georgia technology authority 1-877-gta-3233 consolidated service desk 1-877-opingta your opinion...

Georgia Technology Authority

1-877-GTA-3233Consolidated Service Desk

1-877-opinGTAYour Opinion Counts

GETS Transformation Kick Off Active DirectoryeMail and Blackberry MigrationFirewall and Network Changes

04/21/2010




GETS Transformation Kick Off Active Directory

Ray Louder

04/21/2010

3 Georgia Technology Authority

IBM AT&T

E-Bond

Integrated Projects

· Capitol Hill NW Remediation· Managed Security Node /

Managed Internet Service· IPSec S2S Encryption

· DNS/DHCP· Re-IP

· Server Tools· Print Services· Storage Mgmt· Disaster Recovery· Security Services· Asset Management· GSMRT· Configuration Management· Remote Resources· EUC· Refresh

· LAN/WAN Refresh w/out IP overlap· SSL VPN· IPSec Remote User· Private Internet Protect· PBX/KEY System Refresh· Capitol Hill Re-Design· Interactive Voice Response / Contact

Center· Videoconferencing

· GETS HE· SCON/StorCon· Active Directory· E-Mail/BlackBerry

· OC12

GETS Integrated Projects


Active Directory (AD) Project Overview

• AD is a Security and Authentication Database that provides security and authentication for any object that subscribes to the service

▪ Users, workstations, servers and applications are examples

• The AD services consolidation project will ensure a highly robust directory services platform

▪ Dynamic in nature to allow for changes in Federal and State guidelines and regulations such as FIPS and NIST Standards


Active Directory (AD) Project Overview

• Multiple directory services will be consolidated into a single, enterprise directory

▪ Coinciding with the implementation of a well-managed resource access (security) plan

▪ Flexibility to integrate various applications and other directory services within the environment

• Agencies will retain their separate identity within the enterprise directory via Organizational Units (OU), benefiting from improved reliability, operational efficiencies and security

Organizational Units (OU) – A grouping of like objects. Servers, workstations, groups/user accounts are Agency OU examples.


AD Organizational Units (OU)


Active Directory – During Transformation

• Central Active Directory established at the NADC▪ Disaster Recovery facility located in Boulder

• Trusts are established between agencies and the central Active Directory

• Trusts allow current activity to continue and will support Application Remediation

▪ After Application Remediation, the server use of Active Directory will reside at the NADC

• Trusts will remain until all End User Computing

Re-IPing is complete for an agencyTrusts: Lines of communication between two Active Directory domains. In this project, established trusts are between legacy agency and new Active Directory


• Will my password change?▪ Existing agency password policies will be maintained during

and after transformation to the new Active Directory environment.

• Will I need to be re-authenticated for any applications?▪ No. Application Remediation will/should account for this

transfer of the existing application authentication to the new Active Directory environment.

Active Directory – Commonly Asked Questions


• Will the extranet user have management rights into the new AD?

▪ No. Management Tools will be put in place to allow the segregation of duties and rights to these Forests.

Active Directory – Commonly Asked Questions




GETS Transformation Kick Off eMail and Blackberry Migration

Ray Louder

04/21/2010


• This project will consolidate separate agency email systems into a single, enterprise Microsoft Exchange system▪ Over 400 email servers will be reduced to 28

• Outdated Exchange, Groupwise and Blackberry servers will be replaced to provide benefits including:▪ High availability▪ Enterprise-wide email and address book▪ Increased support and reliability▪ Flexible, scalable messaging environment▪ Improved security

eMail and Blackberry Migration


• Mail box and attachment size limits have been defined to: ▪ Manage growth and assist agencies in

controlling budgets▪ Speed time to recovery – ensure that servers

can be backed up within allocated time windows and quickly restored in the event of a failure

• 500MB mailbox limit for standard users,1G for VIPs• 10MB attachment size limit• Agencies will be given 90 days for pre-migration

activities▪ Mailbox clean-up and size reduction, archiving

eMail and Blackberry Migration


• When will we be moving to a enterprise email system?▪ Migrations will take place over the next year beginning in

July

• Is there a migration plan for email from one system to another? ▪ Yes. Each agency will receive detailed instructions to

migrate their users based on their existing email system

• Will distribution lists, both GroupWise and Exchange, be converted into the new system?

▪ Yes. Both GroupWise and Exchange distribution lists will be migrated whether they are local or server based

eMail Migration – Commonly Asked Questions


Draft eMail/Blackberry Timelines


Current DRAFT EMAIL/Blackberry Timeline

Migration dates for first four agencies baselined as of 02/12/2010

2010 2010 2010 2010 2010 2010 2010 2010 2010 2010 2011 2011 2011 2011 2011 2011 2011 2011

Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug

DJJ

90 Day Comm

60 Day Comm

30 Day Comm

10 Day Comm

Pilot Migration

BES Migration 7/1-7/19

eMail Migration

DDS

90 Day Comm

60 Day Comm 5/14-8/2

30 Day Comm

10 Day Comm

Pilot Migration

BES Migration

eMail Migration

OPB

90 Day Comm

60 Day Comm

30 Day Comm

10 Day Comm 8/13-8/26

Pilot Migration 8/10-8/26

BES Migration

eMail Migration

6/29-8/3

Stage I

Stage I

7/16-8/2

7/28-8/20

4/2-8/2

6/25-8/2

7/21-8/2

3/12- 7/13

6/2-7/11

6/29-7/11

4/21- 7/11

6/9-8/26

8/27-9/10

6/16-7/8

Stage I

7/26-8/24

4/28-8/26

7/19-8/26

8/19-9/14


Current DRAFT EMAIL/Blackberry Timeline*

*Baseline Migration dates will be established as IP remediation timeline is finalized

2010 2010 2010 2010 2010 2010 2010 2010 2010 2010 2011 2011 2011 2011 2011 2011 2011 2011


DOAS

90 Day Comm

60 Day Comm 6/17-9/3

30 Day Comm

10 Day Comm 8-23 -9/3



eMail Migration 9/1- 9/28

DOR

90 Day Comm

60 Day Comm

30 Day Comm

10 Day Comm

Pilot Migration

BES Migration

eMail Migration

DCH

90 Day Comm

60 Day Comm

30 Day Comm

10 Day Comm

Pilot Migration

BES Migration

eMail Migration

Stage II

6/17-9/3

8/26-9/13

9/6-11/19

9/8-11/16

7/13-10/1

9/15-10/1

9/28-10/20

Stage II

Stage I

7/26-9/3

7/26-9/3

8/23-9/3

9/24-10/21

5/6-9/3

6/3-10/1

8/23-10/1

9/20-10/1

5/6-9/3



(*) Baseline Migration dates will be established as IP remediation timeline is finalized

2010 2010 2010 2010 2010 2010 2010 2010 2010 2010 2011 2011 2011 2011 2011 2011 2011 2011


GTA/SAO

90 Day Comm

60 Day Comm

30 Day Comm

10 Day Comm 11/8-11/19



eMail Migration

GBI

90 Day Comm

60 Day Comm

30 Day Comm

10 Day Comm

Pilot Migration


eMail Migration

DNR

90 Day Comm

60 Day Comm

30 Day Comm

10 Day Comm

Pilot Migration

BES Migration

eMail Migration

11/16-12/2

11/25 - 1/5

11/29-12/14

11/19-12/7

Stage II

11/30-12/31

Stage II

7/20-11/19

10/11-11/19

8/5-12/8

9/16-12/8

9/10-12/2

11/19-12/2

10/22-12/2

11/11-12/3

11/25-12/8

7/30-12/2

8/30-11/19

Stage II

10/28-12/8



*Baseline Migration dates will be established as IP remediation timeline is finalized

2010 2010 2010 2010 2010 2010 2010 2010 2010 2010 2011 2011 2011 2011 2011 2011 2011 2011


GDC

90 Day Comm

60 Day Comm

30 Day Comm

10 Day Comm 1/4-1/17

Pilot Migration

BES Migration

eMail Migration

DHS/DBHDD

90 Day Comm

60 Day Comm

30 Day Comm

10 Day Comm 1/14-1/27


BES Migration

eMail Migration

Stage II

11/5-1/27

12/17-1/27

1/24-2/10

10/26-1/17

12/30-1/19

1/20-2/18

9/14-1/17

12/7-1/17

1/10-2/28

9/24-1/27

Stage II

1/12-1/27




GETS Transformation Kick Off Network and Firewall

Jeff Collins

April 21, 2010


AT&T Transformation StrategyNetwork and Firewall Migration

• Move to new, standard platforms to reduce intervals for orders, changes, and incidents

• Increased capacity, scalability of services, and additional options for agencies

• Increased redundancy and disaster recovery capabilities• Better tools to enhance network and security visibility


WAN, Security and Internet Cutover

Definition• Implementation of Security Nodes – Managed Network-Based Firewall,

Intrusion Detection and Prevention, URL Filtering, and routing of inter-agency traffic

• AT&T will implement logical separation of all Enterprise agency traffic on Capitol Hill network

• Traffic isolation is a predecessor to firewall migration, consolidation of services to NADC, and Capitol Hill redesign

Agency Impacts• Firewall rules from remote sites and headend site are consolidated.• As IP’s change during SCON, firewall rules will need updating for Internet-

facing devices

Benefits• Increased capacity/redundancy, reduced intervals for changes, more

efficient traffic routing


DNS/DHCP and IP Address Management

Definition• Primary DNS/DHCP will be at NADC, secondary servers in Boulder• IP address management will be consolidated into single database for

Enterprise agencies• DNS information and DHCP scopes will be loaded in advance and verified prior

to cutover

Agency Impacts• DNS server IP addressing will change after migration• Server IP address changes will need to include DNS updates• Active Directory services integrated with AT&T DNS• Agency end user device IP addresses may change after migrations

Benefits• Increased redundancy, faster provisioning, better control of IP addressing and

DNS environment


Questions?

Find presentations from today’s Transformation Kick-off and much more GETS-related info on GTA’s Web site:

www.gta.georgia.gov

georgia technology authority 1-877-gta-3233 consolidated service desk 1-877-opingta your opinion...

Documents

new active directory

active directory email

active directory ray

active directory domains

server use of active

new ad

agency trusts

established trusts