Chapter 7: Infrastructure Layer Architecture 7.1

Overview

7.2

Network Component

7.3

Platform Component

81

Abu Dhabi IT Architecture & Standards

Chapter 7: Infrastructure Layer Architecture 7.1 Overview BUSINESS LAYER ARCHITECTURE

OPERATIONS LAYER ARCHITECTURE

APPLICATIONS LAYER ARCHITECTURE

DATA LAYER ARCHITECTURE

SECURITY LAYER ARCHITECTURE

INTEGRATION LAYER ARCHITECTURE

INFRASTRUCTURE LAYER ARCHITECTURE

Exhibit 7.1 Infrastructure Layer Architecture The two key components of the Infrastructure Layer are the Network and Platform components. The Network Component refers to specific connectivity and security boundaries for both internal and external communication. This component consists of: • • • • •

offer support in this region. The Platform component refers to a set of Technology standards that enable software applications and hardware devices to run and operate as an interconnected managed unit or environment. This includes: • • • • •

Wide Area Networks Local Area Networks Wireless Networks Voice Networks Mobile access

There are a variety of Network configuration and equipment choices available, from major vendors who

Servers End User Devices Peripherals Storage Mobile devices

Standardisation on single or consistent vendor and product type per component is recommended as this

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

Chapter 7: Infrastructure Layer Architecture

will enable a reduced support model, increased product awareness, reduced development and integration costs, and increased speed of deployment. The Abu Dhabi Government recognises the requirements for each department to retain use of an existing infrastructure. However, as new programs address the requirements of infrastructure, the guidelines outlined in this Layer should be reviewed and implemented. It is important that external network security boundaries are addressed due to the unrestricted nature of internal communications between departments. Possible methods and product types are highlighted, but specific security standards are addressed in detail in the Security Layer Architecture.

7.2 Network Component Exhibit 7.2 is a high level overview for a Government Network Layer. It should be noted that there are no industry standards that allow a secure and non-secure network to operate efficiently. This security flaw in integrating secure & non-secure network capabilities must be considered when a secure network is required. The expectation is that a secure Government network is required for all inter-Government data communications. A secure network should be based on a managed WAN environment, providing secure gateways to each department and provide external access. All Government secure networks should be designed for all the departments and not just for an individual one.

Public Network Internet

Government Secure Network

Government Entity LAN Infrastructure

Government Entity LAN Infrastructure

Government Entity LAN Infrastructure

Exhibit 7.2 Network Components Overview The region’s predominant Network equipment provider is Cisco Systems, with some high end routing provided by Juniper Networks in carrier environments. The predominant telephone supplier is Avaya, procured via Etisalat. There is an increasing trend towards the deployment of VoIP technologies, the predominant provider of which is Cisco Systems.

It is understood that Etisalat at present does not allow Voice over IP traffic over the public internet, although there may be plans to provide such services in the future. This restriction does not appear to apply to the interconnection of peer Government Networks, where essentially these would form a common Wide Area Network (WAN) cloud for sharing Data, Voice,

83

Abu Dhabi IT Architecture & Standards

and Video in the near future. Etisalat has also begun providing Multi Protocol Label Switching (MPLS) Wide Area Network services. 7.2.1

Wide Area Network

Wide Area Network (WAN) - is a Network of communications infrastructure that typically covers several geographical areas. WANs are used to connect local area Networks (LANs) together, so that systems in one location can communicate with systems in other locations. WANs are built using ATM Switches, MPLS backbones and leased lines. WANs can be linked either by point-to-point connectivity i.e. via a Data Centre or by indirect connectivity through the Internet. Physical connectivity between geographical sites is provided by external service providers such as Etisalat. Consideration of wireless capabilities should be incorporated within present and future network layer architectures to allow expansive capabilities of services and the incorporation of network services that would not be considered due to the cost of “physical access methods”. WANs generally cross public right-of-ways and rely at least in part on circuits provided by a common carrier. Typically, a WAN consists of a number of interconnected switching nodes. A transmission from any one device is routed to a specified destination device.

7.2.1.1.2 Internet Connectivity This allows Government Departments to interact with the public internet providing access to e-mail, web browsing etc. The managed service provider should provide this functionality and all Government internet traffic should be directed across this link. This allows cost consolidation, and cross Government control of Internet access, and furthermore simplifies the implementation of security around a single access point. In the development of governmental services for the public, serious consideration should be analyzed on the access and methods of access to government protect data warehousing versus public access. Data duplication and mirroring should be considered, to eliminate the direct access of the public to actual governmental data warehousing. 7.2.1.1.3 Remote Connectivity This allows remote access to the Government Wide Area Network and thus to Government Departments. The gateway will need to support secure connectivity. A government managed service provider should provide these services. The managed service provider should be integrated into a Government Wide IT Configuration Control Board (ITCCB) controlled by the government. 7.2.1.1.4 Government Department Firewall

7.2.1.1 Managed WAN Services The managed services provider should provide the Wide Area Network component (including all routers) and where necessary the encryption hardware. They should also provide the Internet facing connectivity including firewall, routing, content control, intruder detection and virus scanning. The managed Network provider should also provide secure remote access (such as SSL VPN). 7.2.1.1.1 Routing between Government Network and Government Departments Routing should be provided as part of the managed Network service. This provides connectivity between the Government department and the rest of Government. This router could also provide encryption if deemed necessary.

If resources can be centralized for funding and managing firewall and intrusion detection network systems, this would be the optimum solution for protect governmental IT resources and data warehousing services. Engineering skills sets needed for firewall and intrusion detection system is costly, and can be shared services if an Enterprise Architecture design approach if possible. If this resource or capability is not feasible, then each department should be responsible for its own firewall before the dedicated router to the Wide Area Network. The department also remains fully responsible for all traffic before the router. This firewall is provided and managed by each Government Department and allows a department to control traffic from there Network onto the Government Wide Area Network and thus protects the department.

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

Chapter 7: Infrastructure Layer Architecture

7.2.1.1.5 Firewall A firewall is an item of hardware and or software which functions in a Networked environment to prevent communications that are forbidden by the security policy. Firewalls protect a trusted Network from an un-trusted one by restricting the type of traffic that is permitted between the two. They also must maintain an audit log of all traffic. Typical zones of trust include the internet (no trust) and an internal Network (high trust). This provides a controlled connectivity between zones of differing trust levels through the enforcement of the security standard. For further information, please refer to the Security standards.

