IT Modernization Project 2.0 | DOP IT Modernization Project 2.0 EOI (Expression of Interest) 2022

 Introduction to the IT Modernization Project 2.0 OF DOP is:

4.1. Background Current IT infrastructure at DOP comprises of five main building blocks, namely Compute, Storage and Backup, Network, Security and Monitoring. The overall IT infrastructure of DOP is primarily split across two locations i.e. Data Centre and DR site. Field office IT infrastructure is limited to network components, office LAN and end-user devices. Currently DOP has four major environments based on the different SIs (NI, CSI, FSI and RSI) and the overall IT infrastructure is split according to the business applications provided by each of these SIs. This has led to a heterogeneous environment within DOP. 

The core IT infrastructure namely the primary data center and Disaster recovery center of DoP is hosted at two locations. 

 4.2. Existing Infrastructure Background The current setup for IT infrastructure is described below:

 a) The Data Centre facility is provided by a co-location data center service provider out of its own premises. The DCF provider is responsible to provide space, power and cooling to the Network and Server racks. DCF provider has also setup the NonIT infrastructure for the DR site and also monitors and manages it. 

 b) IT infrastructure such as compute, storage, access networking and security components are implemented by the respective SIs based on the business requirements. c) Connectivity between the Core Data Centre and DR site network is provided by NI which is used by all other SIs. d) Monitoring: i. NMS Tool for network and bandwidth monitoring is provided by the NI. ii. EMS tool for IT infra (Common for CSI, FSI and RSI) & Service desk for DoP’s employees and support staff of DoP partners i.e., NI, FSI and RSI is provided by the CSI. iii. Building management system for the Data center facility including surveillance solution, access control etc.is provided by DCF vendor. e) CSI is responsible for overall security monitoring and management of the Infrastructure. f) Heterogeneous virtualization environments are being used, with different management layers managed by respective application service providers and all these environments are being operated in silos

g) Data backup and replication mechanisms being used vary depending on the business application. The below mentioned table indicates the list of the Compute and Storage infrastructure at the Data Center & the Disaster Recovery Data Center: Sl No Description of the Infrastructure system Quantity 1 Racks at DC ~73 2 Compute at DC ~6000+ vCPU’s 3 Storage at DC ~1.5 PB 4 Racks at DR ~75 5 Compute at DR ~6000+ vCPU’s 6 Storage at DR ~1.5 PB 5. Scope of Work 5.1. Implementation Guiding Principles DoP IT 2.0 platform will be built using a next generation architecture framework. The framework identifies the first level of building blocks as architecture layers to standardize the landscape to the extent possible by building common/shared layers that shall be used (re-used) by all business-specific solutions, thus ensuring a strong control on redundancy. This framework leverages and builds upon The Open Group Architecture Framework (TOGAF) and India Enterprise Architecture Framework (IndEA). The framework ensures that complexity and redundancy are controlled and governed across the landscape. DoP expects the SI to comply to the following guiding principles in finalization of their solution: a) Avoid Vendor Lock-ins b) Preference to Opensource Solutions c) Compliance to Open Standards d) Interoperability e) Scalability f) Automation g) Zero trust- based Security Standards

5.2. Underlying ICT Infrastructure Layer DoP IT 2.0 platform will have a common infrastructure layer catering to the network, compute, storage, security, and operating system requirement built on a Software Defined Platform using Open Stack/Opensource Solutions to be used by all core business applications. To address the infrastructure requirement of DoP IT 2.0, the infrastructure architecture would be based on service-oriented network architecture in which functionalities can be added to the infrastructure as and when required. a) Integrated Transport: Everything (data, voice, and video) consolidates onto an IP network for a secure network convergence. b) Integrated Services: With the converged network infrastructure, IT resources can be pooled and shared, or virtualized, to flexibly address the changing needs of DoP. By extending this virtualization concept to encompass server, storage, and network elements, DoP intends to transparently use all its resources more efficiently. The foundation of the infrastructure layer will be based on a softwaredefined data centre (SDDC). DoP IT 2.0’s Infrastructure Architecture shall integrate the entire infrastructure and network and shall comprise of the following high level solution blocks to be built with focus on Open source and

 

Open Stack solutions: a) NextGen Software Defined DC Solution (SDDC): DoP IT 2.0 Platform will have a virtualized commodity-based infrastructure layer catering to the network, compute, storage, backup and archival solution requirements of all the three LoB’s application components. To host these applications, it is recommended to use a Service-centric data center where-in DoP can pool compute and storage resources to support applications. The Data Centre for DoP IT 2.0 will be architected with minimal disruption and to meet the connectivity, service, and security requirements of these increasingly dynamic applications. The goal is to make the network policy-driven, programmable, scalable, and automated. With Software Defined Network (SDN) solutions, where-in the 2-tier architecture (Spine-Leaf) shall be used for DC network and DoP can leverage the infrastructure to support private, public, or hybrid clouds and also support multitenancy, self-service, and automated operations and service assurance.

