Jill D. Headen

Colorado Technical University

CS635-1503A-01 Computer Networking

Distributed Network Solution for Washington State

Professor Jennifer Merritt

August 9, 2015

 

 

 


 

Table of Contents

Project Outline. 3

Distributed Network Requirements Analysis (Week 1) 5

Communication Protocols Analysis and Recommendations (Week 2) 8

Network Traffic Analysis and Recommendations (Week 3) 10

Network Design and Architecture (Week 4) 15

Future Needs Analysis and Recommendations (Week 5) 18

Appendix: Project Approval 22

 

 


 

Project Outline

Brief Description of Enterprise

According to LinkedIn.com, Washington State’s Department of Social and Health Services is the state’s largest government agency with over 10,000 employees. (LinkedIn.com, n.d.). DSHS handles eligibility determination for various programs to assist WA residents who need various forms of aid, including Temporary Assistance for Needy Families (TANF), Food programs, cash assistance programs, and the eligibility decisions within our state. 

Think of DSHS as the field agents who work in offices around the state and who go out to scenes of disaster (such as the Oso, WA landslide earlier this year) and help Washingtonians who need assistance get started in the system.

Field agents gather information that is sent back to the mainframe in Olympia, WA. That information is processed and used by different IT departments for different things, such as the team that generates the barcodes used on the client's file. That particular team is called "Barcode."

This system has an online component used by field agents, a data warehouse to store client information, an eligibility rules engine, a virtual private network so that any State employee or IBM employee can access their work machines remotely, development environments for creating and testing new versions of the software (in addition to the production environment), development tools, and all of the usual applications used to run a typical business: email, word processors, spreadsheets, etc.

In addition to this, both the State and IBM must comply with Federal guidelines concerning the protection of sensitive client information, such as Private Personal Information (PPI) or Health Insurance Portability and Accountability Act (HIPAA) data.

 

Distributed Network Requirements Analysis (Week 1)

Six Major Areas of Functionality

1.     Security: The DSHS system holds sensitive information about (roughly) 5 million active, 485 million historical, Washington residents that must be kept accurate and safe. The distributed network must protect this information from the time it is gathered by the agent in the field office, throughout its lifecycle in the DSHS system, and after it is archived when the client no longer needs the service.

Š      Capacity: The entire system must be secure.

Š      Performance: The entire system should always be secure.

2.     Transparency: In the all-too-realistic event that a data breach or other catastrophic IT event occurs, it must be demonstrable to the citizens of Washington that everything that could have been done to protect the information was done, and done correctly. So, the network should have monitoring capabilities.

Š      Capacity: The parts of the system that should be monitored include anywhere client data is stored and any part of the system that touches the outside world, such as Internet connections within the headquarters.

Š      Performance: Monitoring should happen 24/7 with a competent service or application

3.     Disaster Recovery:  Part of keeping the information safe is making sure that, should disaster occur (such as a volcano erupting), the services that some Washington residents depend on to survive can continue uninterrupted. The network must be robust, redundant, and capable to being upgraded to new versions of hardware and software.

Š      Capacity: All client data should be preserved, along with sensitive documents on the intranet.  This data should not be compromised by being sent in amounts too large for the headquarters mainframe or the network to handle.

The software used such as MS Word does not need to be backed up because it can be accessed via the cloud from Microsoft’s own system.

Š      Performance: Realistically, no system is 100% infallible – this one needs to have every step documented so that if something awful happens, there will be evidence to show that everything that could have reasonable been done has been done. This evidence should be able to stand up in a court of law.

4.     Functionality: Field office information must be able to get to the servers in Olympia. The network is a better solution than mailing in paper forms, although that has been a solution in the past.

Š      Capacity: 2.2 million current clients, untold numbers of archived information

Š      Performance: system use increases after natural disaster, among other considerations

5.     Functionality: Headquarters office workers should be able to access their machines remotely, so the network should provide virtual private networking capabilities.

Š      Capacity: all 10,000+ DSHS employees should be able to access the system except during regularly scheduled maintenance windows that can easily occur during holidays when government offices are typically closed

Š      Performance: VPN

6.     Cost-effectiveness: Everything done in this system is funded with dollars from Washington State taxpayers, such as myself. Therefore, the system should be implemented and maintained using the least expensive of the best solutions. It should use existing hardware and software.

Š      Capacity: 10,000 employees, 24/7 availability

Š      Performance: Between the hours of 7am and 5pm, the system should have little or no effect from all users accessing the system at the same time.

 

Communication Protocols Analysis and Recommendations (Week 2)

1.     Requirement: Security

Š      The entire system must be as secure as possible.

