Date post: | 04-Mar-2016 |
Category: |
Documents |
Upload: | pujonadio-leonardo |
View: | 8 times |
Download: | 0 times |
7/21/2019 7043T_-_TK2_-_P9_-_S10_Team4
http://slidepdf.com/reader/full/7043t-tk2-p9-s10team4 1/10
1 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
IT Services
Group Assignment 2 –
Week 10, May 17th
2015
Team
Team 4:
1. Alexander Gunawan, NIM 1701497840
2.
Armandha Aria, NIM 1701497903
3.
Ghema Nusa Persada, NIM 1701497885
4.
Rico Malibu, NIM 1701497872
SESSION 10 Assignment
1. Team’s recommendation to Carlos Noriega on how to improve SUNARP’s Network (Include
intranet and WAN)
Rekomendasi untuk Carlos Noriega dalam meningkatkan layanan jaringan SUNARP termasuk
intranet dan WAN adalah dengan membuat jaringan intranet untuk komunikasi pada pihak internal
di dalam perusahaannya dan melakukan komunikasi dengan publik melalui jaringan WAN.
Peningkatan yang dapat dilakukan melalui jaringan intranet adalah
Membuat website karena web yang cukup fleksibel dan mudah digunakan.
Membuat enkripsi khusus dan perlindungan keamanan lainnya dalam menghubungkan satu
bagian intranet dengan bagian intranet lainnya.
Meningkatkan kemampuan berbagi sumber daya (printer, scanner) serta koneksi dengan
internet.
Memperbesar ruang penyimpanan disk virtual untuk mengantisipasi banyaknya data.
Melakukan integrasi dengan layanan e-mail.
Membuat cross-platform web agar dapat diakses oleh berbagai web browser pada sistem
operasi yang berbeda.
Menyiapkan ketersediaan pembaruan sistem.
sedangkan untuk jaringan WAN adalah
Membuat satu data center secara terpusat .
7/21/2019 7043T_-_TK2_-_P9_-_S10_Team4
http://slidepdf.com/reader/full/7043t-tk2-p9-s10team4 2/10
2 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
Membuat teknologi WAN secara point to point, dimana jaringan yang dibangun mempunyai
banyak koneksi secara fisik, namun untuk operasi dalam satu waktu hanya ada satu fungsi
koneksi.
Membuat sistem keamanan melalui proxy dan firewall untuk membatasi jaringan internet
yang dapat mengancam jaringan.
7/21/2019 7043T_-_TK2_-_P9_-_S10_Team4
http://slidepdf.com/reader/full/7043t-tk2-p9-s10team4 3/10
3 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
2. Team’s design on building SUNARP’s security management
As SUNARP need to do integration and unification of the information in the different public registry
offices in the whole country and also accept access from external party (ex: another government
agency, payment vendor: VISA)
Transaction With Visa/Alto/MasterCard
Dalam Proses ini menggambarkan jika customer ingin melakukan pembelian atau pembauaran
melalui online diperlukan kerjasama dengan pihak bank terkait dengan sehingga jika telah
melakukan kerjasama dengan pihak bank terkait akan diberikan autentifikasi dan kepercayaan
berupa notofikasi yang dikirim via phone cell / email customer. Jika sesuai dengan nama orangtua
yang terdaftar maka akan diberikan notifikasinya ulang untuk verified transaction.
Figure 1 - Transaction With Visa/Alto/MasterCard
7/21/2019 7043T_-_TK2_-_P9_-_S10_Team4
http://slidepdf.com/reader/full/7043t-tk2-p9-s10team4 4/10
4 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
Cash Transaction with ATM
Figure 2 - Cash Transaction with ATM
7/21/2019 7043T_-_TK2_-_P9_-_S10_Team4
http://slidepdf.com/reader/full/7043t-tk2-p9-s10team4 5/10
5 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
3. Team’s Strategy related to SUNARP’a region capacity planning (except Lima)
Background
There is a lot of application is located in Lima, but the registrar is actually located outside of Lima.
Peru’s total population in 2014: 30,970,408 with average annual growth rate 1.39%
(http://www.worldpopulationstatistics.com/peru-population/), Average annual growth rate figure
will be used as base for Capacity Growth Rate
SUNARP’s Revenue for Service Fees (2003 - US$) (www.sunarp.gob.pe) showed that 63% of total
revenues mainly come from Lima or Zone No IX and the rest of 27% goes to other regions.
Figure 3 - SUNARP Technological Infrastructure
Current SUNARP Technological Infrastructure Diagram showed that
Have one head office and one office in each region (Region related)
Regions connected through WAN (Region related)
Using Physical Server at head office (Head Office related)
Using Centralized Storage at head office (Head Office related)
Using separate network of internal and DMZ network (Head Office related)
Secured using multi-level firewall (Head Office related)
7/21/2019 7043T_-_TK2_-_P9_-_S10_Team4
http://slidepdf.com/reader/full/7043t-tk2-p9-s10team4 6/10
6 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
Suggested Solution
Capacity Planning for regions are as follow:
1.
