Post on 19-Nov-2014
description
INFORMATION TECHNOLOGY INFRASTRUCTURE
SUBMITTED BY:-
HARSH AGRAWAL91022
Table of Contents
SECTIONS:
1. ........................................................................ 4
1
F O R E S C H O O L O F M A N A G E M E N TN E W D E L H I
2 0 0 9
2. WORLD’S BIGGEST ENTERTAINMENT SEGMENT ............................................................. 53. HISTORY OF VIDEO GAMING ......................................................................................... 74. BUSINESS MODEL OF THE GAMING INDUSTRY ............................................................... 8
5. DIFFERENT GAME GENRE ............................................................................................ 10
1. ORGANISATION AND STRATEGY
Wipro started as a vegetable oil trading company in 1947 from an old mill at Amalner,
Maharashtra, India founded by Azim Premji's father. When his father died in 1966, Azim, a
1
graduate in Electrical Engineering from Stanford University, took on the leadership of the
company at the age 21. He repositioned it and transformed Wipro (Western India Vegetable
Products Ltd) into a consumer goods company.
In 1977, when IBM was asked to leave India, Wipro entered the information technology
sector. In 1979, Wipro began developing its own computers and in 1981, started selling the
finished product. This was the first in a string of products that would make Wipro one of
India's first computer makers. The company licensed technology from Sentinel Computers in
the United States and began building India's first mini-computers. Wipro hired managers who
were computer savvy, and strong on business experience.
In 1980 Wipro moved in software development and started developing customized software
packages for their hardware customers. This expanded their IT business and subsequently
developed the first Indian 8086 chip.
Since 1992 Wipro began to grow its roots off shore in United States and by 2000 Wipro Ltd
ADRs were listed on the New York Stock Exchange.
“Determination. Constantly driving us to do more.”- Wipro technologies
Wipro Infotech is the leading strategic IT partner for companies across India, the Middle East
and Asia-Pacific - offering integrated IT solutions. They plan, deploy, sustain and maintain
IT lifecycle through their total outsourcing, consulting services, business solutions and
professional services.
Wipro Infotech is a part of USD 5 billion Wipro Limited (NYSE:WIT) with a market
capitalization of USD 24 billion. Wipro Infotech was the first global software company to
achieve Level 5 SEI-CMM, the world's first IT company to achieve Six Sigma, as well as the
world's first company to attain Level 5 PCMM. Currently, its presence extends to 9 regional
offices in India besides offices in the KSA, UAE, Taiwan, Malaysia, Singapore, Australia and
other regions in Asia-Pacific and the Middle East.
Wipro Technologies deals in the following businesses:-
IT Services: Wipro provides complete range of IT Services to the organization. The
range of services extends from Enterprise Application Services (CRM, ERP, e-
1
Procurement and SCM) to e-Business solutions. Wipro's enterprise solutions serve a
host of industries such as Energy and Utilities, Finance, Telecom, and Media and
Entertainment.
Product Engineering Solutions: Wipro is the largest independent provider of R&D
services in the world. Using "Extended Engineering" model for leveraging R&D
investment and accessing new knowledge and experience across the globe, people and
technical infrastructure, Wipro enables firms to introduce new products rapidly.
Technology Infrastructure Service: Wipro's Technology Infrastructure Services
(TIS) is the largest Indian IT infrastructure service provider in terms of revenue,
people and customers with more than 200 customers in US, Europe, Japan and over
650 customers in India.
Business Process Outsourcing: Wipro provides business process outsourcing
services in areas Finance & Accounting, Procurement, HR Services, Loyalty Services
and Knowledge Services. In 2002, Wipro acquiring Spectramind and became one of
the largest BPO service players.
Consulting Services: Wipro offers services in Business Consulting, Process
Consulting, Quality Consulting, and Technology Consulting.
Out of the 4,237,537 equity shares, 238500 equity shares are held by Azim Premji
Foundation (I) Pvt. Ltd. and 10,000 equity shares are held by Azim Premji Charitable
Foundation Pvt. Ltd. Mr Premji is also the Promoter Director of Azim Premji Foundation (I)
Pvt. Ltd as well as Azim Premji Foundation Pvt.Ltd. and Mr Premji disclaims any beneficial
interest in these shares.
The Business Model followed by the company is depicted in the following figure:-
1
T
h
e
B
T
h
e
T
The figure below shows the hierarchy in the IT department of the company.
2. INFORMATION SYSTEM FUNCTIONS
The following figure shows all the functions involved in managing the IT infrastructure of the
organisation.
1
Planning to Implement Service
Service Management
Service
Support
Service
Delivery
T
h
e
B
The Business
Perspective
Applications Management
ICTInfrastructureManagement
T
h
e
T
Security Management
ABOUT IMG - IT MANAGEMENT GROUP OF WIPRO
IMG, the IT Management Group, a high performance team of professionals, provides support
in the areas of computer hardware, network infrastructure (data, voice, and video) management,
network security and messaging.
The key to IMG’s success in providing support and services of immaculate quality, lies in its
team of highly qualified, world class, process oriented and experienced professionals.
IMG caters to the computing and connectivity needs of all the Wividus customers spread across
India, United States, Europe and Japan, at high service levels.
IMG’s focus areas are classified into Infrastructure Support Services and Business Support
Services. These services include desktop support, e-mail and internet access, VoiceNet,
video conferencing, information security, offshore development centers, disaster recovery
1
and business continuity planning.
The IMG Organization Structure is built on three functional pillars - Operations, Projects
and Planning.
Under the Operations team we have location IT operations and 24/7 Global Network operations.
The location teams, under the IMG Cluster Head, support the business units on ODC networks
& security, in addition to the backbone infrastructure.
The 24/7 GNOC team is responsible for the global service delivery, which is a 24/7 operations
handling networks, servers, security operations and remote desktop support.
The Projects team, takes care of IMG projects on new as well as existing infrastructure.
The latest and advanced technology services, are designed and implemented by this team,
aligned with the business vision of Wipro.
The Planning division handles the technology and financial planning. This team also takes
care of quality initiatives like Six Sigma, BS7799 and ITSM.
Welcome to IMG Business IT Services!
IMG Business IT Services (IMG-BSS) caters to the IT needs of the Business for Pre-sale
support, Sales support and Business Development Activities and IT account management for
key accounts.
