Shared Services Canada Data Centre Consolidation Platform & Infrastructure Services Industry Engagement Day July 17, 2013 1
Industry Engagement Day: Key Messages Engaging with others outside our institution other levels of government, industry, academia, non-governmental organizations, and individual citizens is also essential to our work. These diverse partners can help to identify and implement practical, effective solutions that get results. We need to develop our policies, programs and services with people, not just for them. Source: Twentieth Annual Report to the Prime Minister on the Public Service of Canada The strategic outcomes for Shared Services Canada (SSC) are to generate savings, increase security, and improve service Strategies to achieve these outcomes include consolidation, standardization, and transformation, including development of sourcing strategies and incorporating security by design strategies With regard to sourcing strategies, SSC Transformation will engage industry to explore options to implement these strategies and achieve its desired outcomes 2
Industry Engagement Day: Objectives Share plans with industry suppliers and engage in a dialogue regarding Data Centre Platform and Infrastructure services and Service Delivery Options Explain the proposed Collaborative Procurement Solutions approach Solutions approach Address Supply Chain Cyber Security Threats Elicit feedback from industry on Service Delivery, High havailability, Contract Period and Pricing Options 3
Industry Engagement Day: Agenda TIME SPEAKER DESCRIPTION 09:45 09:50 09:50 10:15 10:15 10:45 TBD MC Benoît Long SADM, Transformation, Service Strategy & Design, SSC Peter Littlefield DG, Data Centre Consolidation Program, SSC 10:45 11:00 Break 11:00 11:30 11:30 12:30 12:30 12:45 12:45 13:00 Stéphane Richard Senior Director, Information Technology Procurement, SSC Patrick Mountford Director, Cyber Security Strategy, Cyber and IT Security Transformation Program, SSC Carey Frey Director, IT Security Strategic Relationships Office, Communications Security Establishment Canada TBD and Speakers MC Peter Littlefield DG, Data CentreConsolidationProgram, Consolidation SSC Opening Remarks & Objectives SSC Transformation Overview Data Centre Platforms & Infrastructure Overview Collaborative Procurement Solutions Approach Supply Chain Integrity Questions and Answers Recap / Closing Remarks 4
Shared Services Canada Data Centre Consolidation Industry Engagement Day Transformation Overview Benoît Long Senior Assistant Deputy Minister Transformation, Service Strategy and Design Shared Services Canada July 17, 2013 5
SSC Background / Context 2011 Budget A New Organization with an IT Focus STANDARDIZE Raison d être Reduce costs Improve Security Maximize Efficiencies Minimize Risks CONSOLIDATE RE-ENGINEER 6
Strategic Vision and Principles The Government of Canada will consolidate data centres and networks, transform telecommunications services, centralize their administration, and rationalize service delivery to achieve greater efficiencies, reduce costs, minimize risks, and improve security and service quality IMPROVE SERVICE QUALITY Improve levels of service and security for all Modernize infrastructure and platforms Increase system availability, reliability, robustness and scalability Reduce dependence on physical location Implement ubiquitous personal mobility MINIMIZE RISKS Fewer, better quality facilities Increase information security Power supply diversification Centralize planning and recapitalization Address aging IT infrastructure Examine industry investment and risk sharing SSC MAXIMIZE EFFICIENCIES Consolidate and converge to reduce duplication of infrastructure Standardize infrastructure and operations Determine appropriate level of private sector engagement Make effective use of shrinking IT labour force ADDITIONAL BENEFITS Significant environmental benefits Reduce power demand Reduce greenhouse gas emissions (cleaner power); reduce e-waste Enable Workplace 2.0 Reduce travel costs (videoconferencing) 7
Transformation Objectives SAVINGS SERVICE SECURITY Transformation will realize material cost savings and avoid future costs. Transformation will match service levels to partner and GC priorities. iti Transformation will provision a secure environment to meet program needs. 8
SSC s Transformation Initiatives EMAIL Nov 2011 Jan May 2012 June 2013 Oct 2013 April 2015 DATA CENTRES 2012-2013 2013-2020 TELECOMMUNICATIONS 2012-2013 2013-2020 Engag gement Key Stakeholders Ministers Inter departmental Advisory Committees (IT Business Transformation) CIO Council 43 Partner organizations Unions Industry Inter departmental Working Groups: Security Policy and Standards Functional Business Requirements Transition Operational & Service Mgmt Information Mgmt Forums / Events Chief Information Officer Council (CIOC), CIO Forum DPI, GTEC Executive Summit Heads of IT meetings Industry Launch and closure of procurement process; engagement of industry based on sourcing strategies 9
Current State of Data Centres and Networks Building Building Building Building LAN 2 Dept. B Dept. A: small data centre LAN 1 Dept. A LAN 2 Dept. B LAN 3 Dept. F LAN 4 Dept H LAN 5 Dept. Q Dept. F: small data centre LAN 6 LAN 7 485 data centres Dept.F:small data centre LAN 3 999 LAN 4 000 50 wide area WAN 1 WAN 2 WAN 3 WAN networks (WAN) 50 Dept. A: large data centre Dept. H: small data centre. LAN 4 Dept. H LAN 5 Dept. Q LAN 6 Dept. Q: small data centre LAN 7 LAN 6 Dept. B: small data centre LAN 7 4 000+ local area networks (LAN) Dept. D: small data centre LAN 6 LAN 7 Building Building Building Building Building 10
