By Spanco Telesystems and Solutions ltd. 373, Udyog Vihar-II, Gurgaon Presentation on SANJIVINI Project
BySpanco Telesystems and Solutions ltd.373, Udyog Vihar-II, Gurgaon
Presentation on SANJIVINI Project
At the Check post Automated and transparent MPLS providers failover and active-active link load balancing for achieving maximum services uptimes ensuring 24*7 reachability to the Data Center
At the Data Center DC and DR Network based inline solution for protection against 1] OS and Application protection against known and unknown vulnerabilities 2] DOS and DDOS protection. 3] Protection against bots, worms and service denials exploits and attacks
Application load balancer for 1] Ensuring maximum uptimes and high availability 2] Scalable and hardware based robust application load balancer 3] DC-DR scalable solution to provide site to site resiliency
Link load balancing solution for 1] Maintaining multiple paths to reach applications at Data Center 2] Have multiple link load balancing in active-active 3] Fault tolerance for any failures in MPLS backbone services 4] Link load balancing for replication links from DC to DR
Solution Requirement
AgendaSpanco ProfileSpanco ProfileOur understandingOur understanding
SOW - JVVNL SanjiviniSOW - JVVNL SanjiviniAssumptions Assumptions Issue of concernIssue of concernObjectivesObjectives
Proposed SolutionProposed SolutionRisk and Mitigation Risk and Mitigation Proposed Implementation StrategyProposed Implementation Strategy
Profile – SPANCO -1/4 • Strengths National Presence – Customer Relationship Management Solutions – Call Center Solutions– Turnkey Application / e-Governence Solutions– Systems Integration
• Focus – Government / PSUs– Non Voice BPO– Telecom– NREGA, Power, Banking and Education solution
Profile – SPANCO -2/4 SPANCOSPANCO• Spanco is a leading Systems Integrator working Spanco is a leading Systems Integrator working
in Domestic and International markets in Domestic and International markets • Spanco is a provider of solutions to the Telecom Spanco is a provider of solutions to the Telecom
Sector, PSUs, Corporate, Government and Sector, PSUs, Corporate, Government and Indian Defense Indian Defense
• Spanco has 8 regional offices and over 60 Spanco has 8 regional offices and over 60 service support facilities in Indiaservice support facilities in India
• Spanco is present in USA, UK, GCC and Spanco is present in USA, UK, GCC and SingaporeSingapore
Profile – SPANCO -3/4• Spanco is ranked 397th in the ET-500 • Accredited with ISO 9001 – 2000 and CMMi
– 3 certification• A 3000+ strong team • 3rd fastest Growing Company rated by
CNBC, Emerging awards 2006• 100% Y-O-Y growth for 6 consecutive
years
Profile – SPANCO-4/4SPANCO – PPP Success Stories • IRCTC – Unified Call Centre ( 5 Lacs Calls per
day )• e-Seva –Govt of AP
• (over 150 Cr worth of revenue transactions per month)
• SWAN - Maharashtra • Food & Civil Supplies - Maharashtra• CSC – Maharashtra• Mobile Payments - SBI
26/7/2008SPANCO Telesystems
Objectives
• The IT centre will house the IT and security equipments to provide robust security to itsData
• With connected offices the operations across the offices will follow the workflow of the Discom
• Integration with other IT systems for increased productivity
• The management will be able to have effective monitoring of projects
• The IT centre will provide centralized Operations operations for all IT projects
Jaipur Vidyut Vitran Nigam Limited : JVVNL
Primary Locations
IT Centre; Data Centre Circle Office; Approximately 10-15 LAN users Sub-Division Offices; 5-10 LAN users Division; 2-5 LAN users Sub-Offices; With minimum 1 LAN User
Functional Requirements
WAN Connectivity – Circle offices will connects to IT Centre through leased line on 2MB, recommended 8-10 Mbps, Sub-Division connects to respective Circle office and Sub-Offices connects to Sub-Division
Front End – All users approximately 1500, distributed across different offices in Rajasthan will access services hosted at IT Centre at Jaipur. Majority of the application are GIS based which requires approximately 200-256 Kbps per user.
