1 IS 8950 Managing Network Infrastructure and Operations

1

IS 8950

Managing Network Infrastructure and Operations

2

Understanding Internetworking Infrastructure

3

Background

• 75% of all IT dollars go to infrastructure• IT infrastructure lies at the heart of most

companies’ operating capabilities• IT infrastructure is vital; no longer is it nice to

have or just value-adding.• Internetworking technologies provide a low-cost

way to connect virtually everyone on the same network

• The rise of internetworking technologies offers new possibilities for addressing business computing needs

4

A G rap h ica l R ep resen tation o f M oore’s L aw

C hapter 5 F igu re 5 -1

M o o re 's L aw

0

2 00 0

4 00 0

6 00 0

8 00 0

1 00 0 0

1 20 0 0

1 40 0 0

1 60 0 0

1 97 0 1 97 5 1 98 0 1 98 5 1 99 0 1 99 5 2 00 0

Yea r

Tran

sist

ors

per C

hip

A dap ted b y au th or from M icroprocessor R eport 9(6), M ay 1995 and “C h ipL ist 9 .9 .5 ,” b y A ad O fferm an , Ju ly 1998 .

S ource: A pp lega te, L ynda M ., R obert D . A ustin , and F . W arren M cF arlan , C orpora te In form ation S tra tegy and M anagem ent . B urr R idge, IL : M cG raw -H ill/Irw in , 2002 .

5

The Evolution of Corporate IT Infrastructure

Chapter 5 Figure 5-2

Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.

6

The Drivers of Change: Better Chips, Bigger Pipes

• PCs made computing available to a wide variety of non-technical users

• Web made network resources (such as distant databases) and capabilities (such as over-the-Net collaboration) accessible

• Metcalfe’s law: “The usefulness of a network increases with the square of the number of users connected to the network”

• Powerful chips and large communication “pipes”, both at low cost, fueled a process that would lead to qualitatively different computing infrastructure

7

C hapter 5 F igure 5 -3

A G raph ical R epresentation of M etcalfe’s L aw

M etca lfe 's L aw

0200400600800

10001200140016001800

0 10 20 30 40

N u m b er o f U sers C o n n ected to th e N etw o rk

Valu

e of

Net

wor

k

Source: A pplegate, L ynda M ., R obert D . A ustin , and F . W arren M cF arlan , C orporate In form ation S trategy and M anagem ent. B urr R idge, IL : M cG raw -H ill/Irw in , 2002 .

8

T h e B a n d w id th E x p lo s io n

C ha p te r 5 F ig ure 5 -4

N e tw o rk B a n d w id th G ro w th

1 9 6 0 -1 9 9 0

1 9 9 0 -1 9 9 4

1 9 9 4 -1 9 9 6

1 9 9 6 -1 9 9 7

1 9 9 7 -1 9 9 8

1 9 9 9 -2 0 0 0

2 0 0 1 +

In c r e a s in g N e tw o r k B a n d w id th

M a s s W W W a d o p tio n , g ra p h ic in te n s ive , in s ta n t m e s s a g in g

M a s s e -m a i l a d o p tio n , b a s ic W W W s i te s

L a rg e fi le tra n s fe r , e -m a i l

F i le tra n s fe r

S tre a m in g a u d io a n d vid e o , a d va n c e d e -c o m m e rc e , l ive s to c k q u o te s , 1 ,0 0 0 M B p s

L ive a u d io a n d vid e o s tre a m in g e ve n ts , d ig i ta l c o m m e rc e , In te rn e t ra d io a n d te le vis io n , vio c e c h a t a p p l ic a tio n s

T ru e vo ic e -o ve r- IP te le p h o n y, h ig h re s o lu tio n In te rn e t te le vis io n , m u s ic a n d m o vie s o n d e m a n d , vi r tu a l w o rk p la c e s , b ro a d b a n d w ire le s s

S o urc e : A d a p te d fro m : h ttp :/ /w w w . sta n fo rd .e d u / ~ yz a ro lia /C ha lle n ge s. h t m

