1 City of Coral Gables Information Technology Department IT TECHNICAL SUPPORT DIVISION Infrastructure Upgrade Plan Systems, Applications, Network, and Telecommunications Infrastructure OVERVIEW Last revision: September 2011
2 INDEX Plan Goals for Systems, Applications, Network, and Telecommunications Initial Objectives and Projects Managed for the Proposed Infrastructure Improvements: o Network, Transport, and Security o Telecommunication Services o Mobile Units o Servers, Storage, Virtualization, and Databases o Applications o Disaster Recovery and Backups o Clients o Policies and Standards o Research and Development
3 PLAN GOALS FOR SYSTEMS, APPLICATIONS, NETWORK, AND TELECOMMUNICATIONS: Save costs in infrastructure operations and maintenance. Maintain and improve the quality of service for internal and external users. Provide the necessary infrastructure resources and capacity for existing services and applications, and provision for planned enhancements and projected growth. Improve resiliency and high-availability of services during disasters and emergency events. Guarantee compliance with industry, federal, state, county, and city standards, best practices, rules, and regulations. Provide adequate technology solutions to new requirements and challenges from internal and external users. Leverage existent and new technology to increase efficiency for the entire City. Improve operations, maintenance, research, and development through standardization, automation, and optimization of processes and INITIAL OBJECTIVES AND PROJECTS MANAGED FOR THE PROPOSED INFRASTRUCTURE IMPROVEMENTS: NETWORK The City s network throughput, speed, and capacity will continue supporting the increasing demands from virtualization, centralized storage, disaster recovery, enterprise applications, and all internal and external users. All City network equipment will be in optimal performance conditions, and will be covered by up-to-date maintenance support and warranty. The City will continue to have diverse ISP providers with enough Internet bandwidth capacity for internal and external users and applications, and high-availability functionalities, to automatically route services to alternate providers when one of the connections is compromised. All computer devices plugged in to the City s network will be automatically scanned and assessed for compliance with network security policies. Compliance needs to be automatically enforced, to prevent unauthorized access and security threats. All network devices need to be adequately protected against intrusion, hacking, malware, and other security threats with up-to-date enterprise security systems. All city buildings, remote locations, and live extranet sites will continue to be connected to the City s fiber or/and Metro-E network with adequate bandwidth, security, and network electronics. City staff and services on those locations need to have high-speed access to city enterprise network resources, applications, and policies. All city network connections will have high-availability and survivability via alternate routes, to be able to promptly guarantee connectivity and business continuity in case of link outages. All critical network systems (electronics, connections, servers, applications) will be monitored 24/7 by an automated centralized Network Management System. All alarms and performance problems will be immediately and automatically reported to IT staff, to avoid impact on production systems, and prevent downtime. Status of the
4 entire IT enterprise network can be remotely monitored by Network Operation Center (NOC) and management staff. The city will continue reducing maintenance and operating costs on network All client and server operating systems, malware protection systems, and enterprise filters and security appliances are automatically kept up-to-date with latest security updates, patches, hotfixes, definitions, and other frequent update releases. Upgraded the network core at PSB and the NAP to a 10Gbps capacity and enough ports to handle all the requirements. Projects: Network Upgrade Project. Implemented network load balancing, firewall clustering, and BGP routing at the core, and upgraded the ISP connections. Projects: BGP Implementation. Increased the Internet bandwidth at the NAP, and lower costs by replacing the existing service plan by one with competitive price per Mbps. Projects: ISP Upgrade. Acquired and implemented the required switches to connect the remaining City remote locations and manage the wireless network. Projects: Network Upgrade Project. Started implementation a hub-and-spoke Metro-E network for the 6 main city locations (CTH, PSB, FAC, YTH, Economic Sustainability Dept., and NAP) to back up the fiber network connections, and guarantee business continuity in case the fiber or the main datacenter at PSB are compromised. Projects: Metro-E Network. Started implementation of the wireless point-to-point links on identified available city locations, to provide additional levels of protection and high-availability of connections via links owned and controlled by the City. Projects: Wireless Point-to- Point Network. Upgraded the wireless and mobile network. Projects: Mobile Network Upgrade. Purchased additional licenses for the NMS system, to monitor all the servers in the network. Projects: Network Management System. Upgraded End-point protection, Network Access Control, and WSUS. Projects: Security Upgrade. Improved and optimized the City s and Web filters. Projects: Web and SPAM Filters Upgrade. Upgraded and standardized all domain controller servers. Projects: Server Upgrade. Implemented Windows Server Update Services (WSUS) as part of the MS System Center, to allow automatic OS updates to all clients and servers. Projects: WSUS implementation. Network core upgrade Internet routers Remote Switches Additional NMS client licenses TELECOMMUNICATION SERVICES The City s telephony infrastructure will be standardized to Voice over IP (VoIP) technology, at the network and client side. All desktop phones will be IP phones connected to the City s enterprise VoIP system, controlled by distributed Call
