1. By Spanco Telesystems and Solutions ltd. 373, Udyog Vihar-II,Gurgaon PresentationonSANJIVINI Project 2. At the Check postAutomated and transparent MPLS providers failover and active-active link loadbalancing forachieving maximum services uptimes ensuring 24*7 reachability to the Data CenterAt the Data Center DC and DR Network based inline solution for protection against1] OS and Application protection against known and unknown vulnerabilities2] DOS and DDOS protection. 3] Protection against bots, worms and service denials exploits and attacks Application load balancer for 1] Ensuring maximum uptimes and high availability 2] Scalable and hardware based robust application load balancer 3] DC-DR scalable solution to provide site to site resiliencyLink load balancing solution for1] Maintaining multiple paths to reachapplications at Data Center 2] Have multiple link load balancing in active-active3] Fault tolerance for any failures in MPLS backbone services4] Link load balancing for replication links from DC to DR Solution Requirement 3. Agenda Spanco Profile Our understanding SOW - JVVNL Sanjivini AssumptionsIssue of concern Objectives Proposed Solution Risk and MitigationProposed Implementation Strategy 4. Profile – SPANCO -1/4Strengths National PresenceCustomer Relationship Management SolutionsCall Center Solutions Turnkey Application / e-Governence Solutions Systems Integration FocusGovernment / PSUs Non Voice BPO Telecom NREGA, Power, Banking and Education solution 5. Profile – SPANCO -2/4SPANCO Spanco is a leading Systems Integrator working in Domestic and International marketsSpanco is a provider of solutions to the Telecom Sector, PSUs, Corporate, Government and Indian DefenseSpanco has 8 regional offices and over 60 service support facilities in India Spanco is present in USA, UK, GCC and Singapore 6. Profile – SPANCO -3/4 Spanco is ranked 397th in the ET-500Accredited with ISO 9001 – 2000 and CMMi – 3 certification A 3000+ strong team3rd fastest Growing Company rated by CNBC, Emerging awards 2006 100% Y-O-Y growth for 6 consecutive years 7. Profile – SPANCO-4/4 SPANCO –PPP Success Stories IRCTC – Unified Call Centre ( 5 Lacs Callsper day ) e-Seva –Govt of AP(over 150 Cr worth of revenue transactions per month) SWAN - MaharashtraFood & Civil Supplies - Maharashtra CSC – Maharashtra Mobile Payments - SBI 8. Objectives 26/7/2008 SPANCO Telesystems The IT centre will house the IT and security equipments to provide robust security to its Data With connected offices the operations across the offices will follow the workflow of the Discom Integration with other IT systems for increased productivity The management will be able to have effective monitoring of projects The IT centre will provide centralized Operationsoperations for all IT projects 9. Jaipur Vidyut Vitran Nigam Limited : JVVNL 10. Primary Locations IT Centre; Data Centre Circle Office; Approximately 10-15 LAN usersSub-Division Offices; 5-10 LAN users Division; 2-5 LAN users Sub-Offices; With minimum 1 LAN User 11. Functional Requirements WAN Connectivity–Circle offices will connects to IT Centre through leased line on 2MB, recommended 8-10 Mbps, Sub-Division connects to respective Circle office and Sub-Offices connects to Sub-DivisionFront End–All users approximately 1500, distributed across different offices in Rajasthan will access services hosted at IT Centre at Jaipur. Majority of the application are GIS based which requires approximately 200-256 Kbps per user. Application–The servers running code with glues the front-end applications to the back-end data and reflects the business processes in how the data is used. Data will be stored locally (SAN) initially and replicated to DR site storage (SAN) on schedule basis (needs to confirm). Storage–The actual storage devices in which data is stored 12. Network Requirements Redundancy–Devices at the IT Centre should have redundancy at all the level and