Š      Protocol: Use FTP with encryption to send data from field offices to headquarters

2.     Requirement: Transparency

Š      Monitor the parts of the system anywhere client data is stored and any part of the system that touches the outside world, such as Internet connections within the headquarters. This being an IBM implementation, the chosen network monitor is IBM’s Tivoli Network Manager.

Š      Protocol: TCP/IP – which is one of Tivoli’s compatible protocols.

3.     Requirement: Facilitate Disaster Recovery: 

Š      Important data should be transferred from the Headquarters region to a co-location that is out of physical harm’s way.

Š      Protocol: FTP of encrypted files.

4.     Workers at the Headquarters office should be able to remotely access their machines during times of illness or inclement weather, and Field workers must be able to reliably transfer data to Headquarters

Š      Protocol: Use a VPN with tunneling protocol. According to Microsoft’s Technet article about VPN Tunneling Protocols, “PPTP allows multiprotocol traffic to be encrypted and then encapsulated in an IP header to be sent across an IP network or a public IP network, such as the Internet. PPTP can be used for remote access and site-to-site VPN connections.” (Microsoft Technet)

5.     Requirement: Cost-effectiveness.

Š      The system should use the most cost-effective hardware and software, which includes existing assets that are yet not obsolete. As assets are upgraded, the new assets should be backwards-compatible, if possible.

Š      Protocol: TCP/IP is “The most widely used communication protocol” according to The Network Encyclopedia. Therefore, TCP/IP should be used wherever possible rather than something that will become obsolete and require extensive code changes to accommodate later. Although there are some great features available with IBM’s SNA protocol, it is an older technology and it will incur maintenance costs as time goes on. In fact, as Techopedia defines SNA: “Systems Network Architecture (SNA) is IBM’s proprietary networking 5-level design architecture developed in 1974 for mainframe computers” (Janssen). The terms “proprietary,” “1974,” and “mainframe” are all indicators that this technology will be expensive to implement and maintain.

 

 

 

Network Traffic Analysis and Recommendations (Week 3)

To calculate network usage, I am starting by taking the numbers from the Report on the State of Human Services in Washington that was published in February of this year by Kevin Quigly, Secretary of DSHS. According to the report,  The Department of Social and Health Services (DSHS) is Washington State’s largest state agency. In any given month DSHS provides some type of shelter, care, protection, or support to 2.3 million of our state’s 6.9 million people.” (Quigley 2015).

That is: 2.3 million clients being served by 10,000 DSHS staff members.

To get the number of how many clients each field agent serves, I estimate that about half of the DSHS employees work at Headquarters in Olympia and half of them are in field offices.

If there are about 100 DSHS employees in about 50 offices, then each agent serves about 460 clients each. The math on that is:  2,300,000 clients divided by 5,000 agents = 460 clients per agent

A government employee with perfect attendance works 270 days out of the 365-day year, given that they get Federal holidays off, do not ever have to work weekends, and any extra time spent during times of increased activity (such as after a natural disaster) would be compensated with time off later.

460 clients per agent divided by 270 days = 2 clients per day being seen by each agent. That might not sound like a lot, but some clients may need to come in several times over several days in order to resolve an issue.

DSHS groups their field offices along county lines, and there are 39 counties in Washington State. The three main metropolitan areas of Seattle, Olympia, and Vancouver would have the highest populations and, therefore, the most field offices. I would estimate that half of all DSHS field agents serve these 3 areas. Therefore, the math is: 5,000 agents – 2,500 agents taken up by the 3 biggest cities = 2,500 agents for the other 36 counties. This gives us about 70 field agents per office. If each agent processes 2 clients per day, that is 140 client files being sent to Headquarters every day from each field office.

 

Network Traffic Analysis and Recommendations section:

Each of the major uses of the distributed network.

Š      5,000 DSHS Field Agents accessing email

o   Traffic estimates:

o   Peak traffic times and levels:

§  8am, 85% utilization – initial sign-on for the day

§  12pm to 3pm, 40% utilization (staggered lunch hours, returning from lunch, checking to see if any new emails have come in) during any given hour of the 3-hour window

§  4:45pm, 80% utilization – the pre-leaving for the day activities to send replies, status messages, and answers to management and clients.

o   Other issues: Any email server downtime could result in an increase in utilization while agents explain why replies were late because the system was down

Š      5,000 DSHS Field Agents sending data to the Mainframe back at Headquarters via an encrypted FTP connection.

o   Traffic estimates: This can be done as a nightly batch.

o   Peak traffic times and levels: Night or during the day when a client’s case is urgent

o   Other issues: During times of natural disaster, the field offices around the disaster will experience peaks. Also, although the climate here is mild, there are cold snaps that can cause people to seek help.  Also, a natural disaster bad enough to cause an increase in client activity at field offices could very well be bad enough to harm the DSHS network in that area.

