Download Appendix I CURRENT ENVIRONMENT REQUEST FOR QUOTE (RF

Appendix I
CURRENT ENVIRONMENT
REQUEST FOR QUOTE (RFQ)
For
Commonwealth of Pennsylvania
Office of Administration (OA)
Office for Information Technology (OIT)
Telecommunications Advisory Services
6100034914
Scope
This document provides for a high-level understanding of the Commonwealth’s
current enterprise telecommunications environment.
Overview
The Commonwealth of Pennsylvania, in partnership with its current service
provider, successfully completed a project to combine multiple telecommunications
contracts into a single agreement. This current agreement encompasses a suite of
voice, data, and security services and meets a majority of the Commonwealth’s
telecommunications needs.
This partnership began in 2009 with a contract awarded to MCI WorldCom (DBA
Verizon Business) (“Verizon”). This agreement is scheduled to expire in October
2016 and contains renewal options which may be exercised by the Commonwealth.
The following provides an overview of the services and the associated technologies
in the Commonwealth’s current environment:
Data Communications Services
These services include, but are not be limited to:
»
»
»
»
»
»
»
»
Verizon PIP (MPLS based Private IP Networking)
Metro Ethernet
Point-to-point
Enterprise Internet
Broadband Internet
Wireless LAN
Premise wiring
Metro Fiber
Security Services
Enterprise Security services protect the Commonwealth’s network and network
accessible resources from unauthorized access, provide intrusion detection and
prevention, and alerting. In addition, the services ensure secure remote access for
Commonwealth internal users as well as Commonwealth business partners.
These services include, but are not be limited to:
-2-
»
»
»
»
»
»
»
»
»
»
Firewalls
Intrusion Detection Systems (IDS)
Intrusion Prevention Systems (IPS)
Proxy services
Internet content filtering and load balancing
Remote Access Services (RAS)
Virtual Private Network (VPN)
24/7 Security Operations Center (SOC)
Access Control Lists (ACLs)
Authentication (Two factor – Active Directory)
Voice Communications Services
The Commonwealth’s voice services environment includes standard and specialized
voice products and services. These products facilitate day-to-day business
communications, operations and collaborative productivity.
These services include, but are not limited to:
»
»
»
»
»
»
»
»
»
»
»
VoIP (PennConnect)
Desktop/Outlook Integration
Web Collaboration (PennConnect)
Voice messaging and Auto Attendant services (PennConnect)
Call Center (IPT/Unify, VCC)
Local Service (local dial tone)
Long Distance (switched and dedicated)
Inbound toll free service (switched and dedicated)
Audio Conferencing
Miscellaneous Telephone Equipment (PBX and Key systems) (minimal)
Premise wiring
Managed Network Services and Managed Security Services
Verizon as part of the current agreement includes 24x7x365 managed WAN, LAN,
and managed security services for agencies. Managed WAN and LAN services are
offered in tiered service options based on desired service levels. Verizon also offers
bundled managed security services to agencies in either a fully managed or comanaged environment. Co-managed allows the agency to maintain responsibility
for their own firewall and/or IPS policy.
IT Service Management (ITSM)
In 2013, ServiceNow was selected as the ITSM SaaS solution for the
Commonwealth. All future vendors are required to integrate with the
Commonwealth’s ServiceNow instance; however, this is not in place today with
Verizon.
-3-
The following describes several tools in use today as it pertains to the current
contract:

for ordering, billing, and inventory management, Verizon was granted
access to the Commonwealth’s Enterprise Services Management System
(ESMS). In conjunction with ESMS, the Commonwealth uses SAP as its
enterprise wide accounting system. ESMS complies with the established SAP
account code structure and the rules for validation of account code
information to ensure accurate billing mechanisms are in place.

for change management, Verizon was granted access to the
Commonwealth’s ServiceNow instance and is required to participate in all
Change Management activities.

for incident management, the Verizon Remedy system is used to handle
all proactive Incident Management activities. For reactive incidents, the
Commonwealth calls the Verizon-CoPA Service Desk (VCSD) for new ticket
creation and status.
Technical Summary
The information presented below is documented to provide a high-level hierarchal
view and understanding of the Commonwealth’s current network infrastructure and
security architecture.
Data Infrastructure
Verizon transitioned the Commonwealth of Pennsylvania and its agencies from a
legacy ATM Access network to Verizon’s Private IP (PIP) MPLS-based network.
Access to Verizon’s PIP network is achieved using multiple Ethernet access switches
deployed throughout Pennsylvania.
Verizon utilizes two of the seven nodes of the COPANET (Commonwealth owned)
infrastructure to transport the majority of traffic destined for the Internet across
multiple Full GigE Ethernet circuits to redundant Provider Edge Routers. COPANET
is managed and maintained by Verizon.
High bandwidth locations such as data centers and agency core locations are
directly connected to COPANET or to the PIP network via Ethernet. Virtual Private
Networks (VPNs) are used to separate each agency network, the Enterprise
Business Partner (BP) network, and the Enterprise DMZ.
-4-
Summary Count of Circuits – Total 3385