9

Basic components of internetworking infrastructure

• Network– The medium and supporting technologies (hardware

and software)

• Processing systems– HW and SW that provides an organization’s ability to

handle business transactions

• Facilities– The physical systems that house and protect

computing and network devices

10

C hapter 5 T able 5 -1

F undam ental C om ponents of Internetw orking Infrastructure

Core Technologies Key Management Issues Network Fiber optics, cable systems, DSL,

satellite, w ireless, Internetworking hardware (routers, sw itches, firewalls), content delivery softw are, identity and policy management, net monitoring

How to select technologies and standards

How to select partners How to manage partner relationships How to assure reliability How to maintain security

Processing Systems

Transaction software (enterprise systems offered by companies such as SA P or Oracle; or more targeted solutions offered by companies such as Trilogy and i2), servers, server appliances, client devices (PCs, handhelds)

W hat to keep internal and what to outsource

How to deploy, grow, and modify Enterprise system or best-of-breed

hybrid? Relationships w ith legacies How to manage incidents How to recover after a “disaster”

Facilities Corporate data centers, collocation

data centers, managed serv ices data centers, data closets

Internal or external management? Choosing a facilities model suited to

your company How to assure reliability How to maintain security

Source: A pplegate, L ynda M ., R obert D . A ustin , and F . W arren M cF arlan , C orporate In form ation Strategy and M anagem ent . B urr R idge, IL : M cG raw -H ill/Irw in, 2002.

11


A Simple LAN

Hub

Laptop

Laptop Workstation

Workstation

Workstation Printer

Printer

Server


12

Technological elements of networks

• Local Area Networks (LANs)• Hubs, Switches, and Network Adapters• Wide Area Networks (WANs)• Routers, the means by which messages are

relayed across large distances • Firewalls and other security systems and devices• Caching, content acceleration, and other

specialized network devices

13


An Example of a WAN

Backup Frame Relay Network

Frame Relay Provider Network



ProductionPlant

Corporate

ProductionPlant

Remote

Remote

Remote

Backup Frame Relay NetworkBackup Frame Relay Network





ProductionPlant

Corporate

ProductionPlant

Remote

Remote

Remote


14

Technological elements of processing systems

• Client devices and systems: PCs, handheld devices, cell phones, and even automotive components

• Server devices and systems• Mainframe devices and systems• Middleware: enabling utilities, message handling

and queuing systems, protocols, standards, software tool kits, etc.

• Infrastructure management system• Business applications

15

Servers in a Typical E-Commerce Configuration


iPremier Co Cage

To Public Internet

D

UPPER LOWER NORMA

InternetRouter

Router- Cust A

Router- Cust B

Router- Cust ...

VPN Cust B

VPN Cust ...

Router Firewall

Web Server Cluster

Database Server

SD

SD

SMTP/POPServer

SD

DNS Servers

Ethernet Switch

SD

Web Accelerator

Router to HO

T1

SD

NetworkManagement

Ethernet Switches

Qdata Facility

DIAGRAM SIMPLIFIED FOR ILLUSTRATION PURPOSES

VPN Cust A

VPN iPremier Company

Qdata Private Network

SD

Network Management

SD

SD

Big Iron

Source : Austin, Robert D.; Leibrock, Larry; Murray, Alan, “The iPremier Company: Denial of Service Attack (A),” Harvard Business School Case No. 601-114.

16

Technological elements of facilities

• Buildings and physical spaces

• Network conduits and connections

• Power: UPSs, backup generators, etc.

