Download Springfield Data Center Program Alignment

Springfield Data Center Program Alignment –
ITD Engineering
Information Technology Division
Executive Office for Administration and Finance
1
Springfield Data Center Alignment – ITD
Engineering
Agenda
 Alignment Process and Schedule
 Program Alignment
 Service Offering Alignment
 Procurement Update/Standards
 Current ITD projects
 Planned ITD projects
 Alignment planning
2
Springfield Data Center
IT Consolidation Alignment Process & Schedule
Process
Core Program
Alignment
(3/8 – 3/26)
Key Dependencies &
Stakeholder
Alignment
(3/29 – 4/8)
Review &
Finalization
(4/12 – 4/30)
ANF Final
Review
5/4
Schedule
Services
John Letchford
Technology
Jason Snyder
IT Consolidation
John McElhenny
Security
Dan Walsh
Financials
Lou Angeloni
Staffing/HR
Ellen Wright
Procurement
Linda Hamel
Facility Budget
DCAM
Energy Strategy
DOER
4/12
IT Governance
ITD
4/14
IT Executive Review
ITD
4/16
Energy Strategy &
Facility Budget Review
DCAM
4/20
ANF Review Preparation
DCAM
4/28
Benefits, Financials, Schedule
3
SDC – Data Center Consolidation Alignment
DCC – WAVE 1
DR in Waves 1,2
Evolution to Primary Hosting in Wave 3
Disaster Recovery
(Waves 1, 2)
Primary Hosting
January 2012 (Wave 3)
IT Service Excellence
Automation, Service Desk,
ITIL, Chargeback
New Chargeback Model
Automated Tools:
Provisioning, Monitoring, Ticketing
Security Framework Architecture
Virtual Private Cloud
Technology
Network, Storage, Security,
DR, VPC
Data Center Infrastructure
4
Services – ITD Service Models
ITD Today
6 lines of Business
ITD Jan 2012 @ SDC
Hosting
-Co-Location, Distributive Hosting
-DR
-Mainframe
Integration
-CommBridge
-Secure File / Email Delivery
-XML Gateway
Hosting
VPC (Virtual Private Cloud Infrastructure)
•Secure Resource Pools
•Highly Available & Continuously Available DR
•Secure Co-location
•Actionable Service Catalog
•Shared ITIL Services
•Dynamic Provisioning
Applications
-CIW
-HRCMS
-Mass.Gov
Security
-Cert Mgmt
-Firewalls, VPN, IPS/IDS
-UAID
-Vulnerability Assessment
Network & Data
-Backup & Recovery
-Database Hosting
-Network, Storage, Telecom
Workgroup
-Desktop and File
-Messaging, Print & Mail
-Content Mgmt
Security
-Centralized Security Polices and Identity Mgmt
-Higher Density Security (Firewalls, VPN, IPS/IDS)
-Centralized Vulnerability Assessment
Network & Data
DCI (Data Center Infrastructure)
•MAIN – High Speed Network Link
•10 Gig Converged Ethernet Switching
•Storage – Multi-Tiered
•Backup & Recovery – Dedup
Workgroup
Print / Mail
5
Technology – 4 Point Solution Model
Technology
Virtual Private Cloud (VPC)
Virtual Private Cloud Description:
ITSM
Shared ITIL
Processes
Virtual Private Cloud
Management
Virtual Private Cloud
Infrastructure
Supports heterogeneity of both Physical and
Virtual Resources
Capacity:
Service Catalog
Web Interface
960 Virtual Hosts 250 TB SAN
N
E
T
W
O
R
K
Image Library
CMDB
Service Desk
Actionable
Service Catalog
(Policies &
Workflows)
Capacity Mgmt
Dynamic
Provisioning
(Service Catalog)
Events Mgmt
Monitoring
Financial
Management
(Chargeback)
Common
Monitoring
Agent
BLADE
SERVER
FARM
S
E
R
V
I
C
E
S
Secure
Zone
Secure
Zone
Secure
Zone
Private
Virtual Pools
ITSM & VPC MANAGEMENT SHARED INFRASTRUCTURE
1
2
3
DCI
DATA CENTER
Storage INFRASTRUCTURE
Tiers
Technologies:
ITSM
Service Desk – Incident, Asset, Change,
Auto Discovery
Capacity Management – Performance
Monitoring, Analysis, Forecasting
Events Management – Correlation of
Events & Automated Responses
Shared ITIL Processes
CMDB – Configuration Management
Database
Financial Management – Collection of
Resource Utilization & Billing
Virtual Private Cloud Management
Image Library – Standardized Image
Management
Actionable Service Catalog- Request
Management, Automated
Provisioning of OS and Storage
Monitoring- Agent for OS, VM,
Databases, Network and Server
hardware
Service Catalog Web Interface &
