designing an efficient it infrastructure
TRANSCRIPT
Designing an Efficient IT Infrastructure
Lee Yee Ming24 April 2014
Page 2
Conten
tsDesigning an Efficient IT Infrastructure:
• Identifying Needs 1. MDIC’s Mandate and Operations2. MDIC’s IT Risk Management
• Designing Strategies and Approaches1. Strategy & Governance2. Process3. People4. Technology
• Key Lessons Learnt
Page 3
MDIC’s Mandate and Operations
MDIC IT’s Risk Management
Page 4
Low Risk to Moderate Risk MIs Non‐Viable MIs
Non‐Viability Notice by BNM
Early Intervention Trigger
Risk Assessment and Monitoring
Preparation for
InterventionIntervention
Payout, Resolution and Post Resolution
High Risk MIs
MDIC’s Mandate and Operations
Collaboration facilities (e.g. e‐mails and other communication tools, knowledge repository, etc.)
Risk Assessm
ent S
ystem
& Evaluation Mod
el
SFF Subm
ission
and
Tracking
System
(STA
R)
Dep
osito
r Informations and
Liab
ility System (D
LIMS)
Dep
osito
r Sup
port and
Man
agem
ent S
ystem (D
SMS)
Payout Paymen
t Man
agem
ent S
ystem
(PPM
S)
Electron
ic In
terven
tion&
Failu
re Resolution System
(e‐IF
R workflow, che
cklists,
documen
ts & te
mplates
man
agem
ent)
MDIC IT’s Risk Management
Page 5
Operational Risk
Not meeting Requirement
System Failure
IT Infrastructure Downtime
Avoid
Accept
Page 6
• People
• Technology
• Strategy & Governance
• Process
Page 7
• Strategy & Governance
Strategy and Governance
Page 8
IT Governance‐ IT Steering Committee
‐ IT Strategic Plan* IT Governance Institute (ITGI),
Capability Maturity Model Integration (CMMI)
‐ Systems Development Life Cycle‐ Project Steering Committee‐ Project Management Team‐ Change Management
* PMBOK, Prince 2
‐ Security and access management‐ Configuration and capacity management‐ Inventory Management ‐ Event and problem Management ‐ Development Methodologies
* ITIL, rational, agile
* MDIC adopts and aligns practices to fit the corporation
Project ManagementSystems and Infrastructure Management
Page 9
• Process
IT Governance Framework
1. Strategic Alignment which links IT planswith the enterprise business strategy.
2. Value Delivery via optimization of costs, managing and maintaining IT value during execution of the value proposition throughout the delivery cycle when implementing IT projects.
3. Optimal investment and proper management of IT assets by maximizing IT knowledge and IT infrastructure Resource Management
4. Safeguarding of IT assets by adopting sound Risk Management practices
5. Monitoring and concentrating on IT successes in implementing IT strategies via an accepted Performance Measurementtool
* Based on the MDIC’s approved IT Governance Framework1** MDIC primarily adopts and aligns IT Governance Institute (ITGI), Control Objectives for Information and Related Technology (COBIT‐ISACA2) and Capability Maturity Model Integration (CMMI – SEI3) practices to fit the corporation.
1 approved in October 20062 Information Security Audit and Control Association3 Software Engineering Institute
Page 10
1
2
3 4
5
Project Management Methodology
Project Steering Committee Organization
– Project Sponsor– Project Owner– Head of IT– Chief Internal Audit (CIA)– Project Manager– Key users– Vendor Senior Management (where applicable)
Roles– Project direction– Project oversight– Program schedule direction– Variation management– Project assurance– Risk management
Others– Meets every 2 months or as required
Project Team Organization
• Project Manager• Key users • Representative from Audit & Consulting Services• Vendor Project Manager (if applicable)• Development Team Leader• Technical Project Manager• Vendors (where applicable)
Roles• Schedule and resource management• Systems implementation• Requirement management• Change management• Acceptance tests• Issues management
Others• Complies to development standards• Meets every 2 weeks
Business Requirement Specification
User Requirement Specification
System Analysis and Design Development Prototyping User Acceptance
Test (UAT) LIVE
Project Governance & Project Assurance
* MDIC primarily adopts and aligns Project Management Body of Knowledge (PMBOK‐PMI) and Projects in Controlled Environments (PRINCE2‐OGC) practices to fit the corporation.
