|
State of California Data Center Consolidation Hearing |
|
|
|
Friday, 28 November 2003 |
Tom Tuduc
Archived article from November 12, 2003
http://www.dof.ca.gov/HTML/Data_consolidation/SummaryHearing.pdf
Section 41.5 of Chapter
225, Statutes of 2003/AB 1752, requires the Department of Finance to
convene a working group to develop a data center consolidation plan for
the State’s two general purpose data centers (the Stephen P.
Teale Data Center and the Health and Human Services Agency Data Center)
and submit the plan to the Legislature.
Questions
· What are the qualitative and quantitative
benefits of consolidation?
· What role should a consolidated data center have
in State government?
· What are the opportunities presented by
consolidation?
· What issues and concerns are there with
consolidation?
Responses
To address the above questions, the concept of Utility on Investment is
introduced, the inter-related top variables addressing these four
questions will be listed, an example of a mid-level security variable
is shown. In addition, observations for implementations are recommended.
While costs-benefits analysis helps, government IT initiatives can not
be measured by ROI or net present value. Instead, Utility On Investment
(UOI)- what is it worth to society to have better data centers, better
information portal, and better services? UOI can be quantified by
taking into consideration all the costs and benefits variables that are
related to the data centers. It is possible that newly realized
benefits can diminish the utility of traditional services. This is part
of the UOI calculation.
At the highest level, the following decisions (i.e. opportunities),
uncertainties (including issues and concerns) affect the UOI (impacts
and benefits):
Decisions:
IT Governance
Methodologies
Consolidation decisions
Main Integration Contractor decision
Legacy Integration decision
Security Budget
Smart Services decision
Uncertainties:
Internet Technologies
Standards
Industry analyst analysis
Application integration
Data integration
Legacy integration
Consolidation technologies
Infrastructure
Security Risks
Data Center technologies
-
Main Frames
-
Blade Servers
-
Grid Computing
These decisions and uncertainties can be expressed using an Influence
Diagram as shown below. Further, this influence diagram can be used to
gain quantitative insights including which are the most important
variables to the UOI and how much, what are the trade-offs, what are
the conflicting objectives. For further information on Influence
Diagram and Decision Analysis, please see:
http://webarches.com/QuantRiskMngt-tuduc.ppt
Detail on the Consolidation Decisions
Detail on the Security
Risks – See Appendix 1: Security Areas
Example Calculations of the impact of consolidation decisions and DC
technologies. This example shows the affect of likelihood of
success of main frames, blade servers, and grid computing on
consolidation decision.
Recommendations for
Implementations
1. Type of consolidation:
* Process and procedures standardization
across servers.
* Physical consolidation: moving servers
to fewer locations.
* ReEngineering: consolidating
applications on fewer software and hardware platforms, by partitioning
and workload management.
2. ReEngineering includes consolidate similar workloads across
organizations. i.e. Web Servers, application servers, file/ print
servers, and e-mail servers. Consolidation of applications using the
same database management systems can be done with very low risk.
For systems not sharing similar databases, business-oriented process
integration, application integration, data integration (i.e. using
DataMirror) and web services can be used (i.e. Microsoft Biztalk or BEA
WebLogic). In addition, information integration can be done using
knowledge management and business intelligence tool (i.e. Convera.)
3. Storage consolidation using Storage-area Networks (SANs) or
Network-Attached Storage (NAS) can provide capacity management and
backup management economies of scale. It is possible to host the
largest of databases in a single node using virtual databases to reduce
administrative costs (i.e. a large software vendor consolidated its IT
worldwide network of 97 email servers and 120 databases into 2 servers
running 4 databases.)
4. Employ the Service Oriented Architecture to balance between
stability and agility in operation consolidation and process
improvement, i.e. new processes and services are integrated with old
ones - see paper: http://tom.webarches.com/ttuduc.htm
5. The total cost of ownership is usually lower for centralized Data
centers. In addition, using new products bring new benefits not
available before. These include:
* New Blade servers (i.e. HP, IBM, RLX)
for dedicating to various applications (i.e. web server, email server)
and to benefit from the Service Oriented Architecture (SOA)
* Mainframe evolution for server
consolidation (linear scalability advantage with IBM eSeries, also
SunFire 15K). Managing server farms can be an order of magnitute higher
than original servers cost. In contrast, a single, centrally managed
mainframe can handle thousands of Linux, Windows or Unix applications
servers.
* Maturity of partitioning and workload
management enabling multiple operating versions and vendors
* Server virtualization and remote
management to address server utilization.
* Windows Server 2003
* Grid computing
6. Consolidation of applications, data, and information can be served
by emerging best practices including next generation real-time
Enterprise Application Integration (EAI) tools (i.e. DataMirror) that
combine EAI and ETL (Extract, Transform, and Load) to address the five
levels of integration (transport, data, information, process, and B2B
or G2B). For more examples, please see paper "Do More with Less in
Application Integration, Business Process Management, and Software
Development": http://webarches.com/InstantTalentst2.htm
7. Web Services can help with integration (i.e. State of New Mexico,
Canadian and Danish Government). But long term improvement is in data
integration (XML), as this will improve an order of magnitude in
transactions such as government-to-business (G2B).
8. Customer service can be improved by EAI and centralization. Here
first and second generation solutions in both G2C and G2B include
Anexsys, EZgov, GovWorks, NetClerk, PermitsNow, Permits.com, Accela.
