Prepared by Dept. of Information Technology & Telecommunications, August 29, 2015 DoITT Service Offerings Applications, Infrastructure and Capabilities

Prepared by Dept. of Information Technology & Telecommunications, April 21, 2023

DoITT Service Offerings

Applications, Infrastructure and Capabilities


AgendaData Center Offerings

– Storage Management– Backup and Data Protection– Disaster Recovery and Data Replication

Hosting Environment – Mainframe Hosting – UNIX Hosting (UNIX, Linux)– WINTEL Hosting– Database Management – Oracle, SQL and Mainframe

Identity and Enterprise Systems Management


DoITT introduction

– Presenters

• Gregory Neuhaus, Assistant Commissioner, Unix Shared System Services

• Diane Sciabarra, Director, Database Technologies • Donovan Hall, Directory Services Engineer• Diane Witek, Director, CityServ - Enterprise Email

and Application Hosting Services


DoITT DataCenter Offering

Datacenter Facilities, Storage Management,

Disaster Recovery, Data Replication


Data Center Offerings

Facilities Planning and ManagementStorage Management

– Enterprise Storage Area network – Scalable storage – Reduced cost over standalone storage

Disaster Recovery and Data Replication– Provide DR Infrastructure and data replication services. Using

DWDM technologies to have a 2GB per second data replication channel.

Backup and Recovery Services

– Protect data for hosted applications

Facilities Planning and ManagementNetwork management


Enterprise Storage – Scalability of storage is critical for the City’s future application needs

– The efficiency and intelligence of storage management is key to the operation of city applications and related services

– The demand for storage capacity continues to grow

Replication and Backup– Data replication needs will increase as application availability increases

– Disaster recovery continues to increase replication and tape backup needs

Design Considerations – DoITT Overview Open Systems

– Design Considerations

Management of Storage – Storage Resource Management


Replication and Backup

– Disaster recovery continues to increase replication and tape backup needs

• What is your timeframe to recover your application?

• Replication significantly increase storage and network requirements

– Tape Backups• Do you have the capacity?• What will be your legal requirements to store data?


Overview of DoITT Open System Storage

Open Systems Hosts with Significant Storage Requirements

Metrotech

SE9980V

Maiden Lane

FISA

DWDM

Silkworm 12000 (2)

Tape Silo

Pool of ACS-controlled STK 9940B Drives

Windows

UNIX - Linux


Silkworm 12000 (2)

Silkworm 12000 (2)

Windows

SE9980V

L180

Pool of mediamanager-controlled STK 9940B Drives


UNIX DR

UNIX - Linux

Tape Silo

ESS

ESS


SAN: Reliability

– 2 independent fabrics, providing at least two independent paths for a particular host to its data

– Each fabric utilizes separate Brocade directors and separate Hitachi host access ports

– No single point of failure– SAN subsystems are actively monitored on a 24x7x365

basis – Silkworm directors utilize Brocade’s FabricWatch

monitoring software – As a backup system, Sun Management Center modules

actively monitor each director and each frame


SAN: Disaster Recovery

– SAN fabrics span three sites utilizing a DWDM ring

• Frame-to-frame replication utilizing Hitachi TrueCopy• SAN-attached Veritas Netbackup environment

– Provides reliable and timely backup of hosts at MetroTech datacenter

– Direct to tape backup/restore options for SAN-attached hosts– Multiple Sun servers in a clustered environment– StorageTek silo utilizing 16 SAN-attached 9940b drives and

approximately 6000 tape cartridges


SAN: Security– Built to be managed and monitored over IP networks– To minimize the risks, independent IP networks utilizing

secure, independent switches have been configured at each site

– Access via a firewalled bastion host– Within the Hitachi frames, storage allocation is handled

via LUN masking– Any LUN masking configuration changes are subject to

peer review within DoITT’s open systems group– Within the Brocade directors, storage access is handled

via hardware-enforced WWN zoning


Application Hosting

Applications (311, NYC.GOV), Email, GIS


Hosting Services

• System design and capacity planning

• 24x7 Help Desk and Server Support

• System development and deployment - Projects are developed from business need to deployment with in-house skills

• High availability and disaster recovery planning and systems

• Facilities and Network Infrastructure

• Testing and deployment methodologies that allow for timely tested deployment of applications


UNIX Shared Services:

Greg [email protected]

(718) 403-8633

Ricardo [email protected](718) 403-8140


DoITT Mainframe Services and Facilities


Mission:

– To provide low-cost, efficient, centralized data processing infrastructure services for all City of New York entities

