State of Oklahoma CIO Assessment Study
description
Transcript of State of Oklahoma CIO Assessment Study
in partnership with
State of OklahomaCIO Assessment StudyNetwork Recommendations
© Copyright Capgemini 2011 All Rights ReservedIn collaboration with
Network, Security, and Telecommunications Baseline
2
● We are observing very fragmented network services within and across State agencies.
● Multiple platforms for network, telecommunications, and security within an agency and across agencies. This usually results in higher TCO and poor support model.
● No state-wide compliance model for network, telecommunications, and security.
● No State-wide (One Net excluded) shared WAN/extranet .
● Several agencies maintaining their own PBXs and circuits. Telephony is a good example for shared service.
● Too many access points to the Internet casing a potential huge liability risk..
● We are observing very fragmented network services within and across State agencies.
● Multiple platforms for network, telecommunications, and security within an agency and across agencies. This usually results in higher TCO and poor support model.
● No state-wide compliance model for network, telecommunications, and security.
● No State-wide (One Net excluded) shared WAN/extranet .
● Several agencies maintaining their own PBXs and circuits. Telephony is a good example for shared service.
● Too many access points to the Internet casing a potential huge liability risk..
Current StateCurrent State
● We seek a network and security infrastructure environment that will enable centralized governance and shared services.
● Standardization, rationalization and consolidation is required to achieve the future state vision of centralized technology.
● Future vision includes centralized and common/shared services like telecommunications, shared extranet, Insourced or outsourced MPLS cloud used by multiple agencies.
● Services requiring agency-specific competencies will remain at the agency level.
● We seek a network and security infrastructure environment that will enable centralized governance and shared services.
● Standardization, rationalization and consolidation is required to achieve the future state vision of centralized technology.
● Future vision includes centralized and common/shared services like telecommunications, shared extranet, Insourced or outsourced MPLS cloud used by multiple agencies.
● Services requiring agency-specific competencies will remain at the agency level.
Vision for the FutureVision for the Future
Build an infrastructure foundation leveraging a common language and reference architecture to enable:
●Simplified, optimized, standardized enterprise IT infrastructure (including telecommunications, network, and security).
●Centralized application and infrastructure services.
●Common, effective management practices.
●Future vision to be enabled through delivery of an integrated project roadmap comprising infrastructure rationalization and capability development initiatives.
Build an infrastructure foundation leveraging a common language and reference architecture to enable:
●Simplified, optimized, standardized enterprise IT infrastructure (including telecommunications, network, and security).
●Centralized application and infrastructure services.
●Common, effective management practices.
●Future vision to be enabled through delivery of an integrated project roadmap comprising infrastructure rationalization and capability development initiatives.
ROADMAP - BlueprintROADMAP - Blueprint
© Copyright Capgemini 2011 All Rights ReservedIn collaboration with
Infrastructure Baseline – Details (Current State Observations)
We are observing disparate technology within and across State agencies as evident by the following facts:● Multiple vendor equipment for network, network services, security, and telecommunications (traditional and VoIP).● One Net adoption is limited to internet connectivity for larger agencies. There is no shared WAN/extranet in place.● Network services like print/fax/scan is not well-established. Local printers are prevalent across agencies.
We found no cohesive lifecycle management across the technology landscapes, evident by the following facts:● Lack of tools to manage network upgrade cycles.● Lack of compliance and lifecycle management tools.● Critical network equipment that is out of support from vendors.
No central governance model for the technology portfolio (lies within the agencies), as evident by the following facts:● Very limited statewide support contracts for network and security devices. ● OSF has a very good security control tools in place but other agencies have largely voluntary compliance reporting.● Network monitoring, change control and service control policies are largely controlled, if at all, by various agencies.
No State-wide shared services, as evident by the following facts:● Even common services like WAN/extranet, telecommunications, or VoIP are operated and maintained by all large
agencies.● Limited central and shared security services for things like remote access and DMZ.