Data Centre Vision: From To Perspective Key Elements FROM TO (TBC) Components Facilities IT Infrastructure Number of Data Centres Power Density Footprint Servers Computing Platforms Mainframe Storage 5 Tier 3 3 Tier 2 136 Tier 1 3060 Non-tier 30 W/sq. ft. 591 000 sq. ft. IT Space 123 000 sq. ft. M&E 395 small (100-999 sq. ft.) 68 medium (1000-4999 sq. ft.) 22 large (> 5000 sq. ft.) Additional 2,718 locations with servers 63,754 total servers: 23,424 physical, 40,220 virtual Includes 1,860 non-standard systems 73% virtualized (Wintel); 53% virtualized (Lintel); 59% virtualized (Unix) 30% of servers older than 5 years Processor architecture distribution is 95% x86 and 5% RISC 71% Windows, 15% Linux, 6% Hypervisor, 5% Unix, 3% other legacy OS IBM z/os + z/linux = 16+5 DR; 146 LPAR; 73,000 MIPS Unisys MCP = 5+1 DR; 10 LPAR and 10,000 MIPS Volumes : 36 PB SAN/NAS, 130 PB off-line; 34 PB directattached storage in Midrange Various enterprise, midrange, workgroup SANs and NASs (HDS 26%, IBM 23%, EMC 18%, HP 14%, NetApp 9%) < 10 Tier 3 > 100 W/sq. ft < 180,000 sq. ft. < 40,000 > 70% virtualized Standardized on few platforms: Wintel high and std. availability (HA & SA) Lintel (HA, SA) z/os (HA, SA) High-performance computing SAN/NAS, consolidated and standardized 30% organic growth per year 11
Target End State Cyber Threats Allies (+International) Target end state: t Target end state: Less than 10 data centres Internet Streamlined networks Established in pairs for Virtual Connecting 377 000 Private redundancy Cloud public servants to each Mostly private sector- other and to Canadians owned Canadians Linking 3 580 GC- Businesses Most outside of the Governments occupied buildings National Capital Region Key components include: First pair: Development GC Network Single enterprise-wide data centres Regional and International Carriers network with enhanced (377 000 users; 3,580 buildings) GC-owned Macdonald- Public Servants capacity and robustness Cartier in Ottawa GC Offices Ultra high-speed, no fail Bell Canada in Gatineau connectivity between data centres Second pair: First set of Production X Production Y Greater, more secure production data centres Internet connectivity GC-owned facility on the Streamlined and Canadian Forces Base Business Continuity i wireless telecom (CFB) Borden infrastructure inside Site located within 100 km Sensitive Data Enclaves buildings of Borden Voice services (VoIP) Next pair(s): Next set of (wired and wireless) production data centres More desktop If required (to be videoconferencing i Development confirmed) services Located outside of NCR Supercomputer Contact Centre and ON Infrastructure Services Specialized Enhanced security supercomputing p facility through consolidated security services and increased perimeter security Enhanced Enterp prise Security 12
Phased Implementation SSC will implement the Data Centre and Telecommunications Transformation Plan in three phases. Phase 1 (2013 2014): 2014) Phase 2 (2014 2015): 2015) Phase 3 (2015 2017): 2017): By 2020: Foundational Services sourcing Final data centre Full Implementation infrastructure infrastructure First development pair of data centres First production pair of data centres Contract(s) () for enterprise network Procure data Final pair(s) of Complete the centre and production data migration and close network services centres (if/as required) the last legacy data centre Migration (2013 2020): Migrate applications to the new data centres and GC-occupied buildings to the new network, and close legacy data centres Full consolidation of data centres and networks will take seven years to complete. Savings, security enhancements and service improvements will be realized from the outset. 13
Transformation Timeline Sep.2012 Dec. Mar. 2013 Mar. 2014 Sep. 2016 2018 2020 Step 1: CurrentState Step 2: Requirements SSC is following a proven methodology for transforming IT infrastructure Step 3: End State Step 4: Plan & Procure Step 5: Execute Wave 1 ( ) Manageable Projects Detailed Plans Step 5: Execute Wave 2 ( ) Step 5: Execute Wave 3 Program Management: Project Management, Reporting, Communications, Governance, Stakeholder Engagement, Finance ( ) 14
Transformation Phased Approach Produce detailed Current State asset & Produce detailed Current State asset & application information Develop detailed Partner req mts. P d R f A hit t Produce Reference Architecture Establish Core Services roadmap Develop Migration Factory approach Define Consolidation Sequence Competing factors Determine sourcing strategies Develop Security by Develop Security by design Business cycles Application refresh plans Overall readiness Overall readiness Develop Consolidation Priority List (CPL) Conduct Procurement (incl. P3, etc.) Establish enterprise Data centres & GCNet Build new Operations Build new Operations organization Core Services in Place Establish all ITSM tools & IP DNS ITSM processes ICAM DHCP AD Build migration and receiving teams Install & configure new infra. Perform Quality Control Assist Partners in the migration of all business applications business applications Close ( shred ) data centres as they are vacated UNIT OF TRANSFORMATION WORK: Define org. structure Define migration & Define migration & receiving teams Develop HR Mgmt & Talent Plans Projectize by priority / CPL Identify application inter dependencies & infrastructure reqmts Align network consolidation plan with data centre & application migration data centre & application migration reqmts DCC: TTP: Server Building 15
Application-Centric Approach To Planning/Execution Overall planning and execution framework is based on an application-centric approach Project for each server or suite of servers (1,000 s) 14,020 applications on 63,644 servers in 485 data centres and 2,718 other locations Data Building Centres Floor Partners Servers Application 16
Overall Transformation Approach Architecture Facilities Security Storage Platforms Applications (App.) Foundational Elements Data Centres Deploy Servers Networks (WAN, LAN) Supply Chain for Servers and Storage Plan Procurement 9. App. Port Acceptance 10. Remove / Dispose of Project 8. Test, Test and Test! 7. Schedule With App. Teams 6. Configure Destination Environment Smart Sequencing 5. Migration Plan and Targeted dapproach 4. Applications Inventory, Detailed Business Plans 2. Facilities 3. Current State Asset Inventory 1. Server Documentation and Dependencies 17
Overall Transformation Approach (cont d) Dev1 Prod1 & 2 Simple Moderate Complex Dev2 Prod3 & 4 Dev1 use existing Bell contract Update Prod1 (P3); new space contract for Prod2 Wave 1 Migration; multiple bus routes Upgrade Dev2 Wave 2 Into full Prod1 and Prod2 Prod3 and Prod4 Wave 3 Migration to all Prod DCs, particularly Prod3, Prod4 Bus routes will exist for different types of servers; multiple lines of transformation (as in manufacturing) will provide partners with multiple options to migrate their applications; after two - three stops, applications MUST be moved, even if moved to temporary Quarantine Zones (QZs) 18