– DoITT is the custodian of 200 critical systems and applications for 40 City agencies

– Hosting service started April 1, 1979


A Few Accomplishments

– Data Center Consolidations:• Dept of Finance – 1991• Dept of Sanitation – 1992• HPD – 1995• Dept of Transportation – 1998• HRA – 1998• Dept of Education – 2005


A Few Accomplishments (cont’d)

– Web Enabled Systems:

• BIS -- 2001• CFB – 2005• DOF -- 2001 & ongoing• Property Search• Star Exemption• Tax Rebate System• Bar Codes for semi-automated Payment


Services Include Large centralized mainframe operation

24 x 7 x 365 operations support Infrastructure support

Security administration File backup/recovery Operating systems Database administration Transaction systems Network Services (different forum) Data management

Disaster Recovery Offsite backup/recovery Hotsite services Data replication


New Data Center - Mainframe Servers

– T-REX Technology

– IBM 2084-304 w/48GB

– IBM 2084-303 w/40GB

– Total MIPS: 2863


Virtual Tape Environment

– 23 TB cache– 1,440 TB Tape Capacity– 512 Virtual Tape Drives– 24 High Speed/Density Tape drives (STK 9840)– 120 GB of data on each tape – FICON Cache Access (100 megabytes/sec)


Drive Systems

– DASD Capacity and Throughput

• 45 TB capacity

• 3 IBM 2105-800 FICON SHARK subsystems– 100 MB/SEC Data Transfer

– Logical volumes 8.4 and 25.6 GB each

• Synchronous replication to PPRC at 33rd St NYC


Mainframe Security Administration

- RACF security- Client agency administrators authorize updates

via WITS system (intranet)


Mainframe Operating Systemsz/OS Release 1.5 (1.7 - soon)

– Batch job processing– Transaction systems– Unix System Services

• Web Services

– Linux• Virtual servers• Unix type environment• Web Services


Linux EnvironmentIBM 2084-304

IBM 2084-303

– 2 Dedicated IFL Engines– 900 MIPS– 8 GB Real Memory– Runs Under VM

• Can define up to 130,000 Virtual Servers

– 8 - 1Gigabit Open system Adapters


Backup/Restore Disk Files

– SMS Managed Files• Incremental backup daily at file level• Archive files not recently accessed

– Non-SMS Managed Files • Backup to tape at volume level• Five generations of backup

– ADABAS Backup• Incremental backup daily


Database Systems/Admin

– ADABAS/Natural• DBA services• Install/Customize Software AG products• Support Entire-X for Web access to legacy databases • SQL access to ADABAS• ADABAS data replication to other environments

– DB2• Install/Customize DB2 environments• Provide technical assistance


Transaction Systems

– Install/maintain CICS software• Customize environment

• Install/maintain related software products– Compuware– Computer Associates– Etc.

• Provide Client support


LASTLY,A WORD ABOUT COBOL


Supported Version of COBOL

• IBM currently supports COBOL LE (LANGUAGE ENVIRONMENT) for z/OS.

• VS/COBOL is not supported and will cease to function in the near future.

• COBOL II modules still run and will continue to run for the foreseeable future.

• Any new coding should be in COBOL LE for z/OS only.


Status of VS COBOL

• VS COBOL has been unsupported for over two decades

• VS COBOL load modules will not function with Transaction Server 3.1

• VS COBOL code must be revised and recompiled –preferably using LE

• There will be a User Meeting to discuss what steps DOITT is taking to help with application issues


Disaster RecoveryIf DoITT Data Center experiences a prolonged outage:– We would restore backup tapes to disk at Hotsite in

Philadelphia– Process would take 2 days and data could be up to 1

week old

Planned Hotsite in Manhattan – Data Replication via PPRC

• Data would be current

– Hotsite will be Citynet hub• Network connectivity already established

– LPARs ready to IPL• Applications available within 2 hours of disaster


Mainframe:Walter [email protected](718) 403-8604

Database (Mainframe): Diane [email protected](718) 403-8203


Identity Management

(Formally Referred to as LDAP)


Identity Management

– Identity Management Definition

• Managing the information associated with an employee throughout the enterprise

– What is Employee Life Cycle Management?

• The management of identities across IT services

NameEmployee ID

TitleAgency

Department/UnitManager

Email AddressTelephone

FaxUser NamePassword

Cell-phonePager


Identity Management

– Identity Management Goals:

• Consistent and up to date identity data

• Simplify access using reduced sign-on

• Improve efficiency of provisioning and de-provisioning

• Improve Security

Identity Management provides a framework of services to deliver those goals.