should be highly available. Alternate route to the IT centre from the Circle offices should be achieved by interconnecting circle offices. In case of lease line failure at circle offices, ISDN backup should come up automatically.Scalability–Routers should be modular in nature so that different interfaces can be installed as per the requirement. Since servers are centralized, the network must be able to handle the sheer amount of traffic from users to the central location, as well as server-to-server traffic. Additionally, devices must be able to scale to provide connectivity (ISDN/Serial) to multiple locations as and when needed QoS – Router should be QoS enabled to cater voice, video, and data for applications spread across different locations Security–Devices must be physically secure, and the data and applications must be protected from internal and external threats using inbuilt Firewall and IPS in the Routers at all locations. Routers should be able to support different type of IPSEC setup (Site-to-Site, Remote Access, Tunnel Less) for ease of deployment and manageability. Management-The IT staff monitors, configures, and troubleshoots network and server resources centrally 13. Data Center Design IntranetService Provider LB w/SSL FW IPS Storage Application Servers Web / Front-end Servers Aggregation Switch with L4-7 Services FW/IPS/Load Balancer Database Servers Internet Remote Offices Zone#1 Zone#2 Zone#3 SAN Switch DMZ Zone / Web / Front-end Servers Load Balancer IPS FW Core Switch 14. CORE ROUTER Corp SP CLOUD N x 2 Mbps Div/Sub-Div Router N x 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps N x 2 Mbps N x 2 Mbps Corp ISP (Multiple 2 Mbps) RAS Internet Router ISDN CLOUD 2 Mbps (PRI) 2 Mbps (PRI) 2 Mbps (PRI) WAN Connectivity Corp Corp Div/Sub-Div Router Recommended 8-10 Mbps / Corp 64/128 Kbps (BRI) Sub-Office 64/128 Kbps (BRI) 256 Kbps 256 Kbps 15. Data Center Security IntranetService Provider LB w/SSL FW IPS Storage Application Servers Web / Front-end Servers Database Servers Internet Remote Offices Zone#1 Zone#2 Zone#3 SAN Switch HTTP & SMTP Perimeter Sec IPS FW Core Switch AAA Security Mgmt Soft SIEM Server w/Host based IDS 16. CORE ROUTER Corp SP CLOUD N x 2 Mbps Div/Sub-Div Router N x 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps N x 2 Mbps N x 2 Mbps Corp ISP (Multiple 2 Mbps) RAS Internet Router ISDN CLOUD 2 Mbps (PRI) 2 Mbps (PRI) 2 Mbps (PRI) WAN Security Solution Corp Corp Div/Sub-Div Router Recommended 8-10 Mbps / Corp 256 Kbps 64/128 Kbps (BRI) Sub-Office 64/128 Kbps (BRI) IPSECVPNIPSECVPN256 Kbps 17. Architecture for Corp/Sub-Div Router WANCloud FW PC w/Host based IDS Switch Fiber (8 - 10 Mbps) Recommended for Corps (2-4 Mbps) Recommended for Sub-Div 18. Architecture for Sub-office Router w/ FW/VPN WANCloud (256 Kbps) Switch PC w/Host based IDS 19. DR Requirements Not Clear 20. In-Person Experience: Cisco Telepresence Solution 21. High-Level Design IT Centre Gateways Servers Cluster Router IP WAN Router Circle Office . . . Circle Office 22. Cisco TelePresencefor IT Centre Native 1080p camerasand 65” plasma displays Wideband microphones and speakers Auto-Collaborate Audio Add-In 23. Cisco TelePresencefor Circle Office Native 1080p cameraand 65” plasma display Wideband microphoneand speaker Auto Collaborate Audio Add-In 24. Security Solution 25. Security Solution Perimeter Security: Will be providing features like Span defense, Virus defense, Policy Enforcement, URL filters, Anti-Malware by deploying HTTP and SMTP appliance at IT Centre Firewall (FW): Firewall at two different level to provide higher attack protection Intrusion Detection and Prevention (IPS): Help to detect, classify, and stop threats, including application abuse through several different methods including signature and behavior Virtual Private Networking (VPN): To enable secure network to authorize user by providing connectivity to corporate resource from any