1 / 8

State of Oklahoma CIO Assessment Study

State of Oklahoma CIO Assessment Study. Network Recommendations. Network, Security, and Telecommunications Baseline. Current State. Vision for the Future. ROADMAP - Blueprint. We are observing very fragmented network services within and across State agencies.

marja
Download Presentation

State of Oklahoma CIO Assessment Study

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. State of OklahomaCIO Assessment Study Network Recommendations

  2. Network, Security, and Telecommunications Baseline Current State Vision for the Future ROADMAP - Blueprint • We are observing very fragmented network services within and across State agencies. • Multiple platforms for network, telecommunications, and security within an agency and across agencies. This usually results in higher TCO and poor support model. • No state-wide compliance model for network, telecommunications, and security. • No State-wide (One Net excluded) shared WAN/extranet . • Several agencies maintaining their own PBXs and circuits. Telephony is a good example for shared service. • Too many access points to the Internet casing a potential huge liability risk.. • We seek a network and security infrastructure environment that will enable centralized governance and shared services. • Standardization, rationalization and consolidation is required to achieve the future state vision of centralized technology. • Future vision includes centralized and common/shared services like telecommunications, shared extranet, Insourced or outsourced MPLS cloud used by multiple agencies. • Services requiring agency-specific competencies will remain at the agency level. • Build an infrastructure foundation leveraging a common language and reference architecture to enable: • Simplified, optimized, standardized enterprise IT infrastructure (including telecommunications, network, and security). • Centralized application and infrastructure services. • Common, effective management practices. • Future vision to be enabled through delivery of an integrated project roadmap comprising infrastructure rationalization and capability development initiatives.

  3. Infrastructure Baseline – Details (Current State Observations) We are observing disparate technology within and across State agencies as evident by the following facts: • Multiple vendor equipment for network, network services, security, and telecommunications (traditional and VoIP). • One Net adoption is limited to internet connectivity for larger agencies. There is no shared WAN/extranet in place. • Network services like print/fax/scan is not well-established. Local printers are prevalent across agencies. We found no cohesive lifecycle management across the technology landscapes, evident by the following facts: • Lack of tools to manage network upgrade cycles. • Lack of compliance and lifecycle management tools. • Critical network equipment that is out of support from vendors. No central governance model for the technology portfolio (lies within the agencies), as evident by the following facts: • Very limited statewide support contracts for network and security devices. • OSF has a very good security control tools in place but other agencies have largely voluntary compliance reporting. • Network monitoring, change control and service control policies are largely controlled, if at all, by various agencies. No State-wide shared services, as evident by the following facts: • Even common services like WAN/extranet, telecommunications, or VoIP are operated and maintained by all large agencies. • Limited central and shared security services for things like remote access and DMZ.

  4. Infrastructure Baseline – Details (Future State Objectives) We seek an infrastructure environment that will enable centralized governance and shared services as supported by the following trends: • Shared WAN via MPLS backbone and or extranet. • Consolidate end connectivity (circuits/VPN) to a local MPLS PoP via VRF virtualization to remote State offices. • Centralize remote access service and DMZ firewalls and IDS/IPS. • Implement State-wide lifecycle and inventory management. • Implement a common statewide compliance monitoring tools. Infrastructure standardization, rationalization and consolidation is required to achieve the future state vision of centralized technology as supported by the following trends: • Limit network, security, and telecommunications vendors to one or most at two. • State-wide support contracts. • Standardize print/scan/fax and telephony. Make print/scan/fax as a network based services and limit local print/scan/fax. Future vision includes centralized and common/shared business services used by multiple agencies as supported by the following trends: • Move small and medium agency datacenter into a central location. • Create or designate single entities for security services and telephony. *Services requiring agency-specific competencies will remain at the agency. This has to be defined and well understood

  5. M State-wide Optical and MPLS Backbone Network Risk Assessment Description Benefit Theme(s) Supported • Establish a single, State-wide optical backbone using State-owned fiber. • Deploy WAN virtualization technologies to allow for traffic engineering. • The MPLS backbone can be designed to be virtualized via VRF for each State entity. • Establish major PoPs for the backbone and consolidate connectivity to the nearest PoP. • Consolidation of last mile circuits for remote locations having multi-agency presence. • Leverage local telcos for last mile connectivity for best price/performance. Stakeholders Investment • ISD • OneNet • Other agencies (TBD) Activities Assumptions • Document WAN connectivity for all the agencies – Leverage ATT study. • Assess environment with regard to existing infrastructure, components and costs. • Identify a single state entity that would operate the MPLS networks. • The entity will establish baseline architecture based on requirements from all the agencies. • Define service parameters and support model. • Define rollout and agency-level migration plan. • Design, procure equipment and deploy the MPLS backbone. • Conduct change management (training on new technology and processes). • Monitor KPIs and adjust process as needed. • Leverage existing, State-owned fiber. • Investments reflect network equipment and labor only and exclude facilities. Timelines • Q2Q3 2011– Q4 2012 Metrics to measure achievement • Strategy established and agreed upon. • A state entity identified. • Design and deployment of the core completed. • Agencies successfully migrated. • Cost savings/ added b/w after migration. Dependencies • Fiber availability for major PoPs that make the MPLS Backbone. • Establish a single entity that controls and manages the WAN for agencies via MPLS.

