Secured Online Operations in CSIR Laboratories Leveraging National Knowledge Network

through OneCSIR Portal

Dr.G.Radhakrishnan Dr.K.Jayakumar IAS Project Leader, CSIR Joint Secretary(a), CSIR

Project OneCSIR Team CSIR Enterprise Transformation - ICT Initiative Project

Council of Scientific and Industrial Research (http://onecsir.res.in)

Scope of Project OneCSIR

Interconnecting all the thirty seven labs of CSIR in India, for the online work operations.

RED BULLETS signifies the locations of CSIR Labs.

Dimensions of Project OneCSIR

Modules is OneCSIR:

• Human Resource Portal

– Eg. Medical reimbursement, LTC, GPF, CEA etc.

• Finance and Accounting Portal

– Eg. FVC, pay-bill, budgeting, etc.

• Research & Development Portal

– Eg. fellowship, awards, patents, knowledge alliance etc.

• Policy and Programme Portal

– Eg. e-office, e-dak, tenure extension, legal advice etc.

• Infrastructure Engineering & Service Portal

– Eg. Rate contract, local purchase, raise indent, open tender, Transport Request etc.

• E-Learning Portal

– Eg. Online Learning &Test, Training, Knowledge Resource Management etc.

Link to access the list of all processes in all the modules od OneCSIR:

(Click on icon)

OneCSIR Architecture CSIR Data Centers

• Central Level DC:

– Database servers

– DMS servers

– Central DNS Server

– AD server (and ADC)

• Lab Level DC:

– Application servers

– Local DNS (Lab-level resolution)

NKN Connectivity • Inter-connecting all the

CSIR labs under new IP schema.

• All the IP in same subnet.

• High bandwidth for data replication.

• 1G Available for ERP transaction in the Intranet

• 100 Mbps for Internet access

Day Time (during working hours) Central Node DC: AD, Database and DMS Layer (total four center nodes planed)

Configured with other Central Node DCs to replicate for disaster recovery (SQL-database, AD/ADC and SAN level).

VPN Communication Layer

Inter-datacenter communication on NKN channel in a secure way.

Lab-level DC: Application Layer

Six ERPS modules configured with database configured at a central location

HTTP/HTTPS Communication Layer

Web-browser and App server com.

End-User Layer

Employee at each location accessing the OneCSIR (CSIR-ERP) via Web Browser.

Database Server (Failover Cluster)

NOTE: Database server with same configuration will also be deployed at CSIR’s three other labs.

CSIR Central Node DC – Delhi

DMS Server (Failover Cluster)

Application Server (Failover Cluster)

CSIR Lab Node 1

Application Server (Failover Cluster)

CSIR Lab Node 2

Application Server (Failover Cluster)

CSIR Lab Node ‘N’

... C

SIR

Em

plo

yee

HTT

P C

om

. Ap

plic

atio

n L

ayer

A

D, D

atab

ase

an

d D

MS

Laye

r

VP

N C

om

.

Active Directory Server (with ADC)

Night Time (at non-working hours)

Data replication to other DR Sites, in other Central Node DCs via NKN channel through VPN connection.

Database Server (Failover Cluster)

CSIR Central Node DC – Delhi

DMS Server (Failover Cluster)

Active Directory Server

Database Server (Failover Cluster)

CSIR Central Node DC – Bangalore

DMS Server (Failover Cluster)

Active Directory Server

Database Server (Failover Cluster)

CSIR Central Node DC – Chennai

DMS Server (Failover Cluster)

Active Directory Server

Database Server (Failover Cluster)

CSIR Central Node DC – Pune

DMS Server (Failover Cluster)

Active Directory Server

Secure VPN connection

Replicating data from the primary node

OneCSIR Architecture (Cont.) Logical Diagram

CSIR Central Node DC – Delhi

CSIR Central Node DC – Chennai

CSIR Central Node DC – Bangalore

CSIR Central Node DC – Pune

Lab-Level DC with application server in all the CSIR labs connected to the one of the active Central Node DC servers.

Central Node DC with replicated AD, database and DMS Server data.

Proposed Future Architecture (after NKN IP schema modification in CSIR)

Firewall

Router

Switch

SAN

User (Inside Lab)

User (Outside

Lab/ Public Network)

Application Server

(Failover Cluster)

Firewall

Router

Switch

Local DNS

Database Server (Failover Cluster)

Application Server with DMS (Failover Cluster)

SAN

Active Directory Server

(With ADC)

Central Node Data-Center Setup

Lab-Level Data-Center Setup

Request from users in public

network

Request from internal network

Security Layers

OneCSIR - ERPS Complexity

Dimensions Measurement

Current max. concurrent user sessions* 200+ sessions

Expected concurrent user sessions* 1500+ sessions

Application Server Network I/O com.* Peak: 160+ Mbps; Avg: ~22 Mbps

Database Server Network I/O com.* Peak: 120+ Mbps; Avg: ~19 Mbps

Database Size (as on date)** 21+ GB

Database Full Backup Size (as on date)** 8.85 GB

Doc. Mgmt. System Size (as on date)** 28+ GB

** For replication of data to DR site * For sufficient network services and connectivity

Benefits of NKN Connectivity for CSIR

• Entire OneCSIR system in single network (IP sub-net).

• Easy domain policy management.

• Easy network management.

• High bandwidth for data replication in between production site and DR sites.

• Enhanced performance and fast application access, with distributed load.

Thank You

CSIR Enterprise Transformation - ICT Initiative Project

Council of Scientific and Industrial Research

Anusandhan Bhawan, 2 Rafi Marg, New Delhi-110001, India

Email: onecsir@gmail.com

gradha@csir.res.in