) How problems can be hidden until certain conditions
come into play such as an unplanned incident that creates a
spike in demand. (correct)
B) To recognize that testing the application under diverse
conditions is an important part of the overall system design.
(correct)
C) That putting in place load balancers can allow for meeting
demand. (correct)
D) Recognize that there will always be problems and there is
nothing you can do about that.
2. Scenario 2 is intended to challenge the student to see: (Pick
all correct answers)
A) How the frontend and backend of the system resources
must work together in order for the application to perform as
expected. (correct)
B) There may not be one problem but several that impact
the performance of an application. (correct)
C) The notion of generalizing about frontend, backend,
network and device allows the diagnosis to focus in on the
specific problem (correct)
D) Recognize that backend is always the first place to start
looking for a diagnosis of a problem
End of Module
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 160
CONTENT
This module covers the impact of the mobile platform types on the IT
Infrastructure in the migration from eGov to mGov.
THEMES
• Applications
• Accessed through the web browser
• Deployed over Internet
• Can develop/design one application for all platforms
• A cross-platform mobile application
• Provides uniformity across all platforms
• Near-instant updates
• Updates to the application are actually updates to the website,
happening on the back-end
Introduction
SDLC: Service Delivery Lifecycle
GLOSSARY
mGovernment 161
Module 1 : Front Ends and Back Ends
Mobile Application’s
Impact on the IT Infrastructure
Module 7: Mobile Application’s Impact on the IT Infrastructure
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 162
CONTENT
This module has two objectives:
To explain why it is that the mobile applications can cause challenges in the IT
infrastructure
And to provide some ideas on taking a practical approach to implementation. We
call this a crawl before you run approach. It is a deeper dive into the applications
and continues the discussion of how the mobile services environment puts
stress on the IT infrastructure and staff that now need to be available 24 hours
each day.
This module has two objectives:
1. Explain why mobile applications can cause resource challenges in the IT
infrastructure.
2. Provide ideas on a crawl before you run approach to implementation.
Module 7: Mobile Application’s Impact on the IT Infrastructure
mGovernment 163
• Explain why mobile application types can cause challenges in the IT
Infrastructure.
• Provide ideas on taking a practical crawl before run approach to
implementation.
Objectives
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 164
CONTENT
The HTML5 application platform is one of the four types discussed earlier
and the one that places the greatest resource demands on the data center IT
infrastructure.
While HTML5 apps make it ideal for requirements that can be met from a
web server, this is also its principal limitation. HTML5 apps are ideal for online
transactions like registrations. It is not the ideal platform for apps that need the
features such as a camera or GPS.
And HTML5 apps place greater stress on the server farm. Servers need to be
robust enough to support all the video, image and transaction processing of
the app. The more the HTML5 app uses rich media, the greater the need in
server CPU and memory and in network connectivity capacity. As the mobile
government services will need to be available on a 24-hour basis all the high
availability and load balancing requirements discussed in previous slides become
critical.
And then there is the need for a reliable Internet connection. No connection
means there is no access to application and the data that is kept in the data
center.
• This slide is one of several slides that discuss how the mobile application types
can impact the IT Infrastructure.
1. Define the impact of HTML5 Applications on the IT Infrastructure.
Module 7: Mobile Application’s Impact on the IT Infrastructure
mGovernment 165
• Significant resources on the servers.
• Media Intensive: images, videos, flash, etc., come from your servers.
• Data is created on the servers – appears uniform on all the devices.
• App updates are actually website updates.
• Downloading webpages from your servers.
• Reliable synchronous communications required: outages noticed
immediately.
HTML5 Applications
GLOSSARY
HTML5: see earlier definitions.
• HTML 5 applications can cause the following kinds of IT infrastructure issues:
(Pick all correct answers)
A) A greater demand on the network resources including servers, databases,
and bandwidth than had previously existed as users can now access your app at
anytime and at anyplace with network connectivity.
B) The use of media such as images and videos will cause further demands on
the network resources.
C) You may have to consider a content distribution network (CDN) to handle all
your content demands. (all correct)
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 166
CONTENT
Unlike HTML5, the processing in a Native application is done on the smartphone
or tablet. This means that there is not the same kind of data center resource
demands on CPU and Memory capacity that exists with HTML5 apps. That is the
good news. From a security perspective, however, the news is more complicated.
In HTML5 the interface is the Browser – the same browser technology that has
been around since 1992 with over 20 years of work on mitigating known risks
and vulnerabilities. Native Apps are browser-less meaning that the browser is not
used. All that browser-level security mitigation painfully learned and put in place
over two decades of experience now depends on the developer of the Native
app. Can a poorly written Native app expose the back end databases of an IT
operation? That is a good question. The answer is – yes – potentially.
• This slide is one of several slides that discuss how the mobile application types
can impact the IT Infrastructure.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Define the impact of Native Applications on the IT Infrastructure.
Module 7: Mobile Application’s Impact on the IT Infrastructure
mGovernment 167
GLOSSARY
Native Apps: see earlier definitions
Patches: Updates to software that are intended to fix functionality or security
bugs
Less resource demands on the server
Greater complexity
Security: App runs on the device, not the browser
Can potentially expose back end databases
VERY carefully review submitted data
• Appearance & controls differ by platform.
• Might have different code for each platform.
• Will users will install updates?
• Support different app and protocol versions.
Native Applications
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 168
CONTENT
The other complication is less a problem on the IT infrastructure and more
so a challenge for the app developers who need to create versions of the
application suitable to all the operating systems such as Android, iOS, BlackBerry
and Windows. Native apps must also be tested to make sure that they appear
correctly on the different physical platforms such as the many variety of Android
Phones and the many types of tablets.
Lastly, Native Apps must contend with the problem of pushing updates. Not
everyone updates the mobile apps when the update is published. Pushing
patches or upgrades to an app depend on the cooperation of the end-users. This
is another of the complications with Native Apps.
• Native applications may introduce security holes into your network resources
that had not previously been a concern with strictly eGovernment services.
A) True (correct)
B) False
Test Questions
Module 7: Mobile Application’s Impact on the IT Infrastructure
mGovernment 169
Less resource demands on the server
Greater complexity
Security: App runs on the device, not the browser
Can potentially expose back end databases
VERY carefully review submitted data
• Appearance & controls differ by platform.
• Might have different code for each platform.
• Will users will install updates?
• Support different app and protocol versions.
Native Applications
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 170
CONTENT
Hybrid apps inherit the advantages but also the complications of both HTML5
and Native app types.
Hybrid apps may in fact be the right choice when an entity needs to use the
features of a smartphone and also the facility of an eGov application in a com-
bined application service. There are many considerations in deciding to go with
a Hybrid App. Here are some questions to ask:
• How much data does the HTML5 component of the app need to pull from
the web server?
• Less, if data is pre-loaded on the native app
• More, if we need to send additional media (video, images) to enhance
the user experience
• This slide is one of several slides that discuss how the mobile application types
can impact the IT Infrastructure.
• Situational Awareness: Be mindful of putting this series of slides in the con-
text of mobile services, as they will apply to the UAE Smart Government Ini-
tiative.
1. Define the impact of Hybrid Applications on the IT Infrastructure.
Module 7: Mobile Application’s Impact on the IT Infrastructure
mGovernment 171
GLOSSARY
Hybrid: see earlier definitions.
More resources, more complexity? Maybe. Some considerations:
• How much data does the HTML5 component of the app pull from a
web server?
• Less, if data is pre-loaded on the native app
• More, if we need to send additional media (video, images) to en-
hance the user experience
• How often does the Native App need to be updated?
• Less past versions to support!
• More if there is more device integration.
Hybrid Applications
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 172
CONTENT
• How often does the Native App need to be updated?
• Less, if there are past versions to support
• More, if there is more device integration.
These considerations and others like cost and maintenance need to be part of
the analysis done in making a decision to meet your requirements with a Hybrid
App.
• Hybrid applications: (Pick all that apply)
A. Have the advantages of both the HTML 5 and the Native types. (correct)
B. Have the disadvantages of both the HTML 5 and the Native types (correct)
C. Will require the most attention (as compared to the other app types) to all
aspects of the IT infrastructure (correct)
D. Should always be attempted first as that is where you will end up with all
your apps anyway.
Test Questions
Module 7: Mobile Application’s Impact on the IT Infrastructure
mGovernment 173
More resources, more complexity? Maybe. Some considerations:
• How much data does the HTML5 component of the app pull from a
web server?
• Less, if data is pre-loaded on the native app
• More, if we need to send additional media (video, images) to en-
hance the user experience
• How often does the Native App need to be updated?
• Less past versions to support!
• More if there is more device integration.
Hybrid Applications
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 174
CONTENT
In the migration from eGovernment to mGovernment services there are a variety
of factors to consider. The following logic flow asks a few questions that you can
ask in making this determination starting with: “Do you have an existing eService
website?” If the answer is No, then ask a different question, “Do you need access
to device sensor data such as location (GPS)?” If the answer is Yes, then the
choice is to Build a Native Application.
If the answer is No, then Build an HTML5 Application
If you do have an eService website with a desire to make it available to a
mobile platform then consider a migration from eService to mService HTML5
Application. The same questions can be asked about the future. Will there be a
need for device sensor data in the future? If the answer is No, then stay with the
• This slide is one of several slides that provide guidance on the migration from
eGov to mGov services
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Describe a process for migrating from eGov to mGov.
Module 7: Mobile Application’s Impact on the IT Infrastructure
mGovernment 175
CONTENT
Do you have an existing eService website?
• No. Do you need access to device sensor data such as location
(GPS)?
• Yes: Build a Native Application
• No: Build an HTML5 Application
• Yes. Candidate for eService to mService HTML5 Application
Need device sensor data in the future?
• No. Stay with the HTML5 Application
• Yes. Two options:
• Integrate the two to create a Hybrid Application.
• Release the Native Application, discontinue HTML5
Migration: From eGov to mGov
• All eGovernment applications are ideal candidates to converting them to
mGovernment applications.
A) True
B) False [Correct]
Test Questions
HTML5 Application. If the answer is Yes, then there remain two options: Integrate
the two to create a Hybrid Application, or create and release the Native Application
and discontinue the HTML5 application.
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 176
CONTENT
Is there a correlation between Application Platform Types and the Migration
Steps that were presented in the mGov Guidelines Document? Indeed there
is to a certain extent. While the Guideline is not prescriptive on the platform
type that corresponds to the Steps 1 through 4 it is clear enough that there is a
correlation. Step 4 level functionality, as an example, can be achieved by a Native
or Hybrid Application platform but not by strictly HTML5 or SMS. The guidance is
to consider providing the service at a Step 1 with SMS or HTML5 and release it as
an initial version. Take usage data, learn from the experience and the data, adjust
and climb the service up to Step 2. Remember, not all eGov services are suitable
for conversion. The mGov Guidelines provides the migration path – follow it.
• This slide is one of several slides that provide guidance on the migration from
eGov to mGov services.
• Situational Awareness: Be mindful of putting this series of slides in the con-
text of mobile services, as they will apply to the UAE Smart Government Ini-
tiative.