Dynamic Provisioning – End User Driven
Resource Management
Virtual Private Cloud Infrastructure
VPC Infrastructure – Server & Supporting
Network Infrastructure
VPC Virtualization Software – Host &
Systems management software
VPC Storage – Tiered storage
VPC Secure Pools – Secure resource pools
abstracting applications from hardware
ITSM & VPC Management Shared Infrastructure
Hosts and software for ITSM & VPC
Management Tools
7
Technology
Consolidated Disaster Recovery & SAN
Consolidated Disaster Recover & SAN
Description:
Storage Area
Network
Ethernet LAN
SAN Core Fabric
SAN Core Fabric
Ethernet LAN
Ethernet BACKUP LAN
High/
MidRange
SAN Edge Fabric
HOSTS
SAN Edge Fabric
Rack/Virtual
Cost effective DR & SAN for any application which
easily grows with the quantity of applications and
throughput requirements.
SDC
Consolidated Disaster Recovery
Business Continuity
Supports any OS, host, data source with high level
of interoperability.
MAIN
Wide Area
Network
Mid Tier
Storage
Replica
Backup
Catalogs
Capacity:
100TB Enterprise 250TB Mid Tier
96 Hosts
EnterPrise
Storage
Technologies:
Mid Tier
Storage
Replication
Appliances/Software
Enterprise Backup & Recovery
Web Enabled
Remote Console
Storage virtualization- Legacy host
replication
Mid Tier
Storage
Backup
Catalogs
Enterprise
Backup &
Recovery Servers
Tape
Library
Enterprise Backup & Recovery
Web Enabled
Data Replication- Enterprise & mid-tier
software disk-to-disk backup and
appliances
SAN switching- 8Gb/s
MITC
Replication
Appliances/Software
MITC Server Farm
Backup and Recovery- Enterprise Web
enabled
Site Recovery Manager- Software to recover
Virtual Environments
Storage Array – Fiber Channel/ SATA II/ Solid
State
8
Technology
Data Center Infrastructure (DCI)
DCI Description:
Perimeter and distribution infrastructure for Springfield Data
Center.
Capacity:
160 racks of Disaster Recovery and Primary Hosting
Infrastructure.
Technologies:
PerimeterCarrier-class edge routers with integrated, high-density
Ethernet switching; IP/MPLS routing 10 to 40 Gbps line
cards
Aggregation Switching
720 Gbps supervisor engines; Gigabit to 10 Gigabit
Ethernet I/O modules; Control (MAC) security with
hardware based 128 bit AES encryption.
Security
Components
Core Routing & Switching
Aggregation Switching
Cabling systems; Cable organizers
Perimeter Firewalls
Quantity
4
6
<160 Racks>
2
Discounted Cost
$278,400
$1,386,200
$40,600
$91,640
Interior Firewalls
2
Intrusion Detection System
Domain Name System (DNS)
VPN Concentrator
2
2
2
$91,640
$49,560
$6,469
$29,500
Security Incident & Event Management system
1
$590,000
Total:
Firewalls – Boundary protection and access controls for
network resources
Intrusion detection system 0 detects and alerts on possible
network attack
DNS – hierarchical naming system for computers and
services
VPN Concentrator – allows secure remote access
Security Incident * Event Mgmt System – correlates from
network systems to determine possible security incidents
and events.
$2,564,009
9
Technology - MAIN Network
MAIN Description:
High speed fiber optic transport backbone WAN
(Wide Area Network) link from MITC to SDC
Capacity:
Scalable bandwidth capacity for 10 Gbps
(Gigabit per second) up to 100 Gbps speeds
Technologies:
Network: Redundant connectivity using
Multiprotocol Label Switching (MPLS) makes it
easy to create "secure virtual links" between
distant nodes
Multiplexing Backbone Network: Gigabit
Ethernet switching; ATM, MLPS, WDM,
SONET, Carrier Ethernet Optical Transport,
ROADM 3 Degree
Components
Quantity
Discounted Cost
ROADM 3 Degree
3
$
940,800
SONET Demarc
3
$
285,600
Carrier Ethernet Switch
3
$
268,800
Fiber Routers
Total:
<3 sites>
TBD
$
1,495,200
Technology – Zone Based Security Model
MITC
Chelsea
SDC
Springfield
MAIN
Perimeter and Interior Defenses
Firewalls
Firewalls enforce access policies for the data center
and provide a line of defense for data center assets.
