Date post: | 07-Nov-2014 |
Category: |
Government & Nonprofit |
Upload: | igp-internal-security-division-bangalore |
View: | 376 times |
Download: | 4 times |
Sanjay Sahay,ADGP, Police Computer Wing, Bangalore
Police Department
KSP Composite Computerization Model
GOVERNMENT OF KARNATAKA
Presentation Structure
• Evolution• DC and Networking• Software / CCTNS • Police IT - CCTNS Interface / Governance Structure • Capacity Building• Project Challenges• Future plans• Conclusion
IT Evolution at KSP
Chronology of Computerization
P r e - C C T N S C C T N S
M/s HP Signs MSA on Dec 7, 2011 as SI
M/s GT Signs MSA on Jun 21, 2012 as SPMU
KSP Computerization Model
Enterprise ModelPeople Process Technology Infrastructure Governance
• Internal Champions
• Capacity Building
• Nodal Officers
• Sys Admins• Handholding
• BPR• Integration• Automation
• ERP• Web Service• Active
Directory• SMS
Gateway• e-Pen
• KSP DC• KSP WAN• DR Centre• EMS• Centralized
AV• Automated
Backup
• Core Team• SCRB Nodal
Officer• District Nodal
Officer• Central NOC• Helpdesk
CONFEDENTAIL : INTERNAL USE ONLY
Core Infrastructure
Disaster Recovery Center
• Disaster Recovery Center for KSP is
located at NIC Data Center, Shastri
Park, New Delhi.
• NIC has provided 4 racks and
Infrastructure facility to host the DR
site.
• The Network connectivity between DC
and DR has been established through 4
Mbps MPLS Link.
• The DR Implementation is in progress
and DR will be made operational in
next 3 months.
Sl. No. Name of Device Capacity Quantity
1. Server 10
2 Storage 32 TB 1
3 Network Switches 2
4 SLB / GSLB 1
5 Firewall 1
6 NIPS 1
14 FCIP Router 2
15 FC Switch 1
KSP Wide Area Network
45 locations 1,2 & 4 Mbps leased line
1458 locations 512 Kbps and 1 Mbps
VPNoBB
45 Mbps aggregation bandwidth
16 Mbps Internet leased line
KSPDC
Karnataka State Police Wide Area Network
Type of Network Number of Links at Initiation
Number of Links at Present
MPLS 39 45
VPNoBB 1350 1458
ILL 2 2
Type of Network
Initial Bandwidth
Present Bandwidth
MPLS (Aggregation)
10 Mbps 45 Mbps
• Karnataka State Police Wide Area Network, (KSPWAN) was created in the year 2009 with BSNL
• This was successfully implemented jointly by BSNL and the Karnataka State Police.
• This Network is a combination of 45 MPLS and 1458 VPNoBB connections
• Connects all police station and higher offices across the state.
• Fixed IP has been implemented on VPNoBB connection
• In addition 16 Mbps Internet leased line has also been provided.
Network Availability
KSP Databases
Name of Database Description
Police IT Police IT Database for all functional modules
CCIS Crime and Criminal database
MVVC Motor Vehicle Database
G-care GIS Database
DC IT-Infrastructure - HardwareSl. No. Name of Device Capacity Quantity
1. Server 24 (46 VM)
2 Storage 32 TB 1
3 Network Switches 7
4 Routers 2
5 SLB / GSLB 2
6 Firewall/UTM 4
7 NIPS 2
8 SIEM 1
9 Tape Library 1
10 Racks 6
11 NAS 1
12 MCU 1
13 MUX 2
14 FCIP Router 2
15 FC Switch 2
DC IT-Infrastructure - SoftwareSl. No. Name of Software
1. Windows Server 2008 R2
2 Redhat Enterprise Linux
3 Ubuntu Linux
4 MS SQL 2008 R2
5 MS Share Point
6 PMIS
7 EMS
8 Data Protector
9 Arcsight Express
10 Radware Absolute Vision
11 Zimbra Mail server
12 EVA Command view
13 VMWare vSphere
14 MS Hyper-V
15 MS Visual Studio
16 MS VSS
17 Kaspersky End Point Protection Anti Virus
18 Windows Software Update Service
Hardware DetailsSl.
