IT Services Group Assignment 2 – Week 10, May 17th 2015 Team Team 4: 1. Alexander Gunawan, NIM 1701497840 2. Armandha Aria, NIM 1701497903 3. Ghema Nusa Persada, NIM 1701497885 4. Rico Malibu, NIM 1701497872
SESSION 10 Assignment 1. Team’s recommendation to Carlos Noriega on how to improve SUNARP’s Network (Include intranet and WAN) Rekomendasi untuk Carlos Noriega dalam meningkatkan layanan jaringan SUNARP termasuk intranet dan WAN adalah dengan membuat jaringan intranet untuk komunikasi pada pihak internal di dalam perusahaannya dan melakukan komunikasi dengan publik melalui jaringan WAN. Peningkatan yang dapat dilakukan melalui jaringan intranet adalah
Membuat website karena web yang cukup fleksibel dan mudah digunakan.
Membuat enkripsi khusus dan perlindungan keamanan lainnya dalam menghubungkan satu bagian intranet dengan bagian intranet lainnya.
Meningkatkan kemampuan berbagi sumber daya (printer, scanner) serta koneksi dengan internet.
Memperbesar ruang penyimpanan disk virtual untuk mengantisipasi banyaknya data.
Melakukan integrasi dengan layanan e-mail.
Membuat cross-platform web agar dapat diakses oleh berbagai web browser pada sistem operasi yang berbeda.
Menyiapkan ketersediaan pembaruan sistem.
sedangkan untuk jaringan WAN adalah
Membuat satu data center secara terpusat .
1 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
Membuat teknologi WAN secara point to point, dimana jaringan yang dibangun mempunyai banyak koneksi secara fisik, namun untuk operasi dalam satu waktu hanya ada satu fungsi koneksi.
Membuat sistem keamanan melalui proxy dan firewall untuk membatasi jaringan internet yang dapat mengancam jaringan.
2 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
2. Team’s design on building SUNARP’s security management As SUNARP need to do integration and unification of the information in the different public registry offices in the whole country and also accept access from external party (ex: another government agency, payment vendor: VISA) Transaction With Visa/Alto/MasterCard Dalam Proses ini menggambarkan jika customer ingin melakukan pembelian atau pembauaran melalui online diperlukan kerjasama dengan pihak bank terkait dengan sehingga jika telah melakukan kerjasama dengan pihak bank terkait akan diberikan autentifikasi dan kepercayaan berupa notofikasi yang dikirim via phone cell / email customer. Jika sesuai dengan nama orangtua yang terdaftar maka akan diberikan notifikasinya ulang untuk verified transaction.
Figure 1 - Transaction With Visa/Alto/MasterCard
3 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
Cash Transaction with ATM
Figure 2 - Cash Transaction with ATM
4 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
3. Team’s Strategy related to SUNARP’a region capacity planning (except Lima) Background There is a lot of application is located in Lima, but the registrar is actually located outside of Lima. Peru’s total population in 2014: 30,970,408 with average annual growth rate 1.39% (http://www.worldpopulationstatistics.com/peru-population/), Average annual growth rate figure will be used as base for Capacity Growth Rate SUNARP’s Revenue for Service Fees (2003 - US$) (www.sunarp.gob.pe) showed that 63% of total revenues mainly come from Lima or Zone No IX and the rest of 27% goes to other regions.
