the future of govnett – where are we heading?. govnett 2.0 current state obscure governance...
TRANSCRIPT
The Future of GovNeTT – Where are we
Heading?
2
GovNeTT 2.0 Current State
• Obscure Governance Framework• Design is Difficult to Evolve to Changing Needs• Difficult for some IT Managers to Enact Required
Changes• Site-to-Kit Lock-in – Difficult to Unbundle and Reduce
Managed Costs• Difficult to Expand Service Set/Increase DC Utilization• Architecture not Fully Suited to Shared Environment• Time Required to Fulfil Requests
3
What Are Root Causes?
Two Main Categories Include
• Governance Framework
• Technology and Architecture
4
Governance Framework
• Need for Approved Governance Framework and Structure
• Shared Service Model Buy-in from Agencies• Apply Common Framework for Building ICTs• Security Framework for All of GoRTT ICT
Initiatives
5
GovNeTT Technology
From a Technology Perspective there is need for• Dynamic ICTs• Improved Flexibility• Agility of Deployment and Access to Service• Scalability • Enhanced Security• Modular Approach to Service• Reduced Development and Operational Costs
6
Current Technology/Design – GovNeTT WAN
7
Current Technology/Design Issues
• Design is Difficult to Evolve to Changing Needs• Inadequate Data Centre hosting facility• Site-to-Kit Lock-in – Difficult to Unbundle and
Reduce Managed Costs• Difficult to Expand Service Set/Increase DC
Utilization• Architecture not Fully Suited to Shared
Environment
8
Current Technology/Design Issues – GovNeTT WAN
Networking:-• Inefficient resource usage, route
determination• Complex redundancy configurations & VPN
design• Unnecessary hops for sub office to sub office
communication between different ministries• High network latencies for all central resource
access
9
Current Technology/Design Issues – GovNeTT WAN
Security:-• Unnecessary routes in the network• Increased possibility of data compromise
Shared services:-• Distributed caching potential for redundant cache
entries in multiple locations• No centralized administrative Internet resource control• Unnecessary ICT investment for Internet resource
control
10
Current Data Centre Layout
11
Current Technology/Design Issues – Data Centre Layout
Networking:-• Complex logical interconnections• Difficult to include new segments• Server Farm connectivity not associated with low-
latency, high speed access• Central switches used to connect all segments• Routers terminate majority of user traffic indirectly• Servers share common switch infrastructure regardless
of function• Remote access/extranet connectivity is complex
12
Current Technology/Design Issues – Data Centre Layout
Security:-• Logical segmentation not as secure as physical segmentation• Limited Firewall Tiers• Multiple segments interconnected to single Firewall clusters causing
increased risk of unauthorized access• Complex security rule base causes open rules to maintain access• Firewall breach can cause multiple points of possible security breach• Multi-purpose security equipment not as stable or secure as dedicated
devices• DMZ and other similar lower security level segments are inter-connected
to common physical switches as segments with higher security levels• Firewall cluster tiers are built on common technology, a breach in one
Firewalled segment can allow breach in other segments using the same technology
13
Proposed High Level Services Technology/Design
14
Proposed High Level Services
Demand aggregation will be used to derive:• What common services are required by GoRTT• What are the collated system requirements• Supporting architecture:– In house? – Outsourced? – Cloud?…Hybrid Approach
15
Proposed High Level Data Centre Topology/Design
16
Proposed Data Centre Low Level Topology/Design
17
Features of Proposed Technology/Design
By doing:-• Direct mapping to future G-Cloud• Direct mapping to shared services and collaborative
environments• Multivendor approach fostered by tight SLA Management• Last Mile determined by Ministry (Agency deals directly
with vendors based on iGovTT agreements)• Full network segmentation
– Infrastructure/service segmentation– Data Centre segmentation– Decoupling of Services
18
Timelines
19
Q&A
20
THANK YOU!