Utilization
As SUNARP have assumed capacity growth rate of 1.39% annually (and will grow each
year), current infrastructure should be optimized to handle it. They can be done with usage
of current technology to optimize performance. For example is usage of certificate base
document format for security in PDF file
2.
Trend
Enhancement should be done in several areas, particularly infrastructure related
Regions connected through WAN can be simplified by using internet with VPN tostreamline between SUNARP network to Peru’s global network infrastructure
Turn a Regional Office as a Disaster Recovery site as backup site to current Data
Center at head office
Additional servers can be added in regions (as required) to speed up local
processes equipped with local temporary Storage / Cache. The storage can be
mirrored to head office or Disaster Recovery site in idle / off-work time
Other enhancement will also required in Head Office
Using Physical Server at head office can be simplified by implementing Virtual
Servers to increase availability (Head Office only)
Using Centralized Storage at head office should be enhanced with use of Network
Attached Storage to ease storage upgrade path (Head Office only)
3.
Forecast
As trending technology is adopted they will fulfill the forecast requirement. Annual capacity
growth is part of that forecast.
4.
Adjustment
The result of utilization, adoption of trending technology should be adjusted according to
current situation whether the resource is required or should not be used
5.
Tuning
The result of utilization, adoption of trending technology should be tuned according to
current situation with change/adjustment of parameter of the resource
7/21/2019 7043T_-_TK2_-_P9_-_S10_Team4
http://slidepdf.com/reader/full/7043t-tk2-p9-s10team4 7/10
7 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
4. Team’s recommendation if Carlos Noriega would like to build 2 data center (DC & DRC),
location and things to consider of Facility Selection criteria
Data Center / DCKarena SUNARP menggunakan infrastruktur WAN dengan bantuan DMZ seperti pada Figure 3
Maka, lokasi data center akan ditempatkan di kota Lima, Peru. Ada beberapa hal yang harus
dipertimbangkan :
1. Data Center Environmental Control, meliputi :
Air flow / Sirkulasi udara : usahakan antara panas yang keluar dari peralatan dan sistem
pendingin jangan sampai bertumpukan, dapat diatasi dengan in – row cooling unit (
pemisahan berdasar lorong panas / dingin ) dan hot / cold containment aisle ( isolasi lorong
dingin agar tidak tercampur dengan udara panas yang keluar ).Nantinya, udara panas akan
keluar melalui ventilasi dan pertukaran udara dingin akan terjadi di saluran udara
2.
Temperature
Temperatur tinggi biasanya ada di atas / samping dan temperatur rendah biasanya
terletak di depan / bawah rack. Ada beberapa sumber rekomendasi tentang
temperatur :
Dari IT Vendor : 70 –75 °F (21 –24 °C)
Dari American Society of Heating, Refrigerating and Air-Conditioning Engineers
(ASHRAE) : 68 –77 °F (20 –25 °C) dengan kisaran minimum dan maksimumnya adalah
59 –90 °F (15 –32 °C)
7/21/2019 7043T_-_TK2_-_P9_-_S10_Team4
http://slidepdf.com/reader/full/7043t-tk2-p9-s10team4 8/10
8 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
Sedangkan menurut penelitian, temperatur data center yang berada dibawah 70 °F /
21°C merupakan sebuah pemborosan energi dan uang.
3.
Humidity sensor ( Biasanya diletakkan ditempat yang tinggi ) dan water control (biasanya
diletakkan di bawah rack / raised floor ) dengan memakai sensor, karena kebocoran pada
chiller / sumber lain dapat menyebabkan korsletting.
4. Fire suppression monitoring, namun perlu diimbangi dengan pengecekan peralatan berkala
oleh admin, agar kiranya siap digunakan ketika kebakaran terjadi.
5. Static electricity sensors / grounding yang baik untuk menghindari timbulnya listrik statis
6. Yang tidak kalah pentingnya adalah Security Access Door pada pintu ruangan, serta room /
rack entry sensor untuk mengantisipasi tindakan security bypass
Citasi : http://searchdatacenter.techtarget.com/tip/Five-questions-on-data-center-environmental-monitoring
Interconnection
Tampak di gambar, SUNARP memakai WAN sebagai metode pengiriman data.