Figure 3 - SUNARP Technological Infrastructure
Current SUNARP Technological Infrastructure Diagram showed that
Have one head office and one office in each region (Region related)
Regions connected through WAN (Region related)
Using Physical Server at head office (Head Office related)
Using Centralized Storage at head office (Head Office related)
Using separate network of internal and DMZ network (Head Office related)
Secured using multi-level firewall (Head Office related)
5 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
Suggested Solution Capacity Planning for regions are as follow: 1. Utilization As SUNARP have assumed capacity growth rate of 1.39% annually (and will grow each year), current infrastructure should be optimized to handle it. They can be done with usage of current technology to optimize performance. For example is usage of certificate base document format for security in PDF file 2. Trend Enhancement should be done in several areas, particularly infrastructure related
Regions connected through WAN can be simplified by using internet with VPN to streamline between SUNARP network to Peru’s global network infrastructure
Turn a Regional Office as a Disaster Recovery site as backup site to current Data Center at head office
Additional servers can be added in regions (as required) to speed up local processes equipped with local temporary Storage / Cache. The storage can be mirrored to head office or Disaster Recovery site in idle / off-work time
Other enhancement will also required in Head Office
Using Physical Server at head office can be simplified by implementing Virtual Servers to increase availability (Head Office only)
Using Centralized Storage at head office should be enhanced with use of Network Attached Storage to ease storage upgrade path (Head Office only)
3. Forecast As trending technology is adopted they will fulfill the forecast requirement. Annual capacity growth is part of that forecast. 4. Adjustment The result of utilization, adoption of trending technology should be adjusted according to current situation whether the resource is required or should not be used 5. Tuning The result of utilization, adoption of trending technology should be tuned according to current situation with change/adjustment of parameter of the resource
6 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
4. Team’s recommendation if Carlos Noriega would like to build 2 data center (DC & DRC), location and things to consider of Facility Selection criteria Data Center / DC Karena SUNARP menggunakan infrastruktur WAN dengan bantuan DMZ seperti pada Figure 3 Maka, lokasi data center akan ditempatkan di kota Lima, Peru. Ada beberapa hal yang harus dipertimbangkan : 1. Data Center Environmental Control, meliputi :
Air flow / Sirkulasi udara : usahakan antara panas yang keluar dari peralatan dan sistem pendingin jangan sampai bertumpukan, dapat diatasi dengan in – row cooling unit ( pemisahan berdasar lorong panas / dingin ) dan hot / cold containment aisle ( isolasi lorong dingin agar tidak tercampur dengan udara panas yang keluar ).Nantinya, udara panas akan keluar melalui ventilasi dan pertukaran udara dingin akan terjadi di saluran udara 2. Temperature
Temperatur tinggi biasanya ada di atas / samping dan temperatur rendah biasanya terletak di depan / bawah rack. Ada beberapa sumber rekomendasi tentang temperatur :
Dari IT Vendor : 70–75 °F (21–24 °C)
Dari American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE) : 68–77 °F (20–25 °C) dengan kisaran minimum dan maksimumnya adalah 59–90 °F (15–32 °C)
7 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
Sedangkan menurut penelitian, temperatur data center yang berada dibawah 70 °F / 21°C merupakan sebuah pemborosan energi dan uang.
3. Humidity sensor ( Biasanya diletakkan ditempat yang tinggi ) dan water control (biasanya diletakkan di bawah rack / raised floor ) dengan memakai sensor, karena kebocoran pada chiller / sumber lain dapat menyebabkan korsletting. 4. Fire suppression monitoring, namun perlu diimbangi dengan pengecekan peralatan berkala oleh admin, agar kiranya siap digunakan ketika kebakaran terjadi. 5. Static electricity sensors / grounding yang baik untuk menghindari timbulnya listrik statis 6. Yang tidak kalah pentingnya adalah Security Access Door pada pintu ruangan, serta room / rack entry sensor untuk mengantisipasi tindakan security bypass Citasi : http://searchdatacenter.techtarget.com/tip/Five-questions-on-data-centerenvironmental-monitoring Interconnection Tampak di gambar, SUNARP memakai WAN sebagai metode pengiriman data.
Figure 4 - SUNARP's Office Interconnection
Karena jaringan yang terbentuk sudah cukup besar, mungkin akan sulit untuk mengganti, namun bisa disarankan agar memakai Virtual Private Network dimana VPN memanfaatkan dedicated line ( telephone network / internet ) sebagai media perantaranya dan dilakukan penambahan informasi pada header sebagai implementasi network tunneling. Serta, sebelum dikirim, paket akan mengalami proses enkapsulasi antara router di kedua sisi jaringan dan dienkripsi dengan public / symmetric key encryption.
