Moe - Overall Arch Presn (1)

8/9/2019 Moe - Overall Arch Presn (1)

1/25

1BestariNet Architecture

1


2/25

The 1Bestarinet solution is a connectivity-cum-cloud based software services

solution which covers the following key components:

Last ile !onnectivity

Back "aul

!loud #ervices for $irtual Learning %nvironment

!loud #ervices for anaged #ecurity

"osting #ervices

&nternet !onnectivity

'

(verall Architecture


3/25

"igh Level logical &T architecture

Tier1

Tier'

##LTermination )evice

*rimary

#econdary

(%+ealm

*ublic&nternet+ealm

!oreswitch

,rog $L%Application

#chool

*!

!ontent ,ilter

&nternet

$L% Access&nternal.

$L% Access%/ternal.

&nternet Access

*rimary

#econdary

)e-

ilitari0edone

"ome *!

$L%+outers

"osting!loud

)B Tier

"osting!loud App

Tier

"osting!loud 2eb

Tier

Logical,2 !t/

name3moe4yes4my

Tier 5


4/25

The ,rog $L% solution has the following components:

Virtualization Platform

Frog VLE Platform Stack

Community Site

Content Store

SCORM system

6

!loud services for $L%


5/25

The $irtuali0ation &nfrastructure provides the $irtuali0ed %nvironment used bythe $L% Architecture and parts of the 7TL &nfrastructure4

The $irtuali0ation &nfrastructure uses +ed "at %nterprise $irtuali0ation +"%$.as the hypervisor4

8

$irtuali0ation *latform


6/25

9

%ach $L% is an independent ,rog *latform with its own database and

user ;les4 These are con;gured together with the ,rog *"* #oftware anda


7/25

@

o!!"nit# Site

$ebser%erontent Store

$ebser%ers

ontent Store

Database

VLE

ontent Store

Fileser%er

!ommunity#ite

)atabase

!ommunity#ite

,ileserver

!ommunity#ite

2eb #ervers

The community site content store and #!(+ are each a single clustered ,rog *latform andoperate independently of the other $L% instances4

*#e Community site provides an interactive portal for teachers to communicate and share with eachother as well as providing facilities for the o% to create notices that are displayed within each schools $L%+

*#e Content store provides centrali0ed resources which can be accessed through the $L%+

*#e SCORM ser&ices provide access to the &codeon #!(+ %ngine for running #!(+ based content+

*#is )ill facilitate t#e s#aring of resources de&elo"ed )it#in t#e VLE as )ell as any additionalcontent agreed and "ro&ided inde"endently+

!ommunity #ite !ontent #tore and #!(+

#!(+)atabase

#!(+,ileserver

#!(+2eb #ervers


8/25

"igh Level logical &T architecture

Tie

r1

Tie

r'


*rimary

#econdary

(%+ealm

*ublic&nternet+ealm

!oreswitch

,rog $L%Application

#chool

*!

!ontent ,ilter

&nternet

$L% Access&nternal.

$L% Access%/ternal.

&nternet Access

*rimary

#econdary

)e-

ilitari0edone

"ome *!

$L%+outers

"osting!loud

)B Tier

"osting!loud App

Tier

"osting!loud 2eb

Tier

Logical,2 !t/

name3moe4yes4my

Tier 5


9/25

The content ;lter is one of the key components of the solution4 &t is used to

ensure that inappropriate content is being blocked from the students in theschools4

7TL will be deploying ' units of the content ;lter4 They will be con;gured in afault tolerant con;guration to ensure that there is no disruption during aneuipment failure:

1

!ontent ,iltering

The !ontent ,ilter appliance enables service providers to better managee/cessive increases in network traCc and subscriber growth by using a

caching technology4

By utili0ing highly eDective caching technology !ache,low is able todramatically accelerate the delivery of rich 2eb '4 content including large;les and video4 !ache,low appliances also save bandwidth on e/pensiveinternational links and backhaul traCc which greatly reducesinfrastructure costs by controlling bandwidth consumption and improvingcustomer satisfaction4


10/25

There are broadly two approaches to content ;ltering based on the prevailing

technologies4 The following describes two approaches of managing access tointernet4 The two approaches are 2hitelisting and Blacklisting4 The details ofthese approaches are elaborated below:

$#itelist

This approach allows only sites and domain that is deemed acceptable by

(% that is e/plicitly stated as safe.4 All other content is disallowed4

ene,ts& Access to content is limited to those that (% certi;es as appropriate4

& Takes away the need to be on a constant vigil of Eagging new inappropriate online content4

& (% knows e/actly what are the sites users on the 1Bestarinet can access4

Risk& !ontent available for education is limited to the whitelisted sites4

11

!ontent ,iltering - Approaches


11/25

lacklist

This approach disallows e/plicitly stated unacceptable content4 ,or a list ofcategories of such content please refer to Appendi/ A4 All other content isallowed4

ene,ts& Liberal access to rich content available on the internet

Risk& (% need to be on a constant vigil of identifying and Eagging new inappropriate online

content4

& &nternet is a dynamic and constantly evolving network4 Large amount of un-moderated contentis published daily and this may result in inappropriate content slipping through4

1'

!ontent ,iltering - Approaches


12/25

Based on the above mentioned strategies and best practices for content;ltering (% has e/pressed a preference to take a whitelisting approach

based on the hybrid strategy outlined below4Strategy

& &n implementing whitelisting it is essential that the content ;lter database is loaded withsuCcient Fwhite listedG sites in order for the users to be able to access the commonly usedsites4 Therefore as part of the whitelisting implementation the approach is to ;rst con;gurethe content ;lter to a black listing mode and implement blacklist as per H-1' guidelines basedon the bluecoat H-1' settings4 &n addition to that additional categories that may be deemedcontroversial will also be blocked4

& The blacklisting mode will be left on for I days and all the sites that are visited during thattime will be collected and used as potential whitelisting


13/25

The anaged security solution has the following components:

SymantecEndPoint #%* Anti $irus.

Symantec !ltiris Patc# Management

1K

!loud services for anaged #ecurity


14/25

#chools

*!

#ymantec anti-virus #ervers

7TL )atacenter

&nternet

hen school computers boot into windows or when #%*>s communication interval is eDective The #ymantec anti-virus client install

omputers in the school reuest for an updated anti-virus signature from the network4

e school computers connect to the wireless endpoint device oom. placed in the school by 7TL4

he oom connects to K broadband via the K base station macro network. to the #ymantec anti-virus servers placed in 7TL dat

e servers in 7TL data center. provide an updated signature and the school computers get the update via the same path4

(T%: The servers in turn should have received the updated anti-virus signature from #ymantec internet.4

This happens via scheduled communication in between the servers and #ymantec.

4G Basestation

4G broadband

ZoomBackhaul Fiber

Circuits1 '

5

6

K

Macro Network

Architecture for #ymantec %nd *oint Anti $irus


15/25

#chools

*!

#ymantec patch mgmt #ervers

7TL )atacenter

&nternet

school computers boot into windows or when scheduled communication interval is eDective The #ymantec patch mgmt client in

puters in the school reuest for patches from the network4

hool computers connect to the wireless endpoint device oom. placed in the school by 7TL4

oom connects to K broadband via the K base station macro network. to the #ymantec patch mgmt servers placed in 7TL data

rvers in 7TL data center. provide patches if applicable. and the school computers get the patches via the same path4

: The servers in turn should have received the patches from various vendors such as adobe icrosoft apple etc4 via #ymantec i

This happens via scheduled communication in between the servers and #ymantec.

4G Basestation

4G broadband

ZoomBackhaul Fiber

Circuits1 '

5

6

K

Macro Network

Architecture for #ymantec Altiris *atch anagement


16/25

"igh Level logical &T architecture for "ostingsolution

Tie

r1

Tie

r'


*rimary

#econdary

(%+ealm

*ublic&nternet+ealm

!oreswitch

,rog $L%Applicati

on

#chool

*!

!ontent ,ilter

&nternet

$L% Access&nternal.

$L% Access%/ternal.

&nternet Access

*rimary

#econdary

)e-

ilitari0edone

"ome *!