Application – The servers running code with glues the front-end applications to the back-end data and reflects the business processes in how the data is used. Data will be stored locally (SAN) initially and replicated to DR site storage (SAN) on schedule basis (needs to confirm).
Storage – The actual storage devices in which data is stored
Network Requirements
Redundancy – Devices at the IT Centre should have redundancy at all the level and should be highly available. Alternate route to the IT centre from the Circle offices should be achieved by interconnecting circle offices. In case of lease line failure at circle offices, ISDN backup should come up automatically.
Scalability – Routers should be modular in nature so that different interfaces can be installed as per the requirement. Since servers are centralized, the network must be able to handle the sheer amount of traffic from users to the central location, as well as server-to-server traffic. Additionally, devices must be able to scale to provide connectivity (ISDN/Serial) to multiple locations as and when needed
QoS – Router should be QoS enabled to cater voice, video, and data for applications spread across different locations
Security – Devices must be physically secure, and the data and applications must be protected from internal and external threats using inbuilt Firewall and IPS in the Routers at all locations. Routers should be able to support different type of IPSEC setup (Site-to-Site, Remote Access, Tunnel Less) for ease of deployment and manageability.
Management - The IT staff monitors, configures, and troubleshoots network and server resources centrally
Data Center Design
Intranet Service Provider
LB w/SSL
FW
IPS
Storage
ApplicationServersWeb / Front-end Servers
Aggregation Switchwith L4-7 Services
FW/IPS/Load Balancer
DatabaseServers
InternetRemote Offices
Zone#1 Zone#2 Zone#3
SAN Switch
DM
Z Z
one
/ Web
/ F
ront
-end
Ser
vers
Load Balancer
IPS
FW
Core Switch
CORE ROUTER
Corp
SP CLOUD
N x 2 Mbps
Div/Sub-Div Router
N x 2 Mbps
2 Mbps
2 Mbps 2 Mbps
2 Mbps
2 Mbps
2 Mbps
2 Mbps
N x 2 Mbps
N x 2 Mbps
Corp
ISP
(Multiple 2 Mbps)RAS
Internet Router
ISDN CLOUD
2 Mbps (PRI)
2 Mbps (PRI)
2 M
bp
s (PR
I)
WAN Connectivity
CorpCorp
Div/Sub-Div Router
Recommended 8-10 Mbps / Corp
256 Kbps
64
/12
8 K
bp
s (B
RI)
Sub-Office
256 Kbps
64
/12
8 K
bp
s (B
RI)
Data Center Security
Intranet Service Provider
LB w/SSL
FW
IPS
Storage
ApplicationServersWeb / Front-end Servers
DatabaseServers
InternetRemote Offices
Zone#1 Zone#2 Zone#3
SAN Switch
HTTP & SMTP Perimeter Sec
IPS
FW
Core SwitchAAA
SecurityMgmt Soft
SIEM
Server w/Host based IDS
CORE ROUTER
Corp
SP CLOUD
N x 2 Mbps
Div/Sub-Div Router
N x 2 Mbps
2 Mbps
2 Mbps 2 Mbps
2 Mbps
2 Mbps
2 Mbps
2 Mbps
N x 2 Mbps
N x 2 Mbps
Corp
ISP
(Multiple 2 Mbps)RAS
Internet Router
ISDN CLOUD
2 Mbps (PRI)
2 Mbps (PRI)
2 M
bp
s (PR
I)
WAN Security Solution
CorpCorp
Div/Sub-Div Router
Recommended 8-10 Mbps / Corp
256
Kbps
64
/12
8 K
bp
s (B
RI)
Sub-Office
256 Kbps
64
/12
8 K
bp
s (B
RI)
IPSEC VPN
IPS
EC
VP
N
Architecture for Corp/Sub-Div
Router
WAN Cloud
SwitchFiber
FW
PC w/Host based IDS
(8 - 10 Mbps) Recommended for Corps(2-4 Mbps) Recommended for Sub-Div
Architecture for Sub-office
Router w/ FW/VPN
WAN Cloud
(256 Kbps)
Switch
PC w/Host based IDS
DR Requirements
Not Clear
In-Person Experience: Cisco Telepresence Solution
High-Level Design
IT Centre
Gateways
ServersCluster
Router
IP WANRouter
Circle Office. . .