In brief: • Interconnection with a fully trusted security zone would not require additional firewall protection • Interconnection with a partially trusted zone would require additional firewall protection, depending on degree of trust • Interconnection with an un-trusted zone would require additional firewall protection in addition to further security devices such as a emilitarised zone (DMZ). This should be used for Internet access

Exhibit 7.3 Suggested Firewall Protection

85

Abu Dhabi IT Architecture & Standards

Firewall techniques include: • Packet filter: Looks at each packet entering or leaving the Network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to the Users, but it is difficult to configure. In addition, it is susceptible to IP spoofing. • Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can result in performance degradation. • Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking. • Proxy server: Intercepts all messages entering and leaving the Network. The proxy server effectively hides the true Network addresses. 7.2.1.2 WAN Connectivity These devices and Technologies provide functionality for connecting remote clients or offices to a data centre, or internet service provider. • Virtual private Network (VPN) – A virtual private Network (VPN) is a private data Network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunnelling protocol and security procedures. The VPN gives the company the same capabilities at much lower cost by using the shared public infrastructure rather than a private one. • Authentication mechanism for VPN – involves two parts: the protected corporate Network, which provides physical and administrative security to protect the transmission and a less trustworthy Network (usually through the Internet). Generally, a firewall sits between an end user device and the host Network or server. • Routing – Routing directs forwarding, the passing of logically addressed packets from their source toward their ultimate destination through intermediary

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

nodes (called routers). The routing process usually directs forwarding based on routing tables within the routers, which maintain a record of the best routes to various Network destinations. • Converged Network – The integration of all traffic types - voice, data, and video solutions - onto a single IP Network. The market presence and general trend towards converged Networks and the associated benefits of a single Network Layer that combines services must be considered to be an integral part of the solution. This service requires the provision of additional bandwidth, the implementation of Quality of Service (QOS) and associated enhancements to Network management services. • External Gateways – External Gateway Services provide inbound and outbound connectivity between the Government and approved suppliers and also between the Government and other approved third parties. Services are broken into the following categories: - Inter Government connectivity (fully trusted connections) - Third party access connections (partially trusted connections) • DMZ – (demilitarised zone). This is a Network area that sits between an organisation’s internal Network and an external Network. Network Boundary Protection is required for external access. The principle vehicle for protection between Networks is a properly configured firewall. Such firewalls are required to support NAT (Network Address translation) • NAT – (Network Address Translation) involves the reassigning of the source and/or destination addresses of IP packets as they pass through the Network boundary. Systems using NAT have been configured so that many hosts devices may effectively hide behind a single IP Address protected from the Internet. • DHCP – (Dynamic Host Configuration Protocol). DHCP is capable of supplying each Network client with an IP address, subnet mask, and default gateway automatically. This removes the requirement for Network administrator to maintain physical lists

Chapter 7: Infrastructure Layer Architecture

of static or consumed IP address that have been allocated to Network hosts. DHCP management and servers should be managed government wide when possible. • DNS domain name system stores and associates many types of information with domain names, but most importantly, it translates domain names (computer hostnames) to IP addresses, as humans are not capable of associating an IP address to a web URL e.g. 203.10.5.10 may be the IP Address of a URL for Microsoft.com. It maintains lists mail exchange servers accepting e-mail for each domain. DNS is an essential component of the underlying foundations of the Internet. DNS management and servers should be managed government wide when possible. 7.2.2

• Distribution Layer – This provides connectivity to the workgroup access Layer Network Switches • Core Layer – This is a highly reliable Layer of the Network, sometimes also referred to as the backbone. Its main function is to provide connectivity to your Server Farms and Data Centre environments to route traffic as quickly as possible. It also provides aggregation and shared services. In some cases where the site is small and not distributed, you can have the workgroup access Layer and distribution Layer combined into a single Layer providing connectivity directly to the core layer. It is recommended that a highly available Network design is completed, for each of the Layers to avoid outages. This is also needed, especially when the Network is being used for data, voice, and video applications.

Local Area Network

Local Area Network (LAN) – This is a computer Network (or data communications Network) which is confined in a limited area. It is also defined as two or more devices that communicate with each other with no external routing. LANs may be physical or logical. A logical LAN is referred to as virtual local area Networks (VLANs). LAN connectivity options consist of the following: • Wired: The physical cable used to connect Network enabled devices • Wireless: A Network that transmits over unlicensed frequency bands 7.2.2.1 Wired LAN LAN devices – These are Network device which provides the LAN connectivity. The function of these devices is to efficiently move data packets between hosts or devices on the same or differential Network segments. Switches offer considerable performance improvements over older style hubs and are essential for transmission of real time traffic such as voice. The LAN is mostly comprised of three main Layers: • Workgroup Access Layer - This provides connectivity to user PCs, IP devices, and sometimes used for departmental servers

87

Abu Dhabi IT Architecture & Standards

Exhibit 7.4 LAN Layers 7.2.2.2 LAN Structured Cabling System A structured cabling system (SCS) is a set of cabling and connectivity products that integrates the voice, data, video, and various management systems of a building. An SCS consists of an open architecture, standardized media and layout, standard connection interfaces, adherence to national and international standards, and total system design and installation. The standard Category 6 cabling and connectivity components should be used with RJ45 termination connectors, usually used for horizontal structured cabling system. This cable is suitable for speeds of 10BASE-T, 100BASE-TX and 1000BASE-T (Gigabit Ethernet). The maximum allowed length of a Cat6 cable is 100m; the minimum allowed cable length is 15m. Most systems, however, will operate at smaller lengths. For longer distance or higher Network speed

the standards are Single and Multi Mode Fibre Optic cable since laser-optimised fibre supports distances of up to 2km and a speed of 4GB/sec, usually used for vertical structured cabling. 7.2.3

Wireless LAN

Organizations are primarily concerned with reducing operating costs and increasing overall efficiency. Wireless LAN Technology address these issues by providing converged Networks, supportive of voice, video, data and convergence data to improve business agility. It consolidates all the Network requirements into a complete, reliable wired and wireless infrastructure. The best elements of wireless and wired Networking are combined to bring mobility to the organisation in a secure and reliable manner that reduces the Total Cost of Ownership (TCO), and drives greater employee productivity, and collaboration.