8 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
Security Dari sisi security, di gambar terlihat SUNARP sudah menerapkan beberapa firewall dan DMZ untuk koneksi ke luar, beberapa hal yang perlu dipertimbangkan : Untuk firewall dapat menggunakan applikasi seperti palo alto firewall, dimana sudah mencakup : File blocking, Data Filtering, Vulnerability Protection ( deteksi vulnerability setiap aplikasi yang terinstall ) , anti - virus, anti - spyware, URL Filtering ( tidak perlu lagi memakai proxy, karena sudah terakomodasi di firewall ), dan Application Control (background process, network connection, queries). Monitoring Karena SUNARP masih memakai IDS yang bersifat detection saja, maka bisa dikembangkan ke IPS ( Intrusion Prevention System ) yang bisa diklasifikasikan ke beberapa kategori : host based, wireless, network(email,svn,file encryption), dan network behavior. Serta deteksi mencakup : signature, statistic anomaly, stateful protocol. Storage Management Untuk capacity planning, dimana data akan semakin besar, dianjurkan agar memakai konfigurasi RAID 1 – 0. Dikarenakan, data akan diakses banyak orang dan mempertimbangkan efisiensi sehingga parity pada RAID 5-0 tidak dianjurkan karena akan memakan waktu. Cara penyimpanan dianjurkan untuk memakai sistem kompresi, mengingat data akan diakses secara WORM ( Write Once Read Many ). Sedangkan untuk backup strategy, akan dilakukan Differential Backup, dimana merupakan sistem backup yang menyimpan data perubahan yang terjadi selama kurun waktu tertentu dan akan disimpan di lokasi terpisah sebagai Disaster Recovery Center ( DRC ) dengan memakai warm standby disaster recovery strategy. Disaster Recovery Center ( DRC ) Untuk disaster recovery center tidak perlu ditempatkan di tempat yang terlalu jauh agar proses relokasi lebih mudah dan cepat. DRC di indianapolis (https://www.fema.gov/ ) atau iron mountain di US (http://www.ironmountain.com/Services/Data-Management/Disaster-Recovery/DisasterRecovery-Support.aspx ) bisa menjadi solusi alternatif yang cukup baik. Fasilitas yang kira – kira dibutuhkan dalam sebuah DRC : 1. Raised Flooring The server room’s floor is raised to protect all hardware and equipment from floodings 2. Air-Conditioning The server room is equipped with split air-conditioning. With this facility, the servers will be able to perform in optimal environment. 3. Fire Extinguisher Fire extinguishing equipment is provided at the DRC for fire security. 9 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
4. CCTV CCTV is installed in the server room to monitor and observe activities. 5. Access Card System To enter the DRC and server room, access card system is implemented allowing only authorized personnel to enter the facility. 6. Smoke Detector Smoke detector is installed. 7. Uninterruptible Power Supply (UPS) and Generator TNB power passes through the inverter – converter of the UPS system and output of the UPS system supplies power to the computer facility. This isolates the facility from utility transients and outages. Complete protection is provided from power surges, outages, voltage fluctuations, power frequency fluctuations and loss of utility power. If the power outage is for an extended period, a generator will be activated to continue to support the servers and equipment in the DRC. 8. Alarm System Alarm system is implemented for unauthorized intrusions. 9. Broadband Wireless This solution offers reliable and secure, high-speed connectivity with lower total cost compared to leased line, T1/E1 lines and similar wireless access solutions. 10. Telephone and Internet Services Internet and telephone services are enabled with Broadband Streamyx and telephone lines installed throughout the DRC. 11. Networking Services The DRC is well equipped with all necessary points for networking purposes. The facilities must be able to perform in an optimal environment. With this routine activity, CMG Online can ensure its customers are on full protection from data loss due to damaged equipment, software upgrades, viruses, user errors, hackers and theft. Citasi : http://www.cmg.com.my/business-solutions/disaster-recovery-center-drc
10 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
