Shared Services Canada Perspective GTEC Panel: Increase Value of IT Services Through Application Portfolio Management Government Technology Exhibition and Conference (GTEC) October 9, 2013 Ottawa Convention Centre Room: Room 211, 2nd Level Time: 1:00 p.m. – 1:45 p.m. Benoît Long Senior Assistant Deputy Minister Transformation, Service Strategy and Design
7
Embed
“Increase Value of IT Services Through Application Portfolio Management” delivered by Benoit Long, Senior Assistant Deputy Minister Transformation, Service Strategy and Design,
“Increase Value of IT Services Through Application Portfolio Management” delivered by Benoit Long, Senior Assistant Deputy Minister Transformation, Service Strategy and Design, Shared Services Canada.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Shared Services Canada Perspective
GTEC Panel: Increase Value of IT Services Through Application Portfolio Management
Government Technology Exhibition and Conference (GTEC) October 9, 2013 Ottawa Convention Centre Room: Room 211, 2nd Level Time: 1:00 p.m. – 1:45 p.m.
Benoît Long Senior Assistant Deputy Minister Transformation, Service Strategy and Design
2
Conceptual End State (updated July 2013)
Service Management
• ITIL ITSM Framework • Standardized Service
Levels/Availability Levels • Inclusive of Scientific and
special purpose computing • Standardized Application
and Infrastructure Lifecycle Management
• Smart Evergreening • Full redundancy – within
data centres, between pairs, across sites
Enterprise Security
• All departments share one Operational Zone
• Domains and Zones where required
• Classified information below Top Secret
• Balance security and consolidation
• Consolidated, controlled, secure perimeters
• Certified and Accredited infrastructure
Virtualized Platforms
Off-line / Backup
Archive
Near-line
Tier 3
Tier 2
On-line Tier 1
SAN NAS
Virtualized Storage
IP PBX App. Email
WAN Node
Data Centre Core Network Domains & Zones
V.Conf. Bridge
Web
File/ Print
Database Th.Client
VDI
Internet PoP
Business Intent
• Business to Government • Government to Government • Citizens to Government
Sys. z App / DB Containers
z/OS
Any Special Purpose / Grid / HPC
Operating System
Consolidation Principles
1. As few data centres as possible
2. Locations determined objectively for the long term
3. Several levels of resiliency and availability (establish in pairs)
4. Scalable and flexible infrastructure
5. Infrastructure transformed; not ‘’fork-lifted’’ from old to new
6. Separate application development environment
7. Standard platforms which meet common requirements (no re-architecting of applications)
8. Build in security from the beginning
x86 Web / App / DB Containers
Windows
x86 Web / App / DB Containers
Linux
En
terp
ris
e
Secu
rit
y
GC Private Domain
Application Migration
• Standard platforms and product versions
• Migration guidance • Committed timeline for
product evolution
Workload Mobility
Service Level
… Service Level
Application Service Levels
Standard
Enhanced
Mission Critical
Regional Carriers
International Carriers GCNet
(3,580 buildings)
Public Cloud
Services
Internet
B2G
C2G
G2G
Regional WAN Accelerators
Virtual Private Cloud
Several, highly-secure Internet access points
Stand-alone centre for GC super-computing (HPC) – e.g. Weather
Development
Dev1 Dev2
Production
Prod3
B
U
U
Prod4
C
U
U
Production
Prod1
S
A
B
Prod2
S
B
U
Servic
e
Man
ag
em
en
t
Virtualized Services
Classified Data
Confidential
Secret
C
S
Protected Data A Protected A
B Protected B
C Protected C HPC
Sci1
3
Storage
Server HW
Network
Servers
Virtualization
Runtimes
Applications
Security &
Integration Ma
na
ged
by s
ha
red
se
rvic
es
pro
vid
ers
Storage
Server HW
Network
Servers
DBMS
Virtualization
Runtimes
Applications
Security &
Integration
Storage
Server HW
Network
Servers
Databases
Virtualization
Runtimes
Applications
Security &
Integration
IaaS PaaS SaaS
CIO
ma
na
ge
d
CIO
ma
na
ge
d
DBMS
ICT Deployment Models and Evolving Degrees of
Accountabilities
•IaaS: Infrastructure as a
Service
•PaaS: Platform as a Service
•SaaS: Software as a Service
(non Dept/Agency
program Applications)
Ma
na
ged
by s
ha
red
se
rvic
es
pro
vid
ers
Ma
na
ged
by s
ha
red
se
rvic
es
pro
vid
ers
4
GC Cloud Conceptual (updated July 2013)
SSC Partner Department
GC other Gov’t Depts GCnet
GC-Community
GC-Public GCTravel
Public-facing web sites
GCdrive Pay
Pension Collab
Intranet sites
Canada.gc.ca
Jobs
GEDS
Directory
GCDocs MySchool
GC Community Cloud • Internal services for GC community
• SSC-provided cloud services to the GC
• Secured perimeter
• Multi-Domain (Protected B to Secret)
GC-SRA
GC Public Cloud • Some public-facing GC presence
• Limited Development / Test capacity
GC Hybrid Cloud • Secured extension of GCNet to vendor
• Vendor-provided cloud services to the GC
Directory
Free / Busy Mobile Integration
GC-Hybrid
5
Cloud Computing: Opportunities & Challenges
Opportunities • On-demand self service
V storage
• Ubiquitous network access
Community cloud (CWA, GCDocs)
• Resource pooling (location
independence, homogeneity)
Hybrid cloud - STSI
• Rapid elasticity
• Measured service
• Private clouds
Data Centre Consolidation and
Telecommunications
consolidations
• Data sovereignty, privacy and security Data in motion, data processing
and data at rest
Challenges • Connecting resources across clouds and customer
premises
Cloud service management and cloud brokerage – SSC evolving and increasing roles
• Managing identity, federation, and access control
Cloud auditor; ICAM federation
• Isolating tenants in a multi-tenancy environment
GC community cloud – single operational zone
Location of data – data sovereignty, yes; critical GC data within SSC private cloud
• Extending on-premises security & operations management practices to the cloud
SSC cloud broker and auditor roles
• Latency and other performance-related considerations
Centralization of data and federation of processing; virtualization; network design and operationalization
• Network capacity and capability
Enterprise requirements for two domains, single network (unclassified and classified) in evolving data, usage and security landscape; moving from dept specific domains