State of OklahomaCIO Assessment Study Network Recommendations
Network, Security, and Telecommunications Baseline Current State Vision for the Future ROADMAP - Blueprint • We are observing very fragmented network services within and across State agencies. • Multiple platforms for network, telecommunications, and security within an agency and across agencies. This usually results in higher TCO and poor support model. • No state-wide compliance model for network, telecommunications, and security. • No State-wide (One Net excluded) shared WAN/extranet . • Several agencies maintaining their own PBXs and circuits. Telephony is a good example for shared service. • Too many access points to the Internet casing a potential huge liability risk.. • We seek a network and security infrastructure environment that will enable centralized governance and shared services. • Standardization, rationalization and consolidation is required to achieve the future state vision of centralized technology. • Future vision includes centralized and common/shared services like telecommunications, shared extranet, Insourced or outsourced MPLS cloud used by multiple agencies. • Services requiring agency-specific competencies will remain at the agency level. • Build an infrastructure foundation leveraging a common language and reference architecture to enable: • Simplified, optimized, standardized enterprise IT infrastructure (including telecommunications, network, and security). • Centralized application and infrastructure services. • Common, effective management practices. • Future vision to be enabled through delivery of an integrated project roadmap comprising infrastructure rationalization and capability development initiatives.
Infrastructure Baseline – Details (Current State Observations) We are observing disparate technology within and across State agencies as evident by the following facts: • Multiple vendor equipment for network, network services, security, and telecommunications (traditional and VoIP). • One Net adoption is limited to internet connectivity for larger agencies. There is no shared WAN/extranet in place. • Network services like print/fax/scan is not well-established. Local printers are prevalent across agencies. We found no cohesive lifecycle management across the technology landscapes, evident by the following facts: • Lack of tools to manage network upgrade cycles. • Lack of compliance and lifecycle management tools. • Critical network equipment that is out of support from vendors. No central governance model for the technology portfolio (lies within the agencies), as evident by the following facts: • Very limited statewide support contracts for network and security devices. • OSF has a very good security control tools in place but other agencies have largely voluntary compliance reporting. • Network monitoring, change control and service control policies are largely controlled, if at all, by various agencies. No State-wide shared services, as evident by the following facts: • Even common services like WAN/extranet, telecommunications, or VoIP are operated and maintained by all large agencies. • Limited central and shared security services for things like remote access and DMZ.
Infrastructure Baseline – Details (Future State Objectives) We seek an infrastructure environment that will enable centralized governance and shared services as supported by the following trends: • Shared WAN via MPLS backbone and or extranet. • Consolidate end connectivity (circuits/VPN) to a local MPLS PoP via VRF virtualization to remote State offices. • Centralize remote access service and DMZ firewalls and IDS/IPS. • Implement State-wide lifecycle and inventory management. • Implement a common statewide compliance monitoring tools. Infrastructure standardization, rationalization and consolidation is required to achieve the future state vision of centralized technology as supported by the following trends: • Limit network, security, and telecommunications vendors to one or most at two. • State-wide support contracts. • Standardize print/scan/fax and telephony. Make print/scan/fax as a network based services and limit local print/scan/fax. Future vision includes centralized and common/shared business services used by multiple agencies as supported by the following trends: • Move small and medium agency datacenter into a central location. • Create or designate single entities for security services and telephony. *Services requiring agency-specific competencies will remain at the agency. This has to be defined and well understood
M State-wide Optical and MPLS Backbone Network Risk Assessment Description Benefit Theme(s) Supported • Establish a single, State-wide optical backbone using State-owned fiber. • Deploy WAN virtualization technologies to allow for traffic engineering. • The MPLS backbone can be designed to be virtualized via VRF for each State entity. • Establish major PoPs for the backbone and consolidate connectivity to the nearest PoP. • Consolidation of last mile circuits for remote locations having multi-agency presence. • Leverage local telcos for last mile connectivity for best price/performance. Stakeholders Investment • ISD • OneNet • Other agencies (TBD) Activities Assumptions • Document WAN connectivity for all the agencies – Leverage ATT study. • Assess environment with regard to existing infrastructure, components and costs. • Identify a single state entity that would operate the MPLS networks. • The entity will establish baseline architecture based on requirements from all the agencies. • Define service parameters and support model. • Define rollout and agency-level migration plan. • Design, procure equipment and deploy the MPLS backbone. • Conduct change management (training on new technology and processes). • Monitor KPIs and adjust process as needed. • Leverage existing, State-owned fiber. • Investments reflect network equipment and labor only and exclude facilities. Timelines • Q2Q3 2011– Q4 2012 Metrics to measure achievement • Strategy established and agreed upon. • A state entity identified. • Design and deployment of the core completed. • Agencies successfully migrated. • Cost savings/ added b/w after migration. Dependencies • Fiber availability for major PoPs that make the MPLS Backbone. • Establish a single entity that controls and manages the WAN for agencies via MPLS.
