New MOBILE INFRASTRUCTURE · 2019. 6. 16. · Module 1: Front Ends and Back Ends mGovernment 17 DMZ: The acronym DMZ stands for DeMilitarized Zone. It is a term borrowed from the

MOBILE INFRASTRUCTUREInstructor Guide

fIT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide

mGovernment 4

CONTENT

This module starts a series that describe how the traditional IT Infrastructure is

impacted by the introduction of mobile services.

THEMES

• Architecture.

• Accessed through the web browser

• Deployed over Internet

• Can develop/design one application for all platforms

• A cross-platform mobile application

• Provides uniformity across all platforms

• Near-instant updates

• Updates to the application are actually updates to the website,

happening on the back-end

Introduction

SDLC: Service Delivery Lifecycle

GLOSSARY

mGovernment 5

Module 1: Front Ends and Back Ends

Front Ends And

Back Ends

f

LEARNING OBJECTIVES

IT Infrastructure for mGov: Enabling IT Professionals to Support mGov / Instructor Guide

mGovernment 6

CONTENT

This module first explains the differing perspectives of front and back ends,

second to learn the terminology of an IT infrastructure. The IT infrastructure is

impacted by the migration to mobile government services in important ways

that will be discussed in this and the follow-on modules of instruction.

This module has three objectives:

1. Define the Front End and the Back End from the traditional perspective and

from the perspective of the mobile app developer.

2. Convey the message that while there are differences in perspective that the

two need to work together

3. Define at a high level key other key aspects of the IT Infrastructure:

Load Balancing, Storage and the DMZ.


mGovernment 7

Front End: Traditionally the “front end” is comprised of the servers (file, web,

application) in the data center. However, the application developers think of the

mobile devices as the “front end” and the entire data center as the back end.

Back End: Traditionally the data storage servers. However, the application

developers think of the entire data center as the back end.

DMZ: In this context, the Demilitarized Zone or DMZ is a part of the IT

Infrastructure where web servers are traditionally placed. It is delineated by one

or more firewalls positioned outward facing to the Internet and inward facing to

protect the internal IT infrastructure.

GLOSSARY

• Define the terminology of “front end” and “back end”…

• And the differing points of view.

• Define some of the components that make up the IT Infrastructure.

• Front End and Back End Components.

• And the impact that the transition to mobile services has on this

infrastructure.

Objectives

f

LEARNING OBJECTIVES


mGovernment 8

CONTENT

In the data center point of view, the terms front and back end have traditionally

referred to the servers such as web application servers as being the “front end”

and the storage as being the “back end.” Application Developers, however, have

a different perspective for these terms.

In their point of view, the “front end” is the smart device (smartphone or tablet)

where the application is running as the front end and the entire data center as the

“back end.” This difference of perspective has the potential to drive inconsistent

design considerations at a minimum.

It is important that these differences be resolved in the migration from the more

traditional eGovernment to the new mGovernment services architecture.

1. Convey the concept that “front end” and “back end” take on different

meanings depending on perspectives.

2. Establish the need to resolve this inconsistency in perspectives.


mGovernment 9

Perspectives: Front End or Back End?

Data Center

Application Developers

Front EndBack End

IT Systems & Network Staff

Front EndBack End

Data Storage Data Servers Mobile Devices


mGovernment 10

Front End: Traditionally the “front end” is comprised of the servers (file, web,

application) in the data center. However, the application developers think of the

mobile devices as the “front end” and the entire data center as the back end.

Back End: Traditionally the data storage servers. However, the application

developers think of the entire data center as the back end.

GLOSSARY

• The terms “Front End” and “Back End”:

A. Have different meanings depending on the differences of perspective

between the traditional data center staff and the application developers for

smart mobile devices. (correct)

B. Remains the same in mobile services (mGov) as it was for web based

services (eGov)

Test Questions


mGovernment 11

Perspectives: Front End or Back End?

Data Center

Application Developers

Front EndBack End

IT Systems & Network Staff

Front EndBack End

Data Storage Data Servers Mobile Devices

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 12

CONTENT

A server in the simplest definition is a computer that serves information. The

term server can be used interchangeably for the hardware or a service. It differs

in the context of the discussion.

Specialization of servers (or services) has been the trend. Today we have web

servers, file servers, database servers as three examples. They are configured

with respect to amount of memory, CPU capacity and other features of the

server. The configuration is sized on the needs of the organization that is using

them and the role or operational requirement.

In the transition from electronic or eGovernment to mobile or mGovernment

services the role of servers will continue the trend to greater specialization. An

example of this is servers for video or those configured for processing a large

volume of online transactions.

• This slide is one of several slides that start to define the full range of

components that make up an IT Infrastructure. The server is introduced in

the context of the transition to mobile services.

• Situational Awareness: Be mindful of putting this series of slides in the

context of mobile services as they will apply to the UAE Smart Government

Initiative.

1. Introduce the servers as essential elements of the mGovernment

architecture.


mGovernment 13

GLOSSARY

Server: A server is a computer that serves information.

• “A computer which serves information”

• The term “Server” can be used interchangeably

• As Hardware or as a Service

• The difference is in the context of the discussion

• Discussed as network assets or as functions

• Specialization increasing

• Web server, Database server, File server

• One per role, or many roles on one device

• Organizational and operational requirements

• Mobile will continue the trend towards specialization

Front End - Servers

• Servers are all the same and the only option left to the IT operations is

deciding how many to put in place.

a. True

b. False (correct)

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 14

GLOSSARY

Load Balancing: Load balancing is the technique to allow for an even

distribution of traffic and other resources (such as memory and CPU). It is a

network management technique.

CONTENT

Load balancing is necessary to evenly distribute the resources to the demand

such as online transactions or video. It works much like traffic police.

Load balancing not only helps keep the system load evenly distributed, but also

serves when conducting maintenance updates without taking down the service.

In this diagram the load balancer is operating as an “intelligent switch” gathering

network diagnostics data about the connections status of the destination servers

and routing the traffic based on established capacity metrics.

Traffic to a server that is starting to reach capacity may be routed to the other

servers to share the load.

• This slide is one of several slides that define the full range of components

that make up an IT Infrastructure. The load balancer is introduced in the

context of the transition to mobile services.

1. Introduce the concept of load balancing as an essential element of the

mGovernment architecture.


mGovernment 15

• Traffic & resource management.

• Like a traffic police.

• Maintenance without taking the apps offline.

Front End – Load Balancing

Internet

• Load balancing is a technique to: (Pick all the apply).

a. Balance network traffic [Correct]

b. Balance server loads [Correct]

c. Balance network routes [Correct]

d. Balance user demand

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 16

CONTENT

The DMZ is an essential component of any modern-day IT network architecture.

DMZs are typically served by one or more firewalls.

On the inside of the DMZ organizations place web servers for the purpose of

being accessible to anyone with a web browser.

These same servers can serve as the gateway to information stored in databases

on the inside of the network.

In mobile government services one can expect this interflow of information

to increase making it more essential for this flow to have the proper security

controls.

And there are other reasons such as the creation of compartments called

enclaves of information processing. It is general rule that if it does not need to

respond to the Internet, then don’t put it in a DMZ.


that make up an IT Infrastructure. The DMZ is introduced in the context of

the transition to mobile services.


context of mobile services, as they will apply to the UAE Smart Government

Initiative.

1. Introduce the concept of the DMZ as an essential element of the

mGovernment architecture.


mGovernment 17

DMZ: The acronym DMZ stands for DeMilitarized Zone. It is a term borrowed

from the military and applied to describe a security border zone allowing for the

exchange of information with outside networks while protecting the internal

network resources.

GLOSSARY

• Separates your network from the internet for security.

• Separates services by function (example: web, email).

• Good Rule: If it doesn’t need access to the internet, don’t put it in a

DMZ.

Front End – The DMZ

Internet

FIREWALL

FIREWALL

Your Network DMZ The World

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 18

CONTENT

A SAN is a dedicated part of the network for the storage of data. The actual

storage devices can be tape, disk or optical. They are typically put in place for

organizations with a need for keeping large volumes of data.

SANs are expensive, complex and require a high degree of planning, administration,

monitoring and maintenance to ensure proper operation.

They are also designed for ease of adding, removing or reassigning storage space

with security controls to protect the data.

SANs are particularly attractive for organizations that will rapidly expand the

volume of data that is collected. These increases will likely come from the growth

in the use of video and image data as is expected with the transition to mobile

services.


that make up an IT Infrastructure. The SAN is introduced in the context of

the transition to mobile services.• Situational Awareness: Be mindful of putting this series of slides in the

context of mobile services, as they will apply to the UAE Smart Government Initiative.

1. Introduce the concept of the Storage Area Network (SAN) in the IT

architecture.

GLOSSARY


mGovernment 19

SAN: The acronym SAN stands for Storage Area Network. A SAN is a dedicated

and specialized piece of hardware for the storage of large volumes of data. SANs

store the data in data blocks – not in the file system format.

• Very complex, expensive.

SANs are entire systems unto themselves which require planning,

administration, monitoring and maintenance to properly operate.

• Very scalable, manageable.

• Simple to add/remove/reassign storage space.

• Security controls exist to protect data on shared hardware.

Back End - Storage Area Network (SAN)

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 20

GLOSSARY

CONTENT

NAS: The acronym NAS stands for Network Attached Storage. A NAS is a

dedicated and specialized server for the storage of data. It differs from a SAN in

various respects but primarily that it stores the data in file formats as opposed

to blocks of data.

A NAS is another type of data storage specialization inside of the network.

Typically used in smaller enterprises than its larger cousin the SAN, a NAS is

networked in logical, redundant storage containers called RAID (Redundant Array

of Independent Disks).


that make up an IT Infrastructure. The NAS is introduced in the context of the

transition to mobile services.

• Situational Awareness: Be mindful of putting this series of slides in the context

of mobile services, as they will apply to the UAE Smart Government Initiative.

1. Introduce the concept of the Network Attached Storage (NAS) in the IT

architecture.


mGovernment 21

• Less complex, less expensive.

• Operates as an extension to a

server(s) meant for sharing files

across a network. Stores data

in a file system (unlike SANs).

The application server sees the

NAS as just another file server.

• Scalable, manageable but for

smaller IT operations.

• Simple to add/remove/

reassign storage space by

clustering.

Back End - Network Attached Storage (NAS)

• Security controls exist to

protect data on shared

hardware.

• The IT infrastructure to support mGov services can include: (Pick all that

apply)

A) Load balancing for servers and network traffic throughput

B) Data storage such as Storage Area Networks (SAN) and Network Attached

Storage (NAS)

C) Servers inside of a DMZ dedicated to support the mobile apps. (all correct)

Test Questions


mGovernment 22

CONTENT

The Objectives of this module were to understand the differing perspectives

that exist between the traditional data center view and the view of mobile

app developers. We defined the terminology and how the migration to mobile

government services starts to change the traditional view of the IT infrastructure.

We also established the importance of other aspects of this expanding mobile

IT Infrastructure architecture including the DMZ and the specialized storage to

handle the growth of data.

mGovernment 23


• Define the terminology of “front end” and “back end”…

• And the differing points of view.

• Define some of the components that make up the IT

Infrastructure….

• Front End and Back End Components.

• And the impact that the transition to mobile services has on this

infrastructure.

Review of Objectives

mGovernment

It is now time to review your knowledge

of this material

QUIZ

24


mGovernment 25

fModule 1: Front Ends and Back Ends

Quiz – Question 2

Quiz – Question 1

1. A DMZ is a security zone allowing for the exchange of

information to outside networks while protecting the internal

network resources. It will still be as important or more so in a

mobile IT infrastructure.

a. True [Correct]

b. False

2. Back-end Data Centers: As more mobile users come online

using newly deployed mGov applications, resource demands in

the back-end datacenters will:

a. Decrease

b. Remain the same

c. Increase [Correct]

End of Module


mGovernment 28

CONTENT

This module introduces three different types of data center services and the

idea that mobile government services will have an impact on the selection and

design decisions.

THEMES

• Architecture.









Introduction


GLOSSARY

mGovernment 29

Module 1 : Front Ends and Back Ends

Data Centers

Module 2: Data Centers

f

LEARNING OBJECTIVES


mGovernment 30

CONTENT

This module identifies the types of data centers with respect to degree of control

and establish how mobile changes the direction from owning to sharing the data

center resources.

This module has two objectives:

1. Identify the types of data centers with respect to degree of control

2. Establish how mobile changes the direction from owning to sharing or

outsourcing the data center resources


mGovernment 31

• Define three types of data center services.

• Define the advantages and disadvantages to the different choices.

• Convey the idea that these choices will be influenced by the move

to mobile services.

Objectives

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 32

CONTENT

The internally owned data center is defined by complete ownership of all the

assets, the building facility, the equipment and the data. Because control rests

entirely with the owning organization the security, both the physical plant and

the logical (IT System) can be managed entirely by the internal organization with

no restrictions. This type of data center is the most expensive and can include

the costs for the facility itself, all the utilities, fuel for the generators, and the

personnel costs including training.

• This slide is the first of several slides that define the types of data centers

with respect to who controls the assets and at what cost.

1. Define the Internal On-Site type of data center.


mGovernment 33

You own the building, equipment and data.

Very Secure

• Strict access control to building.

• Many layers protecting assets.

• Network security controls/configuration.

Very Expensive

• Facility: Electricity, Heating, Ventilation, Cooling

• Fuel for generators.

• Personnel: you manage the people, train them.

Internal On-Site

• Internally Owned Data Centers are the least expensive model between the

three model types that were presented.

A) True

B) False (correct)

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 34

CONTENT

The Hosted or Co-Lo data center is defined by a shared ownership of the assets.

In this type of arrangement the facility and associated utility such as electricity

costs are owned by the owner of the building.

The equipment such as the servers and racks and the data is owned by the

organization that is leasing the space. Control is established in a contractual

agreement. The physical security rests with the data center facility owner but

can be a shared responsibility.

The logical or network security is typically shared by defining network ownership

boundaries. This type of data center is the middle of the road in terms of expense.

• This slide is the second of several slides that define the types of data centers




Initiative.

1. Define the Hosted, also known as Co-Located type of data center.


mGovernment 35

Someone else owns the building and the equipment

Data remains with you.

Moderate Security

• Physical access controls at various levels

(facility, building, cage, rack).

• Government customers have limited control.

• Network access controls exist but only to a degree.

• Government customers have limited network control.

• Moderately Expensive.

• Leased space, electricity.

Hosted Co-Located

• Hosted Co-Located Data Centers can give a government client:

A) No physical access control. It is typically not allowed for the government to

have any physical access to audit its servers in a co-located model

B) A degree of physical access control that can be negotiated up front with

the Data Center Provider [Correct]

C) Free access to the data center with no limits since it is the government

that is the client.

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 36

CONTENT

In this model designated as “The Cloud” or “X as a Service” the data center is

defined by an arrangement where all the assets with the exception of the data

are owned by the service provider and provided on a leased basis to clients. The

three types of Cloud Models are Public, Private and Hybrid.

In the Public Cloud type arrangement physical security control is entirely under

the control of the data center Provider with little to no ability for the government

to audit or exercise any influence.

The data and network security is typically shared by defining network ownership

boundaries. This type of data center is the least expensive and flexible for getting

started.

• This slide is the third of several slides that define the types of data centers




Initiative.

1. Define the Cloud, also known as X as a Service where X can stand for

“Intrastructure, Platform, or Software” type of data center


mGovernment 37

Provider’s building and equipment, Your data

Difficult to assure security.

• No physical access control by the government.

• Government customers may not even be allowed entry.

• No ability to control the equipment that runs the apps.

• Maintenance windows, decommissioning, security of data on

storage devices, etc.

• Least expensive model

• Leased space, equipment, staff.

The Cloud - XaaS


mGovernment 38

GLOSSARY

Cloud XaaS: This term is used to describe architecture of shared services where X

is meant to denote Platform, Infrastructure, Software, Security or other emerging

designations. The term cloud is an IT industry term intended to convey the idea

that the data center is a leveraged (shared) asset and is also typically (not always)

associated with the use of virtualization. There are various use-cases of cloud

including Private, Public and Hybrid.

• Cloud XaaS Data Centers can give a government client:

A) A high degree of flexibility with respect to being able to conduct physical

and logical security audits. Cost is in the middle range between the three

types of data center models.

B) A very limited to no degree of flexibility with respect to being able to

conduct physical access audits. Depending on the agreement, logical security

controls can be a shared responsibility. Cost is in the least range between the

three types of data center models. [Correct]

C) The best of all the needs: full access control and least expensive.

Test Questions


mGovernment 39

Provider’s building and equipment, Your data

Difficult to assure security.

• No physical access control by the government.

• Government customers may not even be allowed entry.

• No ability to control the equipment that runs the apps.

• Maintenance windows, decommissioning, security of data on

storage devices, etc.

• Least expensive model

• Leased space, equipment, staff.

The Cloud - XaaS

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 40

CONTENT

In this decision matrix aid we begin with a series of questions about security

control and cost in the left most column arrayed against the three types of

choices from Internal to hosted to cloud.

In the last row the table provides respective examples of each of these three

types of data centers. An organization opting for least cost with low concern for

security would be best suited to a cloud type of data center.

On the other extreme where security control is paramount and cost is not a

major consideration then the Internally owned option suits best. The middle

option is the tradeoff where both security and cost are concerns but can be

provided in a shared arrangement.

• This slide is the fourth of several slides that define the types of data centers




Initiative.

1. The decision matrix is provided as an aid for IT decision-makers on selecting

the type of data center for hosting the IT services.


mGovernment 41

Decision Matrix Aid

• Using the data center selection decision aid is intended as:

A) A formula for picking the right kind of data center that fit your organiza-

tion’s needs and budget.

B) A way to organize the analysis process for help in deciding your organi-

zations needs and budget. There may be other considerations to take into

account needed in making the decision (Correct)

C) Is only a theoretical analysis and cannot be applied in making real-world

decisions

Do I Need To Internal / On-site Hosted / Co-located “The Cloud” / IaaS

Own the building? Yes No No

Own the equipment? Yes Yes No

Have Direct Security Control? Yes Yes Yes

Have Physical Access? High Moderate Low

Lower My Cost? High Moderate Low

An Example Ministry-owneddata center

Leasing data center from Etisalat/Du

Amazon Web Services

Test Questions

f

LEARNING OBJECTIVES


mGovernment 42

INSTRUCTOR GUIDANCE

CONTENT

The migration to mobile services parallels the trend to decentralization of control

where cost and other considerations push to a shared model as previously

described. This table lists the different types of data considerations that IT

decision makers should ask: “where is my meta-data, my multimedia data, etc.