No. Computers & Peripherals Total
1 Desktops 82332 Thin Clients 15853 Laptop 6144 Laser Jet Printers 14785 MFPs 14196 Dot Matrix Printer 14477 Servers 1988 UPS 44649 Scanner 1235
10 Web Camera 88211 LCD TV 3712 Switches 218013 Projector 7412 Digital Cameras 90613 Electronic Pens 90614 External Hard disk 1317
Total Hardware 26975
Total Hardware
Hardware at each Unit
KSP Security Solution
Defense in Depth technology adopted in KSP to ensure each layer is protected from attacks.
• Two Tier Security protection from all traffic.
• Full fledge Intrusion Prevention System.
•SIEM for log management and Event Analysis.
• OS hardening.
• Regular patch management.
• End point protection for Servers and Desktops
• Role based Access.
• Vulnerability assessment for Critical assets.
Core Functionalities•Crime•Law & Order•Traffic
Administration•Administration•Finance•StoresAncillary support•Armed Reserve•Motor Transport•TrainingTechnical Modules•Wireless•Forensic Science •Laboratory
11Modules
64Roles
522Screen
417Reports MIS
Police IT - ERP
CCTNS
• One of the 27 Mission Mode Projects (MMP)
Police under NeGP
• Centralized Planning / De-centralized Execution
• Ministry of Home Affairs (MHA) is the nodal
agency
• Rs. 2000 Crores for the Scheme in 11th Five-year
Plan
•Nationwide networked infrastructure for
“investigation of crime and detection of criminals”
• Aims to cover:
• 14000 Police Stations and 6000 higher
offices
• Software, DC/Network, Client Side
Infrastructure, Data Migration, Capacity
Building, O&M and handholding
• Critical interfaces with:
• Citizens
• intelligence agencies, passports, road
transport authorities, etc.
Police IT - CCTNS
• Present Project Duration - 7th Dec, 2011 to 6th Dec, 2014 • SI – HP• SPMU – Grant Thornton
Police IT - CCTNS
Project Governance structure
Internal Resources for CCTNS Project
Resources Number
SCRB Nodal Officers 26
District / City / Units Nodal Officers 94
System Administrators (MCSE and CCNA) 75
Police IT Operators 3000
External Resources
SPMU (GT India) Role Qualifications
Project Manager B. Tech + MBA
Infrastructure Specialist B. Tech
Database and Application Specialist
B. Tech
Operation Manager B. Com + Domain Expert
Consultant MCA
SI (HP India) Team Number
Core Management 2
Team leads 5
Software Team 30
DC Operations 6
Trainers 35
Hand-holder 115
CCTNS Software Status
Legends: Completed Yet to be completed
Citizen Portal Services under CCTNS
Transaction Services• Complaint Registration
• Tenant Verification
• Servant Verification
• Permission Request for Processions and Rallies
• Passport Verification Status
• Arm License Verification Status
• Application for Character Certificate
Information Services• Missing Persons Listing (with Photographs)
• Proclaimed Offenders Listing
• Stolen/ Recovered Vehicles Listing
• Unidentified Dead bodies (with photographs) Listing
• Abandoned / Unclaimed/recovered Properties Listing
• Most Wanted Criminals Listing (with photographs)
Other Applications in use
SMS/e-Pen Integration in FIR
SMS Integration Citizen can track status of his/her
application on website of 'Sakala'/KSP using GSC number
Citizen to get SMS update at every stage of FIR lifecycle
• Registration• A-Report, B-Report, C-Report• Disposal
e-Pen Integration FIR copy to be signed electronically at
time of filing• By Complainant• By Processing Officer Greater assurance to citizens for service
delivery Transparency in process Authenticity of information No scope for Suppression of facts /Denial
of service
Service Delivery Scheme under 'Sakala'
15 digit unique GSC number through SMS
Track status on website of 'Sakala'/KSP
Status Update Through SMS
Sl. Service Name (under sakala)Maximum no. of days to get service delivered