5 Manager servers, with centralized management Existing legacy TDM infrastructure will be used for backup or redundancy purposes only. The City will leverage the VoIP enterprise platform to provide advanced features such as Unified Communication (UC), Automatic Call Distribution (ACD), Interactive Voice Response (IVR), Presence, Meeting Express, WebEx, and other added value that will allow cost savings and improved services for internal and external users. The City cellular phone, PDA and air card users and client devices will have adequate plans, bandwidth, service coverage, and required functionalities for the job. The city will reduce maintenance and operating costs on telecom services and Acquired 3 servers for UC features. Projects: Network Upgrade Project. Deployed additional survivable Call Manager servers Acquired and installed 1 voice gateway for Museum. Compared carriers and plans for mobile device users, and upgraded/deployed the best cost-effective solutions. Servers for UCS suite Voice Gateway MOBILE UNITS All mobile software updates will be automatically applied to the public safety and field inspections mobile units via the Wi-Fi secured network. All city mobile units will be network domain clients, and will be subject to enterprise network policies and standards. All Public Safety mobile units will comply with new and upcoming more strict security regulations from FDLE and Homeland Security. All city mobile units will have adequate hardware, software and connectivity to support functionality, network, security, and application requirements. The city will continue reducing maintenance and operating costs on mobile fleet Upgraded the mobile communications network. Projects: Mobile network Upgrade. Created and started deployment of standard images for mobile clients that include latest OS and domain client setup, wireless communication setup, advanced authentication, and end-point protection. Started the enterprise implementation of biometrics advanced authentication. Projects: Two-Factor Authentication. Mobile computers, brackets, and advanced authentication devices. SERVERS, STORAGE, VIRTUALIZATION, AND DATABASES All enterprise servers will continue having adequate hardware and software capacity, including memory, CPU, speed, storage, and OS, to support applications, network and users demands. All servers will continue having adequate security protection and OS definitions. All servers have be centrally managed, and automatically supervised 24/7.
6 All servers have to be under adequate maintenance support. All servers that can be virtualized as per best-practice criteria will be virtual machines running in a centralized virtual environment. All virtual machines will have highavailability and survivability, and will automatically move to another physical host machine in case of a hardware failure. All critical virtual machines will be able to automatically recover in a colocation datacenter in case of a major disaster affecting the main datacenter at PSB. All enterprise databases and virtual machines have to be stored in a centralized highspeed robust and reliable SAN system that will have data replication capabilities with the colocation site. All user and departmental files have to be stored at a centralized NAS system, with high-availability and daily on-site and off-site backups. The City Network has to continue having reliable and robust centralized storage systems with enough capacity to accommodate current requirements from systems, applications, and users, and to provision projected growth and disaster recovery replication and backup. All server databases, virtual machines, and application files have to reside in the centralized storage systems, for best-practice and high-availability purposes. All applications databases need to be centralized in SQL database servers, to improve control, performance, and cost savings in licenses. The city will continue reducing maintenance and operating costs on systems Servers upgraded and standardized. Projects: Server Upgrade. Servers that have been selected for virtualization based on best-practice criteria were virtualized. Projects: Virtualization. Decommissioned legacy servers, migrated all the applications and data to the SAN, VMWare, and other servers. Projects: Server Upgrade. Cluster database servers upgraded and standardized. Upgraded Terminal Server farms for cloud-based applications, and provisioned additional capacity as needed. Standardized all printer servers. Virtualization platform upgraded, to increase the network throughput of the virtual servers. SAN expansion at PSB: 48TB SAN Additional NIC cards for the Virtualization host servers. Network core throughput enhancement already covered in the network section. APPLICATIONS Enterprise applications will be deployed as thin clients (Web-based, SaaS, RemoteApp, and other supported deployment methods) as much as possible, to improve speed, standardization, maintenance, deployment and updates, and cost savings. All City software applications will continue under adequate maintenance support. Al City applications will continue running the adequate up-to-date versions of the products, with latest recommended updates and definitions, covered by the respective maintenance agreements.