One can readily see that the three different types of data centers follow from

a situation of greater control when you own the data center assets to one of

less control when the data center is a leased service arrangement as is found

with public clouds. Data location and data control are essential elements for

consideration in making these data center decisions especially with mobile

services. Note that in the last row there is a different kind of consideration with

respect to compliance. In this case the compliance is for security policy. In the

cloud data center model security compliance can become a challenge.

• This slide is the last of several slides intended to highlight the question of

control in a decentralized IT architecture. Knowing where the data is going

to be kept and establishing strong audited rules is needed to stay compliant

with national laws.


context of mobile services, as they will apply to the UAE mGov Initiative.

1. In the continuing trend towards decentralization of control and geographical

location for outsourced services, there is a growing question about where the

data actually resides. National laws often make requirements for data to stay

inside the political boundaries of the country. This slide briefly touches on this

subject.


mGovernment 43

Where’s My Data?

Internal / On-site Hosted / Co-located “The Cloud” /

XaaS

Metadata Yes Yes, but… Depends

Multimedia Data Yes Depends Depends

The App Yes Depends Depends

Security Data N/A Both Limited

System Logs? Yes Both Depends

Can I still Comply? Yes Depends More Difficult

More Control Less

• The trend to decentralized computing represented by the Cloud XaaS model

brings up data control concerns that are often written in national laws or

regulations for:

A) Just the end-user data such as database records and document type files

B) All the many types of data types including machine generated (meta-data),

and end-user (of all media type), system logs and security data. (correct)

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 44

CONTENT

With respect to the Smart Government Initiative, the choice of data center

types is made more obvious. The national program called the National Network

Infrastructure Initiative, when fully implemented, will provide a Federal Cloud

that offers both a dedicated protected network and carrier-grade data center

services for all the UAE federal entities.

It is also important to note that the mobile services is intended to be a public and

private partnership involving the carriers, app stores and other private entities.

The key advantage of the initiative is that it will provide the benefits of a cloud

service while still keeping the assets described earlier under UAE government

control.

• This is the last of the slides that describe the choices between the three

different types of data center models. In this slide the student is introduced

to a program called the National Network Infrastructure Initiative. When fully

implemented, this initiative will provide a federal cloud with both a dedicated

protected network and data center services for federal entities.



Initiative.

1. To relate the data center alternatives to the topic of mobile and smart

government.


mGovernment 45

• National Network Infrastructure Initiative.

• Will be much like a Federal Cloud.

• Provides the MPLS Network for federal entities.

• And data center services.

• Not planned for Local entities at this stage.

• Also a partnership with the Carriers, App Store providers, many

others.

• Co-Lo, IaaS, PaaS, SaaS can all apply in the future.

• Key Advantage: will keep the data inside the government and inside

your own borders.

Applying this to Smart Government

• The National Network Infrastructure Initiative once deployed is intended to be:

A) A Public Cloud available to all government entities that will keep costs

down as the primary consideration

B) A Private Cloud data center model available to the Federal Entities to pro-

vide a shared but protected environment for government entities to host their

servers in support of the Smart Government Initiative. [Correct]

Test Questions


mGovernment 46

CONTENT

The objectives of this module were to understand that data centers continue

to play an essential role. There are choices to be made with respect to degree

of control going from internal to the cloud models. It is clear that mobile

computing services will likely drive solutions that employ more outsourced

assets. Typical enterprise IT activities like asset management, access control

become significantly more challenging in these less centralized models of data

center usage. The coming deployment of the National Network Infrastructure

Initiative was also introduced to provide a government private cloud.

mGovernment 47


• Define three types of data center services.

• Define the advantages and disadvantages to the different choices.

• Convey the idea that these choices will be influenced by the move

to mobile services.


mGovernment


of this material

QUIZ

48


mGovernment 49

fModule 2: Data Centers

Quiz – Question 1

Quiz – Question 2

1. Data center services are generally categorized in the

following way: (Pick all that apply)

a. Internal On Site where the organization owns and manages

the data center facility and its information systems. (correct)

b. Google Cloud provided by Google

c. Hosted / Co-Located where a separate company provides

the facility and you, the client own the servers, the applications

and the data on the servers. (correct)

d. The Cloud (Infrastructure as a Service) where the facility,

the application and the servers are all owned by another party

(other than your organization) but the data remains yours.

(correct)

2. The National Network Infrastructure Initiative is expected

to be the central provider of a federal level network and data

center services when operational.

a. True (correct)

b. False

End of Module


mGovernment 52

CONTENT

This module introduces several topics that touch on the expected growth on the

demands of the IT Infrastructure that come with mobile services.

THEMES

• Scalability.









Introduction


GLOSSARY

mGovernment 53


Scaling for

Growth

Module 3: Scaling for Growth

f

LEARNING OBJECTIVES


mGovernment 54

CONTENT

This conveys the idea that the migration to mobile services will create additional

IT Infrastructure demands,

Explain that the IT Infrastructure growth can be managed with existing concepts

of scaling such as high availability and load balancing


1. Convey the message that mobile services will create additional IT

Infrastructure demands

2. Explain that some of the IT Infrastructure growth can be managed with

existing concepts of scaling such as high availability and load balancing

mGovernment 55


• Recognize that mobile will create additional IT infrastructure de-

mands.

• Mobile services can be managed with scaling, HA, Load Balancing.

• Services need to be prioritized for criticality.

Objectives

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 56

CONTENT

GLOSSARY

Host Scaling: adding sufficient “hosts” (servers) to a “scale” (quantity) needed

for the operations (like processing video streaming requests. Hosts can be

added as physical devices (physical servers) or as virtual machines (virtual

instances of a server) to support heightened demands. The idea is to “scale”

the number of servers to the circumstances…never having too many or too few.

Servers are the computers that host applications and data. They can be added

as physical devices (physical servers) or as virtual machines (virtual instances of

a server) to support the system demands. The idea is to “scale” the number of

servers to the circumstances where the system resources match the demands.

IT operations need to be able to adjust according to this demand and to know

the indicators when the system resources are insufficient to the demand. One

such indicator is called Thrashing.

• This slide is one of several slides that define the concepts of scaling in the IT

Infrastructure.

1. Define the concept of servers and services.

mGovernment 57


Host Scaling

• When do we need more servers?

• What are we serving?

• Thrashing

• How do we add servers?

• Physical

• Virtual

Scaling Servers and Services

• This slide identifies two ways to add servers. These are:

A) Physical [Correct]

B) Virtual [Correct]

C) Call Amazon

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 58

CONTENT

• This slide is the second of several slides that explain key concepts in the IT

Infrastructure impacted by mobile services.



Initiative.

1. Provide use case examples why scaling in mobile services becomes necessary

with the growth in data demands.

When are more servers needed to meet demand? That is a question that every

IT operation should ask as part of the planning process. Planning in this case

means anticipating the need prior to facing a crisis where the system resources

are exhausted and you are facing a potential system outage. The answer is often,

“It Depends.” In the migration to mobile services we can anticipate a growth in

the demand for multimedia such as images or videos. This trend is clear. A large

number of mobile applications launched from smart phones such as can occur

in registering for services like a country visa application is another example.

Whether it is a high number of video requests utilizing the system CPU and

Memory or many concurrent connections as in the visa application example, the

result may be the same – degraded system performance.

mGovernment 59


GLOSSARY

RAM: Random Access Memory

CPU: Central Processing Unit

When do we need more servers? It depends!

What are we serving?

• Multimedia (YouTube)

• Bandwidth intensive, especially for video streaming services

• Monitor resources (RAM, CPU) closely. As utilization increases,

server performance begins to decay.

• Registration sites (Visa Applications)

• Retains a large amount of session-state information

• Monitor concurrent connection thresholds. As connections

increase, so does server response time. This can cause

connections to drop.

When are they Needed?

• Some of the reasons for the expected growth in data demands and hence the

need to scale the host services are:

A) The expected rise in the use of rich media content [Correct]

B) Increased use of mobile devices for transactions such as registrations

[Correct]

C) Increases in bandwidth availability

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 60

GLOSSARY

Thrashing: A server starts to thrash when it has insufficient physical memory for

the operation.

CONTENT

In operational settings the IT staff must allocate sufficient server resources to

ensure that the servers do not get into a condition of “thrashing.” In a Thrashing

condition the random access memory or RAM is consumed to a degree that the

CPU is also consumed but with swapping data between the swap partition on the

hard drive. Once this condition has started it can be difficult to stop and often

results in a system crash.

• This slide is one of several slides that explain key concepts in the IT Infrastruc-

ture impacted by mobile services.

• Situational Awareness: Be mindful of putting this series of slides in the con-

text of mobile services, as they will apply to the UAE Smart Government Ini-

tiative.

1. Define thrashing as one indicator that system resources are being exhausted.

mGovernment 61


SOURCES

A condition when a computer is using up the CPU cycles swapping data from

memory to the swap partition on the drive.

Thrashing is a clear indicator…

• Thrashing begins when RAM resources are exceeded, and the OS

must swap data between the RAM and the page file (or swap parti-

tion).

• Thrashing usually results in an unstable system, which can cause

the system to crash.

• Once thrashing begins, it can be difficult to stop without discon-

necting from the network or rebooting.

Thrashing is One Indicator

• Thrashing represents:

A) A condition when a computer is using up the CPU cycles swapping data

from memory to the swap partition on the drive. [Correct]

B) A condition when the computer runs out of storage space.

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 62

CONTENT

Adding physical servers in operationally demanding environments (meaning

live) is a time consuming and costly activity. It often takes months progressing

through many if not all of the steps outlined here beginning with making the

purchase after defining the precise configuration and going through a bidding

process. The eight steps provided here mean that this is not a process that can

meet immediate needs. The addition of physical servers should be something

that is planned well in advance of the growth in need and sets the stage for

a conversation about adding virtual machines (VMs) in order to meet the

immediate on-demand need.

• This slide is one of several slides that explain key concepts in the IT




Initiative.

1. Describe the process for adding physical servers. This process is time

intensive.

mGovernment 63


Ways to add servers: Physical Servers

• Purchase new server hardware …wait for delivery

• Confirm delivery of all ordered parts and inventory the server com-

ponents, software

• Install in best available location in the data center

• Connect to nearest available network switch

• Configure switch ports correctly

• Install OS onto server, and application software

• Update load balancer configuration to include new server

• Update maintenance plan to include new server

This can take anywhere from three to six months (or longer)

Adding Physical Servers

• The point of this slide is:

A) To provide a process for how to order and install physical servers

B) To show that it is a long process and not suitable for immediate needs of

increased server capacity. [Correct]

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 64

GLOSSARY

Virtual Machine: A software based emulation of a computer.

CONTENT

In order to add virtual servers, the physical server farm has to be in place with

sufficient physical capacity already built in to operate many instances of virtual

machines. This means CPUs and memory. Under immediate demand conditions

when adding physical servers takes days if not weeks and months there is

another option. By using virtual machines the task of adding servers to a load is

simply one of “right click and clone.”





Initiative.

1. Describe the process of adding virtual servers.

mGovernment 65


• Ways to add servers: Virtual Servers.

Adding Virtual Servers

Right-click, “Clone”

• The point of this slide is:

A) To provide a process for how to order and install virtual servers

B) To show that it is as simple a process as point, click and clone – exactly the

purpose of this lesson demonstrating the techniques for adding serve capaci-

ty as it is needed on demand. [Correct]

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 66

CONTENT

GLOSSARY

Virtual Machine: A software based emulation of a computer

Load Balancing: This is a simple concept of distributing the traffic or computer

load among different resources. Load balancing is discussed in terms of servers,

network and applications.

The table in this slide is an example of load balancing. In this case there are twelve

virtual machines or VMs configured the same way operating on three physical

servers with the same system resources. You should ALWAYS balance according

to hardware resource utilization – not machine count! The example on the left is

one of imbalance. The example on the right is one of a well-balanced load where

the VMs are arrayed in balance across the three physical servers.





Initiative.

1. Describe the process of load balancing with virtual servers.

mGovernment 67


• Balancing Resources for Virtual Servers

• Prevents hypervisor latency

• Improves application speed

Load Balancing - Virtual Servers

BAD! GOOD!Server01 Server02 Server03 Physical

ServersServer0

1 Server02 Server03

• VM01• VM02• VM03• VM04• VM05• VM06• VM07• VM08

• VM09• VM10• VM11

• VM12

Virtual Servers

• VM01• VM02• VM03• VM04

• VM05• VM06• VM07• VM08

• VM09• VM10• VM11• VM12

• Server capacity in the datacenter may be increased by:

A) Adding physical servers to the rack [Correct].

B) Adding blades to the chassis [Correct].

C) Right click, select “clone” adding virtual servers [Correct].

D) None of the above

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 68

GLOSSARY




CONTENT

Load balancing of network connections involves using an intelligent switch that

is monitoring device connections and traffic throughput. The technique is useful

in a variety of ways from optimizing network flow to supporting maintenance or

unplanned outages.





Initiative.

1. Describe the process of load balancing network connections.

mGovernment 69


Balancing Network Connections

• Prevent server thrashing

• Improve application

Load Balancing - Network Connections

Internet

• Load Balancing is a technique that applies to: (Pick all correct answers).

a) Establishing spare offline systems

b) Servers [Correct]

c) Network connections [Correct]

d) Planning for maintenance and outages [Correct]

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 70

GLOSSARY




CONTENT

Balancing for maintenance is the practice of applying the previous two balancing

methods as a tool for supporting routine, non-emergency maintenance.

If a server needs to be taken offline for maintenance, physical or virtual, the

traffic is shifted or balanced to the other servers. This maintenance could be

for hardware (upgrade, troubleshoot, repair) or software (service packs, patches,

etc.). This same process can work for unplanned outages such as a hardware

failure.





Initiative.

1. Describe the process of load balancing for maintenance and unplanned

outages.

mGovernment 71


Balancing for Maintenance & Outages

• Maintenance – Allows taking servers down for maintenance without

taking the application down

• Outages – Allows user services to continue uninterrupted in the

event of a failure

Load Balancing – Maintenance and Outages

Internet

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 72

GLOSSARY

HA: High Availability.

RAID: Redundant Array of Independent Disks.

CONTENT

High Availability is a set of techniques to provide failover capabilities for

maintenance or unplanned outages. It can be applied at the hardware as

in the servers, at the network as in switches and at the application level. For

the hardware the typical approach is to provide RAID (Redundant Array of

Independent Disks). For the network the approach is to create redundant routes

through a virtual network interface and for applications the technique is called

“keep-alive-heartbeats.” Database log shipping is a complementary approach to

provide application level high availability.





Initiative.

1. Describe the concept of High Availability.


mGovernment 73

• Hardware HA

• RAID

• Failover Spare

• Network HA

• Redundant Routes

• Virtual Interfaces

• Application HA

• Keep-alive “heartbeats”

• Database log shipping

High Availability (HA) Concepts

• There are three forms of High Availability (HA) presented in this module. What

are they?

A) Hardware [Correct]

B) RAID

C) Network [Correct]

D) Applications [Correct]

E) Heartbeat

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 74

CONTENT

Server hardware high availability or HA is a technique that allows an active server

to be replaced by a passive (or alternate) server in the case of a scheduled outage

such as when needing to perform maintenance or for an unscheduled event as

may occur in a hardware failure. In order for the passive or alternate server to

become active it needs to have the most current state of data that the active

server had prior to going offline. To make this happen in an automated way, the

IT operations uses a technique called RAID, which stands for Redundant Array of

Independent Disks. There are several forms of RAID that can be applied. Which

form is applied depends on various factors such as the degree of assurance that

the data between the active and the passive is in a perfect mirrored state. The

typical forms of RAID that are used include:





Initiative.

1. Describe HA for hardware.


mGovernment 75

High Availability – Hardware

CONTENT

RAID – Redundant Array of Independent Disks

RAIDTYPE

STRIPING MIRROR PARITY CHECK

0 YES NO NO

1 NO YES NO

5 YES NO YES

1+0 YES YES NO

Failover Spare

RAID 0: Striping w/o parity. Minimum of 2 disks required.

RAID 1: Mirroring. Minimum of 2 disks required.

RAID 5: Striping w/ parity. Minimum of 3 disks required.

RAID 10 (1+0): Mirroring of striped (no parity) disks.


mGovernment 76

GLOSSARY

• There are three forms of High Availability (HA) presented in this module. Pick

the appropriate technology that matches Hardware HA.

A) RAID [Correct]

B) Virtual Interfaces

C) Heartbeat

Test Questions



mGovernment 77

High Availability – Hardware

RAID – Redundant Array of Independent Disks

RAIDTYPE

STRIPING MIRROR PARITY CHECK

0 YES NO NO

1 NO YES NO

5 YES NO YES

1+0 YES YES NO

Failover Spare

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 78


GLOSSARY

CONTENT

Network high availability can be applied using redundant route techniques to

provide dual network paths that in some cases can be self-aware and adjusting

- called virtual interfaces. Adding a second network interface card can achieve

this. Externally, adding a second outbound connection to the Internet is also

possible although it is necessary that the separate connections don’t have the

same point of failure.





Initiative.

1. Describe HA for the network.


mGovernment 79

Redundant Routes

• Internal

• External Connections

High Availability – Network

Server

Switch 2Switch 1


the appropriate technology that matches Application HA.

A) RAID

B) Redundant Routes

C) Heartbeat [Correct]

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 80

CONTENT

Application high availability can be applied with a technique called “Keep-

Alive-Heartbeats.” Heartbeats can be paired together in an “active/standby”

configuration as described for hardware high availability. In this example, the

“Standby” host will continually ping the “Active” host. If it does not receive a

reply, it will initiate a “self-promotion”, and assume the “Active” role.

Applying both of these high availability techniques can ensure that the system

remains online and with no down time experience by end-users.

A specialized version of high availability for database applications is called

Database Log Shipping. Log shipping between database servers is used to create

a pool of databases, which are identical to each other, and become the failover

data source in the event of a primary database outage.





Initiative.

1. Describe HA for the applications.


mGovernment 81

GLOSSARY

Heartbeats is a term used in the context of High Availability for applications

Database Log Shipping is a term used in the context of High Availability for data-

base applications

High Availability – Applications

Keep-alive “heartbeats”

Database log shipping

Server AActive

Server BStandby

Server

Standby DatabaseOne Way OnlyActive

Database

Are You There?