IP-enabled location Authentication, Authorization and Accounting (AAA): Access Control system Security Incident and Event Manager (SIEM): Helps combines network intelligence, context correlation, hotspot identification, and automated mitigation capabilities and for compliance purposes. Host based IDS (HIDS): Help Desktop and Server stop unknown attacks, zero day protection, personal firewall, spyware and Adware protection 26. IP Surveillance Solution 27. Video SurveilanceOpen, Scalable, Reliable, Secure, Accessible, Useable CCTV Keyboards / Monitors Cisco Switch IP Camera Cisco IP Gateway Encoders with Virtual Matrix S/W Cisco IP Gateway Decoders Cisco Stream Manager Web-based Monitoring Cisco Services Platforms with Stream Manager Digital Recording Cisco Stream Manager Monitoring S/Wfor Local & Remote Operations Analog Fixed/ PTZ Any to Any for Any 28. At the Check postLink load balancing between wired and wireless last mile connectivities from two differentMPLS provider will ensure maximum services uptimes to the data Center with intelligentfault tolerance and traffic managementAt the Data Center DC and DR The Network Intrusion prevention system will provide defense against OS andapplications attacks, DOS, DDOS, Worms and exploits that can cause service outrage ordenials. Appliance based Load balancers will ensure highest uptimes by providing scalable andefficient applications load balancing amongst various servers for high availability and site to site resiliency. The solution will provide DC-DR failover functionality and transparent failovers. LinkProof for link load balancing between two different MPLS provider will ensuremaximum services uptimes and reachability from the Check Posts and faster replicationbetween DC and DR.Solution Description 29. Database Server Sub-Control Room -Sales Check postApplicationNMS WebVideoSANStorage Tapelibrary Server Farm Sub-Control Room -Excise Sub-Control Room - Transport Firewalls Reporting AntivirusStaging & TestingInternet Router (Cisco 2821) Radware- LinkProof Link LoadBalancer Internet Radware AppDirector Radware AppDirector Radware AppDirector Radware DefensePro (IPS) Replication Link ISDNMPLSCheck postRadware- LinkProof Link LoadBalancer Radware- LinkProof Link LoadBalancer Radware- LinkProof Link LoadBalancer DefensePro (IPS) DefensePro (IPS) DC Site DR Site IT Center Network Architecture 30. Check postApplicationNMS WebVideoServer Farm Firewalls Reporting AntivirusStaging & TestingInternet Router (Cisco 2821) Radware- LinkProof Link LoadBalancer DC Site Radware AppDirector Radware AppDirector Radware AppDirector Radware DefensePro (IPS) Replication Link VSAT MPLS 2 MPLS 1 Check postRadware- LinkProof Link LoadBalancer Radware- LinkProof Link LoadBalancer Radware- LinkProof Link LoadBalancer DefensePro (IPS) DefensePro (IPS) DR Site Database Server SANStorage Tapelibrary Sub-Control Room -Sales Sub-Control Room - Transport Internet Sub-Control Room -Excise Central Control Room Topology: Data Recovery Passive Site Details 31. At the Check postLink load balancing between wired and wireless last mile connectivities from two differentMPLS provider will ensure maximum services uptimes to the data Center with intelligentfault tolerance and traffic managementAt the Data Center DC and DR The Network Intrusion prevention system will provide defense against OS andapplications attacks, DOS, DDOS, Worms and exploits that can cause service outrage ordenials. Appliance based Load balancers will ensure highest uptimes by providing scalable andefficient applications load balancing amongst various servers for high availability and site to site resiliency. The solution will provide DC-DR failover functionality and transparent failovers. LinkProof for link load balancing between two different MPLS provider will ensuremaximum services uptimes and reachability from the Check Posts and faster replicationbetween DC and DR.Solution Description