Hardware/Software Deployment Strategies. Introduction to Information System Components. Chapter 1 Part 4 of 4 CA M S Mehta, FCA

Transcription

1 Hardware/Software Deployment Strategies Introduction to Information System Components Chapter 1 Part 4 of 4 CA M S Mehta, FCA 1

2 Hardware/Software Deployment Strategies Learning Objectives Task Statements 1.1 Identify deployment of different components of IT and their functions: Computer Hardware, Operating system software, database management software, application software 1.2 Recognise the configuration of hardware, operating system software, database management software and application software. Knowledge Statements 1.1 Information Technology components of Information Systems Infrastructure and related processes in the context of practical deployment in enterprises. 1.3 Configuration management of hardware, system software, database management software and application software. 2

3 Hardware/Software Deployment Strategies Topics Covered Different Deployment Strategies - Centralised/distributed IT Components of a Data Centre in Centralised CBS environment Configuration Management Hardening of Systems Auditing IS Infrastructure 3

4 Deployment Of IS Infrastructure Business Goals Business Processes IT Services IT Infrastructure Deployment of IT Infrastructure would be directed by business Strategy and involves Acquiring Hardware and Software and its Installation, Configuration, Running, Testing and Customisations. 4

5 What are Different Deployment Strategies? 5

6 Centralised Deployment Strategies Decisions taken at the most senior or central level. There is a Central data base. Applications are deployed on single Hardware Software Platform. Servers are the central level. Single middleware required at central level. All user communication directed to the central point. OS Patches etc. can be deployed from central point. 6

7 Centralised Deployment Strategies Centralisation might be appropriate for System critical for organisation s functioning The system used by many departments Data is drawn from several different sources There are particular technical issues like network design. 7

8 Centralised Deployment Strategy Sharing resources BENEFITS Data used across organisation in one place, Easier to undertake organisation-wide activities. Exchange of hardware, software and staff Full replication for higher availability Achievement of economies of scale Central policy enforcements patch management Better security 8

9 Centralised Deployment Strategies DISADVANTAGES Single point of failure Inflexibility to cope with local changes Increased dependence and vulnerability 9

10 Decentralised Deployment Strategies Databases are distributed to Decentralised Centres Applications are deployed on different Platform. Middleware required at each step. No single point of failure. Policy Administration at decentralised level 10

11 Decentralised Deployment Strategies Decentralisation might be appropriate for The system relevant only to one department. Processing requirements are subject to frequent changes. Where Data is drawn: From existing centrally-managed database, or From a proposed locally-managed database 11

12 Decentralised Deployment Strategy BENEFITS Greater fit between systems and local needs Higher usage of computerised systems Faster system development No single point of Failure Reduced CAPEX 12

13 Decentralised Deployment Strategies DISADVANTAGES Barriers to sharing data Barriers to sharing other resources Latency Local Replication requirements No Central control over patches, version 13

14 What are Information Technology Components In a CBS Data Centre? 14

15 IT Components in a CBS Data Centre Bank s data centre or an IPF (Information Processing Facility) Used to house computer systems and associated components To cater to its information processing needs Has storage, security and communication links. Equipped with: redundant or backup power supplies, redundant data communication connections, environmental controls, and security devices 15

16 IT Components in a CBS Data Centre IT components depend upon: Bank s corporate objectives, Planned service types, Risk management and control mechanism Compliance/Regulatory requirements 16

17 Core Banking Solution Factors affecting selection of IT Components The type of services the solution offers, Response time for customer transactions, Availability requirements of services, Layers of security implemented, and Processes for building customer confidence. Applications requiring interface to CBS may be hosted at the Data Centre. DR & Near Site To meet additional availability requirements 17

18 The IT Components Application Solutions and Services Hardware & OS Components Network and Security Components EMS Components Environmental Components 18

19 Application Solutions & Services Components Applications that are normally deployed in data centre of a bank CBS including Internet Banking RTGS NEFT Integrated Risk Management solution Integrated Treasury Solution Anti-Money Laundering System Asset Liability Management Solution Mobile Banking Automated Data Flow & MIS Data Archival System New Pension Scheme Govt Business OLTAS 19

20 Application Solutions & Services Components Contd.. Web Servers Customer Call Centre Customer Relationship Management Human Resources Management System Data Warehouse Biometric Authentication of branch Users in CBS Second factor Authentication (for Internet Banking Users) Cheque Truncation System and MICR Clearing System Financial Inclusion 20

21 Application Solutions Components Applications not part of CBS requiring an Interface with CBS could be housed in the same data centre or elsewhere. 21

22 Application Solutions & Services Components WAN interfaced with external networks to facilitate Applications ATM Switch Reserve Bank of India s MPLS network and NPCI SWIFT Master/VISA/American Expresses Exchanges National Clearing Cell and Cheque truncation system Utility service network like telephone companies Government Tax Departments Other Govt. agencies like CBEC, DGFT 22