IMG-BSS is organized in alignment with the Organization’s BU Structure and has designated
IMG Consultants and Business IT Services Managers for all the respective BU’s. IMG-BSS
also has a central BSS-PMO function that manages and supports RFI Responses and ODC IT
Implementations.
Disaster Recovery
Disaster recovery planning[DRP] – The art of building resilient and redundant IT systems
and services, provided by IMG, is critical to the business operations of Wipro and hence,
planning for the network , systems and security infrastructure has gained importance more
than before
1
The DRP Initiative assumes importance especially after 9/11 incidents in US, where in a well
drafted and updated plan for recovery of IT systems comes to help in a real time disaster
scenario.
This service deals with the various aspects of recovery planning at Wipro- with specific focus
on our global backbone IT infrastructure, and facilitation provided by IMG, to the business
infrastructure.
This also becomes a part of the Business Continuity Program at Wipro.
IMG’s DRP initiative has helped it gain an edge through shortened response time, minimized
losses, increase in competitive advantage, controlled recovery costs etc.
Questions and Answers
1.What exactly is business continuity planning?
Business Continuity Plan is concerned with keeping business critical key processes up and
running during a disaster situation. This addresses more of the People and Processes part of
an Organization.
2.What is Disaster recovery planning?
Disaster Recovery Plan is concerned with recovering from a disaster once the disaster has
happened in a location. This addresses more of IT systems used for providing service. It is
also the process of how to recover by putting the IT systems back in place after facing a
catastrophe.
3.How is DRP related to BCP for Wipro Technologies?
DRP will serve as an input to BCP process. When invoking recovery operations by specified
teams, the recovery of IT systems are extremely crucial for continuing the business
operations which is related to DRP.
1
4.How to we decide the composition of CMT, SRT and RT. Should we involve team
members other than from projects?
Crisis management team, System recovery team and Restoration teams are required in the
various phases of Disaster recovery. For project related activities and setting up project
related servers, there should be active participation and ownership from the projects. So the
project members need to be team members for these teams. Crisis management team will
involve some senior level Members who are responsible for declaration of a disaster. Systems
recovery team constitutes the project team along with the Support functions (LMG, IMG, and
Admin) who will recover the operations for the project in the recovery site. The assumptions
that Support teams need to assist, needs to be captured in the disaster recovery planning
document very clearly and needs to be communicated to the support team members as well.
The Restoration team is the team which will restore the operations of the Project back to
normalcy in the Primary site where the disaster happened. This also should include Project
team members.
5.Who will decide where the back-up tapes need to be sent. It should ideally be sent at
least out of present site, but doing that daily, may not be a viable option
The Project Manager needs to decide this on a project level. Offsite storage is highly
recommended at least on a weekly basis. Various options are available for offsite storage
either with in India or outside India as per the guidelines given by IMG in the website of
DRP. IMG takes care of the media (tapes) management .It is the responsibility of the Project
manager to decide the locations for safe storage and consult with the location IMG Manager.
Prior to this, it is highly recommended to consult the CLIENT for taking his concurrence as
per contractual obligations if any (Please refer the master business agreements).
6.Back-up tapes needs to be kept in fire-proof, water-proof safe. Does every location has
that and can tapes be kept there. Who will know location of such safe? IMG/LMG?
Please discuss this with the Location IMG Manager to know the various locations where
Fireproof Cabinets are available.
7.Who will decide what should be a recovery site?
1
The recovery site decision will be taken by the Vertical Heads when an actual disaster strikes.
This will be addressed in the Overall Business Continuity Planning (BCP) for the
Organization. Space and other details related to people and processes are addressed through
BCP.
8.Who will evaluate and certify that testing of DRP is OK?
As decided by the Business Unit organization, Vertical Head could advise the Person
identified for the DRP Testing activity for coordinating the entire testing activity as per the
prepared DR plan( and also updates to DR plan could be documented subsequently) for the
various projects in the Vertical. A pre-requisite to testing is that the team involved in the
testing needs to be informed about the same in advance.
9.PM is normally the person making DRP, what is role of TM in the whole exercise?
TM shall assist and guide the Project Managers for formulating the DRP Plan.
10.There is no definition of Disaster. Every plan talks about disruption of service. We
need to quantify the time period of the disruption and the extent of disruption (say (100
% or 50 % of the service being non-functional for say 24 hours or 48 hours will qualify
to be declared as DRP). Without that definition, we would not know when to invoke DR
exercise and when it is a normal call to IMG. Can we have a minimum criteria
established for this definition?
This is defined in the BCP document. Please note that DRP document is an integral part of
BCP document. Level 1 Disaster is at Asset level, Level 2 disaster is at Site level & Level 3
disaster at city level and how to determine these disasters is provided as Guidelines in the
Sarjapur BCP documentation. Though the level of disaster will be estimated by the Damage
Assessment Team [DAT], Crisis Management team leader in consultation with the DAT team
will declare and invoke the DR plan. We have already formed DAT teams for every location.
Awareness for these teams is happening in the next 1 week time frame.
11.The understanding was that DRP will cover the Computing equipment failure and
BCP will cover the site and city level disaster. However, the DRP document template
circulated talks about 3 levels of disaster including site and city level disaster. As a
1
result, all the DRP documents look incomplete as the TMs do not know about the BCP
plans for the location / city.
DRP is an integral part of BCP and that is the reason why the same 3 levels of Disaster is
appearing in DRP documents as well. The projects are expected to provide the preferred
location for recovering the identified IT Systems for the three levels of disaster.
12.Assuming that back-up & recovery of account level non-execution related items that
form part of an account such as Contracts, Invoice details etc., are part of BCP. Is this
assumption correct?
The assumption is correct. In DRP, Projects are expected to cover only IT resources failures
and recovery strategies.
13.Interface points with local support teams (such as IMG and LMG) are not defined
(or at least unknown to TMs). This will be required if the DR Plans have to
meaningfully address the offsite storage and retrieval. Say for example what would be
the offsite storage for projects running in EC2, to whom will the TM hand over the
backups for storage and when he/she needs to retrieve, who will he/she contact ?