Business Requirements Support a wide variety of federal government programs and applications ranging from corporate file stores and routine data exchanges, to real-time government-wide mission-critical military, policy, health and public safety information Enterprise infrastructure and service management to eliminate silos and facilitate interoperability across departments and agencies Reduce duplication and inefficiencies Ensure high availability for mission critical applications Standardize service levels to ensure a consistent delivery and availability of Data Centre services across all SSC partners and agencies Minimize cost to manage service Security: Supply must meet the Trusted Supply Chain Requirements ( identified in the Supply Chain Integrity presentation to follow) 19
Functional Requirements Supplier diversity (primary/alternate and/or multiple primary) Built-in, on-going competition to ensure best value, continuous improvement and innovation Open standards to allow for workload mobility / portability across suppliers Certified compliance and compatibility with SSC reference architectures Maximum pre-configuration and integration pre-delivery No Shopping list / retail procurement vehicles Innovative financing and commercial terms Just-In-Time capacity Self-service / self-provisioning Frequent market checks to take advantage of technology, economic or market shifts Provisions for annual price competition to ensure best value to Canadaada Secure multi-tenant environment (GC Domains & Zones) 20
Procurement Timeline to Contract Award Industry Day & 1-on-1s Post RFIs and RFREs Close RFP Contract Award Post RFP RFP Evaluation 2013 2014 Jul 17-26 Aug - Sep October December February INDUSTRY ENGAGEMENT RFRE & RFP DEVELOPMENT RFIS RFRE REVIEW/REFINE REQUIREMENTS (RRR) March Apr - May SOLICITATION June 2014 2014 IMPLEMENTATION The Collaborative Procurement process (identified above) will be explained further in the following Collaborative Procurement Solutions Approach presentation Supply Chain Integrity (SCI) verification will be conducted during the RRR to ensure all IT Products meet Canada s security and supply chain standards; more detail will be provided in the following Supply Chain Integrity presentation 21
Stakeholder Engagement: IT Infrastructure Roundtable 22
Stakeholder Engagement - AFAC Architecture Framework Advisory Committee (AFAC) was launched in October 2012 and includes a core group of members from ICT Industry and SSC Transformation Overview Cloud Computing/ Platforms Converged Communications ICAM Oct. 11, 2012 Launch of AFAC Architecture Framework Advisory Committee (AFAC) 23
SSC Transformation Overview: Recap & Questions Questions? (for Suppliers only) 24
Shared Services Canada Data Centre Consolidation Industry Engagement Day Data Centre Platforms & Infrastructure Peter Littlefield Director General, Data Centre Consolidation Shared Services Canada July 17, 2013 25
Goal and Objectives Goal of Data Centre Services: Standardise and consolidate the GC s IT infrastructure and platforms while meeting SSC Partners common service requirements Today s Objectives: To outline current thinking related to what data centre services will be provided by SSC To describe SSC s proposed standard platforms and infrastructure and begin pre-procurement procurement engagement with industry on service delivery options 26
Platform & Infrastructure Objectives Standardization Rationalize and consolidate like functions to standard specs. Lower overall cost to GC of engineering and support Find IT commodities and apply smart-sourcing principles to them Cost efficiencies Consistent service behaviours Increase: Automation Service elasticity Service delivery consistency Security 27
Approach Leverage Current State Assessment of Partners, Industry Trends and GC IT Services Profile Define target Data Centre Services to initiate the collaborative process of identifying and aligning to common service requirements Define detailed service offering & request specifications to drive procurement and development of Data Centre Services Activate the Catalogue when Data Centre Services are available for deployment 28
Improve Service Value & Delivery Standard Common Services + Standard Service Options + Standard Service Level Tiers, minimizes technology variance and IT effort, while providing flexibility to customers Business Value Business Outcomes Performance Delivers Business Outcomes Performance Delivers Vl Value Business Resources Outcomes Business Business & Performance Outcomes Capabilities Resources Delivers Business Outcomes & Common Denominator Business Capabilities Resources & Outcomes Operations Business & Operations Capabilities Business Unit Resources Business & Capabilities Operations Business Operations Business Processes Standard DC Services Deliver Value & Efficiency (ITIL Core Services) Satisfy Common DC Service Req ts Data Centre Services DC Customer Facing and Supporting Services are included in the overall SSC Service Catalogue & SSC Service Portal + + + Standard Service Options Provide Feature Flexibility (ITIL Enhancing Services) Satisfy Popular Service Requirements Standard Enhancing Service Package 1 Standard Enhancing Service Package 2 Standard Enhancing Service Package 3 + + + Standard Service Level Tiers Provide Performance Options (ITIL Service Levels) Satisfy different Service Level Needs Standard Tiered Service Level Pkg 1 Standard Tiered Service Level Pkg 2 Standard Tiered Service Level Pkg 3 All Partners 29
Proposed Data Centre Services DC Partner / End-User Facing Services Application Hosting Database Hosting Data Warehouse Hosting High-Performance Computing File Service (GCDrive) Distributed Print Service DC Enabler Services Compute & Storage Provisioning Virtual Desktop Infrastructure Backup / Recovery Service Data Archival Service Facilities Management Remote Admin Service Bulk Print Service Standard d Development Environment 30