Ethernet Access Circuits - 234
128K to Bundled DS1 Access Circuits – 2913
Other Circuits (Pt to Pt, Ethernet Out of State, etc.) - 238
Enterprise Internet Access
Commonwealth agencies access the Internet (public IP) from COPANET across the
PIP network through two geographically diverse Internet hub locations. Internet
hub locations currently house redundant high availability security services at both
locations.
Each hub site consists of two (2) redundant Gigabit Ethernet connections capable of
supporting 100% of traffic on a single link. Each hub location utilizes a different
Internet Service Provider, ISP for carrier redundancy.
Enterprise Security Services
The Commonwealth’s Enterprise perimeter security services are outsourced to
Verizon. The Commonwealth, however, maintains responsibility for firewall rule
base administration and IDP tuning requirements based on Commonwealth policies.
All Security infrastructure provided and fully managed by Verizon is housed in both
Internet hub locations.
Firewall Solution
A co-managed Enterprise Firewall System is installed at each of these hub
locations and secures the Commonwealth’s perimeter environment from the
Internet and provides flexibility in connectivity options and business needs.
The Commonwealth owns the Security Policy with Verizon managing the
hardware.
IDP/IPS Solution
A fully managed Intrusion Prevention System is installed at each of these hub
locations and provides stateful protection from the network and higher layer
vulnerabilities such as worms, trojans, spyware, key loggers and some
malware from either entering or exiting and propagating through the
Commonwealth network. The Commonwealth owns the Policy and Verizon
implements on the Commonwealth’s behalf.
-5-
Web Content Filtering Solution
A fully managed Web Content Filtering solution is installed at each of these
hub locations and contains the most current Commonwealth approved web
content filtering policy.
Remote Access Solution
A fully managed SSL-based remote access solution with redundant VPN
devices is installed at each of these hub locations. Verizon provides a VPN
front-end application, Enterprise Connect, as part of Verizon’s cloud-based
Enterprise Mobility as a Service (EMaaS) remote access management
platform. EMaaS provides a single interface for all device connectivity types
(wireless, wired, broadband, and dial) as well as optional security features
such as firewall/anti-virus host checking that are applied on a group basis.
24/7 Security Operations Center
Verizon provides 24x7x365 monitoring and event response/support for
firewalls, IPSs, Web Content Filtering and Remote Access. This includes
rapid response and reporting to the Commonwealth from the Verizon
Security Operations Center (SOC) regarding security intrusions/events or
security system health issues with strict adherence to well documented Policy
and Procedure Manuals (PPMs).
Voice Services
The Commonwealth’s current voice services environment varies by agency and
location. It is based on station count and individual business need. Where
determined to be cost beneficial the Commonwealth has invested in Verizon’s VoIP
Enterprise IPT Solution (PennConnect).
PennConnect
The IPT platform consists of two Unify OpenScape Voice (OSV) platforms,
located in two of the COPANET locations in Harrisburg.
Each platform consists of two geographically diverse nodes, each serving
roughly half of the 41,000 subscribers spread across the Commonwealth:



Each node serves as the primary call processing unit for that location;
The secondary node is backup to the primary node
PSTN access is provided by Verizon’s Session Initiation Protocol (SIP)
based IP Trunking service
-6-

Additional redundancy is provided with outbound calling redundancy
over voice PRIs for critical sites
A Common VOIP VRF (COPA_OA_VOIP) carries all of the hard phone VOIP
signaling and media (speech) traffic. Where soft phone applications on the
PC’s are deployed, traffic is handled by the session border controller (SBC)
which directs the VOIP traffic from the Agency WAN VRF to the common
VOIP VRF.
A suite of Unified Communications tools are integrated within the platform
through Outlook email client plug-ins, web access, and smartphone
applications. These UC tools include:








Web collaboration with desktop sharing
Voice and video bridging capability with capacity of 300+ participants
Instant messaging
Click to call functionality within Outlook
One number service, call forwarding with calendar integration and rule
setting capability
Active call handoff between devices
Voicemail integration with MS Exchange
User defined hunt and pickup groups (managed Device Lists and Team
View)
Automated Call Distribution Systems
OpenScape Contact Center is the primary Contact Center solution for the
major call centers within the Commonwealth. Three tenants with 1500+
seats reside on two redundant platforms. These platforms are deployed in a
similar manner to the PennConnect IPT VoIP infrastructure and utilize the IPT
Platform for agent dial tone. The system is front ended by a Genesys IVR
platform for tenements that encounter sudden increases in call volumes as
well as an outbound dialing system.
The remaining 94 small and medium contact centers are serviced by a cloud
based ACD and Virtual Contact Center. With approximately 2000 seats
deployed across these ninety-four contact centers, all local/toll free voice,
email, and instant messaging interactions are handled for both internal and
public facing service centers.
Several, user-configurable, auto attendant platforms are also in use across
the Commonwealth for simple call routing and distribution.
Toll Free Services
780+ switched, dedicated and IPT toll free numbers are currently in service.
These dialed destinations are provisioned with advanced call allocator routing
-7-
capabilities and management tool sets. This allows for on the fly and
immediate configuration by Commonwealth administrators to meet any
calling pattern need or situation.
Centrex/Analog/PBX Services
Many, non-IPT sites are served by over 28,000 Centrex/analog lines crossing
multiple LECs throughout Pennsylvania. Many of these sites have PBX or key
systems in service.
High Level Diagram
-8-