As per the document provided in DRP site (IMG Tier Services), IMG shall be responsible for
Media Management. Based on the contract or customer requirements, projects need to
provide the final requirements (such as location storage or remote location storage) for
enabling IMG Managers to plan and provide the facility. IMG Manager at every location will
be the single point of contact for this requirement.
14.Even through most projects run with MS Windows front end, they differ in terms of
whether it is Win 2000, or Win NT and /or the size of the RAM (256 KB, 512 KB, 1 MB
etc). In such a case, again the DRP documents assume that when the get the Desktops in
case of a disaster, they will get the desktops as they used to have. How does this tie with
the location level BCP?
We should get the number of Desktops required in case of contingency for enabling LMG
team to plan the resources. Again, based on the requirement a call needs to be taken about
purchase, agreement with vendor for quick shipment etc., Projects may not be able to run the
down sized operation with the same hardware specifications unless otherwise explicitly
1
specified in the DR planning document. Planning in this regard can be done only after
understanding final consolidated requirements across Wipro Technologies.
15.Many projects / ODCs have client supplied software (one media copy). What is the
policy on making a duplicate copy of them and storing them at offsite?
Most of the licensing agreements do state that duplicate copy of the software can be taken
provided if it is used strictly for backup purposes and not used in other production
environment. Respective project teams can contact Location LMG team to get this confirmed
on any specific requirements. After confirmation, duplicate media can be sent to off-site for
storage.
16.Some projects work on Wipro provided / leased servers (Solaris or NT servers). Do
we know if all such servers have an AMC / spares stock, so that the account teams can
put a recovery time line for the failure of such servers? Currently the TMs are not
informed of this.
AMC/Spares stock & SLA with vendors have been planned for all identified critical
backbone resources to ensure high availability. If the project specific IT resources require an
AMC then the concerned Project Manager is advised to approach location IMG Manager.
17.In case of MSN (Managed Service Network, provided by IMG), will IMG own the
DRP test plans, as individual accounts can not do it?
Managed Secured Network (MSN) DR Plans will be owned by IMG and commitment on DR
services will be as agreed upon while setting up the link.
18.In general, DRP test plan (or the test exercise) are going to be a little unpractical, as
we may not have duplicate servers / environments to run a DRP drill. How do we
address this?
True. If the contractual obligations expect this (DR mock drill - testing) as a mandatory
requirement then the same needs to be carried out and this will be purely Business Unit's call.
1
19.IMG Service Deliverables during DR scenario - Under this, there are no specific time
limits set for any recovery, even though there is a mention of what IMG can provide.
How do individual projects comment on the planned recovery time.
Considering the dynamic nature of DR business requirements (which varies across business
units) , though IMG has set recovery time limits ( based on business impact analysis of
critical backbone infrastructure at a higher level) for the shared Critical backbone
infrastructure, this needs to be mapped to specific requirements from business units on a
case-to-case basis during the DR scenario. Recovery scenario which involves joint activities
carried out by Projects and IMG could take care of this if requirements from Business Units
are clearly captured in the plan.
20.Since Customer contracts are not specific about many of these items, we may not be
able to address all these in our DR Plans before mid-Sep. What are the implications of
having DR Plans which may address some of these only partially, for the impending
BS7799 AUDIT?
From the BS 7799 audit perspective, Business Units should be able to demonstrate through
documents of some DR plans for selected accounts/Projects as per the criticality. For other
accounts the reason for not preparation of DR plans should be available.
21.Who should review and approve the DR Plans to say that it meets the BS7799 needs?
DR Primes for every business Units can certify this after review and buy-in from Solution
Delivery Heads/Vertical Heads). Please note that DR primes have undergone good amount of
DR workshops and interacted with KPMG team. Our long term sustenance plan is to ensure
sustenance of DR plans through Veloci-Q Quality Management system.
3. COMPONENTS OF INFORMATION SYSTEM
IMG provides overall asset management to a project/ODC for both hardware and software
1
assets. The objective of Asset Management is to have an accurate IT asset database deployed at
Wipro Technologies locations. IMG will be responsible for tracking of all Hardware assets and
Software development tools, licenses procured by Wipro Technologies (other than ustomer
supplied hardware and software)
However, the software engineering tools are tracked by Tools group and the hardware tools are
tracked by VSBU. IMG will manage the assets by tracking all new installations, upgrades and
asset movements not only within locations, but also between two different locations.
IMG categorizes IT Assets as under:
Desktops/Laptops
Intel Servers
RISC Servers (SUN Servers)
Active Components (Communication Devices)
Software Licensing
Software Downloads
Desktop, Laptop and printer support
IMG provides the support on Desktop and Laptop hardware, standard software and network
connectivity (LAN) as a part of the Desktop/Laptop service.IMG has a team of well trained
engineers who cater to this service at various Wipro locations. The location IMG team also
provides support on the desktop connectivity to the LAN. This ensures the necessary access to
other Wipro intranet, mail etc.
IMG ensures that the standard desktop software is installed and functioning on your desktop,
which includes Windows 2000, Office XP, Acrobat Reader, WinZip and Norton Antivirus,
Windows Media Player, Ayumni PDF Writer, Internet Explorer 5.5.
The support window for Desktop and laptop support is from 8:30 to 18:00 ( (IST- Monday to
Friday except on Wipro Technologies holidays).
At all other times users are encouraged to call the IMG Helpdesk (instead of logging a call on
1
the Helpline), which will assess the criticality of the call and provide appropriate support.
Any desktop related issues reported outside the regular office hours, will be directed to the
Desktop Operations Center (DOC), which will address the issue from a remote location only.
Although the primary responsibility of the DOC is to support the on-site users in the US, UK
and Japan, they will also provide it to all other Wipro Technologies users, who need support
after the business hours.
The problems on the desktop/laptop are addressed by the engineers and the quick resolution is
ensured, through second and third level specialist support teams, within IMG, with a well
defined escalation process.
Currently, the users are responsible for their individual Desktop and Laptop backups and are
requested to backup their data appropriately. However, IMG does provide customized backup
services to an ODC/project on special request, at a pre-negotiated cost.
Printer Services
IMG provides and supports printers to users at all Wipro locations. In case a user moves to a
new location, the IMG helpdesk will have to be notified. They in turn will assist you to
configure the printer in the new location, according to your needs.
IMG will also necessitate Toner replacements and if there is a need for major repairs, then IMG
co-ordinates with the vendor, for appropriate services.
