Presentation on theme: "1 DEDS Migration CPS IT Industry Meeting - 28.01.2010 Revised for follow-up call -11.02.2010."— Presentation transcript:
1 DEDS Migration CPS IT Industry Meeting Revised for follow-up call
2 Contents Introduction to DEDS. Need for Change. CPS Gateway - DEDS – CPSO Existing Architecture. CPS Gateway - DEDS – CPSO Proposed Architecture. Rationale for using FTPS How does FTPS works. What CPSOs have to do. Benefits of migration. Migration plans.
3 Introduction to DEDS CPS Operators communicate to CPS Gateway server via DEDS (Data Exchange Distribution System), which is in DMZ, providing FTP communication via VPN/ISDN between BT and CPSOs. DEDS acts as a post box. CPSOs push files to DEDS for delivery to CPSG. CPSG pushes files to DEDS for further delivery to CPSOs.
4 Need for Change ISDN access to DEDS is slow due to limited bandwidth. Being older technology, ISDN setup is difficult and costly to maintain in terms of availability of equipment and skills to maintain them. VPN access is limited by availability of VPN ports on BT firewall. Ports are almost exhausted. Existing DEDS hardware has scalability limitations. Failover capability is limited and slow on existing infrastructure.
5 CPS Gateway - DEDS - CPSO Existing Architecture CPSO1 CPSOn FIREWALL FIREWALL DEDS Primary DEDS Secondary RED Side CPS Gateway Green Side XFB ISDN/VPN Push Files to DEDS Push File to CPsPush Files to CPSGPush Files to DEDS FTP DEDS Cluster
6 CPS Gateway - DEDS - CPSO Proposed Architecture NEW DEDS NEW DEDS DR DNSSWITCHINGDNSSWITCHING DNSSWITCHINGDNSSWITCHING CPS Gateway XFB FTPS (one way SSL over internet) CPSO n CPSO 1 FTPS (one way SSL over internet) Data Mirroring FTP is replaced by FTPS.
7 How FTPS will work? DEDS hardware will be migrated to new scalable Architecture. This hardware will be accessed by CPSOs systems using standard Internet URL calls instead of an IP address. CPSOs will transfer the files to DEDS via One Way SSL over internet. FTPS replaces Normal FTP by using one way SSL and basic authentication. DEDS will be exposed to internet with IP filtering applied on BT firewall to accept calls only from registered IPs
8 Rationale for using FTPS: FTPS is a widely used standard alongside SFTP. Each has its own advantages and disadvantages. Few specific reasons for choosing FTPS: –Chrooting – Required to ensure each CP has isolated working area on DEDS server for Data Security. –Time bound login – Like CPS, there are other BTW services which are not available 24 * 7. It is necessary to restrict CP access to DEDS outside of agreed service hours. –Logging – To generate MIS of CPs upload/download activities. –Command Execution – To ensure CP can execute only certain commands necessary for transfer of files and restrict potentially harmful commands for health of DEDS. X509 certificates will be used by BT on DEDS server as Server Certificate. CPSO's will be provided with necessary CA (certifying authority) certificates to authenticate BTs Server Certificate. For receiving files from DEDS, if Option 1 (PUSH approach, details on later slides) is preferred, CPSOs will have to host a server certificate for DEDS to authenticate CPSO servers using One Way SSL.
9 What CPSOs will have to do? Transferring files to DEDS CPSOs have to build the capability at their end to transfer the files to DEDS via one way SSL over internet. CPSOs can use any FTPS client of their choice. There are many commercially available or freeware clients. DEDS authenticate CPSOs by username and password. The FTPS connection will be established to transfer the files to DEDS.
10 What CPSOs will have to do? Receiving files from DEDS There are two options – 1.PUSH approach - CPSOs have to make a infrastructure change at their end to host SSL certificate so that BT (DEDS) can push the files to CPSOs using FTPS through internet. 2.PULL approach - CPSOs have to make a functional change at their end and have to pull the files from DEDS.
