Appendix I
CURRENT ENVIRONMENT
REQUEST FOR QUOTE (RFQ)
For
Commonwealth of Pennsylvania
Office of Administration (OA)
Office for Information Technology (OIT)
Telecommunications Advisory Services
6100034914
Scope
This document provides for a high-level understanding of the Commonwealth’s current enterprise telecommunications environment.
Overview
The Commonwealth of Pennsylvania, in partnership with its current service provider, successfully completed a project to combine multiple telecommunications contracts into a single agreement. This current agreement encompasses a suite of voice, data, and security services and meets a majority of the Commonwealth’s telecommunications needs.
This partnership began in 2009 with a contract awarded to MCI WorldCom (DBA Verizon Business) (“Verizon”). This agreement is scheduled to expire in October 2016 and contains renewal options which may be exercised by the Commonwealth.
The following provides an overview of the services and the associated technologies in the Commonwealth’s current environment:
Data Communications Services
These services include, but are not be limited to:
» Verizon PIP (MPLS based Private IP Networking)
» Metro Ethernet
» Point-to-point
» Enterprise Internet
» Broadband Internet
» Wireless LAN
» Premise wiring
» Metro Fiber
Security Services
Enterprise Security services protect the Commonwealth’s network and network accessible resources from unauthorized access, provide intrusion detection and prevention, and alerting. In addition, the services ensure secure remote access for Commonwealth internal users as well as Commonwealth business partners.
These services include, but are not be limited to:
» Firewalls
» Intrusion Detection Systems (IDS)
» Intrusion Prevention Systems (IPS)
» Proxy services
» Internet content filtering and load balancing
» Remote Access Services (RAS)
» Virtual Private Network (VPN)
» 24/7 Security Operations Center (SOC)
» Access Control Lists (ACLs)
» Authentication (Two factor – Active Directory)
Voice Communications Services
The Commonwealth’s voice services environment includes standard and specialized voice products and services. These products facilitate day-to-day business communications, operations and collaborative productivity.
These services include, but are not limited to:
» VoIP (PennConnect)
» Desktop/Outlook Integration
» Web Collaboration (PennConnect)
» Voice messaging and Auto Attendant services (PennConnect)
» Call Center (IPT/Unify, VCC)
» Local Service (local dial tone)
» Long Distance (switched and dedicated)
» Inbound toll free service (switched and dedicated)
» Audio Conferencing
» Miscellaneous Telephone Equipment (PBX and Key systems) (minimal)
» Premise wiring
Managed Network Services and Managed Security Services
Verizon as part of the current agreement includes 24x7x365 managed WAN, LAN, and managed security services for agencies. Managed WAN and LAN services are offered in tiered service options based on desired service levels. Verizon also offers bundled managed security services to agencies in either a fully managed or co-managed environment. Co-managed allows the agency to maintain responsibility for their own firewall and/or IPS policy.
IT Service Management (ITSM)
In 2013, ServiceNow was selected as the ITSM SaaS solution for the Commonwealth. All future vendors are required to integrate with the Commonwealth’s ServiceNow instance; however, this is not in place today with Verizon.
The following describes several tools in use today as it pertains to the current contract:
·for ordering, billing, and inventory management, Verizon was granted access to the Commonwealth’s Enterprise Services Management System (ESMS). In conjunction with ESMS, the Commonwealth uses SAP as its enterprise wide accounting system. ESMS complies with the established SAP account code structure and the rules for validation of account code information to ensure accurate billing mechanisms are in place.
·for change management, Verizon was granted access to the Commonwealth’s ServiceNow instance and is required to participate in all Change Management activities.
·for incident management, the Verizon Remedy system is used to handle all proactive Incident Management activities. For reactive incidents, the Commonwealth calls the Verizon-CoPA Service Desk (VCSD) for new ticket creation and status.
Technical Summary
The information presented below is documented to provide a high-level hierarchal view and understanding of the Commonwealth’s current network infrastructure and security architecture.
Data Infrastructure
Verizon transitioned the Commonwealth of Pennsylvania and its agencies from a legacy ATM Access network to Verizon’s Private IP (PIP) MPLS-based network. Access to Verizon’s PIP network is achieved using multiple Ethernet access switches deployed throughout Pennsylvania.
Verizon utilizes two of the seven nodes of the COPANET (Commonwealth owned) infrastructure to transport the majority of traffic destined for the Internet across multiple Full GigE Ethernet circuits to redundant Provider Edge Routers. COPANET is managed and maintained by Verizon.
High bandwidth locations such as data centers and agency core locations are directly connected to COPANET or to the PIP network via Ethernet. Virtual Private Networks (VPNs) are used to separate each agency network, the Enterprise Business Partner (BP) network, and the Enterprise DMZ.
Summary Count of Circuits – Total 3385
· Ethernet Access Circuits - 234
· 128K to Bundled DS1 Access Circuits – 2913
· Other Circuits (Pt to Pt, Ethernet Out of State, etc.) - 238
Enterprise Internet Access
Commonwealth agencies access the Internet (public IP) from COPANET across the PIP network through two geographically diverse Internet hub locations. Internet hub locations currently house redundant high availability security services at both locations.
