Interior
Chapter 2
Infrastructure Architecture
Version 2.0
Interior
Chapter 2
Infrastructure Architecture
Version 2.0
2.1 Introduction
and Background
Principle 1: The Network is an Interior asset
Principle 2: Integration/ Interoperability
Principle 3: Ensure Security, Confidentiality and
Privacy
Principle 4: Continuity of Operations Planning
Principle 6: Interior-wide interoperable network
Principle 7: Information Access
Principle 8: Total Cost of Ownership
Principle 9: Mainstream Technologies
Principle 10: Radio Operations
Principle 11: Wireless Operations
Principle 12: Network Planning
2.3.1 Collaboration Communications
2.3.2 Virtual Private Network (VPN):
2.3.3 Supporting Network Services
2.3.7 Network Devices/ Standards
Within this TRM, Infrastructure incorporates Network, Directory and Collaborative Services. Together, they comprise the “invisible glue” that supports the Department’s framework for interacting with others; whether organizations (e.g., states, other agencies), people (e.g., employees, partners), or systems. With the proper “glue”, these services enable the Department to successfully carry out its various missions efficiently and effectively. Without proper “glue”, the framework becomes fragile and many of these necessary interactions may fail to occur (e.g., network down). The infrastructure needs to be strategically planned, strongly backed, and expertly managed.
For the Network Services, this means:
For the Directory Services, this means:
For the Collaborative Services, this means:
The focus of the Interior Enterprise Architecture is on providing guidance for information technology (IT) issues and initiatives that are Interior-wide or multi-bureau in scope. If used correctly, the Interior Enterprise Architecture will act as a catalyst for those looking to capitalize on its contents and better understand the full meaning of its guidance. This understanding will permit IT personnel to better engage the non-IT organization in discussions around tradeoffs and priorities within the proper governance structure (e.g., Management Initiatives Team (MIT), Information Technology Management Council)). The Interior Enterprise Architecture is not intended to be the “last word” (e.g., some automated checklist for product selection). It is intended to be one of the “first words” to assure that Interior’s mission priorities and its IT priorities remain closely aligned.
Because Interior is incorporating the OMB’s Federal Enterprise Architecture (FEA) models, the technical guidance provided by the subject area experts within a domain spans both the Service Component Reference Model (SRM) as well as the Technical Reference Model (TRM). For the Infrastructure domain, the SRM elements are as follows:
Service Domain(s): The Business Management Services Domain defines the set of capabilities that support the management of business functions and organizational activities that maintain continuity across the business and value chain participants. The Business Management Services domain represents those capabilities and services that are necessary for projects, programs and planning within a business operation to successfully be managed.
The Support Services Domain defines the set of cross-functional capabilities that can be leveraged independent of Service Domain objective and / or mission.
Service Type(s): Organizational Management – defines the set of capabilities that support both collaboration and communication within an organization.
Collaboration – defines the set of capabilities that allow for the concurrent, simultaneous communication and sharing of content, schedules, messages and ideas within an organization
Communication - defines the set of capabilities that support the transmission of data, messages and information in multiple formats and protocols.
Component(s): Workgroup / Groupware - defines the set of capabilities that support multiple users working on related tasks.
Network Management - defines the set of capabilities involved in monitoring and maintaining a communications network in order to diagnose problems, gather statistics and provide general usage.
Email - defines the set of capabilities that support the transmission of memos and messages over a network.
Shared Calendaring – defines the set of capabilities that allow an entire team as well as individuals to view, add and modify each other’s schedules, meetings and activities.
Task Management – defines the set of capabilities that support a specific undertaking or function assigned to an employee.
Threaded Discussions – defines the set of capabilities that support the running log of remarks and opinions about a given topic or subject.
Audio Conferencing – defines the set of capabilities that support audio communications sessions among people who are geographically dispersed.
Real Time / Chat – defines the set of capabilities that support the conferencing capability between two or more users on a local area network or the Internet.
Video Conferencing – defines the set of capabilities that support video communications sessions among people who are geographically dispersed.
Computer / Telephony Integration- defines the set of capabilities that support the connectivity between server hardware, software and telecommunications equipment into a single logical system.