$L%+outers

"osting!loud

)B Tier

"osting!loud App

Tier

"osting!loud 2eb

Tier

Logical,2 !t/

name3moe4yes4my

Tier 5


17/25

&nternet

Tier-1 ,irewall

Architectural )esign for "osting !loudLogical Vie)

Tier-' ,irewall

"osting !loud

11


18/25

Tier-1 ,irewall

Tier-' ,irewall

"osting

!loud

1 cores

1I

Architectural )esign for "osting !loud-nfrastructure Vie)

#AN #torage5 TB

T&%+' ,+%2ALL

&nternet


19/25

)ata !enter

!%out t#e (ata Center #entul )ata center is located in a Huala

Lumpur suburb #entul. oDering e/cellentopportunities for both cost eDective hostingand high speed transaction connectivitysolutions into and out of Huala Lumpur4

#entul has tier K data center capabilities tosupport critical high performance and highvolume business applications with resilienceand availability e/pected of world class &Tservices4 #entul also oDers variety of other

data center speci;cations for non-criticalhosting needs

(ata Center Ca"a%ilities#entul>s 'KM9M586 operation center has full visibility ofall our data centers using enterprise-level systemsmonitoring environmental systems control andaccess to live visual feeds4 %/perienced round-the-clock operators manage an e/tensive range oftechnologies from virtual


20/25

)ata !entre M &(T - !urrent +ack #ummary

!rea S"ace

.Racks/*)! *hase 1. 11

*)! *hase '. 8I

&(T 5I

%/pansion*hase 1

18

%/pansion*hase '

1K@

New &(T 9@


21/25

)ata !entre ,acilitiesM#peci;cation

Precision ooling

'"r Data centers are b"ilt on raise( floors an( ha%e

high)%ol"!e* +one( te!perat"re control s#ste!s to ens"re a(e,"ate %entilation-

$e ha%e in%este( in !"ltiple Precision air con(itioning "nits* with ./0

re("n(anc# to !aintain opti!al te!perat"re an( h"!i(it# e%en in the e%ent of a

single !achine fail"re

1he en%iron!ent is s"pporte( b#2

1wo in(epen(ent chille( water cooling s#ste!s to pro%i(e ./0

1he Precision Air con(itioning "nits with ./3 to pro%i(e cooling at 33 (egree

elsi"s an( h"!i(it# control at 445 Hot6col( +one aisle (esign

788!! floor %oi( to ens"re the "nrestricte( free flow of col( air

Fire ProtectionProtection fro! fire being a critical concern9 we ha%e in%este( in state)of)art fire

(etection an( s"ppression s#ste!s

E,"ip!ent within (ata center is f"ll# protecte( b#2 Ver# earl# S!o:e Detection an( Alar! s#ste! ; VESDA< A two)stage fire (etection s#ste! !onitoring s!o:e an( heat "n(er ceiling an(

"n(er raise( floor- A FM388 s"ppression s#ste! to!ini!i+e (isr"ption an( ens"re a locali+e(

response to an# fire inci(ent


22/25

*ower +esilience

A,Board

%#B

enset 1

enset '

TNB


23/25

'6

P#ysical SecurityAs well as strict reuirement for #entul topre-authori0e any personnel entering the)ata !enter the site is protected by:

A 5-metre high fence

Access to the main doors which is thesingle access point to the building for

staD M visitors is monitored by securityguard 'KM9

!!T$ monitored on site and monitored'KM9

Three level security access cardaccess card and pin access andbiometric entry points to critical areaareas

'KM9 armoured security with minimum' at all times

#ecurity vetting of all security staD

#ecurity


24/25

onitoring

(ur highly skilled engineers operate in secure state-of-art 'KM9M586 Network(perations !enters N(!. euipped with the best monitoring and automation tools

and processes designed as per &T&L framework4(ur service oDerings can be tailored to accommodate:

,le/ibility in the components of the infrastructure being monitored and managed

Availability of competency levels from L to LK

#hift coverage to accommodate Qfollow-the-sunF model

#etup and economies of scale of a N(!:

#hared N(! or )edicated N(!


25/25

Thank 7ou

The %nd

Moe - Overall Arch Presn (1)

Documents

Transcript of Moe - Overall Arch Presn (1)