national e-gov conference 8th august 2019 goel... · 2019-08-20 · national e-gov conference 8th...
Post on 24-Jun-2020
5 Views
Preview:
TRANSCRIPT
National e-Gov Conference
8th August 2019
GI Cloud - MeghRaj
Sanjay Goel
Joint Secretary
Ministry of Electronics and Information Technology
(MeitY)
Structure
2 Use Cases of Cloud Adoption &
Network access based on
applications
4
7
Growth of Data Centres & Cloud
Security Requirements,
Disaster Recovery & its need
9
8 3
Cloud Computing Scenario in
International Domain
Key empanelment requirements &
list of Empaneled CSPs
Govt. Data Centre and Cloud
Infrastructure
1 What is Cloud Computing Legal & Policy Interventions 6
5 Procurement of Cloud Services
Way Forward –
One Government One Cloud
10
Essential Characteristics:
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Cloud computing is a model for enabling convenient, on-demand network access to
a shared pool of configurable computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction.
What is Cloud Computing
Virtualization Geogr. Distribution
Description Traditional IT Cloud
Utilization of IT Resources Low Optimum
Procurement Cycle Long Quick
Capital outlays for
hardware & applications
Yes No
Flexible IT infrastructure No Yes
Built-in scalability No Yes
Maintenance Maintenance is
required
Focused on usage
rather than
maintenance
Pricing model Fixed Variable
Technology Obsolescence Taken care by the
organization itself
Taken care by the
Cloud Service
Provider
How traditional IT differs from cloud computing?
Public Cloud
Virtual Private Cloud
(Logical separation in public cloud)
Government Community Cloud
Cloud Deployment & Service Models
Empaneled Cloud Deployment
Models
SaaS - software is licensed on a subscription basis and is centrally hosted
PaaS – a platform to develop, run, and manage applications without maintaining technology infrastructure
IaaS – for provision processing, storage, networks, and other fundamental computing resources
3 2 1
Platform as a Service
Software as a Service
Infrastructure as a Service
• Virtual Machines • Storage • Backup • Networking
• Database • Application Server • Web Server • DevOps
• Email • Office Suite • ERP • CRM
Cloud Service Models
United States United Kingdom Australia Singapore Canada
Cloud First -
initiative 2011 -
focus on Public
Cloud
Data centre
consolidation
triggered
Public Cloud Service
Providers - certified
by Govt. (FedRAMP *)
Cloud First replaced
with Cloud Smart in
2018
Cloud Smart focuses
on service, security &
cost while giving
dept. multiple
options to procure
Cloud First policy
created in 2013
Cloud First
launched for using
public cloud
Departments are
free to choose an
alternative to
cloud but need to
demonstrate the
value
Launched Digital
Marketplace for
Cloud
procurement
Cloud First policy
promulgated in
2014 and then
revised in 2017
Government
agencies must
adopt cloud where
it is fit for purpose
Principles based
approach for Cloud
adoption, e.g. Use of
public cloud
services as default
No explicit “Cloud
First” policy
Implemented a
private government
cloud called Central
G-Cloud for whole-
of-government use
Also leverages
commercially-
available public
cloud offerings
Moved to “Cloud
First” in 2017
Public cloud
services will be the
priority choice for
departments
Departments will
use private clouds
where needs cannot
be met by public
clouds
Cloud Computing – International Scenario
* FedRAMP : Federal Risk and Authorization Management Program is a government-wide program that provides a standardized approach to security
assessment, authorization, and continuous monitoring for cloud products and services.
2013 2014 2016 2017 2018 2019
10 CSPs Empaneled
• CMO Setup • Onboarding of
Cloud packages on GeM
NIC - First National Cloud
Launched
• 3 Additional CSPs Empaneled
• SLA, MSA & Procurement Guidelines published
• Cloud Service Bouquet • Onboarding on GeM is
under process • Open empanelment
process to be initiated
Cloud First Policy published with implementation roadmap
Indian progress - GI Cloud Journey so far…
Cloud enabled SDCs
Size of SDCs in India
: 1500 sq. ft. to 4000
sq. ft.
4 NDC already Setup
with overall capacity
of 1000 racks
Guwahati & Bhopal
NDC to be set up
13 CSPs empaneled
To accelerate delivery of e-services provided by the Government and
to optimise ICT spending of the Government.
GI Cloud – The Cloud Computing Initiative by Govt. of India
Certification Requirements: ISO 27001, ISO 20000:1, ISO27017, ISO 27018, TIA
942/Uptime Institute
Data Residency : Hosting of government data within the country mandatory.
There shall not be any outside legal framework applicable on CSPs (undertaking provided
by CSPs)
CSPs shall be required to offer their services in two categories (Basic and Advanced) as per
the Cloud Service Bouquet prepared by MeitY
DC and DR to be separated by a distance of 100 Kms
CSPs are required to offer the empaneled Cloud services to government organizations
through GeM platform
CSPs to comply with minimum security requirements specified in the empanelment RFP.
