EA Technology Policies An Emerging ICT Strategy for HA Transformation Positioning IS/IT Policies • Business-driven (Top-down). • Focus is on the “To-Be” not “As-Is”. • Based on the maxim: “One Agency = One Enterprise Architecture” As-is situation • Two separate technical • • • • infrastructures OSS vs. BSS OSS is 16x greater in financial terms Two “parallel universes” competing architectures Fails “One Agency = One EA” maxim Network Convergence • One Agency = One • • • • • • network Expand NRTS – leverage investment in national fibre network Standardise on IP for Data, Voice and Video Single terminal access via a UOI Economies of scale Integration Flexibility Unified Operator Interface • Single “terminal” access • Mosaic/Model Office • Supersedes tactical • • • • KVM/SKRIBE ESSO - Enterprise Single Sign-On Builds on NTCC Model (HAbIT network integration) Effectively the Strategic HA Desktop Universal Access Single Virtual Data Centre • Delivered as a “Metro” Cluster across [at least] two geographically separate locations • Cluster Interconnect via resilient NRTS CWDM • Fibre-Channel SAN Universal Access • The 3 C’s: • Centralisation • Consolidation • Convergence • Location transparency • Independent of Agency’s organisational structures • ‘Martini’ virtualised access: • Any Time • Any Place • Anywhere • Resilient/Disaster Tolerant • No Single Point of Failure • Business Continuity Server Consolidation • • • • • Server sprawl: • Adding dedicated servers for new projects • Growth in capacity especially data storage Inefficiencies – low utilisation of individual servers Rising costs and increased carbon footprint: • Cost of managing lots of servers • Cost of power now exceeds the cost of the server (system fans are biggest drain) …. Resulting trend is towards consolidated ‘server farms’ Server Virtualisation (Example) VMware Infrastructure • Partition CPU and memory in multiple virtual machines Enterprise Virtualisation Virtual Machines ESX ESX Server Server Server Virtual Machines ESX Server ESX Server ESX Server Server Farm Network Storage ESX Server ESX Server ESX Server • Store virtual machine disks on local or shared storage. VMFS cluster file system manages virtual machine disk storage • Build networks within or across ESX Servers. Modular Data Centres • 21st Century Data Centres now focus on power (watts/sq. metre) as most critical factors in design • Implements densely packed commodity clusters • Utilises macro-modules based on standard shipping containers for ease of transport • Modular building blocks • Extends the idea of blade servers • Improved efficiency • Addresses “Green” issues • Implement via Managed Service contract Domains • • • • • Although one logical network… Physically, a network of networks as per the Public Sector Network (PSN) Supports the DfT concept for a “System of Systems” Concept of domains and “Circle of Trust” Federated identities (Single Sign-On) Identity Management Business Value “Identity management projects are much more than technology implementations — they drive real business value by reducing direct costs, improving operational efficiency and enabling regulatory compliance.” Explosion of ID’s Business Partners Automation (B2B) # of Digital IDs Intra-Agency (B2E) Customers (B2C) Mobility Internet Client Server Mainframe Time Pre 1980’s 1980’s 1990’s 2000’s The Disconnected Reality Enterprise Directory •Authentication •Authorisation •Identity Data HR System •Authentication •Authorisation •Identity Data NOS •Authentication •Authorisation •Identity Data Web Apps •Authentication •Authorisation •Identity Data Infrastructure Application •Authentication •Authorisation •Identity Data COTS Application •Authentication •Authorisation •Identity Data In-House Application •Authentication •Authorisation •Identity Data In-House Application • “Identity Chaos” • Lots of users and systems required to do business • Multiple repositories of identity information; Multiple user IDs, multiple passwords • Decentralised management, ad hoc data sharing Multiple Contexts Customer satisfaction & customer intimacy Cost competitiveness Reach, personalisation Our SUPPLIERS Our CUSTOMERS Collaboration Outsourcing Faster business cycles; process automation Value chain Our AGENCY and EMPLOYEES Mobile workforce Flexible/temp workforce Our REMOTE and VIRTUAL EMPLOYEES Our PARTNERS Pain Points IT Admin Too many user stores and account admin requests Unsafe sync scripts Developer Redundant code in each app Rework code too often End User Too many passwords Long waits for access to apps, resources Security/ Compliance Too many orphaned accounts Limited auditing ability Business Owner Too expensive to reach new partners, channels Need for control To-Be Authentication • Should only have to • • • login once Identity is federated across domains Access permissions determined by Role(s), Groups and Policies Automated provisioning linked to ERP Systems • Employees • joining/leaving (HR) Contractors (Procurement) Federated Identities • Cross domain trust using: • Security Access Markup Language (SAML) • Liberty Alliance (ID-FF)/WS-Federation protocols • Digital Certificates The Connectivity challenge • Point-to-point, many- • • • • to-many interfaces Batch latencies Complex processes and systems Difficult to modify High maintenance cost Enterprise Service Bus • • • • ESB - Next Gen Enterprise Application Integration (EAI) Distributed – Fault-tolerant Standards-based Lower TCO Is ESB just the latest “flavour of the month”? • The term “ESB” was first coined by the Sonic Software division of Progress Software in 2002 to describe its then new Extensible Markup Language (XML)-enabled Message-Oriented Middleware (MOM) product, SonicXQ, which is now known as Sonic ESB. Real-world ITS Example • Founded in 1972, Brisa is Portugal's largest highway management concessionaire. • ITSIBus - Intelligent Transportation Systems Interoperability Bus is a Service-Oriented Architecture originally developed by ISEL in 2002. • In production since 2004. Other Transport ESB Example: Transport for London Trackernet2 Event Driven Services Tracker Net UI is a subscriber to events from the ESB. ESB provides basic message delivery services Complex Event Processing (CEP) is used to enhance error identification. A State Engine is configured from basic logic components. Enterprise Service Bus Routing LUIM Network Signal Signal Signal Signal Signal Signal Signal Signal Signal Signal Signal Signal Signal Feed Feed Feed Feed Feed Feed Feed Feed Feed Feed Feed Feed Feed Transformation Service Orchestration (Mediation) Data Services The lightweight MQ Telemetry Transport (MQTT) protocol is used to delivery messages via Micro Brokers - these in turn deliver to Message Managers which assure delivery of Messages to ESB. Transport is resilient, with logging and audit of message delivery. Other ESB Examples in Government: Police (www.iss4ps.police.uk) Customs & Excise Defra’s INSPIRE Blueprint EU Federated Approach EU Integration of service buses allows application and data services to be shared across EU and between Member States Architecture replicated in each Member State for ‘local’ services and in EU for ‘EU-wide’ services Member State Member State Member State Federated ESB’s • • • • • • Supports multiple domains. Requires unified Governance, Security and Management. Highly distributed geographic locations across the Agency. Best practice requirements to isolate operationally critical environments. Differing ESB requirements across the Agency and, potentially beyond to other third-parties. The need for asynchronous development and incremental deployment. To-Be Architecture – TMC’s • • • Real-time data flow. Publish & Subscribe message exchange pattern. Example adapters (e.g. JCA, JMS). Common Control Room Framework • Common Services supporting: • Incident Management • Traffic Management • Custom Business Process Orchestrations: • NTCC • RCC’s • Role-Based Access Control (RBAC) Traffic Management • With increasing • demand for travel, more and more road networks are experiencing Traffic Congestion. In many cases this could be reduced if more real-time information was available to traffic engineers and drivers. Drivers for change • Shared Operational Picture • Increasing need for real-time access to a common operational picture. • Increased Data Volumes • Real-time dissemination of massive data volumes, often on a large scale. • Loosely coupled, Plug & Play • • Need to cope with emerging ITS demands such as CVHS. Interoperability • Need to share information end-to-end, in the new emerging System of Systems. • Interoperability is a key enabler to meeting new demands. Intelligent Highways Increasing amounts and sophistication now and in the future… …More devices (IPv6) …More data …in Real-Time…. “The right data at the right place at the right time … … all the time”. Roadside Devices • Signs and Signals • Sensors: • Inductive loops • ANPR • Weather • DSRC (e-Toll) • Past, present and future • Multi-vendor • V2I/I2V Roadside UTMC-based Reference Architecture Encapsulated internals Unified Operator Interface Software as a Service Information as a Service ESB and Legacy Integration NRTS Network Layers UTMC MIB’s, Datex II XML Service-Oriented Device Architecture When modelled as services, device access and control can be made available to a wide range of enterprise application software using serviceoriented architecture mechanisms. SODA Architecture • In this model, responsibility for encapsulating services can be appropriately shifted to the suppliers who know them: • One side deals with their device specific connections and protocol • Other side deals with network interfaces needed to pump the data over a streaming protocol. • A standard specified service can have a wide variety of underlying hardware, firmware, software and networking implementations. SODA Objectives • To insulate SOA from device interfaces and proprietary vendor implementations. • To facilitate integration. • To accelerate and focus the convergence of technologies through a combination of: • Standards • Open source software • Reference implementations • Partners and community building …to achieve these objectives it builds upon the OSGi Service Platform… SODA Device Kit • Modeling Driven Design • • • (MDD) Control Markup Language (CML) Auto-generate OSGi code for all four layers of the device adapter Contains more than 200 plug-ins for design time and runtime OSGi (Formerly known as the Open Services Gateway initiative) • The OSGi Service Platform spans: • Digital mobile phones • Vehicles • Telematics • Embedded appliances • Residential gateways • Industrial computers • Desktop PCs • High-end servers OSGi Architecture The framework is conceptually divided into the following areas: • Bundles - Bundles are normal