Switch Active


the appropriate technology that matches Application HA.

A) RAID

B) Virtual Interfaces

C) Heartbeat [Correct]

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 82





Initiative.

CONTENT

Bandwidth is also one of the other resources that need to be considered.

Unplanned peak demand and security such as a denial of service attack can

negatively impact the available bandwidth and the other IT infrastructure

resources. Planning ahead is an imperative. This is especially true in mobile

services where the trend is towards a higher use of rich media content such as

images and video. There are ways to plan ahead for these type contingencies. One

of them is to distribute web content using a service called Content Distribution

Network (CDN). A CDN works by making copies of the content and getting that

content closer to the end-user. Another way is to work with your service provider

to create contingency based burst bandwidth capabilities. In all cases think of

the user experience in planning for these types of contingencies.

1. Describe how bandwidth needs to be a critical resource consideration in

planning for mobile services.


mGovernment 83

Plan ahead – Mobile changes everything

• Rich Media

• Images and Video

• Mitigate against Unplanned Demand

• Peaks

• Denial of Service

• Multiple ways to get to the information

• Distribute the content: called distributed content network

• Get it closer to where it will be used

• Burst bandwidth

• Think of the user experience

Bandwidth as a Semi-Fixed Resource

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 84

CONTENT

This scenario is a hypothetical event that is based on real occurrences. In this

scenario a web site is introducing video downloads for the first time. The public

and journalists visit the web site to download the video of an important policy

speech. What happens when a large number of people try to download the speech

at the same time? It is fairly predictable. The demand for the video streaming

exceeds the available Internet connection bandwidth. Browsers around the world

return a “site not available” banner. The IT operations use this experience to

plan ahead for the next year by ordering a content distribution network (CDN)

service to distribute the web site content. What happens next in the story is

not as predictable but in our present day in age it should be. Many months after

the CDN capability is put in place there is a massive denial-of-service attack on

the web site. What happens? The answer is nothing. Despite a ten-fold rise in

traffic above the bandwidth allocation what users around the world continue to

• This slide is the last in the series of several slides that explain key concepts in

the IT Infrastructure impacted by mobile services.



Initiative.

1. Describe a real world example of planning ahead for contingencies involving

bandwidth availability.


mGovernment 85

CONTENT

Plan for Future Growth

in Bandwidth

• Peak Utilization

• The unpredictable

security situation

Example

Unplanned Peak

100 MBPS

Bandwidth

1 GBPS

Planned Peak

see the same web content. By planning ahead for these type contingencies both

the “normal” peak traffic and the “abnormal” denial of service attack peak traffic

are both met with a very normal user experience. This is a real world example of

what can be done to mitigate against this kind of situation that is only going to

increase as more people are connected and using mobile services.

• The purpose of this example is:

A) To explain the need to plan ahead for the coming demand (correct)

B) To recognize that in the middle of the crisis for IT resources it will be too

late to do anything (correct)

C) To show that a denial of service attack is not solvable

D) To demonstrate that video mobile services can create the same kind of

situation of peak demand overwhelming the available bandwidth (correct)

Test Questions


mGovernment 86

CONTENT

This module covered two objectives:

To convey the idea that the migration to mobile services will create additional IT

Infrastructure demands,

To establish that the IT Infrastructure growth can be managed by planning ahead

with existing concepts of scaling such as high availability, load balancing and

bandwidth contingencies


mGovernment 87

• Recognize that mobile will create additional IT infrastructure

stresses

• Mobile services can be managed with scaling, HA, Load Balancing

• Services need to be prioritized for criticality


mGovernment

QUIZ

88



of this material

mGovernment 89

fModule 3: Scaling for Growth

Quiz – Question 1

1. Thrashing is a condition: (Pick the best answer)

A) Of too many resources on the server all competing for

attention

B) That occurs when the head on a hard drive starts to spin

out of control

C) That occurs when the memory resources are exceeded

and the operating system is consumed with swapping data

between the RAM and the page file (or swap partition) on the

hard drive. [correct]

End of Module


mGovernment 92

CONTENT

This module introduces logging as an essential component of any IT Operation.

Mobile IT architectures make logging ever more important but also more

challenging.

THEMES

• Architecture.









Introduction


GLOSSARY

mGovernment 93


Logging

Module 4: Logging

f

LEARNING OBJECTIVES


mGovernment 94

CONTENT

The objectives of this module are to convey the fundamental nature of logs

in an IT Infrastructure and for IT Operations. This module covers how timing

is synchronized, Syslog, Log Servers, Log Retention and Non-Repudiation. It

closes with a discussion on how mobile impacts the operations of collecting

and maintaining logs. Lastly, a basic statement of the necessity of proper log

operations is the statement, “If it isn’t documented (logged), then it didn’t

happen.”

1. This module has two objectives:

• Describe how logs are fundamental to IT Operations

• Timing Essentials

• Syslog

• Log servers

• Log retention

• Non-Repudiation

• Examine the impact of mobile on log collection and maintenance

Module 4: Logging

mGovernment 95

GLOSSARY

• Logs are fundamental


• Syslog

• Log servers

• Log retention

• Non-Repudiation

• How does mobile impact log operations.

OBJECTIVES

Logs: To record an action. For example, to enter a record into a log file.

http://www.webopedia.com/TERM/L/log.html

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 96

GLOSSARY

Network Time Protocol (NTP): an Internet standard protocol (built on top of

IP) that assures accurate synchronization to the millisecond of computer clock

times in a network of computers. Based on UTC, NTP synchronizes client work-

station clocks to the U.S.

http://www.webopedia.com/TERM/N/NTP.html

CONTENT

The Network Time Protocol provides a common time reference to correlate

the logs from multiple sources. It is a way to synchronize all the clocks. Almost

all network devices such as servers, routers and computers have NTP and it is

available for free. There are 15 levels of synchronization called Strata. Stratum

0 is the reference clock. Each increment from 0 to 15 represents a “hop” away

from the reference. So Strata 12 is 12 hops from Strata 0. Stratum 16 means that

it is unsynchronized.

• This is the start of establishing the basics of logs.

• Situational Awareness: Students are expected to have a background. This

is a high level overview of logs to set up the discussion on the impact of the

mobile architecture on the requirement to collect and process logs.

1. To define NTP and how it works.

Module 4: Logging

mGovernment 97

A common time reference is essential to allow correlation of logs

from multiple sources.

• Network Time Protocol (NTP) – Use it

• Synchronizes all connected system clocks

• Available on almost all devices

• Available for free

• NTP has 15 “strata”

• Each stratum reflects how many “hops” away it is from the Stratum

0 Reference Clock

“Stratum 16” = Unsynchronized

Network Time Protocol

• Logs for servers that are operated by separate entities should: (Pick the

correct answer)

a) Use a common source for time synchronization (as can be provided by

using the Network Time Protocol.) (correct)

b) Not need to use a common synchronize time stamp as the administrator

can tell when things happened on the network.

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 98

CONTENT

There are two pictures presented here of two atomic clocks that are kept in

Boulder Colorado in the United States. The Strata 0 Reference Clocks calculate

time by measuring the microwave signals that are emitted by the electrons as

they change energy levels in Cesium atoms. To measure this requires that the

atoms be cooled to near absolute zero temperature. How precise is this time

measurement? A Stratum 0 atomic reference clock will not gain or lose a single

second within 138 million years.

• This continues providing an overview of log basics.




1. To define Stratum 0 in NTP.

Module 4: Logging

mGovernment 99

Strata 0 Reference Clocks

Atomic Clocks

• Calculate time by measuring the mi-

crowave signals emitted by electrons

as they change energy levels around

cesium atoms which have been cooled

to a near absolute-zero temperature

• Will not gain or lose a single second

within 138 million years

Timing is Everything

SOURCES

https://upload.wikipedia.org/wikipedia/commons/4/45/Usno-amc.jpg

https://upload.wikimedia.org/wikipedia/commons/4/45/Usno-amc.jpg

The US Naval Observatory (USNO) Alternate Master Clock, Schriever Air Force Base, Colorado

https://upload.wikimedia.org/wikipedia/commons/0/0c/Atomic_clocks.jpg

NIST-F1 Cesium Fountain Atomic ClockNIST Laboratories, Boulder, Colorado

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 100

SOURCES

CONTENT

Syslog is standardized under IETF RFC 5424. The syslog messages are defined

two ways: by a facility code that provides information about the type of software

that is generating the log and also by a severity code (including emergency, alert,

critical, error, warning, notice, info and debug). Syslog is used in a variety of ways

but primarily for network management and for security. Syslogs are generally

sent to a separate log server that serves as a central log repository where it is

then used for the management and security functions. In integrating a network

ensure that all the vendors provide documentation and definitions for all the log

messages including the key words and the respective definitions.

• This continues providing an overview of log basics, now discussing syslogs.




1. To define syslog as a standard for system and application logging.

http://en.wikipedia.org/wiki/Syslog

Module 4: Logging

mGovernment 101

GLOSSARY

Syslog is a standard for computer message logging. It permits separation of

the software that generates messages from the system that stores them and

the software that reports and analyzes them. Syslog can be used for computer

system management and security auditing as well as generalized informational,

analysis, and debugging messages. It is supported by a wide variety of devices

(like printers and routers) and receivers across multiple platforms. Because of this,

syslog can be used to integrate log data from many different types of systems

into a central repository.

http://en.wikipedia.org/wiki/Syslog

Syslog is a standard for system & application logging

• The Internet Engineering Taskforce (IETF) has standardized Syslog

under RFC 5424.

• Establishes “Facility Levels” to identify the application generating

the log entry

• Establishes “Severity Levels” to identify the importance and

contents of the log entry

• Confirm that all your vendors include complete documentation

and definitions of all the log messages their system/application

generates, including key words and definitions!

Syslog

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 102

CONTENT

The central log repository is the single location for keeping logs. Logs are,

therefore, not stored within the same system as the application that generated

them - but separated and kept centralized where they are used for a variety

of functions. Some of the main reasons include system maintenance, security

detection, forensics and correlation of events. Interestingly Windows does not

store the log messages in plain text. They store it in binary and interpret it on

display when viewed. There are many reasons for keeping the logs separate and

one of the most important is for the security of the logs. By keeping the logs

separate the principle of separation of duties is supported so that the person

who has system administration duties (as an example) is not the same person

who can alter the logs of the activities that were conducted.

• This continues the instruction on logs by providing an overview of log basics,

now discussing the log servers that serve as a central repository for the log

messages.




1. To define log servers as a central repository for the collection of logs from

various network element sources.

Module 4: Logging

mGovernment 103

Central Log Repository

• Enables system/application analysis & auditing by collecting the

logs of multiple systems and applications in

a single location

• “Single” is misleading – log servers can be clustered, so if one fails,

the other takes over and no logs are lost (Application HA)

• Separates the software and hardware that stores the logs from the

software and hardware that generates them

• An extra layer of security

Log Servers

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 104

CONTENT

One of the key functions of keeping the logs in a central repository is for

intelligent analysis of the logs and for reporting purposes. This is done with

software tools. There are some log handling tools that are free, but others are

commercial products that can be very expensive. The logs can be used for cross-

system and cross-application review, comparison and assessment of logs

The different parts of the IT operation needs access to the logs so they can pull

them very quickly, and get a great amount of detailed about when things took

place and what took place. They are used to identify trends, problems, and help

to build intelligence and forecast future behaviors. Trying to do this manually

is no longer practical given the volume of log traffic that is generated within a

network. This is the point where it starts to become obvious what happens with

a mobile architecture that is by nature dispersed. When one starts to add in cloud

• This continues the instruction on logs by describing other functions

(intelligence and reporting).




1. To define log servers as a central repository intelligence analysis and

reporting

Module 4: Logging

mGovernment 105

• Intelligent Analysis & Reporting

• Cross-system and cross-application review, comparison and assess-

ment of logs

• We can pull these very quickly, and they are very detailed. They

easily identify trends, problems, and help to build intelligence and

forecast future behaviors

• Detailed reporting of events from a single location instead of pull-

ing logs from numerous sources and manually evaluating them –

very time & labor intensive

• Software products exist to manage all of this data. The more sophis-

ticated ones are very expensive but create a level of intelligence

analysis not possible with simply manual capabilities.

Log Servers

CONTENT

computing and virtual machines, cross- organizational sharing, it becomes clear

that log maintenance gets more challenging. All the requirements for logs do not

go away just because of mobile.

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 106

CONTENT

Logs are essential in any IT operation. That is clear. They should be retained for all

the reasons already explained. But retention is not something that is indefinite.

Retention should be based on a clear policy that takes into account various

factors of the data and the system, like how critical is it, and whether the systems

can be exposed to external access like the Internet. The primary reasons are

often legal or regulatory ones.

Another question is why they become more important in mobile services and by

extension in mobile government services. The reason is the distributed nature of

the mobile nTier architecture described in the previous chapter.

• This continues the instruction on logs by discussing retention policy and other

aspects of log retention like the practical consideration of storage space.




1. To define the activities and responsibilities of log retention.

Module 4: Logging

mGovernment 107

How long do you keep the logs? It depends!• What is the source of the log data?

• How critical is the system?

• High criticality systems should have their logs retained for longer

than low criticality systems.

• Where was the system located?

• DMZ systems more prone to attack – retain DMZ logs longer.

• What are the legal/regulatory requirements?

• Logs are evidence

• What does your policy say?

• Keep exactly as the policy requires, not less or more

Log Retention


mGovernment 108

CONTENT

In eGovernment the IT systems assets are typically under the same organizational

roof. The trend in the future of shared systems is towards less organizational

ownership and more shared arrangements. This is the simple reason.

However, just because the computing platforms are shared and possibly leased

from a cloud provider does not remove the requirement for collecting the logs

that pertain to the organization. There is also the reason that government

services may be combined. Security is a perfect candidate for bringing under

a specialized team of people with the right tools. Logs are essential in these

arrangements as they serve to establish the chain of evidence for “who did what

when” and must be kept separate to meet compliance requirements. Shared

does not mean intermixed without the ability to associate the source.

While it is important to keep the log records, it is equally important that they are

kept according to a published policy to establish the duration and nature of how

the logs are administered. The policy is essential even for the basic reason that all

computer systems (desktops, servers, everything) can generate logs.

Collecting everything from everywhere is logistically not feasible for most IT

shops. The problem is that logs take up storage space – a great deal of storage

space. Left unchecked this data can grow and grow until it consumes all the

available storage. The policy for log retention should be explicit and follow best

practices to ensure that it is reasonable to the mission of the organization.

Module 4: Logging

mGovernment 109

How long do you keep the logs? It depends!• What is the source of the log data?

• How critical is the system?

• High criticality systems should have their logs retained for longer

than low criticality systems.

• Where was the system located?

• DMZ systems more prone to attack – retain DMZ logs longer.

• What are the legal/regulatory requirements?

• Logs are evidence

• What does your policy say?

• Keep exactly as the policy requires, not less or more

Log Retention

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 110

CONTENT

Repudiation means to deny. Non-repudiation means to not be able to deny. A user

cannot perform some action, and credibly deny it afterwards. Non-repudiation

then is a property of information security which makes it difficult or impossible

for someone to repudiate, and thus is highly desirable. In an operational sense it

means that Party A cannot repudiate (deny) the sending of an email sent to Party

B (as an example). The only way to prove the event is with the logs, which provide

the evidence needed to confirm the transaction of sending an email from one

party to another.

Without the logs there is no way to make the confirmation and everything that

allows the Internet to function is undermined. Without logs there is not root-

of-trust. Email is simply an example. Machine to machine non-repudiation is

• This continues the instruction on logs by discussing retention policy and other

aspects of log retention like the practical consideration of storage space.




1. To define what is non-repudiation in the context of the topic og logs.

Module 4: Logging

mGovernment 111

Repudiation = Refute

Refute means to deny.

Non-repudiation means that it cannot be denied

“The ability to prove authenticity when it is refuted”

Has significant importance in the world of information security, criminal

/ civil law, and computer forensics.

Scenario: A group of employees in your business is known to cause

trouble for others. Recently, a very insulting email was sent by one of

them to the General Manager of the company. The individuals claim

they never wrote the email, even though it came from one of their

accounts…..

Non-repudiation


mGovernment 112

CONTENT

another form. Without these foundational capabilities trustworthiness is made

more difficult and so there is no basis for the higher-level functions of financial

transactions.

Without the capabilities of non-repudiation the Internet of trusted transactions

would not function, as we know it. It is indeed elemental. The logs are the basis

for establishing non-repudiation.

GLOSSARY

Non-Repudiation in digital security: Regarding digital security, the cryptologic

meaning and application of non-repudiation shifts to mean: a service that provides

proof of the integrity and origin of data and n authentication that can be asserted

to be genuine with high assurance.

http://en.wikipedia.org/wiki/Non-repudiation

Module 4: Logging

mGovernment 113

Repudiation = Refute

Refute means to deny.

Non-repudiation means that it cannot be denied

“The ability to prove authenticity when it is refuted”

Has significant importance in the world of information security, criminal

/ civil law, and computer forensics.

Scenario: A group of employees in your business is known to cause

trouble for others. Recently, a very insulting email was sent by one of

them to the General Manager of the company. The individuals claim

they never wrote the email, even though it came from one of their

accounts…..

Non-repudiation


mGovernment 114

CONTENT

The Objectives of this module were to understand the fundamental nature

of logs in an IT Infrastructure and for IT Operations. This module covers how

timing is synchronized, Syslog, Log Servers, Log Retention and Non-Repudiation.

It closes with a discussion on how mobile impacts the operations of collecting

and maintaining logs. Lastly, a basic statement of the necessity of proper log

operations is the statement, “If it isn’t documented (logged), then it didn’t

happen.”

Module 4: Logging

mGovernment 115

• Logs are fundamental


• Syslog

• Log servers

• Log retention

• Non-Repudiation

• How does mobile impact log operations

OBJECTIVES

“If it isn’t documented, it didn’t happen”

mGovernment


of this material

QUIZ

116


mGovernment 117

fModule 4: Logging

Quiz – Question 2

Quiz – Question 1

1. Logs for servers that are operated by separate entities

should: (Pick the correct answer)

A) Use a common source for time synchronization (as can be

provided by using the Network Time Protocol.) (correct)

B) Not need to use a common synchronize time stamp as the

administrator can tell when things happened on the network.