These
SRM service elements are likewise supported by Interior’s IT (technical)
infrastructure (e.g., servers, networks). Within this infrastructure are
individual TRM components for which this domain team is providing guidance. The
graphic below outlines those TRM elements for this domain that support the
service needs of the SRM
Additionally, it’s doubtful that a single domain chapter
from the TRM can be used to address a substantive issue. More realistically, a few architecture
domains may need to be reviewed when addressing an important IT decision. For example, if Interior was considering the
creation of a new
The
principles listed below provide guidance for the design and selection of
technology components that will support the Infrastructure technology needs of Interior-wide IT
initiatives.
Principle 1: The Network is an Interior asset |
|
|
|
The Network is a valued asset of Interior and must be managed. Rationale:
Implications: 1. Valuation of the network asset needs to be addressed (e.g., replacement costs, maintenance costs, equitable charge back). 2. As with any asset it requires regular depreciation/ replacement costs and understanding by the management and user communities. 3. Network impact must be included early in applications planning process (e.g., Interior Department Electronic Acquisition System (IDEAS), MAXIMO). 4. Network capacity planning tools will be needed and used across Interior. 5. Need for periodic review with users to assure network is aligned with business directions. 6. Need for improved cross-bureau network coordination (e.g., Interior Network Council). 7. Need to develop a model to understand impacts of network “outages” to customer service levels. 8. Continuity
of Operations Planning (COOP) needs to include impacts on Interior’s network
resources. |
|
|
|
Principle 2: Integration/ Interoperability
|
|
|
|
Systems must be designed, acquired, developed, or enhanced such that data and processes can be effectively shared, for appropriate purposes, across Interior and with our partners. Rationale: ·
Increased efficiency will better serve our customers
(e.g., the public, employees, etc.). ·
Inter-departmental exchange of information requires
network interoperability. Implications:
|
|
|
|
Principle 3: Ensure Security, Confidentiality and Privacy
|
|
|
|
Network systems must be designed and implemented in accordance with security and privacy legislation & policies to assure information confidentiality, integrity and availability. Rationale:
Implications:
|
|
|
|
Principle 4: Continuity of Operations Planning |
|
|
|
An assessment of business continuation and recovery requirements is mandatory when acquiring, developing, enhancing or outsourcing systems. Based on that assessment, appropriate disaster recovery and business continuity planning, design, testing and maintenance will take place. Rationale: ·
Customers and partners have heightened awareness of the need for
systems availability. ·
Any significant visible loss of system availability and stability could
negatively impact our mission and legal responsibilities. ·
Application systems and data are valuable organization assets that must
be protected. Implications: 1. Operation and systems plans will
need to be categorized according to business recovery needs (e.g., short term
essential and long term essential). 2. Systems should be designed with
appropriate level of fault tolerance and recovery in mind. 3. Plans for work site recovery will
need to be in place. 4. Life cycle and other costs will
increase. 5. Continuity of Operations Planning
(COOP)/ Continuity of Business Operations (COBO) will require periodic
testing and revision. |
|
|
|
Principle 5: Basic Services |
|
|
|
A basic set of information services will be provided to all employees. Rationale: ·
Consistent IT capability
provides the basis for larger business initiatives and greater access to
information. ·
Potentially reduces total
cost (TCO) of ownership. ·
Provides basis for improved
communication. Implications: 1.
Basic network connectivity
for voice, internet, etc. needs definition (e.g., least common denominator). 2.
Network bandwidth will
increase significantly as set of “basics” increases. 3.
Support requirements for
basic services will increase (e.g., “I can’t get to the internet, why?”- help
desk). 4.
For places where basic
services cannot be provided, alternate processes/ methods need to be created
(e.g., wildlife refuge 300 baud connection). 5.
Need clarification of who
will pay and how for increasing basic services (e.g., new voicemail). 6.
May increase initial costs
for deploying personnel. 7.
More training will need to be
provided to the entire organization for any addition to or modification of
the basic services. 8.