Firewalls
Domain Name System (DNS)
Intrusion Detection System
Detects and alerts on possible network attacks,
Passive sniffer, inline bridge, inline Proxy-ARP, inline
router and daily and emergency signature updates
DNSSEC will provide a secure hierarchical naming
system for computers and services
VPN Concentrator/ACE Server
Allows secure remote access with two factor
authentication
Security Incident and Event Management system
*Log Management: Collects, stores, and mines all
network, security, and application information from IT
infrastructures.
* Threat Management: Correlates and detects threats
across heterogeneous network and security
technologies.
* Compliance Management: Delivers comprehensive
validation for compliance and policy monitoring.
Trusted Zone Architecture
Trust Zone Architecture is the base principle of ITD’s
new Information Security Framework. It helps to logically
segment applications in a pragmatic way that optimizes
operations and provides for Confidentiality, Integrity, and
Availability based on certain predefined criteria.
Technology – Capability Matrix
Domain
Efficiency
Network
Unify and Minimize Physical Connectivity
of Multiple Network Functions into One
Chassis
Security
Storage
Systems
Management
Disaster Recovery
Hosting
Consolidates separate security functions
into a centralized security architecture
Consolidation of physical storage and
implementation of new efficiency
technologies
Fully automated integrated services
management with virtual and physical
assets
Scalability
More bandwidth in fewer connection to
multiple hosts
Ability to scale protection of data from
least to most sensitive levels within
centralized architecture
Flexability
Ability to scale efficiently to support
future technology solutions without
re-architecture
Greater adapability to detect and
respond new threat vectors
Greater levels of storage density and
performance standards
Ability to offer multi-tiered storage
with dynamic resource allocation
Enterprise class large scale platform
scaling with the environment
Provides automation platform for
present and future demands
Cost effective DR for any application
Easily grows with quantity of
applications and thruput requirements
Supports any OS, host, data source
with high level of interoperatbility
Optmizes use of system resources in a
high density virtualized model
Dynamically add resources and
applications with no impact to
production
Physical infrastructure is abstracted
from applications managed as
resource 'as needed' model
12
Standards
Category
Standard
Scope
Process
Status
Next Step
VPC
Servers
2 Rack Mountable
Server Vendors
TGB & IT Sourcing Process
with Legal
In Review with TGB
Procurement Issued in
May/June 2010
VPC
Virtualization
Software
Single or 2 Hypervisor
Provider Vendors
TGB & IT Sourcing Process
with Legal
Being developed as part of
Unisys Engagement
Finalization of Standards
post Unisys engagement
in June 2010
Consolidated
DR / SAN
Storage
Consolidation of EMC
Storage for DCC and
MITC
Consolidation procurement with
EMC, & TGB/IT Sourcing
Process, Provide standard for
FY11 Rate Business Plans
EMC proposal in review with
TFG; Coordinating with FY11
rate process
Finalize proposal with
EMC in May 2010,
Identify timing from FY11
rate process
DCI
Network
Lossless Gigabit
Ethernet; Unified
Fabric
TGB & IT Sourcing Process
with Legal
Being developed as part of
SDC program
Meet with vendors to
discuss technology
DCI
Service Desk Tools
Common Platform for
Asset Mgmt, Capacity
Requirements gathering
process with ITD
Being developed as part of
SDC program
Meet with ITD to validate
capacity, cost, scope
DCI
Monitoring
MITC and SDC
server, storage,
network, database,
apps
TGB & IT Sourcing Process
with Legal
Being developed as part of
SDC program
Meet with ITD to validate
capacity, cost, scope
DCI
Enterprise Backup
& Recovery
MITC and SDC
common backup
architecture
TGB & IT Sourcing Process
with Legal
Being developed as part of
SDC program
Meet with ITD to validate
capacity, cost, scope
13