• Environmental controls

• Security

17


A Modern Data Center

Source: Allegiance Telecom

18

Operational characteristics of internetworks

• Internetworking technologies are based on open standards

• Internetworking technologies operate asynchronously

• Internetwork communications have inherent latency

• Internetworking technologies are naturally decentralized

• Internetworking technologies are scalable

19

Emergence of real-time infrastructure

• Better data, better decision

• Improved process visibility

• Improved process efficiency

• From make-and-sell to sense-and-respond

20

W a k e - U p C a l l : D e n i a l o f S e r v i c e A t t a c k s i n F e b r u a r y 2 0 0 0

C h a p t e r 5 T a b l e 5 - 4

a O v e r a l l p e r f o r m a n c e o f t h e I n t e r n e t d e g r a d e d b y a s m u c h a s 2 5 % d u r i n g t h e p e a k o f t h e a t t a c k s a s c o m p u t e r s r e - s e n t m e s s a g e s r e p e a t e d l y a n d a u t o m a t i c a l l y , t r y i n g t o r e c o v e r i n t e r r u p t e d t r a n s a c t i o n s .

S o u r c e : A d a p t e d f r o m : N e t w o r k W o r l d F u s i o n , w w w . n f u s i o n . c o m , c o m p l i e d b y L e G r a n d E l e b a s h .

D a t e T a r g e t C o m p a n y R e s u l t s o f A t t a c k F e b r u a r y 7 Y a h o o O v e r w h e l m i n g s p i k e i n t r a f f i c t h a t l a s t e d

3 h o u r s . N e t w o r k a v a i l a b i l i t y d r o p p e d f r o m 9 8 %

t o 0 % . A t t a c k o r i g i n a t e d f r o m 5 0 d i f f e r e n t

l o c a t i o n s a n d w a s t i m e d t o o c c u r d u r i n g m i d d l e o f b u s i n e s s d a y .

S t o c k w a s d o w n 3 . 2 % f o r w e e k i n w h i c h N A S D A Q r o s e a l m o s t 3 % .

F e b r u a r y 8 B u y . c o m A t t a c k o c c u r r e d w i t h i n a n h o u r o f t h e c o m p a n y ’s I n i t i a l P u b l i c O f f e r i n g ( I P O ) .

S t o c k w a s d o w n a t w e e k ’ s e n d m o r e t h a n 2 0 % f r o m I P O p r i c e .

E b a y S t o c k w a s d o w n 7 . 3 % f o r w e e k i n w h i c h N A S D A Q r o s e a l m o s t 3 % .

C N N . c o m S e r v i c e d i s r u p t e d F e b r u a r y 9 E * T r a d e A t t a c k e d d u r i n g p e a k t r a d i n g h o u r s .

S t o c k w a s d o w n 7 . 6 % f o r w e e k i n w h i c h N A S D A Q r o s e a l m o s t 3 % .

Z D N e t S e r v i c e d i s r u p t e d F e b r u a r y 1 8 F e d e r a l B u r e a u o f I n v e s t i g a t i o n

( F B I )

S e r v i c e d i s r u p t e d .

F e b r u a r y 2 4 N a t i o n a l D i s c o u n t B r o k e r s G r o u p ( N D B )

A t t a c k e d d u r i n g p e a k t r a d i n g h o u r s . O p e r a t o r s a c c i d e n t a l l y c r a s h e d s i t e a s

t h e y a t t e m p t e d t o d e f e n d a g a i n s t t h e a t t a c k .

21

Assuring reliable and secure IT services

22Chapter 6 Figure 6-2

Combining Components in Series Decreases Overall Availability

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Number of Components In Series (each 98% available)

Av

ail

ab

ilit

y


23

Five Components in Parallel (each 98% Available)



C h a p t e r 6 F i g u r e 6 - 1

F i v e C o m p o n e n t s i n S e r i e s ( e a c h 9 8 % A v a i l a b l e )

C o m p o n e n t 1

9 8 %a v a i l a b i l i t y

C o m p o n e n t 2


C o m p o n e n t 3


C o m p o n e n t 4


C o m p o n e n t 5


. 9 8 x . 9 8 x . 9 8 x . 9 8 x . 9 8 = s e r v i c e a v a i l a b i l i t y o f 9 0 %

S o u r c e : A p p l e g a t e , L y n d a M . , R o b e r t D . A u s t i n , a n d F . W a r r e n M c F a r l a n , C o r p o r a t e I n f o r m a t i o n S t r a t e g y a n d M a n a g e m e n t . B u r r R i d g e , I L : M c G r a w - H i l l / I r w i n , 2 0 0 2 .

