State of Arizona

Target Network Architecture

 Information Technology (IT) Technical Document

“A Networking Framework for e-Government Solutions”

Revision 2.0

October 17, 2003

Prepared by

 

Government Information Technology Agency

Chris Cummiskey, Director

100 North 15th Ave, Suite 440

Phoenix, Arizona 85007

 

Revision

Effective Date

Summary of Changes

NC

01/10/2002

Initial release

 

1.0

05/06/2003

Revision 1.0 release

 

2.0

10/17/2003

Revision 2.0 release

1. Introduction. Revised text to be consistent with newer domain documents. Added a graphic, references to applicable policies and standards, and footnote containing link to Enterprise Architecture Trends document.  Expanded EWTA Domains graphic to be consistent with the one on the EA website.

 

4. Target Network Architecture. Updated the recommended implementation approach to clarify that the implementation of Target Network Architecture is the responsibility of each Agency and, when undertaken, shall be in accordance with Statewide Policy P700, Enterprise Architecture, and Statewide Policy P340, Project Investment Justification (PIJ).

 

Removed implementation information relative to the roles and responsibilities for incorporation of the recommended principles, standards, and best practices into statewide IT contracts.  The alignment of EWTA standards and best practices with statewide and agency IT contracts is presented in the Framework and Strategies document and Statewide Policy P700, Enterprise Architecture, to consistently address all EWTA domains.

 

Replaced Network Architecture Table with Target Technology Table encompassing all EWTA domains, available at http://www.azgita.gov/enterprise_architecture/AZ_EA_Target_Technology_Table.htm.

 

5. Network Architecture Standards. Incorporated all Recommended Standards into the current, published version of Statewide Standard P710- S710, Network Infrastructure, available at http://www.azgita.gov/policies_standards.

 

6. Network Architecture Purpose. Removed the description of Enterprise Architecture Strategic Alignment with FY2002-03 State IT Plan. It is available at: http://www.azgita.gov/enterprise_architecture/.

 

8. Network Architecture Recommended Best Practices. Updated section to reflect the incorporation of certain Best Practices into Statewide Standard P710- S710, Network Infrastructure.  Added several new recommended best practices.

 

9. Network Architecture Technology Trends. Removed entire section since reference to the location of the document it referenced has been added to the footnote in Section 1, Introduction.

 

Appendix A. OSI Reference Model. Removed. Content has been replaced by the Target Technology Table, available at http://www.azgita.gov/enterprise_architecture/AZ_EA_Target_Technology_Table.htm.

 

Appendix B. Agency Network Architecture “As-Is.” Removed. High-level and detailed network/system diagrams are maintained and collected in accordance with Statewide Standard P800-S815, Configuration Management.

 

Appendix C. Internet Protocol Services Version Summary. Removed. IPv6 has been ratified as an industry standard and incorporated into Statewide Standard P700-S710, Network Infrastructure.

 

TABLE OF CONTENTS

1.    introduction.. 1

2.    Network Architecture Vision.. 2

3.    NETwork Architecture DEFINITION.. 2

4.    target network architecture.. 2

5.    Network Architecture Standards.. 3

6.    Network Architecture PURPOSE.. 4

7.    Network Architecture GENERAL Principles.. 5

8.    Network Architecture recommended Best Practices.. 7

 

 

The State of Arizona’s Enterprise Architecture (EA) describes a comprehensive framework for information technology (IT)[1] and business that supports the Arizona State government strategic plan. EA facilitates the application of information technology to business initiatives and objectives and subsequent change in an orderly, efficient manner by describing a direction for current and future activities, supported by underlying principles, standards, and best practices.

 

EA effectively supports and enhances the business of government and improves the ability to deliver responsive, cost-effective government functions and services. Effective utilization of technology to achieve business functions and services, increasing citizen access to those services, sharing information and resources at all levels of government, and maximizing IT resources investment are major motivating factors for the development and implementation of EA.

The implementation of EA presents opportunities for State agencies to interoperate together to deliver a higher level of courteous, efficient, responsive, and cost-effective service to the citizen owners and employees of State government. Individually, each State agency can independently implement EA components that are interoperable, however, e-government initiatives, economies of scale, consolidation, and cross-agency savings may best be realized not just through interoperability, but also by working together in partnership and sharing.