Š      5,000 DSHS employees working from their desks at Headquarters

o   Traffic estimates: Typical 8am to 5pm work day.

o   Peak traffic times and levels: Mornings, after lunch, before going home.

§  8am, 85% utilization – initial sign-on for the day. Part of the boot process for State computers is that it ends by launching Internet Explorer with the DSHS Intranet home page, to verify that everything is working correctly.

§  12pm to 3pm, 40% utilization (staggered lunch hours, returning from lunch, checking to see if any new emails have come in) during any given hour of the 3-hour window

§  4:45pm, 80% utilization – the pre-leaving for the day activities to send replies, status messages, and answers to management and clients.

o   Other issues: There may be a flurry of activity before holidays when employees want to make certain that all work is complete before taking time off.

Š      500 - 1,000 DSHS employees working from home, connecting to the VPN hosted at Headquarters

o   Traffic estimates: Not many employees do this unless there is a pressing need, such as illness or staying home to take care of a family member.

o   Peak traffic times and levels: cold and flu season, when the school year ends and employees’ children need increased supervision

o   Other issues: Increased activity among field workers can mean an increase in activity among the workers at Headquarters who are almost all former field office workers who have been hired for their experience and ability to assist their fellow field agents.

Š       Recommendations:

o   Field Agent area: Create virtual groupings of Washington counties, and then implement a scheduling algorithm (such as round-robin) to transfer all of the data from that virtual region before moving on the next virtual area.

§  Natural disaster consideration: a “secure as possible,” delay-tolerant system that can send the information via cellular or satellite connections.

§  Implementation: One small-ish server per virtual grouping running the same version of IBM zOS as the mainframe back at Headquarters that contains all of the previous day’s data, plus the data from the day before that, and the latest day’s data from the virtual grouping that is physically the farthest from them, for offsite backup purposes.

o   Headquarters area:

§  A fairly “typical” implementation with an emphasis on security should suffice.

§  Implementation: IBM mainframe running zOS for the client data area, a Microsoft server for running SharePoint for the intranet and the email Exchange server, all of the usual necessary desktop machines for running all of the usual Microsoft Office software. Also, there are generators in the basement of the Headquarters building that are checked regularly, usually around the same time as the office has their regular fire and earthquake drills.

 

Network Design and Architecture (Week 4)

Infrastructure:

The network architecture that is suitable for this distributed network includes:

Visual model of the system that identifies the major components

To fulfill the requirement of not bogging down the system by sending large amounts of client data from large regions at the same time, there will be virtual groupings of each of the six areas into three areas, each of which will have one area of large numbers of agents and one area from the more sparsely populated parts of Washington.

Each region will have a secure, encrypted FTP connection to the mainframe at Headquarters where the data will be stored.

Olympia, Eastern Region 2, and the Olympia Peninsula will form one region.

Seattle and Eastern Region 1 will form another region.

Vancouver and Eastern Region 3 will form a third virtual region.

Summary of the estimated cost of the network infrastructure

Item

Use

Cost

Headquarters mainframes for client data

IBM Power System S824

Quantity: 2

Store client data and generate reports.

 

$21,319.00 each

Source: IBM.com

Total: $42,638.00

Headquarters Microsoft IIS servers

IBM Power 710 Express

Quantity: 2

VPN connections, non-client data storage

$6,255.00 each

Source: IBM.com

Total: $12,510.00

Small server in each of the virtual regions IBM Power 710 Express

Quantity: 3

Store and forward each region’s daily client data

$6,255.00 each

Source: IBM.com

Total: $18,765.00

Comcast Business Internet Connection

Connect field offices to headquarters in Olympia

$250/month

$3000 per fiscal year

Source: Comcast.com

Total: $76,913

 

Software required for the network

According to Aditya Gune, “The Tivoli Monitoring product is a catch-all monitoring system for a company's IT infrastructure, and costs around $437 per resource value unit (RVU) license. An RVU license is similar to a PVU license, but relies upon the number of processors used. Tivoli Monitoring for Virtual Environments is specific to virtual servers and hypervisors, and costs $511 per RVU license.” (Gune, n.d.)

The IBM Power System S824 can have two 12-core processors in each mainframe, for a total of 48 processors. 48 times $511 is $24,528.

Each of the five IBM Power 710 Express servers has 8 cores for a total of 40, times $511 is $20,440.

Summary of the estimated cost of the network software: $44,968 plus z/OS charges for one fiscal year.