Although it is a rare occurrence, an additional Printer can be acquired by a department, by
raising a CAR [Capital Acquisition Request].
We take care of the necessary support from the vendors through Service level agreements,
ensuring a high availability of printing facilities to the users.
MESSAGING
1
E-mail access is provided to all Wipro users across the enterprise.
IMG supports the Wipro messaging system running with Microsoft Exchange architecture on
high availability hardware platforms. IMG uses an automated system that generates E-Mail IDs
for each new Wipro user, on the day of joining. Stringent E-mail policies are adhered to,
ensuring security of data exchanged within the organization. Right management service to
impose restrictions on email and office document for content protection.
AntiSPam check for all email received from external domain and antivirus check for all
inbound and outbound email. The messaging system is supported by highly qualified IMG
personnel round the clock. Service Request forms on email and related policies are available
on TEDWEB For more information on IMG’s E-mail system, please go though the E-mail
section of the Service catalog and the Email FAQ
Instant Messaging
IMG provides instant messaging service based on Microsoft Live communication server
supporting both client and browser based access. Apart from communication within Wipro the
service is extended to few public domain IM service provider like yahoo, MSN, AOL and
selected Wipro Partners like Microsoft, Honeywell, D&B and HP. Users are encouraged to
use this instant messaging system in order to facilitate fast and efficient communication
between users at distant locations.
Network Services:
I. Local Area Network ( LAN)
1
The connectivity from your workstation to the network resources is provided through the local
area network (LAN) of your location. Most of the Wipro locations are equipped with high
speed (1000Mbps and 10000Mbps), Switched LAN, providing efficient connectivity.
IMG manages the LAN in all the locations. The IMG team, at respective location takes care of
management and support of LAN as well as managing the Network (IP) addresses.
II. Wide Area Network ( WAN)
Wipro locations are interconnected with each other, and with the world, through a well- designed,
managed and high availability WAN infrastructure.
IMG manages two different services within the WAN infrastructure of Wipro.
The high availability of the connectivity is ensured through round the clock monitoring and
support services through the Global Network Operations center.
Internet access is provided to Wipro Technologies users on a need basis, for browsing and
E-Mailing. By default, all users have access to the internet before 9:00 and after 16:00. To
gain access, a request needs to be made on the IMG requisition page on TEDWEB. IMG
acquires the appropriate approvals and access is provided within 8 hours, for a maximum
period of 1 year, which can then be renewed.
Voicenet
Welcome to Wipro VoiceNet, the private Voice Network of Wipro Technologies. This
Premium cost-effective service is made available by leveraging on the existing WAN
Infrastructure. The service is currently available in select locations of Wipro Technologies.
Wipro VideoNet service facilitates Video Conferencing between Wipro Technologies locations
and remote sites. Video Conferencing can be effectively used for Team meetings, Reviews,
Trainings, Interviews etc.
1
Wipro VideoNet supports both ISDN (H.320) and IP(H.323) based connectivity.
Wipro VideoNet has capability to support Multi-Point(more than 2 locations) Video
Conferencing both on ISDN and IP
Wipro VideoNet Gateway has capability to support making calls from IP network to
ISDN and Vice Versa using a Video gateway which inter connects both IP and ISDN.
Campus Design Version 3.0 is the latest network architecture proposed for upcoming Wipro
campuses. The design features full device level redundancy in all the layers except access layer
& ensures 99.99% LAN availability all the way up starting from the distribution layer. The
design features latest Layer 2 load balancing technologies like Cisco’s Virtual Switching System
& Nortel’s Split Multi Link Trunking. 10Gig interconnection is planned at the core layer for big
campuses to take care of the increasing bandwidth requirements. Other features of the design
include dedicated Campus Level firewall & VPN Gateway, high switching performance at Core
layer using Distributed Forwarding Cards etc.
Key Benefits:
Business continuity (high availability): Real-time recovery, resiliency at the device
level, the design level, and the network level ensuring 99.99% LAN SLA at distribution
& core layers
High bandwidth with in increased throughput at the core Layer to support new
applications in virtualized environments
Predictable application performance to support converged applications: Layer 2/3/4
traffic classification (QoS), IP Multicast for new applications
Network Security
1
1
4. INFORMATION SYSTEM MANAGEMENT AND GOVERNANCE
IT Resource (Hardware) Management
The following points best describe how Desktop Management is organized:
An Asset tracking tool is deployed on all desktops
All user details are updated (like name, employee number, project details etc)
All relevant data is updated on a weekly basis
Machine movements are tracked
Tracking updates of basic hardware, user profile, software
Manual data upload - once a month (for non-Miscrosoft desktops)
Tracking WTY/AMC details
Server and Communication Devices
Server and Communication devices are managed as under:
Maintaining an accurate online database
Tracking machine movements and database upgrades
Optimize the usage
Tracking WTY/AMC details
Physical verification of assets
All processes in line with BS7799
Server sizing
IMG will provide the following server sizing related services, on the request of a project team
Consultation on appropriate server size, brand and make
Fine tuning the system regularly for optimum performance Ongoing monitoring of
system resource utilization and providing information about the same to the projects
Vendor Management for Projects
All servers and data communication equipment that are used at Wipro Technologies for the
express use of projects fall under these 3 categories:
1
Wipro Technologies funded and procured
Customer funded (procured by Wipro Technologies)
Customer supplied
IMG is responsible for the installation of all desktops across Wipro Technologies and requests
of this nature will be serviced within 16 business hours at the rate of 20 machines per day. In
case of project servers, the project needs to order them through the Logistics Management
Group (LMG). On procurement LMG delivers the server hardware to the project. The IMG
helpdesk coordinates with the vendor for the installation of the servers.
Since the servers will be installed by the vendor personnel, IMG is not in a position to
guarantee the time taken for server installation. Upon completion of the installation, IMG will
ensure that the vendor fills out a Product Installation Report (PIR) and a copy will be provided
to the project team. The PIR is needed for any negotiations with the vendor at a future date.
On the request of the appropriate project personnel, IMG will enter into Annual Maintenance
Contracts (AMCs) for the project servers and data communication equipment, with the
appropriate vendors (regardless of which of the above categories the equipment fits into).The
cost shall be borne by the individual projects themselves and hence needs to be appropriately
budgeted. A separate AMC will be signed with the vendor for all software help.