3
© Copyright Capgemini 2011 All Rights ReservedIn collaboration with
Infrastructure Baseline – Details (Future State Objectives)
We seek an infrastructure environment that will enable centralized governance and shared services as supported by the following trends:● Shared WAN via MPLS backbone and or extranet.● Consolidate end connectivity (circuits/VPN) to a local MPLS PoP via VRF virtualization to remote State
offices.● Centralize remote access service and DMZ firewalls and IDS/IPS.● Implement State-wide lifecycle and inventory management.● Implement a common statewide compliance monitoring tools.
Infrastructure standardization, rationalization and consolidation is required to achieve the future state vision of centralized technology as supported by the following trends:
● Limit network, security, and telecommunications vendors to one or most at two.● State-wide support contracts.● Standardize print/scan/fax and telephony. Make print/scan/fax as a network based services and limit local
print/scan/fax.
Future vision includes centralized and common/shared business services used by multiple agencies as supported by the following trends:
● Move small and medium agency datacenter into a central location.● Create or designate single entities for security services and telephony.
*Services requiring agency-specific competencies will remain at the agency. This has to be defined and well understood
4
© Copyright Capgemini 2011 All Rights ReservedIn collaboration with
Investment
Investment Category 2012 2013 2014
Transformational Costs $6,000,000 3000000 2000000
Cost Avoidance
Hard Dollar Savings$7,638,993
$4,583,395 $3,895,886.
● ISD● OneNet
State-wide Optical and MPLS Backbone
Benefit Theme(s) Supported
● Establish a single, State-wide optical backbone using State-owned fiber.● Deploy WAN virtualization technologies to allow for traffic engineering.● The MPLS backbone can be designed to be virtualized via VRF for each State entity. ● Establish major PoPs for the backbone and consolidate connectivity to the nearest PoP.● Consolidation of last mile circuits for remote locations having multi-agency presence.● Leverage local telcos for last mile connectivity for best price/performance.
Description
● Leverage existing, State-owned fiber.● Investments reflect network equipment and labor
only and exclude facilities.
Assumptions
● Q2Q3 2011– Q4 2012
Timelines
● Strategy established and agreed upon.● A state entity identified.● Design and deployment of the core completed.● Agencies successfully migrated.● Cost savings/ added b/w after migration.
Metrics to measure achievement
● Document WAN connectivity for all the agencies – Leverage ATT study.● Assess environment with regard to existing infrastructure, components and costs.● Identify a single state entity that would operate the MPLS networks.● The entity will establish baseline architecture based on requirements from all the agencies.● Define service parameters and support model.● Define rollout and agency-level migration plan.● Design, procure equipment and deploy the MPLS backbone.● Conduct change management (training on new technology and processes).● Monitor KPIs and adjust process as needed.
Activities
Stakeholders
● Fiber availability for major PoPs that make the MPLS Backbone.● Establish a single entity that controls and manages the WAN for agencies via MPLS.
Dependencies
● Other agencies (TBD)
M
NetworkNetwork
Centralize Standardize Simplify Optimize
5
Risk Assessment
© Copyright Capgemini 2011 All Rights ReservedIn collaboration with
● Establish a State-wide VOIP SIP telephony network leverage CapEX and OpEX savings.● Distributed infrastructure, platforms, and applications as shared services. ● Curb the exponential growth of energy consumption and energy cost which are trending at
9% and 4% annually respectively.● Ability to scale up and down as business demands changes and maximize efficiency.● Services delivered based on standardized SLA’s.● Integrate wireless, CDMA /GSM/LTE services, SIP trunking via Session Border Controller.● State-wide Optical and MPLS Backbone
VOIP
66
Investment
Investment Category 2011 2012 2013
Transformational Costs $4,437,000 $3,786,852 $2,761,956
Cost Avoidance
Hard Dollar Savings $7,659,615 $$6,537,261 $4,767,978
● ISD/OneNet
Benefit Theme(s) SupportedDescription
● Leverage existing, State-owned facilities
Assumptions
● Q1 – Q4 2013
Timelines
● Strategy established and agreed to● A state entity identified ● Design and deployment of the core completed● Agencies successfully migrated● Cost savings/ added b/w after migration● Agency satisfaction with cloud services
Metrics to measure achievement
● Remove class 5 switch and Consolidation telephone service across the State footprint.● Optimize the use of power, connectivity, space and cooling requirements.● Define service parameters and support model. (Real estate consolidation, Reduce energy
consumption, Improve facilities efficiency, Integration of wire line and wireless telephony facilities and management.
