ICT Strategy Appendix B



Similar documents
CenSus ICT Strategy ( )

City of Coral Gables

Contents. Introduction. What is the Cloud? How does it work? Types of Cloud Service. Cloud Service Providers. Summary

1 Executive Summary Document Structure Business Context... 6

BT One. Analyst and consultant update, September BT One. Communications that unify 1

Expert. Trusted. Effective. IT managed services tailored to you. From Modern Networks.

VDI can reduce costs, simplify systems and provide a less frustrating experience for users.

ACME Enterprises IT Infrastructure Assessment

Swansea University. ICT Infrastructure Strategic Plan:

Cloud Computing - Architecture, Applications and Advantages

Maximiser OS Platforms. SpliceCom. Britain s leading developer of telephone systems

ICT Category Sub Category Description Architecture and Design

How To Get Atos Paas For Free

DNA IT - Business IT On Demand

Exhibit to Data Center Services Service Component Provider Master Services Agreement

Enterprise Backup Solution Vendor Questions

Guardian365. Managed IT Support Services Suite

The benefits of Cloud Computing

Is your business still wasting time and money on PCs and Servers?

Backup and Redundancy

MSP Service Matrix. Servers

Bridged Apps: specialise in the deployment of many well known apps, as well as building customer made apps, websites, and SEO.

Table of Contents...2 Introduction...3 Mission of IT...3 Primary Service Delivery Objectives...3 Availability of Systems Improve Processes...

White Paper. SIP Trunking. Abstract

AL RAFEE ENTERPRISES Solutions & Expertise.

What are the benefits of Cloud Computing for Small Business?

How To Use Attix5 Pro For A Fraction Of The Cost Of A Backup

IT is complicated. There are so many moving pieces and parts, and your business is dependent on all

Capita Productivity Hub Combining secure private cloud with familiar Microsoft tools

Interact Intranet Version 7. Technical Requirements. August Interact

Determine dates with you telecom suppliers so that the new office is online before your move for both Phones and Data connections.

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

INFRASTRUCTURE SOLUTIONS OVERVIEW

NET ACCESS VOICE PRIVATE CLOUD

REDCENTRIC INFRASTRUCTURE AS A SERVICE SERVICE DEFINITION

IP Telephony Management

Service Overview CloudCare Online Backup

Comprehensive Agentless Cloud Backup and Recovery Software for the Enterprise

How To Protect Your Data From Harm

Our Cloud Offers You a Brighter Future

MyCloud Dedicated Unified Communications (UC) Transforming Business Communications

Cohesion Managed Services

Virtualization Support - Real Backups of Virtual Environments

Information Technology Mission Statement. Information Technology Goals

Williamson County Technology Services Technology Project Questionnaire for Vendor (To be filled out withprospective solution provider)

End User Computing - Cloud Client Computing

DOBUS And SBL Cloud Services Brochure

ICT Professional Optional Programmes

FileCloud Security FAQ

VoIP Survivor s s Guide

How To Run A Hosted Physical Server On A Server At Redcentric

MCSE SYLLABUS. Exam : Managing and Maintaining a Microsoft Windows Server 2003:

Providing a quality IT Support & Consultancy service in the South East

Data Protection Simple. Compliant. Secure. CONTACT US Call: Visit:

Upper Perkiomen School District

ICT budget and staffing trends in the UK

T H E E D U C A T I O N C L O U D. Freedom... a true Cloud based solution for education!

Standard Information Communications Technology. Videoconferencing. January2013 Version 1.4. Department of Corporate and Information Services

Product Overview and Functional Specification

What is the Cloud and Saas? Introducing the Cloud and its Benefits

The cost effective and flexible alternative to ISDN

Enterprise Desktop Solutions: VMware View 4.5

SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES

Active Directory - User, group, and computer account management in active directory on a domain controller. - User and group access and permissions.