The lead time for acquiring quotations from the vendors is as follows:
Server Type Lead Time
Intel Servers 3 Working days
Sun/HP 3 Working days
Cisco 3 Working days
Storage 5 Working days
Multi vendor AMC (DELL,HP,IBM) 10 Working days
Software Support 5 Working days
On completion of the project the PM will acquire a sign-off from the project on the three levels
of support by which Vendor management projects are divided.
1
The following are the basic guidelines that IMG will use with regards to the vendor
management services.
1. The project team needs to maintain all the warranty related information for all the
servers and data communication equipment which has been supplied by the customer.
The same should be provided to IMG in order to facilitate the negotiation of the AMC,
toward the end of the warranty period. IMG will provide a template to the project team
which will facilitate the collection of all information needed for the above, and it is the
project team's responsibility to gather all the appropriate information and provide the
same to IMG on a timely basis.
2. During the warranty period, IMG will provide the project with vendor management
support, provided all the above information has already been furnished. If an SLA is
required during the warranty period, IMG will co-ordinate with the project and procure
the same at the cost of the customer..
3. The IMG team will maintain the database of warranty related information and data
communication equipment which has been supplied by Wipro Technologies. The PM
will get a sign-off from the project on the service provided.
4. . All AMC related negotiations can be done by IMG, on behalf of the project team.
Once the SLA is prepared by the vendor, IMG will consult with the project and either
refine the SLA where required, or sign the SLA with the approval of the project team.
Whenever the time period mentioned in the AMC agreement or an SLA closes towards
termination, the IMG team will make an effort to remind the customer about its
renewal. This applies to all 3 categories falling under Vendor management for projects.
5. In the event of a breakdown in any of the project servers or data communication
equipment, the relevant project personnel should log a call with the IMG helpdesk and
an IMG engineer will perform the initial diagnosis and if possible, resolve the problem.
In the event that the IMG engineer is unable to solve the problem, the call will be
escalated to the appropriate vendor, provided there is an existing AMC under which the
faulty equipment is covered.
If the failed equipment is not under warranty and not covered under an AMC
agreement, IMG will help the project team in getting support from an appropriate
vendor on a per call basis. The financial details for this scenario will be dealt with by
the project, directly with the vendor. As a standard, the vendors do not provide any
1
committed response and resolution times for support calls on a per call basis. This is
why IMG recommends that the project team get into AMC contracts with all vendors,
for business critical equipment acquired through Wipro Technologies funds, project
funds (procured by Wipro) or directly supplied by the customer.
Installation:
LMG will coordinate with the vendor for new installation of servers procured by the project.
For subsequent movements of servers and communication devices, IMG is the single point of
contact responsible for its installation or de-installation
In all of the above cases, IMG is responsible for vendor management and will make every
effort to push the vendors to provide prompt service. In case of a vendor non-compliance with
the SLA terms, IMG will hold reviews with the management team and try to ensure that the
vendor gets back to providing service as dictated by the SLA.
IT Resource (Software) Management:
Wipro Technologies strictly prohibits the use of unlicensed software and IMG will ensure a
strict enforcement of this policy. IMG will periodically review the use of software licenses
across Wipro Technologies, using license and asset management tools, which will highlight the
use of any unlicensed software which will then be dealt with very strictly.
IMG understands that user have critical things to do, rather than virtually run around for your
Software needs. Therefore, it has created a single source for Development Software. If you are
in need of any type of Development Software, then all you have to do is let IMG know that you
need it, through this site.
It is essential for you as a user to know the potential risks involved due to non compliance with
the security policy. This is the main reason why IMG encourages you to use this procedure to
download Software.
Misuse of software can mean financial penalties and legal costs
Abuse of software licenses can damage our company's reputation
Unauthorized software can often contain viruses
1
Unauthorized software does not come with technical support
Result in un-productivity / wastage of time & resources.
IMG addresses Software Asset Management through the following:
Installation of basic standard software across all Desktops and Laptops
Appropriate License Management
Taking on a Six sigma project on software optimizing
Creation and maintenance of an accurate Software Asset database
Development of a system through which any software asset can be traced at any given
time and any software installation,
upgrade or movement is tracked periodically
Ensure complete adherence to the Wipro Software usage policy
Enable a download registration process
Enable tool evaluation and feedback through the Web
Creation of a Download Software Distribution Server
Regular updates on licensing policies of various vendors
Extended web interface to TM level
Enhanced Tools download process to provide an online Knowledge base
License Management for Standard Software
IMG has procured enterprise licenses for certain basic, standard software packages used across
Wipro Technologies such as Microsoft Enterprise Agreement.
The following Software is freely available on all the Desktops and Laptops across Wipro
Technologies:
1. Windows 2000 OS
2. Netscape Navigator 4.7
3. WinZip
4. Acrobat Reader
5. Norton Antivirus
6. MSN Messenger
The licensing for the above mentioned software is not per CPU based.
1
Software Download Management
Software management is delegated under three categories
1. Downloadable/ Evaluation software requirements are addressed by IMG
2. Hardware Tools requirements are addressed by VSBU
3. Software Testing tools requirements are addressed by the Tools group
IMG will facilitate the download of various software packages that any WT users wish to
evaluate. The user will be given an evaluation form, along with the downloaded software,
which needs to be duly filled out and returned to IMG, who will then compile the evaluations
for future use. This policy has been put in place to ensure that proper license management
practices are maintained across the enterprise and no unlicensed software is used as part of our
development work.
If the user requires the tools for testing or evaluation, then the download and evaluation
requisition is to be filled through download form. Click here to view the template.
When the user requires software for permanent usage, he will have to raise a Capital Asset
Requisition (CAR) on TEDWEB for the same.
The Software Asset Management team in IMG provides quality service on:
Software License Compliance
Media Management for Licensed Software
Software Download Management
Software Usage vs Procured tracking analysis and reporting
User awareness on licensing and IP (Intellectual Property), pertaining to software.
What is Trial Version software?
1
Trial Version or the Evaluation versions provide a way of obtaining and evaluating software,
giving users the opportunity to try a program on their own computer before buying it.