● Distribute platform capabilities throughout the network, Class 4 and5 features, signaling, 800 service RTP for VOIP/SIP services using soft switch technology into an IP network.
● Develop a RFP process to Design, Procure equipment and deploy the new network.● Conduct change management (training on new technology and processes).● Optimization of work load.
Activities
Stakeholders
Fiber availability for major PoPs that make the MPLS Backbone. Establish a single entity that controls and manages the WAN for the cloud.
Dependencies
● All agency IT departments including Support, Administration, Operations, Architecture, Engineering, etc.
MRisk Assessment
TelephonyTelephony
Centralize Standardize Simplify Optimize
© Copyright Capgemini 2011 All Rights ReservedIn collaboration with
Centralize Internet Access and IDS/IPS
77
Investment
Investment Category 2011 2012 2013
Transformational Costs $1,000,000 $500,000 .
Cost Avoidance Built into MPLS
Hard Dollar Savings
● ISD/OneNet/Outsourced
Benefit Theme(s) Supported
● Establish a State-wide redundant Internet gateway.● Consolidate all internet access from multiple agencies.● Deploy/extend IDS/IPS to central internet access.● Deploy/extend webfilter for central access.● Deploy/extend a single pair of high throughput firewall(s).
Description
● Leverage current Internet access.
Assumptions
● Q1 – Q4 2011, Q1-4 2012, Q1-2 2013
Timelines
● Strategy established and agreed upon.● A central access point identified.● Design and deployment completed.● Agencies successfully migrated.
Metrics to measure achievement
● Document all internet access points for the State and the b/w.● Determine if the internet access is exclusively for remote site-site VPN to connect to central
office and exclude them consolidation.● Formulate migration plan to shutdown local internet access and migrate to central access.● Design and deploy central internet access with a minimum of 25% b/w headroom.● Execute the migration plan.
Activities
Stakeholders
● MPLS or single backbone network.● Shared services.
Dependencies
● All Agency IT departments● Support, Administration, Operations,
Architecture, Engineering, etc.
MRisk Assessment
SecuritySecurity
Centralize Standardize Simplify Optimize
© Copyright Capgemini 2011 All Rights ReservedIn collaboration with
Centralize Security Operations Center
88
Investment
Investment Category 2011 2012 2013
Transformational Costs $2,000,000 $1,500,000 .
Cost Avoidance
Hard Dollar Savings
● ISD/Outsourced
Benefit Theme(s) Supported● Establish a State-wide security operations center.● Consolidate agency-specific security.● Standardize security infrastructure to two vendors at most.● Identify tools for security monitoring.● Identify a state-wide authority for security console and reporting.● Strongly consider outsourcing security console to a 3rd party reporting directly to the State
Security Officer.
Description
● Leverage existing tools.
Assumptions
● Q1 – Q4 2011, Q-4 2012
Timelines
● Strategy established and agreed upon.● Standardization adopted.● SIEM solution deployed.● Agencies successfully migrated to SIEM.
Metrics to measure achievement
● Document all security devices and tools in current use at all agencies.● Formulate a standardization plan for security devices.● Formulate a consolidation plan for security in conjunction with shared services.● Establish a common SIEM solution.● Execute the consolidation plan.● Deploy the central console or identify a outsourcer and finalize security event s escalation
plan.● Establish event correlation and alerting criterion and process.
Activities
Stakeholders
● Shared services.● MPLS backbone.
Dependencies
● All agency security
MRisk Assessment
SecuritySecurity
Centralize Standardize Simplify Optimize