User departments may specify additional security requirements based on their applications
Successful STQC audit is prerequisite for offering Cloud Services to Govt. Dept.
Key Requirements for CSP Empanelment
1. Amazon Internet Services Pvt.
Ltd.
2. Bharat Sanchar Nigam
Limited (BSNL)
3. CtrlS Data Centers Limited
4. Cyfuture India Private Limited
5. ESDS Software Solutions
Private Limited
6. IBM India Private Limited
7. Microsoft Corporation (India)
Private Limited
8. Net Magic IT Services Private
Limited
9. Nxtra Data Ltd.
10. Tata Communications Limited
11. Web Werks India Private
Limited
12. Hewlett Packard Enterprise
India Private Limited
13. Sify Technologies Limited
List of Empaneled Cloud Service Providers
13 CSPs have been empaneled
Procurement of Cloud Services
Government Department
Managed Service Provider (MSP)
System Integrator (SI)
Indirect
End to End
Services
Modes of Procurement
Clo
ud S
erv
ice
Pro
vid
er
(CS
P)
NIC Cloud
Govern
men
t
e-M
ark
etp
lace (G
eM
)
Access to
empaneled
CSP services
Direct
NDC 1 NDC 2 NDC n ……
Cloud Adoption - Use Cases
Applications having
seasonal/cyclic requirements,
e.g. Education Department
Test & Development
environments
Applications requiring
centralized architecture, e.g.
NSP Portal
Low to medium usage of
bandwidth requirements, e.g.
Smart City IoT Data
Applications having varying
data retention requirements,
e.g. insurance data to be kept
for 7 years or more
For applications having Top
Secret/Secret Data
Highly decentralized
architecture
Applications which run on
perpetual basis (may not be
cost effective)
Any regulatory/licensing
requirements that prohibit
Cloud usage
Quick Wins for Cloud adoption Cloud adoption with careful assessment
Network access based on Application Criticality
• Access directly through internet like broadband / wifi networks, mobile devices, etc.
Citizen facing portals
• Access through VPN/trusted networks like P2P connectivity, leased lines, etc.
Secured Applications
• No access through internet
• Access through only closed network groups, e.g. dedicated WLAN by the Govt. Organizations
Air Gap Systems
ISO 27001:2013
ISO/IEC 27017:2015 Certification
ISO/IEC 27018:2014 Certification
ISO 20000:1 Certification Details
Min. Tier III Uptime Certification
Security Requirements for Empaneled CSPs
Data Center Facility must be within India
only
Adherence to IT Act 2000
Adherence to security guidelines specified by CERT-In/MeitY/
GoI
99.5% availability
Audit of CSPs by STQC
Global Compliances Compliances specific to India
Security in Cloud is a Shared Responsibility
Govt. Department* Cloud Service Provider(CSP)
Identity and access management -
Specifying the roles of users for managing
access to application, data and platform
Security of infrastructure components
(compute, storage, network, etc.) including
upgrade, maintenance and patch
deployment
Ensuring the security of endpoints that
are used to access Cloud services
Virtualization & hardening of hypervisor
Configuring operating system, network,
firewall & security settings associated with
the Cloud service being consumed
Physical and Logical network
segmentation
Applying data and server side encryption Perimeter security services
Reviewing and validating security
configurations created by CSP/MSP
Providing tools for backup, migration and
replication
Reviewing the security incident and
monitoring reports submitted by CSPs
Offering Disaster Recovery Services
* For some of the activities, Govt. Department may require help of Managed Service Provider (MSP)
Disaster Recovery
Hot Site /
Near DR Site
Warm Site /
Far DR Site
Cold Site /
Far DR Site
RTO 30 Minutes to 6 -12 Hours or more
Greater than 24 Hours
RPO Min. 15 min Significant data loss
Depending on the criticality DR Site should be planned for every application
It minimizes recovery time & possible delays
It prevents potential legal liability
Improves security
Avoids potentially damaging last-second decision-making during a disaster
Zero /Near Zero
Zero /Near Zero
~600 million
users
New
Technologies 5 G, IoT,
Geo-
Spatial
Avg. person interaction
with connected devices
From 300
times a
day
to 4800
Increasing Business,
Start-ups
4200+
Startups,
&
Business
Govt.
e-Services
Digital
India
Zetta
Bytes* of
Data
Need for growth of Data Centres
Total
Internet
Users
* 1 Zetta Byte = 1021 Bytes = 106 Peta Bytes
Way Forward -
One Government One Cloud: Meghraj
All future applications should be on Cloud
No expenditure should be planned on procuring dedicated hardware
All Data centers should be Cloud Ready
Mini Data Centers of NIC to be merged with NIC Cloud
New Data centers to be set up in Guwahati and Bhopal under NIC
Cloud
Smart city initiatives to use Cloud Computing for both DC and DR
sites
More CSPs to be empaneled
On-boarding of CSPs on GeM portal
Capacity Building of the Government Departments
Thank You
top related