1. Provide guidance to consider in taking the mGov Guideline Steps.
Module 7: Mobile Application’s Impact on the IT Infrastructure
mGovernment 177
Migration: Step 1 To Step 4
App Version 1.1 Get Data Analyze and AdjustStep 1 Steps 2-4
• Don’t try to do everything at once!
• Establish a phased upgrade path.
• Most (but not all) mGovernment services will evolve from
eGovernment services.
• The mGov Guidelines provides the path
• Follow the Steps 1 through Step 4 in sequence as releases
• Just like the commercial apps are done
• The fastest and most successful strategy to get your mGov application online
is to start developing the most advanced type (Native or Hybrid) right away so
that you have the most time to get it completed.
A) True
B) False [Correct]
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 178
CONTENT
The point in this slide called Crawl Before You Run is to recognize that the path
to success is an incremental one. Asking and answering simple questions,
getting data on usage by using Google Analytics on your HTML5 application
and then making incremental improvements. As explained in the previous slide
-there is a correlation between the Steps and the Application Platform Types.
Use the incremental step process to deploy SMS and HTML5 type apps before
considering Native and Hybrid. Also – stay focused on providing a citizen service
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Provide additional guidance to consider in the migration.
Module 7: Mobile Application’s Impact on the IT Infrastructure
mGovernment 179
What does that really mean?
• It means start with creating your app at the lowest level of the
Steps appropriate for the need
• Version 1.0 will be served by what…SMS, HTML5?
• Gather data…Google Analytics?
• Answer simple questions:
• Where is…? When is…? Who does…? What do I…?
• Are you solving a citizen needed problem?
• What are the metrics to determine success?
• Do you have a baseline determined
Crawl Before You Run
• The strategy of crawl before run is based on the wisdom that comes with
experience such as:
A) Observe what happens in the commercial world of technology releases
that are based on incremental releases of functionality where the market is
informative as to what works and what does not work. [Correct]
B) Pushing the envelope of technology can be a high risk with no reward
approach. This approach is not suitable to the need for citizens to trust in the
efficiency and effectiveness of government functions. [Correct]
C) It is always better to simply go slow.
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 180
GLOSSARY
CONTENT
Smart Government
In the details of how to create mobile government applications and what
technologies need to be scaled to provide for this capability one cannot lose
sight of the goal - the purpose for all of this - the why. That purpose, that goal
is smart government. An app that has been in development by the Dubai Water
and Electricity Authority fits this purpose. It has been recognized with awards,
the press and more importantly by the number of downloads. People are using
it. That is the ultimate test of success. It is saving fuel, money, and time. The
integration with Emirates ID is consistent with the idea of the government
sharing information and integrating government services. It is reducing the
carbon footprint. It is in a word – making people “happy.”
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Examine a success story.
Module 7: Mobile Application’s Impact on the IT Infrastructure
mGovernment 181
SOURCES
https://e-services.dewa.gov.ae/newshist/details.aspx-?id=0241153800000000000000002411538
The Goal is Smart Government
• Savings• Fuel• Money• Carbon Footprint• Paper Eliminated
• Over 150 Features and Services
• Integrated with EID
From DEWA Web Site
Dubai Electricity and Water Authority (DEWA) announced it has transformed all of its services into smart services in less than a year after the launch of the Smart Dubai initiative.
HE Saeed Mohammed Al Tayer, MD & CEO of DEWA said the achievement is in line with the Smart Government phase, the post e-Government initiative launched by HH Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, …transform Dubai into the smartest city in the world with all the services and utilities run by integrated and connected smart systems.
https://e-services.dewa.gov.ae/newshist/
• The primary purpose of the Smart Government initiative is to:
A) Provide a rich library of government apps for the residents of UAE
B) To create a smarter – integrated set of government services that is
responsive and anticipates the needs of the residents of UAE. (correct)
Test Questions
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 182
CONTENT
This module covered two objectives:
To explain why it is that the mobile applications can cause challenges in the IT
infrastructure. It is a deeper dive into the applications to continue the discussion
of how the mobile services environment puts stress on the IT infrastructure and
the staff that now need ensure system availability 24 hours each day.
And to provide some ideas on taking a practical approach to implementation. We
call this a crawl before your run approach.
Module 7: Mobile Application’s Impact on the IT Infrastructure
mGovernment 183
• Start with a migration strategy…a simple logic flow analysis will give
you the answer.
• Then understand how the different apps will impact the services
delivered by the IT infrastructure.
• And start small taking a crawl before run approach.
Review of Objectives
mGovernment
It is now time to review your knowledge
of this material
QUIZ
Quiz – Question 1
184
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
1. Native applications may introduce security holes into your
network resources that had not previously been a concern with
strictly eGovernment services.
A) True (correct)
B) False
mGovernment
Quiz – Question 3
Quiz – Question 2
185
fModule 7: Mobile Application’s Impact on the IT Infrastructure
3. The fastest and most successful strategy to get your mGov
application online is to start developing the most advanced
type (Native or Hybrid) right away so that you have the most
time to get it completed. T/F
A) True
B) False (correct)
2. Hybrid applications: (Pick all that apply)
A. Have the advantages of both the HTML 5 and the Native
types. (correct)
B. Have the disadvantages of both the HTML 5 and the Native
types. (correct)
C. Will require the most attention (as compared to the other
app types) to all aspects of the IT infrastructure. (correct)
D. Should always be attempted first as that is where you will
end up with all your apps anyway.
End of Module
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 188
CONTENT
This module is designed to make use of the lessons from the preceding modules
to challenge the student with making decisions about application type selections
and to recognize the IT infrastructure implications of these decisions
THEMES
• Applications
• Accessed through the web browser
• Deployed over Internet
• Can develop/design one application for all platforms
• A cross-platform mobile application
• Provides uniformity across all platforms
• Near-instant updates
• Updates to the application are actually updates to the website,
happening on the back-end
Introduction
SDLC: Service Delivery Lifecycle
GLOSSARY
mGovernment 189
Module 1 : Front Ends and Back Ends
Case StudiesPicking
the Right App
Module 8: Case Studies Picking the Right App
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 190
CONTENT
In the previous modules we learned about the application platform types - the
advantages and challenges that come with them. In this module the idea is to
consider these challenges in some real world case studies. Making the application
type decision is the easy part. Recognizing what needs to be done on the front
end and back end, and also the network requires that we take a comprehensive
view of these module lessons. This helps the student understand a way to make
more informed decisions and plan for the changes that will be needed in the IT
infrastructure.
This module has three objectives:
1. Apply the lessons from past modules
2. Make application type decisions
3. Recognize the implication to the IT Infrastructure front end, back end and
the network
Module 8: Case Studies Picking the Right App
mGovernment 191
• Apply the lessons from past modules.
• Make application type decisions.
• Recognize the implication to the IT Infrastructure front end, back
end and the network.
Objectives
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 192
CONTENT
In this series of slides we take the combined lessons from the past modules
to make informed decisions about which application platform type is the most
suitable to meet the requirements. The student is presented with a scenario and
asked to make the decision. The real task, however, is to explain the impact to
the IT Infrastructure in the areas that we described in the earlier modules: the
front end, the back end, and the network. The goal of these case studies, is thus
to exercise the mind thinking about the implications of these decisions.
• This slide is one of several slides that present a problem solving challenge.
The purpose is to get the student to start applying the lessons of the past
modules.
1. Apply the lessons of the previous modules in working through a mobile
government app performance problem.
Module 8: Case Studies Picking the Right App
mGovernment 193
Determine which application type is best suited to meet the
requirements.
Explain the impact of this selection on:
• Front end – servers for data processing.
• Back end – data storage.
• Network – Communications (data).
Case Study Goals
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 194
CONTENT
In this case study scenario we consider a requirement from the Ministry of
Interior for a citizen-centric mobile application.
The application will use the sensor technologies of smart phones that allow
residents to report a crime or other serious incident that merits the immediate
attention of the MOI authorities. The app must be able to take and capture a
photograph, record a written message, take a location (GPS) tag, get a time stamp
of when the incident was reported and last to associate the phone number of the
person making the report.
What is the right application type?
This solution requires the capabilities of a smart phone, which leads to one of
two viable choices: a Native or Hybrid application. One can make a case for either
one. What is the impact on front end servers, back end storage, the network? Go
to the next slide and this will be discussed.
• This slide is one of several slides that present a problem solving challenge.
The purpose is to get the student to start applying the lessons of the past
modules.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Apply the lessons of the previous modules in working through a mobile
government app performance problem.
mGovernment 195
GLOSSARY
The Ministry of the Interior wants a crime reporting app:
• Take Photographs.
• Record Messages.
• GPS Tag.
• Time Stamp.
• Associate the report with mobile number.
Case Study One
Module 8: Case Studies Picking the Right App
GPS
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 196
CONTENT
There are many considerations in the range of technical and business process
impact. A Native or Hybrid application must, as an example, be able to collect,
send, catalog, store, secure and be able to feed an internal process within the
Ministry of Interior. Imagine the case when a citizen reports a serious crime
and the report does not result in a police response, the data gets lost in the
bureaucracy or in the electronic ether all with no action. What if the incident is
creating a heightened citizen demand to know what is going on, what guidance
to follow and the system resources or the bandwidth cannot handle the demand.
Then there is the need to consider the hacker who could get insider knowledge
about reported crimes and even who reported the crime. These are all the many
considerations that must go into the thinking about both the technical and
business impacts.
• This slide is one of several slides that present a problem solving challenge.
The purpose is to get the student to start applying the lessons of the past
modules.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Apply the lessons of the previous modules in working through a mobile
government app performance problem.
Module 8: Case Studies Picking the Right App
mGovernment 197
Native or Hybrid Application Type
SmartPhone with Sensor Capabilities
• Front End
• Load Balancing
• Increased server farm capacity for video and images
• Security for Availability
• Back End
• Increased storage capacity
• Security for confidentiality (sensitive information) protection
• Network
• Peak Bandwidth Capacity for Crisis Situations
What Application Type?
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 198
CONTENT
Starting with the front end load balancing and increases in the server capacity
able to deal with peak usage and to ensure that the application data center
internal systems are robust from a high availability perspective that they will
always be available.
On the back end there will be a need to ensure sufficient storage capacity for
images, videos all managed by a robust database. Here again, security must be a
key consideration as this is where all the data will reside.
On the network, the ability to handle both normal and peak demand is essential.
Peak demand is likely to be an unplanned event – at a time when the incident
happens and hundreds of people, possibly thousands start to interact with the
application.
• What are the principal considerations that should go into the implementation
of an app to meet the needs of the case study:
A) The “business process” of how information will flow from citizen to the
government and back and how the government will respond to the notifica-
tion of an incident. [Correct]
B) The system requirements for ensuring the sustainability during all kinds of
operational conditions. [Correct]
C) What kind of server to buy
D) The security requirements of this type of app collecting and processing
public safety type information. [Correct]
Test Questions
Module 8: Case Studies Picking the Right App
mGovernment 199
GPS
GLOSSARY
Native or Hybrid Application Type
SmartPhone with Sensor Capabilities
• Front End
• Load Balancing
• Increased server farm capacity for video and images
• Security for Availability
• Back End
• Increased storage capacity
• Security for confidentiality (sensitive information) protection
• Network
• Peak Bandwidth Capacity for Crisis Situations
What Application Type?