Each hub site consists of two (2) redundant Gigabit Ethernet connections capable of supporting 100% of traffic on a single link. Each hub location utilizes a different Internet Service Provider, ISP for carrier redundancy.
Enterprise Security Services
The Commonwealth’s Enterprise perimeter security services are outsourced to Verizon. The Commonwealth, however, maintains responsibility for firewall rule base administration and IDP tuning requirements based on Commonwealth policies.
All Security infrastructure provided and fully managed by Verizon is housed in both Internet hub locations.
Firewall Solution
A co-managed Enterprise Firewall System is installed at each of these hub locations and secures the Commonwealth’s perimeter environment from the Internet and provides flexibility in connectivity options and business needs. The Commonwealth owns the Security Policy with Verizon managing the hardware.
IDP/IPS Solution
A fully managed Intrusion Prevention System is installed at each of these hub locations and provides stateful protection from the network and higher layer vulnerabilities such as worms, trojans, spyware, key loggers and some malware from either entering or exiting and propagating through the Commonwealth network. The Commonwealth owns the Policy and Verizon implements on the Commonwealth’s behalf.
Web Content Filtering Solution
A fully managed Web Content Filtering solution is installed at each of these hub locations and contains the most current Commonwealth approved web content filtering policy.
Remote Access Solution
A fully managed SSL-based remote access solution with redundant VPN devices is installed at each of these hub locations. Verizon provides a VPN front-end application, Enterprise Connect, as part of Verizon’s cloud-based Enterprise Mobility as a Service (EMaaS) remote access management platform. EMaaS provides a single interface for all device connectivity types (wireless, wired, broadband, and dial) as well as optional security features such as firewall/anti-virus host checking that are applied on a group basis.
24/7 Security Operations Center
Verizon provides 24x7x365 monitoring and event response/support for firewalls, IPSs, Web Content Filtering and Remote Access. This includes rapid response and reporting to the Commonwealth from the Verizon Security Operations Center (SOC) regarding security intrusions/events or security system health issues with strict adherence to well documented Policy and Procedure Manuals (PPMs).
Voice Services
The Commonwealth’s current voice services environment varies by agency and location. It is based on station count and individual business need. Where determined to be cost beneficial the Commonwealth has invested in Verizon’s VoIP Enterprise IPT Solution (PennConnect).
PennConnect
The IPT platform consists of two Unify OpenScape Voice (OSV) platforms, located in two of the COPANET locations in Harrisburg.
Each platform consists of two geographically diverse nodes, each serving roughly half of the 41,000 subscribers spread across the Commonwealth:
· Each node serves as the primary call processing unit for that location;
· The secondary node is backup to the primary node
· PSTN access is provided by Verizon’s Session Initiation Protocol (SIP) based IP Trunking service
· Additional redundancy is provided with outbound calling redundancy over voice PRIs for critical sites
A Common VOIP VRF (COPA_OA_VOIP) carries all of the hard phone VOIP signaling and media (speech) traffic. Where soft phone applications on the PC’s are deployed, traffic is handled by the session border controller (SBC) which directs the VOIP traffic from the Agency WAN VRF to the common VOIP VRF.
A suite of Unified Communications tools are integrated within the platform through Outlook email client plug-ins, web access, and smartphone applications. These UC tools include:
· Web collaboration with desktop sharing
· Voice and video bridging capability with capacity of 300+ participants
· Instant messaging
· Click to call functionality within Outlook
· One number service, call forwarding with calendar integration and rule setting capability
· Active call handoff between devices
· Voicemail integration with MS Exchange
· User defined hunt and pickup groups (managed Device Lists and Team View)
Automated Call Distribution Systems
OpenScape Contact Center is the primary Contact Center solution for the major call centers within the Commonwealth. Three tenants with 1500+ seats reside on two redundant platforms. These platforms are deployed in a similar manner to the PennConnect IPT VoIP infrastructure and utilize the IPT Platform for agent dial tone. The system is front ended by a Genesys IVR platform for tenements that encounter sudden increases in call volumes as well as an outbound dialing system.
The remaining 94 small and medium contact centers are serviced by a cloud based ACD and Virtual Contact Center. With approximately 2000 seats deployed across these ninety-four contact centers, all local/toll free voice, email, and instant messaging interactions are handled for both internal and public facing service centers.
Several, user-configurable, auto attendant platforms are also in use across the Commonwealth for simple call routing and distribution.
Toll Free Services
780+ switched, dedicated and IPT toll free numbers are currently in service. These dialed destinations are provisioned with advanced call allocator routing capabilities and management tool sets. This allows for on the fly and immediate configuration by Commonwealth administrators to meet any calling pattern need or situation.
Centrex/Analog/PBX Services
Many, non-IPT sites are served by over 28,000 Centrex/analog lines crossing multiple LECs throughout Pennsylvania. Many of these sites have PBX or key systems in service.
High Level Diagram
- 2 -