11 What CPSOs will have to do? Receiving files from DEDS – Potential benefits/changes for Option 2 (PULL approach) CPSOs may already have functional capability to PULL files from DEDS for some other products/services like downloaded of CDRs. CPSOs wont have to deploy necessary infrastructure to host SSL server to allow for inbound One Way SSL connections from DEDS and hence doing away with one time implementation and ongoing maintenance costs CPSOs can connect to DEDS for receiving files in the same manner as for sending files to DEDS CPSOs can customize PULL frequency as per their order volumes. It is advised to keep a minimum PULL frequency of 5 mins (for high volume CPSOs) and a maximum of one PULL attempt per day (for very low volume CPSOs) CPSOs continue to send handshake response. However considering CPSOs can PULL files from DEDS as per their requirement, existing SLA period of 100 mins for handshake will be reviewed to accommodate for this change. Appropriate OfCom reports will be modified to accommodate revised SLAs If there is a requirement, an archival policy can be implemented to allow CPSOs to access already pulled files for an agreed period of time.
12 Benefits of Migration Enabling FTPS over one way SSL through internet access to DEDS for improved security. To remove VPN set up pre-requisite for CPSOs using VPN. For CPSOs using ISDN, no need to maintain necessary infrastructure for ISDN connectivity and also saving dialling costs. Increase in the Bandwidth. There will be new DR (Disaster Recovery) site which will ensure continued availability in case of any issues at primary site. Beneficial to CPSOs using DEDS to download CDRs
13 How Migration will be managed? Migration will be managed in three phases. Phase –I : New DEDS server will be available in live ready for CPS Operators to migrate. –Once Phase – I is complete, the CPS operators may start migration to new DEDS via One Way SSL over internet (FTPS). Phase –II : CPS Gateway will be migrated to new DEDS by end of phase - II. Between Phase I & Phase II, BTW will internally manage synchronisation of existing DEDS and new DEDS system. Phase –III : The old DEDS server will be decommissioned as all CPS Operators would have migrated to FTPS connectivity with DEDS.
14 CPS Gateway - DEDS - CPSO Proposed Architecture Phase - I CPSO1 CPS Gateway XFB CPSOn FTP FTPS (one way SSL over internet) OLD DEDS NEW DEDS Data Synchro nization. Phase I
15 CPS Gateway - DEDS - CPSO Proposed Architecture Phase - II CPSO1 CPS Gateway XFB CPSOn FTP FTPS (one way SSL over internet) OLD DEDS NEW DEDS Phase II Data Synchron ization.
16 CPS Gateway - DEDS - CPSO Proposed Architecture Phase - III DEDS DEDS DR DNSSWITCHINGDNSSWITCHING DNSSWITCHINGDNSSWITCHING CPS Gateway XFB FTPS (one way SSL over internet) CPSO n CPSO 1 FTPS (one way SSL over internet) Data Mirroring Phase III
17 How can CPSOs go about it? Approach BT Product Manager / BT Account Manager contact to schedule migration to NEW DEDS. Complete FTPS client installation & configuration. –FTPS clients are available either commercially or as free- ware. Test connectivity to BT system with on-ramp server. (Support team will make this available) Test connectivity to NEW DEDS (Live) Start using new DEDS!
18 Time scales Phase-I : This is expected to be ready by end-May10 Phase-II : This is planned to start in Jun10 depending on the completion of Phase I in time. Phase-III : Plan is to start decommission of OLD DEDS by end of Phase II, but this is subject to the CP transition plans to be discussed between CPSOs and BT Account Managers / Product Line leads.
19 FTPS Client Samples CoreFTP Lite (Windows) URL: SmartFTP (Windows) URL: IglooFTP Pro (Windows, Linux) URL: FlashFXP (Windows) URL: SDI FTP (Windows) URL: LFTP (Unix, MacOS X) URL: RBrowser (MacOS X) URL: FTPTLS (OpenBSD, possibly other Unix as well) URL: user.tu-chemnitz.de/~grmo/ftptls/ Port: chemnitz.de/~grmo/ftptls/port/ftptls-port.tar.gzhttp://www-user.tu- chemnitz.de/~grmo/ftptls/port/ftptls-port.tar.gz Glub Tech Secure FTP Client (at least Unix, MacOS X and Windows) URL: NOTE: BT does not recommend any specific product. The list above is for reference only. CPs are requested to take their own informed decision.