 

Future Needs Analysis and Recommendations (Week 5)

According to Gene Marks of Forbes magazine, “Consider the options.  All of my clients’ evaluated cloud based hosting services from Amazon, Microsoft and Rackspace.  They also interviewed a handful of cloud based IT management firms who promised to move their existing applications (Office, accounting, CRM, databases) to their servers and manage them offsite.  All of these popular options are viable and make sense, as evidenced by their growth in recent years.  But when all the smoke cleared, all of these services came in at about the same price:  approximately $100 per month per user.  This is what it costs for an existing company to move their existing infrastructure to a cloud based infrastructure in 2013.” (Marks 2013)

At $100 a month for each of DSHS’s 10,000 employees, moving to the cloud would cost Washington taxpayers $1,000,000 a month. That’s $12,000,000 a year. One thing I know for sure: until cloud costs come down, it does not make sense for DSHS to move everything to the cloud.

There is a growing trend of IBM moving more into selling cloud systems, as stated by Forbes magazine’s Trefis Team, “Technology giant International Business Machines has been restructuring its business to boost profitability and focus on new verticals that offer better growth opportunity. As part of this strategy, the company is continuously expanding its portfolio of cloud services.” (Trefis Team, 2015). I hope that this means IBM can find a way to restructure its services into an affordable product for the State of Washington.

Another probable change would be issuing field agents mobile devices, such as an Apple iPad, running a strongly encrypted application to gather information about clients during, or immediately following, a natural disaster. These mobile devices could have a satellite connection so that the agents could help people who were very far from civilization, indeed. They would also enable agents to do all of the paperwork needed at the side of a client’s hospital bed, and clear up and paperwork issues with other departments or entities as quickly as possible.

Finally, incorporating social media into DSHS could be a solution for lessening the stigma of needing and receiving financial help. A discussion among anonymity-protected clients, DSHS workers, and the taxpaying citizens who support the system could lead to some valuable insight about how to make certain this department is as helpful, and long-lived, as possible.


 

References

Comcast.(n.d.). Business Internet. Deluxe 150. Retrieved from: http://business.comcast.com/internet/business-internet/plans-pricing

Gune, A. (n.d.).IBM Tivoli software for enterprise system management. TechTarget. Retrieved from: http://searchdatacenter.techtarget.com/feature/IBM-Tivoli-software-for-enterprise-system-management

Hesseldahl, A. (January 2014). IBM Exploring Sale of Software-Defined Networking Business. ReCode.net. Retrieved from: http://recode.net/2014/01/28/ibm-exploring-sale-of-software-defined-networking-business/

IBM. (n.d.). IBM System z Software Pricing. Retrieved from: http://www-03.ibm.com/systems/z/resources/swprice/

IBM. (n.d.). Power scale-out servers. Retrieved from: http://www-03.ibm.com/systems/power/hardware/scale-out.html

Janssen, C. (n.d.). Systems Network Architecture (SNA). Techopedia. Retrieved from: http://www.techopedia.com/definition/24268/systems-network-architecture-sna

LinkedIn. Entry for Washington State Department of Social and Health Services. Retrieved from: https://www.linkedin.com/company/washingtondepartmentofsocialandhealthservices

Marks, G. (April 2013). Do You Replace Your Server Or Go To The Cloud? The Answer May Surprise You. Forbes/Tech. Retrieved from: http://www.forbes.com/sites/quickerbettertech/2013/04/29/do-you-replace-your-server-or-go-to-the-cloud-the-answer-may-surprise-you/

 

Microsoft (n.d.). VPN Tunneling Protocols. Microsoft Technet. Retrieved from: https://technet.microsoft.com/en-us/library/Cc771298%28v=WS.10%29.aspx

Network Encyclopedia, The. (n.d.). TCP/IP. Retrieved from: http://www.thenetworkencyclopedia.com/entry/tcp-ip/

Quigley, K. (February 2015). 2015 Report on the State of Human Services in Washington. Retrieved from: https://www.dshs.wa.gov/sites/default/files/SESA/office%20of%20the%20secretary/State%20of%20Human%20Services%20Report%202015.pdf

Trefis Team. (March 2015). IBM Cloud Services Part-I. Forbes/Investing. Retrieved from: http://www.forbes.com/sites/greatspeculations/2015/03/06/ibm-cloud-services-part-i/

 

 


 

Appendix: Project Approval

Enterprise Proposal

IBM has a contract with the State of Washington to handle the IT needs for various departments, including mine: The Department of Social and Health Services (DSHS). According to LinkedIn, DSHS has over 10,000 employees.

DSHS handles eligibility determination for various programs to assist WA residents who need various forms of aid, including Temporary Assistance for Needy Families (TANF), Food programs, cash assistance programs, and the implementation of "Obamacare" within our state. 

The actual disbursal of funds is handled by another department. Think of DSHS as the field agents who work in offices around the state and who go out to scenes of disaster (such as the Oso, WA landslide earlier this year) and help Washingtonians who need assistance get started in the system.

Field agents gather information that is sent back to the server in the main building in Olympia, WA. That information is processed and used by different IT departments for different things, such as the team that generates the barcodes used on the client's file. That particular team is called "Barcode."