Moving to a Connected Future: End-to-End deployment of classified government ICT environment
Situation
A New Zealand Government Ministry’s globally dispersed staff didn’t have the flexibility to access the information they needed, when they needed it. Due to security reasons, mobility wasn’t available to staff and internet access was indirect and limited. The Ministry had the chance to change their ICT systems to enable their staff to be more flexible and effective both within their own organisation and when working with others.
The new system would need to provide:
Overall, the project required the upgrading of existing IT infrastructure in one classified network and creation of a new, lower classification network. The OS on both desktops and servers also needed to be upgraded a new global WAN put in place, and direct access to the internet provided.
In addition, the project required a platform for other improvements, such as an upgraded global document management system. When complete, the resulting IT system would be at the leading edge of those used by governments worldwide.
Solution – Prophecy Network Architecture and Design staff
Prophecy was approached to provide staff to the Ministry for longterm project. The skills required ranged from enterprise network security and design, through infrastructure design and implementation, to deployment management.
Over the 4-year duration of the project, Prophecy Networks provided:
Some of the solutions provided were:
Classified ‘Lights-Out’ Data Centres:
Due to the security requirements around this deployment, the decision was made to operate the globally dispersed data centres in a ‘lights-out’ mode. This design all but eliminated the need for direct access by personnel, except under extraordinary circumstances. This mode does, however, produce challenges during the building, commissioning and maintaining of these data centres. The Prophecy Networks team was responsible for design, implementation and handover of these sites in a fashion that enabled them to be built and managed from New Zealand, producing significant cost savings. The sites are operated and maintained remotely, with zero requirements for onsite presence.
Global Secure WAN:
To enable utilisation of the data centres by branch offices and a mobile workforce , a new globally secure WAN was designed and deployed to meet or exceed all relevant New Zealand Government security requirements. The design included innovative features such as multiple link failover mechanisms that give this network increased resilience to failure.
Device Agnostic Secure Computing Environment:
New desktop, laptop and mobile computing platforms were developed to take advantage of the new services. This also required the development of technologies to remotely deploy secure images to more than 2000 devices. These builds utilised the latest technologies in network access protection and full disk encryption.
Situation
A New Zealand Government Ministry’s globally dispersed staff didn’t have the flexibility to access the information they needed, when they needed it. Due to security reasons, mobility wasn’t available to staff and internet access was indirect and limited. The Ministry had the chance to change their ICT systems to enable their staff to be more flexible and effective both within their own organisation and when working with others.
The new system would need to provide:
- Resiliency - so staff would not be affected by outages
- Low touch systems – the ability to remotely manage systems and devices from a centralised location
- Centralisation – collating dispersed infrastructure into several locations to lower the costs of patching, builds, etc.
- Flexibility – allowing staff to access required information in and out of the office
- Security – to allow only appropriate access to classified data
- Mobility – access to information on multiple devices and diverse locations
Overall, the project required the upgrading of existing IT infrastructure in one classified network and creation of a new, lower classification network. The OS on both desktops and servers also needed to be upgraded a new global WAN put in place, and direct access to the internet provided.
In addition, the project required a platform for other improvements, such as an upgraded global document management system. When complete, the resulting IT system would be at the leading edge of those used by governments worldwide.
Solution – Prophecy Network Architecture and Design staff
Prophecy was approached to provide staff to the Ministry for longterm project. The skills required ranged from enterprise network security and design, through infrastructure design and implementation, to deployment management.
Over the 4-year duration of the project, Prophecy Networks provided:
- Technical Team Lead - Networking
- Technical Team Lead - Infrastructure
- Technical Team Lead - Network Security
- Technical Team Lead - Application Deployment
- Technical Team Lead - SOE Image Deployment
- Project Manager - Data Centre Deployment
Some of the solutions provided were:
Classified ‘Lights-Out’ Data Centres:
Due to the security requirements around this deployment, the decision was made to operate the globally dispersed data centres in a ‘lights-out’ mode. This design all but eliminated the need for direct access by personnel, except under extraordinary circumstances. This mode does, however, produce challenges during the building, commissioning and maintaining of these data centres. The Prophecy Networks team was responsible for design, implementation and handover of these sites in a fashion that enabled them to be built and managed from New Zealand, producing significant cost savings. The sites are operated and maintained remotely, with zero requirements for onsite presence.
Global Secure WAN:
To enable utilisation of the data centres by branch offices and a mobile workforce , a new globally secure WAN was designed and deployed to meet or exceed all relevant New Zealand Government security requirements. The design included innovative features such as multiple link failover mechanisms that give this network increased resilience to failure.
Device Agnostic Secure Computing Environment:
New desktop, laptop and mobile computing platforms were developed to take advantage of the new services. This also required the development of technologies to remotely deploy secure images to more than 2000 devices. These builds utilised the latest technologies in network access protection and full disk encryption.