2. Log retention: (Pick all the correct answers)

A) Should follow a pre-established policy for location, duration

and other factors (correct)

B) Should be on the same server as what is running the

application or the database

C) Should also be kept for forensics – finding how who did

what when (correct)

D) Is essential to provide for non-repudiation. (correct)

E) Should be based on a policy of keeping data for as long as

there is room in the network storage.

End of Module


mGovernment 120

CONTENT

This module introduces the topic of determining the criticality of IT systems.

Everything in the IT operation is not of the same importance. Making this

determination up front can be the difference between knowing what to do in a

crisis to achieve a speedy recovery or wasting precious time.

THEMES

• Architecture.









Introduction


GLOSSARY

mGovernment 121


Criticality Analysis

Module 5: Criticality Analysis

f

LEARNING OBJECTIVES


mGovernment 122

CONTENT

This module serves to establish the importance of determining the criticality

of systems linked to the importance of the organizational functions. The

designations can be as simple as low to high. And the benefits can accrue in

better maintenance planning to crisis management and to the allocation of

resources

1. This module has one objective: Establish the importance of determining the

criticality of systems linked to the importance of the organizational functions.


mGovernment 123

The importance of establishing a criticality designation for the IT

systems:

• Based on a priority hierarchy

• Can use low, medium, high

• Many benefits from maintenance to crisis management to alloca-

tion of resources

Objectives

f

LEARNING OBJECTIVES


mGovernment 124

INSTRUCTOR GUIDANCE

CONTENT

Far too many IT operations don’t know what is critical and what is not. Knowing

this up front has many benefits. It begins with establishing a criticality scheme

from Low to Medium to High with the appropriate definitions. The words on this

slide are provided only as an example. The most important of these designations

being those IT applications and the corresponding IT systems determined to be

High because there could be lives lost if the system were to become unavailable

for whatever the reason. The Medium designation is for important applications

that do not otherwise meet the High criteria. Email systems are typically in

this category. The Low designation applies to systems determined to be non-

essential. Applications that can be out of service for multiple days without impact

fit this category.

• This slide is one of several slides that define the concepts of criticality in the

IT Infrastructure.



Initiative.

1. Define the concept of system criticality in three tiers: high, medium, low. A

determination of High is typically associated with the criteria that lives could

be lost if the application crashes.


mGovernment 125

“How bad will it be if this application crashes?”

• High – Critical Applications

• Loss of application access is unacceptable, devastating impact

• Entity is immediately incapable of performing its duty

• Lives could be lost

• Medium – Important Applications

• Loss is unacceptable, but not quickly damaging

• Entity is able to function without application for a short time

• Service and support can be delayed or degraded

• Low – Non-essential Applications

• Loss can be tolerated without significant impact on organization

• Organization can operate without impact for prolonged periods

• Service and support could be delayed or degraded

Prioritizing for Contingencies


mGovernment 126

GLOSSARY

Criticality: In this context, criticality means the making a determination as to

the priority of IT systems for reasons of assignment of resources and managing

a crisis situation.

• The most critical type of application or system is one where a failure could

result in:

A) More work for the System Administrator

B) Increased load on the Help Desk Staff

C) A higher bill from the ISP for increased bandwidth usage

D) Loss of Life [Correct]

E) Increased power consumption

F) Extra load on the cooling systems in the Data Center

Test Questions


mGovernment 127

“How bad will it be if this application crashes?”

• High – Critical Applications

• Loss of application access is unacceptable, devastating impact

• Entity is immediately incapable of performing its duty

• Lives could be lost

• Medium – Important Applications

• Loss is unacceptable, but not quickly damaging

• Entity is able to function without application for a short time

• Service and support can be delayed or degraded

• Low – Non-essential Applications

• Loss can be tolerated without significant impact on organization

• Organization can operate without impact for prolonged periods

• Service and support could be delayed or degraded

Prioritizing for Contingencies

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 128

GLOSSARY

Criticality: In this context, criticality means the making a determination as to

the priority of IT systems for reasons of assignment of resources and managing

a crisis situation.

CONTENT

Why do we designate application criticality? There are several answers. One

is simply a matter of resources such as budget that helps determine the

allocation of other resources in terms of support staff, developers, security and

maintenance. A second reason is to know the interdependency between the

subsystems. A general-purpose switch in the network closet may be the reason

for a critical application outage. Knowing this before the outage occurs can

speed the recovery time by knowing which systems to begin repairing first.


IT Infrastructure.



tiative.

1. Explain the reasoning behind why determining criticality is essential in IT

operations


mGovernment 129

Why do we designate application criticality?

As criticality increases, budget also increases, impacting:

• Support Staff

• Developers

• Security

• Maintenance

Establishes dependence hierarchy:

• A massive system outage has occurred – everything has crashed

and needs to be repaired.

• Some systems will not work unless other systems are functional.

• Which system(s) do you begin repairing?

Why Designate Priorities (Criticality)

• Criticality determinations are done for several reasons. What are they?

A) Assignment of resources.

B) Security

C) Knowing what to recover first

D) To meet inspection requirements (all others correct)

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 130

GLOSSARY

Enterprise Architecture (EA): EA is a type of business discipline that deals

with the complexity in business functions and the supporting IT systems.

CONTENT

This is a conversation about the alignment between IT and the business. IT

operations need to ensure that this alignment is always maintained. One

approach is to use the discipline of Enterprise Architecture also known as EA.

The EA process creates the conditions for prioritizing knowing what is important

and why will be the basis for making smarter disaster recovery type decisions

within the IT domain.


IT Infrastructure.



Initiative.

1. Provide a list of considerations in determining the criticality of applications.


mGovernment 131

• Begins with Enterprise Architecture

• Prioritizing Functions

• Prioritizing Services

• Servers and Networks

• Knowing where the functions take place will tell you where

the data is

• And what to protect the most

Prioritizing What Matters

• The outcome of the criticality analysis is an assignment of priority. The most

critical systems that support the most important government or business

functions get assigned the highest priority.

A) True (correct)

B) False

Test Questions


mGovernment 132

CONTENT


To convey the idea that the migration to mobile services will create additional IT

Infrastructure demands,

To establish that the IT Infrastructure growth can be managed by planning ahead

with existing concepts of scaling such as high availability, load balancing and

bandwidth contingencies

mGovernment 133


The importance of establishing a criticality designation for the IT

systems:

• Based on a priority hierarchy

• Can use low, medium, high

• Many benefits from maintenance to crisis management to alloca-

tion of resources


mGovernment


of this material

QUIZ

134


mGovernment 135

fModule 5: Criticality Analysis

Quiz – Question 1

1. Criticality is about: (Pick all correct answers)

A) Prioritizing (correct)

B) Knowing what to fix first in a large network outage. (correct)

C) Applying the best security to the most important assets

(correct)

D) Having a plan of what to do in case of a crisis (correct)

E) Knowing that all customers are going to want equal

attention and so all the systems are going to need to be treated

with equal importance

F) Knowing what could potentially impact life (correct)

End of Module


mGovernment 138

CONTENT

This module is designed to make use of the lessons from the preceding modules

to challenge the student with troubleshooting the problem.

THEMES

• Scalability.









Introduction


GLOSSARY

mGovernment 139


Troubleshooting Challenge

Module 6: Troubleshooting Challenge

f

LEARNING OBJECTIVES


mGovernment 140

CONTENT

This module presents troubleshooting challenges. It’s objectives are to learn

to identify the signs of problems in mobile app performance and consider the

kinds of solutions that would mitigate the problem. There is no single correct

answer in these scenario-driven exercises but the lessons of the past modules

provide indicators of where to look first and what possible solutions will solve the

problem. Ultimately, the lesson is that mobile services do create challenges to

the traditional IT infrastructure that was suitable for eGov.


1. Learn to identify the signs of problems in mobile app performance

2. Consider where to look for the solution

3. Continue to stress the idea that mobile services will require changes in the IT

infrastructure in ways that are different from eGov.


mGovernment 141

• Learn to identify the signs of problems in mobile app performance

• Consider where to look for the solution

• Continue to stress the idea that mobile services will require

changes in the IT infrastructure in ways that are different

from eGov.

Objectives

f

LEARNING OBJECTIVES


mGovernment 142

INSTRUCTOR GUIDANCE

CONTENT

The task for these next series of slides to determine where to start to investigate

the problem as presented. The student is presented with a scenario that indicates

a performance problem with a mobile government application.

The short description provides enough clues to consider the cause of the

problem

Your role is to: Pick one of the choices of where to begin the investigation and

also pick one of the potential solutions.

• This slide is one of several slides that present a problem solving challenge.

The purpose is to get the student to start applying the lessons of the past

modules.

• Situational Awareness: This series of slides presents the student with

scenarios designed to apply the information conveyed in the previous

modules.

1. Apply the lessons of the previous modules in working through a mobile

government app performance problem.


mGovernment 143

• Each scenario presents a performance problem with a mobile

application.

• Enough clues provided to consider the cause of the problem

• Your role is to: Pick one of the choices of where to begin the

investigation

Where is the Problem

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 144

CONTENT

Users complain that your entity’s mGov application takes too long to respond.

You investigate the front end servers, and none of them show high levels of RAM

or CPU utilization.

Consider two possible answers to the Scenario 1 problem. First the RAM

and Processor might be fine, but if the network bandwidth isn’t sufficient

to support the user load, users will experience slow response times, even

fail to connect entirely. The load may be the result of a combination of

the data traffic type like videos and the number of transactions taking

place at any given moment. This problem may only manifest itself under

certain conditions. Check the router performance logs to identify if there

is insufficient bandwidth. The simple solution may be to add bandwidth.



modules.



Initiative.




mGovernment 145

The mGov application takes too long to respond.

Front end servers show normal RAM and CPU utilization readings

What should you investigate next?

• The back end database storage?

• No. There is no indication that this is the problem.

• The application on the smartphone devices.

• Yes, This is an alternative answer. Why?

• The bandwidth connection?

• Yes. Start here.

Scenario 1


mGovernment 146

CONTENT

It begins here. The final answer may need more sophisticated solutions such as

were discussed in the previous module about conducting a bandwidth analysis.

Is the performance always happening or does it only appear under certain use

conditions? Logs can help.

There are other potential areas to investigate. An Alternative Answer concerns the

application. Was the application tested thoroughly enough prior to deployment

to verify that the slow response time is, in fact, related to the IT infrastructure

and not the design of the application’s code? What is the baseline performance

while under a minimal or moderate load? The answers to these questions will

lead to possibly needing a redesign of the application.

• Bandwidth problems are difficult to determine from strictly the user

experience. There are so many considerations. What would be some of the

variables to consider in determining if the bandwidth is the source of the

problem?

A) What is the connection capacity at the mobile phone?

B) What kind of data – video streaming?

C) How many concurrent users are accessing the data?

D) What is the phone memory capacity

E) What type of connection is being made – WiFi, 3G, other?

F) All of the above apply. (correct)

Test Questions


mGovernment 147

The mGov application takes too long to respond.

Front end servers show normal RAM and CPU utilization readings

What should you investigate next?

• The back end database storage?

• No. There is no indication that this is the problem.

• The application on the smartphone devices.



• Yes. Start here.

Scenario 1

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 148

CONTENT

Your entity provides an HTML5 mobile government application designed to be

used with the latest generation smartphones.

New users complain that they cannot sign up for an account.

Existing users complain that they cannot login.

The application loads fast, but user-specific information – such as name, account

number, etc. are missing.

Scenario 2 Answer – This is a scenario where it sounds like there is a problem

with the back end, or the connection to it from the front end. If the front end

had been the problem, we wouldn’t see the main page on the web site. If it were

a network congestion problem, the page would load slowly. However, since we

don’t have these problems, it looks like we cannot interact with the database.

This is where to start the investigation.



modules.



Initiative.




mGovernment 149

An HTML5 mGov application. New users complain that they cannot sign

up for an account. Existing users complain - they cannot login.

The application loads fast but user-specific information – such as name,

account number, etc. – are missing. What should you investigate next?

• The back end data storage?

• Yes. This is definitely one consideration. The indication is that there

is a problem with the database or the connection to the database

possibly in the connection path.

• The application loaded on the smartphone devices.



• No. The application loads quickly without a problem

Scenario 2


mGovernment 150

CONTENT

And there could be an Alternative Answer – This application likely depends on

Application Programming Interface (API) software calling up routines for data

from the database. This is a second potential area to investigate.

• As we learned in a previous module HTML5 applications place greater

resource demands on the servers. That is why it is important to stress test

mobile applications in near live conditions using the end-to-end system

resources.

A) True (correct)

B) False

Test Questions


mGovernment 151

An HTML5 mGov application. New users complain that they cannot sign

up for an account. Existing users complain - they cannot login.

The application loads fast but user-specific information – such as name,

account number, etc. – are missing. What should you investigate next?


• Yes. This is definitely one consideration. The indication is that there

is a problem with the database or the connection to the database

possibly in the connection path.

• The application loaded on the smartphone devices.



• No. The application loads quickly without a problem

Scenario 2

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 152

CONTENT

Your entity supports an HTML5 mGov application. It has become so popular you

have implemented load balancers to support the high user demand.

Users begin reporting problems with this application. Sometimes there are no

problems, but sometimes it is very slow to respond, and sometimes connections

time-out.

There is no consistency between what users are reporting this problem, where

they are located, or when they are experiencing it.

Scenario 3 Answer – Check the front end servers for resource utilization and the

metrics being used on the load balancers. Load balancers can query the servers

they pass traffic to, or receive status reports from them, about the server’s

general health. If a server is running high on utilization, this can be reported to

the load balancer, which will then reduce the number of connections it forwards

to that server.





Initiative.




mGovernment 153

A very popular HTML5 mGov application with extremely high user de-

mand. You implemented load balancers

Users experiencing intermittent problems with this application: some-

times slow to respond, and sometimes connections time-out.

There appears to be no consistent reason, not location dependent, or

time of day. What should you investigate next?


• Possibly, but the back end is not the place to start investigating.

• The bandwidth?

• No. Bandwidth is not correlated to any peak demand issues.

• The servers have insufficient resources: memory and CPU capacity?

• Yes. This is a potential answer. The report from the load balancers

Scenario 3

• Load balancing can capture metrics of server performance that would

provide an indication of resource problems.

A) True (correct)

B) False

Test Questions


mGovernment 154

CONTENT

This module presented three troubleshooting challenges. The objectives were:

To learn to identify the signs of problems in mobile app performance and consider

the kinds of solutions that would mitigate the problem. There is no single correct

answer in these scenario-driven exercises but the lessons of the past modules

provide indicators of where to look first and what possible solutions will solve the

problem. Ultimately, the lesson is that mobile services do create challenges to

the traditional IT infrastructure that was suitable for eGov.

mGovernment 155


• Learn to identify the signs of problems in mobile app performance

• Consider where to look for the solution

• Continue to stress the idea that mobile services will require

changes in the IT infrastructure in ways that are different

from eGov.


mGovernment


of this material

QUIZ

Quiz – Question 1

156


1. Scenario 1 is intended to challenge the student to see: (Pick

all correct answers)

A) See network congestion as one area of concern

impacting the end-user experience.(correct)

B) Recognize that network bandwidth is always the first

place to start looking for a diagnosis of a problem.

mGovernment

Quiz – Question 2

157

fModule 6: Troubleshooting Challenge

Quiz – Question 3



A) How problems can be hidden until certain conditions

come into play such as an unplanned incident that creates a

spike in demand. (correct)

B) To recognize that testing the application under diverse

conditions is an important part of the overall system design.

(correct)

C) That putting in place load balancers can allow for meeting

demand. (correct)

D) Recognize that there will always be problems and there is

nothing you can do about that.



A) How the frontend and backend of the system resources

must work together in order for the application to perform as

expected. (correct)

B) There may not be one problem but several that impact

the performance of an application. (correct)

C) The notion of generalizing about frontend, backend,

network and device allows the diagnosis to focus in on the

specific problem (correct)

D) Recognize that backend is always the first place to start

looking for a diagnosis of a problem

End of Module


mGovernment 160

CONTENT

This module covers the impact of the mobile platform types on the IT

Infrastructure in the migration from eGov to mGov.

THEMES

• Applications









Introduction


GLOSSARY

mGovernment 161


Mobile Application’s

Impact on the IT Infrastructure

Module 7: Mobile Application’s Impact on the IT Infrastructure

f

LEARNING OBJECTIVES


mGovernment 162

CONTENT


To explain why it is that the mobile applications can cause challenges in the IT

infrastructure

And to provide some ideas on taking a practical approach to implementation. We

call this a crawl before you run approach. It is a deeper dive into the applications

and continues the discussion of how the mobile services environment puts

stress on the IT infrastructure and staff that now need to be available 24 hours

each day.


1. Explain why mobile applications can cause resource challenges in the IT

infrastructure.

2. Provide ideas on a crawl before you run approach to implementation.


mGovernment 163

• Explain why mobile application types can cause challenges in the IT

Infrastructure.

• Provide ideas on taking a practical crawl before run approach to

implementation.

Objectives

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 164

CONTENT

The HTML5 application platform is one of the four types discussed earlier

and the one that places the greatest resource demands on the data center IT

infrastructure.

While HTML5 apps make it ideal for requirements that can be met from a

web server, this is also its principal limitation. HTML5 apps are ideal for online

transactions like registrations. It is not the ideal platform for apps that need the

features such as a camera or GPS.

And HTML5 apps place greater stress on the server farm. Servers need to be

robust enough to support all the video, image and transaction processing of

the app. The more the HTML5 app uses rich media, the greater the need in

server CPU and memory and in network connectivity capacity. As the mobile

government services will need to be available on a 24-hour basis all the high

availability and load balancing requirements discussed in previous slides become

critical.

And then there is the need for a reliable Internet connection. No connection

means there is no access to application and the data that is kept in the data

center.

• This slide is one of several slides that discuss how the mobile application types

can impact the IT Infrastructure.

1. Define the impact of HTML5 Applications on the IT Infrastructure.


mGovernment 165

• Significant resources on the servers.

• Media Intensive: images, videos, flash, etc., come from your servers.

• Data is created on the servers – appears uniform on all the devices.

• App updates are actually website updates.

• Downloading webpages from your servers.

• Reliable synchronous communications required: outages noticed

immediately.

HTML5 Applications

GLOSSARY

HTML5: see earlier definitions.

• HTML 5 applications can cause the following kinds of IT infrastructure issues:

(Pick all correct answers)

A) A greater demand on the network resources including servers, databases,

and bandwidth than had previously existed as users can now access your app at

anytime and at anyplace with network connectivity.