1 Arms License Issue and Renewal Verification 302 Certification of Finger Print 203 Issue of copy of FIR to the complainant 14 License for Amplified Sound System 35 License for Amusement 156 Missing Report of documents, Mobile phone etc. 17 No objection to return to India permission in respect of Tibetans 208 No obligation to return to India (NORI) Certificate 209 NOC for Passport Verification 20
10 NOC for petrol pump, gas-agency, hotel, bar etc. 711 NOC for Residential Permit Extension 712 Permission for Peaceful Assembly and procession 1513 Police Clearance Certificate 2014 Police verification Certificate for Coolies/Loader/Class IV Security Staff/Supervisor at Airport 20
15 Police Verification Certificate for domestic servants/house keeping 2016 Police Verification Certificate for Institutions/ Companies 2017 Police verification Certificate for Marriage Alliances 20
18Police verification Certificate for Training Apprenticeship at PSUs/trainees/Workers at Govt. Institutions
20
19 PVC for Central /State Govt. employees if request is received directly by the employee 2020 Receipt and Disposal of Petitions 4521 Service Verification 20
List of Other ServicesSL Functions/Services Type
1 First Information Report G2G
2 Crime Details (Spot Mahazar ) G2G
3 Property Seizure G2G
4 Arrest/Court Surrender Memo G2G
5 Charge Sheet/ Final Report G2G
6 Court Disposal G2G
7 19 Sakala Services (Citizen) G2C
8Service Verification (under Sakala)
G2E
9Police Service Verification for companies (under Sakala)
G2E
• Integration using web-service
• Electronic FIR Transfer
• Electronic Charge-sheet Transfer
• Online Acknowledgment from Courts
Court Integration
KSP-DC
High Court Server
Jurisdictional Courts
Jurisdictional PS
e-Court
Police-IT
Capacity Building at KSP
Training InfrastructureTraining Infrastructure
Mapping of End-UsersMapping of End-Users
Deployment of TrainersDeployment of Trainers
Training for 75 System Training for 75 System AdministratorsAdministrators
Basic Training for Basic Training for End-UsersEnd-Users
Training Curriculum Training Curriculum Basic IT & Police ITBasic IT & Police IT
Training for Training for Nodal Officers Nodal Officers
of all Unitsof all Units
Training for Training for Technical TeamsTechnical Teams
of all Unitsof all Units
Police IT Training Police IT Training for End-Users for End-Users & Handholding& Handholding
Capacity Building under CCTNS
Pre-CCTNS Training
Capacity Building under CCTNS
• Change Management Program
• Training for Trainers
Project Challenges
Challenges in e-Governance
• Inadequate Specifications of present and future Requirements• Absence of internal champion to lead and sustain the transformation• Inadequate people capacity• Lack of consultants with deep domain expertize• Project Execution Challenges• Lack of belongingness of most of the system integrators
Future Plans
Advanced Solutions External System Integration
Future Plans…
• ISO 27001 Security Policy
• Upgrade of Application from .NET 1.5 to .NET 4.0 and DB from SQL server 2008 to 2012
• Video Conference between jails and courts for trials
• Building Redundant link at all levels for failover protection
• Any time anywhere access with data, voice and Video over SSL VPN
• Vulnerability Assessment and Penetration Testing for proactive protection
CONFEDENTAIL : INTERNAL USE ONLY
CONFEDENTIAL : INTERNAL USE ONLY
Key Functions and Services
SL Functions/Services Type Current Load Future Load
1 First Information Report G2G
2 Crime Details (Spot Mahazar ) G2G
3 Property Seizer G2G
4 Arrest/Court Surrender Memo G2G
5 Charg Sheet/ Fina Report G2G
6 Court Disposal G2G
7 19 Sakala Services G2C
8Service Verification
G2E
9Police Service Verification for cos.