Identity Management

– Password Management

• Password self-service - User ability to manage central authentication credentials

• Reduced sign-on by integration of applications and web services to support central authentication credentials

• User password management (Single Sign-On) - Automated sign-on to applications at desktop to provide

• Consistent password policy enforcement


Identity Management

– Authentication and Authorization

• Support centralized authentication and authorization

• Future support for Web based SSO (City-Wide) and Federated Web SSO (External agencies)

• Future support for PKI and other ‘strong authentication’ mechanisms


Directory ServicesServices Supported By The Enterprise Directory

Directory Services

NowSingle Sign-On

City Directory – City-Wide White PagesVPN Services

Remote Access Portal

FuturePassword Self-Service

City Share PortalDatashareDNAHits

COIBCity Time

City-Wide ApplicationsAgency Applications


Future Services

Directory Services

Password Self-ServiceCity Share Portal

DatashareDNAHits

COIBCity Time

City-Wide ApplicationsAgency Applications


Identity Management Contacts:

Rakesh PatelManager Enterprise Directory Services, IT [email protected]

Daniel SrebnickAssistant Commissioner, IT [email protected]

Directory Services Contact:

Donovan HallDirectory Services [email protected]


Server and Desktop Services

Wintel Services

Hosting and Managed Services


Mission:

– To Provide highly available and scalable systems to service agencies based on the Wintel platform

• Leverage existing and future technologies

• Increased cost efficiencies with centralized management and architecture

• Follow best practice processes and strategies e.g. Microsoft Information Technology Infrastructure Library


Overview of DoITT Wintel Hosting Systems

DoITT Wintel

Services

Windows 2003 Servers

• Manage, maintain and support over 200 Windows based hosts

• Manage Wintel hosts across 3 different City datacenters

Application and Database

• Manage, maintain, and support over 50 different SQL 2000 and Oracle database instances

• Ability to host and support enterprise web applications and web

services

• Provide 365 days x 24 hours x 7 days onsite support

• Support disaster recovery environments to ensure business continuity

Server Hosting

• SharePoint Portal Server

• Exchange 2003

• Internet Security and Acceleration (proxy) server

• ePolicy Enterprise Virus control server

• Host Integration Server

• Internet Information Server (IIS 6.0)

• AD Hosting

Operations


SDS Strategies

– Consolidated infrastructure and support

– R & D of both new technologies and methodologies to ensure highest level service for all technology initiatives

– Strong Project Management across all SDS programs

– Leveraging use of current resources• Includes both DoITT resources and agency Resources


Current Cost Benefits

– No license fees for Microsoft Server based Technologies • Microsoft Exchange Server Licenses• Microsoft SQL Server Licenses• Microsoft Host Integration Server Licenses (SNA connectivity)

– Lower Blackberry licensing fees – Blackberry Web browsing

– No-cost storage, back-up and restoration services

– Reduced administrative overhead• Increased staff productivity

• Platform upgrade without hardware cost

• No Microsoft licensing costs via Outlook Web Access


SDS Hosting Services

– Messaging Services• Exchange Hosting and migration services• Blackberry• eMail Archiving• Right Fax Service• Live Communication Server (AD Hosting Required)

– Secure Instant Messaging, Application Sharing, Video Conferencing

– Domain Hosting• Citywide Active Directory Forest Integration• Distributed Virus Protection• Distributed Monitoring of Server Systems and Applications


SDS Hosting Services (continued)

– Application Hosting• Microsoft Windows SharePoint Services (with eGov)• Microsoft SQL Server Hosting• ASP and ASP.NET hosting• .NET Frameworks 1.x and 2.x (Summer 2005)

– SNA Connectivity• Host Integration Server

– Other Services• McAfee ePolicy• WUS (Windows Updating Service)


SDS IT Collaboration

– Work with Unix team for SAN Storage and backup solutions

– Work with Mainframe team to provide offsite storage facilities and connectivity to Mainframe environment via Host Integration Server

– Work with eGov to provide the foundation for Wintel Based applications

– All teams communicate to determine best solutions across all platforms


Participating Agencies

– Bronx District Attorney– City Commission on Human Rights– Civilian Complaint Review Board– Department of Consumer Affairs– Department of Buildings– Department of Finance– Department of Sanitation– Department of Youth and Community Development– Mayor’s Office of Film Broadcasting & Theatre– NYC Marketing– Office of Administrative Trials and Hearings– Office of Collective Bargaining– Office of Payroll Administration– Parks Department– Department of Records and Information Services– Taxi and Limousine Commission


