VIEWS: 16 PAGES: 43 POSTED ON: 10/28/2011
Office of Administration Enterprise Server Farm April 2005 Briefing Agenda ESF and OA Enterprise Change Management Process Web Proxy Service Offering & ITB Active Directory 2003 Upgrade Network Enhancements and monitoring General ESF Updates Q&A ESF & OA Enterprise Change Management (CM) Process Stephen Dunn Why the need for Change Management? Managed Services Agencies – 44 Servers – 350 Applications – 200+ Enterprise Services – 12+ Co-Location Agencies – 29 Servers – 228 Applications – 105+ Why the need for Change Management? Infrastructure Firewalls – 10 Network devices – 50+ Two physical locations SAN Enterprise Class Switches Disk Capacity – 21TB Estimated Weekly Changes – 30+ Change Management Two separate Change Management processes with individual Change Management review boards Enterprise Server Farm OA Enterprise ESF CM Process aligns with the OA Enterprise CM process OA Enterprise Change Requests are submitted directly by ESF on the agency behalf ESF and OA Enterprise CM Process ESF and OA Enterprise CM Scope examples: ESF Security/Service Patch updates Software version and configuration upgrades Application configuration changes Infrastructure design changes ESF Firewall A/C/D Hardware/Network A/C/D Hardware/Network Maintenance Server builds and updates Power A/C/D OA Enterprise Enterprise Firewall & DNS A/C/D Infrastructure design changes ESF CM Process ESF Change Management Board Scope exclusions: Application File Updates Data changes Database schema changes User changes/permissions ESF CM Process Change Request for Agency Submitted by Wed 5 PM Change Requestor ESF Change Manager Technical Review on Thurs No Technical Review Passed? Yes Weekly Change Control Meeting @ Fri 10:00 Yes No Change Request Approved? (A) ESF CM Process (A) No OA CMR Process Required? Yes (B) Customer Notification Change Implementation Change Requestor No Change Validated? Yes Change Manager Closes Request OA Enterprise CM Process Change Request (B) Submitted by Request Yes Mon 5 PM adequately defined? Change Requestor OA, Network Technical Review on Tues Change Manager No Technical No Review Passed? Yes Weekly Change Control Meeting @ Wed 10:00 No Date Design Yes Approved? Approved? Network Notification Change Implementation Change Requestor No Change Validated? Yes Change Manager Closes Request Exception Process Retrospective Process (ESF/OA) Used during troubleshooting scenarios Fast Track Process (ESF/OA) ESF Changes executed ASAP Enterprise Changes executed after 1 Day Reviewed periodically for misuse Emergency Process (OA) Enterprise Changes executed ASAP Request from Agency Bureau Director Reviewed periodically for misuse ESF CM Process Agency Process for initiating change Update ESF Documentation for application when applicable Create Remedy Ticket with detailed information and priority Web Proxy Service Offering Steve Dunn Andrew Blyler Web Proxy Service Offering ITB in draft Will be released for agency comment this month! Proxy services should not be the standard for web deployment Waiver process will exist Business Justification required Should utilize ESF offering Intrusion Detection on Web Servers Web Proxy Service Offering ESF Implementation Microsoft Internet Security and Acceleration (ISA) Server 2004 Highly available and Load balanced Monitored via Microsoft Management Pack Rules of Engagement (ROE) document on ESF Web Site Logging – Available via LiveStats Web Proxy Service Offering Web Proxy Service Offering ISA Server 2004 Overview HTTP Web Publishing Distribute web server content and e- commerce applications Secure (HTTPS) Web Publishing SSL Bridging SSL Tunneling Active Directory 2003 Upgrade Steve Brubaker Michael Grasso Active Directory 2003 Upgrade Active Directory Architecture External Application One Way Trust Internal Forest “CWOPA” Forest CTC External (DMZ) OU OU Willow Oak CTC pa.lcl part.root (CWOPA) (ROOT) root.state.pa.us (ROOT) Willow Oak apps.state.pa.us (APPS) CTC CTC Willow Oak user.apps.state.pa.us muser.apps.state.pa.us (USER) (MUSER) Active Directory 2003 Upgrade Upgrade to Active Directory 2003 ESF CWOPA Capabilities and benefits Improved Performance and Reliability Enhanced Security and Scalability Active Directory Enabled Applications Active Directory Application Mode (ADAM) Active Directory 2003 Upgrade Capabilities and Benefits – Contd. Efficient search Additional command-line tools Application directory partitions Global catalog replication tuning Replication enhancements Active Directory 2003 Upgrade Upgrade Schedule April 4th – Staging Forest Preparation April 11th – Staging Forest Migration Updated Rules of Engagement Published May 2nd – Production Forest Preparation May 9th – Production Forest Migration June 1st – Post Migration Cleanup Agency Involvement Testing and sign off Staging and Production Network Enhancements Scott Winters Network Enhancements ESF Hardware Load Balancing Cisco CSS Highly Available Internet and Intranet implementation SSL Offloading capability Improved Performance & Security Reduced load on servers Weighted Services Customizable Keepalives Email Notifications Network Enhancements Hardware Load Balancing in Managed Services Existing HLB Applications VIP already on CSS Add Private FE IP Leverage BLL for backend services Minimal impact Individual agency notifications and scheduling Staging implementation first Expected completion by July 30 Affected Applications DOS SOSKB, Election Apps PSP MegansLaw OA GIS applications Network Enhancements Hardware Load