|
|
Master Plan Master Plan Phase I Evaluating OSS Solution Areas
| Evaluating OSS Infrastructure Solutions |
|
|
Infrastructure Solutions are a critical and fundamental aspect in today’s IT environment. They support an agency’s IT functions in the conduct of its operations and encompass primarily basic services which are leveraged upon by other applications in the environment. In addition, such solutions play an important role in interconnecting IT systems together and enhance network related functions for better interoperability. In order to interoperate with the various other applications in the environment, it is crucial that a common communication standard be followed. These standards would fall either in the proprietary or open standard category. Proprietary standards, while useful in simplifying communication between a software vendor’s (and its partners) products, may not readily apply to most infrastructure solutions. The reason for this is that many infrastructure solutions are required to communicate with a myriad of other applications, many of which may not be under the control of the agency’s IT environment. In order to meet this requirement, organizations such as the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF) have defined open standards (e.g. SMTP, HTTP, LDAP, TELNET, NFS, etc.) that have been widely adopted by the industry. These open standards promote the interoperability between various infrastructure software and applications.
Infrastructure BenefitsIncrease productivity and efficiency Agencies that operate using manual tasks today (e.g. manual printing and file sharing using removable disks, hardcopy memos, etc.) can increase productivity of their staff by allowing them to perform them electronically. For example, deploying a mail server would allow staff in the agency to send messages and memos much quicker and cheaper than if they were to distribute them in hardcopies. Enabling online technology The advent of online technologies such as the internet has brought about the proliferation of communication between users and organizations. Web servers, news groups and forums allow agencies to disseminate information quicker and to a broader mass of people. Communication tools such as instant messaging and voice over IP have introduced quicker and cheaper ways for users to get in touch with each other. Enhance network security As more and more organizations and users connect online, so does the threat of malicious network attacks increase. Thus, there is a growing need for agencies to be vigilant on the security of their network and systems. Infrastructure solutions such as firewalls, intrusion detection sensors and antivirus applications help protect agencies from such threats. OSS Infrastructure ComponentsInternet Servers Solutions which enhance user communication over the network fall into this category. Examples are as follows: Web Servers Serves content on pages accessible via a generic web browser. Traditionally, web servers started with the ability to serve up static web pages only. As technology advanced, web server development included capabilities to serve dynamic web pages based on user input or particular functions. A host of different programming languages (e.g. ASP, CGI, JSP, etc.) has been defined and many have seen widespread use over the internet. The OSS web servers available today support most of the popular programming languages. Examples of OSS alternatives are Apache, Tomcat, Jserv, ObjectWeb Jonas, JBoss and AllegroServe. Mail Servers One of the primary uses of the internet during its birth was the sending and receiving of electronic mail (e-mail) by individuals. Mail servers are the infrastructure solution components which support this function. The primary role is to relay and/or store e-mail messages through the networks. OSS implementation of mail servers has been very successful with some solutions supporting millions of users. Examples of OSS Mail servers are qmail, sendmail, SquirrelMail, Courier and Postfix. Domain Name Servers (DNS) The underlying protocol of the internet and most networks today is TCP/IP. The concept used for addressing servers with this protocol are IP addresses which are either the legacy IPv4 (e.g. 203.188.3.44) or newer IPv6 (e.g. 203.173.23.89.183.111). Unfortunately, this addressing scheme is not user friendly as it is often difficult to remember servers solely by their IP addresses. DNS solves this problem by providing user friendly hostname translation (e.g. ) to IP address translation removing the need for users to remember the IP addresses. One example of an OSS DNS is the Berkeley Internet Name Domain (BIND) and has been so successful that it is used by many of the root internet DNS. File Transfer Protocol Servers One of the early network protocols, File Transfer Protocol (FTP) was developed to transfer files across networks. It requires two components, a client which downloads the file and a server which acts as a repository for files. Most operating systems today come with an FTP client built in. Examples of OSS implementations of FTP servers are wu-ftp and vs-ftp. Back office Servers Solutions which agencies require to provide basic IT services to users. Examples are as follows: File & Print Servers File and print servers act as a common repository of files for users or computers as well as enable users to print to remote printers. Typically, implementations of these servers reside within the same LAN as the clients. The protocol used differs depending on the operating system used. For example, Windows based servers use SMB as the native file sharing protocol while UNIX/Linux servers use NFS and lpr/CUPS as the protocol of choice. Samba is an example of an open source software that seeks to promote compatibility of UNIX/Linux file and print servers with native windows clients by adhering to the SMB protocol to make connectivity transparent to users. Database Servers These servers act as a repository of data that applications would use to write to and extract information from. Databases have evolved from simple hierarchical databases to the more complex relational databases seen today. Examples of OSS implementations of relational databases are MySQL and PostgreSQL. Lightweight Directory Access Protocol (LDAP) Servers Some applications (e.g. email servers, authentication servers, etc.) spend more time performing database or directory lookups than writes. Thus, the LDAP was created to answer the need for a specialised protocol that was extremely efficient in performing a directory lookup. LDAP servers would hold the directory information and answer queries made to it by the LDAP client. OpenLDAP is an example of an open source LDAP server and client. Web Proxy Servers Proxy servers play as a dual role both as a caching server and as a gateway server. These servers are deployed with policies to enable control over the websites that groups of users can access. Additionally, the caching feature would reduce load on the internet link as locally cached pages would be presented to the user’s web browser by the web proxy server as opposed to the web request going through the internet. SQUID is the most popular open source web proxy server. Security Servers These solutions enhance network security and provide agencies with a certain level of protection against malicious network attacks. Examples are as follows: Firewalls The primary function of these servers is to filter traffic occurring between networks. Firewalls are placed in strategic locations in the network to create segments for which individual sets of traffic policies can be defined. The firewall would use these policies to determine if the traffic should be allowed through. SINUS is an example of an open source firewall while Iptables and Ipchains are built into the Linux kernel and offer some basic firewalling functions. Intrusion Detection Sensor (IDS) While firewalls control traffic coming into and out of a network, IDS functions to monitor traffic within a particular network segment to detect malicious activity. These are typically deployed on critical network segments and appropriate alerting functions activated so that system administrators receive warnings in a timely manner. An example of an OSS IDS is Snort. Infrastructure Success FactorsStandardization of software Where possible, agencies should standardize the infrastructure solution deployed throughout its IT environment. The reason for this is that infrastructure solutions, by its nature, tend to be great in number within any agency or organization. The standardization to a single solution will ease the burden on system administrators to manage different types of software performing the same functions. Technical Feasibility Check Before finalizing on the solution, a technical feasibility check should be performed. This should involve the existing system administrators and engineers designing the solution. The check would highlight any interoperability issues and would ensure a smooth deployment. System administrator training System administrators must be thoroughly trained in the new solution including the knowledge to maintain the solution if a specific vendor is not identified to support the agency. This would include software updates, security patches and bug fixes. Identification of source for signature updates This is crucial for the implementation of OSS security tools within an agency. The source and method of signature updates must be acceptable to the agency’s risk management strategy. Additionally, the tools must comply with the agency’s security policy. Implementation plan A detailed implementation plan should be in place in order to ensure smooth transition to the new production environment. This should involve downtime avoidance/contingency plan, hardware and OS deployment plan, user data migration plan, Application Migration plan, etc. |
