EEE – September, 2003

RUPA- Unified Network for Public AgenciesRUPA- Unified Network for Public Agencies

Claudio Brosco

2EEE – September, 2003

AgendaAgenda

RUPA overview RUPA today: highlights Architecture & Services Security Outcome of RUPA experience The Future

3EEE – September, 2003

RUPA (Rete Unitaria delle Pubbliche RUPA (Rete Unitaria delle Pubbliche Amministrazioni): Amministrazioni):

Overview Overview

In 1998 Telecom Italia won the tender issued by AIPA (Authority for the IT in the Public Administration) for provision of an integrated network connecting Public Agencies

As per conditions set in the Tender, Path.Net was created in 1999 by Telecom Italia with the task of operating the RUPA contract

RUPA Contract characteristics: yearly price adjustment to lowest market fees very demanding SLA (Service Level Agreement) conditions

Deployment of RUPA Customer Networks started in the year 2000: up to date it includes all Italian Government Agencies and Ministries and the main Local Agencies.

4EEE – September, 2003

RUPA Overview RUPA Overview TargetsTargets

promoting electronic exchange of information among Public Agencies

enforcing a common platform for data transmission allowing development towards the Italian e-Government

model:

Central PAs provide back office Applications to be utilized by Local PAs. These provide front office online services and information to the public or to enterprises (G2C and G2B).

Access to services by citizens/enterprises is provided by means of Portals at PA premises or through the Internet (the official portal is www.italia.gov.it)

5EEE – September, 2003

RUPA is widespread throughout Italy with POPs in 103 cities

Up to date (August 2003) consolidated numbers: - 70 Public (Central and Local) Agencies - more than 7.700 sites connected

RUPA today:RUPA today:POPs and CustomersPOPs and Customers

0

1000

2000

3000

4000

5000

6000

7000

8000

gen-

00

mag

-00

set-0

0

gen-

01

mag

-01

set-0

1

gen-

02

mag

-02

set-0

2

gen-

03

mag

-03

set-0

3

Nr.

of

site

s

Comune di RomaRegione LazioRegione CampaniaRegione LombardiaRegione MarcheRegione Emilia RomagnaRegione PiemonteRegione Basilicata

0

1000

2000

3000

4000

5000

6000

7000

8000

gen-

00

mag

-00

set-0

0

gen-

01

mag

-01

set-0

1

gen-

02

mag

-02

set-0

2

gen-

03

mag

-03

set-0

3

Nr.

of

site

s

Comune di RomaRegione LazioRegione CampaniaRegione LombardiaRegione MarcheRegione Emilia RomagnaRegione PiemonteRegione Basilicata

6EEE – September, 2003

RUPA today: RUPA today: TrafficTraffic

MONTHLY TRAFFIC DISTRIBUTION

INTERNET18 900 GBytes

EXTRANET700 GBytes

INTRANETS3 300 GBytes

7EEE – September, 2003

CONNECTED SITES SPEED DISTRIBUTION2.3

80

1.1

48

1.6

04

239

491

262 1.5

20

61

-

500

1.000

1.500

2.000

2.500

64 K

bps

128 Kb

ps

256 Kb

ps

384 Kb

ps

512 Kb

ps

768 Kb

ps

2 Mbp

s

34 M

bps

Speed

Nr.

of si

tes

RUPA today:RUPA today:Speed distributionSpeed distribution

8EEE – September, 2003

RUPA today:RUPA today:economicseconomics

-

1

2

3

4

5

6

7

8

1998 1999 2000 2001 2002 2003

Ban

dw

idth

(Gb

it/s

)

Bandwidth

Price/Bandwidth

- 75

- 50

- 25

- 100

- 125

Pri

ce/B

and

wid

th R

atio

(€ m

illi

on

/ G

bti

/s)

Savings due to yearly price adjustment to lowest market fees

Present total RUPA Costs: about € 100 Millions per year

9EEE – September, 2003

RUPA today:RUPA today:Principal Extranet ApplicationsPrincipal Extranet Applications

vehicles circulation tax Taxes DBLocal territorial ISIncome tax observatorySocial Security DBElectronic Tax formHuman Resources IS for Ministry of the Treasury

PAs Electronic Fund Transfer PAs General AccountancyMinistry of Agricolture DBCourt for Bankruptcies DBJail System DBEnterprises Unified PortalMonitoring of Government Program

10EEE – September, 2003

P.A. VPN

Interconnecting Domain

OLO/ISP

ASP

P.A. VPN

P.A. VPN

CITIZENS & ENTERPRISES

INTERNET

Architecture & Services - 1Architecture & Services - 1

RUPA includes VPNs belonging to different Central PAs interconnected through single gateways. Also Local PA VPNs, private enterprises and citizens are connected through local network providers & Internet.