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 200
CONTENT
In this case study scenario we consider a requirement from the Electricity and
Water Authority for a citizen-notification mobile application.
The application will have a push function to get information out to residents
and a pull function to receive resident requests for service. On the push side,
the application will serve to provide timely information to the residents of the
impact area about planned and unplanned interruptions to the electricity and
water services. One the pull side, the application will serve to take requests for
service from residents such as connecting service or disconnecting service.
What is the right application type?
This solution must be able to serve all residents. This includes those who can
afford the smartphone data plans and those that only use a feature phone with
only voice and SMS capabilities.
• This slide is one of several slides that present a problem solving challenge.
The purpose is to get the student to start applying the lessons of the past
modules.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Apply the lessons of the previous modules in working through a mobile
government app performance problem.
Module 8: Case Studies Picking the Right App
mGovernment 201
The Electricity & Water Authority wants a citizen notification application:
• Tell residents about impacted areas.
• Loss of service.
• Unplanned interruptions.
• Allow residents to make requests for service.
Case Study Two
CONTENT
An HTML5 application with SMS capability can serve all the needed push and pull
functions.
A sole SMS application can support the push functions for those residents that
only have a limited phone. What is the impact on front end servers, back end
storage, the network? Go to the next slide and this will be discussed.
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 202
CONTENT
The push function is the first and most important of the capabilities of the app
that can be served with a simple SMS capability. The pull function can be served
by the HTML5 app. The application must be able to get residence location
information so the SMS can reach the residents of the impacted area and only
that area. Security controls must be in place to ensure that the administrator
and only the administrator properly authorized and authenticated can send the
push notice. There is some potential impact to the front end servers in the pull
functions. One could foresee a situation when a high number of resident requests
could cause some degree of performance degradation though this is not a likely
situation. Adequate load balancing and server capacity for transaction handling
is the most likely need to the front end systems.
• This slide is one of several slides that present a problem solving challenge.
The purpose is to get the student to start applying the lessons of the past
modules.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Apply the lessons of the previous modules in working through a mobile
government app performance problem.
Module 8: Case Studies Picking the Right App
mGovernment 203
GLOSSARY
HTML5 with SMS Notification SmartPhone
• Front End
• Load Balancing
• Increased server farm capacity for transactions
• Back End
• Little impact
• Network
• Peak Bandwidth Capacity for High Demand Situations in an un-
planned outage
• SMS service with a Provider
What Application Type?
GPS
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 204
CONTENT
On the back end the database and data storage must likewise be sufficiently
capable but once again this is not a scenario where video or image information
will be in high demand if at all.
• The demographics of users and the kinds of phones (feature and smart-
phones) that they use is an important consideration in the selection and
design of this mobile government application.
A) True (correct)
B) False
Test Questions
Module 8: Case Studies Picking the Right App
mGovernment 205
HTML5 with SMS Notification SmartPhone
• Front End
• Load Balancing
• Increased server farm capacity for transactions
• Back End
• Little impact
• Network
• Peak Bandwidth Capacity for High Demand Situations in an un-
planned outage
• SMS service with a Provider
What Application Type?
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 206
CONTENT
The Ministry of Labor (MOL) wants to meet one of its primary functions of getting
and keeping the work force employed – the people with a job. This is the back-
ground scenario for this case study. One possible way to apply technology to
speed the process of marrying job seekers with job providers (employers) is to be
a bridge for information. In this case it is the skills of the job seeker represented
in a CV with the needs of the business owner who needs a particular skill. In this
case, the MOL develops a mobile app that allows job seekers the ability to upload
their CV by taking a picture of it and saving it on the app. On the back-end of this
IT system, the app is received and through the use of software a match is made
to a potential job. That is the background of the case study.
What is the most suitable mobile application type to be used and what are the
ramifications to the IT infrastructure? Let’s go to the next slide and discuss these
questions.
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Apply the lessons of the previous modules in working through a mobile
government app performance problem.
Module 8: Case Studies Picking the Right App
mGovernment 207
Push Services: In the context of mobile applications, a push service is defined as
the ability to send information to a phone or tablet device without prompting. The
information is simply “pushed” to the device for the end-user to receive. This kind
of government service can serve a variety of uses including alerting people about
potential dangers or providing useful information such as upcoming calendar
events.
Pull Services: In the context of mobile applications, a pull service is defined as
the ability for the owner of the phone or tablet to search and get the information
they are looking for from a government web site or database.
GLOSSARY
The Ministry of Labor wants an Employment application:
• Take a picture of a CV – upload it.
• Processed - matched to employer needs.
• Push notifications of openings.
Case Study Three
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 208
CONTENT
There are varying ways to this solution. One could argue that an HTML 5 based
application could work but the taking and saving of the picture in the app could
be overly cumbersome. A Native or Hybrid can also be argued as best suited
especially as the phones’ camera and GPS features can easily be integrated
with the app. What is the impact on the front end servers, back end storage,
the network? Are there potential situations where usage of the mobile app can
cause a spike and possibly create a bad user experience because of network
congestion?
On the front end there are several concerns. One is how to deal with the
potential high number of concurrent transactions when some new project
gets announced and a large number of people start applying using the app by
sending large image files of their CVs. On the back end there is a similar concern
but adding the security considerations.
• This slide is one of several slides that explain key concepts in the IT
Infrastructure impacted by mobile services.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Apply the lessons of the previous modules in working through a mobile
government app performance problem.
Module 8: Case Studies Picking the Right App
mGovernment 209
CONTENT
Native or Hybrid with SMS Notification on a SmartPhone
• Front End
• Increased server farm capacity for transactions
• Back End
• Security of the privacy information
• Network
• Peak Bandwidth Capacity
• SMS service with a Provider
What Application Type?
A collection of people’s CVs creates a need to ensure confidentiality.
CV’s tend to be very personal documents and there is an expectation that the
CVs remain protected from unauthorized use. So in all, while at first appearances
this case may seem simple the needs on the IT Infrastructure are anything but
simple. Many concurrent transaction sessions, opening, storing and protecting
the data makes for capabilities that may not exist in the IT data center without
additional capacity. And don’t forget that an SMS service is also needed as a way
to send notifications to the job seekers of a potential employer match.
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 210
CONTENT
This module presented three cases to challenge the student in making suitable
application type decisions. The objectives were to:
Apply the lessons from past modules
Make application type decisions
Recognize the implication to the IT Infrastructure front end, back end and the
network
mGovernment 211
Module 8: Case Studies Picking the Right App
• Apply the lessons from past modules.
• Make application type decisions.
• Recognize the implication to the IT Infrastructure front end, back
end and the network.
Review of Objectives
mGovernment
It is now time to review your knowledge
of this material
QUIZ
Quiz – Question 1
212
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
1. Case Study 1 is intended to challenge the student to see:
(Pick the correct answer)
A) Recognize when the requirements of the application
drive the selection of a Native or Hybrid app to use the device
capabilities of a smart phone. (correct)
B) That the cloud will provide all the needed backend
capabilities and there is no reason to worry about the IT
infrastructure
mGovernment
Quiz – Question 3
Quiz – Question 2
213
fModule 8: Case Studies Picking the Right App
2. Case Study 2 is intended to challenge the student to see:
(Pick all correct answers)
A) When it is sufficient and oftentimes easier to deliver the
planned services using an HTML 5 app. (correct)
B) Recognize the impact of these decisions to the IT
infrastructure. (correct)
C) That the existing web services are going to always be
sufficient to meet the needs of an HTML 5 application.
3. Case Study 3 is intended to challenge the student to see:
(Pick all correct answers)
A) That it is not always one approach. In this case both Native
and HTML 5 can be viable approaches but the decision has
both end-user and IT infrastructure impact. (correct)
B) That it is not as simple as “making an app.” (correct)
C) That there is always one answer as all things end up as
Hybrid apps anyway.
End of Module
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 216
CONTENT
This module is about the importance of collaboration between Application
Developers, the IT Operations staff and Information Security Professionals
THEMES
• Business Processes and Collaboration.
• Accessed through the web browser
• Deployed over Internet
• Can develop/design one application for all platforms
• A cross-platform mobile application
• Provides uniformity across all platforms
• Near-instant updates
• Updates to the application are actually updates to the website,
happening on the back-end
Introduction
SDLC: Service Delivery Lifecycle
GLOSSARY
mGovernment 217
Module 1 : Front Ends and Back Ends
Collaboration
Module 9: Collaboration
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 218
CONTENT
Collaboration with App Developers and InfoSec Professionals is essential for
the success of any project but even more so for mobile that represents a new
domain for many IT engineers.
• Should integrate their skills in the projects
• Using the available methodologies
• Essential for a successful project
• More so with mobile apps. Why is that? One reason is the distributed nature
of the mobile architecture where the app may be hosted not inside the data
center but on mobile platforms.
This module has one objective:
1. To explain the importance of collaboration between the three main groups
of engineers and how this is important for mobile projects.
Module 9: Collaboration
mGovernment 219
Objectives
• Collaboration between App Developers, IT and InfoSec
Professionals
• Essential for a successful project
• Should integrate their skills in the projects
• Use the existing methodologies
• Essential for a successful project
• More important now with mobile apps
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 220
CONTENT
Application developers are primarily focused on the functions and the usage
of the application. They concern themselves with number of users for the
application as in the number of downloads. They should also be concerned with
how these numbers will be supported with the resources in the data center. Also,
app developers do not always concern themselves with security and they should.
• This slide works in a series that start to explain why it is essential that
collaboration be something that is emphasized in mobile projects.
Collaboration may seem like an obvious activity but experience tells a different
story. Unless collaboration is part of the planning, the methodologies and
processes it often does not happen.
• Situational Awareness: The instructor should consider weaving in some
personal experiences where collaboration has failed or where it has been
successful.
1. To explain reasons for collaboration starting with application developers.
Module 9: Collaboration
mGovernment 221
• App developers for the mobile world look at the world from a point
of view that has to do with usage of the application.
• Concerned with the number of users. Not always mindful how
these numbers of users will be supported in the front and back end.
• Also, not always concerned with security – but they should be.
Reasons for CollaborationApplication Developers
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 222
CONTENT
IT Operations staff may not have a great deal of familiarity with mobile services.
The resources found inside of the data center like the servers, the storage
and the network have defined the areas of focus in the past. In mobile, they
now need to think not only about the platforms but the application functions
and the information contained in those platforms. One thing that they should
also consider is how the rate of capacity demand will grow in the future with
mobile. This may place stresses on the IT infrastructure. It may even require re-
architecting the entire infrastructure so that there will be sufficient capacity and
agility responding to fast changing demands. They also need to recognize that
security requirements must be also met in the extended attack surface that is
the mobile platforms.
• This slide works in a series that start to explain why it is essential that
collaboration be something that is emphasized in mobile projects.
Collaboration may seem like an obvious activity but experience tells a different
story. Unless collaboration is part of the planning, the methodologies and
processes it often does not happen.