We take care of backup and recovery so you can take care of your business. INTRODUCING: HOSTED BACKUP

Unlimited Server 24/7/365 Support

Disaster Recovery Strategies: Business Continuity through Remote Backup Replication

custom hosting for how you do business

Transporter from Connected Data Date: February 2015 Author: Kerry Dolan, Lab Analyst and Vinny Choinski, Sr. Lab Analyst

Comprehensive Agentless Cloud Backup and Recovery Software for the Enterprise

How To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On

Dell PowerVault DL2200 & BE 2010 Power Suite. Owen Que. Channel Systems Consultant Dell

Karen Winter Service Manager Schools and Traded Services

Cisco WebEx Meetings Server

SIP Trunks. The cost-effective and flexible alternative to ISDN

How To Upgrade The Council'S Network Infrastructure

IT Assessment Report. Prepared by: Date: BRI Works East Main Street, Suite 200 Charlottesville VA

Talk Internet Partner Price List November 2015

Every organization has critical data that it can t live without. When a disaster strikes, how long can your business survive without access to its

Transcription:

Page 1 of 10 ICT Appendix B Information Technology Detailed Approach Data Centres DBC have invested significantly in the use of two data centres: the primary data centre is in Amersham (Buckinghamshire County Council owned, located at the offices of Chiltern Borough Council); and the secondary data centre is in Aylesbury (Buckinghamshire CC owned, located in their New County Offices). We have 3 full height racks rented from Buckinghamshire CC, fully serviced (Power & AirCon) at a rate of 1,155 per 4U per annum, 2 in Amersham and 1 in Aylesbury. The contract is currently annual and started on 1 October 2013. At current usage this should provide sufficient capacity for the next 3 years at least. However, this will be affected by: success in consolidating at both application and server level; and the content of the Systems Roadmap established following the Systems Review. The use of data centres provided by Buckinghamshire CC is a relatively recent initiative and one that we expect to be fit for purpose for the next 5 years at least. Nevertheless we will continue to monitor the performance of this service and to review against organisational requirements. The annual nature of the contract allows significant flexibility should we wish to pursue an alternative route. Data Storage Storage is based on a Dell Equallogic iscsi modular SAN. The total available primary storage is 33TB, of which 28 TB is replicated to the secondary site where 30TB of storage is available. Discs are configured into a RAID 6 array which will allow for recovery following the simultaneous failure of 2 disks. Separate SAN modules are used in the DMZ environment. The production (Amersham) DMZ has 3.5TB storage. Currently there no DMZ in the DR (Aylesbury) site. We have no plans to make significant changes to the data storage service other than to move an existing SAN module from the Civic Centre to the Aylesbury DR datacentre to reserve for the DR DMZ environment Currently there is some spare capacity and a large reservation of storage (6TB) set aside for EDRMS. A single extra SAN unit can be fitted into the existing environment to cater for organic growth but following that major investment would be required to upgrade storage with the need for more rack space, switching and virtual server hosts, backup capacity, SAN Page 1 of 10

Page 2 of 10 replication & DR environment capacity. We will monitor and manage storage availability and capacity. Network Our primary/secondary Internet circuits are provided by UpData at our Amersham & Aylesbury data centres, providing 20mbps of bandwidth at each site. Wide Area Network (WAN) access between the Civic Centre and our data centres (and between the data centres) is currently provided by a 1gbps (layer 2) point-topoint service sourced from Vtesse (routed through the Amersham data centre). WAN circuits between the 5 remote sites and Hemel Civic Centre are currently provided by BT mainly on LES10 (10mbps) circuits. All network switches are Extreme with PoE switches used at the edge and an Extreme BlackDiamond chassis based switch at the core. The internal LAN has no provision for network layer security; a point picked up in the recent IT Health Check carried out as part of the PSN Code of Connection. Wireless networks currently offer only patchy coverage within the Civic Centre, separated entirely from the LAN, offering guest/supplier access to the Internet via a single 8mbps ADSL circuit. We will increase our level of resilience within the WAN, for access to ICT services from the main user location to the data centres, by procuring a triangulated service providing point-to-point connectivity directly between the Civic Centre and Aylesbury. We will move our WAN circuits between the 5 remote sites and the Civic Centre to UpData PSN compliant (Point to Cloud) circuits, offering 100mbps from the remote sites to the cloud, and a 1gbps access circuit into the Amersham and Aylesbury data centres. Decanting to Marlowes Business Centre will dictate that new edge switching is installed throughout the Marlowes and Court buildings, which is likely to be on more cost-effective switches than the current Extreme solution. This is a correct statement assuming the current switches are approaching end of life the replacements (probably Dell or HP) will be cheaper than an Extreme solution. As part of the decant, we will provide a new wireless internet service, offering higher connection speeds, greater coverage, easier management of current functions and improved security. It is not clear at this stage if the management of the solution will be undertaken within Dacorum ICT or outsourced. Page 2 of 10