 

EA includes important business, governance, and technical components. The technical components, collectively referred to as Enterprise Wide Technical Architecture (EWTA), provide technical guidance to State agencies. That guidance is supported by principles correlated to agency business functions, recommended standards, applicable recommended best practices, and technology trends[2]. Each component, or domain, of the EWTA is a separate but interrelated, architectural discipline. EA is the glue that integrates each of these technical disciplines into a cohesive framework having the potential to transform government by improving service delivery, reducing costs, simplifying and streamlining requirements and services, and increasing efficiency and effectiveness.

EA applies to all agencies. The agency director, working in conjunction with the agency CIO, is responsible for ensuring the implementation of EA within the agency’s “sphere of influence,” as designated by statute or rule. The EA Target Domain Architecture documents define an overall strategy and technical framework; however, by design, the capital planning, process approach and timeframes for transition, project management, and investment control for the implementation of the target architectures are the responsibility of the agency[3]. Implementing EA requires significant capital investments. Arizona, like most states, does not have unlimited capital to invest in implementing EA, therefore, migrating to EA within available budgets is the only viable method.

The State of Arizona’s Network Architecture delineates a reliable, scalable, resilient set of agency infrastructures that economically support the State’s business functions in an efficient and effective manner. Network Architecture describes a network infrastructure that supports converged services, as well as accommodating traditional data, voice, and video services, providing the framework and foundation to enable budget unit business processes, new business opportunities, and new methods for delivering service.

3.     NETwork Architecture DEFINITION

Network Architecture defines common, industry-wide, open-standards-based, secure, interoperable network infrastructures providing reliable and ubiquitous communication for the State's distributed information processing environment. It defines various technologies required to enable connections between the State and its citizens, businesses, political sub-divisions and the federal government.

Target Network Architecture is the foundational element of Arizona’s EWTA that defines the secure, interoperable, wired and wireless infrastructure which data, voice, and video must traverse to support homeland security, complete an electronic government service transaction or inquiry, deliver an email message, connect citizen-to-government telephone calls, provide media-rich information streams, etc. Like the electric power grid, Target Network Architecture encompasses public and private networks to build a virtual/physical grid that transparently provides secure accessibility and connectivity to IT resources supporting government services, regardless of location. Target Network Architecture provides the foundation through which the State can securely connect and share data/information and computing resources that may be both centrally available and fundamentally disaggregated and distributed. Considering the wide variety and types of service as well as geographically-independent locations that the network infrastructure must accommodate and the business requirements for efficiency and effectiveness to meet the ever increasing demands from citizens and business on State government, it is essential that the Target Network Architecture is defined based on industry best practices, technology trends, and supported by pervasive, industry-wide, open standards. As such, the development of Target Network Architecture addresses all relevant criteria on a broad scale, rather than as part of the deployment of an individual application or service. Consequently, the recommendations and decisions that are made during the development process may limit or eliminate certain options for future network components or services.

 

Arizona’s Target Network Architecture is supported by principles correlated to agency business functions, recommended standards, applicable recommended best practices, and technology trends. The principles and recommended standards contained in this document are codified in Statewide Policy P710, Network Architecture, and Statewide Standard P710-S710, Network Infrastructure, respectively. Policies and standards generated as part of EA are subject to the review, approval, and refresh/renewal procedures outlined in Statewide Policy P105, Policies, Standards, and Procedures (PSP) Policy.

 

The agency director, working in conjunction with the agency CIO, is responsible for ensuring the implementation of Target Network Architecture within the agency’s “sphere of influence,” as designated by statute or rule. The Target Network Architecture document defines an overall strategy and technical framework that is codified in Statewide Policy P710, Network Architecture, and Statewide Standard P710-S710, Network Infrastructure; however, by design, the capital planning, process approach and timeframes for transition, project management, and investment control for the implementation of the target architectures are the responsibility of the agency. Implementation strategies and conformance of IT investments and projects with EA is described in Statewide Policy P700, Enterprise Architecture, and Arizona’s Enterprise Architecture Framework and Strategies document.

 

Rather than present individual target domain tables that potentially could overlap or become outdated as other domains and associated statewide policies and standards are reviewed and updated, the technical components of the Target Network Architecture are summarily presented relative to the OSI 7498-1 Network Reference Model in a composite, integrated domain table, consolidated from the individual EWTA domains, referred to as the Target Technology Table and available at http://www.azgita.gov/enterprise_architecture/.