Proposed Tiered Service Levels Service Parameter Development Standard Enhanced Mission Critical Hours of Operation 7x24x365 7x24x365 7x24x365 7x24x365 Hours of Support 5x12 5x12 7x24 7x24 Dev Support Services with Continuous Monitoring Availability 99.5% < 44 hrs. Annual Outage Service Continuity Intra Data Centre High Avail. (lifecycle environments to match Production) Standard Support Services with Continuous Monitoring 99.8% Available < 18 hrs. Annual Outage Enhanced Support Services with Continuous Monitoring 99.9% Available < 9 hrs. Annual Outage Critical Support Services with Continuous Monitoring 99.9% Available < 9 hrs. Annual Outage Intra Data Centre High Avail. Inter Data Centre High Avail. Inter Data Centre High Avail. Inter Region Disaster Recovery 31
Data Centre Element Framework 4. Security 5. Management & Ops. 6. Business & Applications Security Operations Centre (SOC) a part of Cyber Strategy Integrated intrusion protection, patch mgmt. and incident resp. Data Centre Operations (Level 1 support; part of NOC) IT Service Management Service Strategy t & Transition Management Layer Corporate Services IT Services Partners business needs 3. Computing Platforms Standardized Mainframe, Wintel, Lintel platforms to meet 90% of needs Standardized database software and select middleware Factory-engineered to SSC s specs. Security Pr rogram Manage ement (ITSM) IT Service Mgmt. Operations (People, Process, Technology) Applications DBMS, Middleware (Web, Application, etc.) System Software (OS, Management, Virtualization) Server Storage Network Floor Space Power Cooling Enterprise Data Centre (Facilities) 2. Infrastructure Storage and network abstracted from applications and users Virtualized servers and storage for most efficient utilization Converged or component infrastructure Tight integration ti with platforms 1. Facilities Most visible element of DCC Buildings plus specialised mechanical and electrical systems 32
Proposed End State - Platforms Meet >90% of platform needs with standardized Linux, Windows (growth platforms), and z/os (sustainment platform) Standardized application, database, and middleware platforms Standardized and published release and support schedule and roadmap (n-1, n, n+1) Standardized Service Catalogue and Service Levels Highly automated deployment and management Reduced administrative costs On demand, self service, shared infrastructure Infrastructure (storage, servers and network) abstracted from applications and users in resource pools Measured service for most efficient utilization Adaptable, secure, standards based 33
Platform Technologies Directions Technologies whose disposition will be determined over the coming months TBD Linux on System z Sustain z/os Technologies that will be maintained at current business volumes, with organic current business growth; no new business or workloads will be directed here Technologies where investments will be made, transformation will focus, and new business and workloads will be directed Grow Windows Linux on x86 Sunset HP-UX MCP AIX Solaris Technologies which will be phased out over the course of the transformation; workloads will be migrated to Grow platforms 34
Platform Technologies Example Use Cases GROW Example Use Cases Windows Linux z/os Application Hosting Enterprise Resource Planning Document Management Collaboration Virtual Desktop / Thin Client File Services Database / Data Warehouse 35
Proposed Platforms Interim Platform / Initial Release Proposed at End State Windows Windows Server 2012 Windows Server Operating System Hyper-visor DBMS Linux x86 Commercially supported Non Commercial Linux x86 SUSE 11.2 or REHL 6.x SUSE Linux for zseries Commercially Supported; determined via a Competitive process Non Commercially Supported (?) Non-commercially Supported (?) VMWare vsphere 5.1 Windows Server 2012 Hyper-V Commercially Supported; determined via a Competitive process NA Non-commercially Supported (?) Oracle 11G R2 / Linux MS SQL Server 2012 /Windows Server 2012 Commercially Supported; determined via Competitive process MySQL (?) / Linux Non-commercially Supported (?) System z IDMS, DB2 Commercially Supported determined via Competitive process Web Application Platforms.Net IIS v8 /.Net 2012 IIS v8 /.Net 2012 (?) Java Weblogic 12C / Websphere 8.0 & 8.5 / Linux LAMP (?) LAMP (?) Commercially Supported; determined via a Competitive process Support of standard platforms will be restricted to three versions: n-1, n, n+1 36
Service Catalog: Service Offering Creation Create Service Template: The definition of software components and the communication paths between them: i.e. Web, Middleware, Database S M L Servers Networks GC Cloud Storage Option 1 Option Option 2 1 Option Option 3 Option 2 1 Option Option 3 2 Option 3 Specify Deployment Models: One or many different deployment sizes for deploying the Service Template, i.e. Small, Medium, Large Define Service Options: A set of configurable options associated with a Service for users to select at request time, i.e, Storage, Retention, Location, Service Level Create Service Offering: Requestable services, with costing, entitlement, and change approval configured are aepaced placed in the eonline Catalog 37
Data Centre Architecture Vision To provide a set of defined target services coupled with advanced features of the underlying infrastructure to: Provide a dynamic, Just in time computing environment that meets the varied application and data processing needs of SSC Partners on an on-going basis Establish a software continuum built up from elementary services through to full programmability and promoting a common application delivery model Adapt and evolve over time in a manner that aligns with an ever-changing technological and market landscapes without incurring any penalties due to decisions made Leverage virtualization to drive consistency and standardization across platforms, thereby reducing overall complexity and related costs Support service model deployment innovation and cost savings through private sector engagement 38
