“Increase Value of IT Services Through Application Portfolio Management” delivered by Benoit Long, Senior Assistant Deputy Minister Transformation, Service Strategy and Design, Shared Services Canada.
Increase Value of IT Services Through Application Portfolio Management
1. Shared Services Canada Perspective
GTEC Panel: Increase Value of IT Services Through Application Portfolio
Management
Government Technology Exhibition and Conference (GTEC)
October 9, 2013
Ottawa Convention Centre
Room: Room 211, 2nd Level
Time: 1:00 p.m. – 1:45 p.m.
Benoît Long
Senior Assistant Deputy Minister
Transformation, Service Strategy and Design
2. Conceptual End State (updated July 2013)
Enterprise
Security
• ITIL ITSM Framework
• Standardized Service
Levels/Availability Levels
• Inclusive of Scientific and
special purpose computing
• Standardized Application
and Infrastructure Lifecycle
Management
• Smart Evergreening
• Full redundancy – within
data centres, between
pairs, across sites
Regional
Carriers
G2G
GCNet
(3,580 buildings)
Application
Service Levels
International
Carriers
Standard
Enhanced
Regional WAN
Accelerators
Mission Critical
Production
Prod1
A
U
S
B
Service
Level
Prod2
U
U
U
B
B
C
Development
Dev1
Protected C
Sci1
Secret
Stand-alone centre for GC supercomputing (HPC) – e.g. Weather
Virtualized Services
V.Conf.
Bridge
Web
App.
IP PBX
Database
File/
Print
Data Centre Core Network
Domains & Zones
WAN
Node
Internet
PoP
Application Migration
• Standard platforms and
product versions
• Migration guidance
• Committed timeline for
product evolution
Confidential
S
Dev2
HPC
Classified Data
C
Prod4
S
Protected B
C
Production
Prod3
U
Protected A
B
Service
Level
Workload Mobility
Protected Data
A
…
Service
Management
Service
Management
Several, highlysecure Internet
access points
Consolidation
Principles
Virtual
Private
Cloud
C2G
B2G
Enterprise
Security
• All departments share one
Operational Zone
• Domains and Zones where
required
• Classified information
below Top Secret
• Balance security and
consolidation
• Consolidated, controlled,
secure perimeters
• Certified and Accredited
infrastructure
Internet
Public
Cloud
Services
Virtualized Platforms
Th.Client
VDI
Email
x86
Web / App / DB Containers
Linux
x86
Web / App / DB Containers
Windows
Sys. z
App / DB Containers
z/OS
Any
Special Purpose / Grid / HPC
Operating System
GC Private Domain
Virtualized Storage
SAN
On-line
Near-line
NAS
Tier 1
Tier 2
Archive
Off-line / Backup
Tier 3
1. As few data centres as
possible
2. Locations determined
objectively for the long
term
3. Several levels of resiliency
and availability
(establish in pairs)
4. Scalable and flexible
infrastructure
5. Infrastructure transformed;
not ‘’fork-lifted’’ from old
to new
6. Separate application
development environment
7. Standard platforms which
meet common
requirements
(no re-architecting of
applications)
8. Build in security from the
beginning
Business Intent
• Business to Government
• Government to Government
• Citizens to Government
2
3. ICT Deployment Models and Evolving Degrees of
Accountabilities
•IaaS:
Infrastructure as a
Service
Security &
Integration
DBMS
Servers
Virtualization
Server HW
Storage
Network
CIO
managed
Managed by shared services
providers
Software as a Service
(non Dept/Agency
program Applications)
Runtimes
Applications
Applications
Runtimes
Runtimes
Security &
Integration
DBMS
Servers
Virtualization
Server HW
Managed by shared services
providers
•SaaS:
CIO managed
Platform as a Service
Applications
SaaS
PaaS
Security &
Integration
Databases
Servers
Virtualization
Managed by shared services
providers
•PaaS:
IaaS
Server HW
Storage
Storage
Network
Network
3
4. GC Cloud Conceptual (updated July 2013)
GC-SRA
GC Community Cloud
•
•
•
•
Internal services for GC community
SSC-provided cloud services to the GC
Secured perimeter
Multi-Domain (Protected B to Secret)
Public-facing web sites
GC-Hybrid
Free / Busy
Mobile Integration
Directory
GC-Public
GCTravel
GC Hybrid Cloud
• Secured extension of GCNet to vendor
• Vendor-provided cloud services to the GC
Canada.gc.ca
Collab
Jobs
Pension
Pay
GCDocs
MySchool
Intranet sites
GCdrive
GC-Community
GEDS
Directory
GC other Gov’t Depts
GCnet
GC Public Cloud
• Some public-facing GC presence
• Limited Development / Test capacity
SSC Partner Department
4
5. Cloud Computing: Opportunities & Challenges
Opportunities
• On-demand self service
V storage
• Ubiquitous network access
Community cloud (CWA, GCDocs)
• Resource pooling (location
independence, homogeneity)
Hybrid cloud - STSI
• Rapid elasticity
• Measured service
• Private clouds
Data Centre Consolidation and
Telecommunications
consolidations
• Data sovereignty, privacy and
security
Data in motion, data processing
and data at rest
Challenges
• Connecting resources across clouds and customer
premises
Cloud service management and cloud brokerage –
SSC evolving and increasing roles
• Managing identity, federation, and access control
Cloud auditor; ICAM federation
• Isolating tenants in a multi-tenancy environment
GC community cloud – single operational zone
Location of data – data sovereignty, yes; critical GC
data within SSC private cloud
• Extending on-premises security & operations
management practices to the cloud
SSC cloud broker and auditor roles
• Latency and other performance-related considerations
Centralization of data and federation of processing;
virtualization; network design and operationalization
• Network capacity and capability
Enterprise requirements for two domains, single
network (unclassified and classified) in evolving
data, usage and security landscape; moving from
dept specific domains
5
6. Platform Technologies – Directions
TBD
Technologies
whose disposition
will be determined
over the coming
months
Sustain
Linux on
System z
Grow
Technologies
where investments
will be made,
transformation will
focus, and new
business and
workloads will be
directed
z/OS
Technologies that
will be maintained
at current business
volumes, with
organic current
business growth;
no new business or
workloads will be
directed here
Sunset
Linux on
x86
AIX
HP-UX
Solaris
Windows
Technologies which
will be phased out
over the course of
the transformation;
workloads will be
migrated to “Grow”
platforms
MCP
6