renater rie the french interdepartmental government network terena tf-msp 6-7 may 2013
DESCRIPTION
RENATER RIE The French Interdepartmental Government Network TERENA TF-MSP 6-7 May 2013. RIE : Starting point. - PowerPoint PPT PresentationTRANSCRIPT
RENATER RIEThe French Interdepartmental
Government Network
TERENA TF-MSP 6-7 May 2013
2
RIE : Starting point
On May 25th, 2012, the Council of Ministers has decided to implement a “secured interdepartmental telecommunication network, unifying departmental networks and ensuring the continuity of public action in case of severe Internet failure”. The network will replace overall existing departmental networks (17 000 sites).
Project timeline2012 2013 2014 2015
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1
SCN creation
Technical model definitionContracts
preparation
Launch of consultations on infrastructure building
Contracts notifications
Economic analysisBudget validation
Backbone and fiber optic infrastructure construction
Sites step-by-step connection to the network
First perimeter department sites
Other sites
Financial and technical framework definitionImplementation phase: infrastructure building and time-phased connection of department sites to the network
4
RIE : goals
Renovation of public action :Secured and unified network dedicated to public administrationsNational scope : metropolitan and overseas territoriesLong term and high performance infrastructure based on RENATER
Concrete answer to strategic government issues :
Simplified collaboration between public administrationsSecured network : improve security against « internet »Controlled operational costs : sharing network between different entities
Improvement for end-users :Single operator for public administrations : SCN RIEUser-oriented evolving services : at the core of digital transformation
5
RIE : a dedicated government agency
With national authority:• SCN RIE = Service à Compétence Nationale - Réseau
Interministériel de l’Etat• SCN RIE = national (metropolitan and overseas) authority• National and international connectivity between all public
administrations
SCN RIE assignments:• Design and roll-out of network• Management of network including security and operating
conditions• Implementation of shared services
Key success factor:
Architecture based on high-speed fiber optic backbone
Points of connection with the backbone hosted in departments datacenters
17 000 sites connected to the points of connection via operators networks (end-to-end)
Perennial and flexible architecture supporting the implementation of high-speed connectivity and the development of new services.
Mobile access External hosts
International networks
Remote sites
Partners
Administrations
Selection of an architecture which meets financial efficiency and technical flexibility requirements
6
Key success factor (2): 4 basic principles
1. Long-term operability, supported by sustainable technological options, high-speed backbone and addressing scheme optimizing cross-department exchanges.
2. Network resilience, thanks to a high degree of autonomy from third-party networks and overall IT security management ensuring defence in-depth.
3. Flexible connection options: various types of connections are offered to department sites to respect their constraints and meet their needs (network throughput, availability and service level)
4. Progressive connections to the network: departments impacted by the territorial administrations reform and Culture and Communication department will be connected first. Remaining departments will be connected afterwards according to the expiry date of their operator contract.
7
Two major challengesLocal administrations optimisation and mutualisation requirements strengthened by territorial administration reform
Government IT systems security
FactsCurrently, departmental networks are operating
separately, they are expensive and unable to evolve according to organizational changes. More their services offer is fragmented while the need for interdepartmental coordination is stronger.
Challenges Develop interdepartmental exchanges as part of
territorial administration reform, following previous initiatives on infrastructure level (AdER/SIGMA network) and service level (Chorus, ONP)
Ensure service continuity and a high quality level Control IT costs
Facts A steady increase in cyber attacks against
government IT systems A exponential growth of the number of entry points
on departmental networks Different IT systems security levels according to the
department considered Strengthened information systems defence and
security measures since 2011 (information system security policy (PSSI), general security database (RGS), French Network and Information Security Agency (ANSSI))
Challenges Protect French government data heritage Prevent cyber attacks Preserve confidence in government data and
services 8
RENATER Metropole
9
RENATER overseas
10
RENATER near Paris
11
• Based on the French NREN RENATER• Fiber optic infrastructure• Acknowledged expertise• Economic benefits > €20 million
• Dedicated wavelength for flow transportation• Functional autonomy• Security
• Additional links to be built
• Interconnecting points with the backbone located in department data centers
Network infrastructure construction phase
12
• A flexible and evolving architecture based on optic fiber
• Points of connection with the backbone hosted in departments data centers
• Building on existing capabilities for key functions of network operations management
• Backing on RENATER has been instructed and validated− An agreement between RENATER and DISIC is in
progress• First contracts notifications have been issued
• Fiber optic infrastructure installation has been Iinitiated
• The construction of the backbone has been launched
Interdepartmental telecommunication
network
13
Global architecture
14
Global architecture with lambdas
15
Example : NR and PIB
vers Nantes
vers Montpellier
PIB-Toulouse
NR-Toulouse
NR-Bordeaux
PIB-Bordeaux
Shelter
Shelter
16
NR = Nœud Réseau = Network NodePIB = Interconnexion point to backbone
Cyberdefense is structurally integrated to the government network• The French Network and Information Security Agency (ANSSI) is
associated to all work in progress to integrate intrusion detection systems.
• The information systems security is part of a specific working group which involves all departments.
• Best practices and security requirements are natively part from network specification.
• During the operational phase, security teams will ensure the maintenance in a state of operational security in close partnership with the French Network and Information Security Agency • A security operating center will be created
Focus on security
17
Use of NREN for ministry of defense !!!!! Or some other ministries … needs a security audit of RENATER backbone (NR vs PIB)
RENATER must fit security requirements of ALL ministries • Physical security • Access and redundancies • Electricity• … • Need a regular reporting; monitoring of lightpaths
• Data much critical than for ESR … ?
Focus on security (2)
18
19
• Questions ?