Page 11
Page 12
Service Request Management
‐User Request‐Event and problem management
Service Level Management
‐ Terms and payment‐ Quarterly Review
Configuration Management
‐ Inventory‐ System configuration ‐ Half yearly review
Change and Release Management
‐ Gatekeeper between development, staging and production environments‐ Version management of source codes‐ System updates
Usage Policy & Procedures
‐ Guidance for users(front end and back end)
Availability and Capacity Management
‐ Ensure high system uptime via configuration or system redundancy‐ System capacity reviews‐ Performance management
Project Management‐IT infrastructure projects
‐IT infrastructure strategic plan
Continuity Management‐ Disaster recovery plan and facilities‐ Backup and recovery plan and procedures
Security Management‐ Physical security‐ Information access management‐ Penetration tests‐ Data protection
* MDIC primarily adopts and aligns IT Infrastructure Library (ITIL‐OGC) and COBIT practices to fit the corporation.
IT Infrastructure Management
Page 13
• People
Page 14
Users• Board and Senior Management• Relevant teams from various functions• Support team• Contract personnel
Internal Support Team• IT Virtual Organisation• Consultants• Application Vendors/System Integrators
Principle Suppliers • Software/application principles
• Microsoft Premier Support• Hardware Providers
• IBM maintenance support • Network maintenance and support• Managed Security provider • PC and notebook panel suppliers
Page 15
• Technology
MDIC’s IT Components
Page 16
IT Infrastructure and Server
Collaboration Facilities
Systems and Applications
IT Security
IT Components
1 2
3 4
IT Infrastructure and Server • Network
– 2x internet uplink from 2 different providers– 2x high availability (HA) gateway– 2x perimeter firewall, 2x internal firewall– 2x internal core switch– 2x switch each segment (server, floors)
• Server– All Risk Assessment and IFR related production
servers uses Active‐Active (AA) front ends
• Storage– Clustered databases (Active‐Passive)– Storage Area Network (SAN)– Combination of mirrored and RAID 5 or 10 disks
• Disaster Recovery (DR) Center – 4H (min) ‐24H (max) Recovery Time Objective– Data Synchronization from Primary Site to DR servers
every 15‐30 mins.
Page 17
Internet
1
Collaboration Facilities
Intervention and
Failure Resolution
Blackberry &
Smartphones
MS Lync
Enterprise Portal
e‐IFR
Remote Access
Page 18
2
Intervention and Failure
Resolution (IFR)
Systems and Application
Page 19
Payout System
Risk Assessment System & Evaluation Model
Intervention Template and Document Management
Data submission and Data Control Management
3
IT Security
Data Center Firewalls2 (perimeter,internal)
Anti Virus (front‐end, Servers, Databases)
Virtual LAN (LAN Segmentation via purpose)
Application Access Level management
Access Card systems Intruder prevention & detection
Anti‐SpamMail filtering
Active Directory InformationClassification
Security Personnel 24X7 Monitoring viaManaged Security Services
Internet Reputational Services
Corporate Information Security Policy
Page 20
4
Keep track of workstation’s inventory (hardware and software):
Microsoft System Center Configuration Manager (SCCM)
Microsoft System Center Operations Manager (SCOM)
“Begin with the end in mind”Take time to identify your need with the vision for the future
“Plan with resources, capacity and capability in mind”Building an IT infrastructure on piecemeal basis is costly
“IT should work hand in hand with people”An efficient IT infrastructure should facilitate your work and not making your work harder
IT is part of a solution
Page 21
1
2
3