b) Business Continuity solution: For maximum uptime of network services and the best response time of applications, a business continuity solution should be provisioned. An industry-leading open source-based Disaster Recovery (DR) and Near DC solution should be provided, which can be consumed to automate and orchestrate failover and fallback of workloads, ensuring minimal downtime in the event of a disaster. Disaster Recovery Manager (DRM)/ Site Recovery Manager (SRM) shall be integrated with an underlying replication technology to provide policy-based management, automated orchestration of recovery plans to minimize downtime in case of disasters and to conduct non-disruptive testing of DoP’s DR plans. DRM should leverage the benefits of virtualization and can also take advantage of the Software-Defined Data Centre (SDDC) architecture by integrating with other solutions such as SDN (network virtualization) and commodity infrastructure. DC, NDC and DR hosting space will be taken up by DoP under a separate DCF tender 

 c) Hybrid Deployment Management: DoP may adopt public cloud as one of the mediums to host the applications in future. Solution should be able to leverage cloud for scalability during period of peak load. The movement towards cloud will happen gradually over a period of time. Regardless of applications or modules of applications, that would be hosted on the cloud, the solution framework needs to have a migration path, monitoring and management plan that allows DoP to meet the immediate requirements while also laying a foundation for future workloads that may ultimately span across on-premise private cloud and public cloud. Supply of Public Cloud infra would be out of scope of and would be separately procured by DoP and SI will facilitate the integration process. 5.3. Integrated IT Security layer The deployed solution will ensure appropriate levels of confidentiality, integrity, and availability in conjunction with applicable regulation and legislation. To achieve this, DoP intends to ensure an end-to-end security of the data and services. These security measures will be common across all business solutions and across the DoP IT 2.0 technology landscape: a) Network & Perimeter Security

b) Infrastructure Security (Host & End Point) c) Data Security d) Audit & Compliance (Approved Third party agency may be utilized) Various security tools and techniques are to be utilized in DoP 2.0 cutting across all business applications and would include but not limited to SSO, IAM, ATP, DLP, PAM, Anti-Virus, Syslog, DAM, SIEM, UEBA, SSL Certificates, TLS encryption, Unified Threat Intelligence, Two Factor Authentication etc. The Solution should also cater for the security requirements, at endpoints and connectivity at branch offices. Vendor may also propose security solutions as a service (SoC as a service) wherever applicable as an additional option to be explored by DoP. 

 5.4. IT Monitoring Layer The DoP IT 2.0 platform is intended to be built as a performance-oriented IT landscape enabling seamless service delivery with minimal disruption and immediate response to any threat or incident. Extending the principle of “Proactive Monitoring & Response” DoP IT 2.0 platform will offer the required tools and technologies to enable the following aspects of end-to-end monitoring of the DoP IT 2.0 IT platform: a) SLA Monitoring b) Application Monitoring c) Database Monitoring d) Network Monitoring e) Infrastructure Monitoring f) Integrations Monitoring g) Security Monitoring A dedicated NoC, SoC and Helpdesk with requisite manpower, open-source tools and IT hardware are required to be setup at the DoP Campus in Mysore. 5.5. Broad Scope of Work 

 a) Takeover of the existing IT Infrastructure from Current Service Provider in an AsIs state and provide operations and maintenance till the new infra is setup. b) Plan, Design, Implement and Commission Software Defined IT Infrastructure, Security Solution and associated software at DC, NDC, DR and assist application vendor in onboarding of new application.

c) Operations and Maintenance for Five years (further extendable to 2 years) The selected SI agency is expected to manage the following functions over the stated contract duration: a) Transition and takeover of As-Is infrastructure: Selected SI will takeover, maintain, upgrade and enhance the existing DoP assets in DC and DR. This includes installation, configuration, monitoring, troubleshooting, provisioning, capacity management, optimization, firmware, patch update, securing and hardening. These assets are spread across DC and DR and include the following: i. Rack mount x86 and RISC servers ii. Storage appliances: SAN, NAS, Switch and Tape libraries iii. Network appliances: Core Switches, Access Switches, Distribution Switches, Routers, Load Balancers and VPN Servers iv. Security appliances: Firewalls, NIPS, HSM, DLP, End Point Protection and Advanced Threat Detection v. NoC and SoC Tools and SoPs vi. Operating Systems: RHEL, Windows server and Windows 