Target End State Enterprise Security All departments share one Operational Zone Domains and Zones where required Classified information below Top Secret Balance security and consolidation Consolidated, controlled, secure perimeters Certified and Accredited infrastructure Service Management ITIL ITSM Framework Standardized Service Levels/Availability Levels Inclusive of Scientific and special purpose computing Standardized Application and Infrastructure Lifecycle Management Smart Evergreening Full redundancy within data centres, between pairs, across sites Enterprise e Security Several, highlysecure Internet access points Regional WAN Accelerators Production Prod1 A S B Protected Data A Protected A B V.Conf. Bridge Protected B Prod2 U C Protected C HPC Classified Data C Confidential S Secret S B Sci1 Public Cloud Services File/ IP PBX App. Email Print Data Centre Core Network Domains & Zones WAN Node Virtualized Services Web Database Internet PoP Internet t B2G C2G GCNet Service Level G2G Regional Carriers (3,580 buildings) Th.Client VDI Service Level Workload Mobility Development Dev1 Dev2 Stand alone centre for GC supercomputing (HPC) e.g. Weather x86 x86 Sys. z Any Virtualized Platforms Virtual Private Cloud International Carriers Web / App / DB Containers Linux Web / App / DB Containers Windows App / DB Containers z/os Special Purpose / Grid / HPC Operating System Production Prod3 U U B Application Service Levels Standard Enhanced Mission Critical Prod4 U Application Migration Standard platforms and product versions Migration guidance Committed timeline for product evolution GC Private Domain SAN U C Virtualized Storage On line Tier 1 Near line Archive Off line / Backup NAS Tier 2 Tier 3 Service Ma anagement Consolidation Principles 1. As few data centres as possible 2. Locations determined objectively for the LT 3. Several levels of resiliency and availability (establish in pairs) 4. Scalable and flexible infrastructure 5. Infrastructure transformed; not forklifted from old to new 6. Separate application development environment 7. Standard platforms which meet common requirements (no re architecting of applications) 8. Build in security from the beginning Business Intent Business to Government Government to Government Citizens to Government 39
Platform Procurement Outlook Pre-configured, pre-integrated t and lifecycle-managed l infrastructure and platforms (IaaS and PaaS) Retained or Supplier Processes (TBD) Solutions provisioning Applications Interoperability Supplier Processes Enterprise Management (Enterprise Architecture, Service Management, Design & Orchestration, Vendor Relationship Management, Partner/Client Relationship) Windows Standard Self-Service Catalogue/Portal Enterprise Service Management, Capacity Management Standard Platforms (ERP, DBMS, Web, App, File, Print, VDI, DW) Windows Clustered Linux Standard Lifecycle management Capacity x86 Servers Management Incident management Storage Asset management Helpdesk support Private Cloud Virtual Compute (Hypervisor) Linux Clustered Vertical Platform ms/services Hybrid Cloud loud Public Cl Supplier Processes Supplier diversity for on-going best value Built-in competition ensures continuous improvement Workload Portability through open standards Retained GC Functions Alternative IT Infrastructure Service Delivery Opportunities Contract t Options: Horizontal vs. Vertical (e.g. DB appliance) Standard vs. Cluster (High Availability) Wintel vs. Lintel Development vs. Production Lease vs. Buy Goods (Assets) vs. Services Separate Storage from Compute Separate Service Management 40
Engaging Industry for Feedback Objective: Allow for an exchange of information through discussion (during one-on-one sessions) with platform and infrastructure experts that will ultimately inform Data Centre Consolidation strategies and procurement planning Provide suppliers with the opportunity to share their knowledge with the GC on the following discussion topics (detailed slides to follow): 1. Service Delivery Models (including service levels) 2. Value-added services (bundling, pre-configuration, etc.) 3. Contract(s) Period and Terms 4. Pricing Models 41
Topic: Service Delivery Models Preferences: Discussion Topic 1 Supplier diversityi Best way to achieve? Vendor A Vendor B Vendor C Suppliers managing the whole stack Best division i i of work? Solution life-cycle management (patches, upgrading, release schedules, etc.) Reasonable? Data Centre #1 Vendor D Vendor E Suppliers delivering directly to end- state t data centres Capacity on demand and capacity monitoring Data Centre #2 42
Topic: Value-Added Services Objective: To leverage the capability of the vendor to deliver on repeatable and consistent pre-integration (commodity engineering): Solution life-cycle management (patches, upgrading, release schedules, etc.) Capacity monitoring and capacity on demand Discussion 2Topic Engineering and Integration done at the factory, to meet standard configurations Management of O/S and Application images and packages where it makes sense (optionally) Service Portal Solution engineering GFE (e.g. software assets) 43
Topic: Contract(s) Period and Terms Recommended contract length (including option years)? What is the best type of vehicle (supply arrangement / standing offer / standard contract / other)? Adding and subtracting services during the contract (substitution of services)? Discussion 3Topic PLATFORM AN ND STORAGE P Platforms and Storage Transformation Service Consolidation Steady State Infrastructure Lifecycle Contract 1 Contract 2 Contract 3 Contract 4 Contract... 2014 Primary years Time Years 2020 Time 44
Topic: Pricing Options Numerous pricing model options possible adapt to elasticity, to meet business demand? Discussion 4Topic Pricing reviews at fixed intervals (based on market conditions) over the period of contract(s) advisable? What are the factors that impact cost? What are the levers to get best value? Basis of payment? Rates 1-2 years Review at fixed intervals (cost reduction based on market conditions) 2014 2016 2018 2020 Time 45
