Products / K2 Outsourcing / Technology
K2 Outsourcing
PROVISION OF THE K2 IS OUTSOURCING SERVICE IN TERM OF TECHNOLOGY
HW Technology
A precondition for smooth implementation of the HW technologies is in particular creation of a stable and sufficiently efficient server environment in order to ensure operation of the database machine and corresponding client’s systems. When planning acquisition of the hardware equipment, it is necessary to take into account also subsequent cost connected with operation, administration and maintenance of the selected infrastructure. As an example of suitable solution from the IBM view which fulfils high requirements for stability, efficiency and total cost of ownership can serve IBM xSeries servers on the Intel platform as well as client stations NetVista. Our Company puts great stress on certification of experts responsible not only for the implementation of the IBM technologies at the client, but also for implementation of the operational environment for these servers.
The K2 IS Outsourcing service is provided on IBM xSeries server systems which were selected due to their reliability and high performance. Built-in facilities for full remote control concerning operation of these servers and monitoring relevant operating parameters are very important for the K2 Information System Outsourcing.
The IBM xSeries server systems support fully also operation of applications on which high demands are laid by the client, in particular with regard to the continuous operation. From the view of technical solution, they are perfect for gradual development of the Data Centre owing to the fact that they enable simple extension as well as increase in total performance by simple adding particular components. Therefore, high investment in short time period is not needed.
The K2 IS Outsourcing service is provided on IBM xSeries server systems which were selected due to their reliability and high performance. Built-in facilities for full remote control concerning operation of these servers and monitoring relevant operating parameters are very important for the K2 Information System Outsourcing.
The IBM xSeries server systems support fully also operation of applications on which high demands are laid by the client, in particular with regard to the continuous operation. From the view of technical solution, they are perfect for gradual development of the Data Centre owing to the fact that they enable simple extension as well as increase in total performance by simple adding particular components. Therefore, high investment in short time period is not needed.
K2 Data Centre
One of the foundation stones of the K2 IS Outsourcing is the Data Centre of the application provider (K2 atmitec – TISCALI) dimensioned to the substantially higher performance than one user can utilize. At the same time, maximum data security is ensured; data are stored in efficient disk arrays RAID and regularly backed-up on tape backup machines. Safeguarding against failure is ensured by systems of powerful air conditioning as well as back-up of supply network in the form of high-performance standby power supply units which can be replaced by diesel electric aggregate in case of another failure.
Furthermore, the K2 Data Centre is connected to the Supervisory Centre of the Company TISCALI where the server functions are monitored all day long 7 days in the week. In case of failure of any device, such failure is reported in several minutes to the responsible worker who starts immediately a process in order to correct this problem. In addition, all installed routers (both on Data Centre side and client’ side) are redundantly monitored by provider’s Supervision Centre and in case of router failure a corrective action is started in parallel. In case of failure of the central CISCO router and firewall, the service intervention and replacement of the equipment as a whole, if appropriate, are carried out within one hour after failure message at the latest. Such rapid response to the failure which occurred in the system hardware can be certainly regarded as one of the benefits resulting from outsourcing which would be otherwise possible to ensure only with high cost.
The time necessary for removal of a fault is minimized also in the case of software. It can be achieved by an intervention of trained consultant who is on duty for case of reported problems with the K2 IS, or by intervention of another consultant who has remote access to the Data Centre.
Both these advantages become evident when simultaneous failure of both software and hardware occurs. As the provider of the K2 IS Outsourcing service covers both these areas, it is not necessary for the client to coordinate large number of subcontractors and, thereby, both finance and time needed for removal of the problem are reduced.
Furthermore, the K2 Data Centre is connected to the Supervisory Centre of the Company TISCALI where the server functions are monitored all day long 7 days in the week. In case of failure of any device, such failure is reported in several minutes to the responsible worker who starts immediately a process in order to correct this problem. In addition, all installed routers (both on Data Centre side and client’ side) are redundantly monitored by provider’s Supervision Centre and in case of router failure a corrective action is started in parallel. In case of failure of the central CISCO router and firewall, the service intervention and replacement of the equipment as a whole, if appropriate, are carried out within one hour after failure message at the latest. Such rapid response to the failure which occurred in the system hardware can be certainly regarded as one of the benefits resulting from outsourcing which would be otherwise possible to ensure only with high cost.
The time necessary for removal of a fault is minimized also in the case of software. It can be achieved by an intervention of trained consultant who is on duty for case of reported problems with the K2 IS, or by intervention of another consultant who has remote access to the Data Centre.
Both these advantages become evident when simultaneous failure of both software and hardware occurs. As the provider of the K2 IS Outsourcing service covers both these areas, it is not necessary for the client to coordinate large number of subcontractors and, thereby, both finance and time needed for removal of the problem are reduced.
Access to The Data Centre
Access to the K2 Data Centre is based on the Cisco systems technology which makes possible to use communication by secured channel IPSec. Data are physically transmitted by high-speed central network of the Company Tiscali. Minimum capacity of the transmission channel on which this service can be provided is 64kbit/s and such channel enables for 3 up to 5 clients with simultaneous access to the application software to work.