SDS Future Initiatives– Windows Web Farm for Application Hosting

in Citynet and the DMZ (Public Facing)

• High Availability - Spans across DoITT & FISA DCs• Application Hosting – on demand w/o hardware• Replication, Managed & Monitored 24X7• Agency or DoITT Managed• Rapid Development in virtualized environments:

– Development– Staging– Production


Server and Desktop Services:

Christopher [email protected](718) 403-8203

Web and Application Farm:

Marcos [email protected](718)-403-8420


Enterprise Systems Management

ESM Vision and Rationale

Manager of Managers (MOM) Overview and Features

Business Service Management (BSM) Overview and Features

ESM Prospective and Overview


Enterprise Systems Management – Vision

– The ESM systems will enable the City to proactively manage IT resources; automate problem tracking; monitor, maintain and enforce best practice change control; manage physical assets to ensure high availability, reliability, improve ROI; and leverage the current investments in existing resources.

– DoITT has chosen the ITIL certified products

– These solutions will be software driven and are intended to centralize the comparison, reporting and tracking of potential and ongoing network and application issues first internally, and then expanding these services to other agencies.


Why Enterprise Systems Management?

– DoITT in conjunction with other city entities recognized the need for End-to-End Monitoring of IT resources to ensure high availability and reliability.

– By consolidating all of the alerts into a single console, it is possible to analyze the alert data to identify the root-cause of an incident, a problem or a potential problem and then achieve a quicker mean time to repair.

– Along with monitoring, the development of a multi-agency, comprehensive Service Desk will provide complete customer service, which allows for notification and tracking of both potential and current problems/issues. When faults occur in any system, rapid identification is forwarded to managers and/or technicians with the impact details of these end-to-end performance failures.


Network

Network

Network

Network

OSS

OSS

OSS

OSS

Reports

Reports

Reports

Reports

Wintel

Mainframe UNIX

Other Systems


Network

Network

Network

Network

OSS

OSS

OSS

OSS

Network

Reporting

System

Network reporting will be the first platform to deliver fully converged solution


Enterprise Systems Management - Objectives

– An objective of the ESM project is to achieve economies of scale and produce the most cost effective technology solutions for the City of New York – to achieve this objective, the project has been staged as a multi-agency initiative.

– Initially, DoITT will partner with FISA, but there is no limit to the number of agencies that can eventually benefit from the features of this service; the enterprise-wide nature of this solution will permit any agency to participate when they have the need to improve serviceability, reliability and availability.

– The functions of Change Control and Asset Management will further ensure availability and will leverage the existing investment of all IT resources.


Single Panel View


ESM Products Service management software providing the ability

to submit, monitor and manage help desk cases, change requests and asset inventory data.

Features of a BSM Software Suite:– Premier Products in the Market Place (ITIL Certified)– ITIL Best Practices built into an integrated IT Service Management

application suite– Incident and Problem Management – Change Management– Configuration and Asset Management– All Applications reside on a ‘workflow engine’ that delivers services

that will track any asset with a lifecycle


Enterprise Systems Management Prospective

– Each organizational unit’s technical staff/management will be able to proactively address potential problems and will have the ability to view and review data for problem determination and resolution.

– In creating a centralized helpdesk at DoITT, experienced technicians can be dispatched to address problems at agencies requiring those skills, which may not be readily available internally and would require a financial outlay for the agency to source.

– In addition, agencies will be able to use a web-based interface to access the centralized helpdesk application - minimizing the cost of housing and maintaining the application for each agency and allow the development of a knowledge base of problems and likely solutions, as a reference guide.


Enterprise Systems Management Overview

ESM

Services

Monitoring Suite

• Manager of Managers (MOM)

• Monitor our diverse architecture and inventory of hardware, software and the services that we currently provide

• Single View for Alerts

Business Service Management

• Incident and Problem Management

• Change Management

• Configuration and Asset Management

• DoITT

• FISA

• Future: Department of Sanitation, DCAS, the Buildings Department, the Department of Probation and others…

ITIL

• Optimize resources Utilization• Reduce Cost

• Improve Availability

• Tune Capacity

• Increase Throughput

• Improve Scalability

Supported Agencies


Questions and Answers

?

Documents

Prepared by Dept. of Information Technology & Telecommunications, August 29, 2015 DoITT Service Offerings Applications, Infrastructure and Capabilities