Figure 4 - SUNARP's Office Interconnection
Karena jaringan yang terbentuk sudah cukup besar, mungkin akan sulit untuk mengganti, namun
bisa disarankan agar memakai Virtual Private Network dimana VPN memanfaatkan dedicated line
( telephone network / internet ) sebagai media perantaranya dan dilakukan penambahan informasi
pada header sebagai implementasi network tunneling. Serta, sebelum dikirim, paket akan
mengalami proses enkapsulasi antara router di kedua sisi jaringan dan dienkripsi dengan public /
symmetric key encryption.
7/21/2019 7043T_-_TK2_-_P9_-_S10_Team4
http://slidepdf.com/reader/full/7043t-tk2-p9-s10team4 9/10
9 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
Security
Dari sisi security, di gambar terlihat SUNARP sudah menerapkan beberapa firewall dan DMZ untuk
koneksi ke luar, beberapa hal yang perlu dipertimbangkan :
Untuk firewall dapat menggunakan applikasi seperti palo alto firewall, dimana sudah mencakup :
File blocking, Data Filtering, Vulnerability Protection ( deteksi vulnerability setiap aplikasi
yang terinstall ) , anti - virus, anti - spyware, URL Filtering ( tidak perlu lagi memakai proxy,
karena sudah terakomodasi di firewall ), dan Application Control (background process, network
connection, queries).
Monitoring
Karena SUNARP masih memakai IDS yang bersifat detection saja, maka bisa dikembangkan ke
IPS ( Intrusion Prevention System ) yang bisa diklasifikasikan ke beberapa kategori : host based,
wireless, network(email,svn,file encryption), dan network behavior. Serta deteksi mencakup :signature, statistic anomaly, stateful protocol.
Storage Management
Untuk capacity planning, dimana data akan semakin besar, dianjurkan agar memakai konfigurasi
RAID 1 – 0. Dikarenakan, data akan diakses banyak orang dan mempertimbangkan efisiensi
sehingga parity pada RAID 5-0 tidak dianjurkan karena akan memakan waktu. Cara penyimpanan
dianjurkan untuk memakai sistem kompresi, mengingat data akan diakses secara WORM (
Write Once Read Many ).
Sedangkan untuk backup strategy, akan dilakukan Differential Backup, dimana merupakan sistem
backup yang menyimpan data perubahan yang terjadi selama kurun waktu tertentu dan akan
disimpan di lokasi terpisah sebagai Disaster Recovery Center ( DRC ) dengan memakai warm
standby disaster recovery strategy.
Disaster Recovery Center ( DRC )
Untuk disaster recovery center tidak perlu ditempatkan di tempat yang terlalu jauh agar proses
relokasi lebih mudah dan cepat. DRC di indianapolis (https://www.fema.gov/ ) atau iron mountain
di US (http://www.ironmountain.com/Services/Data-Management/Disaster-Recovery/Disaster-
Recovery-Support.aspx ) bisa menjadi solusi alternatif yang cukup baik.
Fasilitas yang kira – kira dibutuhkan dalam sebuah DRC :
1.
Raised Flooring
The server room’s floor is raised to protect all hardware and equipment from floodings
2. Air-Conditioning
The server room is equipped with split air-conditioning. With this facility, the servers will be
able to perform in optimal environment.
3.
Fire Extinguisher Fire extinguishing equipment is provided at the DRC for fire security.
7/21/2019 7043T_-_TK2_-_P9_-_S10_Team4
http://slidepdf.com/reader/full/7043t-tk2-p9-s10team4 10/10
10 | IT Services - Group Assignment 2 – Week 10, May 17th 2015 – Team 4
4. CCTV
CCTV is installed in the server room to monitor and observe activities.
5. Access Card System
To enter the DRC and server room, access card system is implemented allowing only authorized
personnel to enter the facility.
6. Smoke Detector
Smoke detector is installed.
7. Uninterruptible Power Supply (UPS) and Generator
TNB power passes through the inverter – converter of the UPS system and output of the UPS
system supplies power to the computer facility. This isolates the facility from utility transients
and outages. Complete protection is provided from power surges, outages, voltage
fluctuations, power frequency fluctuations and loss of utility power. If the power outage is foran extended period, a generator will be activated to continue to support the servers and
equipment in the DRC.
8. Alarm System
Alarm system is implemented for unauthorized intrusions.
9. Broadband Wireless
This solution offers reliable and secure, high-speed connectivity with lower total cost compared
to leased line, T1/E1 lines and similar wireless access solutions.
10.
Telephone and Internet Services
Internet and telephone services are enabled with Broadband Streamyx and telephone lines
installed throughout the DRC.
11. Networking Services
The DRC is well equipped with all necessary points for networking purposes. The facilities must
be able to perform in an optimal environment. With this routine activity, CMG Online can
ensure its customers are on full protection from data loss due to damaged equipment, software
upgrades, viruses, user errors, hackers and theft.
Citasi : http://www.cmg.com.my/business-solutions/disaster-recovery-center-drc