B) The use of media such as images and videos will cause further demands on

the network resources.

C) You may have to consider a content distribution network (CDN) to handle all

your content demands. (all correct)

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 166

CONTENT

Unlike HTML5, the processing in a Native application is done on the smartphone

or tablet. This means that there is not the same kind of data center resource

demands on CPU and Memory capacity that exists with HTML5 apps. That is the

good news. From a security perspective, however, the news is more complicated.

In HTML5 the interface is the Browser – the same browser technology that has

been around since 1992 with over 20 years of work on mitigating known risks

and vulnerabilities. Native Apps are browser-less meaning that the browser is not

used. All that browser-level security mitigation painfully learned and put in place

over two decades of experience now depends on the developer of the Native

app. Can a poorly written Native app expose the back end databases of an IT

operation? That is a good question. The answer is – yes – potentially.





Initiative.

1. Define the impact of Native Applications on the IT Infrastructure.


mGovernment 167

GLOSSARY

Native Apps: see earlier definitions

Patches: Updates to software that are intended to fix functionality or security

bugs

Less resource demands on the server

Greater complexity

Security: App runs on the device, not the browser

Can potentially expose back end databases

VERY carefully review submitted data

• Appearance & controls differ by platform.

• Might have different code for each platform.

• Will users will install updates?

• Support different app and protocol versions.

Native Applications


mGovernment 168

CONTENT

The other complication is less a problem on the IT infrastructure and more

so a challenge for the app developers who need to create versions of the

application suitable to all the operating systems such as Android, iOS, BlackBerry

and Windows. Native apps must also be tested to make sure that they appear

correctly on the different physical platforms such as the many variety of Android

Phones and the many types of tablets.

Lastly, Native Apps must contend with the problem of pushing updates. Not

everyone updates the mobile apps when the update is published. Pushing

patches or upgrades to an app depend on the cooperation of the end-users. This

is another of the complications with Native Apps.

• Native applications may introduce security holes into your network resources

that had not previously been a concern with strictly eGovernment services.

A) True (correct)

B) False

Test Questions


mGovernment 169

Less resource demands on the server

Greater complexity

Security: App runs on the device, not the browser

Can potentially expose back end databases

VERY carefully review submitted data

• Appearance & controls differ by platform.

• Might have different code for each platform.

• Will users will install updates?

• Support different app and protocol versions.

Native Applications

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 170

CONTENT

Hybrid apps inherit the advantages but also the complications of both HTML5

and Native app types.

Hybrid apps may in fact be the right choice when an entity needs to use the

features of a smartphone and also the facility of an eGov application in a com-

bined application service. There are many considerations in deciding to go with

a Hybrid App. Here are some questions to ask:

• How much data does the HTML5 component of the app need to pull from

the web server?

• Less, if data is pre-loaded on the native app

• More, if we need to send additional media (video, images) to enhance

the user experience





tiative.

1. Define the impact of Hybrid Applications on the IT Infrastructure.


mGovernment 171

GLOSSARY

Hybrid: see earlier definitions.

More resources, more complexity? Maybe. Some considerations:

• How much data does the HTML5 component of the app pull from a

web server?


• More, if we need to send additional media (video, images) to en-

hance the user experience

• How often does the Native App need to be updated?

• Less past versions to support!

• More if there is more device integration.

Hybrid Applications


mGovernment 172

CONTENT


• Less, if there are past versions to support

• More, if there is more device integration.

These considerations and others like cost and maintenance need to be part of

the analysis done in making a decision to meet your requirements with a Hybrid

App.

• Hybrid applications: (Pick all that apply)

A. Have the advantages of both the HTML 5 and the Native types. (correct)

B. Have the disadvantages of both the HTML 5 and the Native types (correct)

C. Will require the most attention (as compared to the other app types) to all

aspects of the IT infrastructure (correct)

D. Should always be attempted first as that is where you will end up with all

your apps anyway.

Test Questions


mGovernment 173

More resources, more complexity? Maybe. Some considerations:

• How much data does the HTML5 component of the app pull from a

web server?


• More, if we need to send additional media (video, images) to en-

hance the user experience


• Less past versions to support!

• More if there is more device integration.

Hybrid Applications

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 174

CONTENT

In the migration from eGovernment to mGovernment services there are a variety

of factors to consider. The following logic flow asks a few questions that you can

ask in making this determination starting with: “Do you have an existing eService

website?” If the answer is No, then ask a different question, “Do you need access

to device sensor data such as location (GPS)?” If the answer is Yes, then the

choice is to Build a Native Application.

If the answer is No, then Build an HTML5 Application

If you do have an eService website with a desire to make it available to a

mobile platform then consider a migration from eService to mService HTML5

Application. The same questions can be asked about the future. Will there be a

need for device sensor data in the future? If the answer is No, then stay with the

• This slide is one of several slides that provide guidance on the migration from

eGov to mGov services



Initiative.

1. Describe a process for migrating from eGov to mGov.


mGovernment 175

CONTENT

Do you have an existing eService website?

• No. Do you need access to device sensor data such as location

(GPS)?

• Yes: Build a Native Application

• No: Build an HTML5 Application

• Yes. Candidate for eService to mService HTML5 Application

Need device sensor data in the future?

• No. Stay with the HTML5 Application

• Yes. Two options:

• Integrate the two to create a Hybrid Application.

• Release the Native Application, discontinue HTML5

Migration: From eGov to mGov

• All eGovernment applications are ideal candidates to converting them to

mGovernment applications.

A) True

B) False [Correct]

Test Questions

HTML5 Application. If the answer is Yes, then there remain two options: Integrate

the two to create a Hybrid Application, or create and release the Native Application

and discontinue the HTML5 application.

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 176

CONTENT

Is there a correlation between Application Platform Types and the Migration

Steps that were presented in the mGov Guidelines Document? Indeed there

is to a certain extent. While the Guideline is not prescriptive on the platform

type that corresponds to the Steps 1 through 4 it is clear enough that there is a

correlation. Step 4 level functionality, as an example, can be achieved by a Native

or Hybrid Application platform but not by strictly HTML5 or SMS. The guidance is

to consider providing the service at a Step 1 with SMS or HTML5 and release it as

an initial version. Take usage data, learn from the experience and the data, adjust

and climb the service up to Step 2. Remember, not all eGov services are suitable

for conversion. The mGov Guidelines provides the migration path – follow it.

• This slide is one of several slides that provide guidance on the migration from

eGov to mGov services.



tiative.

1. Provide guidance to consider in taking the mGov Guideline Steps.


mGovernment 177

Migration: Step 1 To Step 4

App Version 1.1 Get Data Analyze and AdjustStep 1 Steps 2-4

• Don’t try to do everything at once!

• Establish a phased upgrade path.

• Most (but not all) mGovernment services will evolve from

eGovernment services.

• The mGov Guidelines provides the path

• Follow the Steps 1 through Step 4 in sequence as releases

• Just like the commercial apps are done

• The fastest and most successful strategy to get your mGov application online

is to start developing the most advanced type (Native or Hybrid) right away so

that you have the most time to get it completed.

A) True

B) False [Correct]

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 178

CONTENT

The point in this slide called Crawl Before You Run is to recognize that the path

to success is an incremental one. Asking and answering simple questions,

getting data on usage by using Google Analytics on your HTML5 application

and then making incremental improvements. As explained in the previous slide

-there is a correlation between the Steps and the Application Platform Types.

Use the incremental step process to deploy SMS and HTML5 type apps before

considering Native and Hybrid. Also – stay focused on providing a citizen service





Initiative.

1. Provide additional guidance to consider in the migration.


mGovernment 179

What does that really mean?

• It means start with creating your app at the lowest level of the

Steps appropriate for the need

• Version 1.0 will be served by what…SMS, HTML5?

• Gather data…Google Analytics?

• Answer simple questions:

• Where is…? When is…? Who does…? What do I…?

• Are you solving a citizen needed problem?

• What are the metrics to determine success?

• Do you have a baseline determined

Crawl Before You Run

• The strategy of crawl before run is based on the wisdom that comes with

experience such as:

A) Observe what happens in the commercial world of technology releases

that are based on incremental releases of functionality where the market is

informative as to what works and what does not work. [Correct]

B) Pushing the envelope of technology can be a high risk with no reward

approach. This approach is not suitable to the need for citizens to trust in the

efficiency and effectiveness of government functions. [Correct]

C) It is always better to simply go slow.

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 180

GLOSSARY

CONTENT

Smart Government

In the details of how to create mobile government applications and what

technologies need to be scaled to provide for this capability one cannot lose

sight of the goal - the purpose for all of this - the why. That purpose, that goal

is smart government. An app that has been in development by the Dubai Water

and Electricity Authority fits this purpose. It has been recognized with awards,

the press and more importantly by the number of downloads. People are using

it. That is the ultimate test of success. It is saving fuel, money, and time. The

integration with Emirates ID is consistent with the idea of the government

sharing information and integrating government services. It is reducing the

carbon footprint. It is in a word – making people “happy.”





Initiative.

1. Examine a success story.


mGovernment 181

SOURCES

https://e-services.dewa.gov.ae/newshist/details.aspx-?id=0241153800000000000000002411538

The Goal is Smart Government

• Savings• Fuel• Money• Carbon Footprint• Paper Eliminated

• Over 150 Features and Services

• Integrated with EID

From DEWA Web Site

Dubai Electricity and Water Authority (DEWA) announced it has transformed all of its services into smart services in less than a year after the launch of the Smart Dubai initiative.

HE Saeed Mohammed Al Tayer, MD & CEO of DEWA said the achievement is in line with the Smart Government phase, the post e-Government initiative launched by HH Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, …transform Dubai into the smartest city in the world with all the services and utilities run by integrated and connected smart systems.

https://e-services.dewa.gov.ae/newshist/

• The primary purpose of the Smart Government initiative is to:

A) Provide a rich library of government apps for the residents of UAE

B) To create a smarter – integrated set of government services that is

responsive and anticipates the needs of the residents of UAE. (correct)

Test Questions


mGovernment 182

CONTENT


To explain why it is that the mobile applications can cause challenges in the IT

infrastructure. It is a deeper dive into the applications to continue the discussion

of how the mobile services environment puts stress on the IT infrastructure and

the staff that now need ensure system availability 24 hours each day.

And to provide some ideas on taking a practical approach to implementation. We

call this a crawl before your run approach.


mGovernment 183

• Start with a migration strategy…a simple logic flow analysis will give

you the answer.

• Then understand how the different apps will impact the services

delivered by the IT infrastructure.

• And start small taking a crawl before run approach.


mGovernment


of this material

QUIZ

Quiz – Question 1

184


1. Native applications may introduce security holes into your

network resources that had not previously been a concern with

strictly eGovernment services.

A) True (correct)

B) False

mGovernment

Quiz – Question 3

Quiz – Question 2

185

fModule 7: Mobile Application’s Impact on the IT Infrastructure

3. The fastest and most successful strategy to get your mGov

application online is to start developing the most advanced

type (Native or Hybrid) right away so that you have the most

time to get it completed. T/F

A) True

B) False (correct)

2. Hybrid applications: (Pick all that apply)

A. Have the advantages of both the HTML 5 and the Native

types. (correct)

B. Have the disadvantages of both the HTML 5 and the Native

types. (correct)

C. Will require the most attention (as compared to the other

app types) to all aspects of the IT infrastructure. (correct)

D. Should always be attempted first as that is where you will

end up with all your apps anyway.

End of Module


mGovernment 188

CONTENT

This module is designed to make use of the lessons from the preceding modules

to challenge the student with making decisions about application type selections

and to recognize the IT infrastructure implications of these decisions

THEMES

• Applications









Introduction


GLOSSARY

mGovernment 189


Case StudiesPicking

the Right App

Module 8: Case Studies Picking the Right App

f

LEARNING OBJECTIVES


mGovernment 190

CONTENT

In the previous modules we learned about the application platform types - the

advantages and challenges that come with them. In this module the idea is to

consider these challenges in some real world case studies. Making the application

type decision is the easy part. Recognizing what needs to be done on the front

end and back end, and also the network requires that we take a comprehensive

view of these module lessons. This helps the student understand a way to make

more informed decisions and plan for the changes that will be needed in the IT

infrastructure.


1. Apply the lessons from past modules

2. Make application type decisions

3. Recognize the implication to the IT Infrastructure front end, back end and

the network


mGovernment 191

• Apply the lessons from past modules.

• Make application type decisions.

• Recognize the implication to the IT Infrastructure front end, back

end and the network.

Objectives

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 192

CONTENT

In this series of slides we take the combined lessons from the past modules

to make informed decisions about which application platform type is the most

suitable to meet the requirements. The student is presented with a scenario and

asked to make the decision. The real task, however, is to explain the impact to

the IT Infrastructure in the areas that we described in the earlier modules: the

front end, the back end, and the network. The goal of these case studies, is thus

to exercise the mind thinking about the implications of these decisions.



modules.




mGovernment 193

Determine which application type is best suited to meet the

requirements.

Explain the impact of this selection on:

• Front end – servers for data processing.

• Back end – data storage.

• Network – Communications (data).

Case Study Goals

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 194

CONTENT

In this case study scenario we consider a requirement from the Ministry of

Interior for a citizen-centric mobile application.

The application will use the sensor technologies of smart phones that allow

residents to report a crime or other serious incident that merits the immediate

attention of the MOI authorities. The app must be able to take and capture a

photograph, record a written message, take a location (GPS) tag, get a time stamp

of when the incident was reported and last to associate the phone number of the

person making the report.

What is the right application type?

This solution requires the capabilities of a smart phone, which leads to one of

two viable choices: a Native or Hybrid application. One can make a case for either

one. What is the impact on front end servers, back end storage, the network? Go

to the next slide and this will be discussed.



modules.



Initiative.



mGovernment 195

GLOSSARY

The Ministry of the Interior wants a crime reporting app:

• Take Photographs.

• Record Messages.

• GPS Tag.

• Time Stamp.

• Associate the report with mobile number.

Case Study One


GPS

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 196

CONTENT

There are many considerations in the range of technical and business process

impact. A Native or Hybrid application must, as an example, be able to collect,

send, catalog, store, secure and be able to feed an internal process within the

Ministry of Interior. Imagine the case when a citizen reports a serious crime

and the report does not result in a police response, the data gets lost in the

bureaucracy or in the electronic ether all with no action. What if the incident is

creating a heightened citizen demand to know what is going on, what guidance

to follow and the system resources or the bandwidth cannot handle the demand.

Then there is the need to consider the hacker who could get insider knowledge

about reported crimes and even who reported the crime. These are all the many

considerations that must go into the thinking about both the technical and

business impacts.



modules.



Initiative.




mGovernment 197

Native or Hybrid Application Type

SmartPhone with Sensor Capabilities

• Front End

• Load Balancing

• Increased server farm capacity for video and images

• Security for Availability

• Back End

• Increased storage capacity

• Security for confidentiality (sensitive information) protection

• Network

• Peak Bandwidth Capacity for Crisis Situations

What Application Type?


mGovernment 198

CONTENT

Starting with the front end load balancing and increases in the server capacity

able to deal with peak usage and to ensure that the application data center

internal systems are robust from a high availability perspective that they will

always be available.

On the back end there will be a need to ensure sufficient storage capacity for

images, videos all managed by a robust database. Here again, security must be a

key consideration as this is where all the data will reside.

On the network, the ability to handle both normal and peak demand is essential.

Peak demand is likely to be an unplanned event – at a time when the incident

happens and hundreds of people, possibly thousands start to interact with the

application.

• What are the principal considerations that should go into the implementation

of an app to meet the needs of the case study:

A) The “business process” of how information will flow from citizen to the

government and back and how the government will respond to the notifica-

tion of an incident. [Correct]

B) The system requirements for ensuring the sustainability during all kinds of

operational conditions. [Correct]

C) What kind of server to buy

D) The security requirements of this type of app collecting and processing

public safety type information. [Correct]

Test Questions


mGovernment 199

GPS

GLOSSARY

Native or Hybrid Application Type

SmartPhone with Sensor Capabilities

• Front End

• Load Balancing

• Increased server farm capacity for video and images

• Security for Availability

• Back End

• Increased storage capacity

• Security for confidentiality (sensitive information) protection

• Network

• Peak Bandwidth Capacity for Crisis Situations


f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 200

CONTENT

In this case study scenario we consider a requirement from the Electricity and

Water Authority for a citizen-notification mobile application.

The application will have a push function to get information out to residents

and a pull function to receive resident requests for service. On the push side,

the application will serve to provide timely information to the residents of the

impact area about planned and unplanned interruptions to the electricity and

water services. One the pull side, the application will serve to take requests for

service from residents such as connecting service or disconnecting service.

What is the right application type?

This solution must be able to serve all residents. This includes those who can

afford the smartphone data plans and those that only use a feature phone with

only voice and SMS capabilities.



modules.



Initiative.




mGovernment 201

The Electricity & Water Authority wants a citizen notification application:

• Tell residents about impacted areas.

• Loss of service.

• Unplanned interruptions.

• Allow residents to make requests for service.

Case Study Two

CONTENT

An HTML5 application with SMS capability can serve all the needed push and pull

functions.

A sole SMS application can support the push functions for those residents that

only have a limited phone. What is the impact on front end servers, back end

storage, the network? Go to the next slide and this will be discussed.

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 202

CONTENT

The push function is the first and most important of the capabilities of the app

that can be served with a simple SMS capability. The pull function can be served

by the HTML5 app. The application must be able to get residence location

information so the SMS can reach the residents of the impacted area and only

that area. Security controls must be in place to ensure that the administrator

and only the administrator properly authorized and authenticated can send the

push notice. There is some potential impact to the front end servers in the pull

functions. One could foresee a situation when a high number of resident requests

could cause some degree of performance degradation though this is not a likely

situation. Adequate load balancing and server capacity for transaction handling

is the most likely need to the front end systems.



modules.



Initiative.




mGovernment 203

GLOSSARY

HTML5 with SMS Notification SmartPhone

• Front End

• Load Balancing

• Increased server farm capacity for transactions

• Back End

• Little impact

• Network

• Peak Bandwidth Capacity for High Demand Situations in an un-

planned outage

• SMS service with a Provider


GPS


mGovernment 204

CONTENT

On the back end the database and data storage must likewise be sufficiently

capable but once again this is not a scenario where video or image information

will be in high demand if at all.

• The demographics of users and the kinds of phones (feature and smart-

phones) that they use is an important consideration in the selection and

design of this mobile government application.