24

High-available facilities

• Uninterruptible electric power delivery

• Physical security

• Climate control and fire suppression

• Network connectivity

• Help desk and incident response procedures

• N+1 and N+N redundancy

25


Redundancy Increases Overall Availability

98.0%

98.5%

99.0%

99.5%

100.0%

1 2 3 4 5 6 7 8 9 10

Number of Components In Parallel (each 98% available)

Av

ail

ab

ilit

y


26


A Representative E-Commerce Infrastructure

Router

Firewall 1

Firewall 2

Switch

Web Server1

Web Server2

DatabaseServer

Disk Array

PolicyServer 1

PolicyServer 2

ApplicationServer 1

ApplicationServer 2

Inte

rnet

Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management . Burr Ridge, IL: McGraw-Hill/Irwin, 2002.

27

Securing infrastructure against malicious threats

• Classification of threats– External attacks (Denial of service—DoS)– Intrusion: obtaining user names and password– Viruses and worms

• Defensive measures– Security policies– Firewalls– Authentication– Encryption– Patching and change management– Intrusion detection and network monitoring

• Security management framework– Make deliberate security decisions– Consider security a moving target– Practice disciplined change management– Educate users– Deploy multilevel technical measures, as many as you can afford

28

M anaging Infrastructure R isks: C onsequences and P robabilities

C hapter 6 F igure 6 -9

S ource: A pp legate, L ynda M ., R obert D . A ustin , and F . W arren M cFarlan , C o rporate In form ation S tra tegy and M anagem ent . B urr R idge, IL : M cG raw -H ill/Irw in , 2002.

H IG H

H igh C onsequence

Low P robability

H igh C onsequence

H igh P robab ility

C R ITIC A L

TH R EATS

LO W

Low C onsequence

Low P robability

M IN O R

TH R EATS

Low C onsequence

H igh P robab ility

Con

sequ

ence

s PR IO R ITIZE TH R EATS

0 Probability 1

29

Managing diverse IT infrastructures

30

New service models

• Managing the shortage of skilled IT workers

• Reduced time to market

• The shift to 24 x 7 operations

• Favorable cash flow profiles

• Cost reduction in IT service chains

• Making applications globally accessible

31

P u r c h a s e v e r s u s S u b s c r i b e C a s h F l o w s

C h a p t e r 7 F i g u r e 7 - 1

S o u r c e : A p p l e g a t e , L y n d a M . , R o b e r t D . A u s t i n , a n d F . W a r r e n M c F a r l a n , C o r p o r a t e I n f o r m a t i o n S t r a t e g y a n d M a n a g e m e n t . B u r r R i d g e , I L : M c G r a w - H i l l / I r w i n , 2 0 0 2 .

+

P u r c h a s e a n d I n s t a l l a t i o n B u y s o f t w a r e H i r e c o n s u l t a n t s I n s t a l l a n d T e s t

CUTOVER

B e n e f i t s B e g i n T o T r e n d U p ( i f p r o j e c t i s s u c c e s s f u l )

C o s t s S t a b i l i z e a t M a i n t e n a n c e L e v e l

PU

RC

HA

SE

_ T i m e

SU

BS

CR

IBE

S t a r t u p F e e

S u b s c r i p t i o n F e e s

T i m e

I m m e d i a t e B e n e f i t s ( i n f r a s t r u c t u r e a l r e a d y i n p l a c e )

+

_

32

Risk through incremental outsourcing

• Incremental outsourcing example: hosting– Categories of hosting models

• Colocation hosting• Shared hosting• Dedicated hosting

– Dedicated hosting subcategories • Simple dedicated hosting• Complex dedicated hosting• Custom dedicated hosting

33

C h a p te r 7 T a b le 7 -1

L e v e ls o f S e r v ic e fr o m H o s t in g P r o v id e r s

Level of Serv ice

D escription of Serv ice

Bu siness op erating serv ices

A d m inistering and op erating an ap p lication.