Questions for Industry Feedback OPERATIONAL/TECHNICAL: 1. What Value-added services would you recommend that we should be incorporating? Technical and operational considerations Procurement considerations 2. Is SSC s proposed service catalogue comprehensive and meet industry best practices? 3. How can emerging trends/technologies be incorporated into the proposed solutions? How can we keep technologies up to date given length of transformation? How could they contribute to the Savings, Security and Service transformation objectives? 4. How can we leverage Government Furnished Equipment / assets, lessons learned, and previous experiences in delivering similar data centre service solutions? 5. How can we best utilize maximum pre-delivery configuration and integration? 6. What are the perceived barriers to success and risks that require mitigation strategies? 7. What technology, tools or features could be put in place to facilitate application migration? 46
Questions for Industry Feedback PROCUREMENT: 1. What Pricing Model would be most beneficial to Canada? Are regular pricing reviews at fixed intervals over the period of contract(s) advisable? 2. What should contract length be (including option years)? 3. What usage-based or size-based licensing options, just-in-time capacity methodologies, innovative financing or other additional benefits related to the services provided can be leveraged to reduce our costs? 4. What recommendations can be provided on the approach for the technical evaluation of supplier proposals? 5. How could we modify requirements to maximize competitiveness and minimize costs? What are the levers that impact costs? What other opportunities are there to consolidate and rationalize that we may have missed? 6. What are views or feedback on proposed procurement timelines. 7. Where should services be bundled and where should they not, to achieve best value? Where do you see the opportunity space and what logical groupings exist? 8. Which services or components should be subject to RFI s? 47
Next Steps Industry one-on-one engagements* (45 min each) to be held July 22-26 to obtain feedback on the discussion topics Industry feedback will be incorporated into the statement of work Initiate next phase of the procurement process - RFI and RFRE Industry Day & 1-on-1s Post RFIs and RFREs Close RFP Contract Award Post RFP RFP Evaluation 2013 2014 Jul 17-26 Aug - Sep October December February INDUSTRY ENGAGEMENT RFRE & RFP DEVELOPMENT RFIS RFRE REVIEW/REFINE REQUIREMENTS (RRR) March Apr - May SOLICITATION June 2014 2014 IMPLEMENTATION Note: suppliers must have pre registered registered for the one on one sessions 48
Shared Services Canada Data Centre Consolidation Industry Engagement Day Collaborative Procurement Solutions Approach Stéphane Richard Senior Director, Procurement and Vendor Relationships Shared Services Canada July 17, 2013 49
Approach Collaborative Procurement Solution Description An iterative approach to requirements definition involving a limited number of vendors Reduce the probability of incompletely defined requirements leading to change requests Requirements will reflect what Industry can provide cost-effectively and rapidly while meeting GC constraints Define contract terms and conditions in collaboration with Industry Provide opportunity to generate new ideas based on industry input Request for Responses for Evaluation Phase Review & Refine Requirements Phase (With successful respondents) Industry Go Bid Go Engagement Forward Solicitation Forward Phase Decisions Phase Decisions Start of Execution Implementation Phase 50
Request for Responses for Evaluation (RFRE) Phase The purpose is to qualify suppliers who have demonstrated and proven skills and experience in implementing and operating DC services. Evaluation criteria will focus on the supplier s capabilities and experience to deliver DC services. Canada will inform Successful Respondents that, in the Review and Refine Requirements Phase, a draft Statement of Work (SOW) will be provided to them, and once the SOW is finalized, Successful Respondents will be requested to submit their list of IT products (equipment, software, services and network diagrams) as part of Canada s Supply ppy Chain Integrity (SCI) process. 51
Review and Refine Requirements (RRR) Phase Canada will provide the Successful Respondents with a draft SOW. Canada will collaborate with Successful Respondents to seek feedback and clarification on Canada s requirements to refine the SOW (e.g. one-on-one sessions, Q s and A s, written submissions, etc.). Once the SOW is finalized, Canada will request that the Respondents provide their list of IT products and a network diagram. Canada intends to conduct the Supply Chain Integrity (SCI) verification over a period of 10 calendar days to ensure that all IT products and the network diagram meet Canada s security and supply chain standards. 52
Review and Refine Requirements (RRR) Phase (continued) Upon completion of the SCI verification process, Canada will provide Respondents with written notification informing them if their IT product list and network diagram are approved. If a Respondent s IT products list is not approved, the Respondent will be briefed and have 10 calendar days following the receipt of Canada s written notification to resubmit their IT products list and if necessary, their network diagram. If the Respondent s IT products list is rejected a second time, there will be no further opportunities to resubmit a new IT products list and the Respondent will not be qualified to proceed to the next phase in the procurement process. Respondents whose IT product list and network diagram are approved by Canada will be deemed Qualified Respondents and will proceed to the Bid Solicitation Phase. 53
Bid Solicitation Phase Canada may issue one or more formal Request for Proposal (RFP) solicitations to the Qualified Respondents who have successfully passed the RFRE and RRR Phases. Each Qualified Respondent will be permitted to formally bid on the requirements set out in the RFP(s). 54
Contract Award and Implementation Contract Award will take place upon completion of the evaluation during the Bid Solicitation Phase. One or more contracts may be awarded as a result of the Request for Proposal(s). 55
Shared Services Canada Data Centre Consolidation Industry Engagement Day Supply Chain Integrity Patrick Mountford, Director, Cyber Security Strategy Christian Caron, A/Manager, Cyber Threat Assessment Unit Shared Services Canada July 17, 2013 56
