Docstoc

ESF APRIL 2005 BRIEFING

Document Sample
ESF APRIL 2005 BRIEFING Powered By Docstoc
					Office of Administration
Enterprise Server Farm




      April 2005 Briefing
Agenda
 ESF and OA Enterprise Change
 Management Process
 Web Proxy Service Offering & ITB
 Active Directory 2003 Upgrade
 Network Enhancements and
 monitoring
 General ESF Updates
 Q&A
ESF & OA Enterprise
Change Management (CM)
Process

 Stephen Dunn
Why the need for Change
Management?
 Managed Services
  Agencies – 44
  Servers – 350
  Applications – 200+
  Enterprise Services – 12+
 Co-Location
  Agencies – 29
  Servers – 228
  Applications – 105+
Why the need for Change
Management?
 Infrastructure
   Firewalls – 10
   Network devices – 50+
   Two physical locations
 SAN
   Enterprise Class Switches
   Disk Capacity – 21TB
 Estimated Weekly Changes – 30+
Change Management
Two separate Change Management processes with
individual Change Management review boards
    Enterprise Server Farm
    OA Enterprise


ESF CM Process aligns with the OA Enterprise CM
process
    OA Enterprise Change Requests are submitted directly
    by ESF on the agency behalf
ESF and OA Enterprise CM
Process
 ESF and OA Enterprise CM Scope examples:
   ESF
     Security/Service Patch updates
     Software version and configuration upgrades
     Application configuration changes
     Infrastructure design changes
     ESF Firewall A/C/D
     Hardware/Network A/C/D
     Hardware/Network Maintenance
     Server builds and updates
     Power A/C/D
   OA Enterprise
     Enterprise Firewall & DNS A/C/D
     Infrastructure design changes
ESF CM Process
 ESF Change Management Board Scope
 exclusions:
  Application File Updates
  Data changes
  Database schema changes
  User changes/permissions
ESF CM Process
                    Change Request for
                   Agency Submitted by
                        Wed 5 PM



Change Requestor                         ESF Change Manager                  Technical Review
                                                                                 on Thurs


                                                   No
                                                          Technical Review
                                                              Passed?



                                                                   Yes




                                            Weekly Change Control Meeting @ Fri 10:00




                                                                                 Yes

                                                    No
                                                          Change Request
                                                            Approved?
                                                                                           (A)
ESF CM Process                                                                 (A)




                                                                     No   OA CMR Process
                                                                             Required?




                                                                                     Yes
                                                                                           (B)




    Customer Notification

                                             Change Implementation




                            Change Requestor




                                                  No
                                 Change
                                Validated?



                                       Yes




                            Change Manager
                            Closes Request
OA Enterprise CM Process
                      Change Request
 (B)                   Submitted by                       Request
                                                                          Yes
                         Mon 5 PM                        adequately
                                                          defined?


       Change Requestor                  OA, Network                  Technical Review on Tues
                                       Change Manager


                                                         No                        Technical
                                                                           No
                                                                                    Review
                                                                                   Passed?

                                                                                         Yes




                                                          Weekly Change Control Meeting @ Wed 10:00


                                                 No
                                                                Date                                    Design
                                                                                      Yes
                                                              Approved?                                Approved?




                                                      Network Notification
                                                                                             Change Implementation




                                                                            Change Requestor



                                                                                                  No
                                                                                    Change
                                                                                   Validated?


                                                                                            Yes




                                                                                Change Manager
                                                                                Closes Request
Exception Process
 Retrospective Process (ESF/OA)
  Used during troubleshooting scenarios
 Fast Track Process (ESF/OA)
  ESF Changes executed ASAP
  Enterprise Changes executed after 1 Day
  Reviewed periodically for misuse
 Emergency Process (OA)
  Enterprise Changes executed ASAP
  Request from Agency Bureau Director
  Reviewed periodically for misuse
ESF CM Process
 Agency Process for initiating change
  Update ESF Documentation for application
  when applicable
  Create Remedy Ticket with detailed
  information and priority
Web Proxy Service
Offering