  6. M VOIP Telephony Risk Assessment Description Benefit Theme(s) Supported • Establish a State-wide VOIP SIP telephony network leverage CapEX and OpEX savings. • Distributed infrastructure, platforms, and applications as shared services. • Curb the exponential growth of energy consumption and energy cost which are trending at 9% and 4% annually respectively. • Ability to scale up and down as business demands changes and maximize efficiency. • Services delivered based on standardized SLA’s. • Integrate wireless, CDMA /GSM/LTE services, SIP trunking via Session Border Controller. • State-wide Optical and MPLS Backbone Investment Stakeholders • ISD/OneNet • All agency IT departments including Support, Administration, Operations, Architecture, Engineering, etc. Activities Assumptions • Remove class 5 switch and Consolidation telephone service across the State footprint. • Optimize the use of power, connectivity, space and cooling requirements. • Define service parameters and support model. (Real estate consolidation, Reduce energy consumption, Improve facilities efficiency, Integration of wire line and wireless telephony facilities and management. • Distribute platform capabilities throughout the network, Class 4 and5 features, signaling, 800 service RTP for VOIP/SIP services using soft switch technology into an IP network. • Develop a RFP process to Design, Procure equipment and deploy the new network. • Conduct change management (training on new technology and processes). • Optimization of work load. • Leverage existing, State-owned facilities Timelines • Q1 – Q4 2013 Metrics to measure achievement • Strategy established and agreed to • A state entity identified • Design and deployment of the core completed • Agencies successfully migrated • Cost savings/ added b/w after migration • Agency satisfaction with cloud services Dependencies • Fiber availability for major PoPs that make the MPLS Backbone. • Establish a single entity that controls and manages the WAN for the cloud. 6

  7. M Centralize Internet Access and IDS/IPS Security Risk Assessment Description Benefit Theme(s) Supported • Establish a State-wide redundant Internet gateway. • Consolidate all internet access from multiple agencies. • Deploy/extend IDS/IPS to central internet access. • Deploy/extend webfilter for central access. • Deploy/extend a single pair of high throughput firewall(s). Stakeholders Investment • ISD/OneNet/Outsourced • All Agency IT departments • Support, Administration, Operations, Architecture, Engineering, etc. Activities • Document all internet access points for the State and the b/w. • Determine if the internet access is exclusively for remote site-site VPN to connect to central office and exclude them consolidation. • Formulate migration plan to shutdown local internet access and migrate to central access. • Design and deploy central internet access with a minimum of 25% b/w headroom. • Execute the migration plan. Assumptions • Leverage current Internet access. Timelines • Q1 – Q4 2011, Q1-4 2012, Q1-2 2013 Metrics to measure achievement • Strategy established and agreed upon. • A central access point identified. • Design and deployment completed. • Agencies successfully migrated. Dependencies • MPLS or single backbone network. • Shared services. 7

  8. M Centralize Security Operations Center Security Risk Assessment Description Benefit Theme(s) Supported • Establish a State-wide security operations center. • Consolidate agency-specific security. • Standardize security infrastructure to two vendors at most. • Identify tools for security monitoring. • Identify a state-wide authority for security console and reporting. • Strongly consider outsourcing security console to a 3rd party reporting directly to the State Security Officer. Investment Stakeholders • ISD/Outsourced • All agency security Activities • Document all security devices and tools in current use at all agencies. • Formulate a standardization plan for security devices. • Formulate a consolidation plan for security in conjunction with shared services. • Establish a common SIEM solution. • Execute the consolidation plan. • Deploy the central console or identify a outsourcer and finalize security event s escalation plan. • Establish event correlation and alerting criterion and process. Assumptions • Leverage existing tools. Timelines • Q1 – Q4 2011, Q-4 2012 Metrics to measure achievement Dependencies • Strategy established and agreed upon. • Standardization adopted. • SIEM solution deployed. • Agencies successfully migrated to SIEM. • Shared services. • MPLS backbone. 8

More Related