jar components with extra manifest headers. • Services - The services layer connects bundles in a dynamic way by offering a publish-find-bind model for Plain Old Java objects(POJO). • Services Registry - The API for management services (ServiceRegistration, ServiceTracker and ServiceReference). • Life-Cycle - The API for life cycle management (install, start, stop, update, and uninstall bundles). • Modules - The layer that defines encapsulation and declaration of dependencies (how a bundle can import and export code). • Security - The layer that handles the security aspects by limiting bundle functionality to pre-defined capabilities. • Execution Environment - Defines what methods and classes are available in a specific platform. Transport Example: Global System for Telematics • GST Open Systems • • • Implementation Guide Building Blocks for a Global System for Telematics Builds on OSGi Service Platform Runs on Java Virtual Machine Device Management • OSGi Network Management is protocol agnostic. Streaming services • The real world never shuts up!!! • Sensors and actuators do not match an HTTP • • request-response model. Data must be streaming. Enterprise Service Bus (ESB) streaming protocols include: • Proprietary Message-Oriented Middleware (MoM). • Java Messaging Service (JMS) for Java-centric busses. • Extensible Messaging and Presence Protocol (XMPP) for low-band device data. • Real-time Transport Protocol (RTP) for broadband device data. • OMG Data Distribution Service (DDS) for mission-critical data. Life at the Edge: Traffic Management Example The Gap: Differing Requirements Data Distribution: Middleware choices • Really only three choices: • Use proprietary middleware • MQ Series, Tibco, BEA • Java Messaging Service (JMS) • Standards-based • Popular in the “Enterprise” domain • API only, no wire interoperability • Data Distribution Service (DDS) • Standards-based • Popular in the “Edge” domain DDS Applicability Global Data Space – Publish & Subscribe The Real-Time Enterprise Service Bus DDS Benefits • OMG standard - Established since 2003 • Fully distributed, Peer-to-peer, Fault tolerant • Quality of Service (QoS) per data flow • Plug and Play Architecture with dynamic • • • discovery Wire protocol standard (RTPS) Designed for unreliable transports like UDP and wireless networks Scalable, high performance, low latency - 10x faster than JMS Geographic Information (GIS) • Geographic Information (GI) and Location referencing is a UK-wide issue • External influences include: • HMG’s transformational government • • • • • strategy The Location Strategy for the UK INSPIRE (Infrastructure for Spatial Information in the European Community) The Pan Government Agreement (PGA2) The Traffic Management Act The Civil Contingencies Act Application of location information to public policy Source: “Place matters: the Location Strategy for the United Kingdom” Strategic implications • To ensure that the UK exploits the full value of its information the Location Strategy requires a programme of strategic actions which ensure that: • we know what data we have, and avoid duplicating it • we use common reference data so we know we are • talking about the same places we can share location-related information easily through a common infrastructure of standards, technology and business relationships • Each department and public sector body should ensure that its IS/IT strategy and work programme describes clearly its policies and implementation plans for location data systems. Layers of Transportation Data (Source: ArcGIS UNETRANS Data Model) National State of the Network The Unified Network Model • The Events Layer – contains objects such as vehicles moving across the network. • The Routing Layer – contains more complex features such as “No exit”, e.g. at the intersection of a bridge and tunnel. • The Reference Network Layer – contains all of the base road data . This data has a linear spatial representation and has an underlying topological structure that defines the connectivity and adjacency of links in the road network. Why EA=SOA The HA’s policy is to move away from purchasing “islands of technology” to the procurement of modular, loosely-coupled, managed services. This lends itself to a Service-Oriented Architecture (SOA) style. The resulting service-layer provides a buffer between the Business and Technology Layers. Relationship to ITIL Service Management Service Supply Chains • BSS • Atos Origin (ITIL v3) • OSS • NRTS • Area Teams (TechMAC’s): • Conceptually similar to the multi• • service provider environment of the Public Sector Network (PSN) Requires similar competitive, multisupplier environment Services need to be managed in a consistent manner (ITIL) Service/Contract Model Programme/Contract Mappings ICT+ (BI) ICT+ NEW - IEP NTCC/ TI2011+ TCP/MM New - IEP IAM NEW - IEP ICT+ ICT+ New (OSS) New (OSS) New - IEP NRTS ICT+ Implications for Legacy Systems • Existing Systems become embedded into new • • • • • Business Services Projects must specify their requirements in terms of Business Services in future procurements Need to focus on interfaces and their contracts including dependencies on other HA Services Bidders determine the most cost-effective solution Legacy Integration (Encapsulation) becomes the responsibility of the Service Providers (SP’s) It’s therefore up to SP’s whether to re-use HA Legacy or replace with COTS