May require 24x7 operation
and associated personnel availability and costs. |
|
|
|
Principle 6: Interior-wide interoperable network |
|
|
|
We must continue to implement an Interior-wide “interoperable network”; performing as if it were a virtual, Interior-wide Network. Rationale: · Networks are the essential enabling technology for client/server, Internet, and collaborative computing (e.g., emails, file transfers, secure teleconferencing, workflow). An interoperable network enables the organization to more easily reach out to customers and suppliers. · E-government users (e.g., public, employees, partners, suppliers) have increasing need for access to information across Interior; this access must appear seamless. · Lack of robust network architecture will impact the success of distributed applications. Implications: 1. Coordination across Bureau boundaries for network control will be significant (e.g., DOINet routers were not under bureau control). 2. Resources to support a “virtual” network will be in addition to current Bureaus network support. 3. Network will need to be scalable (e.g., unlike DOINet). 4. Need to determine appropriate service levels for participants and have capability for variable service levels. 5. Coordination mechanisms for network security will need to be created (e.g., policies, procedures, processes). 6. Operational sharing of information will increase the complexity of network management (e.g., router down in another bureau’s sub-network which is not seen at point of customer contact). 7. Need to increase the coordination among the operations groups (Network Operations Centers (NOC)) (e.g., published and available contact points). 8. Requires higher speed and higher bandwidth networks. 9. Will need the interconnection of distributed LANs. 10. Need to create connections between legacy systems, client/server and Internet applications. 11. Need to implement a robust, interoperable directory services capability. 12. Need to define guidelines around “who pays”, “who uses”, “who gets”, and “who coordinates” these interoperable networks. 13. Policies and protocols on sharing and exchanging information with third parties need to be addressed (e.g., restricted sub-nets will need to be supported). 14. Need to accommodate remote locations with limited communications options. |
|
|
|
Principle 7: Information Access |
|
|
|
Easy and timely access to data and information is the rule
rather than the exception without security and privacy being compromised. Rationale:
Implications:
|
|
|
|
Principle 8: Total Cost of Ownership |
|
|
|
Interior will adopt a total cost of ownership model for IT systems that includes life-cycle considerations such as the costs of development, implementation/transition, support, disaster recovery, and retirement as well as the impacts of flexibility, scalability, ease of use and reduction of integration complexity. Rationale:
Implications:
|
|
|
|
Principle 9: Mainstream Technologies |
|
|
|
IT solutions will use industry-proven and “state-of-the-art” mainstream technologies. Rationale:
Implications: 1. Vendor implementations of mainstream network
standards many not be compatible (e.g., IP Secure (IPSEC)). 2. Analysis of network solutions will need to be
more thorough (e.g., is capability mainstream or vendor?). 3. When considering support for mainstream technologies,
there will be need to appropriately differentiate bundled versus unbundled
solutions (e.g., Microsoft’s Smart Tags). 4. Need to use simplified or pre-existing
contracts (e.g., National Aeronautics and Space Administration Scientific and
Engineering Workstation Procurement III (NASA SEWPIII), 8(a)) to expedite the
procurement process when using network mainstream solutions (e.g., rapid
changes in underlying technologies). 5. Need to establish the criteria to identify the
weak vendors and poor technology solutions in compliance with Federal
government contracting policy and procedures. 6. Requires the technology portfolio to migrate
away from existing weak products or products that are reaching obsolescence. 7. We may be slow to adopt new technologies. 8. The exploration of new network technology will
be managed and investigation results shared. |
|
|
|
Principle 10: Radio Operations |
|
|
|
Radio operations will adhere to National Telecommunications and Information Administration (NTIA) regulations (e.g., Electronics Industry Association/Telecommunications Industry Association 102 (EIA/TIA 102)). Rationale: ·
Need for interoperability
among bureaus and external partners ·
Mandated by narrow banding
directives from Federal Communications Commission (FCC), NTIA and Interior. Implications:
10.
Need for closer coordination
between radio and data network organizations. |
|
|
|
Principle 11: Wireless Operations |
|
|
|
The adoption of wireless devices (e.g., personal digital assistants (PDA’s), cell phones, 802.11 devices) must be managed. Rationale:
Implications:
4.
Costs for network support
will increase (e.g., personal computer (PC) & PDA versus PC alone). 5.
Wireless attachments to any
network need proper network security (e.g., VPN).
|
|
|
|
Principle 12: Network Planning |
|
|
|
For cost effective network planning, the voice and data planning groups must work together. Rationale:
Implications: 1.
Analysis & decision
processes for local service may need to include input from data network
organization. 2.
Data network planners need
input from local voice planners. 3.
Education of local network
personnel (voice and/or data) on tradeoff potentials. 4.
May need to provide
incentives for coordinating between local voice and data network personnel. 5.