Two-Step Process Request for Information (RFI) / Request for Responses for Evaluation (RFRE) / Review and Refine Requirements (RRR) posted on GETS SCI determination & pre-requisite National Security Exception Respondents provide list of Information and Communications Technology (ICT) equipment, software and services SCI Authority reviews ICT list in consultation with Security Partners SSC issues RFP to Qualified Respondents Decision by SCI Authority Rejected respondent has 10 calendar days to resubmit revised equipment list Yes Receive Approval Letter for pre-qualification No 1 st Rejection 2 nd Rejection Respondent does not qualify Debrief session with respondent 57
Required Information from the Respondents Once the SOW is finalized, GC will request that the respondents provide their list of IT products and services. More specifically, when it applies, the GC will be requesting the following detailed information: 1. List of equipment used to deliver the service (vendor manufacturer, model number, software load version). 2. List of managed services (names of companies and the location from where these services are delivered). 3. Conceptual network diagrams showing third party dependencies and interconnections (includes physical and logical network topology, depicting the nodes and connections amongst nodes in the network). 4. All of the above applies for sub-contractors and partners (sub- contractor and their own sub-contractors). This should include all companies who will be sub-contracted to provide equipment or services as part of the DCC project. 58
On-going Supply Chain Integrity Auditing On-going SCI auditing from the moment the contract has been awarded until it ends. Supplier provides revised list of ICT equipment SCI Authority reviews ICT list in consultation with Security Partners Rejected supplier has to resubmit revised equipment list Decision by SCI Authority Yes Supplier receives Amendment Approval Letter No Debrief session with supplier SCI Authority monitors threats and audits results in consultation with Security Partners Threats? Yes Debrief session with supplier Internal threat evaluation can lead to the questionning/exclusion of specific equipment/services 59
Cyber & Supply Chain Threats to the GC Data Centre Consolidation Industry Day July 17, 2013 Carey Frey, Communications Security Establishment Canada 60
UNCLASSIFIED CSEC: What We Do CSEC: Canada s national cryptologic agency Our Mandate Foreign Signals Intelligence IT Security Support to Lawful Access B Mandate To provide advice, guidance and services to help ensure the protection of electronic information and of information infrastructures of importance to the Government of Canada 61 61
UNCLASSIFIED CSEC: IT Security Program We help prevent, detect t and defend d against IT security threats and vulnerabilities CSEC provides unique technical expertise, capabilities and classified information that we use to complement commercial security technologies available to IT security practitioners We use our own methods and operations to detect and defend against threats that are not in the public domain 62 6 62
UNCLASSIFIED Effects of Market Forces on Technology Market forces favour commercial and personal technologies over requirements for security features Our society is almost totally dependent on software and hardware commercial technology providers from global markets New products and new versions of products are rapidly produced No regulatory framework exists for hardware/software safety and security Traditional government policies and processes impose security requirements after products and systems have been developed Few incentives for commercial technology developers to invest in security 63 6 63
UNCLASSIFIED Technology Vulnerabilities People write software sloppily. Nobody checks it for mistakes before it gets sold Peiter Zatko (Mudge), WhiteHouse Cyber-Security Summit (2000) Unintentional vulnerabilities or weaknesses Design flaws Implementation errors Cyber Threat a threat actor, using the Internet, takes advantage of a known vulnerability in a product for the purpose of exploiting a network and the information the network carries Intentional vulnerabilities or weaknesses Predetermined deliverables can be implanted in a product with or without knowledge of company. Supply Chain Threat a product can be easily tampered with in the supply chain to later facilitate a cyber-intrusion against that product in order to exploit a network and the information the network carries 64 6 64
UNCLASSIFIED The Evolving Cyber-Threat Today, malicious cyber activities are directed against Canada and our closest allies on a daily basis Threat actors range in sophistication from malfeasant hackers to organized crime groups, to terrorists to nation states Canadians trust the GC to defend Canada s cyber sovereignty and protect and advance our national security and economic interests t 65 6 65
UNCLASSIFIED An Issue of National Security Risks from vulnerable technologies Covert and persistent access by cyber threat actors in Canadian data centre / cloud infrastructures threatens the sovereignty of GC information and the continuity of government operations Cyber threat actors are effective at exploiting enterprise technologies and management systems used to administer and operate data centre / cloud infrastructures Risks from the supply chain Increases opportunities for threat actors to circumvent GC cyber security measures More difficult for the GC to detect and remediate 66 6 66
UNCLASSIFIED GC Shared Services Procurements Shared Services Canada and CSEC are working in partnership to eliminate or significantly reduce risks to the GC from cyber threats & global supply chain vulnerabilities CSEC will provide follow-up briefings on supply chain risk mitigation to interested suppliers for GC shared services Companies must be willing to sign a CSEC non-disclosure agreement to receive this information Security requirements for cyber-protection, cyber-defence and supply chain risk mitigation must be met by suppliers in order to successfully bid on GC shared services initiatives As the IT Security authority for the GC, CSEC will seek long-term partnerships with successful suppliers CSEC will assist Shared Services Canada in the pedigree analysis of supply chain information provided by respondents Examples of these requirements can be found on CSEC s website under Technology Supply Chain Guidance 67 6 67
