Protech's expertise in network administration, infrastructure, firewalls and connectivity services is illustrated by the case study detailed below.
| Infrastructure and Connectivity |
 |
Protech currently maintains OCSE Arkansas's infrastructure, which has around 30 field offices, dispersed across the State. These offices are connected by a series of interconnected LANs, composing the switched network and providing statewide communications between the OCSE IS office and various field offices.
The OCSE LAN network is a switched network with multiple Virtual Local Area Networks (VLANs). Protech network staff maintain a variety of communication resources for supporting LAN and Wide Area Networks (WANs). Furthermore, we use multi-layer switches and series switches to support the OCSE network.
Protech is responsible for maintaining production servers running a variety of services to cater to the needs of OCSE day-to-day operations. In addition to the production servers, Protech maintains test and staging servers for testing different applications prior to moving into production.
All production servers are hosted on a separate VLAN based on their function. Every request to the servers must pass through the access controls and audits set by the Protech system administrators. Different system administration teams handle system maintenance and security relevant functions for smooth operations of OCSE thereby providing 99.9% uptime at all times. Protech Solutions network administration team handles installation, maintenance, and monitor all network equipment, which includes switches, routers, firewalls, intrusion detection, and LAN/WAN connections. They are responsible for running security checks on the OCSE network. Also, the network administration team uses Cisco software to monitor all the configuration changes of the network equipment.
Protech systems administrators install and maintain services such as domain controllers, MS Exchange 2000, MS SQL 2000 Databases, Microsoft Proxy Server, file and print services, DNS, DHCP, FTP installed on the Windows 2000 servers. The administrators also build, maintain, and monitor all Intranet Web servers and are responsible for checking the validity of the code on the Web servers and insuring user access to the Web applications.
In addition to production server maintenance, Protech network team also handles 1200+ desktops spread across all field offices. Desktop support includes install and support Windows 2000 operating systems, all desktop related software, and custom built in-house applications. They are responsible to install virus software and patches on the workstations.
At OCSE IS center, Protech deployed a firewall with fail over capabilities as the perimeter firewall for security, which isolated its LAN from other networks. The firewall is configured to allow traffic to and from OCSE field offices. Protech established a Demilitarized Zone (DMZ) network for authorized agencies to access OCSE Web services.
Protech deployed an intrusion detection system between the firewall and the LAN to capture all inbound/outbound traffic and alert network personnel of any intrusions based on a set of predefined rules. Email traffic is screened for content at the mail server using content filters before being allowed into the LAN. Access to WWW and FTP is allowed through Microsoft Proxy server, which screens all traffic and maintains a log of each user's time on the Internet. Protech setup an SNA server for connecting to the mainframe using Extra which is terminal emulation software for connecting to mainframe. All production data is backed up onto tapes every evening using Veritas backup software. OCSE information systems use normal backup methods to backup all of federal data. All tapes containing production data are stored in a bank locker for safekeeping.
| Remote Access through Virtual Private Networks (VPN) |
|
Any connections between the OCSE firewall and other public networks will use encrypted Virtual Private Networks (VPNs) to ensure the privacy and integrity of the data passing over the public network. Protech's network team must approve all VPN connections. All connections between clients to services or applications located behind the firewall within OCSE's trusted network, that are over distrusted public networks, use encrypted VPNs to ensure the privacy and integrity of the data passing over the public network.
| Field Offices |
|
A typical OCSE field office has a router placed at the perimeter with an access-list to allow traffic only to and from the OCSE information systems, thus acting as a firewall. Within each field office, Protech network personnel maintain a file and print server for users, a Dynamic Host Configuration Protocol (DHCP) server for effective IP address management for the desktop machines, and switches to provide network connectivity back to the OCSE IS center.
| Additional Responsibilities |
|
Protech is responsible for providing consulting, design, and programming services to maintain the OCSE system. Protech's network team provides recommendations to OCSE in purchasing, obtaining, installing, programming, and maintaining necessary hardware (personal computers, printers, modems, and other peripherals) and software to inquire for updating and maintaining the current OCSE computer system.
In addition to the above, Protech has implemented internal projects involving SUN Solaris 8.0 and 9.0 Servers running on Intel platforms.
|