 

The development of the Target Network Architecture is a collaborative process to allow all agencies to participate so that their current investment in certain products and services can be maximized while also developing a transition plan[4] to allow obsolete or non-conforming elements to be phased out. Maximizing the investment and transitioning these elements should not be seen as mutually exclusive activities, since both are in the best interest of agencies and the State enterprise.

 

The development of the Target Network Architecture is also a continuous process[5], which is critically important in an environment where funding to implement may not be immediately available. The ongoing process provides the opportunity to continually refine the Target Network Architecture to keep it aligned with business strategies and requirements, emerging standards, and changing technology.

Network Architecture Standards are established to coordinate agency and State designs and secure[6] implementations of network infrastructure that support converged services, while accommodating traditional data, voice, and video services. The goal is to employ only open systems based on common, proven, and pervasive industry-wide, approved, open standards; however, a full complement of open standards does not yet exist for all components of network infrastructure. Therefore, combinations of open standards, de facto industry standards, and mutually agreed upon product standards are currently required to support the State's heterogeneous operating environment.

 

The Network Architecture Standards contained in previous revisions of this document have been codified in Statewide Standard P700-S710, Network Infrastructure, and related statewide security standards.

 

Budget unit compliance with Statewide Standard P700-S710, Network Infrastructure, shall be in accordance with Statewide Policy P700, Enterprise Architecture.

 

Network Architecture Standards contained in Statewide Standard P700-S710, Network Infrastructure, are reviewed, updated, and approved in accordance with Statewide Policy P105, Policies, Standards, and Procedures (PSP) Policy.

 

All Statewide Policies, Standards, and Procedures referenced in this document are available at http://www.azgita.gov/policies_standards/.

Network Architecture specifies how information-processing resources are interconnected and documents the standards for topology (design of how devices are connected together), transport media (physical medium or wireless assignments), and protocols (for network access and support for converged services communication).

 

Network Architecture components of topology include the following:

 

Ø      Local Area Networks (LAN) consist of communications systems of multiple interconnected workstations, peripherals, data terminals, or other devices confined to a limited geographic area consisting of a single building or a small cluster of buildings.

Ø      Campus Infrastructure consists of communication systems between groups of buildings within a larger geographic area. Campus Infrastructure typically interconnects disparate groups of interest for information sharing and interoperability using private facilities or public carrier communication facilities.

Ø      Wide Area Networks (WAN) and Metropolitan Area Networks (MAN) are communications systems that span a very large geographical area. WANs and MANs interconnect distributed branch facilities of agencies and also may function as aggregation mechanisms for disparate agencies with common communication requirements. WANs and MANs typically use public carrier communication facilities.

 

Network Architecture components of transport media include: wire-based, which uses physical media (copper, fiber) to connect between two or more points, and wireless (mobile, voice/data, microwave, and satellite).

 

Network Architecture protocols address the set of rules for providing network access and communication support for converged services and include SONET, Frame Relay/ATM, and Ethernet at the lower communication protocol layers, TCP/IP, and IPSec at the upper layers.

 

Target Network Architecture aligns with and facilitates the strategic goals of the State and agency IT plans[7] and supports the business and program priorities of State government. EA is a strategic initiative of the current State IT Plan and is interwoven with the Governor’s objectives for the State.

 

Technology investments in Network Architecture must provide measurable improvements to public service and facilitate the Governor’s goals for the State. The Network Architecture must enable the development of software application systems that make State information and programs more accessible to the people of Arizona.

 

Network Architecture must enable new software applications to be developed more rapidly and modified more easily as business requirements change. New software application systems must be developed to accommodate rapid rates of change in the business and technical environments.

The importance of secure, network architecture continues to increase as State government seeks to adopt an e-Government model for service delivery and internal efficiency and effectiveness. Network Architecture Principles are established to guide the planning, design, and selection of network technology and services and are incorporated into Statewide Policy P710, Network Architecture.

 

Principle 1

Networks provide the infrastructure to support agency business and administrative processes.

 

Rationale:

Ø      Networks enable access to a wide spectrum of information, applications, and resources, regardless of the method of delivery or the location of the customer.