A) True (correct)

B) False

Test Questions


mGovernment 205

HTML5 with SMS Notification SmartPhone

• Front End

• Load Balancing


• Back End

• Little impact

• Network

• Peak Bandwidth Capacity for High Demand Situations in an un-

planned outage



f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 206

CONTENT

The Ministry of Labor (MOL) wants to meet one of its primary functions of getting

and keeping the work force employed – the people with a job. This is the back-

ground scenario for this case study. One possible way to apply technology to

speed the process of marrying job seekers with job providers (employers) is to be

a bridge for information. In this case it is the skills of the job seeker represented

in a CV with the needs of the business owner who needs a particular skill. In this

case, the MOL develops a mobile app that allows job seekers the ability to upload

their CV by taking a picture of it and saving it on the app. On the back-end of this

IT system, the app is received and through the use of software a match is made

to a potential job. That is the background of the case study.

What is the most suitable mobile application type to be used and what are the

ramifications to the IT infrastructure? Let’s go to the next slide and discuss these

questions.





Initiative.




mGovernment 207

Push Services: In the context of mobile applications, a push service is defined as

the ability to send information to a phone or tablet device without prompting. The

information is simply “pushed” to the device for the end-user to receive. This kind

of government service can serve a variety of uses including alerting people about

potential dangers or providing useful information such as upcoming calendar

events.

Pull Services: In the context of mobile applications, a pull service is defined as

the ability for the owner of the phone or tablet to search and get the information

they are looking for from a government web site or database.

GLOSSARY

The Ministry of Labor wants an Employment application:

• Take a picture of a CV – upload it.

• Processed - matched to employer needs.

• Push notifications of openings.

Case Study Three

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 208

CONTENT

There are varying ways to this solution. One could argue that an HTML 5 based

application could work but the taking and saving of the picture in the app could

be overly cumbersome. A Native or Hybrid can also be argued as best suited

especially as the phones’ camera and GPS features can easily be integrated

with the app. What is the impact on the front end servers, back end storage,

the network? Are there potential situations where usage of the mobile app can

cause a spike and possibly create a bad user experience because of network

congestion?

On the front end there are several concerns. One is how to deal with the

potential high number of concurrent transactions when some new project

gets announced and a large number of people start applying using the app by

sending large image files of their CVs. On the back end there is a similar concern

but adding the security considerations.





Initiative.




mGovernment 209

CONTENT

Native or Hybrid with SMS Notification on a SmartPhone

• Front End


• Back End

• Security of the privacy information

• Network

• Peak Bandwidth Capacity



A collection of people’s CVs creates a need to ensure confidentiality.

CV’s tend to be very personal documents and there is an expectation that the

CVs remain protected from unauthorized use. So in all, while at first appearances

this case may seem simple the needs on the IT Infrastructure are anything but

simple. Many concurrent transaction sessions, opening, storing and protecting

the data makes for capabilities that may not exist in the IT data center without

additional capacity. And don’t forget that an SMS service is also needed as a way

to send notifications to the job seekers of a potential employer match.


mGovernment 210

CONTENT

This module presented three cases to challenge the student in making suitable

application type decisions. The objectives were to:

Apply the lessons from past modules

Make application type decisions

Recognize the implication to the IT Infrastructure front end, back end and the

network

mGovernment 211


• Apply the lessons from past modules.

• Make application type decisions.

• Recognize the implication to the IT Infrastructure front end, back

end and the network.


mGovernment


of this material

QUIZ

Quiz – Question 1

212


1. Case Study 1 is intended to challenge the student to see:

(Pick the correct answer)

A) Recognize when the requirements of the application

drive the selection of a Native or Hybrid app to use the device

capabilities of a smart phone. (correct)

B) That the cloud will provide all the needed backend

capabilities and there is no reason to worry about the IT

infrastructure

mGovernment

Quiz – Question 3

Quiz – Question 2

213

fModule 8: Case Studies Picking the Right App



A) When it is sufficient and oftentimes easier to deliver the

planned services using an HTML 5 app. (correct)

B) Recognize the impact of these decisions to the IT

infrastructure. (correct)

C) That the existing web services are going to always be

sufficient to meet the needs of an HTML 5 application.



A) That it is not always one approach. In this case both Native

and HTML 5 can be viable approaches but the decision has

both end-user and IT infrastructure impact. (correct)

B) That it is not as simple as “making an app.” (correct)

C) That there is always one answer as all things end up as

Hybrid apps anyway.

End of Module


mGovernment 216

CONTENT

This module is about the importance of collaboration between Application

Developers, the IT Operations staff and Information Security Professionals

THEMES

• Business Processes and Collaboration.









Introduction


GLOSSARY

mGovernment 217


Collaboration

Module 9: Collaboration

f

LEARNING OBJECTIVES


mGovernment 218

CONTENT

Collaboration with App Developers and InfoSec Professionals is essential for

the success of any project but even more so for mobile that represents a new

domain for many IT engineers.

• Should integrate their skills in the projects

• Using the available methodologies

• Essential for a successful project

• More so with mobile apps. Why is that? One reason is the distributed nature

of the mobile architecture where the app may be hosted not inside the data

center but on mobile platforms.

This module has one objective:

1. To explain the importance of collaboration between the three main groups

of engineers and how this is important for mobile projects.


mGovernment 219

Objectives

• Collaboration between App Developers, IT and InfoSec

Professionals



• Use the existing methodologies


• More important now with mobile apps

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 220

CONTENT

Application developers are primarily focused on the functions and the usage

of the application. They concern themselves with number of users for the

application as in the number of downloads. They should also be concerned with

how these numbers will be supported with the resources in the data center. Also,

app developers do not always concern themselves with security and they should.

• This slide works in a series that start to explain why it is essential that

collaboration be something that is emphasized in mobile projects.

Collaboration may seem like an obvious activity but experience tells a different

story. Unless collaboration is part of the planning, the methodologies and

processes it often does not happen.

• Situational Awareness: The instructor should consider weaving in some

personal experiences where collaboration has failed or where it has been

successful.

1. To explain reasons for collaboration starting with application developers.


mGovernment 221

• App developers for the mobile world look at the world from a point

of view that has to do with usage of the application.

• Concerned with the number of users. Not always mindful how

these numbers of users will be supported in the front and back end.

• Also, not always concerned with security – but they should be.

Reasons for CollaborationApplication Developers

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 222

CONTENT

IT Operations staff may not have a great deal of familiarity with mobile services.

The resources found inside of the data center like the servers, the storage

and the network have defined the areas of focus in the past. In mobile, they

now need to think not only about the platforms but the application functions

and the information contained in those platforms. One thing that they should

also consider is how the rate of capacity demand will grow in the future with

mobile. This may place stresses on the IT infrastructure. It may even require re-

architecting the entire infrastructure so that there will be sufficient capacity and

agility responding to fast changing demands. They also need to recognize that

security requirements must be also met in the extended attack surface that is

the mobile platforms.








successful

1. To explain reasons for collaboration – including the IT Operations staff.


mGovernment 223

• IT Operations have not had much experience with mobile services.

They run the systems inside the data centers. Comfortable with

web services by now…but mobile is still fairly new

• Concerned with the IT infrastructure: capacity, compliance,

operations. Mobile is going to place stresses on their existing

infrastructure.

• Also tend to see security within the boundaries of the

organizational network – not the expanded mobile network.

Reasons for Collaboration IT Operations

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 224

CONTENT

Mobile also causes the InfoSec professionals to reach beyond the past

experience. The attack surface is expanded with mobile to include the platforms

and the APIs. The tendency may be to see the security boundary as defined by

the borders of the data center. This would be a mistake as even the data center is

being redefined with cloud computing. Also, as it is very clear that the application

software is also in the range of the attackers there is more reason to develop and

maintain a close collaboration with the app developers and the IT Operations

staff.








successful

1. To explain reasons for collaboration – including the information security

professionals.


mGovernment 225

• InfoSec Professionals have not had a great deal of involvement

(and expertise) in mobile services.

• Tend to have a point of view that the security is only about what is

in the data center.

• But now the attack surface is now extended to include the mobile

platforms.

• This means that they need to work together with the app

developers to design an end-to-end mobile app approach.

Reasons for Collaboration InfoSec Professionals

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 226

CONTENT

The acronyms are combined here to indicate that that these methodologies

can serve as a way to create greater collaboration discipline. Indeed, on close

inspection, the methodologies describe activities that are all about collaboration:

system and software developers working within the structure of service delivery

to ensure that the new capabilities interface and integrate into operations at

the right time and in the right manner. Security needs to be tightly integrated

from the very beginning in the system and software development but also in

the service delivery. Lastly, ITIL is itself a collaboration methodology to ensure

that all parts of the IT organization work together in delivering and supporting

the capabilities – including the new mobile capabilities. This methodology, if

followed correctly, is one sure way to eliminate the “tribalism” tendency that is

sometimes found in the different parts of IT.



successful

1. To explain how the methodologies represented in the acronym S4DLC and in

ITIL can be a good way to ensure that there is collaboration.


mGovernment 227

S4DLC is used here to represent several other acronyms that are life cycle

methodologies.

GLOSSARY

• Using these methodologies is good for collaboration

• Systems Development Life Cycle.

• Software Development Life Cycle.

• Security Development Life Cycle.

• Service Delivery Life Cycle.

• Organizations that use ITIL collaborate

• Creates a culture of cross-team collaboration.

• Based on data collection and sharing.

• Helps avoid “tribalism” between the three groups.

Using S4DLC and ITIL

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 228

CONTENT

So, some number translations can help. By turning the number of expected

users in a range (best and worst case) they can work with the IT Operations staff

to define the resources that are needed. Factors to consider include servers: the

RAM and CPU capacities of the servers, the physical ones and virtual machines

to support the two ranges. The vendors of the servers can certainly help with

making these determinations.

InfoSec is something that needs to be integrated right at requirements and

design. This means including in the software and through the front end (web

servers) and the back end (the databases and storage)

• Continue explaining now with some additional examples why collaboration is

so important. This slide is about the front end.



successful

1. To convey examples for how to collaborate across the different parts of the

IT: App Developers, IT Operations and InfoSec


mGovernment 229

• App Developers concerned with the Application Layer

• They think about “How many users will we have?”

• Not about “How will I support this many users”.

• IT Operations think in user-load translations.

• “We will have (n) users” into…

• We will need the right infrastructure to support (n) users.

• “Each new virtual server supports an additional (n) users”.

• “A new physical server with (x) processors, (y) RAM, and (z).

bandwidth will support (a) more virtual servers, which will support

(a * n) additional users”.

• InfoSec of the app has to be designed

• Starting from the mobile platform (mobile front end).

• In the software,

• The front end and the back end of the data center.

The Front End

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 230

CONTENT

In the back end there is a question of who owns the responsibility. The back

end is a crossroads where all the disciplines meet. So there is responsibility in

all three groups: app developers with respect to the application, the databases,

backup processes, data retention, restoration, clustering and high availability.

The IT staff administers all of this; they network all the devices, provide for

storage, provision access and provide overall maintenance. The InfoSec staff is

responsible for the security of the information and the applications in the three

goals of confidentiality, integrity and availability. Assignment of responsibility is

essential.

• Continue explaining now with some additional examples why collaboration is

so important. This slide is about the back end.



successful

1. To convey examples for how to collaborate across the different parts of the

IT: App Developers, IT Operations and InfoSec


mGovernment 231

The Back End

• The Backend data storage.

• Application Developers – Database Development.

• Design, relationships, fields, logging, auditing, etc.

• Database server design & administration.

• Backups, data retention, data restoration.

• Clustering, High Availability configuration, failover.

• IT Staff - Setup, administration, cabling, storage provisioning,

maintenance, etc.

• Security of the information.

• Data at rest and in transit.

• Privacy considerations.

• Integrity considerations.

• Availability.

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 232

CONTENT

The job of all the InfoSec professionals is embodied in the goals of security

– to protect the Confidentiality, Integrity and Availability of IT systems where

system is used in the broadest sense. The term security engineer applies to

all of the different specialties and can be used for InfoSec professionals who

operate in the more general sense. Penetration Tester is a security engineer

who specializes in breaking into systems with the purpose of discovering the

flaws, holes or vulnerabilities so they can be corrected. System auditors conduct

inspections to validate compliance to a selected standard. There are many

standards but a typical one is ISO 27001. Others in the financial world exist to

ensure the integrity of financial activities kept in the supporting IT systems. The

role of Chief Information Security Officer is typically associated with the head

InfoSec professional in a large organization.

• The description of different InfoSec roles is a way to initiate a conversation

about how to integrate their skills within the other two areas of app

development and IT Operations.



successful

1. To provide a sample of the different roles with InfoSec as a way to think

about how to integrate them into the app development and IT operations.


mGovernment 233

CONTENT

• Job is to protect the systems: information and applications

• Sample job titles and responsibilities:

• Security Engineer: Designing, assessing, implementing, and audit-

ing system security controls.

• Penetration Tester – Under very controlled conditions - attacking

your system and attempting to break into it.

• System Auditor – Validating system security configurations

against established standards.

• Chief Information Security Officer – Responsible for the security

of all systems and applications within an organization.

About the InfoSec Professionals

This person is responsible for all InfoSec functions. These are only four roles.

There are many others. It is a highly specialized field. All these roles have a place

in the processes and methodologies described in the earlier slides. And so they

should be integrated into these processes and methodologies.


mGovernment 234

CONTENT

Collaboration with App Developers and InfoSec Professionals is essential for

the success of any project but even more so for mobile that represents a new

domain for many IT engineers.


• Using the available methodologies


More so with mobile apps. Why is that? One reason is the distributed nature of

the mobile architecture where the app may be hosted not inside the data center

but on mobile platforms.


mGovernment 235

• Collaboration between App Developers, IT and InfoSec

Professionals

• Essential for a successful project.

• Should integrate their skills in the projects.

• Use the existing methodologies.

• Essential for a successful project.

• More important now with mobile apps.


mGovernment


of this material

QUIZ

236


mGovernment 237

fModule 9: Collaboration

Quiz – Question 2

Quiz – Question 1

1. The main message of this module of instruction is the need

for tight collaboration between the IT staff that manages and

operates the IT infrastructure, the application developers and

the information security (InfoSec) professionals. T/F.

A. True (correct)

B. False

2. The InfoSec professionals have different areas of

specialization. Some of these include: (Pick all the correct

answers).

A) Software Developer

B) Penetration Testing (correct)

C) Chief Information Security Officer (correct)

D) System Administrator

E) Security Auditor (correct)

End of Module


mGovernment 240

CONTENT

This module introduces an idea captured in a quote about why the IT Industry

continues to fail in delivering secure IT systems – emphasis on “secure.” This idea

is instrumental in providing the context for the next series of modules that talk

about security in the IT infrastructure and in the migration to mobile services.

THEMES

• Security.









Introduction


GLOSSARY

mGovernment 241


The Reason is Structural

Module 10: The Reason is Structural

f

LEARNING OBJECTIVES


mGovernment 242

CONTENT

The objectives of this module are to provide the context of the security lessons.

The IT industry keeps failing the security requirements. Mr. Dan Geer wrote a

quote. It explains the idea that structural failures require structural changes

-nothing else will do. What are these structural changes that are needed? We

need to know this answer to create the necessary behaviors for designing a safer

mobile services system in the Smart Government initiative.


1. Convey the context of the security lessons by setting context.

2. Explain the idea that structural failures in security require structural changes

- nothing else will do

3. Explain how knowing this can get us to understand how to create the

change needed to make mobile services safer


mGovernment 243

• Convey the context: “The Reason is Structural”

• Explain that structural failures require structural changes - nothing

else will do

• Explain what these changes are and how to apply them in the

emerging mobile services for government.

Objectives

f

LEARNING OBJECTIVES


mGovernment 244

INSTRUCTOR GUIDANCE

CONTENT

Those of us who are in the information systems business know that with the

benefits of technology there are also risks. To understand these risks we make

use of a hierarchy - the hierarchy of information and its uses. It starts with the

data. No data, no information, no knowledge, no wisdom.

In the world of security we begin with a host of data made public in various

studies that tell a story. It’s a simple story.

Our IT systems are not being designed with the needed security requirements.

We buy and integrate IT systems with no knowledge of whether they are designed

secure. We deploy software without testing it against known security problems.

We collect sensitive information and don’t own up to the responsibility to make

sure that it stays secure.

• This slide is done as a progression to explain why security continues to be a

problem and will continue this way unless IT engineers start to think of the

structural reasons for these faulures.

1. Explain the progression from data to information to knowledge and then to

wisdom.

2. Explain further that this module seeks to climb this ladder and provide the

necessary context for understanding why the failures in security exist and

what can be done about it.


mGovernment 245

Dear Instructor……what about the data?

CONTENT

…Wisdom…Knowledge

…InformationData…..

So more than ever we realize the importance of going up the steps in the ladder

that leads to wisdom in order to deal with the security challenges of today.

Why do we keep losing to the hackers? Why are systems so insecure? These

questions are the ones that government and business leaders around the world

are asking. Several decades of experience – experience built on data, collected into

information that yields the knowledge tell us the reason. There is great wisdom in

Dan Geer’s quote. The reason is because it is structurally so. Bad software code is

one of those structural reasons. When the structure is bad software code why are

we surprised when the hackers can exploit that code and break into our networks

to steal personal information, to steal intellectual property or to create havoc in

the systems that run our critical infrastructures. We can even ask ourselves these

questions and the answer is what Dan said – The Reason is Structural. It is so

obviously so. Why have we not taken heed of this wisdom?

f

LEARNING OBJECTIVES


mGovernment 246

INSTRUCTOR GUIDANCE

CONTENT

Dan Geer, an information security luminary wrote this quote. It comes from the

Foreword to the book Security in a Web 2.0+ World. In it he explained that it

seems we (the good guys) are destined to lose the security problem with the

opposition (the bad guys). Is this the message? No. The message is not that it is

predestined to be this way. But if we continue to do the same as we have done in

the previous history of IT systems, then we can expect the very same outcome.

Insecure systems are open targets. The hackers will win each time. The reasons

are evident. They are structural. Why do we keep making insecure systems? And

why would we expect a different result when hackers take advantage of these

insecure systems.

• This slide is one of several slides that define the structural security reasons

why IT systems continue to fail and the follow on part of the conversation

about how to change this structure and get a better result.



Initiative.