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

Chapter 7: Infrastructure Layer Architecture

Wireless LAN (WLAN) is a LAN communication Technology in which radio, microwave, or infrared links replaces the physical media (i.e. wires and cables). Area of Consideration: • Coverage – to provide a good Network coverage for the envisaged areas • Security – to make sure that your Network is not compromised • Manageability – to be able to manage and troubleshoot the Wireless Network 7.2.3.1 Wireless LANs Main Components • Indoor wireless access points – primarily used in conference rooms, offices, and other common areas to provide access to Network resources. • Outdoor wireless access points – primarily used to challenge the RF environments, such as warehouses, factories, and retailers that require external antennas to extend the coverage of the wireless LAN. • Wireless bridges – primarily used for high-speed, cost-effective wireless connectivity between multiple fixed or mobile Networks and clients, this platform is ideal for public access for outdoor areas, Network connections between buildings, and outdoor infrastructures for mobile Networks and users. • Wireless controllers – used for managing the wireless LAN security policies, intrusion prevention, RF management, Quality of Service (QoS), and mobility. They work in conjunction with the access points to support business-critical wireless applications. From voice and data services to location tracking. 7.2.4

Voice Networks

Voice Telephony - provides one of the key components of the operational environment which users, both internal and external, rely upon. It is an enabler within the technical infrastructure which provides not only the traditional information flow in terms of spoken conversation, but also allows for a variety of other media services which can be • User accessible e.g. fax, recorded announcement

• System level via converged Networks and intelligent routing / call distribution. Telephony services are deployed across all levels of the Government Departments, the services and systems varying dependant on user, environment, purpose approach to provision, etc. The Telephony Service can be considered as five elements: • The Network(s) - providing connection and distribution to geographically diverse locations of incoming and outing communications. • The office telephony - providing connectivity to the Network(s), whilst allowing flexible configuration and service provision to individuals and user groups. • The contact centre - in terms of voice connectivity generally fulfilling the criteria set out for office telephony. The ability for this element to enable addition functionality in rule based volume distribution of calls driven by business defined processes. • Enhanced services: providing additional functionality both at a user and system level. • Network/operational management; providing both management statistics and interactive configuration at both service provider and user level. Public Voice Network - Services (public Networks) are provided by the Public Switched Telephone Network (PSTN). The PSTN is a worldwide distribution of voice Networks with gateways and agreed addressing conventions between them. • Public Network connections provide a range of services including the following: • Basic PSTN telephony providing access to national, international, mobile and advanced service Networks • Multi-line service for volume delivery of telephone traffic to a single published number across multiple physical lines • Direct Dial In (DDI), eliminating the need for an operator, providing a large amount of national numbers delivered over shared Network connections • Delivery mechanism for advanced services.

89

Abu Dhabi IT Architecture & Standards

Private Voice Network - Services (private Networks) provide internal connectivity. These utilise private number plans, which can only be used by users with the relevant access rights to the Network. However, the addresses (numbers) of most telephone extension ports are mapped directly to PSTN numbers in order to allow incoming telephony access from external sources. The private Networks may be further categorised into dedicated Private and Virtual Private Networks (VPN).

Dedicated Private Networks should be constructed from leased dedicated private circuits. Such dedicated private circuits have no intelligence, provide no switching function and are merely conduits through which intelligent terminal PABX equipment pass telephone traffic. Virtual Private Networks are provided by a number of Network vendors and emulate customer’s own private Networks. Exhibit 7.4 highlights the possible connectivity between public and private converged Networks.

BTN

Exhibit 7.5 IP Telephone Network 7.2.5

Mobile Access

Mobile Users - including mobile professionals and mobile data collectors, access these enterprise applications through a number of connections, including real-time wireless and wireless LANs/WANs (through a wireless data Network), a synchronisation solution, or a combination of both. Mobile middleware and infrastructure software addresses the need to deliver corporate applications specifically to mobile and wireless environments.

Mobile Device Security Software – can be defined as software products designed or optimised to provide security specifically for mobile devices, PDAs, and other smart handheld devices. This security function can be in the form of encryption, authentication, authorisation, access control, PKI middleware, or firewall protection. Mobile security software is primarily concerned with the protection of content on mobile devices. This competitive market is made up of market data from several functional markets, including security software and system management software. A mobile security software solution can incorporate one or more of these approaches.

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

Chapter 7: Infrastructure Layer Architecture

Secure ID – generally has a two-factor authentication and is based on something you know (e.g. a password or PIN) and something you have (e.g. an authenticator) providing a much more reliable level of user authentication than reusable passwords.

manufacturers that also provide software solutions. Requirements and end user product selection will determine the product choice.

Secure ID offers access through VPN, WLAN, E-mail, Intranets & Extranets, Microsoft® Windows® desktops or Web servers

The standards for Network components are detailed in the tables below. Each is described along with one or all of the following recommendations:

7.2.6

Mobile middleware – mobile middleware and infrastructure software vendors offer a variety of platforms to enterprise customers, wireless operators, device manufacturers or other channel partners. They include pure-play mobile vendors, larger independent software vendors and application providers, and device

Network Component Standards

• Mandatory must be implemented • Recommended should be implemented and would improve IT service management • Under observation should be considered for the future

7.2.6.1 General Standards Standards All future Government Networks must operate using the TCP/IP suite of Protocols

Classification Mandatory

All security Policies and Standards with regards to internal and external connectivity Mandatory must be addressed in accordance with the security layer

DMZ segmentation should be used for external access to the public Network, Mandatory in conjunction with security standards

All the Network component used across the LAN and WAN infrastructure Mandatory should be standardised

The Wide Area Network should be a managed service provided by External Service Recommended Providers rather than being built and managed by Abu Dhabi Government. Local Area Networks should migrate to be under the ownership of a common Recommended management provision entity. This ensures a single view of the Network is available and leverages the existing investment. A single point of Internet connectivity for Abu Dhabi Government

Recommended

The IP Network should be designed to handle data, voice, and video traffic.

Recommended

The use of Voice over IP on the Network

Recommended

91

Abu Dhabi IT Architecture & Standards

7.2.6.2 Wide Area Network Standards Standards

Classification

The use and maintenance of SMTP as the core support protocol for email delivery Mandatory between Government agencies and external parties The use and maintenance of a DHCP and NAT within Government agencies

Mandatory

The physical data interconnectivity provided by the managed external service provider Mandatory is based on MPLS Technology using IP as the underlying transport. Redundancy must be provided using dual or shared links to allow resilience for all Mandatory critical components. These links can be physical or wireless links to increase capabilities (business services and Security) to allow the reduction of costs. Networks must use Transmission Control Protocol/Internet Protocol (TCP/IP) industry Mandatory standard protocols for wired and wireless Networks, with IP as the only Network protocol included in all of the routers The WAN should be secure and Abu Dhabi will need to assess the need to encrypt Recommended data over the Network The Network must be able to scale with Abu Dhabi’s future needs

Recommended

The use and maintenance of a Government wide DNS structure

Recommended

Provide a single point of Remote Access services for the whole of Abu Dhabi Recommended Government Integrated service routers should be used to reduce complexity and cost. Enterprise Recommended Architecture (EA) should be utilized when evaluating changes to IT services, to include integration of separate government networks to reduce cost and increase overall security. All security standards with respect to firewalls are maintained in accordance with the Recommended Security Layer and Central Security Office Standards

Network layer designs for present and future enhancements should presented as Recommended an Enterprise Architecture Network Layer approach should include integration of governmental agencies when feasible.