Steve Dunn
Andrew Blyler
Web Proxy Service Offering
 ITB in draft
  Will be released for agency comment
  this month!
  Proxy services should not be the
  standard for web deployment
  Waiver process will exist
    Business Justification required
  Should utilize ESF offering
  Intrusion Detection on Web Servers
Web Proxy Service Offering
 ESF Implementation
  Microsoft Internet Security and
  Acceleration (ISA) Server 2004
  Highly available and Load balanced
  Monitored via Microsoft Management
  Pack
  Rules of Engagement (ROE) document
  on ESF Web Site
  Logging – Available via LiveStats
Web Proxy Service Offering
Web Proxy Service Offering
 ISA Server 2004 Overview
  HTTP Web Publishing
    Distribute web server content and e-
    commerce applications
  Secure (HTTPS) Web Publishing
    SSL Bridging
    SSL Tunneling
Active Directory
2003 Upgrade

Steve Brubaker
Michael Grasso
Active Directory 2003 Upgrade
                                   Active Directory Architecture
                External Application
                                                        One Way Trust                Internal Forest “CWOPA”
                      Forest




     CTC
                                       External (DMZ)
                                                                                OU

                                                                                OU

   Willow Oak                               CTC
                                                                             pa.lcl                      part.root
                                                                           (CWOPA)                       (ROOT)
root.state.pa.us
    (ROOT)                               Willow Oak

                                   apps.state.pa.us
                                       (APPS)

                                                                     CTC




                   CTC
                                                                   Willow Oak

      user.apps.state.pa.us                                 muser.apps.state.pa.us
             (USER)                                               (MUSER)
Active Directory 2003 Upgrade
 Upgrade to Active Directory 2003
   ESF
   CWOPA


 Capabilities and benefits
   Improved Performance and Reliability
   Enhanced Security and Scalability
   Active Directory Enabled Applications
   Active Directory Application Mode (ADAM)
Active Directory 2003 Upgrade
 Capabilities and Benefits – Contd.
   Efficient search
   Additional command-line tools
   Application directory partitions
   Global catalog replication tuning
   Replication enhancements
Active Directory 2003 Upgrade
 Upgrade Schedule
  April 4th – Staging Forest Preparation
  April 11th – Staging Forest Migration
  Updated Rules of Engagement Published
  May 2nd – Production Forest Preparation
  May 9th – Production Forest Migration
  June 1st – Post Migration Cleanup
 Agency Involvement
  Testing and sign off
    Staging and Production
Network
Enhancements

Scott Winters
 Network Enhancements
ESF Hardware Load Balancing
 Cisco CSS
   Highly Available
   Internet and Intranet implementation
   SSL Offloading capability
   Improved Performance & Security
   Reduced load on servers
   Weighted Services
   Customizable Keepalives
   Email Notifications
 Network Enhancements
Hardware Load Balancing in
Managed Services
 Existing HLB Applications
     VIP already on CSS
     Add Private FE IP
     Leverage BLL for backend services
     Minimal impact
     Individual agency notifications and scheduling
     Staging implementation first
     Expected completion by July 30
   Affected Applications
     DOS SOSKB, Election Apps
     PSP MegansLaw
     OA GIS applications
 Network Enhancements
Hardware Load Balancing in
Managed Services
 Existing NLB Applications
   Move VIP to CSS
   Add Private FE IP
   Leverage BLL for backend services
   Individual agency notifications and scheduling
   Staging implementation first
   Expected Project start in August ’05
 Non Load Balanced applications
   VIP will be moved to CSS
 Network Enhancements
Hosting Solution Engine (HSE)
 Currently implemented in production
 capacity
   Waiting for updated HSE code version:
     Ability to make changes on redundant CSS’s
     Provides simplified usability
   Targeted for June/July 2005
   ESF is working directly with Cisco and the
   HSE Product Manager
 Expected Go Live in July 2005
  Network Enhancements
Sorry Server
 Automatic redirection from CSS to “Site
 Unavailable” Page
 Applications utilizing CSS can leverage Sorry
 Server
 Currently implemented in production capacity
 Phase I – Generic Commonwealth Sorry Page
 Phase 2 – Custom Sorry Pages (Q3 2005)
 Proposed as standard for Managed Services
 Co-located agencies interested in leveraging
 service:
     Create Remedy ticket with ESFTOT
 Network Enhancements
External Network
 Existing Web Server Infrastructure
   Cisco 6513 x 1
   Cisco 6509 x 2
 Planned Additions
   Cisco 6513
   Additional blades
   Expected implementation by July 2005
 Increasing port capacity
 ESF Recommendation for Co-Location
   Single Servers
     SFT NIC teaming to maximize redundancy
 Network Enhancements
OC-3 Load Balancing
 Originally was Active/Passive
 Changed to Active/Active
 Allows greater bandwidth for ESF
 applications
 Implemented on Internal Zone
 Expected implementation on External
 Zone by Mid-Year
  Network Enhancements
Monitoring Solutions
 Network General Infinistream
   Allows a rolling capture window so previously
   transmitted traffic can be analyzed and compared
     ~1 Day 8 Hour window on External Zone
     ~1 Day 19 hour Window on Internal Zone
   Currently implemented in production capacity
   Great for troubleshooting intermittent problems!
 Network Analysis Modules
   Pilot Testing completed
   Scheduled implementation by July 2005
 Distributed Sniffers
   Available for specific VLAN troubleshooting
 Network Enhancements
Monitoring Solutions - External
 PAESSLER
   Allows external view of Commonwealth Internet
   applications
   Notifications for site availability and response
   times
   Reporting capabilities
      ESF reviewing options for agency access
   Currently leveraged by Managed Services for
   all web sites
   Will be available for Co-location applications
   soon
ESF General Updates