1. Introduce one aspect of the security structural problem as the software code.

2. Explain how it is not sufficient to just have network security if the malware is

embedded in the software we are using.


mGovernment 247

Security in a Web 2.0+ World by Carlos Solari

SOURCES

“We are many. They are few.

We are losing. They are Winning.

The reason is structural.”

What does this mean?

The Reason is Structural Means…

Reference: Dan Geer in the Forward to Security in a Web 2.0+ World by

Carlos Solari and Colleagues.


mGovernment 248

CONTENT

Change the structural issues and we can start winning. That is the message.

These include fixing the supply chain of technology developers creating and

selling insecure products. It also includes creating making sure that our systems

development life cycle (SDLC) process also includes security in the process. It is

also about recognizing that security is not something that should be applied just

at the network level but also in the software code. The transition from electronic

services government to mobile services government is an opportunity to do it

right – to change the structural reasons and start winning.


mGovernment 249

“We are many. They are few.

We are losing. They are Winning.

The reason is structural.”

What does this mean?

The Reason is Structural Means…

f

LEARNING OBJECTIVES


mGovernment 250

INSTRUCTOR GUIDANCE

CONTENT

One of the most obvious of the structural reasons why we keep losing is the

idea that network level protections are going to catch problems in the software

code. It won’t. The man in armor is a metaphor for this kind of bad thinking.

Overflowing the buffer through an application interface whether it is through a

browser or a native application can permit a hacker to gain unauthorized control

of the back end database. Your firewall technology is the equivalent of the man

in armor. It is not effective in defending against bad, or better-said, vulnerable

software code. We need new thinking – the kind that will test the code, find

those problems and make sure that they are corrected before fielding your

mobile services application.

• This slide is one of several slides that define the structural security reasons





Initiative.

1. Explain how part of the structural problem is in thinking that network level

security such as firewalls can begin to address the issues of vulnerabilities in

the software code.


mGovernment 251

Structural Reason: Software Code

We need new thinking.

Trying to fight this problem… With this kind of thinking.

• We keep trying to overcome vulnerable software code by thinking that applying

network level security like firewalls will provide the needed protection. This is

an example of what Dan Geer meant in his quote.

A) True [Correct]

B) False

Test Questions


mGovernment 252

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE

CONTENT

This is a typical, generic logical diagram of a web-based service as we have in the

eGovernment model.

The “Front End” for eGov is at the boundary of the datacenter, and is typically a

web server. The applications execute (largely) from the front end back to where

data is actually stored, called the “Back End”, all within a datacenter somewhere.

The web browser (largely) interprets and displays content from the front end.

The browser developer, the server developer and the security teams handle

security between the browser and the server.

• This slide depicts a simplified n-Tier (multi-tier) web application. Use hand

gestures, pointer, etc. to demonstrate the flow of the data from back end

storage, to the browser, through the front end.

• Situational Awareness: We use this slide as a baseline for the next two

slides. Emphasize that the application actually executes (mostly) within the

datacenter (rectangle boundary), and displays on the web browser.

1. Understand a simple n-tier web application architecture.

2. Grasp Basic Terminology, see glossary.


mGovernment 253

GLOSSARY

eGov: Electronic Government, Web-based government services.

mGov: Mobile Government, Government services on handheld, mobile devices.

Front End: The portion of the application that generates the user interface.

Back End: The remainder of the application except for the User Interface.

n-Tier: Multiple Tiered, where the number of tiers is unknown or unimportant.

Attack Surface: A term that describes the areas in an IT system that a hacker can

attack.

Structural Reason: Attack SurfaceThe n-Tier Architecture (Simplified)

An n-Tier ArchitectureWeb-based services (eGov)

Front End Back End

Data Center


mGovernment 254

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE

CONTENT

This is a typical, generic logical diagram of a web-based service as we have in the

eGovernment model.

The Attack Surface or the area where a Hacker can attack are intuitively the

physical boundaries of the datacenter, and the network interface of the front

end.

• This slide depicts a simplified n-Tier (multi-tier) web application. Use hand

gestures, pointer, etc. to demonstrate the flow of the data from back end

storage, to the browser, through the front end.

• Situational Awareness: We use this slide as a baseline for the next two

slides. Emphasize that the application actually executes (mostly) within the

datacenter (rectangle boundary), and displays on the web browser.

1. Understand a simple n-tier web application architecture.

2. Grasp Basic Terminology, see glossary.


mGovernment 255

Structural Reason: Attack SurfaceThe n-Tier Architecture (Simplified)

An n-Tier ArchitectureWeb-based services (eGov)

Front End Back End

Data CenterAttack Surface

GLOSSARY

eGov: Electronic Government, Web-based government services.

mGov: Mobile Government, Government services on handheld, mobile devices.

Front End: The portion of the application that generates the user interface.

Back End: The remainder of the application except for the User Interface.

n-Tier: Multiple Tiered, where the number of tiers is unknown or unimportant.

Attack Surface: A term that describes the areas in an IT system that a hacker can

attack.


mGovernment 256

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE

CONTENT

With mGov, the “Front End” has moved from the datacenter and into the

smartphone or tablet.

This extends and changes the “Attack Surface” of the overall application, which

now extends from the storage in the back end all the way through the multiple

tiers (the n-tier), over the Internet, across the carrier’s network and into the

smartphone handheld where the front end now also resides.

Security controls that in the eGov world were implemented by the web server

and browser developers now fall to you to implement in your App code, and in

your back end APIs.

• This slide depicts the modified architecture required for mGov. Continue to

use gestures to indicate that the Attack Surface has extended out through the

internet and carrier network to the handheld where the front end now resides.

• Situational Awareness: This is one of several sides in a series.

1. Understand the origins of web applications, and in the coming slides, their

evolution.

2. Expose the class to the “Attack Surface”


mGovernment 257

Structural Reason: Attack SurfaceMigration to Mobile n-Tier Architecture (Simplified)

Native or Hybrid Mobile Services

Front End Back End

Data CenterAttack Surface

FrontEnd

App: Mobile Application, specifically in this use, the portion of code actually

running on the mobile platform.

API: Application Programming Interface.

GLOSSARY

• As the application architecture evolves, the Attack Surface may move or

change?

A. True (correct)

B. False

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 258

CONTENT

Dan Geer’s quote was meant to provoke the need for changing the way we have

traditionally thought about security. It does not mean that we (the good guys)

are predestined to lose. But it does mean that unless we start changing the basic

behaviors for how examples given with respect to vulnerable software code and

about the need to apply security to the whole of the attack surface.

• This slide is the one of several slides that defines the structural security reasons





Initiative.

1. Provide a summary of the meaning of Dan Geer’s quote.


mGovernment 259

“We are many. They are few. We are losing. They are Winning. The

reason is structural.”

• We are not pre-destined to lose

• Fix the supply chain of vulnerable code, vulnerable products

• All three steps in the chain need to be responsible: point of

creation, point of integration, point of end-use

• We should be winning…and we can

• Fix the structural problems and we can

What did Mr. Geer Mean?

• Insisting that technology providers test their technology and deliver secure

products is one of the tenets of what Dan Geer was talking about in his quote.

A) True [Correct]

B) False

Test Questions


mGovernment 260

CONTENT

The Objectives of this module were to provide the context of the security lessons.

The IT industry keeps failing the security requirements. Mr. Dan Geer spoke to

this topic. The essence of this topic is captured in this quote. It explains the idea

that structural failures require structural changes – nothing else will do. What are

these structural changes that are needed? In these past slides we discussed the

kinds of security thinking needed to design a safer mobile services system in the

Smart Government initiative.


mGovernment 261

• Convey the context of the security lessons under a banner called

“The Reason is Structural”.

• Convey the notion that structural reasons require structural

changes – nothing else will do.

• Explain how mobile services makes this challenge more

challenging.


mGovernment


of this material

QUIZ

262


mGovernment 263

fModule 10: The Reason is Structural

Quiz – Question 1

Quiz – Question 2

1. The introduction to the security topic starts with the quote:

We are many. They are few. We are losing. They are winning.

The reason is structural.” What does this mean? (Pick all correct

answers)

A. That in the struggle to keep the IT systems secure we (the

good guys) are predestined to lose and there is nothing that can

be done about it.

B. That unless the structure for how security is done is changed

that we can expect exactly the same losing results. (correct)

C. That the structural changes can in fact be made – that we

are not predestined to lose. We are many so we should win.

(correct)

1. The n-tier mobile architecture has additional “front ends”

that must now be considered for security. These front ends can

exist on the smart phone devices or tablets and also in the cloud

services.

A. True (correct)

B. False

End of Module


mGovernment 266

CONTENT

This slide is the start of a module that is intended as an exercise to wrap the

lessons together. It forces a discussion about how mobile changes the nature of

the IT infrastructure into one that is much more distributed and for which there

are many parts to actually make it work.

THEMES

• Architecture.









Introduction


GLOSSARY

mGovernment 267


Mobile IT Architecture

Exercise

Module 11: Mobile IT Architecture Exercise

f

LEARNING OBJECTIVES


mGovernment 268

CONTENT

This is the first in a series of slides intended to take the student through steps

in an exercise to place the many elements of an IT Infrastructure into the right

place within a conceptual (and very high level) architecture. The exercise is

designed to cause discussions about:

• Why a particular element belongs in one of the six parts of the framework

• To see the great many “elements” that are indeed needed to account for

everything that would be associated with a Native App in the given scenario

• To also discuss how eGovernment changes with mobile.


1. Understand all of the many elements in an IT infrastructure that are needed

to support the mobile services applications

2. Convey the idea that mobile requires more than the traditional enterprise and

eGovernment IT architectures

3. Enable a conversation about where the different elements of the architecture

belong and why they belong there. This could also be used in the early

planning stages of an app development project

GLOSSARY


mGovernment 269

Architecture

Objectives

• The exercise is about the many parts of an IT Infrastructure. Like

putting pieces of a puzzle together – but with consequences for

security, performance and ultimately the success of the mobile app

project

• Making the App work is about ensuring that all the parts are there

and work together

• Allow the instructor and student to have a conversation about the

lessons that can be drawn from the exercise.

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 270

• The instructor explains the scenario to the class. It is fictional but set within

the context of a real organization and a real need that exists in many countries.

The backdrop to the scenario is the idea of promoting sports activity as part

of a strategy for the national well being among the youth. The instructor uses

this backdrop to talk about creating a native app called SCORE and to fit this

creation of this app within the context of the National Plan called the Smart

Government Initiative. In keeping with the concepts of this initiative there are

strategic goals for the mission part of the scenario – to grow participation in

sports activities by growing the number of youth that are registered to use

the sports venue with all manner of information and transactions accessible

through the mobile application.

• Situational Awareness: This exercise requires that the instructor start

setting the expectation for the class. That this is going to be done with their

engagement. There is more than one way to run the exercise. The options are

explained in the next slide...........

1. This slide sets in the scenario for the exercise. It consists of a real

organization but a fictional scenario to create a Native App called SCORE.


mGovernment 271

• Fictional Scenario: The Director of UAE Youth Sports Authority is

developing the S.C.O.R.E App (Sports Centers Online Registration

for the Emirates).

• He Wants You: IT Director…lead the creation of mGov App

• Youth of the UAE: achieve 80% registration and utilization of the

sports venues and sports events.

• It is presently at 5%.

• Make “Citizens Happy”: …and your Director Happy …and you will get

a pay raise …which will make You Happy

Design the conceptual architecture

Let’s start with a Framework

The Mobile IT Conceptual Architecture Background


mGovernment 272

CONTENT

This is a fictional scenario involving the Director of the UAE Sports Authority

who has tasked his IT Director with developing a way to get more youth and

their families to participate in the sports venues offered by the government

and in participation with private industry. He tasks the IT Director with this idea.

The IT director has come up with the idea of creating a mobile app for kids to

register with their parents permission. By using the app the kids will be able to

get information and have the ability to conduct transactions like scheduling the

use of a sports facility (like a Racket Ball Court) .The goal is get registration from

an eGov web site that is currently at 5% (and not improving) up to 80% of all

youth of age within the UAE. The anticipation is that the mobile app and its many

features will generate the interest by making it easier (than just the web site) to

register and by being able to conduct all manner of transactions. The task for the

class is explained in the next slide.


mGovernment 273

• Fictional Scenario: The Director of UAE Youth Sports Authority is

developing the S.C.O.R.E App (Sports Centers Online Registration

for the Emirates).

• He Wants You: IT Director…lead the creation of mGov App

• Youth of the UAE: achieve 80% registration and utilization of the

sports venues and sports events.

• It is presently at 5%.

• Make “Citizens Happy”: …and your Director Happy …and you will get

a pay raise …which will make You Happy

Design the conceptual architecture

Let’s start with a Framework

The Mobile IT Conceptual Architecture Background

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 274

CONTENT

Consider a very high level conceptual architecture consisting of six areas:

• Devices that include the smart phones, tablets, laptops and desktops

• Front Ends which is generally where the application code runs. In this scenario

using a Native App it would be at two places, the smart phone hosting the Native

App and the data center web site hosting some of the processing that takes

place within the data center

• Back End that include the databases and data storage. This app is going to

host videos and a database of all the app registrants

• Networks are the many networks that the app uses from the local area network

in the data center to the carrier network (as two examples)

• This is the first of several slides intended to walk through various steps in the

exercise. The task is to allocate the IT services and technologies within areas

of an IT Infrastructure to host and support an mGov application as described

in the scenario.

• Situational Awareness: The instructor can choose to run the exercise

by leading the class directly or by breaking up the class into groups. This is

explained in more detail in the next slide.

1. To explain the idea of the conceptual framework in order to conduct the

exercise. It consists of six parts.


mGovernment 275

GLOSSARY

Front End, Back End

CONTENT

Scenario Framework for a Mobile IT Architecture

4

Security OverlayO

ther

Ser

vice

s

Devices

Back-ends

Networks

Front-ends

• Security Overlay is the set of security technologies and services that provide

protection for the IT Infrastructure and the organization.

• Other Services is the set of external services that interface with the mobile app

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 276

CONTENT

In this slide there is a range of IT technologies and services that are scattered

in no organized way. That it is intentional. There could be more “things” added

but the point of the exercise can be achieved with the current IT elements that .

• This slide starts the exercise. The idea is to convey it as an unstructured and

unorganized set of “things” that are needed to make up the IT Infrastructure.

The exercise is then to place these “things” in the correct area of the

conceptual architecture. In many cases there is not one correct answer of

where they belong and in other cases the “things” belong in more than one

place. The exercise of actually moving it to the right area in the conceptual

architecture is the opportunity to have a discussion about why and what does

it mean.

• Situational Awareness: Depending on the approach, the class divides into

groups to do the exercise as separate groups and then compare the results or

the class does it together with the instructor leading the conversation.

1. This is a scattering of the many services and technologies that make up the

IT Infrastructure including mobile apps.


mGovernment 277

Services and Technologies

Smart Phones

Mobile DMZ

Lap & Desktops

Feature Phones

SCORE Web Site

Front-Office APIs

Business Logic

Mobile APIs

Video Stream

Disaster Recovery

Org DBs

Back-Office APIsTablets

SANS or NAS

WAN (MPLS)

Carriers (Mobile)

LAN

PAN (NFC)

Resource Authorization

Archival

Incident Identification

Validation of Information

Authentication

Log Collection

Log Analysis

Reputation Mgt

IDS/IPS

SSL Certificate and Key Mgt

Incident Response

S/W Assurance

Shared Data Resources

Compliance

TSM: Trusted Services ManagerMobile App

Stores

CERT

DAR Encryption


mGovernment 278

Compliance: In data storage terminology, the word compliance is used to refer

to industry-wide government regulations and rules that cite how data is managed

and the need for organizations to be in compliance with those regulations. The

term encompasses data storage, data archiving, data encryption, and also data

retrieval.

http://www.webopedia.com/TERM/C/compliance.html

APIs: application program interface

API, an abbreviation of application program interface, is a set of routines,

protocols, and tools for building software applications.

http://www.webopedia.com/TERM/A/API.html

Public Carrier: A government-regulated organization that provides

telecommunications services to the public.

http://www.webopedia.com/TERM/P/public_carrier.html

WAN: wide area network

A wide-area network (WAN) spans a relatively large geographical area and typically

consists of two or more local-area networks (LANs).

http://www.webopedia.com/TERM/W/wide_area_network_WAN.html

MPLS: Multiprotocol Label Switching

Multiprotocol Label Switching (MPLS) gives network operators flexibility to divert

and route traffic around link failures, congestion and bottlenecks.

http://www.webopedia.com/TERM/M/MPLS.html

GLOSSARY


mGovernment 279

GLOSSARY

LAN: local-area network

A local-area network (LAN) spans a relatively small area. LANs are capable of

transmitting data at very fast rates with limited distance.

http://www.webopedia.com/TERM/L/local_area_network_LAN.html

SAN: Storage Area Network (SAN) services,

SAN is a technology used by businesses to obtain greater flexibility in their data

storage. A Storage Area Network (SAN) provides raw storage devices across a

network, and is typically sold as a service to customers who also purchase other

services.

http://www.webopedia.com/TERM/S/SAN_services.html

NAS: Network Attached Storage

A network-attached storage device is a server that is dedicated to nothing more

than file sharing.

http://www.webopedia.com/TERM/N/network-attached_storage.html

DAR Encryption: data at rest protection

DAR is subject to threats from hackers and other malicious threats. To prevent

this data from being accessed, modified or stolen, organizations will often employ

security protection measures such as password protection, data encryption, or a

combination of both.

http://www.webopedia.com/TERM/D/data_at_rest_protection.html


mGovernment 280

PAN: Personal Area Network.

Based on the electric-field transmission medium, is an IBM technology that allows

individuals to exchange data with a simple touch or grasp, such as a handshake.

http://www.webopedia.com/TERM/P/PAN.html

IDS: intrusion detections system

A system that inspects all inbound and outbound network activity and identifies

suspicious patterns that may indicate a network or system attack.

http://www.webopedia.com/TERM/I/intrusion_detection_system.html

IPS: intrusion prevention system

An IPS, or intrusion prevention system is used in computer security. It provides

policies and rules for network traffic along with an intrusion detection system

for alerting system or network administrators to suspicious traffic, but allows the

administrator to provide the action upon being alerted.

http://www.webopedia.com/TERM/I/intrusion_prevention_system.html

CERT: Computer Emergency Response Team.