A p p lication su p p ort serv ices Su p p ort for softw are abov e the op erating sy stem lev el; ap p lication su p p ort; ap p lication p erform ance m onitoring and tu ning; d esign of ap p lications for scalability , reliability , secu rity .

P latform serv ices Su p p ort for hard w are, op erating sy stem ; reboot serv ices; d ata backu p and d isaster recov ery serv ices; U RL m onitoring.

N etw ork serv ices C onnectiv ity w ith in the facility and externally to the p u blic In ternet and to p riv ate p eering netw orks; m onitoring of netw ork traff ic at the transp ort lay er; serv ice lev el assu rances at the p acket loss and netw ork av ailability lay er; netw ork secu rity .

Real estate serv ices (low est lev el) Su itable fl oor sp ace and p hy sical facilities; m aintenance of the sp ace and facilities

S o u rc e : A p p le g a te , L y n d a M ., R o b e r t D . A u s tin , a n d F . W a rr e n M c F a r la n , C o r p o r a te In fo r m a tio n S tr a te g y a n d M a n a g e m e n t . B u rr R id g e , IL : M c G ra w -H ill / Irw in , 2 0 0 2 .

34

Summary Grid for Comparing Hosting Providers

Chapter 7 Table 7-2

Com parison D im ension

Provider 1 Provider 2 Provider 3

Com p an y Descrip tion

Region al h ostin g and broad band p rovid er (backbone, DSL) serv ice p rov id er

N ation al hostin g serv ices p rov id er

Region al telco, backbone, broad band serv ice p rov id er

Em p loyees 1600 3300 28,000 Fin ancial Profile Declined to p rovid e

(p rivate com p any) After tax loss $180 m il on sales of $600 m il; stron g cash p osition ; new facilities bu ild ing offered as exp lanation for lack of p rofitab ility

After tax p rofit of $1.1 billion on sales of $13 billion (m ost not from h osting bu siness).

N u m ber of Data Cen ters M anaged / Total Squ are Feet

3 d ata cen ters, 160,000 sq. ft.

28 d ata cen ters, 1.6 m illion sq. ft.

5 (2 op eration al), 220,000 sq. ft. (45,000 op erational)

Sp ace offered (RFP sp ecified sp ace for six racks of equ ip m en t)

3 8’x8’ cages (192 sq ft), p artitions rem oved to p rovid e con tigu ou s sp ace

3 8’x7’ cages (168 sq ft), p artitions rem oved to p rovid e con tigu ou s sp ace

280 sq ft enclosed room

Physical secu rity Fu lly m eets requ irem en t

Fu lly m eets requ irem en t

Som e concerns (see notes from site v isit)

Pow er Fu lly m eets requ irem en t


Con nected to on ly one p ow er grid ; tw o p rom ised w ith in 6 w ks

Con nectiv ity Fu lly m eets requ irem en t


N ot red u nd an t to backbone; p rom ised red u nd ancy in 6 w ks

Serv ice Level Gu aran tees



Partially m eets requ irem en t

One-Tim e Setu p Cost, Sp ace

$6500 $7800 $10,800

M on th ly Sp ace Ren tal

3 X $6500 3 X $6800 $9,800

One-Tim e Setu p Cost, Connectiv ity

$1200 $1500 $1600

Variable Con nectiv ity Cost

$1200 p er m on th p lu s $525 p er m on th for each m bp s above 10



Source: Adapted from Robert D. Austin, "Selecting a Hosting Provider." Harvard Business School Exercise No. 601 -171. Although based on real

cases, this data is fictitious and does not pertain to any real hosting provider.

Documents

1 IS 8950 Managing Network Infrastructure and Operations