Transition from IPV4 based Networks to IPV6 supported Networks. Industry Under Observation vendors are transitioning their products to IPv6, and this transition should be closely monitored.

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

Chapter 7: Infrastructure Layer Architecture

7.2.6.3 Local Area Network Standards Standards

Classification

Mandatory The minimum standard Switches for each Layer are: Workgroup Layer Switch – should support multiple Gigabit Ethernet uplinks ports, Ethernet 10/100/1000 ports with IEEE 802.3af Power over Ethernet (PoE) support, high speed stackable to interconnecting multiple Switches, and spanning tree protocol Core Layer Switch – should support Multi-Gigabit services modules (content services, Mandatory firewall, intrusion detection, IP security, VPN, Network analysis, and Secure Sockets Layer (SSL) acceleration, high-performance, high port density fast Ethernet and Gigabit Ethernet aggregation, and provide a high levels of redundancy within the backplane of switch fabric QoS: Quality Of Service, the switch which analyses the packet contents and applies a Mandatory traffic class to the switch header. Real time traffic such as voice must be given highest priority with data traffic prioritised according to business importance Category 6 Copper Cabling Standard

Mandatory

Cabling Infrastructure Standards to be followed: ANSI/TIA/EIA-568 series ANSI/TIA/EIA-569 ANSI/TIA/EIA-942

Mandatory

Distribution Layer Switch – should support high port density fast Ethernet and Gigabit Recommended Ethernet aggregation, and provide a high level of redundancy, with support for Power over Ethernet (PoE), and spanning tree protocol 7.2.6.4 Wireless LAN Standards Standards

Classification

802.11i, 802.1X, Wi-Fi Protected Access (WPA), WPA2, advanced encryption Mandatory standard (AES), and mobile virtual private Networks (VPNs).2.4 And 5 GHz integrated diversity

Recommended The recommended minimum standards for Wireless Access Points are: The IEEE 802.11x series of standards address WLAN standards. Four of the 802.11x standards address the physical Layer, and, currently standards are 802.11b (Wi-Fi) and 802.11g, offering up to 11Mbps and 54Mbps, respectively

Directional antennas or 2.4 and 5 GHz dual-diversity RP-TNC connectors for external Recommended antenna with support for Inline power

93

Abu Dhabi IT Architecture & Standards

7.2.6.5 Voice Network Standards Standards

Classification

The use of voice enabled Routers for WAN connectivity. However, devices connected Recommended to the Internet may have voice restrictions. It is recommended this is discussed with the Service Provider and if required this feature is disabled.

Skinny Client Control Protocol (SCCP). A H.323 proxy can be used to communicate Recommended with the skinny client using the SCCP. In such a case the telephone is a skinny client over IP The skinny client (i.e. an Ethernet phone) uses TCP/IP to transmit and receive calls and RTP/UDP/IP to/from a skinny client or H.323 terminal for audio

Use of local service providers for PSTN connectivity for external telephony such as Recommended Etisalat

The H.323 standard provides a foundation for audio, video, and data communications Recommended across IP-based Networks, including the Internet. H.323 is an umbrella recommendation from the International Telecommunications Union (ITU) that sets standards for multimedia communications over Local Area Networks (LANs) Therefore, the H.323 standards are important building blocks for a broad new range of collaborative, LANbased applications for multimedia communications

If voice enabled routing is designed within the architecture then voice enabled switching Recommended Technology must be used as a design principal

7.2.6.6 Mobile Access Standards Standards GPRS wireless services that offers internet connectivity for mobile devices

Classification Mandatory

3G wireless Networks offer higher speed and capacity than 2G that are being deployed Under Observation These Networks are in higher frequency band (2 GHz and beyond) with larger bandwidth (around 5 MHZ) than 2G will provide higher speeds up to 2 Mbps in a fixed or stationary wireless environment and 384 Kbps in a mobile environment

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

Chapter 7: Infrastructure Layer Architecture

Classification

Standards

XHTML (eXtensible HyperText Markup Language) is the official web markup standard, Under Observation replacing HTML and Wireless Application Protocol (WAP 1.0) for mobile devices. XHTML is compliant with XML to support specific tags and structure. Variations such as XHTML basic and XHTML mobile profile are used extensively in combination with CSS to control web-based presentation, structure and layout SMIL (Synchronized Multimedia Integration Language) uses XML to create a Under Observation timeline describing how graphics, text and sound should be displayed or how they will play together in a sequence. SMIL allows for multiple versions (playing on different bandwidths) as well as multiple languages to be displayed. MMS is a stripped down version of SMIL

7.3 Platform Component 7.3.1

Overview

The Platform layer refers to a set of Technology standards that enable software Applications and hardware devices to run and operate as an interconnected managed unit or environment. This includes: • • • • •

The Platform Layer includes standards for: • Hardware devices • Operating Systems • Telephone Infrastructure 7.3.1.1 Available Vendors There are several major world-class Vendors within the region for the products within the Platform Layer. The dominant Vendors are Dell, Sun, IBM, HP, EMC, Cisco, Microsoft, Intel and AMD. They all have proven regional support models. The Exhibit below outlines the areas in which these Vendors are dominant.

Servers End User Devices Peripherals Storage Mobile devices

These components are at the edge of current technologies, and as such are continually changing to meet market demands.

Vendor

Presence

Sun

Solaris Operating System, High-end, Midrange and entry-level servers

IBM

High-end, Midrange, entry-level servers and Storage Area Networks (SAN)

Lenovo

Desktops, laptop devices

Dell

Midrange, entry-level servers, desktop, and laptops

HP

HP-UX Operating System, high-end, midrange, entry-level servers, desktops, laptops, thin client, PDA, MFP, printers, scanners, copiers, Storage Area Networks (SAN), backup tape library

95

Abu Dhabi IT Architecture & Standards

Vendor

Presence

EMC

Storage Area Networks (SAN), and Network Attached Storage (NAS)

Microsoft

Server Operating System, desktop and laptop Operating System, mobile device and converged device Operating System

Nokia, I-mate, & Palm

Hand held devices & smart phones, Palm OS and Symbian OS

Cisco & Avaya

Telecommunications and converged Network supplier

Xerox

Printers, scanners, and copiers

ADIC

Backup Tape Library • Threat and vulnerability management (Antivirus, Intrusion detection, Anti-spyware) • Reduce complexity through consolidation and the selection of Products and Technology that meet future requirements. • Protect investments by selecting platforms that can run multiple environments (for example: UNIX, Widows, and Linux). • Form Strategic Relationships through Alliances with world-class Technology companies and independent software Vendors to reduce total cost of operations (TCO) and minimizes risk. • Negotiate Government wide Agreements to drive down costs and increase Product awareness.