Page 3 of 10 Network layer security will be implemented a basic level on the existing LAN within Civic Centre by deactivating all network ports that are currently not in use. A more robust solution will be required post-decant. Telephony & Voice Services A Mitel 3300 series VoIP solution offers the main telephony service supporting over 600 handsets. Homeworkers are provided with a Mitel Handset connected over broadband to the Mitel TeleWorker service. Mitel MCA and Polycom Soundstations offer audio conferencing facilities. IVR Facilities are provided by Netcall Telephonetics. Contact Centre functionality and call recording components are provided by Braxtel. DDI is delivered by Daisy over ISDN30 & DASS circuits. We will provide SIP trunks over PSN and virtualised telephony switches. This will enable and simplify the work to decant and will provide greatly improved disaster recovery. We will introduce Inform 360 as an additional IVR solution, seeking to reduce the number of avoidable contacts by providing information directly and automatically without the need for customer agent intervention. In line with the Business Systems, we will rationalise the number of products and vendors that constitute the telephony solution. We will monitor new technologies in the area of Unified Comms, with particular interest in extending the deployment of Microsoft Lync (already used within the Council but restricted to presence awareness and Instant Messaging) as a possible long-term replacement for separate telephony systems. Page 3 of 10

Page 4 of 10 Servers 97% of DBC s application servers are virtualised using VMware Vsphere. There are currently 105 virtual servers live in Amersham. Currently only 3 virtual servers reside in the Aylesbury all of which have infrastructure rather than business roles. The current standard Windows server build is on Windows Server 2008 R2 but there is a legacy running a mixture of Windows Server 2008 (strategic) and Windows Server 2003 (64 & 32 bit). A handful of legacy servers remain at the Civic Centre and are being managed out as part of the Decant decommissioning plan this will allow the server room to be decommissioned by the end of 2013 Two significant servers remain on physical platforms, Orchard Housing on Sun (yet to be migrated to Amersham) and Northgate Revs/Bens on a Windows 2008 platform. There has been a historical lack of method in terms of which services run from which server. Individual servers have fulfilled multiple functions across the organisation (running more than one application, hosting databases, being used as file servers, etc.). The result of this approach is that it makes the upgrading, decommissioning or simple maintaining of each server a labour intensive task with significant risk attached. In line with the Business Systems, we will look to consolidate our server estate, aiming to reduce the 105 virtual servers by at least 25%, reducing the operational overhead in maintaining the server estate and allowing us to rationalise the number of Microsoft licences currently in use. We will adopt strict categorisation of servers (Infrastructure, Database, Web & Application) and wherever possible we will not allow mixed categories. This will allow ICT to use common maintenance windows and to plan configuration for the easy migration of services from one server to another (within the same category). We will move Orchard Housing to a Windows platform, allowing easier in-house maintenance, and better disaster recovery with a cost saving of around 12,000 on hardware and professional services. We plan to adopt Windows Server 2012 as the standard server build in the first quarter of 2014. We will replace all Windows 2003 servers by June 2015 when it will be de-supported by Microsoft and will strategically replace legacy operating systems on an on-going basis, especially when upgrading major applications.. The DR environment will be used to host non-production test servers to reduce the resource usage in the production environment. Page 4 of 10

Page 5 of 10 Internet Services Wireless internet access is provided as described above (within Network). Internet access within the DBC network is provided via a WebSense proxy server, both logging all internet access and limiting access to certain categories of website (as defined by DBC management). Access to file sharing sites is currently limited to a single third-party commercial service, Dropbox We will continue to review the provision of this service to ensure that it fits with the requirements of the organisation. We will actively pursue an alternative to the thirdparty commercial file sharing service, working in partnership with colleagues at Herts County Council. Security Although security within Dacorum had been addressed effectively within policies, a number of critical vulnerabilities have been allowed to develop at network level. Work to attain compliance to the Government Public Sector Network work has exposed many of these shortcomings, giving them both visibility and priority. The largest issues are currently being addressed: the patching of servers (many of which have never previously patched); the patching of applications; a planned approach to the lifecycle management of server operating systems; the use of passwords and service accounts. In particular on this last point, we will have clearly defined accounts under which services run, stored securely with appropriate naming conventions. We will improve & document build process and the document hardening of hardware. The following captures the technical detail of both the current and proposed security position: Policies o Dacorum has issued the following policies relating to ICT Security: Corporate Information Technology Security Policy Remote & Homeworking Policy Corporate Information Security Management Policy External Access o A NetScaler device is used to secure remote and home workers, coupled with Cryptocard 2-factor authentication (a resilient NetScaler is installed at the Aylesbury data centre for DR. Anti-Virus o This is provided by Microsoft System Center Endpoint Protection, which works effectively with Microsoft SCCM Page 5 of 10