While evaluation versions are copyrighted, and the copyright holder retains all rights, the
author specifically grants a user the right to freely evaluate and distribute the program, with
limited exceptions. After using the evaluation version for the defined trial period, the user
must purchase a licensed copy or remove the evaluation version from their system.
What is Freeware software?
Freeware is copyrighted software given away for free by the author. Although it is available
for free, the author retains the copyright, which means that you cannot do anything with it
that is not expressly allowed by the author. Usually, the author allows people to use the
software, but not sell it.
What is Shareware software?
Shareware is the software that is distributed on the basis of an honor system. Most shareware
is delivered free of charge, but the author usually requests that you pay a small fee if you like
the program and use it regularly. By sending the small fee, you become registered with the
producer so that you can receive service assistance and updates. You can copy shareware and
pass it along to friends and colleagues, but they too are expected to pay a fee if they use the
product.
Software Download Policy:
Any kind of download of software is restricted in Wipro Technologies.
Practitioner has to log a request for software (i.e. Freeware, shareware and Trial
version) download after filling registration form.
The practitioner's supervisor must approve the download of that software.
The IT-Resource engineer of the concerned location will download the software and
will share with the practitioner.
Practitioner evaluates within the specified time and sends evaluation report.
The Software Evaluation report can be found at IMG web site in channelw.
Core Licensing Models
1
Demo (evaluation licenses):
A time limited license used for evaluation purposes. The demo's functionality may be less
than a standard product. The day of expiration is generally set on the day the license is issued.
Alternatively, the demo may expire N days after installation or after it has been used M times.
Floating (concurrent) over a network:
This is the classic case of networked concurrent licensing. No more than N licenses may be
used at one time on a network by any of the users on the network.
Named-user (personal licenses):
Licensed by the login name over a network, the software may be used on any computer if the
name is on a specific list of users (generally not more than one desktop with the same login
may use the license). The vendor specifies the number of licensed users, the system
administrator (or vendor) specifies and the user names.
Node-locked (named-host):
Software is licensed for unlimited concurrent use on a single computer system.
Package Suite:
Package suites are packages with the restriction that the package components of a single
license may not be simultaneously shared. Package suite is a powerful competitive license
policy for vendors with broad product lines as they can offer favorable pricing terms that
single product vendors cannot match.
Time-limited (lease): Vendors can issue licenses with a specific expiration date. This is used
for product evaluations and product leases.
Advanced Licensing Models
Site Licensing:
Grant a license to all valid requests. Useful for tracking software usage without setting
limitations.
1
Duplicate grouping:
(license sharing) by user, host or display Grouping defines rules for when more than one
"use" of an application counts as only one "use." For example, a single user running the same
application on several computers concurrently may count as a single use (or a multiple use)
of a license.
Floating (concurrent):
Over a list of hosts Concurrent use of licenses over a network, but the licenses may only be
used on a specific list of computers.
High-water mark of past use:
The maximum number of concurrent users in the previous time period (typically monthly) is
recorded, and is the basis of fees paid for the software use. This is a form of "post-use-
payment" licensing.
Linger license:
Once a user stops running the product, the user continues to hold the concurrent license for a
fixed additional time period. Linger improves the "pricing depth" of applications used for
very short periods (a few seconds or minutes). Many users may share a single license for such
applications, so small and large customers only need one or two licenses. Linger increases the
number of licenses needed to serve larger customers, while small customers may need only
one or a few -- thereby giving the product better pricing depth.
Overdraft Allows a customer to use "N" more licenses than actually purchased. This is
generally used to either give customers a "grace" level for peak use, or in conjunction with a
post-use payment license model. The customer also has the ability to further limit their
overdraft level, to control their exposure to post-use payment charges.
Pay-per-use License fees are based upon actual usage. The measurement of usage may be
based upon computer metrics (CPU use, wall clock time, etc.) or upon metrics tied to the
nature of the application.
1
Segments of network Usage may be limited to a range of computers identified by "wild-
carded" IP addresses. This model allows you to restrict licenses by geography, department or
division depending upon network topology.
Supersede previous licenses issued FLEXlm licenses have implicit or explicit "start-dates."
Supersede is a license term requiring that all previously issued licenses be forced to expire, as
a condition of receiving new license rights. This is used to effectively remove previous issued
license rights.
Vendor defined usage and restrictions The software vendor defines its own metric for
measuring usage. This can be done for licensing models that are "application specific".
Key Objectives
Consolidate Project IT Asset Management across organization
Centralized procurement to achieve economy of scale advantage
Reduce lead time for software / hardware asset allocation and
deployment
Ensure maximum mileage with Partners on value added services
Support Business Deals through competitive and flexible pricing on software and
hardware assets
Setup up suitable financial models for procurement and chargeback
Cost optimization by re-use
1
Level one technical support through Business IT Management Group
Streamline and consolidate technical support for Business IT Infrastructure
through ready access to Vendor support sites
Ensure legal compliance with respect to licensed software
Reduce dependency on customers for software licenses and hardware. To actuate
the above objectives, Wipro signed Enterprise level agreements with Microsoft,
IBM, Oracle and Symantec. Business IT Management group is the custodian of
these agreements. Through these agreements, Business IT Management group
enables business to win more deals and help in technology penetration thus
directly impacting the utilization and in turn revenue of Wipro.Please browse
through the partner links in the left menu to get more insights on:
Enterprise Level Agreement
What’s in it for you & the customers of Wipro
IT Security Regulations Matrix –Ready Reckoner
In the present scenario, we exercise baseline security compliance (physical and information
security best practices) by complying with BS7799-2:2002 standards. Off late, we have been
receiving lot of queries from our customers through RFPs/RFIs, seeking clarifications on our
compliance stand with respect to various regulations and laws related to the areas of IT
Infrastructure and Security. To name a few regulations are Gramm Leach Bliley Act, Sarbanes
Oxley, and HIPAA etc. There are various regulations available globally and Customers expect
their Offshore Vendors to be aware of the same and design solutions for them which complies
with specific regulations. This shows that, awareness and understanding of well known
regulations across the globe, has become imperative for our Customer facing personnel while
1
negotiating contracts with our Customers.
To facilitate the understanding of the various famous laws and regulations, we have prepared
a ready reckoner matrix, along with guidelines (Refer the attached file) for your quick reference.