M VOIP Telephony Risk Assessment Description Benefit Theme(s) Supported • Establish a State-wide VOIP SIP telephony network leverage CapEX and OpEX savings. • Distributed infrastructure, platforms, and applications as shared services. • Curb the exponential growth of energy consumption and energy cost which are trending at 9% and 4% annually respectively. • Ability to scale up and down as business demands changes and maximize efficiency. • Services delivered based on standardized SLA’s. • Integrate wireless, CDMA /GSM/LTE services, SIP trunking via Session Border Controller. • State-wide Optical and MPLS Backbone Investment Stakeholders • ISD/OneNet • All agency IT departments including Support, Administration, Operations, Architecture, Engineering, etc. Activities Assumptions • Remove class 5 switch and Consolidation telephone service across the State footprint. • Optimize the use of power, connectivity, space and cooling requirements. • Define service parameters and support model. (Real estate consolidation, Reduce energy consumption, Improve facilities efficiency, Integration of wire line and wireless telephony facilities and management. • Distribute platform capabilities throughout the network, Class 4 and5 features, signaling, 800 service RTP for VOIP/SIP services using soft switch technology into an IP network. • Develop a RFP process to Design, Procure equipment and deploy the new network. • Conduct change management (training on new technology and processes). • Optimization of work load. • Leverage existing, State-owned facilities Timelines • Q1 – Q4 2013 Metrics to measure achievement • Strategy established and agreed to • A state entity identified • Design and deployment of the core completed • Agencies successfully migrated • Cost savings/ added b/w after migration • Agency satisfaction with cloud services Dependencies • Fiber availability for major PoPs that make the MPLS Backbone. • Establish a single entity that controls and manages the WAN for the cloud. 6
M Centralize Internet Access and IDS/IPS Security Risk Assessment Description Benefit Theme(s) Supported • Establish a State-wide redundant Internet gateway. • Consolidate all internet access from multiple agencies. • Deploy/extend IDS/IPS to central internet access. • Deploy/extend webfilter for central access. • Deploy/extend a single pair of high throughput firewall(s). Stakeholders Investment • ISD/OneNet/Outsourced • All Agency IT departments • Support, Administration, Operations, Architecture, Engineering, etc. Activities • Document all internet access points for the State and the b/w. • Determine if the internet access is exclusively for remote site-site VPN to connect to central office and exclude them consolidation. • Formulate migration plan to shutdown local internet access and migrate to central access. • Design and deploy central internet access with a minimum of 25% b/w headroom. • Execute the migration plan. Assumptions • Leverage current Internet access. Timelines • Q1 – Q4 2011, Q1-4 2012, Q1-2 2013 Metrics to measure achievement • Strategy established and agreed upon. • A central access point identified. • Design and deployment completed. • Agencies successfully migrated. Dependencies • MPLS or single backbone network. • Shared services. 7
M Centralize Security Operations Center Security Risk Assessment Description Benefit Theme(s) Supported • Establish a State-wide security operations center. • Consolidate agency-specific security. • Standardize security infrastructure to two vendors at most. • Identify tools for security monitoring. • Identify a state-wide authority for security console and reporting. • Strongly consider outsourcing security console to a 3rd party reporting directly to the State Security Officer. Investment Stakeholders • ISD/Outsourced • All agency security Activities • Document all security devices and tools in current use at all agencies. • Formulate a standardization plan for security devices. • Formulate a consolidation plan for security in conjunction with shared services. • Establish a common SIEM solution. • Execute the consolidation plan. • Deploy the central console or identify a outsourcer and finalize security event s escalation plan. • Establish event correlation and alerting criterion and process. Assumptions • Leverage existing tools. Timelines • Q1 – Q4 2011, Q-4 2012 Metrics to measure achievement Dependencies • Strategy established and agreed upon. • Standardization adopted. • SIEM solution deployed. • Agencies successfully migrated to SIEM. • Shared services. • MPLS backbone. 8