7.3.1.2 Platform Selection Process Guidelines and Principles These guidelines and principles are shown here to enable informed decision making regarding product type in respect of the following: • • • • •

Capability Application support Connectivity Support Capacity

Where there are a variety of platform configuration choices available from several major Vendors offering support within this Region.

7.3.1.2.2 Principles

7.3.1.2.1 Guidelines Achieve Standardization by establishing a unified and standard Platform Environment around Vendors and Product types within the Platform Layer. Move towards a linear platform environment, and away from heterogeneous disparate environments, allowing for standard operating services including but not limited to the following: • • • • • • •

Monitoring and event management Performance and capacity management Configuration management Software management Remote management Patch management Centralised directory services

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

• Platform Availability: This provides the level of availability required to run your Business (For example, mission critical Applications require a high level of Operationalenvironment availability (24 hours a day, 7 days a week)) • Platform Scalability: This enables Business expansion and supports future growth • Platform Redundancy: This provides a failover option in support of business continuity (example, deploying primary and secondary servers for the same environment) • Platform Supportability: This refers to service level agreements and Vendors’ local capability and availability • Platform Agility: This refers to a platform’s dynamic and its ability to respond quickly to environmental or business changes

Chapter 7: Infrastructure Layer Architecture

7.3.2

Platform Components

7.3.2.1 Servers A Server is a Computer that allows multiple users to access Network Services simultaneously. There are three subcategories of server class: • High-end Servers • Midrange Servers • Entry-level Servers 7.3.2.1.1 High-end servers These are highly scalable, highly available servers designed for mission-critical Network computing. They are usually used for solutions that require very high processing power, (for example, to run a Stock Exchange, Government Payroll). 7.3.2.1.2 Midrange servers These are positioned between Department level and Enterprise wide Server Solutions. They are designed to deliver high performance with a choice of RISC and x86 servers to protect IT investments over time. They are usually used for Enterprise wide solutions, (for example ERP and CRM). 7.3.2.1.3 Entry-level servers These are smaller Servers that support Departmental or Workgroup level Applications. They are designed for general purposes, and price/performance optimisation, in addition to being scalable and reliable. They range from single processor systems to up to 4 processors running on multiple Operating Systems. These Servers are suitable for general Infrastructure Services, (for example file, print, Domain Naming Services (DNS), and small Departmental Applications. The three tiers of servers provide a flexible and cost effective approach to the Abu Dhabi Government’s needs for Application and data hosting.

• • • • • •

Volume discounts Reduced support costs Increased product awareness Reduced development Improved integration The opportunity to leverage the Platform Infrastructure per tier whenever possible

7.3.2.1.4 Areas for consideration Fault Tolerance The ability of a system to respond to an unexpected hardware or software failure (for example, a server cluster) Reliability, Availability, Serviceability (RAS) Also called “fault resistance”, this refers to a multiprocessing system that can quickly recover from a failure. This is not the same as fault tolerance, in which redundant components are designed for continuous processing. Server sizing Sizing servers correctly for specific Applications is important, especially when they are used to deliver Enterprise Applications such as Messaging Platforms, Databases, and ERP solutions. It is necessary to forecast how many users can be supported, the optimal system configuration (Network bandwidth, CPU, memory, and I/O), how to tune the Application, and what user response times can be expected. Storage and Data Management The type of storage used for different locations must be considered. For example, SAN utilisation in Data Centres provides centralised Data Management, while NAS utilisation within distributed sites enables data to be independent from servers. Operating Systems The most suitable Operating Systems that mediate access between the physical layer and the Application are required. 7.3.2.2 End User Devices

It is recommended to Standardise Servers around single Vendors using consistent Hardware Architecture per tier. This will have the following benefits:

End User Devices must not be considered as standalone devices but as productivity devices that form a key part

97

Abu Dhabi IT Architecture & Standards

of the Network and the Government’s Infrastructure. End User Devices can be split into two categories:

Desktop Computers are built in different types: Desktops, Mini-tower and Tower models, and can be divided into two basic categories:

• Mobile devices • Personal computers

• Business users: suitable for standard Network and Business Application use; • Power users: suitable for processor intensive, graphically demanding, memory intensive applications or processes, (for example CAD/CAM).

7.3.2.2.1 Mobile Devices These are single-user Network Client Devices with a User Interface. The two major types of Mobile devices are: • Handheld devices • Converged devices Mobile hand held devices that feature a high-level Operating System (HLOS) such as the Palm OS, Microsoft Windows Mobile, Symbian, and BlackBerry platform are considered smart handheld devices. Examples include PDAs, high-end organizers/PC companions, personal companions, pen tablets, pen notepads, keypad handhelds, and Smart phones. Converged devices combine Wireless Telephony with high-level Operating Systems. This combines the features of a Mobile phone with the features of a handheld device. They replace the need to carry a mobile phone and a pen-based handheld or a mobile phone and a pager, for example. These devices must match wireless telephony capability with evolved Operating Systems or Application Environments. A standardised approach to Mobile Device selection will provide familiar user experience and supportability.

Portable Computers can be divided into three categories: • Lightweight, designed for frequent travellers; • Standard, suitable for mobile professionals; • High-end, suitable for desktop performance with mobility. Thin Clients are not strictly classed as PCs. They are End User Devices that must be considered in conjunction with other platform solutions for (example Citrix, Windows Terminal service, etc.) and the overall Network Architecture. Personal Computers are highly configurable to meet the needs of different user categories. Standardised Vendor and Platform types must be adopted. It is important to develop a three year PC life-cycle refresh policy, to reduce the total cost of ownership (TCO) and improve volume discounts. 7.3.2.3 Peripherals

7.3.2.2.2 Personal Computers Personal Computers are general purpose, single user machines. They are microprocessor-based, capable of supporting attached peripherals, and can be programmed in a high-level language.