Shared Services Canada Data Centre Consolidation Industry Engagement Day Questions & Answers 68
Shared Services Canada Data Centre Consolidation Industry Engagement Day Wrap-up p & Closing 69
Shared Services Canada Data Centre Consolidation Industry Engagement Day Additional Material Shared Services Canada 17 July 2013 70
Workload and Data Containment in the Data Centre Internet GCNet GCNet Internet Physical Perimeter Physical Perimeter Shared Physical Containment Area Dedicated Physical Containment Area Virtual Perimeters Virtual Perimeters Virtual Perimeters OZ PAZ REZ PAZ OZ OZ REZ Application Restricted Zone Application Restricted Zone Application Restricted Zone Data Restricted Zone Data Restricted Zone Data Restricted Zone Storage Restricted Zone Storage Restricted Zone Dedicated Virtual Containment Area Shared Virtual Containment Area Production and Development Data Centres Production and Development Data Centres GCNet Physical Perimeter Management Containment Area Internet Storage Re stricted Zone IPC Local Restricted Zone Backup Restricted Zone Partner/Owner Application Access Restricted Zone Management Restricted Extranet Zone (MREZ) Monitoring Restricted Zone Management Restricted Zone (MRZ) Public Access Zone (PAZ) ICAM IPAM NTP Supporting Services GC Domains & Zones Standard 71
Partner & User Facing Services Application Hosting: Provides two standardized Platform as a Service (PaaS) options for Partners COTS and Consumer-Built applications: Managed Operating System (OS) Platform service provides management of the OS and Below Optional 3-tier Managed Application Platform with standardized database and platform middleware (Windows, J2EE and LAMP) and full management of Everything but the Application Database Hosting: Provides a standard solution specific to the needs of Partner Databases Platform as a Service (PaaS) includes middleware and tools for leading databases, residing on SSC s standard managed Computing and Storage Infrastructure. Partners can provision their own databases and virtual resources 72
Partner & User Facing Services Standard Development Environment: Platform service for developing/maintaining business systems for SSC s standardized cloud-based environment. Includes instances of 3-tier architecture deployed across five development phases (Dev, Test, UAT, Pre- Prod, and Training). Transformation option is provided for transforming mature business systems (legacy) to run in SSC s standardized cloud based environment. Data Warehouse: PaaS solution for Partners for data mining, query and reporting, complimented by Business Intelligence tools Includes suite of ETL (Extract, Transform and Load) tools to move transactional data to Data Warehouse Hosting platform. File Service (GCDrive): Centralized, highly scalable, secure online storage solution for unstructured data and files. Includes: Search, Encryption, Daily Backups and Offsite Archival, Anti-Virus & Malware Scanning, Multi- Format Support, Document Quick View, File Versioning, User Trace & Audit, and Policy based User quotas. 73
Partner & User Facing Services High Performance Computing: Fully managed platform for consumers with extreme performance computing needs Basic service for intermittent computing needs supports self-service service provisioning Enhanced service for steady state heavy computing demands and supporting services for specialized configurations Distributed ib t Print Service: Allows users to print from anywhere and any device to any printer allowed by their User Account Includes centralized monitoring and management of policies, printers and consumption Bulk Print Service: For consumers requiring very high volume and specialized print media Fully managed with high volume distribution and mailing capabilities in secure, centralized printing facilities 74
DC Enabler Services Compute & Storage Provisioning Service: Highly available, secure and fully managed capability for computing and storage Compute: Fully managed virtual infrastructure platform with container isolation for Guest OS and Workloads (Physical Bare Metal and Virtual Machine) Storage: Various levels of data protection, data availability and data performance, in highly available online data repository Virtual Desktop Infrastructure: Fully managed platform service for hosting virtualized desktops and common office applications Allows users to access full featured virtual desktop from anywhere, using a Desktop PC or thin client Provides significant TCO savings and rapid provisioning for users Backup / Recovery Service: Storage capacity for copies (backup) of data used for point in time data and system recovery in the event of failure or loss Data Archival Service: Secure storage of older/less- utilised data, for longer-term retention; data are indexed and accessible by business users Facilities Management: Management of the physical assets for building space, security, power, backup power, climate, fire and cable plant as well as external Co-location services and hands-on support services to other Enabler Services (onsite feet on the ground) Remote Admin Service: Provides SSC system and Partner application administrators the ability for remote access 75
Common Capabilities For All Services Services reside on SSC s Standard Fully Managed Computing, Storage and Network Infrastructure, in secure & robust Data Centres or authorized external service providers Industry standards ensure Service Offerings & Requests are compatible with leading Tools for Portfolio, Service Catalogue, Self-Service Service and Auto-Provisioning Supporting Services: Lifecycle Service & Systems Management Practices & Tools (ITIL 2011 + NIST + DC Mgmt, etc.) Exposes / Integrates aspects of DC Service Management with Partners & Providers Service Mgmt Lifecycle Technical Support for Partners developing, maintaining and using DC Services Subscriber Services Professional Services Standard Tiered Service Levels (Service Level Targets & Commitments for each Tier) Standard Tiered Service Capabilities (Activities & Tools needed to deliver each service, and specified Service Level Targets) 76