• Situational Awareness: The instructor should consider weaving in some
personal experiences where collaboration has failed or where it has been
successful
1. To explain reasons for collaboration – including the IT Operations staff.
Module 9: Collaboration
mGovernment 223
• IT Operations have not had much experience with mobile services.
They run the systems inside the data centers. Comfortable with
web services by now…but mobile is still fairly new
• Concerned with the IT infrastructure: capacity, compliance,
operations. Mobile is going to place stresses on their existing
infrastructure.
• Also tend to see security within the boundaries of the
organizational network – not the expanded mobile network.
Reasons for Collaboration IT Operations
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 224
CONTENT
Mobile also causes the InfoSec professionals to reach beyond the past
experience. The attack surface is expanded with mobile to include the platforms
and the APIs. The tendency may be to see the security boundary as defined by
the borders of the data center. This would be a mistake as even the data center is
being redefined with cloud computing. Also, as it is very clear that the application
software is also in the range of the attackers there is more reason to develop and
maintain a close collaboration with the app developers and the IT Operations
staff.
• This slide works in a series that start to explain why it is essential that
collaboration be something that is emphasized in mobile projects.
Collaboration may seem like an obvious activity but experience tells a different
story. Unless collaboration is part of the planning, the methodologies and
processes it often does not happen.
• Situational Awareness: The instructor should consider weaving in some
personal experiences where collaboration has failed or where it has been
successful
1. To explain reasons for collaboration – including the information security
professionals.
Module 9: Collaboration
mGovernment 225
• InfoSec Professionals have not had a great deal of involvement
(and expertise) in mobile services.
• Tend to have a point of view that the security is only about what is
in the data center.
• But now the attack surface is now extended to include the mobile
platforms.
• This means that they need to work together with the app
developers to design an end-to-end mobile app approach.
Reasons for Collaboration InfoSec Professionals
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 226
CONTENT
The acronyms are combined here to indicate that that these methodologies
can serve as a way to create greater collaboration discipline. Indeed, on close
inspection, the methodologies describe activities that are all about collaboration:
system and software developers working within the structure of service delivery
to ensure that the new capabilities interface and integrate into operations at
the right time and in the right manner. Security needs to be tightly integrated
from the very beginning in the system and software development but also in
the service delivery. Lastly, ITIL is itself a collaboration methodology to ensure
that all parts of the IT organization work together in delivering and supporting
the capabilities – including the new mobile capabilities. This methodology, if
followed correctly, is one sure way to eliminate the “tribalism” tendency that is
sometimes found in the different parts of IT.
• Situational Awareness: The instructor should consider weaving in some
personal experiences where collaboration has failed or where it has been
successful
1. To explain how the methodologies represented in the acronym S4DLC and in
ITIL can be a good way to ensure that there is collaboration.
Module 9: Collaboration
mGovernment 227
S4DLC is used here to represent several other acronyms that are life cycle
methodologies.
GLOSSARY
• Using these methodologies is good for collaboration
• Systems Development Life Cycle.
• Software Development Life Cycle.
• Security Development Life Cycle.
• Service Delivery Life Cycle.
• Organizations that use ITIL collaborate
• Creates a culture of cross-team collaboration.
• Based on data collection and sharing.
• Helps avoid “tribalism” between the three groups.
Using S4DLC and ITIL
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 228
CONTENT
So, some number translations can help. By turning the number of expected
users in a range (best and worst case) they can work with the IT Operations staff
to define the resources that are needed. Factors to consider include servers: the
RAM and CPU capacities of the servers, the physical ones and virtual machines
to support the two ranges. The vendors of the servers can certainly help with
making these determinations.
InfoSec is something that needs to be integrated right at requirements and
design. This means including in the software and through the front end (web
servers) and the back end (the databases and storage)
• Continue explaining now with some additional examples why collaboration is
so important. This slide is about the front end.
• Situational Awareness: The instructor should consider weaving in some
personal experiences where collaboration has failed or where it has been
successful
1. To convey examples for how to collaborate across the different parts of the
IT: App Developers, IT Operations and InfoSec
Module 9: Collaboration
mGovernment 229
• App Developers concerned with the Application Layer
• They think about “How many users will we have?”
• Not about “How will I support this many users”.
• IT Operations think in user-load translations.
• “We will have (n) users” into…
• We will need the right infrastructure to support (n) users.
• “Each new virtual server supports an additional (n) users”.
• “A new physical server with (x) processors, (y) RAM, and (z).
bandwidth will support (a) more virtual servers, which will support
(a * n) additional users”.
• InfoSec of the app has to be designed
• Starting from the mobile platform (mobile front end).
• In the software,
• The front end and the back end of the data center.
The Front End
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 230
CONTENT
In the back end there is a question of who owns the responsibility. The back
end is a crossroads where all the disciplines meet. So there is responsibility in
all three groups: app developers with respect to the application, the databases,
backup processes, data retention, restoration, clustering and high availability.
The IT staff administers all of this; they network all the devices, provide for
storage, provision access and provide overall maintenance. The InfoSec staff is
responsible for the security of the information and the applications in the three
goals of confidentiality, integrity and availability. Assignment of responsibility is
essential.
• Continue explaining now with some additional examples why collaboration is
so important. This slide is about the back end.
• Situational Awareness: The instructor should consider weaving in some
personal experiences where collaboration has failed or where it has been
successful
1. To convey examples for how to collaborate across the different parts of the
IT: App Developers, IT Operations and InfoSec
Module 9: Collaboration
mGovernment 231
The Back End
• The Backend data storage.
• Application Developers – Database Development.
• Design, relationships, fields, logging, auditing, etc.
• Database server design & administration.
• Backups, data retention, data restoration.
• Clustering, High Availability configuration, failover.
• IT Staff - Setup, administration, cabling, storage provisioning,
maintenance, etc.
• Security of the information.
• Data at rest and in transit.
• Privacy considerations.
• Integrity considerations.
• Availability.
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 232
CONTENT
The job of all the InfoSec professionals is embodied in the goals of security
– to protect the Confidentiality, Integrity and Availability of IT systems where
system is used in the broadest sense. The term security engineer applies to
all of the different specialties and can be used for InfoSec professionals who
operate in the more general sense. Penetration Tester is a security engineer
who specializes in breaking into systems with the purpose of discovering the
flaws, holes or vulnerabilities so they can be corrected. System auditors conduct
inspections to validate compliance to a selected standard. There are many
standards but a typical one is ISO 27001. Others in the financial world exist to
ensure the integrity of financial activities kept in the supporting IT systems. The
role of Chief Information Security Officer is typically associated with the head
InfoSec professional in a large organization.
• The description of different InfoSec roles is a way to initiate a conversation
about how to integrate their skills within the other two areas of app
development and IT Operations.
• Situational Awareness: The instructor should consider weaving in some
personal experiences where collaboration has failed or where it has been
successful
1. To provide a sample of the different roles with InfoSec as a way to think
about how to integrate them into the app development and IT operations.
Module 9: Collaboration
mGovernment 233
CONTENT
• Job is to protect the systems: information and applications
• Sample job titles and responsibilities:
• Security Engineer: Designing, assessing, implementing, and audit-
ing system security controls.
• Penetration Tester – Under very controlled conditions - attacking
your system and attempting to break into it.
• System Auditor – Validating system security configurations
against established standards.
• Chief Information Security Officer – Responsible for the security
of all systems and applications within an organization.
About the InfoSec Professionals
This person is responsible for all InfoSec functions. These are only four roles.
There are many others. It is a highly specialized field. All these roles have a place
in the processes and methodologies described in the earlier slides. And so they
should be integrated into these processes and methodologies.
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 234
CONTENT
Collaboration with App Developers and InfoSec Professionals is essential for
the success of any project but even more so for mobile that represents a new
domain for many IT engineers.
• Should integrate their skills in the projects
• Using the available methodologies
• Essential for a successful project
More so with mobile apps. Why is that? One reason is the distributed nature of
the mobile architecture where the app may be hosted not inside the data center
but on mobile platforms.
Module 9: Collaboration
mGovernment 235
• Collaboration between App Developers, IT and InfoSec
Professionals
• Essential for a successful project.
• Should integrate their skills in the projects.
• Use the existing methodologies.
• Essential for a successful project.
• More important now with mobile apps.
Review of Objectives
mGovernment
It is now time to review your knowledge
of this material
QUIZ
236
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 237
fModule 9: Collaboration
Quiz – Question 2
Quiz – Question 1
1. The main message of this module of instruction is the need
for tight collaboration between the IT staff that manages and
operates the IT infrastructure, the application developers and
the information security (InfoSec) professionals. T/F.
A. True (correct)
B. False
2. The InfoSec professionals have different areas of
specialization. Some of these include: (Pick all the correct
answers).
A) Software Developer
B) Penetration Testing (correct)
C) Chief Information Security Officer (correct)
D) System Administrator
E) Security Auditor (correct)
End of Module
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 240
CONTENT
This module introduces an idea captured in a quote about why the IT Industry
continues to fail in delivering secure IT systems – emphasis on “secure.” This idea
is instrumental in providing the context for the next series of modules that talk
about security in the IT infrastructure and in the migration to mobile services.
THEMES
• Security.
• Accessed through the web browser
• Deployed over Internet
• Can develop/design one application for all platforms
• A cross-platform mobile application
• Provides uniformity across all platforms
• Near-instant updates
• Updates to the application are actually updates to the website,
happening on the back-end
Introduction
SDLC: Service Delivery Lifecycle
GLOSSARY
mGovernment 241
Module 1 : Front Ends and Back Ends
The Reason is Structural
Module 10: The Reason is Structural
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 242
CONTENT
The objectives of this module are to provide the context of the security lessons.
The IT industry keeps failing the security requirements. Mr. Dan Geer wrote a
quote. It explains the idea that structural failures require structural changes
-nothing else will do. What are these structural changes that are needed? We
need to know this answer to create the necessary behaviors for designing a safer
mobile services system in the Smart Government initiative.
This module has three objectives:
1. Convey the context of the security lessons by setting context.
2. Explain the idea that structural failures in security require structural changes
- nothing else will do
3. Explain how knowing this can get us to understand how to create the
change needed to make mobile services safer
Module 10: The Reason is Structural
mGovernment 243
• Convey the context: “The Reason is Structural”
• Explain that structural failures require structural changes - nothing
else will do
• Explain what these changes are and how to apply them in the
emerging mobile services for government.
Objectives
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 244
INSTRUCTOR GUIDANCE
CONTENT
Those of us who are in the information systems business know that with the
benefits of technology there are also risks. To understand these risks we make
use of a hierarchy - the hierarchy of information and its uses. It starts with the
data. No data, no information, no knowledge, no wisdom.
In the world of security we begin with a host of data made public in various
studies that tell a story. It’s a simple story.
Our IT systems are not being designed with the needed security requirements.
We buy and integrate IT systems with no knowledge of whether they are designed
secure. We deploy software without testing it against known security problems.
We collect sensitive information and don’t own up to the responsibility to make
sure that it stays secure.
• This slide is done as a progression to explain why security continues to be a
problem and will continue this way unless IT engineers start to think of the
structural reasons for these faulures.