G2E
CONFEDENTIAL : INTERNAL USE ONLY
Issues and Challenges
4. challenges we faced
a)
b)
c)
5. issues presently on hand
a)
b)
c)
Current IT infrastructure Applications :
Info Response
• Number of Applications 13
• Applications currently being used
Police IT, Web Application, KSP WEB Application, Zimbra Mail, NNM, OM, Kaspersky, Antivirus Security Center, Arcsite, SM, Falco, EMS, e-Court, Proxy, PMIS, AD, G-Care
• Future of the applications
• What applications can be delivered SaaS model
• Interoperability of SaaS model
• Overall SLA * of application required (Ex 98% )
• Does Karnataka Govt. already running any application SaaS model No
• View of the department about the future
CONFEDENTIAL : INTERNAL USE ONLY
Current IT infrastructure Compute : Info Response
• Number of Physical Servers 25
• Typical Physical server configuration : Example ( 2 x Quad core, 24 GB RAM,4 x 1 Gbps NIC)
4 Nos. of AMD Opteron Processor 1.99 GHz, 8 Core,
• Number of servers which are more than 60 % to 80 % CPU utilization 4 Servers
• Number of servers which are between 40 % to 60 % CPU utilization 14 Servers
• Number of Servers which are between 20 % to 40% CPU utilization 7 Servers
• Peak and average utilization. daily, weekly, monthly for last 1 year • Any Physical server which are virtualized Yes, 10 Servers• If Yes, what virtualization technology is used ( VMware, Hyper-V, Xen or
KVM) Hyper-V, VMware
CONFEDENTIAL : INTERNAL USE ONLY
Current IT infrastructure Block Storage (SAN) :
File Storage ( NAS ) :
Info Response
• Model Name : Example { EMC CX4-120 or Netapp FAS 3020 } HP storage works P6500
• Frontend Protocols used : Example { FC ( 4 Gbps) or iSCSI ( 10 Gbps) } FC
• Total usable capacity : Exampled { 10 TB } 32 TB
• Total used capacity : Example { 4 TB } 26 TB
Info Response
• Model Name : Example { EMC Celerra or Netapp FAS 3020 } HP X1800• Frontend Protocols used :
• Total usable capacity 1.5 TB
• Total used capacity 1.2 TB
Current IT infrastructure Backup :
Info Response• Backup Software : Example { Symantec } HP Data Protector• Backup Architecture : LAN Based Backup or SAN based Backup LAN • Backup Target Device : Store backup data on Tapes (LTO) or Disk, or Deduplication
appliance Store backup data on Tapes and De-duplication appliance
• Backup Policy : Example { Daily Incremental and weekly Full backup } Daily Incremental , Weekly Full backup , Monthly Full Backup
• Backup Retention policy ? : How long data has to be maintained for compliance reasons Weekly Tape – 3 Weeks, Monthly Tape – 2 Months, Logs Tape – 3 Years
• Backup Window ? : Time given to your IT team to complete full backup ,example { 8 hours on Sat } 8 hours
• Restore Window : In how many hours or days the data has to be restored from backup copy and produce it to authorities
• How Many Servers are backed up ? Weekly - Critical Servers, Monthly – All Servers
• What is full backup Size ? 2614 GB• DO you backup Desktop and laptops as well ? NO
• If No, Do you need your employee desktop and laptop to backed up ?
• ARCHIVE Policy . Strategy . Volume of Archive data
Current IT infrastructure Network details :
Info Response
• Network Switches : Director class or modular • What network you are on ? Example { 1 Gbps or 10 Gbps } 1 Gbps• How is your network structured if you have remote offices connected to central
application or DC Data Center• Bandwidth Usage 60 to 70 %
• Latency Issues if any No
• Network losses if any No
• User Access Provided : Example Wireless, wired, VPN or Mobile access Wired
• Network Load Distribution :Example remote (10%) and Internal ( 90 %) users Internal (100%)
CONFEDENTIAL : INTERNAL USE ONLY
Current IT infrastructure
Info Response• Firewall : Hardware or software Hardware• Data at Rest Encryption ? Yes or No Yes• Data at Transit Encryption ? Yes or No No• VPN ? Yes or No No
• Compliance requirements : Example ( Privacy Acts, ISO , etc)
• Interoperability required ? Yes
Security device or technology details :
Current IT infrastructure Disaster Recovery
Info Response
• Do you have DR Site ? Yes or No Yes
• If Yes ? Please answer below questions
•How Many applications data is replicated to DR In progress
•What is RTO and RPO of the applications 2 hours and 6 Hours
•What is current bandwidth used 4 Mbps
Current IT infrastructure Current issues
Info Response
• Any applications issues • Network and security issues • Storage, backup and Archival issues
Info Response
• Any New applications planned
• Any new initiatives
• Any other plans CCICI Need to know
Future Scale and roadmap