Presentation

on
SANJIVINI Project

By
Spanco Telesystems and Solutions ltd.
373, Udyog Vihar-II, Gurgaon

Solution Requirement

At the Check post

Automated and transparent MPLS providers failover and active-active link load
balancing for achieving maximum services uptimes ensuring 24*7 reachability to the
Data Center
At the Data Center DC and DR
Network based inline solution for protection against
1] OS and Application protection against known and unknown vulnerabilities
2] DOS and DDOS protection.
3] Protection against bots, worms and service denials exploits and attacks
Application load balancer for
1] Ensuring maximum uptimes and high availability
2] Scalable and hardware based robust application load balancer
3] DC-DR scalable solution to provide site to site resiliency
Link load balancing solution for
1] Maintaining multiple paths to reach applications at Data Center
2] Have multiple link load balancing in active-active
3] Fault tolerance for any failures in MPLS backbone services
4] Link load balancing for replication links from DC to DR

Agenda
Spanco Profile
Our understanding
SOW - JVVNL Sanjivini
Assumptions
Issue of concern
Objectives
Proposed Solution
Risk and Mitigation
Proposed Implementation Strategy

Profile SPANCO -1/4

Strengths National Presence

Customer Relationship Management Solutions
Call Center Solutions
Turnkey Application / e-Governence Solutions
Systems Integration
Focus
Government / PSUs
Non Voice BPO
Telecom
NREGA, Power, Banking and Education solution

Profile SPANCO -2/4

SPANCO
Spanco is a leading Systems Integrator working
in Domestic and International markets
Spanco is a provider of solutions to the Telecom
Sector, PSUs, Corporate, Government and
Indian Defense
Spanco has 8 regional offices and over 60
service support facilities in India
Spanco is present in USA, UK, GCC and
Singapore

Profile SPANCO -3/4

Spanco is ranked 397th in the ET-500
Accredited with ISO 9001 2000 and CMMi
3 certification
A 3000+ strong team
3rd fastest Growing Company rated by
CNBC, Emerging awards 2006
100% Y-O-Y growth for 6 consecutive years

Profile SPANCO-4/4
SPANCO PPP Success Stories
IRCTC Unified Call Centre ( 5 Lacs Calls per
day )
e-Seva Govt of AP
(over 150 Cr worth of revenue transactions
per month)
SWAN - Maharashtra
Food & Civil Supplies - Maharashtra
CSC Maharashtra
Mobile Payments - SBI

Objectives
The IT centre will house the IT and security equipments to
provide robust security to its
Data
With connected offices the operations across the offices will
follow the workflow of the Discom
Integration with other IT systems for increased productivity
The management will be able to have effective monitoring of
projects
The IT centre will provide centralized Operations operations for
all IT projects

26/7/2008
SPANCO Telesystems

Jaipur Vidyut Vitran Nigam

Limited : JVVNL

Primary Locations
IT Centre; Data Centre
Circle Office; Approximately 10-15 LAN users
Sub-Division Offices; 5-10 LAN users
Division; 2-5 LAN users
Sub-Offices; With minimum 1 LAN User

Functional Requirements
WAN Connectivity Circle offices will connects to IT Centre
through leased line on 2MB, recommended 8-10 Mbps, Sub-Division
connects to respective Circle office and Sub-Offices connects to SubDivision
Front End All users approximately 1500, distributed across
different offices in Rajasthan will access services hosted at IT Centre at
Jaipur. Majority of the application are GIS based which requires
approximately 200-256 Kbps per user.
Application The servers running code with glues the front-end
applications to the back-end data and reflects the business processes in
how the data is used. Data will be stored locally (SAN) initially and
replicated to DR site storage (SAN) on schedule basis (needs to confirm).
Storage The actual storage devices in which data is stored