 vii. Middleware components: Apache Tomcat viii. Datastores: MySQL, MS SQL, Oracle DB, etc ix. Other components and technologies including but not limited to SSO/IAM, 2- factor authentication, vmWare ESXi, SMS Gateways, Terminal Servers, Racks and iPDUs Existing Infra is to be takeover in As Is basis. b) Setting up and management of the To-Be state infrastructure The scope includes creating an infrastructure that optimizes the data center infrastructure, enables automation that ensures lesser power consumption and results in a lower PUE, uses Open Standards, avoids use of proprietary products and vendor lock-ins, uses commodity infrastructure, and virtualizes or optimizes resources wherever feasible. For the achievement of the above vision and objectives, the SI is required to perform the following activities: i. Compute Environment & Infrastructure: 

 Migration from Existing compute Environment to the New cloud enabled software defined environment using open-source tools - including consolidation and optimization  Real time Monitoring of compute Infrastructure and Reporting  Monitor Monthly Capacity Usage and plan for additional Capacity requirements ii. Manage and provision multiple environments iii. Managed Infrastructure Services iv. Network Environment & Infra  Study of existing Infra landscape and new network capacity requirements  Migration from existing network environment to the to-be environment  Real-time Monitoring of Network Infrastructure and Reporting 

  Monitor capacity utilization and provide advance capacity planning (Nodewise, DC-wise, Zone-wise, Application-wise) v. Storage Environment & Infrastructure:  Study of Existing Infra Landscape and propose new storage solution  Migration from existing storage environment to the to-be environment using opensource tools- including consolidation, automation and optimization  Real-time Monitoring of Storage Infrastructure and Reporting  Monitor capacity Usage and provide advance capacity planning. vi. Managed Infrastructure Security  Secure Data at Rest  Secure transit data  Real Time Threat Detection and Resolution with adoption of AI and Machine learning, wherever feasible vii. Set up and Manage DevOps Environment to enable Automated Application Deployment  

Real time App deployment with zero downtime  Automated Backup  Real time Dashboard to Monitor all Critical KPIs SLAs  Automated workflow to provision compute, storage, network, security and application Services viii. Set up and implement enterprise grade monitoring solution  Real Time Monitoring of All Infrastructure Components and maintain logs  Centralized log analysis with machine learning and prediction for automated trouble shooting and problem detection ix. Monitor and report performance against SLAs using automated tools with an integrated reporting dashboard  Storage Availability  RPO, RTO  OS performance monitoring

 Infra Services Performance  Trouble Ticket Resolution  OS, Infra, middleware Provisioning  Security Patches  OS Upgrades Patches  Backup and Recovery  Firmware Upgrades/Patches  BCP DR - Service Restoration  WAN/MPLS/ Network Link Availability, Latency, uptime, throughput, bandwidth, error failure (Packet Losses, interface failure and network failure etc)  Internet Service Availability & Response Time  VM Availability  Container Availability  Database availability  Storage performance monitoring x. Installation, Repair and Replacements of all the hardware in the DC/DR/NDC  Co-Ordinate the Support with respective OEMs, creating and closure of tickets as per the SLAs xi. Establish a next generation NoC and SoC including all necessary trouble shooting tools, display walls, PCs and other necessary hardware. xii. Manage and administer all equipment warranties and AMCs on behalf of DoP xiii. Extension of existing software licenses in line with proposed solution xiv. Provisioning of Network & Link Load Balancer and Coordination with Bandwidth SI 

 xv. Staffing of NoC / SOC, Network/IT support engineers in DC, DR and NDC In addition to the above, the SI will be required to provide standard ITIL based Services and prepare Standard Operating procedures as and when required with respect to both the As-Is environment and To-be environment including but not limited to:  Incident Management,  Change Management  Asset Management  Problem Management  Configuration Management  Release Management 

 Capacity Management  Monitoring and Reporting  Security Management  Device Lifecycle Management  Service Delivery Management. During the contract duration, DoP may also procure additional IT infrastructure (apart from components provided by SI). The SI shall install, configure, test, integrate and maintain all such additional IT infrastructure on a service model. SI shall be paid as per the updated quarterly rates considering such infrastructure. MSP shall manage the same in-line with the contract requirements and meet the SLAs. The requirements given in this Expression of Interest are indicative only and DoP will provide detailed Scope of work and requirements to prequalified firms in Request for Proposal.     

Download IT Modernization Project 2.0 EOI in pdf

Click here to Join Telegram Channel