Peripherals are devices that could work separately or with computers. These devices can be split into four main sections:

Examples of products that meet the definition of a PC include: • Desktop Computers • Portable Computers

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

• • • •

Printers Copiers Local scanners Multifunctional peripherals

Chapter 7: Infrastructure Layer Architecture

7.3.2.3.1 Printers A Printer is a device that converts text and graphics from a computer and outputs the information in the form of a hardcopy document. A Network attached Printer provides centralised support and monitoring, and reduces connection complexity. It promotes device sharing (as required). 7.3.2.3.2 Copiers Analogue Copiers use Optical Copying Technology. They do not have the capability to be connected to PCs or Computer Networks. Single-function digital copiers are devices sold as standalone Copiers. A Network attached Multifunction Printer (MFP) will provide copying and promotes reuse. Large scale copying can be provided via larger Network attached MFP devices. 7.3.2.3.3 Local Scanners There are deferent types of Scanners; Flatbed scanners, Network attached scanners, and Automatic document feeders all include a platen that accommodates a variety of document sizes or images, either a charged coupled device or a contact image sensor, and an analogueto-digital converter. Built-in illumination is a nonoption from within the scanner housing. It reflects off the document or image, which is then captured by a Charge-Coupled Device (CCD) or without mirrors by a contact image sensor. Larger Network attached document scanning options must be considered for large scale scanning requirements. These devices promote centralised support and maintenance. 7.3.2.3.4 Multi Functional Peripherals Multi Function Peripherals incorporate at least two or more of the following document functions: • • • •

Copy Fax Print Scan

One of these functions must be the Print function. Digital Copier–based MFPs are configured with

multiple functions. They are either directly attached to a personal computer or to a Network. All Vendors recommended will provide Network attached MFP devices in varying sizes, depending on requirements. A single Vendor selection will provide a common Platform and promote centralised support and maintenance. Network attached Multi Function Peripherals (MFP) provides scanning functionality on a small scale, and promotes reuse. 7.3.2.4 Storage Storage systems are a set of storage elements, including controllers, cables. In some instances a Host Bus Adapter (HBA) and switch is also associated with multiple disk drives. Storage Systems is used to support the processing, management, and Storage of Digital Data. Storage Systems may be located outside of or within a server cabinet. Nearly all storage within large, medium-sized, and small servers is considered as storage systems. 7.3.2.4.1 Internal Storage Internal storage is associated with the server internal disks that support the following configurations: • JBOD - Just a bunch of disks (JBOD) is a storage system that does not contain any disk redundancy levels; • RAID - Redundant array of independent/ inexpensive disks (RAID). RAID encompasses all storage systems shipped with RAID capability to varying levels. IDC categorizes RAID either as internal (the disks and RAID controller are contained within a server) or external (the disks and RAID controller are located within an external storage cabinet). Important features of RAID include: • RAID0 is not fault-tolerant. If one disk fails, all data in the RAID0 array are lost. It should not be used on mission-critical systems. This is ideal for non-critical storage of data that have to be read/written at a high speed, e.g., on a PhotoShop image retouching station;

99

Abu Dhabi IT Architecture & Standards

• RAID1 data are stored twice by writing to two data disks (or set of data disks) and a mirror disk resulting in duplicating the physical disk requirements. This is a solution for satisfactory I/ O performance, and high availability of data. It is ideal for mission critical database systems and is also used for Operating System bootable disks; • RAID5 is the most commonly used RAID level, were data is transferred to disks by independent read and write operations. Parity information is spread across all the drives. At least three disks for a RAID5 array. This is an all-round system that combines efficient storage with excellent data availability and performance. It is ideal for file and application servers; • RAID 10 combines RAID 0 and RAID 1 in a single system. It provides security by mirroring all data on a secondary set of disks, while using striping across each set of disks to speed up data transfers. 7.3.2.4.2 External Storage There are several types of external storage systems available on the market currently: • Direct Attached Storage (DAS) is an array of disk drives dedicated to a particular host device, typically a server. The array can be internal or external, and generally requires the server to be taken down to add or to manage the storage. • Storage Area Network (SAN) is a high-speed storage environment where one or more external storage arrays supply data to multiple server/ systems over a LAN or WAN through a switch. SANs process volume and block-level information. • Network Attached Storage (NAS) devices are specialized file servers with a slimmed-down Operating System. This is connected to the Network and dedicated to file sharing. The server handles all data processing, but a NAS device delivers the data to the user. Multiple NAS devices can exist in a LAN, and the storage can be made up of multiple Networked NAS devices.

connects to a SAN to access storage. They achieve high availability, support for multiple file servers in one unit and online non disruptive upgrades, while utilising the common storage pool for data. 7.3.2.4.3 Areas for consideration Areas for consideration regarding the storage component include the following: Open systems The storage component must support various Operating Systems, servers and backup systems to meet operational requirements. Fast backup and restore The storage component must remove backup and recovery traffic from the LAN, to reduce congestion. In addition, it must improve backup windows and utilise storage resources efficiently. Centrally managed, high-performance tape libraries can be used to reduce backup overhead. High Availability The storage component must include redundant fabric designs, storage replication, dynamic failover protection, traffic rerouting, and server clusteringenabled SANs. It must eliminate single points of failure, incorporate failover software, and support mirroring at geographically dispersed data centres for disaster recovery after power failure or component downtime. Management The component must provide load balancing and capacity management solutions to automate the planning and management of appropriate levels of resources. It must enable enhanced resource utilisation, and load balancing across distributed, high performance clusters. Consolidated and centralised storage This provides a cost effective platform. It also provides a simpler environment to manage and provide a base for service expansion such as:

• NAS Gateway is an optimized file server that

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

• Disaster recovery and availability • Future workload distribution across multiple computing platforms

Chapter 7: Infrastructure Layer Architecture

The use of consolidated storage is advisable for the follows considerations: • Ease and integration of data in backup and recovery • Data growth • Platform independence from various hardware issues on different servers (power supplies, remote management issues) • Ease of expendability • Cost effectiveness • High redundancy • High availability • Disaster recovery 7.3.2.5 Data Backup Protecting data is critical to the success of an organization. It is therefore critical to assess and understand data protection requirements before designing and implementing a cost-effective solution, taking into consideration the following factors: • Backup factor • Recovery factor Comprehensive data protection requires a blend of technologies, including: • Backup-to-disk - the ability to transfer data directly from LAN and storage area Networks (SAN) to low cost ATA disk drive storage platforms. This results in accelerated restore operations, and backup capacity can be easily added as needed, non-disruptively. • LAN-free backups - the ability to transfer data directly from a LAN and storage area Network (SAN) to an autoloader backup tape library. This results in extremely fast backups, making more LAN bandwidth available for transmitting user requests for data. • Replication Technology - enabling the creation of concurrent copies of critical data at alternate locations, protecting operations from disasters. 7.3.2.6 Operating Systems Operating Systems are the foundational computing