This matrix represents Wipro’s compliance approach against the listed laws/regulations at this
point of time. This may be used for answering customers during discussions & while negotiating
contracts and could be used also as an additional reference to provide assurance to the Customer
from an Organizational stand point. The attached matrix doesn’t represent a complete list of
regulations/laws, but covers the famous and frequently asked ones in the industry. The attached
matrix will undergo revisions from time to time as per market demands and will be hosted in
the IMG website for subsequent reference.
Information Security
Wipro Information security management is achieved through well defined policies,
technical controls and processes for managing Internal and External threats with
continuous risk management approach.
The Information security practices at Wipro are based on the confidentiality, Integrity
1
and Availability of information for business transactions by ensuring user awareness
and responsibilities.
Wipro users share the responsibility for security, integrity and confidentiality of information.
IMG, as a part of Wividus, takes care of the information security for Wipro through secure
infrastructure and policies.
Team IMG pays utmost attention to information security by following the policies and
procedures laid down under the standard for Information Security Management System (ISMS).
Policies at a glance
1. Information Access Control*
2. Acceptable Software Usage Policy*
3. Acceptable Removable Media Usage Policy*
4. Mobile Phone Camera Usage Policy*
5. Asset Management Policy*
6. Backup & Restoration Policy*
7. Blogging Policy*
8. Business Continuity Planning Policy*
9. Change Management*
10. Cryptography*
11. Data Protection and Privacy Policy*
12. Data Collection and Usage Policy*
13. ISMS Documentation Control Policy*
14. E-Mail and Internet Usage*
15. Handheld Devices Usage Policy*
16. Information Classification *
17. Information Security Management System (ISMS) *
18. Information Security Policy*
19. Intellectual Property Rights*
20. Internal Audit Policy *
1
21. Legal Compliance*
22. Malicious Code Protection *
23. Offshore Development Center (ODC) Security Policy*
24. Open Source Software Policy*
25. Password Policy*
26. Personnel Security Policy*
27. Physical Security *
28. Closed Circuit Television (CCTV) Policy*
29. Patch Management *
30. Remote Access Security Policy *
31. Information Security Risk Management Policy*
32. Security Organization *
33. Security Incident Management *
34. Information Security Training and Awareness *
35. System Acquisition, Development and Maintenance*
36. Third Party Information Security Policy *
37. User Account Management Policy *
Standards at a glance
1. Clock Synchronization (Network Time Protocol [NTP])*
2. Data Collection, Processing & Communication*
3. Data Protection and Privacy*
4. Firewall*
5. Instant Messaging*
6. Mass E-mail Processing and Transmission*
7. User Account Management*
8. Virtualization Standard*
9. Wireless LAN*
1
Procedures at a glance at a glance
1. Asset Allocation, Release and Reallocation - IMG*
2. Backup*
3. Badging *
4. Change Management *
5. Disciplinary Action*
6. Information Classification Labeling and Handling*
7. Information Security Management System (ISMS)*
8. Internet Usage *
9. Internal Audit *
10. Log Files Monitoring *
11. Maintenance of Clean Desk *
12. Material Movement*
13. Network Access Control*
14. Open Source Usage Approval Request*
15. Open Source Usage Declaration*
16. Operating Procedure*
17. Patch Management *
18. Physical Access Control *
19. Information Security Risk Management *
20. Security Controls: Elevated Threat Scenario *
21. Security Incident Management *
22. System Development & Maintenance
23. User Access Control*
24. Virus Prevention*
Templates at a glance
1. Asset Allocation Free List *
Asset Reallocation Form*Asset Release Form*
1
Discrepancy Report*
2. Exception Handling Exception Tracker*
3. Information Classification Information Classification*
4. Internet Usage
Perimeter Host Request Form*Custom Service *
5. Internal Audit
Audit Observation Note*Audit Report *Non-Conformance Report (NCR)*
6. Log Files Monitoring Identified Log Files*
7. Maintenance of Clean Desk
Fax Register*Photocopier register *
8. Material Movement Authorized Signatories List
9. Network Access Control
Access Control List Record*Change Request *Network Classification Record*Static Route Record*
10. Patch Management
Patch and vulnerability database for IT systems*Patch Communication template*Test Plan & Roll out plan for patches*Patch Management Process*Patch implementation status report*
11. Physical Access Control Access Register *
1
Guest Register * Key Control Register * List of sensitive areas * Access Control Matrix - Physical Access* Security Guard Attendance Register*
12. Physical Security Control Fire Extinguishers Maintenance Record*
13. Risk Assessment Risk Assessment Template* Risk Assessment Report*
14. Non-Disclosure Agreement Standard Non-Disclosure Agreement*
15. Third Party Access Third Party Access Request Form* Third Party Access Declaration*
Checklists at a glance
1. Application Security Risk Assessment
2. Network Deployment
3. SQL Server Security
4. System Administration
5. Pre Audit Checklist*
Guidelines at a glance 1. Access Control
Direct Internet Connection Remote Access Wireless LAN Remote Access guidelines through Dialup Connection Remote Access guidelines through VPN Connection Web Conferencing Solutions (Eg: Webex) Security Guidelines for Local Area Network
2. Application Security
Application Security Guidelines
1
Application Procurement Software Usage Guidelines * Guidelines for Evaluating and Selecting Open Source Software * Guidelines for Open Source Licenses * Guidelines for Open Source Community Participation by a Wipro Employee* Guidelines for Using Open Source Software *
3. Blogging
Blogging
4. Cryptography
Cryptography
5. E-mail & Internet Usage
Email Usage Internet Access Password policy Spam prevention How to enable filters using various mail clients Hosting Client resources in backbone/Internet zone
6. Information Protection
Dumpster Diving Identity theft protection Information Classification Guidelines Intellectual Property Protection Protection of personal information Removable Media
7. Information Security Risk Management
Information Security Risk Management
8. Laptop and Handheld Device Security
Laptop Security Black Berry Security * Handheld Device Security
9. Malicious Code Protection
Malicious code protection
10. Network and System Management Guidelines
Data Center Security * Lab Security
1
SNMP(Simple Network Management Protocol) Protecting “Independent Internet Connectivity” at Wipro. Web Cast Security
11. OS and Application Access Control
Solaris/Unix OS hardening Windows 2000 server OS hardening Banner message for systems
12. Personnel Security
Social Engineering Attacks
13. Physical Security
Emergency Management
14. Security Incident Management
Awareness on suspicious activities Preserving Computer Evidence
15. Technical Vulnerability Management
Technical Vulnerability Management
16. Technical Guidelines for Security Compliance
Technical Guidelines for Security Compliance
Information Access Control Policy
Objective
The objective of this policy is to control access to information, information processing
facilities and business processes on the basis of business and security requirements.