Page 6 of 10 o But need to monitor the product in the market assuring ourselves it is being developed in line with our requirements. We will consider swapping to dedicated AV supplier if necessary. Patch Management o We use SCCM o O/S patching o Application patching Penetration Testing o Undertaken annually for PSN submission. Network Security o Two CheckPoint firewalls provide protection from the Internet and Demilitarized Zone (DMZ) capability at Amersham. However, the DMZ is provided only as a 3-leg perimeter design. o Firewalls have reached end of life and we will take the opportunity when replacing them to introduce a true dual firewall DMZ in line with CESG (the primary governmental steering group on security standards) recommendations. o The GCSx environment (Watchguard Firewall & DTA server) will remain at the Civic until the new PSN/GCN connection is provisioned at Amersham (est. Nov-13) email Security o mailcontrol.com, an externally hosted service provided by Websense, provides email filtering End Point Security o Encryption of laptops is provided by BitLocker o We will implement GFI end point security Data Transfer Security o Currently the use of Dropbox is permitted o We will replace Dropbox with an appropriate corporate solution. We are working with Herts CC to trial their Herts FX file exchange service. Page 6 of 10

Page 7 of 10 Databases DBC currently has 18 instances of full SQL server, with several holding multiple databases. DBC ICT are currently reviewing the total number of SQL databases. However, early indications are that there are numerous SQL databases which are either redundant or whose purpose is unclear. SQL Database Administration (DBA) represents a significant skills gap within the current ICT structure with the consequence that SQL database monitoring is executed only at the most basic level. The risks associated with this are that databases will lose integrity, fail to be periodically upgraded and lack robustness in backup design. It is possible that applications may fail as a result. In line with Business Systems we will pursue a Microsoft First approach to databases and will continue to use MS SQL wherever appropriate with, however, a more managed approach to deployment than previously employed. In order to address the risks associated with the current skills gap, DBC ICT will look to outsource its SQL DBA services. This will also facilitate the rationalisation of databases, a unified approach to database backup and an on-going programme of database upgrades to bring them to the most recent version of SQL supported by the application. Backup A modern disk to disk to tape backup solution has recently been implemented giving a unified approach to backups across the estate. This uses a robotic tape library in the Amersham datacentre. Daily, weekly and monthly schedules are in place depending on the nature of data stored on particular servers. On a monthly basis, weekly and monthly tapes are replaced at Amersham and taken off-site to a fire proof safe at Cupid Green. Data from the primary data centre in Amersham is replicated to the secondary data centre in Aylesbury. This replication is part of the DR solution but can also be used (with considerable resourcing cost) to recover data that has been lost since the last backup was taken. Data is also backed up at Amersham using Backup-Exec software at the primary site on a disk to disk to tape system. The current backup solution will continue to be fit for purpose for some years, allowing for moderate growth in storage requirements. We will, however, increase both monitoring and administration of the backup system. Daily checks will be made to monitor for backup success with time required for fine Page 7 of 10