Circle Office
Cisco TelePresence for IT Centre
Native 1080p cameras and 65” plasma displays
Wideband microphones and speakers
Auto-Collaborate Audio Add-In
Cisco TelePresence for Circle Office
Native 1080p camera and 65” plasma display
Wideband microphone
and speakerAuto CollaborateAudio Add-In
Security Solution
Security Solution Perimeter Security: Will be providing features like Span defense,
Virus defense, Policy Enforcement, URL filters, Anti-Malware by deploying HTTP and SMTP appliance at IT Centre
Firewall (FW): Firewall at two different level to provide higher attack protection
Intrusion Detection and Prevention (IPS): Help to detect, classify, and stop threats, including application abuse through several different methods including signature and behavior
Virtual Private Networking (VPN): To enable secure network to authorize user by providing connectivity to corporate resource from any IP-enabled location
Authentication, Authorization and Accounting (AAA): Access Control system
Security Incident and Event Manager (SIEM): Helps combines network intelligence, context correlation, hotspot identification, and automated mitigation capabilities and for compliance purposes.
Host based IDS (HIDS): Help Desktop and Server stop unknown attacks, zero day protection, personal firewall, spyware and Adware protection
IP Surveillance Solution
At the Check post Link load balancing between wired and wireless last mile connectivities from two different MPLS provider will ensure maximum services uptimes to the data Center with intelligent fault tolerance and traffic management
At the Data Center DC and DR The Network Intrusion prevention system will provide defense against OS and applications attacks, DOS, DDOS, Worms and exploits that can cause service outrage or denials. Appliance based Load balancers will ensure highest uptimes by providing scalable and efficient applications load balancing amongst various servers for high availability and site to site resiliency. The solution will provide DC-DR failover functionality and transparent failovers. LinkProof for link load balancing between two different MPLS provider will ensure maximum services uptimes and reachability from the Check Posts and faster replication between DC and DR.
Solution Description
IT Center Network Architecture
Database ServerSub-Control Room - Sales
Check post
Application NMSWeb Video
SAN Storage Tape
library
Server Farm
Sub-Control Room - Excise
Sub-Control Room - Transport
Firewalls
Reporting Antivirus Staging & Testing
Internet Router(Cisco 2821)
Radware - LinkProof Link Load Balancer
Internet
Radware AppDirector
Radware AppDirector
Radware AppDirector
Radware DefensePro (IPS)
Replication Link
ISDN ISDN MPLS MPLS
Check post
Radware - LinkProof Link Load Balancer
Radware - LinkProof Link Load Balancer
Radware - LinkProof Link Load Balancer
DefensePro (IPS) DefensePro (IPS)
DC Site DR Site
Central Control Room Topology: Data Recovery Passive Site Details
Check post
Application NMSWeb Video
Server Farm
Firewalls
Reporting Antivirus Staging & Testing
Internet Router(Cisco 2821)
Radware - LinkProof Link Load Balancer
DC Site
Radware AppDirector
Radware AppDirector
Radware AppDirector
Radware DefensePro (IPS)
Replication Link
VSAT MPLS 2VSAT MPLS 2 MPLS 1MPLS 1
Check post
Radware - LinkProof Link Load Balancer
Radware - LinkProof Link Load Balancer
Radware - LinkProof Link Load Balancer
DefensePro (IPS)
DefensePro (IPS)
DR Site
Database Server
SAN Storage Tape
library
Sub-Control Room - Sales
Sub-Control Room - Transport
Internet
Sub-Control Room - Excise
At the Check post Link load balancing between wired and wireless last mile connectivities from two different MPLS provider will ensure maximum services uptimes to the data Center with intelligent fault tolerance and traffic management
At the Data Center DC and DR The Network Intrusion prevention system will provide defense against OS and applications attacks, DOS, DDOS, Worms and exploits that can cause service outrage or denials. Appliance based Load balancers will ensure highest uptimes by providing scalable and efficient applications load balancing amongst various servers for high availability and site to site resiliency. The solution will provide DC-DR failover functionality and transparent failovers. LinkProof for link load balancing between two different MPLS provider will ensure maximum services uptimes and reachability from the Check Posts and faster replication between DC and DR.
Solution Description