control programs for computers ranging from desktop computers, Personal Digital Assistants (PDAs), servers and mainframes. Standardising Operating Systems allows the Abu Dhabi Government to focus support, provide higher levels of expertise and create a common repeatable environment. This provides the means to manage effectively and reduce costs. The use of standardised Operating Systems provides the following benefits: • Ease of manageability • Management of security across the Government • Ease of upgrade in the future because of a small defined number of Operating Systems • Reduced diversity and Technology footprint • Cost management due to a reduced Vendor set • Skills management, permitting the training and development of defined resources To reduce Infrastructure and improve resource utilisation, the virtualisation of computing resources, (for example, servers) should be considered. Virtualisation is the process of presenting a logical grouping or subset of computing resources so that they can be accessed in ways that give benefits over the original configuration. This virtual view of resources is not restricted by the physical configuration of underlying resources. Server virtualisation enables a single Hardware Platform to host multiple Server Operating Environments. 7.3.2.7 Telephony Internet Protocol Telephony (IP Telephony) is a general term for the technologies that use the Internet Protocol’s packet-switched connections to exchange voice, fax, and other forms of information. These have traditionally been carried over dedicated circuitswitched connections of public switched telephone Networks (PSTN). Organisations everywhere are facing growing pressures to deliver greater communications functionality at a reduced cost. IP telephony can be an important tool for meeting such challenges. The benefits of IP telephony include: • Supporting a wide range of IP phone models and connections for non-IP devices such as faxes and modems • Lower bandwidth costs • Allowing the merging of voice and data personnel

101

Abu Dhabi IT Architecture & Standards

• Decreased costs of business applications • Reduced numbers of local access lines • Reduced total cost of ownership by eliminating multiple sets of Infrastructure, simplifying administration and maintenance, and reducing facilities costs • Eliminating long distance charges for calls within the client Network, since the PSTN is bypassed • Operational savings from the use of one larger Network for voice, video and data IP telephony connects employees across an organisation while flattening and consolidating the Network architecture. IP telephony consolidates and unifies communications applications. With IP telephony, organisations can deliver improved functionality across a distributed Enterprise and reduce costs by eliminating unnecessary equipment, administration and maintenance. Most organisations have voice Networks anchored around Private Branch Exchange (PBX) systems, with data Networks anchored around switches and routers. Some have an additional third separate Network to

support videoconference sessions. A converged Network combines these three Networks into one reliable premise Network. This enables calls between client locations to be placed using the wide-area Network, thereby avoiding charges. This is illustrated in Exhibit 7.6, below. Internal voice calls (calling and called party share the same Network) traverse the IP LAN (local area Network) to the site exit point. There, as a first choice, they would cross the IP WAN backbone to save in public Network toll costs. If for some reason this IP WAN is “full” or unavailable, the calls would automatically be rerouted across the PSTN. For this off-net capability, a gateway converts the outgoing IP traffic (resides on the LAN) to allow a non-IP conversation (PSTN). External calls (calling and called party do not share the same Network) traverse the IP LAN to the site exit point, where the calls are routed on to the PSTN by the gateway. As IP convergence begins, existing Infrastructure needs to be refreshed to take advantage of new capabilities like Quality of Service (QoS). In this environment open standards become a necessity as organisations move toward the integration of Business Processes, IT and applications.

BTN

Exhibit 7.5 IP Telephone Network

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

Chapter 7: Infrastructure Layer Architecture

7.3.3

Platform Component Standards

The standards for Platform components are detailed in the tables below. Each is described along with one or all of the following recommendations:

• Mandatory must be implemented • Recommended should be implemented and would improve IT service management • Under observation should be considered for the future

7.3.3.1 Server Standards Standards Midrange servers These will fall under platform types x86 and EPIC/RISC, but with lower scalability. x86 Platform

Classification Recommended

• Processors available are Intel Xeon & AMD Opteron. • If working with the 32bit Operating System (.Net, Windows, and Linux) platform, x86 servers are the preferred choice. EPIC/RISC platform • Processors available include, but are not limited to Sun UltraSPARC IV+, HP PA-RISC, IA64 • If working with the 64bit Operating System (J2EE, Solaris, HP-UX) platform, EPIC/RISC servers are the preferred choice. Entry-level servers Recommended These will fall under the platform type x86 • Processors available are Intel Xeon & AMD Opteron • If working with the 32bit Operating System (.Net, Windows, and Linux) platform, x86 servers are the preferred choice. Blade Servers Recommended Blade server solutions can provide an adaptive Infrastructure with the following benefits: • Less costly • More energy efficient • Easier to change • Requiring less time to manage • More adaptable to changing business needs compared to conventional Infrastructure platforms High-end servers These will fall under the three platform types of EPIC/RISC. EPIC/RISC Platform

Under observation

• Processors available include but are not limited to Sun UltraSPARC IV+, HP PA-RISC, & IA64 • If working with the 64bit Operating System (J2EE, Solaris, HP-UX) platform, EPIC/RISC Servers are the preferred choice. • EPIC/RISC is ideally suited for high transaction and calculation Applications, scientific visualisation, and very large Database Servers.

103

Abu Dhabi IT Architecture & Standards

7.3.3.2 End User Device Standards Standards Desktop Computers The minimum recommended specifications for Business User desktops:

Classification Recommended

• Latest Intel processor or AMD Technology aligned with required processor speeds. • 1 GB Memory, suitable for running Applications and Operating Systems. (Note: the new Microsoft VISTA desktop Operating System has a recommendation of 1GB memory) • SATA II Hard Disk Drive • DVD ROM Drive • 100/1000Mb Network Card • Integrated Audio • Graphics Card • TFT Monitor • USB Optical Mouse • English / Arabic Keyboard (Mandatory) The minimum recommended specifications for Power User desktops: • Latest Intel dual core processor or AMD Technology aligned with required processor speeds • 2GB Memory or higher that is suitable for running the Applications and Operating Systems • High Capacity SATA II Hard Disk Drives • High Speed DVD Writer Drive • 100/1000Mb Network Card • High Performance Graphics Card • Integrated Professional Audio • Higher Internal Expansion Slots • High Resolution TFT Monitor • USB Optical Mouse • English / Arabic Keyboard (Mandatory) Portable Computers The minimum recommended specifications for Lightweight User laptops: Latest Intel processor or AMD Technology aligned with required processor speeds • 1GB Memory that is suitable for running the Applications and Operating Systems. (Note: the new Microsoft VISTA desktop Operating Systems has a recommendation of 1Gb memory) • 12.1” TFT Screen • Hard Disk Drive • Integrated Bluetooth • Integrated Wireless (Wi-Fi) • Internal Modem • 100/1000Mb Network Card • USB Optical Mouse • Typically Small and Lightweight • English / Arabic Keyboard (Mandatory)