Scope
This policy is applicable to Wipro/Customer's IT infrastructure and applications managed
by Wipro.
Acceptable Software Usage Policy
Objective
1
The objective of this policy is to A) minimize risks related to unauthorized software usage
(including but not limited to freeware) and B) establish acceptable usage criteria related to
software downloads from internet and subsequent usage of software in Wipro.
Note: Considering the business needs, there might be genuine requirements to use freeware,
evaluation software (like tools, packages, software updates) in our computing environment.
Hence, usage of freeware tools or evaluation software is not banned outright; but is rather
restricted from usage considering the situation and applicability so that any form of legal,
copyright infringement or integrity related liabilities to Wipro could be addressed.
Acceptable Removable Media Usage Policy
Objective
The objective of this policy is to minimize security risks arising out of usage of Removable
Media Interfaces for portable storage devices such as USB memory sticks, pen drives,
entertainment devices with data storage capacities (with USB, Bluetooth and other interfaces)
etc., (herein referred as "Removable Media") within the organization and also establish usage
criteria for genuine business requirements.
Scope
This policy is applicable to all Users in the Organization at all locations, and also for all types
of removable media devices. Customer requirements/agreements detailing the use of removable
media shall supersede this baseline policy. Situations warranting the use of Removable Media
devices/interfaces for business purposes shall be granted only based on Customer/IMG concurrence
and with due protection to information.
Backup & Restoration Policy
Objective
The objective of this policy is to ensure integrity and availability of business critical data
to support Business continuity by conducting periodic backups and restoration tests.
1
Scope
This policy is applicable for Wipro's Internal IT systems as per defined department-wise backup
procedures and for Business Unit IT systems as per account specific backup plans outlined in
Customer requirements. The contents of backup include application information, databases,
operating systems, network/system configuration, user manual and source codes.
Blogging
Objective
The objective of this policy is to define the acceptable usage of blog sites (both internal and
external to Wipro) while posting information by Wipro employees. This emphasizes on the
responsible usage of blogs, which otherwise, could result in organizational risks including in
particular, organizational reputation loss, wrongful confidential information disclosure and
Code of Business Conduct and Ethics violations.
Scope
This policy:
Is applicable to all employees across all Wipro divisions, while at workplace or outside
office.
Is applicable to access of blog sites from Wipro/Client IT systems or Personal IT systems
(especially related to information about Wipro that is posted).
Is applicable to usage of all types of blog sites/social networking/content sharing sites
inside or outside of Wipro hosted by Wipro/Other third parties/Personal blog sites.
Online publications/Posting of information which do not identify you as a member of Wipro and
do not mention Wipro and/or its association with customers or other Wipro related information
are considered as personal matters and will normally fall outside the scope of this policy.
Change Management
1
Objective
The objective of this policy is to ensure changes to systems and information processing
facilities are controlled and do not adversely affect Confidentiality, Integrity and Availability
of Information assets.
Scope
This policy is applicable to Change activities in the IT Management group and the Information
Systems group. Business Units shall follow the change management process as per the business
unit quality system.
‘Data’ referred in this policy means:
a. Personal/Private information of an individual [Eg: Personal identifiers such as Social
security numbers, Permanent Account Number , Date of Birth, Passport numbers,
Bank Account numbers, Names, Home or mobile phone number , personal E-mail
addresses, credit card numbers and personal information such as credit history, medical
information, payroll/salary information etc.
b. Intellectual property information and information classified as Confidential, Very
Confidential or Internal & Restricted. [Eg: Customer list, Key financial projections,
Billing information, Source code, System/Design documents, Strategic plans etc.
This will be the baseline data protection/privacy policy for adherence even if local laws are
less restrictive.
1
E-Mail and Internet Usage
Objective
The objective of this policy is to define acceptable usage of Email, Instant Messaging
and Internet services provided by Wipro.
Scope
This policy is applicable for all Users of Wipro's Email, Instant Messaging and Internet Services.
Handheld Devices Usage Policy
Objective
The objective of this policy is to reduce risks related to access and management of
information [such as official emails] through handheld devices and also to help users
take precautionary measures while using handheld devices.
Scope
This policy is applicable for –
1. Adherence by all Users authorized for accessing and managing information
including email through handheld devices.
2. Usage of any type of handheld devices like smart phones, blackberry devices,
PDAs, any mobile device with an embedded operating system enabling remote
connectivity/storage/ synchronization features.
1
3. Users shall abide by the Internet & email usage policy in the organization, while
accessing emails from handheld devices as well.
Information Classification
Objective
The objective of this policy is to ensure identification, labeling and handling of information
for protection commensurate with the Information Security risks.
Scope
This policy is applicable to electronic and non-electronic information as identified by the
Information owner across Wipro/customer assets.
Note: Customer information shall be controlled and protected as per the customer specified classification guidelines.
Information Security Management System (ISMS)
Objective
The objective of this policy is to establish, implement, operate, monitor, review, maintain
and improve documented Information Security Management System to manage Information
Security risks at Wipro.
Scope
The scope of the Information Security Management System (ISMS) is the protection
of Services delivered by business units and Service functions at Wipro.
The ISMS scope document could be referred in the following location.
1
Internal Audit Policy
Objective
The objective of this policy is to assess compliance to established information security
policies in an effort to enhance the information security posture in the Organization.
Charter of the Information Security Compliance team is broadly listed below:
Compliance checks as per the ISO 27001 ISMS framework. Compliance checks for Customer defined Contracts/MSA and regulatory requirements. Adequacy and Compliance checks on the existing controls for Wipro and Customer IP.
Scope
This policy is applicable to business units and service functions across Wipro.
Password Policy
Objective
The objective of this policy is to control access to information, information processing
facilities and business processes on the basis of business and security requirements.
Scope
This policy is applicable to Wipro/customer's IT infrastructure and applications managed
by Wipro.
1
1