Ø      Networks must accommodate new and expanding applications, different types of data (e.g., voice, data, image, and video), and a variety of concurrent users.

Ø      Information must pass across the network in a timely manner so that business decisions can be based on up-to-date information.

Ø      Networks that both support agencies and provide statewide access to information and resources best serve stakeholders’ interests.

 

Principle 2

Networks must be operational, reliable, and available (24x7x365) for essential business processes and mission-critical business operations.

 

Rationale:

Ø      Networks provide the delivery and execution of agency business functions and processes.

Ø      Networks consist of and rely on many interrelated and often highly complex components distributed across a wide geographic area.

Ø      Reliability, redundancy, and fault tolerance must be built-in, not added on, to ensure that any single point of failure does not have severe adverse effects on business applications or services.

 

Principle 3

Networks must be designed for growth, flexibility, and adaptability.

 

Rationale:

Ø      Changing business processes and requirements drive application and network architecture.

Ø      Scalable, flexible, and adaptive networks facilitate the delivery of applications resulting from changing business requirements.

Ø      As new processes are developed and new information becomes available, networks must scale to allow for increased demand.

 

Principle 4

Networks must use industry-proven, mainstream technologies based on industry-wide, open standards, and open architecture.

 

Rationale:

Ø      All networks must interoperate to reduce communication and integration complexity.

Ø      All networks must provide for the sharing of information across the State enterprise and agency boundaries.

Ø      All networks must be based on vendor-neutral protocols that provide for Open Systems Interconnection (OSI) as identified by the International Standards Organization (ISO).

Ø      Industry-wide, open standards and architecture provide for the consistent deployment, management, and expansion of networks to allow agencies to respond more quickly to changing business requirements.

Ø      Network Architecture based on industry-wide, open standards guide the appropriate technology standards while still enabling old and new systems to work together.

Ø      Industry-wide, open standards allow agencies to choose from a variety of sources and select the most cost-effective and efficient network solutions without adversely impacting applications.

 

Principle 5

Networks must be designed with confidentiality and security of data as a high priority.

 

Rationale:

Ø      Agency operations, data, and applications are valuable assets that support business functions.

Ø      Networks are the delivery mechanism for State and agency information and services.

Ø      Networks must be implemented with adherence to security, confidentiality, and privacy policies as well as applicable statutes, to protect information from unauthorized access and use.

Ø      Network Architecture must increase access to information and services for both citizens and government employees, while protecting privacy and fostering openness in government.

Ø      Network Architecture must enable easier access and more widely available information, while still protecting individual rights of privacy.

 

Principle 6

Network access must be a function of authentication and authorization, not of location.

 

Rationale:

Ø      Access to information, applications, and system resources must be available in a timely and efficient manner to appropriate requesters.

Ø      Access to information, applications, and system resources must be available from a variety of public and private networks, as well as from the Internet.

Ø      Authentication and authorization of users must be performed according to the security rules of the State and the agency.

 

Principle 7

Networks should be designed to support converged services while accommodating traditional data, voice, and video services and to be “application aware” in the delivery of business-critical application systems.

 

Rationale:

Ø      Networks are the distribution mechanism for State and agency applications that deliver agency business functions.

Ø      Network Architecture must support the use of information technology to continually improve government efficiency and effectiveness.

Ø      Network Architecture provides the ability to seamlessly deploy business-critical application systems alongside other, more bandwidth-intensive applications such as multimedia, voice, and web-based Intranet applications.

Ø      To deliver service, networks must recognize, classify, prioritize, and protect business-critical applications while still enabling bandwidth-intensive and delay-sensitive multimedia and voice applications.

Best Practices are approaches that have consistently been demonstrated by diverse organizations to achieve similar high-level results, which, in the case of architecture, means demonstrating the principles.

 

Recommended Best Practice 1

When industry standards do not yet exist, use interim, common, proven, and pervasive product-based standards for networks.

 

Rationale:

Ø      Use product-based, interim standards that are common, proven, and pervasive to simplify the process of developing and managing networks.

Ø      Comprehensive industry standards have not been established for all the components of WAN design and implementation. Product-based standards can provide interim guidelines for the development, deployment, and management of WAN technology.

Ø      The cooperative, collaborative, and geometric nature of networks mandates that standards be used in order to build a cohesive environment.

 

Recommended Best Practice 2

Network planning must be an integral part of application design and development; it must be continually reviewed in production.