1. Explain the progression from data to information to knowledge and then to
wisdom.
2. Explain further that this module seeks to climb this ladder and provide the
necessary context for understanding why the failures in security exist and
what can be done about it.
Module 10: The Reason is Structural
mGovernment 245
Dear Instructor……what about the data?
CONTENT
…Wisdom…Knowledge
…InformationData…..
So more than ever we realize the importance of going up the steps in the ladder
that leads to wisdom in order to deal with the security challenges of today.
Why do we keep losing to the hackers? Why are systems so insecure? These
questions are the ones that government and business leaders around the world
are asking. Several decades of experience – experience built on data, collected into
information that yields the knowledge tell us the reason. There is great wisdom in
Dan Geer’s quote. The reason is because it is structurally so. Bad software code is
one of those structural reasons. When the structure is bad software code why are
we surprised when the hackers can exploit that code and break into our networks
to steal personal information, to steal intellectual property or to create havoc in
the systems that run our critical infrastructures. We can even ask ourselves these
questions and the answer is what Dan said – The Reason is Structural. It is so
obviously so. Why have we not taken heed of this wisdom?
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 246
INSTRUCTOR GUIDANCE
CONTENT
Dan Geer, an information security luminary wrote this quote. It comes from the
Foreword to the book Security in a Web 2.0+ World. In it he explained that it
seems we (the good guys) are destined to lose the security problem with the
opposition (the bad guys). Is this the message? No. The message is not that it is
predestined to be this way. But if we continue to do the same as we have done in
the previous history of IT systems, then we can expect the very same outcome.
Insecure systems are open targets. The hackers will win each time. The reasons
are evident. They are structural. Why do we keep making insecure systems? And
why would we expect a different result when hackers take advantage of these
insecure systems.
• This slide is one of several slides that define the structural security reasons
why IT systems continue to fail and the follow on part of the conversation
about how to change this structure and get a better result.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Introduce one aspect of the security structural problem as the software code.
2. Explain how it is not sufficient to just have network security if the malware is
embedded in the software we are using.
Module 10: The Reason is Structural
mGovernment 247
Security in a Web 2.0+ World by Carlos Solari
SOURCES
“We are many. They are few.
We are losing. They are Winning.
The reason is structural.”
What does this mean?
The Reason is Structural Means…
Reference: Dan Geer in the Forward to Security in a Web 2.0+ World by
Carlos Solari and Colleagues.
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 248
CONTENT
Change the structural issues and we can start winning. That is the message.
These include fixing the supply chain of technology developers creating and
selling insecure products. It also includes creating making sure that our systems
development life cycle (SDLC) process also includes security in the process. It is
also about recognizing that security is not something that should be applied just
at the network level but also in the software code. The transition from electronic
services government to mobile services government is an opportunity to do it
right – to change the structural reasons and start winning.
Module 10: The Reason is Structural
mGovernment 249
“We are many. They are few.
We are losing. They are Winning.
The reason is structural.”
What does this mean?
The Reason is Structural Means…
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 250
INSTRUCTOR GUIDANCE
CONTENT
One of the most obvious of the structural reasons why we keep losing is the
idea that network level protections are going to catch problems in the software
code. It won’t. The man in armor is a metaphor for this kind of bad thinking.
Overflowing the buffer through an application interface whether it is through a
browser or a native application can permit a hacker to gain unauthorized control
of the back end database. Your firewall technology is the equivalent of the man
in armor. It is not effective in defending against bad, or better-said, vulnerable
software code. We need new thinking – the kind that will test the code, find
those problems and make sure that they are corrected before fielding your
mobile services application.
• This slide is one of several slides that define the structural security reasons
why IT systems continue to fail and the follow on part of the conversation
about how to change this structure and get a better result.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Explain how part of the structural problem is in thinking that network level
security such as firewalls can begin to address the issues of vulnerabilities in
the software code.
Module 10: The Reason is Structural
mGovernment 251
Structural Reason: Software Code
We need new thinking.
Trying to fight this problem… With this kind of thinking.
• We keep trying to overcome vulnerable software code by thinking that applying
network level security like firewalls will provide the needed protection. This is
an example of what Dan Geer meant in his quote.
A) True [Correct]
B) False
Test Questions
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 252
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
CONTENT
This is a typical, generic logical diagram of a web-based service as we have in the
eGovernment model.
The “Front End” for eGov is at the boundary of the datacenter, and is typically a
web server. The applications execute (largely) from the front end back to where
data is actually stored, called the “Back End”, all within a datacenter somewhere.
The web browser (largely) interprets and displays content from the front end.
The browser developer, the server developer and the security teams handle
security between the browser and the server.
• This slide depicts a simplified n-Tier (multi-tier) web application. Use hand
gestures, pointer, etc. to demonstrate the flow of the data from back end
storage, to the browser, through the front end.
• Situational Awareness: We use this slide as a baseline for the next two
slides. Emphasize that the application actually executes (mostly) within the
datacenter (rectangle boundary), and displays on the web browser.
1. Understand a simple n-tier web application architecture.
2. Grasp Basic Terminology, see glossary.
Module 10: The Reason is Structural
mGovernment 253
GLOSSARY
eGov: Electronic Government, Web-based government services.
mGov: Mobile Government, Government services on handheld, mobile devices.
Front End: The portion of the application that generates the user interface.
Back End: The remainder of the application except for the User Interface.
n-Tier: Multiple Tiered, where the number of tiers is unknown or unimportant.
Attack Surface: A term that describes the areas in an IT system that a hacker can
attack.
Structural Reason: Attack SurfaceThe n-Tier Architecture (Simplified)
An n-Tier ArchitectureWeb-based services (eGov)
Front End Back End
Data Center
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 254
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
CONTENT
This is a typical, generic logical diagram of a web-based service as we have in the
eGovernment model.
The Attack Surface or the area where a Hacker can attack are intuitively the
physical boundaries of the datacenter, and the network interface of the front
end.
• This slide depicts a simplified n-Tier (multi-tier) web application. Use hand
gestures, pointer, etc. to demonstrate the flow of the data from back end
storage, to the browser, through the front end.
• Situational Awareness: We use this slide as a baseline for the next two
slides. Emphasize that the application actually executes (mostly) within the
datacenter (rectangle boundary), and displays on the web browser.
1. Understand a simple n-tier web application architecture.
2. Grasp Basic Terminology, see glossary.
Module 10: The Reason is Structural
mGovernment 255
Structural Reason: Attack SurfaceThe n-Tier Architecture (Simplified)
An n-Tier ArchitectureWeb-based services (eGov)
Front End Back End
Data CenterAttack Surface
GLOSSARY
eGov: Electronic Government, Web-based government services.
mGov: Mobile Government, Government services on handheld, mobile devices.
Front End: The portion of the application that generates the user interface.
Back End: The remainder of the application except for the User Interface.
n-Tier: Multiple Tiered, where the number of tiers is unknown or unimportant.
Attack Surface: A term that describes the areas in an IT system that a hacker can
attack.
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 256
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
CONTENT
With mGov, the “Front End” has moved from the datacenter and into the
smartphone or tablet.
This extends and changes the “Attack Surface” of the overall application, which
now extends from the storage in the back end all the way through the multiple
tiers (the n-tier), over the Internet, across the carrier’s network and into the
smartphone handheld where the front end now also resides.
Security controls that in the eGov world were implemented by the web server
and browser developers now fall to you to implement in your App code, and in
your back end APIs.
• This slide depicts the modified architecture required for mGov. Continue to
use gestures to indicate that the Attack Surface has extended out through the
internet and carrier network to the handheld where the front end now resides.
• Situational Awareness: This is one of several sides in a series.
1. Understand the origins of web applications, and in the coming slides, their
evolution.
2. Expose the class to the “Attack Surface”
Module 10: The Reason is Structural
mGovernment 257
Structural Reason: Attack SurfaceMigration to Mobile n-Tier Architecture (Simplified)
Native or Hybrid Mobile Services
Front End Back End
Data CenterAttack Surface
FrontEnd
App: Mobile Application, specifically in this use, the portion of code actually
running on the mobile platform.
API: Application Programming Interface.
GLOSSARY
• As the application architecture evolves, the Attack Surface may move or
change?
A. True (correct)
B. False
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 258
CONTENT
Dan Geer’s quote was meant to provoke the need for changing the way we have
traditionally thought about security. It does not mean that we (the good guys)
are predestined to lose. But it does mean that unless we start changing the basic
behaviors for how examples given with respect to vulnerable software code and
about the need to apply security to the whole of the attack surface.
• This slide is the one of several slides that defines the structural security reasons
why IT systems continue to fail and the follow on part of the conversation
about how to change this structure and get a better result.
• Situational Awareness: Be mindful of putting this series of slides in the
context of mobile services, as they will apply to the UAE Smart Government
Initiative.
1. Provide a summary of the meaning of Dan Geer’s quote.
Module 10: The Reason is Structural
mGovernment 259
“We are many. They are few. We are losing. They are Winning. The
reason is structural.”
• We are not pre-destined to lose
• Fix the supply chain of vulnerable code, vulnerable products
• All three steps in the chain need to be responsible: point of
creation, point of integration, point of end-use
• We should be winning…and we can
• Fix the structural problems and we can
What did Mr. Geer Mean?
• Insisting that technology providers test their technology and deliver secure
products is one of the tenets of what Dan Geer was talking about in his quote.
A) True [Correct]
B) False
Test Questions
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 260
CONTENT
The Objectives of this module were to provide the context of the security lessons.
The IT industry keeps failing the security requirements. Mr. Dan Geer spoke to
this topic. The essence of this topic is captured in this quote. It explains the idea
that structural failures require structural changes – nothing else will do. What are
these structural changes that are needed? In these past slides we discussed the
kinds of security thinking needed to design a safer mobile services system in the
Smart Government initiative.
Module 10: The Reason is Structural
mGovernment 261
• Convey the context of the security lessons under a banner called
“The Reason is Structural”.
• Convey the notion that structural reasons require structural
changes – nothing else will do.
• Explain how mobile services makes this challenge more
challenging.
Review of Objectives
mGovernment
It is now time to review your knowledge
of this material
QUIZ
262
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 263
fModule 10: The Reason is Structural
Quiz – Question 1
Quiz – Question 2
1. The introduction to the security topic starts with the quote:
We are many. They are few. We are losing. They are winning.
The reason is structural.” What does this mean? (Pick all correct
answers)
A. That in the struggle to keep the IT systems secure we (the
good guys) are predestined to lose and there is nothing that can
be done about it.
B. That unless the structure for how security is done is changed
that we can expect exactly the same losing results. (correct)
C. That the structural changes can in fact be made – that we
are not predestined to lose. We are many so we should win.
(correct)
1. The n-tier mobile architecture has additional “front ends”
that must now be considered for security. These front ends can
exist on the smart phone devices or tablets and also in the cloud
services.
A. True (correct)
B. False
End of Module
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 266
CONTENT
This slide is the start of a module that is intended as an exercise to wrap the
lessons together. It forces a discussion about how mobile changes the nature of
the IT infrastructure into one that is much more distributed and for which there
are many parts to actually make it work.
