Designing an Efficient IT Infrastructure. Lee Yee Ming 24 April 2014

Transcription

1 Designing an Efficient IT Infrastructure Lee Yee Ming 24 April 2014

2 Designing an Efficient IT Infrastructure: Contents Identifying Needs 1. MDIC s Mandate and Operations 2. MDIC s IT Risk Management Designing Strategies and Approaches 1. Strategy & Governance 2. Process 3. People 4. Technology Key Lessons Learnt Page 2

3 MDIC s Mandate and Operations MDIC IT s Risk Management Page 3

4 MDIC s Mandate and Operations Early Intervention Trigger Non Viability Notice by BNM Low Risk to Moderate Risk MIs High Risk MIs Non Viable MIs Risk Assessment and Monitoring Preparation for Intervention Intervention Payout, Resolution and Post Resolution Risk Assessment System & Evaluation Model Electronic Intervention& Failure Resolution System (e IFR workflow, checklists, documents & templates management) SFF Submission and Tracking System (STAR) Depositor Informations and Liability System (DLIMS) Depositor Support and Management System (DSMS) Payout Payment Management System (PPMS) Collaboration facilities (e.g. e mails and other communication tools, knowledge repository, etc.) Page 4

5 MDIC IT s Risk Management System Failure IT Infrastructure Downtime Not meeting Requirement Avoid Operational Risk Accept Page 5

6 People Technology Strategy & Governance Process Page 6

7 Page 7 Strategy & Governance

8 Strategy and Governance IT Governance IT Steering Committee IT Strategic Plan * IT Governance Institute (ITGI), Capability Maturity Model Integration (CMMI) Project Management Systems Development Life Cycle Project Steering Committee Project Management Team Change Management * PMBOK, Prince 2 Systems and Infrastructure Management Security and access management Configuration and capacity management Inventory Management Event and problem Management Development Methodologies * ITIL, rational, agile * MDIC adopts and aligns practices to fit the corporation Page 8

9 Page 9 Process

10 IT Governance Framework 1. Strategic Alignment which links IT plans with the enterprise business strategy. 22. Value Delivery via optimization of costs, managing and maintaining IT value during execution of the value proposition throughout the delivery cycle when implementing IT projects. 55. Monitoring and concentrating on IT successes in implementing IT strategies via an accepted Performance Measurement tool 3. Optimal investment and proper Safeguarding of IT assets by adopting management of IT assets by maximizing IT sound Risk Management practices knowledge and IT infrastructure Resource Management * Based on the MDIC s approved IT Governance Framework 1 ** MDIC primarily adopts and aligns IT Governance Institute (ITGI), Control Objectives for Information and Related Technology (COBIT ISACA 2 ) and Capability Maturity Model Integration (CMMI SEI 3 ) practices to fit the corporation. 1 approved in October Information Security Audit and Control Association 3 Software Engineering Institute Page 10

11 Project Management Methodology Business Requirement Specification User Requirement Specification System Analysis and Design Development Prototyping User Acceptance Test (UAT) LIVE Project Team Organization Project Manager Key users Representative from Audit & Consulting Services Vendor Project Manager (if applicable) Development Team Leader Technical Project Manager Vendors (where applicable) Roles Schedule and resource management Systems implementation Requirement management Change management Acceptance tests Issues management Others Complies to development standards Meets every 2 weeks Project Governance & Project Assurance Project Steering Committee Organization Project Sponsor Project Owner Head of IT Chief Internal Audit (CIA) Project Manager Key users Vendor Senior Management (where applicable) Roles Project direction Project oversight Program schedule direction Variation management Project assurance Risk management Others Meets every 2 months or as required Page 11 * MDIC primarily adopts and aligns Project Management Body of Knowledge (PMBOK PMI) and Projects in Controlled Environments (PRINCE2 OGC) practices to fit the corporation.

12 IT Infrastructure Management User Request Service Request Management Event and problem management Service Level Management Terms and payment Quarterly Review Inventory Configuration Management System configuration Half yearly review Change and Release Management Gatekeeper between development, staging and production environments Version management of source codes System updates Usage Policy & Procedures Guidance for users(front end and back end) Availability and Capacity Management Ensure high system uptime via configuration or system redundancy System capacity reviews Performance management Project Management IT infrastructure projects IT infrastructure strategic plan Continuity Management Disaster recovery plan and facilities Backup and recovery plan and procedures Security Management Physical security Information access management Penetration tests Data protection * MDIC primarily adopts and aligns IT Infrastructure Library (ITIL OGC) and COBIT practices to fit the corporation. Page 12

13 Page 13 People

14 Users Board and Senior Management Relevant teams from various functions Support team Contract personnel Internal Support Team IT Virtual Organisation Consultants Application Vendors/System Integrators Principle Suppliers Software/application principles Microsoft Premier Support Hardware Providers IBM maintenance support Network maintenance and support Managed Security provider PC and notebook panel suppliers Page 14

15 Page 15 Technology

16 MDIC s IT Components 1 2 IT Infrastructure and Server Systems and Applications Collaboration Facilities IT 3 Components 4 IT Security Page 16

17 1 IT Infrastructure and Server Network 2x internet uplink from 2 different providers 2x high availability (HA) gateway 2x perimeter firewall, 2x internal firewall 2x internal core switch 2x switch each segment (server, floors) Internet Server All Risk Assessment and IFR related production servers uses Active Active (AA) front ends Storage Clustered databases (Active Passive) Storage Area Network (SAN) Combination of mirrored and RAID 5 or 10 disks Disaster Recovery (DR) Center 4H (min) 24H (max) Recovery Time Objective Data Synchronization from Primary Site to DR servers every mins. Page 17

18 2 Collaboration Facilities Remote Access e IFR Intervention and Failure Resolution Blackberry & Smartphones MS Lync Enterprise Portal Page 18

19 Risk Assessment System & Evaluation Model 3 Systems and Application Data submission and Data Control Management Intervention and Failure Resolution (IFR) Payout System Intervention Template and Document Management Page 19

20 4 IT Security Data Center Firewalls 2 (perimeter, internal) Anti Virus (front end, Servers, Databases) Virtual LAN (LAN Segmentation via purpose) Application Access Level management Keep track of workstation s inventory (hardware and software): Access Card systems Security Personnel Intruder prevention & detection 24X7 Monitoring via Managed Security Services Anti Spam Mail filtering Internet Reputational Services Active Directory Information Classification Corporate Information Security Policy Microsoft System Center Configuration Manager (SCCM) Microsoft System Center Operations Manager (SCOM) Page 20

21 1 2 3 Begin with the end in mind Take time to identify your need with the vision for the future Plan with resources, capacity and capability in mind Building an IT infrastructure on piecemeal basis is costly IT should work hand in hand with people An efficient IT infrastructure should facilitate your work and not making your work harder IT is part of a solution Page 21

22