Shared Services Canada Perspective

GTEC Panel: Increase Value of IT Services Through Application Portfolio Management

Government Technology Exhibition and Conference (GTEC) October 9, 2013 Ottawa Convention Centre Room: Room 211, 2nd Level Time: 1:00 p.m. – 1:45 p.m.

Benoît Long Senior Assistant Deputy Minister Transformation, Service Strategy and Design

2

Conceptual End State (updated July 2013)

Service Management

• ITIL ITSM Framework • Standardized Service

Levels/Availability Levels • Inclusive of Scientific and

special purpose computing • Standardized Application

and Infrastructure Lifecycle Management

• Smart Evergreening • Full redundancy – within

data centres, between pairs, across sites

Enterprise Security

• All departments share one Operational Zone

• Domains and Zones where required

• Classified information below Top Secret

• Balance security and consolidation

• Consolidated, controlled, secure perimeters

• Certified and Accredited infrastructure

Virtualized Platforms

Off-line / Backup

Archive

Near-line

Tier 3

Tier 2

On-line Tier 1

SAN NAS

Virtualized Storage

IP PBX App. Email

WAN Node

Data Centre Core Network Domains & Zones

V.Conf. Bridge

Web

File/ Print

Database Th.Client

VDI

Internet PoP

Business Intent

• Business to Government • Government to Government • Citizens to Government

Sys. z App / DB Containers

z/OS

Any Special Purpose / Grid / HPC

Operating System

Consolidation Principles

1. As few data centres as possible

2. Locations determined objectively for the long term

3. Several levels of resiliency and availability (establish in pairs)

4. Scalable and flexible infrastructure

5. Infrastructure transformed; not ‘’fork-lifted’’ from old to new

6. Separate application development environment

7. Standard platforms which meet common requirements (no re-architecting of applications)

8. Build in security from the beginning

x86 Web / App / DB Containers

Windows

x86 Web / App / DB Containers

Linux

En

terp

ris

e

Secu

rit

y

GC Private Domain

Application Migration

• Standard platforms and product versions

• Migration guidance • Committed timeline for

product evolution

Workload Mobility

Service Level

… Service Level

Application Service Levels

Standard

Enhanced

Mission Critical

Regional Carriers

International Carriers GCNet

(3,580 buildings)

Public Cloud

Services

Internet

B2G

C2G

G2G

Regional WAN Accelerators

Virtual Private Cloud

Several, highly-secure Internet access points

Stand-alone centre for GC super-computing (HPC) – e.g. Weather

Development

Dev1 Dev2

Production

Prod3

B

U

U

Prod4

C

U

U

Production

Prod1

S

A

B

Prod2

S

B

U

Servic

e

Man

ag

em

en

t

Virtualized Services

Classified Data

Confidential

Secret

C

S

Protected Data A Protected A

B Protected B

C Protected C HPC

Sci1

3

Storage

Server HW

Network

Servers

Virtualization

Runtimes

Applications

Security &

Integration Ma

na

ged

by s

ha

red

se

rvic

es

pro

vid

ers

Storage

Server HW

Network

Servers

DBMS

Virtualization

Runtimes

Applications

Security &

Integration

Storage

Server HW

Network

Servers

Databases

Virtualization

Runtimes

Applications

Security &

Integration

IaaS PaaS SaaS

CIO

ma

na

ge

d

CIO

ma

na

ge

d

DBMS

ICT Deployment Models and Evolving Degrees of

Accountabilities

•IaaS: Infrastructure as a

Service

•PaaS: Platform as a Service

•SaaS: Software as a Service

(non Dept/Agency

program Applications)

Ma

na

ged

by s

ha

red

se

rvic

es

pro

vid

ers

Ma

na

ged

by s

ha

red

se

rvic

es

pro

vid

ers

4

GC Cloud Conceptual (updated July 2013)

SSC Partner Department

GC other Gov’t Depts GCnet

GC-Community

GC-Public GCTravel

Public-facing web sites

GCdrive Pay

Pension Collab

Intranet sites

Canada.gc.ca

Jobs

GEDS

Directory

GCDocs MySchool

GC Community Cloud • Internal services for GC community

• SSC-provided cloud services to the GC

• Secured perimeter

• Multi-Domain (Protected B to Secret)

GC-SRA

GC Public Cloud • Some public-facing GC presence

• Limited Development / Test capacity

GC Hybrid Cloud • Secured extension of GCNet to vendor

• Vendor-provided cloud services to the GC

Directory

Free / Busy Mobile Integration

GC-Hybrid

5

Cloud Computing: Opportunities & Challenges

Opportunities • On-demand self service

V storage

• Ubiquitous network access

Community cloud (CWA, GCDocs)

• Resource pooling (location

independence, homogeneity)

Hybrid cloud - STSI

• Rapid elasticity

• Measured service

• Private clouds

Data Centre Consolidation and

Telecommunications

consolidations

• Data sovereignty, privacy and security Data in motion, data processing

and data at rest

Challenges • Connecting resources across clouds and customer

premises

Cloud service management and cloud brokerage – SSC evolving and increasing roles

• Managing identity, federation, and access control

Cloud auditor; ICAM federation

• Isolating tenants in a multi-tenancy environment

GC community cloud – single operational zone

Location of data – data sovereignty, yes; critical GC data within SSC private cloud

• Extending on-premises security & operations management practices to the cloud

SSC cloud broker and auditor roles

• Latency and other performance-related considerations

Centralization of data and federation of processing; virtualization; network design and operationalization

• Network capacity and capability

Enterprise requirements for two domains, single network (unclassified and classified) in evolving data, usage and security landscape; moving from dept specific domains

Platform Technologies – Directions

TBD Sustain

Sunset Grow Technologies

where investments

will be made,

transformation will

focus, and new

business and

workloads will be

directed

Technologies

whose disposition

will be determined

over the coming

months

Technologies which

will be phased out

over the course of

the transformation;

workloads will be

migrated to “Grow”

platforms

Technologies that

will be maintained

at current business

volumes, with

organic current

business growth;

no new business or

workloads will be

directed here

Linux on

System z z/OS

Linux on

x86

Windows

HP-UX

AIX

Solaris

MCP

6

7

SSC Cloud Computing Reference Architecture

Source: NIST