Page 8 of 10 tuning to provide unambiguous success/failure notifications. Test restores will be conducted on scheduled basis to verify that backups are valid. User Workstations Council officers are provided with access to Desktop PCs, Laptops or thin clients. DBC has undertaken an extensive Desktop Replacement Programme throughout 2012/13 which has seen the replacement of a large number of older Windows XP machines. The desktop estate is now a mixture of Dell Windows 7 Laptops, Windows7 / XP Desktop PCs and around NEC Windows XP desktops. The remaining Dell XP desktops will either be replaced by laptops during the Dacorum Anywhere roll-out or have an in-place Windows 7 upgrade. The 20 NEC PCs will be managed out before April 2014 when Windows XP goes out of support. A thin client build based on 10Zig hardware has been tactically deployed at some remote locations, such as the Town Hall and Maylands Business Centre, providing access to the same virtualised desktop provided to Dacorum Anywhere users. The desktop within the Hemel Civic is thick with the exception of Regulatory Services who receive a thin desktop via Dacorum Anywhere. While a wholesale move to the use of Citrix desktops, provided across thin clients such as 10Zigs, would bring with it benefits in terms of simplicity of support, consistency of user experience and hardware cost, it does not form part of strategic thinking in the short or medium term. The recent extensive investment in thick clients and the emphasis on the remote working strand of Dacorum Anywhere, in tandem with the restrictions on using unmanaged devices currently placed by the Cabinet Office/PSNA, mean that thick clients will remain prevalent within DBC for the foreseeable future. Whenever suitable, however, we will look to extend the use of thin clients (specifically where no home working facility is required) and will continue to review the use of thick clients on a case-by-case basis as desktops and PCs are replaced. Office Systems DBC uses Microsoft Office 2010 as standard made available both on local machines and over Citrix. There are some instances of Office 2003 still in use but these will be replaced with Office 2010 by April 2014. We will continue to use Microsoft Office for the foreseeable future and will ensure that DBC are using a supported version of the product. Page 8 of 10

Page 9 of 10 Remote & Home Working The strategic solution for Home Workers is a laptop with Dacorum Anywhere (Citrix / RDS published desktop). Some access provided to a limited set of users is still provided via a legacy SSL VPN tunnel. This solution, however, is being rapidly phased out in line with PSN Code of Compliance requirements. Remote working on users own devices in not allowed. We will continue to provide laptops to users that Services identify as being able productively to work from home. Citrix will remain our strategic solution for providing remote access. We will extend the home working service to include remote patching and remote support of DBC devices via Microsoft Direct Access VPN connection. Mobile Working Mobile working has been implemented to only a very limited extent within Dacorum. Around 30 laptops with 3G SIMs have been deployed to Sheltered Housing Officers with a Dacorum Anywhere build (i.e. using Citrix). Ezytreev is being used by Trees and Woodlands while the Cleaning Dept use EasyLog, both on Tablet PCs. There is a firm plan to introduce Civica Mobile Lite for Pest Control & Enforcement within the next 6 months. Smartphones have been provided to a limited degree and currently use Exchange Active Sync to provide access to email and calendaring facilities. Users must have a Dacorum device in order to make use of this facility. A few tablets are currently being piloted to understand what opportunities for more efficient processes their adoption might produce. In line with the principles of Dacorum Anywhere we will work actively to promote mobile working, limiting the requirement to return to a base, increasing individual productivity and freeing up office space. We will continue to support mobile working initiatives driven by business requirements. We will also work with services to establish the most appropriate device type (Laptop, Tablet, PDA, etc.) for the work undertaken. However, in order to be able to provide a useful level of support we will seek to standardise on a single vendor/operating System for each of these device types. Our strategic preference will then be for mobile applications built specifically for the device type being used (i.e. native apps). Page 9 of 10

Page 10 of 10 We will introduce Mobile Device Management (MDM) for DBC smartphones. This will allow DBC to apply certain policies to its smart devices, such as the requirement for complex passwords. It will also allow DBC ICT to perform remote wipe on these devices. At the point of writing the PSNA s position on Bring Your Own Device (BYOD) is clear unmanaged devices cannot be used to access PSN compliant organisations. Nevertheless, we will investigate technology options for introducing such a service within DBC. In tandem with the work to introduce MDM we will assess the appropriateness of containerised applications which would allow corporate email and calendaring to be securely delivered to users own devices. Disaster Recovery Data is replicated on a regular basis between data centres. Standby virtual servers at the secondary data centre are ready to provide the recovered service when required. Physical office provision will be provided in the short term to a small emergency team, using Dacorum Anywhere, at Maylands Business Centre. With the introduction of PSN circuits (see Network ) this service can be extended to any remote office by mid-2014. A detailed recovery plan has been established in consultation with Council Services to establish the correct priority for services to be restored. We will establish the correct priority and recovery routes for any new system/service being introduced to DBC prior to the service going live. From 2014 we will conduct annuals tests of our disaster recovery provision, simulating emergency situations to prove both processes and technology are robust. Page 10 of 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information