7 The City departments will have access to adequate applications and systems to avoid repetitive or obsolete manual processes, implement paperless electronic processes, e- Commerce, and improve efficiency and accountability. The city will continue reducing maintenance and operating costs on applications and licenses. and Archive system were upgraded. Project: Systems Upgrade. Customer Relationship Management (CRM) system upgraded. Projects: CRM System. Completed implementation of several ERP Web extensions Modules: CR, AP, AR, Li, AT. Projects: ERP Web Extensions. Implementing technical components for Parking system. Projects: Parking System. Implemented technical components of Granicus for City Clerk and CGTV live and on-demand streaming video, and Flash Media Server for other City internal ondemand video publishing needs. Projects: Granicus. Implemented technical components of License Plate Recognition system and biometrics system. Projects: LPRS and Biometrics. Implemented RFID systems. Projects: RFID. Upgraded internal and external Web portals and systems were enhanced and upgraded. Replaced legacy software systems with adequate and cost-effective technologies. Parking system CRM system Discovery manager DISASTER RECOVERY AND BACKUP All enterprise critical live data, including databases, application data, and user and departmental files, needs to be replicated in real time to the off-site colocation datacenter, for high-availability and disaster recovery capabilities. If any critical data is compromised, the City will have the ability to recover it in less than one hour from the DR replication site. All City enterprise data will be backed up to disk on-site, and automatically replicated to the off-site colocation, to guarantee high availability of data backups, and to comply with regulations requiring off-site data backups. Mission-critical Enterprise Applications will continue having survivability at the offsite colocation site. If a critical application server experiences a fatal failure, a DR server and all the latest application data will be immediately available at the colocation site. In the case of a major disaster that compromises the main City datacenter, the City will be able to operate with latest critical data, applications, and backups from the Disaster Recovery site, using available alternate connections, or Internet VPN access. The city will reduce maintenance and operating costs on data backup processes. DR network, server virtualization and storage infrastructure was implemented at the DR colocation site. Projects: DR. Configured data replication between datacenters and DR site. Projects: DR.
8 Throughput and storage enhancements already included on Network, Storage and Backup sections. CLIENTS All city computer clients will continue to be subject to enterprise network policies and standards. All city computer clients will continue to have adequate hardware and software to support functionality, connectivity, security, and application requirements. The city will continue reducing maintenance and operating costs on network client Created and deployed standard images for the network client desktop computers, with adequate software and OS configuration for services and applications, with all IT standards and best practice policies for clients. Projects: Computer Clients Upgrade and Standardization. Deployed thin-client applications that will require less hardware capacity in the clients. Projects: Applications Upgrade and Standardization. Not at this time. POLICIES AND STANDARDS All city client computers, devices, and peripherals will continue following standards for compatibility and compliance with industry, federal, state, county, and city policies, regulations, and best practices. An official document for IT security policies needs to regulate the acceptable use of Information Technology in the city. IT Standards and Policies. Master knowledge base for IT maintenance procedures and controls. Projects: Intranet Web Portal Reengineering project; IT Knowledge Base Project. RESEARCH AND DEVELOPMENT o Vision: New technologies available in the market and the industry that have the potential to bring value and cost savings to the city, or may become industry standards or leading trends, will be evaluated at no cost for the city. The City will have homegrown application servers and development environments for both Intranet and Internet online services. Evaluated client virtualization products. Evaluated and implemented a pilot for Intranet collaboration portal with an open source free Wiki-type of platform. Evaluated software products for City departments business process needs, and leverage existing software agreements. Evaluated cloud computing and hosted solutions with the potential to replace internal systems and bring cost savings and value. Evaluate mobile client devices such as tablets and their viability to run enterprise applications and replace legacy hardware at a lower cost with added value for the users.
9 Created multiple homegrown applications in a development environment for Internet and Intranet applications that provide services on the clients and on the Web. Projects: IT Dashboards, EARS, Passport transmittal system, Lobbyists Registration system, EARS system, Parking decal system, Records management homegrown systems, List server system, and several other homegrown applications.