 

Rationale:

Ø      Network planning ensures that network capacity, availability, and performance are well integrated with applications design/acquisition and rollout. From the application analysis stage through the design/acquisition stage, agencies should review application bandwidth requirements, real-time data flow needs, and expected system capacity changes from other sources.

Ø      Network planning ensures documentation and standard practices are followed.

Ø      Network planning ensures that any changes in business volume, staffing levels, applications, or facilities (e.g., relocation, construction, or renovations) are addressed.

 

Recommended Best Practice 3

Design network-neutral applications.

 

Rationale:

Ø      Application code should be isolated from the network-specific code so business rules and data access code can be deployed without regard to the type of network (i.e. WAN or LAN) or redeployed on a different platform, as necessary.

Ø      Network-neutral applications allow networks to remain scalable and portable.

 

Recommended Best Practice 4

Consider the impact of middleware and data movement on network utilization and performance.

 

Rationale:

Ø      Perform transactions locally between the resource manager and the queue to minimize network traffic.

Ø      Use asynchronous, store-and-forward messaging to limit the scope of transactions and network requirements between remote sites.

Ø      Use push technology, rather than client polling, to balance server and network link loading.

Ø      Use multicast, rather than broadcast transmission, to distribute messages to multiple points.

 

Recommended Best Practice 5

Encourage Agencies to agree on the use of a common, automated tool for network design and documentation.

 

Rationale:

Ø      Use of a common, automated tool ensures documentation and standard practices are followed.

Ø      A common, automated tool allows for cross-agency analysis and promotes opportunities for sharing and consolidation.

 

Recommended Best Practice 6

Establish a central authority to administer and coordinate “private” and “public” registered IP addresses for all budget units.

 

Rationale:

Ø      Central administration and coordination of “private” addresses will avoid collision issues with overlapping networks as a potential result of multiple agencies having LANs within a facility or campus sharing common, internal connection points and utilizing “private” addresses in accordance with Statewide Standard P710-S710, Network Infrastructure.

Ø      Agencies should record all existing “private” and “public” registered IP addresses with the central authority and coordinate all new “private” and “public” registered IP addresses with the central authority.

 

Recommended Best Practice 7

Competitively acquire, consolidate, and aggregate public transport media (carrier services) to reduce costs as well as eliminate duplication and redundancies.

 

Rationale:

Ø      The telecommunications field is an open, competitive market in which many companies provide varying types of carrier services.

Ø      Existing Statewide Carrier Services contracts are awarded to multiple, qualified service providers competing for State telecommunications business based on Service Level Agreements (SLAs) to insure vendor performance. Carrier service types are based on industry standards that provide for interoperability between service providers. With consideration to geographic areas within the State, multiple, qualified vendors provide service types supported by contract-standard SLAs. Fostering competition among awarded vendors encourages better services at lower prices

Ø      Consolidation and aggregation of carrier services reduces costs and eliminates unnecessary duplication and redundancies in telecommunication services.

Ø      Establishing common, “meet-me” points for public transport media (carrier services), wherever feasible, increases the potential for competitive carrier services by eliminating the requirement for local loop and entrance cables to specific facilities.

 


[1] Terminology used throughout this document is defined in the GITA Policies, Standards, and Procedures (PSP) and Enterprise Architecture (EA) Glossary of Terms available at: http://www.azgita.gov/policies_standards/glossary.htm.

[2] Trends, economic, governmental, and technical, that impact and influence EA are available at http://www.azgita.gov/enterprise_architecture/.

[3] The IT Project implementation process is described in Statewide Policy P340, Project Investment Justification (PIJ).

[4] Transition plans and the implementation of Target Network Architecture are addressed in Statewide Policy P700, Enterprise Architecture.

[5] The Enterprise Architecture lifecycle process is defined in Framework and Strategies and Statewide Policy P700, Enterprise Architecture.

[7] The Arizona IT Strategic Plan is available at http://www.azgita.gov/tech_news/GITA_brochure.htm. Individual Agency IT Plans are available at http://www.azgita.gov/planning_inventory. Alignment of the initial EA domain documents to the FY2002-03 State IT Plan is available at: http://www.azgita.gov/enterprise_architecture/NEW/Architecure_Strategies_Framework/strategic_alignment.htm.