molsa ssn infrastructure recommendationspdf.usaid.gov/pdf_docs/pnadq575.pdf · infrastructure...

MoLSA SSN Infrastructure Recommendations

Implemented by BearingPoint

Discussion

SSN Deployment Hardware Gaps – Critical Path

Infrastructure Recommendations for the future

3

SSN Deployment Hardware Gaps – Critical Path

• Overview of SSN Deployment PlanServer Roles

• WAN Requirements and RecommendationsBandwidth Requirements (explain what went into this)Business Requirements usedRecommended Solution

• Data Centre RequirementsSpaceCoolingPower – UPS, Generator

Economic Governance II Project

4

Overview of the SSN Deployment Plan – Server Roles

Application Server• Active Directory Domain Controller• DNS Server• DHCP Server• Backup Server• Anti-virus ServerSharePoint Server• SharePoint Server• MIS Application• SSN Application• Syntergy


There is sufficient hardware and software to deploy the SSN application as per the MOU.

Database Server• MS SQL Server• SSN DB• MIS DBMiddleware Server• MS SQL Server• SharePoint DBArchive Server (HQ Only)• SharePoint• MS SQL ServerISA Server• MS ISA

5

Overview of the SSN Deployment Plan – Server Roles

Systems in HQ and Baghdad Pilot will need some modifications• A second Active Directory Domain Controller needs to be

configured on one of the existing servers located at HQ in order for Active Directory to function correctly.

• The existing Baghdad Pilot Domain Controller will need to be joined to the HQ domain.


6

WAN Requirements and Recommendations


Requirements taken into consideration• No budgetary restrictions on capital purchases• Operational budget of 1.2 Million per year for all of IT• There are no data privacy laws or policies currently in effect• Future uses include:

•Email system•Unsupported user Internet browsing•Network integration with other Ministries for fraud detection

• Security, specifically user and workstation, will be centrally managed

• The SSN is designed to operate, for limited periods of time, with no access to HQ.

• MoLSA can tolerate up to 3 days of WAN downtime

7



Bandwidth Requirement Calculation Considerations• General

512KB per supporting document6 supporting documents per family512KB of DB overhead per new family application256KB per application change384kb of bandwidth required for network operationsEach support site will have a one hour replication target

• Baghdad Pilot 225 new family applications per day30 changes per day

• All Other Support Sites 90 new family applications per day30 changes per day

8



Minimum Recommended Bandwidth Requirements for SSN• MoLSA

Download: 4mbpsUpload: 2mbps

• All Other Support SitesDownload: 1 mbpsUpload: 2 mbps

Solutions Explored• Fiber - None• Microwave – To expensive – Line of site • Radio – Distance to far between office • Frame Relay - None• Satellite Point to Point - not recommended because of Internet

requirement at each office• Satellite Internet - VPN is recommended

9



Solution Proposed:• Satellite Internet access

Decentralize networkTolerant to network

outages

PTPP PTPP PT

PP PTPP

10



DVBModem

Router

MOLSA Central

DVBModem

Router Switch

Baghdad (Pilot)

SwitchSwitch

Switch Switch

Switch

DVB

Modem Router

Switch Switch

DVB

Modem Router

Switch Switch

DVBModem

Router Switch

Rusafa

Switch

Kharkh

Najaf

Basrah

All Support Sites minimum bandwidth requirements:2 mbps upload1 mbps download

MOLSA Central min. bandwidth req.:2 mbps upload4 mbps download

MOLSA –Baghdad (Pilot) min. bandwidth req.:10 mbps

Physical Network Design

Recommendation

VSAT Supplied

Roof

DataCentre

AccessCloset

Roof Roof Roof

DataCentre Data

CentreData

Centre

AccessCloset

AccessCloset

AccessCloset

AccessCloset

AccessCloset

DataCentre

DataCentre

Roof

Roof

MoLSA Supplied

The switches identified here are the same switches used for the servers and workstations.