THEMES
• Architecture.
• Accessed through the web browser
• Deployed over Internet
• Can develop/design one application for all platforms
• A cross-platform mobile application
• Provides uniformity across all platforms
• Near-instant updates
• Updates to the application are actually updates to the website,
happening on the back-end
Introduction
SDLC: Service Delivery Lifecycle
GLOSSARY
mGovernment 267
Module 1 : Front Ends and Back Ends
Mobile IT Architecture
Exercise
Module 11: Mobile IT Architecture Exercise
f
LEARNING OBJECTIVES
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 268
CONTENT
This is the first in a series of slides intended to take the student through steps
in an exercise to place the many elements of an IT Infrastructure into the right
place within a conceptual (and very high level) architecture. The exercise is
designed to cause discussions about:
• Why a particular element belongs in one of the six parts of the framework
• To see the great many “elements” that are indeed needed to account for
everything that would be associated with a Native App in the given scenario
• To also discuss how eGovernment changes with mobile.
This module has three objectives:
1. Understand all of the many elements in an IT infrastructure that are needed
to support the mobile services applications
2. Convey the idea that mobile requires more than the traditional enterprise and
eGovernment IT architectures
3. Enable a conversation about where the different elements of the architecture
belong and why they belong there. This could also be used in the early
planning stages of an app development project
GLOSSARY
Module 11: Mobile IT Architecture Exercise
mGovernment 269
Architecture
Objectives
• The exercise is about the many parts of an IT Infrastructure. Like
putting pieces of a puzzle together – but with consequences for
security, performance and ultimately the success of the mobile app
project
• Making the App work is about ensuring that all the parts are there
and work together
• Allow the instructor and student to have a conversation about the
lessons that can be drawn from the exercise.
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 270
• The instructor explains the scenario to the class. It is fictional but set within
the context of a real organization and a real need that exists in many countries.
The backdrop to the scenario is the idea of promoting sports activity as part
of a strategy for the national well being among the youth. The instructor uses
this backdrop to talk about creating a native app called SCORE and to fit this
creation of this app within the context of the National Plan called the Smart
Government Initiative. In keeping with the concepts of this initiative there are
strategic goals for the mission part of the scenario – to grow participation in
sports activities by growing the number of youth that are registered to use
the sports venue with all manner of information and transactions accessible
through the mobile application.
• Situational Awareness: This exercise requires that the instructor start
setting the expectation for the class. That this is going to be done with their
engagement. There is more than one way to run the exercise. The options are
explained in the next slide...........
1. This slide sets in the scenario for the exercise. It consists of a real
organization but a fictional scenario to create a Native App called SCORE.
Module 11: Mobile IT Architecture Exercise
mGovernment 271
• Fictional Scenario: The Director of UAE Youth Sports Authority is
developing the S.C.O.R.E App (Sports Centers Online Registration
for the Emirates).
• He Wants You: IT Director…lead the creation of mGov App
• Youth of the UAE: achieve 80% registration and utilization of the
sports venues and sports events.
• It is presently at 5%.
• Make “Citizens Happy”: …and your Director Happy …and you will get
a pay raise …which will make You Happy
Design the conceptual architecture
Let’s start with a Framework
The Mobile IT Conceptual Architecture Background
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 272
CONTENT
This is a fictional scenario involving the Director of the UAE Sports Authority
who has tasked his IT Director with developing a way to get more youth and
their families to participate in the sports venues offered by the government
and in participation with private industry. He tasks the IT Director with this idea.
The IT director has come up with the idea of creating a mobile app for kids to
register with their parents permission. By using the app the kids will be able to
get information and have the ability to conduct transactions like scheduling the
use of a sports facility (like a Racket Ball Court) .The goal is get registration from
an eGov web site that is currently at 5% (and not improving) up to 80% of all
youth of age within the UAE. The anticipation is that the mobile app and its many
features will generate the interest by making it easier (than just the web site) to
register and by being able to conduct all manner of transactions. The task for the
class is explained in the next slide.
Module 11: Mobile IT Architecture Exercise
mGovernment 273
• Fictional Scenario: The Director of UAE Youth Sports Authority is
developing the S.C.O.R.E App (Sports Centers Online Registration
for the Emirates).
• He Wants You: IT Director…lead the creation of mGov App
• Youth of the UAE: achieve 80% registration and utilization of the
sports venues and sports events.
• It is presently at 5%.
• Make “Citizens Happy”: …and your Director Happy …and you will get
a pay raise …which will make You Happy
Design the conceptual architecture
Let’s start with a Framework
The Mobile IT Conceptual Architecture Background
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 274
CONTENT
Consider a very high level conceptual architecture consisting of six areas:
• Devices that include the smart phones, tablets, laptops and desktops
• Front Ends which is generally where the application code runs. In this scenario
using a Native App it would be at two places, the smart phone hosting the Native
App and the data center web site hosting some of the processing that takes
place within the data center
• Back End that include the databases and data storage. This app is going to
host videos and a database of all the app registrants
• Networks are the many networks that the app uses from the local area network
in the data center to the carrier network (as two examples)
• This is the first of several slides intended to walk through various steps in the
exercise. The task is to allocate the IT services and technologies within areas
of an IT Infrastructure to host and support an mGov application as described
in the scenario.
• Situational Awareness: The instructor can choose to run the exercise
by leading the class directly or by breaking up the class into groups. This is
explained in more detail in the next slide.
1. To explain the idea of the conceptual framework in order to conduct the
exercise. It consists of six parts.
Module 11: Mobile IT Architecture Exercise
mGovernment 275
GLOSSARY
Front End, Back End
CONTENT
Scenario Framework for a Mobile IT Architecture
4
Security OverlayO
ther
Ser
vice
s
Devices
Back-ends
Networks
Front-ends
• Security Overlay is the set of security technologies and services that provide
protection for the IT Infrastructure and the organization.
• Other Services is the set of external services that interface with the mobile app
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 276
CONTENT
In this slide there is a range of IT technologies and services that are scattered
in no organized way. That it is intentional. There could be more “things” added
but the point of the exercise can be achieved with the current IT elements that .
• This slide starts the exercise. The idea is to convey it as an unstructured and
unorganized set of “things” that are needed to make up the IT Infrastructure.
The exercise is then to place these “things” in the correct area of the
conceptual architecture. In many cases there is not one correct answer of
where they belong and in other cases the “things” belong in more than one
place. The exercise of actually moving it to the right area in the conceptual
architecture is the opportunity to have a discussion about why and what does
it mean.
• Situational Awareness: Depending on the approach, the class divides into
groups to do the exercise as separate groups and then compare the results or
the class does it together with the instructor leading the conversation.
1. This is a scattering of the many services and technologies that make up the
IT Infrastructure including mobile apps.
Module 11: Mobile IT Architecture Exercise
mGovernment 277
Services and Technologies
Smart Phones
Mobile DMZ
Lap & Desktops
Feature Phones
SCORE Web Site
Front-Office APIs
Business Logic
Mobile APIs
Video Stream
Disaster Recovery
Org DBs
Back-Office APIsTablets
SANS or NAS
WAN (MPLS)
Carriers (Mobile)
LAN
PAN (NFC)
Resource Authorization
Archival
Incident Identification
Validation of Information
Authentication
Log Collection
Log Analysis
Reputation Mgt
IDS/IPS
SSL Certificate and Key Mgt
Incident Response
S/W Assurance
Shared Data Resources
Compliance
TSM: Trusted Services ManagerMobile App
Stores
CERT
DAR Encryption
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 278
Compliance: In data storage terminology, the word compliance is used to refer
to industry-wide government regulations and rules that cite how data is managed
and the need for organizations to be in compliance with those regulations. The
term encompasses data storage, data archiving, data encryption, and also data
retrieval.
http://www.webopedia.com/TERM/C/compliance.html
APIs: application program interface
API, an abbreviation of application program interface, is a set of routines,
protocols, and tools for building software applications.
http://www.webopedia.com/TERM/A/API.html
Public Carrier: A government-regulated organization that provides
telecommunications services to the public.
http://www.webopedia.com/TERM/P/public_carrier.html
WAN: wide area network
A wide-area network (WAN) spans a relatively large geographical area and typically
consists of two or more local-area networks (LANs).
http://www.webopedia.com/TERM/W/wide_area_network_WAN.html
MPLS: Multiprotocol Label Switching
Multiprotocol Label Switching (MPLS) gives network operators flexibility to divert
and route traffic around link failures, congestion and bottlenecks.
http://www.webopedia.com/TERM/M/MPLS.html
GLOSSARY
Module 11: Mobile IT Architecture Exercise
mGovernment 279
GLOSSARY
LAN: local-area network
A local-area network (LAN) spans a relatively small area. LANs are capable of
transmitting data at very fast rates with limited distance.
http://www.webopedia.com/TERM/L/local_area_network_LAN.html
SAN: Storage Area Network (SAN) services,
SAN is a technology used by businesses to obtain greater flexibility in their data
storage. A Storage Area Network (SAN) provides raw storage devices across a
network, and is typically sold as a service to customers who also purchase other
services.
http://www.webopedia.com/TERM/S/SAN_services.html
NAS: Network Attached Storage
A network-attached storage device is a server that is dedicated to nothing more
than file sharing.
http://www.webopedia.com/TERM/N/network-attached_storage.html
DAR Encryption: data at rest protection
DAR is subject to threats from hackers and other malicious threats. To prevent
this data from being accessed, modified or stolen, organizations will often employ
security protection measures such as password protection, data encryption, or a
combination of both.
http://www.webopedia.com/TERM/D/data_at_rest_protection.html
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 280
PAN: Personal Area Network.
Based on the electric-field transmission medium, is an IBM technology that allows
individuals to exchange data with a simple touch or grasp, such as a handshake.
http://www.webopedia.com/TERM/P/PAN.html
IDS: intrusion detections system
A system that inspects all inbound and outbound network activity and identifies
suspicious patterns that may indicate a network or system attack.
http://www.webopedia.com/TERM/I/intrusion_detection_system.html
IPS: intrusion prevention system
An IPS, or intrusion prevention system is used in computer security. It provides
policies and rules for network traffic along with an intrusion detection system
for alerting system or network administrators to suspicious traffic, but allows the
administrator to provide the action upon being alerted.
http://www.webopedia.com/TERM/I/intrusion_prevention_system.html
CERT: Computer Emergency Response Team.