11EEE – September, 2003

Architecture & Services - 2Architecture & Services - 2

Transport Services (for intranet, extranet and internet) IP and ATM on the entire italian territory (accessed by leased

line, ISDN, XDSL, SDH local loop): up to 155Mb/s Metropolitan Area Network in major cities: up to 100Mb/s In preparation:

• multimedia services

Management and professional services performance & traffic monitoring customer network management help desk and technical assistance 24x365 technical support in designing Customer VPN capacity planning

12EEE – September, 2003

Security key issuesSecurity key issues

92% risk reduction measured through an Authority approved Risk Analysis algorithm.

Conformance to International Standards for Security Continously updated Security System through Approved

Procedures and yearly auditings Provided Security Services:

Firewalling Antivirus Intrusion Detection Penetration tests Vulnerability assessment

13EEE – September, 2003

Security MeasuresSecurity Measures

Secure Network Management Centre distributed through Independent Screened Subnets

Intranet traffic segregation for each PA

Extranet traffic interchange through secure gateways

Access to the Internet through a single secure gateway;

Up to date Intrusion Detection Systems

Operators Authentication through Token System

14EEE – September, 2003

Some relevant new projects on RUPASome relevant new projects on RUPA

MIUR: An XDSL network for 11.000 schools(intranet & internet)

INPS: Data Centre Business Continuity

Min. della Giustizia: A customized Firewalling solution

Regione Lazio: A network for e-Lazio

Monopoli di Stato: “Bingo” network

Ministero Interno: Demographic Services

AGEA: A network for agriculture subsidies data transfer

Several Central P.As. Metropolitan Area Networks

15EEE – September, 2003

Outcome of RUPA experienceOutcome of RUPA experience

Great reduction in costs/bandwith ratio for all services

Increase of bandwidth demand by PAs (annual average increase of 39%)

Standardization of applications networking in the PAs

Fast provisioning of Customer links and low time to restore

Increased Network Security

Need for different standards of service according to Customer requirements

Long time and high costs needed to change Network solution

16EEE – September, 2003

The future:The future:SPC (Sistema Pubblico di Connettività)SPC (Sistema Pubblico di Connettività)

Main targets:

- To provide a shared infrastructure both for implementing PAs intranet as well for the interconnection between PAs, promoting the homogeneous development on the entire territory and saving as much as possible the assets/investments already been deployed.

- SPC, although based on the Internet paradigmas, should offer guaranteed performances

- Services should be diversified in terms of quality and security, depending on the different requirements

- to allow interaction between PAs and the external environment (enterprises, research, citizens, etc.), providing diversified access privileges

- to found a multivendor system that can leverage on the market opportunities

17EEE – September, 2003

SPC ArchitectureSPC Architecture(source: Centro Tecnico della Presidenza del Consiglio dei Ministri)(source: Centro Tecnico della Presidenza del Consiglio dei Ministri)

SPC ArchitectureSPC Architecture(source: Centro Tecnico della Presidenza del Consiglio dei Ministri)(source: Centro Tecnico della Presidenza del Consiglio dei Ministri)

T

3

Internet Qualified Internet

ASP 1 ASP 1

Citizens & Enterprises

PACRUPAR

PAL

PAC

RUPARPAL

PAC

RUPAR

PAL

Quality Monitoring Centre

Security Management Centre

National ISPRegional ISP

Local ISP

Other networks

ASP 2 ASP 2

ASP 3 ASP 3

Provider 1

Provider 2

Provider 3

CERTIFIED PROVIDERS

RULE 1

RULE 2

…

QUALITY-SECURITY RULES