23 Hardware & OS Components Servers/Server Farms Core Banking Servers-HA (High Availability) mode Database Servers- HA Mode Web Servers, , Anti-virus servers Application Servers for other applications 23

24 Hardware Components (Contd.) Servers have redundant power supply Virtualisation of some servers is implemented by banks to achieve: Scalability Reliability High availability for servers 24

25 Some other Hardware Components Storage Tape Library For storage of Data For backups 25

26 Network & Security Components Network design has two distinct zones One caters to the Private Segment (Core Banking Zone) The other the Public Segment (Internet Zone). Each zone has different sub-nets through VLANs 26

27 Network & Security Components Devices installed Core Routers Core Switches ISDN Routers Top of Rack Ethernet Switches Encryption Devices ACS Server Firewalls Internet Routers Intrusion Detection & Protection Systems Two Factor Authentication Security Solutions for , and web. End-Point Security solutions 27

28 Network & Security Components A generic DC/DR Architecture 28

29 Enterprise Management System Components EMS Acts as an interface for the Network Operations Centre (NOC) Used to monitor Servers Network and security components 29

30 Enterprise Management System Components (contd.) Set of hardware and software solution(s) for: Application Monitoring Server Monitoring Network Monitoring Patch Management Asset Management SLA Management Change Management Interface to Helpdesk Module 30

31 Enterprise Management System Components 31

32 Environmental Components Racks- to house all servers and network equipments. Power ducts, cables, LAN (structured cabling) usually running below false floor. Smoke Detection and Fire Suppression Systems Motion Sensors Biometric and proximity card readers 32

33 Environmental Components (contd.) Video Camera Surveillance and Security Breach Alarm systems UPS power conditioning devices Power and Optic Fibre cables Redundant air conditioning equipment Humidity control equipment Diesel storage for power back-up. 33

34 Steps in Configuration Management of IS Components 34

35 Configuration Management-IS Components Identification of all significant components of IT Infrastructure Recording the details of these components in the Configuration Management Database Recording relationships between these components 35

36 Configuration Management-IS Components Configuration Identification Configuration Control Configuration Status Reporting Configuration Audit 36

37 Configuration Identification Process of Identifying the Configuration Items (CI) Items (HW/SW) which are under CM Configuration of components of these Items Configuration, version of these Items Software ( Name, Version, Licence, Configuration, Related Documentation, etc.) Hardware (Type, CPU, Memory etc.) 37

38 Configuration Control Managing Items throughout their life cycle Helps Know Items which are Controlled Process of controlling changes Version Control Who controls these changes Ensures approved version of Items used. 38

39 Configuration Status Reporting Recording and Reporting of all changes in IS Components Status of proposed changes What changes were made and at what time Effect of those changes on different components 39

40 Configuration Audit Verifying the correctness of the IS Components and their Configuration Status Reporting All Items correctly identified All changes correctly registered, approved, tracked and implemented Measures effectiveness of Configuration Management 40

41 How To Harden Systems? 41

42 System Hardening Process of securely configuring computer systems to eliminate as many security risks as possible. This may involve Applying patches Disabling unnecessary services Closing open network ports Setting up IDS, firewalls etc. 42

43 Hardening OS Latest Patches, service packs and hotfixes installed Enable automatic notification of patch availability Set minimum password length and complexity Configure event Log Settings Privileged Administrator root Accounts controlled Disable the guest account 43

44 Hardening OS.. Contd. Disable or uninstall unused services Use the Internet Connection Firewall Configure file system permissions Configure registry permissions Install and enable Security Suite Encryption of Drives used for Laptops 44

45 Hardening OS Contd. Configure a screen-saver to lock the console's screen automatically Set a BIOS/firmware password to prevent alterations in system start-up settings Configure the device boot order to prevent unauthorized booting from alternate media Use Vulnerability Assessment tools like Microsoft Baseline Security Analyser or Bastille Linux 45

46 Risks and Controls in Deployment of IS Infrastructure 46

47 Risks in deployment of IS Infrastructure Improper design Disruption of services- Security Breaches- Poor response times- 47

48 Controls in deployment of IS Infrastructure Proper site selection Disruption preparedness Proper NOC for network monitoring and control Security solutions Tested applications EMS and monitoring 48

49 Auditing IS infrastructure 49

50 Auditing IS Infrastructure Audit all Hardware and software to assess Hardware list with configurations available Check whether hardware in accordance with computational requirements Environmental controls for Hardware Effective hardware maintenance to reduce downtime Operating system has been hardened Proper Access Controls operational for Operating Systems Backup systems hardware, software, data sets for disaster readiness 50

51 References iguration_guides/operating_systems.shtml

52 Hardware/Software Deployment We have learnt about Strategies Different Deployment Strategies - Centralised/distributed IT Components of a Data Centre in Centralised CBS environment Configuration Management Hardening of Systems Auditing IS Infrastructure 52

53 Hardware/Software Deployment Strategies Thank You 53