Need modified (new) system
development process to explicitly identify the network impacts to the total
costs early in the design stage. 6.
Need for rudimentary models
of network costing and network architecture for planning during system
development process (e.g., for boundary estimations). |
The Infrastructure technology components in this domain include:
The classifications for any products or standards within this domain are:
Life Cycle Definition/
Classifications Meaning
Preferred Product/standard of choice; support available; recommended.
Contained Develop solutions using these standards or products only if there are no suitable alternatives categorized as preferred; if a preferred product is available that will meet the requirements, plans should be developed to move from contained to preferred as soon as practical.
Obsolete Being phased out; (e.g., vendor support ending); plans should be developed to rapidly phase out and replace (often to avoid substantial risks).
Research Product/standard to be used in conjunction with technology research efforts only (e.g., testing, pilots).
Rejected Product/standard has been evaluated and found not to meet technical architecture needs.
Collaboration Communications defines the forms of electronic exchange of messages, documents, or other information. Electronic communication provides efficiency through expedited time-of-delivery. Subcomponents of this section are Email, online meeting services, instant messaging and distance learning.
Electronic Mail, Fax, Shared Calendaring, Task
Management, & Threaded Discussions:
The In-Process department-wide E-Mail study will establish preferences within E-Mail, Fax, Shared Calendaring, Task Management, & Threaded Discussions.
Online meeting services:
Instant Messaging:
Distance Learning:
A Virtual Private Network (VPN) is a Private Data Network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. Subcomponents of this section are the client component of a VPN, the concentrator and the network-to-network component.
Client component:
Concentrator:
Network-to-Network Component:
Supporting Network Services consist of the protocols that define the format and structure of data and information that is either accessed from a directory or exchanged through communications. Subcomponents of this section are Directory services, routed WAN protocols, routed LAN protocols, routing protocols, and Domain Name Services.
Directory Services:
Routed WAN protocols:
Routed LAN protocols:
Routing protocols:
Domain Name Services (DNS):
Network Management defines the set of capabilities involved in monitoring and maintaining a communications network in order to diagnose problems, gather statistics and provide general usage. Subcomponents of this section are FCAPS, individual components of FCAPS and Web filtering.
Full (FCAPS) Fault Mgmt,
Configuration, Accounting,
Performance and Security:
The domain team is not recommending a Preferred product for a fully capable FCAPS enterprise network management. The reason for this omission is because there are many products capable of performing certain aspects of network management available in the marketplace. Each product has its own market niche. Specific network management objectives and other factors (e.g., amount of human resources available to perform this function, hardware/software costs, and skill base of the network management staff) are used to determine which products are preferable. For this reason, there is no overall solution classified as Preferred.
Components of FCAPS:
Web Filtering:
Wireless / Mobile refers to the various communications techniques that are used to provide wireless transmission including infrared line of sight, cellular, microwave, satellite, packet radio and spread spectrum. Subcomponents of this section are Radio and Wireless Fidelity (WiFi).
Radio:
WiFi (Wireless Fidelity):
Media Servers – Provide optimized management of media-based files such as audio and video streams and digital images.
Network Devices / Standards refers to the varied bedrock components upon which an organizations communications networks depend. Subcomponents of this section are general purpose routers, special purpose routers, managed switches, firewalls, and wiring.
General Purpose Routers:
Special Purpose Routers:
Managed Switches:
Firewalls:
Wiring:
A WAN (Wide Area Network) is a data network typically extending a LAN outside a building or beyond a campus. While typically created by using bridges or routers to connect geographically separated LANs, WANs include commercial or educational dial-up networks such as CompuServe, InterNet and BITNET. Subcomponents of this section are backbone and non-backbone services.
Backbone Services:
Non-Backbone Services:
Video Conferencing refers to communication across long distances with video and audio contact that may also include graphics and data exchange. Digital video transmission systems typically consist of camera, codec (coder-decoder), network access equipment, network, and audio system. This service, which has traditionally been provided within a specialized room, is beginning to emerge as one more possible capability directly on the desktop.
Specialized room:
Desktop:
Audio Conferencing defines the set of capabilities that
support audio communications sessions among people who are geographically
dispersed.
Use of any vendor’s solution for Online Audio Conferencing is classified as Research.
Office Automation refers to the traditional suite of widely
used applications provided at the desktop (e.g., word processing, spreadsheet).