Balancing in Managed Services Existing NLB Applications Move VIP to CSS Add Private FE IP Leverage BLL for backend services Individual agency notifications and scheduling Staging implementation first Expected Project start in August ’05 Non Load Balanced applications VIP will be moved to CSS Network Enhancements Hosting Solution Engine (HSE) Currently implemented in production capacity Waiting for updated HSE code version: Ability to make changes on redundant CSS’s Provides simplified usability Targeted for June/July 2005 ESF is working directly with Cisco and the HSE Product Manager Expected Go Live in July 2005 Network Enhancements Sorry Server Automatic redirection from CSS to “Site Unavailable” Page Applications utilizing CSS can leverage Sorry Server Currently implemented in production capacity Phase I – Generic Commonwealth Sorry Page Phase 2 – Custom Sorry Pages (Q3 2005) Proposed as standard for Managed Services Co-located agencies interested in leveraging service: Create Remedy ticket with ESFTOT Network Enhancements External Network Existing Web Server Infrastructure Cisco 6513 x 1 Cisco 6509 x 2 Planned Additions Cisco 6513 Additional blades Expected implementation by July 2005 Increasing port capacity ESF Recommendation for Co-Location Single Servers SFT NIC teaming to maximize redundancy Network Enhancements OC-3 Load Balancing Originally was Active/Passive Changed to Active/Active Allows greater bandwidth for ESF applications Implemented on Internal Zone Expected implementation on External Zone by Mid-Year Network Enhancements Monitoring Solutions Network General Infinistream Allows a rolling capture window so previously transmitted traffic can be analyzed and compared ~1 Day 8 Hour window on External Zone ~1 Day 19 hour Window on Internal Zone Currently implemented in production capacity Great for troubleshooting intermittent problems! Network Analysis Modules Pilot Testing completed Scheduled implementation by July 2005 Distributed Sniffers Available for specific VLAN troubleshooting Network Enhancements Monitoring Solutions - External PAESSLER Allows external view of Commonwealth Internet applications Notifications for site availability and response times Reporting capabilities ESF reviewing options for agency access Currently leveraged by Managed Services for all web sites Will be available for Co-location applications soon ESF General Updates Stephen Dunn ESF General Updates Server Updates - Managed Services Servers currently on old software build and hardware reaching end-of-life Updated Server Build utilizing Win 2003 Replace Hardware that has reached end-of-life Individual agency notifications and scheduling Staging implementation first Expected Project start in July ’05 ESF General Updates Server Consolidation - Managed Services ESF reviewing Blade Server Technology Boot from SAN option Pilot to begin in May Virtual Servers Pilot to begin in June Provide findings to interested Agencies Reduced Facilities requirements Space Power Cooling ESF General Updates MOM 2005 upgrade - Managed Services ESF Monitoring tool - Microsoft Operations Manager Upgrade from MOM 2000 to MOM 2005 MOM 2005 benefits More Management Packs Better User interface Enhanced reporting ESF reviewing options for agency access Improved Performance and Scalability Schedule Staging upgrade complete Application and Management Pack testing in progress Production upgrade – Week of May 9th No Agency Impact ESF General Updates Antivirus Deployment - Managed Services McAfee Virus Scan v7.1 with ePolicy Orchestrator (ePO) Lab testing completed Standards document in development Pilot - Selected Servers Staging -> April – May 2005 Production -> May – June 2005 Full Deployment Q3 2005 ESF General Updates ESF Interim Site Interim Site has been established Internet and Intranet zones have been implemented Exchange DR services are being deployed Additional build out of Managed Services to be completed Facility not available for Co-Location services ESF General Updates Online ESF Document Application Document application requirements – Managed & Co-location services Important for support and DR services Original plan was to use SharePoint Workflow was removed from 2003 version Current Solution Word document for each application Documents Stored within ESF Sharepoint portal No central repository – Multiple copies Online ESF Document Application Proposed Solution Web Based Application that utilizes .NET and SQL Direct agency access Separate layout for Co-Location and Managed Services Centralized repository Changes sent to ESF Teams Reporting capabilities Integrate with ESF CM, CMDB, Remedy, Email Notification for quarterly reviews with escalation process Expected Pilot by July ’05 Resources / Links ESF Web Site • http://www.oit.state.pa.us/esf ESF Change Management Process • http://www.oit.state.pa.us/esf/cwp/view.asp?a=629&q=182556&esfNav =| Web Proxy Rules Of Engagement • http://www.oit.state.pa.us/esf/cwp/view.asp?a=1&q=199111&esfNav=|8 040| Active Directory Rules Of Engagement • http://www.oit.state.pa.us/esf/cwp/view.asp?a=1&q=182563&esfNav=|8 040| Application Guidelines for ESF • http://www.oit.state.pa.us/esf/cwp/view.asp?a=629&q=182556&esfNav =| Single Point of Contact • ESF Agency Account Managers (AAM) • http://www.oit.state.pa.us/esf/cwp/view.asp?a=2&Q=189934 Help Desk • (717) 506-1079 Option 1 • http://www.oit.state.pa.us/esf/cwp/view.asp?a=7&Q=125093&esfNav=| Thank You!! Questions??
Pages to are hidden for
"ESF APRIL 2005 BRIEFING"Please download to view full document