CERT was started in December 1988 by the Defense Advanced Research Projects

Agency, which was part of the U.S.

http://www.webopedia.com/TERM/C/CERTCC.html

GLOSSARY


mGovernment 281

GLOSSARY

Services and Technologies

Smart Phones

Mobile DMZ

Lap & Desktops

Feature Phones

SCORE Web Site

Front-Office APIs

Business Logic

Mobile APIs

Video Stream

Disaster Recovery

Org DBs

Back-Office APIsTablets

SANS or NAS

WAN (MPLS)

Carriers (Mobile)

LAN

PAN (NFC)

Resource Authorization

Archival


Validation of Information

Authentication

Log Collection

Log Analysis

Reputation Mgt

IDS/IPS


Incident Response

S/W Assurance


Compliance

TSM: Trusted Services ManagerMobile App

Stores

CERT

DAR Encryption

Software Assurance: Software assurance (SwA) is defined as “the level of

confidence that software is free from vulnerabilities, either intentionally designed

into the software or accidentally inserted at anytime during its lifecycle, and that

the software functions in the intended manner.”[1]

www.wikipedia.com

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 282

CONTENT

So this is one answer for the “things” that should be allocated to the framework

area called Devices. They include: Smart Phones, PAN including NFC, Lap and

Desktops, Tablets, Feature Phones, the SSL Certificates, the Mobile APIs and even

the Business Logic. Why are they there? Think back to the scenario that is the

background for this exercise: You have an application that will collect information

about children and interface with many of the features of the smart phones. It

will need to serve everyone including people with just a feature phone. Privacy

will need to be a major consideration. And consider all the many platform types.

There is a lot of complexity in this. What may have appeared to be a simple

task of creating a Native App is maybe not so simple. There is so much more to

consider…beginning with the next area in the framework.

• Depending on the two alternative approaches for teaching this exercise the

instructor either visits with each of the groups to see how they are progressing

or picks students from the class to challenge with the question “what are the

elements or things that were randomly placed in the previously slide” that fit

into the framework area called Devices?”

• Situational Awareness: There is no perfect solution to the allocation. What is

more important is the justification discussion.

1. This slide is used to allocate the “things” that fit the definition of devices

within the framework.


mGovernment 283

Devices in the Framework

Security OverlayO

ther

Ser

vice

s

Front-ends

Devices

Back-ends

Networks

Smart Phones Lap & Desktops

Feature PhonesBusiness Logic

Mobile APIsTablets

PAN (NFC)

SSL Certificate

DAR Encryption

• Why would Data at Rest (DAR) be considered under devices?

A) Data can be stored in these “devices” and may need to be protected with

encryption (correct)

B) DAR only applies to data inside of the data center and should not be associ-

ated with “devices”

Test Questions


mGovernment 284


Data at rest is subject to threats from hackers and other malicious threats. To

prevent this data from being accessed, modified or stolen, organizations will

often employ security protection measures such as password protection, data

encryption, or a combination of both.


PAN: Personal Area Network.

Based on the electric-field transmission medium, is an IBM technology that allows

individuals to exchange data with a simple touch or grasp, such as a handshake.


NFC: Near Field Communication

Abbreviated as NFC, Near Field Communication is a standards-based, short-

range wireless connectivity technology that enables convenient short-range

communication between electronic devices. The underlying layers of NFC

technology are ISO, ECMA, and ETSI standards.

http://www.webopedia.com/TERM/N/Near_Field_Communication.html

SSL: Secure Sockets Layer

Secure Sockets Layer (SSL) is a protocol for transmitting private documents via

the Internet. SSL uses a cryptographic system that uses two keys to encrypt data.

http://www.webopedia.com/TERM/S/SSL.html

GLOSSARY


mGovernment 285

Devices in the Framework

Security OverlayO

ther

Ser

vice

s

Front-ends

Devices

Back-ends

Networks

Smart Phones Lap & Desktops

Feature PhonesBusiness Logic

Mobile APIsTablets

PAN (NFC)

SSL Certificate

DAR Encryption

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 286

CONTENT

Moving from the Devices to the Front End it is important to establish that the

Front End for the scenario is in two places: within the smart phone and in the

data center. Again, this is one answer for the “things” that should be allocated

to the framework area called Front End. They include: the Front End APIs, Video

Streaming Servers, the Mobile DMZ, Validation of Information the Mobile APIs

and the Business Logic. Why are these “things” allocated as part of the Front

End? Think back to the scenario that is the background for this exercise: You

have an application that will collect information about children and interface a

database and with web servers. Sports and videos go together so video streaming

on web servers is another expectation. The SCORE web site will be in the Front

End. Continuing on to the next area in the framework.





into the framework area called Front End?”

• Situational Awareness: There is no perfect solution to the allocation. What

is more important is the justification discussion.

1. This slide is used to allocate the “things” that fit the definition of Front End



mGovernment 287

The Front End in the Framework

Security OverlayOth

er S

ervi

ces

Front-ends

Devices

Back-ends

Mobile DMZSCORE Web SiteFront-Office APIs Business Logic

Mobile APIsVideo Stream Validation of Information


mGovernment 288


API, an abbreviation of application program interface, is a set of routines, protocols,

and tools for building software applications.


GLOSSARY

• Why would Validation of Information be considered under Front End?

A. The front end often holds the business logic in the software. When collecting

information, especially the personal information of the kind expected within

this scenario, there is an expectation that there is information validation. This

is a basic principle in good data base design. This validation may in fact occur

at the Front End of the data center or within the Native Application on the

smart phone. (correct)

B. Validation of Information is misplaced and does not belong here.

Test Questions


mGovernment 289

The Front End in the Framework

Security OverlayOth

er S

ervi

ces

Front-ends

Devices

Back-ends

Mobile DMZSCORE Web SiteFront-Office APIs Business Logic

Mobile APIsVideo Stream Validation of Information

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 290

CONTENT

The Back End is normally associated with data storage but there is so much more

that goes on in this area of the conceptual framework. Compliance is an example.

This is an activity that is critical to data center operations that have to go through

many steps in compliance to various standards. Video streams may also be held

in high capacity storage designed for video. Business logic in the databases,

organizational databases, the back office APIs that serve to streamline the flow

of information with the Front End, these are all activities and technologies that

take place in the back end. There are others including archival of data, disaster

recovery, encryption for the data at rest, log collections and maintenance, and

the actual storage units in SANS or NAS units. All aspects of these “things” are

associated in some form with the Back End necessary for the scenario of the

SCORE application. Continuing on to the next area in the framework.





into the framework area called Back End?”



1. This slide is used to allocate the “things” that fit the definition of Back End



mGovernment 291

The Back End in the Framework

8

Security OverlayO

ther

Ser

vice

s

Front-ends

Devices

Back-ends

Networks

Business LogicVideo Stream

Disaster Recovery

Org DBs

Back-Office APIsSANS or NAS

Archival

Authentication Log CollectionShared Data Resources

Compliance

DAR Encryption


mGovernment 292

Compliance: In data storage terminology, the word compliance is used

to refer to industry-wide government regulations and rules that cite how

data is managed and the need for organizations to be in compliance with

those regulations. The term encompasses data storage, data archiving, data

encryption, and also data retrieval.

http://www.webopedia.com/TERM/C/compliance.html


API, an abbreviation of application program interface, is a set of routines,

protocols, and tools for building software applications.


SAN: Storage Area Network (SAN)




services.




than file sharing.


GLOSSARY


mGovernment 293

GLOSSARY







• Why would Shared Data Resources be considered under Back End?

A. The Back End end is a repository for all kinds of information that include

some that may be exchanged with other organizations or may actually be from

other organizations. These data resources can be exchanged in a variety of ways

such as setting up a gateway or even making duplicate copies. (correct)

B. Shared Data Resources is misplaced and does not belong here.

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 294

CONTENT

There are many kinds of networks associated with implementing this type of

scenario starting with the local area network for the functional area that supports

the SCORE application, the mobile area carrier network, WiFI as a Personal Area

Network and even NFC for local payment transactions. Log analysis is also here

as a function of network operations. The MPLS is called out as an example of a

WAN. This opens up a discussion about the potential that the actual data center

for the SCORE application would likely be in the centralized Federal Cloud.





into the framework area called Networks?”



1. This slide is used to allocate the “things” that fit the definition of Networks



mGovernment 295

The Networks in the Framework

9

Security OverlayO

ther

Ser

vice

s

Front-ends

Devices

Back-ends

NetworksWAN (MPLS)Carriers (Mobile)

LAN PAN (NFC)

Log Analysis


mGovernment 296

Public Carrier: A government-regulated organization that provides

telecommunications services to the public. This includes AT&T, MCI, and

Western Union.

http://www.webopedia.com/TERM/P/public_carrier.html

WAN: wide area network

A wide-area network (WAN) spans a relatively large geographical area and

typically consists of two or more local-area networks (LANs).

http://www.webopedia.com/TERM/W/wide_area_network_WAN.html

MPLS: Multiprotocol Label Switching

Multiprotocol Label Switching (MPLS) gives network operators flexibility to

divert and route traffic around link failures, congestion and bottlenecks.

http://www.webopedia.com/TERM/M/MPLS.html

LAN: local-area network

A local-area network (LAN) spans a relatively small area. LANs are capable of

transmitting data at very fast rates with limited distance.

http://www.webopedia.com/TERM/L/local_area_network_LAN.html

SAN: Storage Area Network (SAN)




services.


GLOSSARY


mGovernment 297



than file sharing.


PAN: PAN is short for Personal Area Network. Based on the electric-field

transmission medium, is an IBM technology that allows individuals to exchange

data with a simple touch or grasp, such as a handshake.


GLOSSARY

• Why would Near Field Communication (NFC) be considered under Network?

A. NFC is used for making mobile payments. It is very conceivable that the

scenario makes use of mobile payments at the point of payment at the sports

venues, which would make it a form of network communications. (correct)

B. NFC is misplaced and does not belong here.

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 298

CONTENT

The security overlay is the set of technologies and services that serve the

purpose of protecting the IT system. The elements of the IT Infrastructure noted

here are not more than examples to run the exercise. Compliance was already

discussed for the Back End, but it is listed here for the security functions. IAM

serves to establish the identity of the application registrants and to provide

application access. The DMZ is a security perimeter. CERT is listed to identify the

need for a liaison with the National CERT. SSL Certificates and Key Management

is listed here for the application recognizing the need for encryption in the

communications channel. Incident identification is a security watch function to

detect and respond to security incidents.





into the framework area called Security Overlay?”



1. This slide is used to allocate the “things” that fit the definition of Security

Overlay within the framework.


mGovernment 299

CONTENT

The Security Overlay in the Framework

10

Security OverlayO

ther

Ser

vice

s

Front-ends

Devices

Back-ends

Networks

Mobile DMZ

Disaster Recovery

Authorization


IAM

Log Analysis

Reputation Mgt

IDS/IPS


Incident Response

S/W Assurance

Compliance

CERT

DAR Encryption

Disaster recovery is also associated with security functions as are reputation

management to protect the web site from malicious spoofing. DAR encryption

is listed for encryption of the data from the registrants. Software assurance is a

discipline to ensure that the software for the SCORE application is coded free of

vulnerabilities. IDS and IPS are security technologies to detect and protect against

malicious attacks. Lastly, authorization is a function of providing authorization to

use the IT system resources. All of these technologies, services parts of what

make up the security overlay.


mGovernment 300

IAM: Identity and Access Management

In computing, identity management (IdM) describes the management of

individual principals, their authentication, authorization,[1] and privileges within

or across system and enterprise boundaries[2] with the goal of increasing

security and productivity while decreasing cost, downtime and repetitive tasks.

[3] The terms “Identity Management” and “Identity and Access Management” (or

IAM) are used interchangeably in the area of Identity access management, while

identity management itself falls under the umbrella of IT Security.[4]

www. Wikipedia.com







IDS: intrusion detection system

A system that inspects all inbound and outbound network activity and identifies

suspicious patterns that may indicate a network or system attack.

http://www.webopedia.com/TERM/I/intrusion_detection_system.html

GLOSSARY


mGovernment 301

IPS: intrusion prevention system

An IPS, or intrusion prevention system is used in computer security. It provides

policies and rules for network traffic along with an intrusion detection system

for alerting system or network administrators to suspicious traffic, but allows the

administrator to provide the action upon being alerted.

http://www.webopedia.com/TERM/I/intrusion_prevention_system.html

CERT: Short for the

Computer Emergency Response Team. CERT was started in December 1988 by

the Defense Advanced Research Projects Agency.


Software Assurance: Software assurance (SwA) is defined as “the level of

confidence that software is free from vulnerabilities, either intentionally designed

into the software or accidentally inserted at anytime during its lifecycle, and that

the software functions in the intended manner.”[1]

www.wikipedia.com

GLOSSARY

• Why would Log Analysis be considered Security Overlay?

A. The functions associated with Log Analysis include network and security.

The logs serve as a repository for incident detection, incident analysis, foren-

sics and in some cases as legal evidence. (correct)

B. Log Analysis is misplaced and does not belong here.

Test Questions

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 302

CONTENT

The area called Other Services consists of services that are provided by a

different party. The CERT was already discussed is a national level activity. The

TSM is a third party to handle transactions that require the use of a third party

broker. Disaster recovery is often handled through a provider that can include

off-site storage of data. Reputation management is also typically a service that

is acquired to watch over the online reputation of individuals or organizations.

The shared data resources can be centralized in a third-party organization that

acts as a gateway to shared information. And lastly, the mobile app stores from

the major providers like iTunes and Google Play to host the apps. All of these

“things” or elements in a broad definition of the IT Infrastructure are potential

components of the SCORE application environment.





into the framework area called Other Services?”



1. This slide is used to allocate the “things” that fit the definition of Other

Services within the framework.


mGovernment 303

Other Services in the Framework

Security OverlayO

ther

Ser

vice

s

Front-ends

Devices

Back-ends

Networks

Disaster Recovery

Reputation Mgt


TSM: Trusted Services Manager

Mobile App Stores

CERT


mGovernment 304

CERT: Computer Emergency Response Team

CERT was started in December 1988 by the Defense Advanced Research Projects

Agency, which was part of the U.S.



A trusted service manager (TSM) is a role in a near field communication ecosystem.

It acts as a neutral broker that sets up business agreements and technical

connections with mobile network operators, phone manufacturers or other

entities controlling the secure element on mobile phones. The trusted service

manager enables service providers to distribute and manage their contactless

applications remotely by allowing access to the secure element in NFC-enabled

handsets.

GLOSSARY

• Why would Trusted Services Manager (TSM) be considered in Other Services?

A. The TSM is a third party service designed to serve as a trust-broker between

two parties in order to conduct an electronic (online) transaction that requires

the parties to have a way of validating the identity of the other. (correct)

B. TSM is misplaced and does not belong here.

Test Questions


mGovernment 305

Other Services in the Framework

Security OverlayO

ther

Ser

vice

s

Front-ends

Devices

Back-ends

Networks

Disaster Recovery

Reputation Mgt



Mobile App Stores

CERT

f

LEARNING OBJECTIVES

INSTRUCTOR GUIDANCE


mGovernment 306

CONTENT

There are many lessons to be drawn from this exercise. One of them is that it is not

as simple as making an app. The scenario seems simple, but the implementation

of making that scenario come to life is rather complex with many parts to the

architecture and many elements of the IT Infrastructure that are needed to make

it all work. It is much like building an eco-system so that the app can function,

so the data can stay secure and so that all the features of the application can

work. It will require not one but many organizations to work collaboratively.

There is also the lesson that something this complex should start with limited

functionality and grow with time to add additional features.

• This is the moment when the class is combined and the instructor reviews the

key lessons to be drawn from the exercise. Ideally the lessons come from the

students who are asked to defend their decisions about the allocation of the

elements of the infrastructure and to consider other points of view from the

other members of the class.

• Situational Awareness: keep the class engaged so it remains their exercise.

1. The objective of this slide is to bring the exercise to a close by having a

discussion about the lessons drawn from the exercise.


mGovernment 307

• Not as easy as “make an app”…

• You won’t control all the “parts…things…assets…”

• Best to start with simple capabilities and grow the capabilities

through iterations of releases, like Apple and Google does

• It is really an eco-system that is being built

• Of many cooperating organizations

• And many parts operating asynchronously

• Keeping your end goal (making happy citizens)

• A partnership: government + citizens + private sector

• The complexity is the enemy of the security…many points where it

can be compromised

• One can argue that the most vulnerable piece is the software

(the app)

What have we Learned?

• In the scenario, it is expected that the IT Director will have full and direct

control over all of the services, technologies and functions.

A. True

B. False (correct)

Test Questions


mGovernment 308

CONTENT

• Understand all of the many elements in an IT infrastructure that are needed

to support the mobile services applications.

• Convey the idea that mobile requires more than the traditional enterprise and

eGovernment IT architectures.

• Enable a conversation about where the different elements of the architecture

belong and why they belong there. This could also be used in the early planning

stages of an app development project.


mGovernment 309

• The exercise is about the many parts of an IT Infrastructure. Like

putting pieces of a puzzle together – but with consequences for

security, performance and ultimately the success of the mobile app

project.

• Making the App work is about ensuring that all the parts are there

and work together.


mGovernment


of this material

QUIZ

310


Quiz – Question 1

1. Building a complex mGov app that uses the features of the

smart phones is: (Pick all the correct answers)

A) Something that can be controlled by one organization

B) Much like building an eco-system of different data and

service owners working asynchronously. (correct)

C) A partnership between the government, citizens and the

private sector. (correct)

mGovernment

Quiz – Question 2

311

fModule 11: Mobile IT Architecture Exercise

2. The messages of this module of instruction are: (Pick all the

correct answers)

A) There are many elements in the information system needed

to make an application work. Everything on this list should at

least be considered. (correct)

B) Many of the elements are going to be outside the direct

control of the owners of the application and so there is greater

need for collaboration and agreements. (correct)

C) Whenever possible use shared resources to avoid recreating

an existing source of information or service. (correct)

D) There is a great deal of complexity. It is not as easy as

making an app. (correct)

E) TRA can do all of this for you.

F) Security needs to be a part of all the different parts of the

system. (correct)

G) Avoid doing a Native App as it will get too complicated.

H) Mobile has a high impact on the IT infrastructure - all

aspects of it. (correct)

I) The proposed scenario is far fetched, something so extreme

that the complexity described in the exercise will never really

apply.

End of Book

www.government.ae

Documents

New MOBILE INFRASTRUCTURE · 2019. 6. 16. · Module 1: Front Ends and Back Ends mGovernment 17 DMZ: The acronym DMZ stands for DeMilitarized Zone. It is a term borrowed from the