CERT was started in December 1988 by the Defense Advanced Research Projects
Agency, which was part of the U.S.
http://www.webopedia.com/TERM/C/CERTCC.html
GLOSSARY
Module 11: Mobile IT Architecture Exercise
mGovernment 281
GLOSSARY
Services and Technologies
Smart Phones
Mobile DMZ
Lap & Desktops
Feature Phones
SCORE Web Site
Front-Office APIs
Business Logic
Mobile APIs
Video Stream
Disaster Recovery
Org DBs
Back-Office APIsTablets
SANS or NAS
WAN (MPLS)
Carriers (Mobile)
LAN
PAN (NFC)
Resource Authorization
Archival
Incident Identification
Validation of Information
Authentication
Log Collection
Log Analysis
Reputation Mgt
IDS/IPS
SSL Certificate and Key Mgt
Incident Response
S/W Assurance
Shared Data Resources
Compliance
TSM: Trusted Services ManagerMobile App
Stores
CERT
DAR Encryption
Software Assurance: Software assurance (SwA) is defined as “the level of
confidence that software is free from vulnerabilities, either intentionally designed
into the software or accidentally inserted at anytime during its lifecycle, and that
the software functions in the intended manner.”[1]
www.wikipedia.com
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 282
CONTENT
So this is one answer for the “things” that should be allocated to the framework
area called Devices. They include: Smart Phones, PAN including NFC, Lap and
Desktops, Tablets, Feature Phones, the SSL Certificates, the Mobile APIs and even
the Business Logic. Why are they there? Think back to the scenario that is the
background for this exercise: You have an application that will collect information
about children and interface with many of the features of the smart phones. It
will need to serve everyone including people with just a feature phone. Privacy
will need to be a major consideration. And consider all the many platform types.
There is a lot of complexity in this. What may have appeared to be a simple
task of creating a Native App is maybe not so simple. There is so much more to
consider…beginning with the next area in the framework.
• Depending on the two alternative approaches for teaching this exercise the
instructor either visits with each of the groups to see how they are progressing
or picks students from the class to challenge with the question “what are the
elements or things that were randomly placed in the previously slide” that fit
into the framework area called Devices?”
• Situational Awareness: There is no perfect solution to the allocation. What is
more important is the justification discussion.
1. This slide is used to allocate the “things” that fit the definition of devices
within the framework.
Module 11: Mobile IT Architecture Exercise
mGovernment 283
Devices in the Framework
Security OverlayO
ther
Ser
vice
s
Front-ends
Devices
Back-ends
Networks
Smart Phones Lap & Desktops
Feature PhonesBusiness Logic
Mobile APIsTablets
PAN (NFC)
SSL Certificate
DAR Encryption
• Why would Data at Rest (DAR) be considered under devices?
A) Data can be stored in these “devices” and may need to be protected with
encryption (correct)
B) DAR only applies to data inside of the data center and should not be associ-
ated with “devices”
Test Questions
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 284
DAR Encryption: data at rest protection
Data at rest is subject to threats from hackers and other malicious threats. To
prevent this data from being accessed, modified or stolen, organizations will
often employ security protection measures such as password protection, data
encryption, or a combination of both.
http://www.webopedia.com/TERM/D/data_at_rest_protection.html
PAN: Personal Area Network.
Based on the electric-field transmission medium, is an IBM technology that allows
individuals to exchange data with a simple touch or grasp, such as a handshake.
http://www.webopedia.com/TERM/P/PAN.html
NFC: Near Field Communication
Abbreviated as NFC, Near Field Communication is a standards-based, short-
range wireless connectivity technology that enables convenient short-range
communication between electronic devices. The underlying layers of NFC
technology are ISO, ECMA, and ETSI standards.
http://www.webopedia.com/TERM/N/Near_Field_Communication.html
SSL: Secure Sockets Layer
Secure Sockets Layer (SSL) is a protocol for transmitting private documents via
the Internet. SSL uses a cryptographic system that uses two keys to encrypt data.
http://www.webopedia.com/TERM/S/SSL.html
GLOSSARY
Module 11: Mobile IT Architecture Exercise
mGovernment 285
Devices in the Framework
Security OverlayO
ther
Ser
vice
s
Front-ends
Devices
Back-ends
Networks
Smart Phones Lap & Desktops
Feature PhonesBusiness Logic
Mobile APIsTablets
PAN (NFC)
SSL Certificate
DAR Encryption
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 286
CONTENT
Moving from the Devices to the Front End it is important to establish that the
Front End for the scenario is in two places: within the smart phone and in the
data center. Again, this is one answer for the “things” that should be allocated
to the framework area called Front End. They include: the Front End APIs, Video
Streaming Servers, the Mobile DMZ, Validation of Information the Mobile APIs
and the Business Logic. Why are these “things” allocated as part of the Front
End? Think back to the scenario that is the background for this exercise: You
have an application that will collect information about children and interface a
database and with web servers. Sports and videos go together so video streaming
on web servers is another expectation. The SCORE web site will be in the Front
End. Continuing on to the next area in the framework.
• Depending on the two alternative approaches for teaching this exercise the
instructor either visits with each of the groups to see how they are progressing
or picks students from the class to challenge with the question “what are the
elements or things that were randomly placed in the previously slide” that fit
into the framework area called Front End?”
• Situational Awareness: There is no perfect solution to the allocation. What
is more important is the justification discussion.
1. This slide is used to allocate the “things” that fit the definition of Front End
within the framework.
Module 11: Mobile IT Architecture Exercise
mGovernment 287
The Front End in the Framework
Security OverlayOth
er S
ervi
ces
Front-ends
Devices
Back-ends
Mobile DMZSCORE Web SiteFront-Office APIs Business Logic
Mobile APIsVideo Stream Validation of Information
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 288
APIs: application program interface
API, an abbreviation of application program interface, is a set of routines, protocols,
and tools for building software applications.
http://www.webopedia.com/TERM/A/API.html
GLOSSARY
• Why would Validation of Information be considered under Front End?
A. The front end often holds the business logic in the software. When collecting
information, especially the personal information of the kind expected within
this scenario, there is an expectation that there is information validation. This
is a basic principle in good data base design. This validation may in fact occur
at the Front End of the data center or within the Native Application on the
smart phone. (correct)
B. Validation of Information is misplaced and does not belong here.
Test Questions
Module 11: Mobile IT Architecture Exercise
mGovernment 289
The Front End in the Framework
Security OverlayOth
er S
ervi
ces
Front-ends
Devices
Back-ends
Mobile DMZSCORE Web SiteFront-Office APIs Business Logic
Mobile APIsVideo Stream Validation of Information
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 290
CONTENT
The Back End is normally associated with data storage but there is so much more
that goes on in this area of the conceptual framework. Compliance is an example.
This is an activity that is critical to data center operations that have to go through
many steps in compliance to various standards. Video streams may also be held
in high capacity storage designed for video. Business logic in the databases,
organizational databases, the back office APIs that serve to streamline the flow
of information with the Front End, these are all activities and technologies that
take place in the back end. There are others including archival of data, disaster
recovery, encryption for the data at rest, log collections and maintenance, and
the actual storage units in SANS or NAS units. All aspects of these “things” are
associated in some form with the Back End necessary for the scenario of the
SCORE application. Continuing on to the next area in the framework.
• Depending on the two alternative approaches for teaching this exercise the
instructor either visits with each of the groups to see how they are progressing
or picks students from the class to challenge with the question “what are the
elements or things that were randomly placed in the previously slide” that fit
into the framework area called Back End?”
• Situational Awareness: There is no perfect solution to the allocation. What is
more important is the justification discussion.
1. This slide is used to allocate the “things” that fit the definition of Back End
within the framework.
Module 11: Mobile IT Architecture Exercise
mGovernment 291
The Back End in the Framework
8
Security OverlayO
ther
Ser
vice
s
Front-ends
Devices
Back-ends
Networks
Business LogicVideo Stream
Disaster Recovery
Org DBs
Back-Office APIsSANS or NAS
Archival
Authentication Log CollectionShared Data Resources
Compliance
DAR Encryption
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 292
Compliance: In data storage terminology, the word compliance is used
to refer to industry-wide government regulations and rules that cite how
data is managed and the need for organizations to be in compliance with
those regulations. The term encompasses data storage, data archiving, data
encryption, and also data retrieval.
http://www.webopedia.com/TERM/C/compliance.html
APIs: application program interface
API, an abbreviation of application program interface, is a set of routines,
protocols, and tools for building software applications.
http://www.webopedia.com/TERM/A/API.html
SAN: Storage Area Network (SAN)
SAN is a technology used by businesses to obtain greater flexibility in their data
storage. A Storage Area Network (SAN) provides raw storage devices across a
network, and is typically sold as a service to customers who also purchase other
services.
http://www.webopedia.com/TERM/S/SAN_services.html
NAS: Network Attached Storage
A network-attached storage device is a server that is dedicated to nothing more
than file sharing.
http://www.webopedia.com/TERM/N/network-attached_storage.html
GLOSSARY
Module 11: Mobile IT Architecture Exercise
mGovernment 293
GLOSSARY
DAR Encryption: data at rest protection
Data at rest is subject to threats from hackers and other malicious threats. To
prevent this data from being accessed, modified or stolen, organizations will
often employ security protection measures such as password protection, data
encryption, or a combination of both.
http://www.webopedia.com/TERM/D/data_at_rest_protection.html
• Why would Shared Data Resources be considered under Back End?
A. The Back End end is a repository for all kinds of information that include
some that may be exchanged with other organizations or may actually be from
other organizations. These data resources can be exchanged in a variety of ways
such as setting up a gateway or even making duplicate copies. (correct)
B. Shared Data Resources is misplaced and does not belong here.
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 294
CONTENT
There are many kinds of networks associated with implementing this type of
scenario starting with the local area network for the functional area that supports
the SCORE application, the mobile area carrier network, WiFI as a Personal Area
Network and even NFC for local payment transactions. Log analysis is also here
as a function of network operations. The MPLS is called out as an example of a
WAN. This opens up a discussion about the potential that the actual data center
for the SCORE application would likely be in the centralized Federal Cloud.
• Depending on the two alternative approaches for teaching this exercise the
instructor either visits with each of the groups to see how they are progressing
or picks students from the class to challenge with the question “what are the
elements or things that were randomly placed in the previously slide” that fit
into the framework area called Networks?”
• Situational Awareness: There is no perfect solution to the allocation. What is
more important is the justification discussion.
1. This slide is used to allocate the “things” that fit the definition of Networks
within the framework.
Module 11: Mobile IT Architecture Exercise
mGovernment 295
The Networks in the Framework
9
Security OverlayO
ther
Ser
vice
s
Front-ends
Devices
Back-ends
NetworksWAN (MPLS)Carriers (Mobile)
LAN PAN (NFC)
Log Analysis
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 296
Public Carrier: A government-regulated organization that provides
telecommunications services to the public. This includes AT&T, MCI, and
Western Union.
http://www.webopedia.com/TERM/P/public_carrier.html
WAN: wide area network
A wide-area network (WAN) spans a relatively large geographical area and
typically consists of two or more local-area networks (LANs).
http://www.webopedia.com/TERM/W/wide_area_network_WAN.html
MPLS: Multiprotocol Label Switching
Multiprotocol Label Switching (MPLS) gives network operators flexibility to
divert and route traffic around link failures, congestion and bottlenecks.
http://www.webopedia.com/TERM/M/MPLS.html
LAN: local-area network
A local-area network (LAN) spans a relatively small area. LANs are capable of
transmitting data at very fast rates with limited distance.
http://www.webopedia.com/TERM/L/local_area_network_LAN.html
SAN: Storage Area Network (SAN)
SAN is a technology used by businesses to obtain greater flexibility in their data
storage. A Storage Area Network (SAN) provides raw storage devices across a
network, and is typically sold as a service to customers who also purchase other
services.
http://www.webopedia.com/TERM/S/SAN_services.html
GLOSSARY
Module 11: Mobile IT Architecture Exercise
mGovernment 297
NAS: Network Attached Storage
A network-attached storage device is a server that is dedicated to nothing more
than file sharing.
http://www.webopedia.com/TERM/N/network-attached_storage.html
PAN: PAN is short for Personal Area Network. Based on the electric-field
transmission medium, is an IBM technology that allows individuals to exchange
data with a simple touch or grasp, such as a handshake.
http://www.webopedia.com/TERM/P/PAN.html
GLOSSARY
• Why would Near Field Communication (NFC) be considered under Network?