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

Recommended

Chapter 7: Infrastructure Layer Architecture

Standards

Classification

The minimum recommended specifications for Standard User laptops: • Latest Intel dual core processor or AMD Technology aligned with required processor speeds. • 1GB Memory suitable for running Applications and Operating Systems. (Note: the new Microsoft VISTA desktop Operating Systems has a recommendation of 1GB memory) • 14.1” TFT Screen • Hard Disk Drive • DVD Writer Drive • Integrated Bluetooth • Integrated Wireless (Wi-Fi) • Internal Modem • 100/1000Mb Network Card • USB Optical Mouse • English / Arabic Keyboard (Mandatory) The minimum recommended specifications for High-end User laptops: • Latest Intel dual core processor or AMD Technology aligned with required processor speeds. • 2GB Memory that is suitable for running the Applications and Operating Systems. (Note: the new Microsoft VISTA desktop Operating Systems has a recommendation of 1GB memory) • 15.1” TFT Screen • Higher Capacity Hard Disk Drive • High Performance Graphics Card • DVD Writer Drive • Integrated Bluetooth • Integrated Wireless (Wi-Fi) • 100/1000Mb Network Card • USB Optical Mouse • English / Arabic Keyboard (Mandatory) Tablet PCs The minimum recommended specifications for Tablet PCs: • Latest Intel processor or AMD Technology aligned with required processor speeds • 1GB Memory, suitable for running the Applications and Operating Systems. (Note: the new Microsoft VISTA desktop Operating Systems has a recommendation of 1GB memory) • 12.1” Touch-screen or Digitizing, Rotate-able TFT Screen • Hard Disk Drive • DVD Writer Drive • Integrated Bluetooth • Integrated Wireless (Wi-Fi) • 100/1000Mb Network Card • USB Optical Mouse • English / Arabic Keyboard (Mandatory)

105

Abu Dhabi IT Architecture & Standards

Standards

Classification

Thin Clients The minimum recommended specifications for Thin Clients are: • • • •

256 MB Flash Memory 128 MB DDR SDRAM 100/1000Mb Network Card English / Arabic Keyboard (Mandatory)

Mobile Devices The minimum recommended specifications for PDAs: • • • • • • •

Recommended

Latest processor Technology and speed Wireless (Wi-Fi) enabled Bluetooth enabled 256Mb ROM 128Mb RAM Mobile phone function with GPRS enabled (Mandatory) Arabic Language Support (Mandatory)

The minimum recommended specification for smart phones: • • • • • • •

Wireless (Wi-Fi) Enabled Bluetooth Enabled GPRS Enabled 64Mb ROM 128Mb RAM Mobile Phone Function with GPRS Enabled (Mandatory) Arabic Language Support (Mandatory)

Mobile devices should provide the following functionality as a minimum in conjunction with the organisation’s Messaging Systems: • Synchronizing Calendar • Synchronizing Messages / e-mail • Internet Browsing

BlackBerry with GPRS Under observation This provides an ‘always on’ connection to email. Emails are automatically pushed to the BlackBerry as soon as they are sent, saving time and effort. BlackBerry can also be used for voice calls, text messaging, appointments, contact and browsing the internet.

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

Chapter 7: Infrastructure Layer Architecture

7.3.3.3 Printers, Scanners, and Copiers Standards Standards The minimum recommended specifications for Network Laser Printers are:

Classification Recommended

• 128 MB Memory • Fast Ethernet Embedded Print Server • Hi-Speed USB (compatible with USB 2.0 specifications), bidirectional IEEE 1284B compliant parallel port • Up to 2 Input Trays • Windows and Linux Operating System Support • Arabic Language Printing Support (Mandatory)

The Suggestion for Local Copiers is to use Network attached MFP, from a supported Recommended Vendor within the Region. The suggestion for local scanning is to use a MFP, however if the scanning is required Recommended as a standalone function, or for large scale scanning, then a Network Attached Scanner with high-volume automatic sheet feeder should be used, from a supported Vendor within the Region.

7.3.3.4 Storage Standards Standards

Classification

Consolidated storage is recommended over “silos” of storage at the server level. It is advisable to use Storage Area Network (SAN) solutions that deliver superior levels of protection through the following standard capabilities: • Dual storage controllers with write cache, where each storage processor contains both a primary and a secondary copy of the cache for its peer storage processor. • Battery backup for controllers and cache, which allows for orderly shut-down ensuring data protection in the event of power failure. • RAID protection levels 1/0,0,1, and 5, all of which can co-exist in the same array simultaneously to match data protection requirements. Recommended • Redundant data paths, power supplies, drive connections and storage processors, all with non-disruptive part replacement. • Fault-detection and isolation fibre channel disk enclosure design with parity checking, and global hot spares capabilities. • Dual fibre channel switches for redundant server connectivity. • Hot swappable fibre channel disk drives. • Multiple Vendor Operating System environment support. • Synchronous/asynchronous data replication, snapshots, and full-copy business continuity.

107

Abu Dhabi IT Architecture & Standards

7.3.3.5 Data Backup Standards Standards

Classification

Data backup operations should be centralised. LAN-free backup is recommended, Recommended through the following standard capabilities: • Scalable to multi LTO & SDLT drive Technology, to meet growing storage needs. • Multi cartridges, with autoloader. • Fibre channel connectivity, for seamless integration into SAN solutions. • High availability features such as built-in diagnostics, redundant power supplies, and high cartridge-change ratings. Backup-to-disk backup solutions.

Under observation

7.3.3.6 Operating System Standards Standards

Classification

The Operating Systems must be certified and designed to run under the Vendor Mandatory Hardware Platform. Arabic language support is a major consideration at the Platform Layer Operating Mandatory Systems component. The following Operation System standards are: x86 platform

Recommended

• Windows 2003 Sever Enterprise edition and Linux RISC platform • Unix (e.g. Solaris and HP-UX) EPIC platform • Unix (HP-UX) • Windows 2003 Server Enterprise and Data Centre edition The following Operating System standards are recommended for end user device platforms: Desktop and Portable Computers • Microsoft Windows XP professional Tablet PC • Windows® XP Tablet PC PDA • Microsoft Windows Mobile • Palm OS Smart phones • Microsoft Windows Mobile • Symbian OS

Microsoft VISTA Desktop Operating System.

© Abu Dhabi Systems & Information Committee 2006 - Version 1.0

Under Observation

Chapter 7: Infrastructure Layer Architecture

7.3.3.7 Telephony Standards

Standards

Classification

It is recommended that a managed service and a converged Network be used to Recommended incorporate voice, video and data for inter Government communications. External communications should be made through a service provider (ETISALAT). See the Network component section for further details.

IP telephony solutions must be with the following minimum standard components: • • • • • • •

Recommended

Network switches, with Power-over-Ethernet ports & Quality-of-Service (QoS) Voice gateways Voice mail server Call manager server IP telephone soft phones Voice conferencing Unified communications clients

109