11

Data Centre Requirements


24" 24" 24" 24" 24"

24" 24" 24" 24" 24"

24"

24"

24" 24"

24" 24" 24" 24"

24" 24" 24" 24" 24"

24 inches (61 cm)

Height, one of 10636g2 174.2cm 68.6"10642g2 199.9cm 78.7"

Weight, one of10636g2 4000lbs

10000g2 Series Rack

24 inches (61 cm)

Height, one of 10636g2 174.2cm 68.6"10642g2 199.9cm 78.7"

Weight, one of10636g2 4000lbs

10000g2 Series Rack

Power/HVACCooling: 35000 BT/HrPower:

Line Input Voltage: AV 220Number of Power Feeds: 2Branch Circuit Size: 30AUPS: 10 Kva /RackGenerator

Weight: 4000 lbs. / rack

Data Centre Specification

Recommendation

12

Infrastructure Recommendations – Future


Considerations• Environment• Complexity• Reasonable Basics

Recommendations• Network Recommendations• Server Recommendations• Backup Recommendations• Anti-virus Recommendations

13

Infrastructure Recommendations - Considerations


Environment• National network infrastructure is limited• Power is not reliable• Network/Internet access is not reliable• Physical offices at risk of closing frequently and unexpectedly• Limited human resource capacityComplexity• Human resource skill sets are being developed• Infrastructure is currently supporting only a limited number of IT services

EmailInternet AccessSSN Application

• Limited number of support offices• Limited number of staffReasonable Network Basics• Backup• Anti-Virus• Basic security

14

Infrastructure Recommendations – Network


L2TP/IPSec L2TP

/IPSe

c

L2TP

/IPSe

c

L2TP/IPSec

15

Infrastructure Recommendations – Network


• Since Baghdad Pilot and HQ are located in the same complex, only one Internet connection is recommended.

• All the other Support Sites are connected via the Internet with a VPN using L2TP/IPSec.

• A separate backup network is recommended to limit the impact of network backups on the production network. This network as a starting point should contain the NAS device and the Backup server dual homed to production and the backup network.

16

Infrastructure Recommendations – Server


WANServer

Workstation

App

ISA

DC/DNS SharePointDBDBServer

Workstation

AppDC/DNS SharePointDBDB

ISA

Server

Workstation


ISA

Archive Server

DC/DNS Monitoring/AVDHCP

Monitoring/AVDHCP

Monitor/AVDHCP

Server

Workstation


Monitor/AVDHCP

Baghdad (Pilot) MOLSA Central

Support Site Support Site

Backup

NAS

Backup

Backup

NAS

Backup

Backup

NAS

Backup

Backup

NAS

Backup

Server Layout Recommendation

DC/DNSActive Directory Domain ContollerDNSAppWin2k3.Net Frame 2.0SharePoint 2007SyntergyVisual Studio 2005SSN Application

DBMS SQL Server 2005 –SSN Application DBSharePointDBMS SQL Server 2005 –SharePoint DBBackupSymantec Backup ExecMonitor/AV/DHCPSymantec EndPoint – Anti-Virus ServerDHCPNASNetwork Access StorageISAMS ISA

17



DB• MS SQL Server 2005 – SSN

Application DB

SharePointDB• MS SQL Server 2005 – SharePoint

DB

Backup• Symantec Backup Exec

Monitor/AV/DHCP• Symantec EndPoint – Anti-Virus

Server• DHCP

DC/DNS• Active Directory Domain Contoller• DNS

App• Win2k3• .Net Frame 2.0• SharePoint 2007• Syntergy• Visual Studio 2005• SSN Application

NAS

ISAMS ISA

18



• Sizing servers for specific roles limits the impact of system failures• Performance management is simplified running individual roles• Hardware and software upgrades are easier and have less risk when

servers are configured for a specific purpose• Improves performance

19

Infrastructure Recommendations – Backup


20

Infrastructure Recommendations – Backup


• Offsite backups• Granular recovery of Exchange, SharePoint, or files and folders from a single

interface.• Simple, seamless conversion of physical systems to virtual environments.• Event-trigger backups based on security monitoring• Centrally manage system backups• Performs a full system restoration, even to bare metal systems in minutes.• Remote System Recovery

21

Infrastructure Recommendations – Anti-Virus


22

Next Step


Next Steps

molsa ssn infrastructure recommendationspdf.usaid.gov/pdf_docs/pnadq575.pdf · infrastructure...

Documents