Stephen Dunn
ESF General Updates
 Server Updates - Managed Services
  Servers currently on old software build
  and hardware reaching end-of-life
  Updated Server Build utilizing Win 2003
  Replace Hardware that has reached
  end-of-life
  Individual agency notifications and
  scheduling
  Staging implementation first
  Expected Project start in July ’05
ESF General Updates
 Server Consolidation - Managed
 Services
  ESF reviewing Blade Server Technology
    Boot from SAN option
    Pilot to begin in May
  Virtual Servers
    Pilot to begin in June
  Provide findings to interested Agencies
  Reduced Facilities requirements
       Space
       Power
       Cooling
ESF General Updates
 MOM 2005 upgrade - Managed Services
   ESF Monitoring tool - Microsoft Operations Manager
   Upgrade from MOM 2000 to MOM 2005
   MOM 2005 benefits
     More Management Packs
     Better User interface
     Enhanced reporting
       ESF reviewing options for agency access
     Improved Performance and Scalability
   Schedule
     Staging upgrade complete
     Application and Management Pack testing in progress
     Production upgrade – Week of May 9th
   No Agency Impact
ESF General Updates
 Antivirus Deployment - Managed
 Services
  McAfee Virus Scan v7.1 with ePolicy
  Orchestrator (ePO)
  Lab testing completed
  Standards document in development
  Pilot - Selected Servers
    Staging -> April – May 2005
    Production -> May – June 2005
  Full Deployment
    Q3 2005
ESF General Updates
 ESF Interim Site
   Interim Site has been established
     Internet and Intranet zones have been
     implemented
     Exchange DR services are being deployed
     Additional build out of Managed Services to
     be completed
     Facility not available for Co-Location
     services
ESF General Updates
 Online ESF Document Application
  Document application requirements –
    Managed & Co-location services
    Important for support and DR services
  Original plan was to use SharePoint
    Workflow was removed from 2003 version
  Current Solution
    Word document for each application
    Documents Stored within ESF Sharepoint portal
    No central repository – Multiple copies
Online ESF Document Application

  Proposed Solution
    Web Based Application that utilizes .NET and
    SQL
      Direct agency access
      Separate layout for Co-Location and Managed
      Services
      Centralized repository
      Changes sent to ESF Teams
      Reporting capabilities
      Integrate with ESF CM, CMDB, Remedy, Email
      Notification for quarterly reviews with escalation
      process
    Expected Pilot by July ’05
Resources / Links
 ESF Web Site
 •   http://www.oit.state.pa.us/esf
 ESF Change Management Process
 •   http://www.oit.state.pa.us/esf/cwp/view.asp?a=629&q=182556&esfNav
     =|
 Web Proxy Rules Of Engagement
 •   http://www.oit.state.pa.us/esf/cwp/view.asp?a=1&q=199111&esfNav=|8
     040|
 Active Directory Rules Of Engagement
 •   http://www.oit.state.pa.us/esf/cwp/view.asp?a=1&q=182563&esfNav=|8
     040|
 Application Guidelines for ESF
 •   http://www.oit.state.pa.us/esf/cwp/view.asp?a=629&q=182556&esfNav
     =|
 Single Point of Contact
 • ESF Agency Account Managers (AAM)
 •   http://www.oit.state.pa.us/esf/cwp/view.asp?a=2&Q=189934
 Help Desk
 • (717) 506-1079 Option 1
 •   http://www.oit.state.pa.us/esf/cwp/view.asp?a=7&Q=125093&esfNav=|
Thank You!!
Questions??

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:16
posted:10/28/2011
language:English
pages:43