Other Applications refers to software applications that do not fit in any of the other aforementioned software categories. Subcomponents of this section are software for media players, project management, PDF file creation, desktop remote control, and drawing services.
Media Players:
Project Management:
PDF Creation:
Desktop Remote Control:
Drawing:
Utilities refer to software tools that address various miscellaneous processes for technology applications and users. Subcomponents of this section are software for readers, compression and synchronization services.
Readers:
Compression:
Synchronization:
Change Management refers to the management of application
code and content changes across the installed base of servers, desktops, etc.
(e.g., evolution, composition). Subcomponents of this section are desktop
devices and network devices.
Desktop Devices:
Network Devices:
Deployment Management refers to various tools and
capabilities that permit management of remote devices (e.g., desktops,
servers). Subcomponents of this section, like the Change Management component,
are desktop devices and network devices.
Desktop Devices:
Network Devices:
The Domain Principles, because they are derived from Interior’s business direction and strategies, provide the primary direction and guidance around technology decisions within this domain. Additional benefit may sometimes be obtained by reviewing Select Best Practices. These reflect the valuable insights from either domain team members’ experiences or other public sector organizations.
TRM Focused
Select
Best Practice 1: DHCP – Bureau's should move toward DHCP in conjunction
with Dynamic DNS for desktop
computers. Care should be taken to
restrict DHCP access from common areas such as conference rooms.
Select
Best Practice 2: Network Time –Interior should establish a Tier 1 Network Time Strategy for all Bureau programs that require Tier 1 Time stamping ((IDS Systems).
Select
Best Practice 3: Video conferencing Specialized Room – Move away from
separate networks for videoconferencing and onto departmental backbone
networks.
Select
Best Practice 4: Video conferencing Desktop – Any implementations within this area should be treated/ classified as
Research.
Select
Best
Practice 5: Audio conferencing Telcomm Based – A balanced approach relying on both Interior
owned bridges and outsourced services should be used.
Select
Best
Practice 6: Audio conferencing Online – Any implementations within this area should
be treated/ classified as Research.
Select
Best Practice 7: Network Engineering Architecture– Each network site, under the framework of the bureau network architecture, should have an effective network architecture that addresses the frequently changing network needs and technologies.
Select
Best Practice 8: Use TCP/IP for WAN- Configure WAN protocols using
TCP/IP.
Select
Best Practice 9: Design network-neutral applications- Isolate the
application code from the network specific code so business rules and data
access code can be redeployed on a different platform, if necessary. For
scalability and portability, applications must be developed without regard to
the type of network (i.e. WAN or LAN) they are to be deployed upon.
Select
Best Practice 10: Review network impacts early– Potential IT applications should be reviewed for network impact prior to development (e.g., bandwidth needs, latency impacts).
Select
Best Practice 11: Certify applications before deployment- Deploy no application on the WAN until it has been certified. Application testing must be performed to document minimum bandwidth requirements. This will assist program owners building networking requirements into their life cycle models as well as ensure that the WAN can be properly scaled to meet performance expectations.
Select
Best Practice 12: Perform performance measurement and load testing on
distributed applications before deployment- Use load-testing tools that
simulate many users accessing the application. Load testing will identify
network bottlenecks (and application bottlenecks) before the application is
deployed in the production environment.
Select
Best Practice 13: Include network expertise when planning projects- Data
travels at vastly different speeds between the LAN and WAN environments.
Network engineers can, among other things, analyze the traffic that a program
sends across the network to determine if data is being sent efficiently, as
well as help to predict the network utilization and performance of an
application over the WAN.
The quality of the Interior-wide guidance provided within this TRM chapter is a reflection of the efforts of the Infrastructure Domain team. The members of the team are:
Organization Name
Bureau of Indian Affairs Mike McGreer
Bureau of Land Management Ken Wilbert
Bureau of Reclamation Jeff Hoffman
Minerals Management Service Bryce Hunter
Martha Davis
National Park Service John Snyder
Candace Fox
Office of Surface Mining Matin Nouri
Office of Special Trust Robert Aguayo
US Fish and Wildlife Service Mark Irvin
Warren Jernigan
US Geological Survey Paul R Celluzzi
| Disclaimer | Privacy Statement | FOIA | E-Gov | USA.gov | White House | DOI Home |