Network Requirements
Redundancy Devices at the IT Centre should have redundancy at

all the level and should be highly available. Alternate route to the IT
centre from the Circle offices should be achieved by interconnecting
circle offices. In case of lease line failure at circle offices, ISDN backup
should come up automatically.
Scalability Routers should be modular in nature so that different
interfaces can be installed as per the requirement. Since servers are
centralized, the network must be able to handle the sheer amount of
traffic from users to the central location, as well as server-to-server
traffic. Additionally, devices must be able to scale to provide connectivity
(ISDN/Serial) to multiple locations as and when needed
QoS Router should be QoS enabled to cater voice, video, and data for
applications spread across different locations
Security Devices must be physically secure, and the data and
applications must be protected from internal and external threats using
inbuilt Firewall and IPS in the Routers at all locations. Routers should be
able to support different type of IPSEC setup (Site-to-Site, Remote
Access, Tunnel Less) for ease of deployment and manageability.
Management - The IT staff monitors, configures, and troubleshoots
network and server resources centrally

Internet
Intranet
Service Provider

Aggregation Switch
with L4-7 Services
FW/IPS/Load Balancer

Load Balancer
DMZ Zone / Web / Front-end Servers

Remote Offices

Data Center Design

FW

IPS

Core Switch
LB w/SSL

FW
IPS

Storage

Web / Front-end Servers

Zone#1

Application
Servers

Database
Servers

Zone#2

Zone#3

SAN Switch

WAN Connectivity
ISP
CORE ROUTER

RAS
Internet Router

(Multiple 2 Mbps)

2 Mbps (PRI)
ISDN CLOUD

Recommended 8-10 Mbps / Corp

2 Mbps (PRI)

SP CLOUD
Nx
2M
bp

s
Mbp
Nx2

Mb
x2

ps

N x 2 Mbps

Corp

Corp

Corp

Corp

Div/Sub-Div Router
256 Kbps

64/128 Kbps (BRI)

2 Mbps

64/128 Kbps
(BRI)

2 Mbps

2 Mbps (PRI)

2 Mbps

2 Mbps
2 Mbps

2 Mbps
2 Mbps

Div/Sub-Div Router
256 Kbps

Sub-Office

Remote Offices

Data Center Security

Internet
Intranet
Service Provider

HTTP & SMTP

Perimeter Sec

FW

SIEM
IPS

Core Switch
LB w/SSL

FW

AAA
Security
Mgmt Soft

IPS

Storage

Server w/Host
based IDS
Web / Front-end Servers

Zone#1

Application
Servers

Database
Servers

Zone#2

Zone#3

SAN Switch

WAN Security Solution

ISP
CORE ROUTER

RAS
Internet Router

(Multiple 2 Mbps)

2 Mbps (PRI)
ISDN CLOUD

EC
IPS

N
VP
Recommended 8-10 Mbps / Corp

2 Mbps (PRI)

SP CLOUD
Nx
2M
bp

s
Mbp
Nx2

Mb
x2

ps

N x 2 Mbps

Corp

Corp

Corp

Corp

Kb
p

2 Mbps
2 Mbps

25
6

256 Kbps

IPSEC VPN

Div/Sub-Div Router

64/128 Kbps (BRI)

2 Mbps

64/128 Kbps
(BRI)

2 Mbps

2 Mbps (PRI)

2 Mbps

Sub-Office

2 Mbps
2 Mbps

Div/Sub-Div Router

Architecture for Corp/Sub-Div

WAN Cloud

(8 - 10 Mbps) Recommended for Corps

(2-4 Mbps) Recommended for Sub-Div

Router

FW
Switch
Fiber

PC w/Host
based IDS

Architecture for Sub-office

WAN Cloud

(256 Kbps)

Router w/
FW/VPN

Switch

PC w/Host
based IDS

DR Requirements
Not Clear

In-Person Experience: Cisco Telepresence Solution

High-Level Design
Router

Servers
Cluster
Gateways

Circle Office
...
IP WAN

Router

IT Centre

Circle Office

Cisco TelePresence
Native 1080p

cameras
and 65 plasma
displays
Wideband
microphones and
speakers
Auto-Collaborate
Audio Add-In

for IT Centre

Cisco TelePresence
Native 1080p camera

and 65 plasma
display
Wideband microphone
and speaker
Auto Collaborate
Audio Add-In

for Circle Office

Security Solution

Security Solution
Perimeter Security: Will be providing features like Span defense,