The second generation solutions integrated back-end ERP and databases
to improve complex processes include services in permitting, planning,
licensing, emergency response, homeland security /alert, and public
health. For example using Accela enterprise systems, Cincinnati, Los
Angeles, Alameda, Roseville California, Washington D.C. and others have
centralized asset management /data integration, integrated legacy and
ERP systems, and achieved transaction scalability.
9. Regarding the Center of Excellence in Purchasing, product research
and evaluation can be carried out independently of analysts often
sponsored by vendors. Some of these products include: "Smart Enterprise
Suites" (long running processes with collaboration and document
management), Just-in-time eLearning, E-mail response systems,
enterprise instant messaging, and next generation Customer Relationship
Management to address customer service/ intelligence and being
integrated with the rest of the enterprise. Search and knowledge
management solutions can help the state managing explosive growth of
information including Verity, Autonomy, Fast Search and Transfer,
Convera, iPhrase, InQuira, enterprise Ask Jeeves, Google, and Endeca.
Real-time data integration/ data delivery tools such as DataMirror
(implemented by the Colorado Judicial Brach). Enterprise architecture
tools (i.e. Metis) can help with managing IT assets and architecture.
10. Identity Management Recommendations:
Integration
* Integrate both Web-enabled
applications and legacy applications to identity directory.
* First steps: start with emails, i.e.
Outlook, Lotus Notes, VPN, then expend to ERP, CRM, and HR systems.
* Avoid ownership issues by adding a
monitoring layer on top of division-owned applications.
* Integrate logs. Integrated all system
traffic for different layers of usage and data mining, i.e. business
performance monitoring, network security and management, intrusion
detection, etc.
Identification Policy
* Biometric Policy: Use with password or
PIN only.
* Password Policy: Regardless of
password length requirements, only enable three password entering
attempt.
Standards
* Use SAML for identity and
authentication process.
* Use Web Services Standards for ease of
integration, i.e. SOAP, WS Security.
11. Light-out data center considerations:
* Console access via network or IP
* KVM over IP
* Client software as an alternative
* Multilevel passwords and authentication
* Individual user righs and group
settings
* Console management features such as
those provided by Avocent, Belkin, or Lightwave
12. Other Considerations:
* Manageability: distributed management,
content deployment management, applications management, integration
technologies management, network management
* Availability and Scalability :
multi-site clustering, load balancing, disaster recovery, fault
management, performance management, problem management
* Security: Defense-In-Depth
architecture, Active Directory, fail-over firewalls, operating system
hardening, backup systems/services, business continuity
* Making Data Center a disaster recovery
facility
* Utility computing
* New Data-Center technologies
* Modeling and Analysis, i.e. network
& systems
* Legacy Systems Analysis, Upgrade, and
integration
Appendix 1: SECURITY AREAS
Access Controls, Authentication, & Anti-eavesdropping
* Data access
* Emanation controls
* Hardware usage
* Password and password generation
systems
* PIN generators
* Smart cards/tokens
Anti Virus: Virus protection/detection
Automated Patch Management
Biometrics: Authentication of users/terminals
Business Continuity & Disaster Recovery:
* Backup Hardware/Software
* Disaster Recovery Planning Tools
Content Delivery Network Security
Email spam filters
Encryption:
* Applications
* Digital Signatures &
Certificate Authorities
* EDI
* Electronic Commerce
* E-mail
* Smart cards/tokens
* Hardware Encryption
* Secure Storage Hardware
Extranet Security Integration
Firewalls and Internet Security:
* Firewalls
* Internet Filtering & Monitoring
* Miscellaneous
* Virtual Private Network (VPN)
* Web Server Security
Intrusion Detection & Network Monitoring:
* Intrusion/Misuse Detection
* Network Monitoring
* Miscellaneous
* Scanning/Testing Tools
Media Security Destruction Devices: Destruction Devices-Shredders
Media Protection: Safes
Media Security:
* Anti-Theft, Forgery, Tampering ID
Systems
* Cabinets/Containers
* CD-ROM Security
* Degaussers & Erasure Systems
Physical/Facility Security - Anti-Theft Devices:
* Bracket Systems
* Cables
* Electronic Alarms
* Enclosures
* Furniture
* Identification/Marking Systems
* Pads
* Secure Computer Systems/Processors
Physical/Facility Security - Entrance Control Systems:
* Accessories
* Card Reader Systems
* Guard Services
* Locks
* Monitoring Systems
* Personnel Identification
Systems-Biometrics
* Personnel Identification Systems-ID
Badge
Physical/Facility Security - Environmental Controls:
* Accessories
* Monitoring Systems
* Static Protection
Physical/Facility Security - Power Management:
* Surge Suppressors
* Totally Integrated Systems
* Uninterruptible Power Supplies
Risk Management: Risk Analysis
Security Incident Management
Single Sign On
Software Controls:
* "Virus" Detection and Control
* Data Access Software
* DBMS Security Software
* Library Management
* Secure Operating Systems
* Security Performance Assessment
* Software Copy Protection
Telecom & Remote Access Security:
* PBX Security
* Port Protection/Screening Devices
* Secure Faxes
* Security Modems
Wireless Security
For further information, please contact Tom Tuduc at
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
|
|
|
Tutorials/Publications