A. NFC is used for making mobile payments. It is very conceivable that the
scenario makes use of mobile payments at the point of payment at the sports
venues, which would make it a form of network communications. (correct)
B. NFC is misplaced and does not belong here.
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 298
CONTENT
The security overlay is the set of technologies and services that serve the
purpose of protecting the IT system. The elements of the IT Infrastructure noted
here are not more than examples to run the exercise. Compliance was already
discussed for the Back End, but it is listed here for the security functions. IAM
serves to establish the identity of the application registrants and to provide
application access. The DMZ is a security perimeter. CERT is listed to identify the
need for a liaison with the National CERT. SSL Certificates and Key Management
is listed here for the application recognizing the need for encryption in the
communications channel. Incident identification is a security watch function to
detect and respond to security incidents.
• Depending on the two alternative approaches for teaching this exercise the
instructor either visits with each of the groups to see how they are progressing
or picks students from the class to challenge with the question “what are the
elements or things that were randomly placed in the previously slide” that fit
into the framework area called Security Overlay?”
• Situational Awareness: There is no perfect solution to the allocation. What is
more important is the justification discussion.
1. This slide is used to allocate the “things” that fit the definition of Security
Overlay within the framework.
Module 11: Mobile IT Architecture Exercise
mGovernment 299
CONTENT
The Security Overlay in the Framework
10
Security OverlayO
ther
Ser
vice
s
Front-ends
Devices
Back-ends
Networks
Mobile DMZ
Disaster Recovery
Authorization
Incident Identification
IAM
Log Analysis
Reputation Mgt
IDS/IPS
SSL Certificate and Key Mgt
Incident Response
S/W Assurance
Compliance
CERT
DAR Encryption
Disaster recovery is also associated with security functions as are reputation
management to protect the web site from malicious spoofing. DAR encryption
is listed for encryption of the data from the registrants. Software assurance is a
discipline to ensure that the software for the SCORE application is coded free of
vulnerabilities. IDS and IPS are security technologies to detect and protect against
malicious attacks. Lastly, authorization is a function of providing authorization to
use the IT system resources. All of these technologies, services parts of what
make up the security overlay.
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 300
IAM: Identity and Access Management
In computing, identity management (IdM) describes the management of
individual principals, their authentication, authorization,[1] and privileges within
or across system and enterprise boundaries[2] with the goal of increasing
security and productivity while decreasing cost, downtime and repetitive tasks.
[3] The terms “Identity Management” and “Identity and Access Management” (or
IAM) are used interchangeably in the area of Identity access management, while
identity management itself falls under the umbrella of IT Security.[4]
www. Wikipedia.com
DAR Encryption: data at rest protection
Data at rest is subject to threats from hackers and other malicious threats. To
prevent this data from being accessed, modified or stolen, organizations will
often employ security protection measures such as password protection, data
encryption, or a combination of both.
http://www.webopedia.com/TERM/D/data_at_rest_protection.html
IDS: intrusion detection system
A system that inspects all inbound and outbound network activity and identifies
suspicious patterns that may indicate a network or system attack.
http://www.webopedia.com/TERM/I/intrusion_detection_system.html
GLOSSARY
Module 11: Mobile IT Architecture Exercise
mGovernment 301
IPS: intrusion prevention system
An IPS, or intrusion prevention system is used in computer security. It provides
policies and rules for network traffic along with an intrusion detection system
for alerting system or network administrators to suspicious traffic, but allows the
administrator to provide the action upon being alerted.
http://www.webopedia.com/TERM/I/intrusion_prevention_system.html
CERT: Short for the
Computer Emergency Response Team. CERT was started in December 1988 by
the Defense Advanced Research Projects Agency.
http://www.webopedia.com/TERM/C/CERTCC.html
Software Assurance: Software assurance (SwA) is defined as “the level of
confidence that software is free from vulnerabilities, either intentionally designed
into the software or accidentally inserted at anytime during its lifecycle, and that
the software functions in the intended manner.”[1]
www.wikipedia.com
GLOSSARY
• Why would Log Analysis be considered Security Overlay?
A. The functions associated with Log Analysis include network and security.
The logs serve as a repository for incident detection, incident analysis, foren-
sics and in some cases as legal evidence. (correct)
B. Log Analysis is misplaced and does not belong here.
Test Questions
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 302
CONTENT
The area called Other Services consists of services that are provided by a
different party. The CERT was already discussed is a national level activity. The
TSM is a third party to handle transactions that require the use of a third party
broker. Disaster recovery is often handled through a provider that can include
off-site storage of data. Reputation management is also typically a service that
is acquired to watch over the online reputation of individuals or organizations.
The shared data resources can be centralized in a third-party organization that
acts as a gateway to shared information. And lastly, the mobile app stores from
the major providers like iTunes and Google Play to host the apps. All of these
“things” or elements in a broad definition of the IT Infrastructure are potential
components of the SCORE application environment.
• Depending on the two alternative approaches for teaching this exercise the
instructor either visits with each of the groups to see how they are progressing
or picks students from the class to challenge with the question “what are the
elements or things that were randomly placed in the previously slide” that fit
into the framework area called Other Services?”
• Situational Awareness: There is no perfect solution to the allocation. What is
more important is the justification discussion.
1. This slide is used to allocate the “things” that fit the definition of Other
Services within the framework.
Module 11: Mobile IT Architecture Exercise
mGovernment 303
Other Services in the Framework
Security OverlayO
ther
Ser
vice
s
Front-ends
Devices
Back-ends
Networks
Disaster Recovery
Reputation Mgt
Shared Data Resources
TSM: Trusted Services Manager
Mobile App Stores
CERT
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 304
CERT: Computer Emergency Response Team
CERT was started in December 1988 by the Defense Advanced Research Projects
Agency, which was part of the U.S.
http://www.webopedia.com/TERM/C/CERTCC.html
TSM: Trusted Services Manager
A trusted service manager (TSM) is a role in a near field communication ecosystem.
It acts as a neutral broker that sets up business agreements and technical
connections with mobile network operators, phone manufacturers or other
entities controlling the secure element on mobile phones. The trusted service
manager enables service providers to distribute and manage their contactless
applications remotely by allowing access to the secure element in NFC-enabled
handsets.
GLOSSARY
• Why would Trusted Services Manager (TSM) be considered in Other Services?
A. The TSM is a third party service designed to serve as a trust-broker between
two parties in order to conduct an electronic (online) transaction that requires
the parties to have a way of validating the identity of the other. (correct)
B. TSM is misplaced and does not belong here.
Test Questions
Module 11: Mobile IT Architecture Exercise
mGovernment 305
Other Services in the Framework
Security OverlayO
ther
Ser
vice
s
Front-ends
Devices
Back-ends
Networks
Disaster Recovery
Reputation Mgt
Shared Data Resources
TSM: Trusted Services Manager
Mobile App Stores
CERT
f
LEARNING OBJECTIVES
INSTRUCTOR GUIDANCE
IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 306
CONTENT
There are many lessons to be drawn from this exercise. One of them is that it is not
as simple as making an app. The scenario seems simple, but the implementation
of making that scenario come to life is rather complex with many parts to the
architecture and many elements of the IT Infrastructure that are needed to make
it all work. It is much like building an eco-system so that the app can function,
so the data can stay secure and so that all the features of the application can
work. It will require not one but many organizations to work collaboratively.
There is also the lesson that something this complex should start with limited
functionality and grow with time to add additional features.
• This is the moment when the class is combined and the instructor reviews the
key lessons to be drawn from the exercise. Ideally the lessons come from the
students who are asked to defend their decisions about the allocation of the
elements of the infrastructure and to consider other points of view from the
other members of the class.
• Situational Awareness: keep the class engaged so it remains their exercise.
1. The objective of this slide is to bring the exercise to a close by having a
discussion about the lessons drawn from the exercise.
Module 11: Mobile IT Architecture Exercise
mGovernment 307
• Not as easy as “make an app”…
• You won’t control all the “parts…things…assets…”
• Best to start with simple capabilities and grow the capabilities
through iterations of releases, like Apple and Google does
• It is really an eco-system that is being built
• Of many cooperating organizations
• And many parts operating asynchronously
• Keeping your end goal (making happy citizens)
• A partnership: government + citizens + private sector
• The complexity is the enemy of the security…many points where it
can be compromised
• One can argue that the most vulnerable piece is the software
(the app)
What have we Learned?
• In the scenario, it is expected that the IT Director will have full and direct
control over all of the services, technologies and functions.
A. True
B. False (correct)
Test Questions
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
mGovernment 308
CONTENT
• Understand all of the many elements in an IT infrastructure that are needed
to support the mobile services applications.
• Convey the idea that mobile requires more than the traditional enterprise and
eGovernment IT architectures.
• Enable a conversation about where the different elements of the architecture
belong and why they belong there. This could also be used in the early planning
stages of an app development project.
Module 11: Mobile IT Architecture Exercise
mGovernment 309
• The exercise is about the many parts of an IT Infrastructure. Like
putting pieces of a puzzle together – but with consequences for
security, performance and ultimately the success of the mobile app
project.
• Making the App work is about ensuring that all the parts are there
and work together.
Review of Objectives
mGovernment
It is now time to review your knowledge
of this material
QUIZ
310
fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide
Quiz – Question 1
1. Building a complex mGov app that uses the features of the
smart phones is: (Pick all the correct answers)
A) Something that can be controlled by one organization
B) Much like building an eco-system of different data and
service owners working asynchronously. (correct)
C) A partnership between the government, citizens and the
private sector. (correct)
mGovernment
Quiz – Question 2
311
fModule 11: Mobile IT Architecture Exercise
2. The messages of this module of instruction are: (Pick all the
correct answers)
A) There are many elements in the information system needed
to make an application work. Everything on this list should at
least be considered. (correct)
B) Many of the elements are going to be outside the direct
control of the owners of the application and so there is greater
need for collaboration and agreements. (correct)
C) Whenever possible use shared resources to avoid recreating
an existing source of information or service. (correct)
D) There is a great deal of complexity. It is not as easy as
making an app. (correct)
E) TRA can do all of this for you.
F) Security needs to be a part of all the different parts of the
system. (correct)
G) Avoid doing a Native App as it will get too complicated.
H) Mobile has a high impact on the IT infrastructure - all
aspects of it. (correct)
I) The proposed scenario is far fetched, something so extreme
that the complexity described in the exercise will never really
apply.
End of Book
www.government.ae