Virus defense, Policy Enforcement, URL filters, Anti-Malware by

deploying HTTP and SMTP appliance at IT Centre
Firewall (FW): Firewall at two different level to provide higher
attack protection
Intrusion Detection and Prevention (IPS): Help to detect, classify,
and stop threats, including application abuse through several
different methods including signature and behavior
Virtual Private Networking (VPN): To enable secure network to
authorize user by providing connectivity to corporate resource
from any IP-enabled location
Authentication, Authorization and Accounting (AAA): Access
Control system
Security Incident and Event Manager (SIEM): Helps combines
network intelligence, context correlation, hotspot identification,
and automated mitigation capabilities and for compliance
purposes.
Host based IDS (HIDS): Help Desktop and Server stop unknown
attacks, zero day protection, personal firewall, spyware and
Adware protection

IP Surveillance Solution

Solution Description
At the Check post
Link load balancing between wired and wireless last mile connectivities from two different
MPLS provider will ensure maximum services uptimes to the data Center with intelligent
fault tolerance and traffic management

At the Data Center DC and DR

The Network Intrusion prevention system will provide defense against OS and
applications attacks, DOS, DDOS, Worms and exploits that can cause service outrage or
denials.
Appliance based Load balancers will ensure highest uptimes by providing scalable and
efficient applications load balancing amongst various servers for high availability and site
to site resiliency.
The solution will provide DC-DR failover functionality and transparent failovers.
LinkProof for link load balancing between two different MPLS provider will ensure
maximum services uptimes and reachability from the Check Posts and faster replication
between DC and DR.

IT Center Network Architecture

Server Farm

Sub-Control Room - Sales

Reporting

Video

Web

NMS

Application

Database Server

Antivirus Staging & Testing

Radware
AppDirector

Radware
DefensePro (IPS)

SAN
Storage

Internet
Firewalls
Sub-Control Room - Excise

Internet Router
(Cisco 2821)

Radware
AppDirector

DC Site

Tape
library

DR Site

Replication Link

Radware
AppDirector
DefensePro (IPS)

DefensePro (IPS)

Sub-Control Room - Transport

Radware - LinkProof
Link Load Balancer

Radware - LinkProof
Link Load Balancer

ISDN

Radware - LinkProof
Link Load Balancer
Check post

MPLS

Radware - LinkProof
Link Load Balancer
Check post

Central Control Room Topology: Data Recovery Passive Site Details

Server Farm

Sub-Control Room - Sales

Database Server

Reporting

Video

Web

NMS

Application

Antivirus Staging & Testing

Radware
AppDirector

SAN
Storage

Tape
library

Radware
DefensePro (IPS)

Sub-Control Room - Excise

Firewalls

DC Site

Internet
Internet Router
(Cisco 2821)

DR Site
Replication Link

Radware
AppDirector

DefensePro (IPS)

Radware
AppDirector

DefensePro (IPS)
Radware - LinkProof
Link Load Balancer

VSAT MPLS 2

Radware - LinkProof
Link Load Balancer

MPLS 1

Radware - LinkProof
Link Load Balancer
Check post

Check post

Radware - LinkProof
Link Load Balancer

Sub-Control Room - Transport

Solution Description
At the Check post
Link load balancing between wired and wireless last mile connectivities from two different
MPLS provider will ensure maximum services uptimes to the data Center with intelligent
fault tolerance and traffic management

At the Data Center DC and DR

The Network Intrusion prevention system will provide defense against OS and
applications attacks, DOS, DDOS, Worms and exploits that can cause service outrage or
denials.
Appliance based Load balancers will ensure highest uptimes by providing scalable and
efficient applications load balancing amongst various servers for high availability and site
to site resiliency.
The solution will provide DC-DR failover functionality and transparent failovers.
LinkProof for link load balancing between two different MPLS provider will ensure
maximum services uptimes and reachability from the Check Posts and faster replication
between DC and DR.