In order to ensure faultless response to the registered system failure, the Data Centre is constantly monitored by two independent supervision centres and, furthermore, by the provider of the application software during the working hours. With application system outsourcing, Internet connectivity and, furthermore, optionally voice and image transfer services by means of data lines are provided automatically.
Virtual Private Network
Connection of individual company networks to the VPN network of the service provider is ensured by secured communication between the Cisco router and Cisco central router (firewall). Communication between these facilities is crypted by IPSec protocol ensuring high data protection from misuse by third person.
Furthermore, the central router ensures high data security with regard to the connected client from attacks coming from public IP network (Internet). Another firewall is located between the servers and the VPN itself, which significantly improves the security level. Thus, each branch office has access only to the services as defined by the firewall (in fact, security is ensured by means of several firewalls). These services mean information system with further provided applications, electronic mail, access to the web pages or other Internet services.
Minimum strong of block cipher is 3DES (length of 168 bits). This technology provides comparable encryption strength as single encrypting process with the key length of 112 bits. For the purpose of maximum data security, the ICA operation in the VPN tunnel can be further encrypted by RC5 cipher with the key length of 128 bits. In view of the nature of the transferred data, such security is more than sufficient. According to client’s wish, it is possible to use stronger encryption methods which are, however, more costly. In addition, the provider of the K2 IS Outsourcing service guarantees that the ciphering mechanism will be upgraded in compliance with the development in the area of decryption (for example, switch from 3DES to AES cipher with longer keys etc.).
For mobile access to the firm’s VPN network, it is possible to use client’s SW VPN delivered by the Company Cisco systems inc. as a software counterpart to its VPN products. For the purpose of authorization, two-level verification of identity and right of the user concerned is used. At the present time, the service provider develops the possibility to use firm’s PKI infrastructure with link to the memory tokens with certificate and information about the user.
Technology of The Access to Applications
For the access to the applications, terminal access is used; in another words, transfer of screens and changes thereto between the client’s station and the server on which the K2 IS is operated. This technology makes possible to minimize necessary band width of the data channel for one client. The purpose thereof is to enable on-line work in the K2 Information System and, at the same time, to minimize cost of data lines needed.
For the above-mentioned access, we have selected product of renowned producer of terminal products Citrix. By means of Citrix Metaframe XPe, the provider delivers an application to the client’s terminal. Furthermore, the access technology can make use of other advantages with regard to extension, e.g. Citrix NFuse or Citrix Secure Gateway. A concrete solution can be, to some extent, always adapted to client’s requirements in order to meet his/her requirements as concerns flexibility and, in particular, security of the access to the application centre.
In order to ensure faultless response to the registered system failure, the Data Centre is constantly monitored by two independent supervision centres and, furthermore, by the provider of the application software during the working hours. With application system outsourcing, Internet connectivity and, furthermore, optionally voice and image transfer services by means of data lines are provided automatically.
Virtual Private Network
Connection of individual company networks to the VPN network of the service provider is ensured by secured communication between the Cisco router and Cisco central router (firewall). Communication between these facilities is crypted by IPSec protocol ensuring high data protection from misuse by third person.
Furthermore, the central router ensures high data security with regard to the connected client from attacks coming from public IP network (Internet). Another firewall is located between the servers and the VPN itself, which significantly improves the security level. Thus, each branch office has access only to the services as defined by the firewall (in fact, security is ensured by means of several firewalls). These services mean information system with further provided applications, electronic mail, access to the web pages or other Internet services.
Minimum strong of block cipher is 3DES (length of 168 bits). This technology provides comparable encryption strength as single encrypting process with the key length of 112 bits. For the purpose of maximum data security, the ICA operation in the VPN tunnel can be further encrypted by RC5 cipher with the key length of 128 bits. In view of the nature of the transferred data, such security is more than sufficient. According to client’s wish, it is possible to use stronger encryption methods which are, however, more costly. In addition, the provider of the K2 IS Outsourcing service guarantees that the ciphering mechanism will be upgraded in compliance with the development in the area of decryption (for example, switch from 3DES to AES cipher with longer keys etc.).
For mobile access to the firm’s VPN network, it is possible to use client’s SW VPN delivered by the Company Cisco systems inc. as a software counterpart to its VPN products. For the purpose of authorization, two-level verification of identity and right of the user concerned is used. At the present time, the service provider develops the possibility to use firm’s PKI infrastructure with link to the memory tokens with certificate and information about the user.
Technology of The Access to Applications
For the access to the applications, terminal access is used; in another words, transfer of screens and changes thereto between the client’s station and the server on which the K2 IS is operated. This technology makes possible to minimize necessary band width of the data channel for one client. The purpose thereof is to enable on-line work in the K2 Information System and, at the same time, to minimize cost of data lines needed.
For the above-mentioned access, we have selected product of renowned producer of terminal products Citrix. By means of Citrix Metaframe XPe, the provider delivers an application to the client’s terminal. Furthermore, the access technology can make use of other advantages with regard to extension, e.g. Citrix NFuse or Citrix Secure Gateway. A concrete solution can be, to some extent, always adapted to client’s requirements in order to meet his/her requirements as concerns flexibility and, in particular, security of the access to the application centre.
TOP