Follow Us:

IT Infrastructure Engineering

Definitions:

Infrastructure engineering addresses the building, managing, and evolving of the environment that supports the processes, physical resources (facilities, hardware, software, tools, etc.), and human resources (engineers, programmers, administrators, help desk, etc.) required to support the development, operation, and sustainment of IT applications. Infrastructure engineering focuses on ensuring a reliable, consistent level of service to infrastructure customers both human and machine.

Infrastructure operations address the day-to-day management and maintenance of IT services, systems, and applications, as well as the infrastructures on which they operate and the facilities in which they are housed. Processes are key to infrastructure operations. These include systems and network administration, data center operations, help desks, network operations centers, and service-level management.

Keywords: cloud computing, continuity of operation, data center, data center operations, disaster recovery, end-to-end computing infrastructure, IT infrastructure, servers, service management, storage area networks, unified communications, virtualization, wide area networks

MITRE SE Roles & Expectations: MITRE systems engineers (SEs) are challenged with the rapid changes in the emerging technology of IT infrastructure. They are expected to support architecture, preliminary design, analysis, implementation, and operations of the infrastructure. Critical areas of focus include information assurance, data strategy, interoperability, application integration, information exchange, networks, and communications services (voice, video, and data). MITRE SEs assist sponsors with initiatives for data centers, application migrations, infrastructure architecture, and consolidation of computing infrastructure. MITRE SEs develop competencies in data center operations, infrastructure platforms, and IT service delivery. Technical specialties to which they should reach back include local and wide-area network design, servers, storage, backup, disaster recovery, continuity of operation (COOP), performance monitoring, virtualization, cloud computing, modeling, visualization, voice over internet protocol (VoIP), IPv6, and other emerging technologies.

Background

MITRE SEs are expected to take a total life-cycle approach to assist operational users in applying IT infrastructure, operations, maintenance, and management techniques to meet their challenges.

Infrastructure Engineering and the associated Operations and Service Management expertise includes:

• Implementation of Information Technology Service Management and Information Technology Infrastructure Library (ITIL) concepts and policies (for more details, refer to the article on IT Service Management under this topic)
• Development of infrastructure strategy and IT operational policies, standards, and processes tailored to agency or department missions
• Development of infrastructure and operational requirements in all phases of the system development life cycle
• Development of asset management processes that support the provisioning, tracking, reporting, ownership, and financial status of IT assets
• Data center operations, consolidations, and relocations; planning, implementing, and testing for disaster recovery; daily operations and data center management, including server and systems migrations
• Service desk, help desk, and contact and call center development, implementation, operations, and process improvement
• Service-level management through the development of processes, people, technology, and service-level and operating-level agreements
• Technical strategy, architecture, and design incorporating emerging technologies such as virtualization, cloud and utility computing, IP telephony, and IPv6 planning and migration
• Infrastructure and operations security, such as network and application firewalls, authentication, identity and privilege management, and intrusion detection and prevention
• Beyond technical deliverables, assist with various road shows, TEMs, and conferences to promote the importance of a solid infrastructure

Government, Industry, and Commercial Interest in IT Infrastructure

In December 2010, the U.S. Federal Government Chief Information Officer released a 25 Point IT Management Reform Plan that concentrates on areas to reduce IT operating costs and to bring greater value through IT consolidation. The emphasis is on reducing data centers and migrating to lean and agile IT computing services [1].

The National Institute of Standards and Technology (NIST) took the lead to define cloud computing in the context of cost savings and "increased IT agility." This effort provided the momentum to challenge the rising and unsustainable costs in response to "difficult economic constraints." NIST is partnering with all stakeholders (including MITRE) to face the challenges of security, privacy, and other barriers that have hindered a broad adoption of cloud-based IT infrastructure [2, 3].

The U.S. General Services Administration (GSA) sought and adopted lightweight and agile IT infrastructure to support their common enterprise infrastructure (e.g., enterprise email) while reducing the costs and increasing efficiency of the associated acquisition and deployment. Additionally, GSA is taking a lead role in deploying Software as a Service (SaaS) through the apps.gov portal [4]. This effort emphasizes compliance with Certification and Accreditation and FISMA [5] Moderate Impact Data security requirements prior to loading their applications to the store for distribution.

Best Practices and Lessons Learned

Translating business objectives into IT infrastructure needs. The most difficult part of infrastructure engineering is identifying the infrastructure requirements implied by the sponsor's business objectives. Business objectives, by definition, are not technological. Deriving the technical requirements for the IT infrastructure needed to support business objectives is a critical technical contribution. For example, translating a business need for enhanced distributed capabilities may require the development of a Network Design guide where the technical principles for switching (e.g., VLANs, Ethernet, STP), routing (e.g., RIP, EIGRP, OSPF, ISIS, BGP), Quality of Service (QOS), and wiring/physical infrastructure are mapped to the business objectives. By creating such a guideline, the client is then able to make technically supported decisions to meet their objectives.

Governance. Because infrastructure supports the entire range of an enterprise's IT needs, it requires a broad level of coordination. Every department and function in the enterprise needs to be represented in the governance of the infrastructure. Plan for significant investment of time and resources in governance boards, out-reach programs. and socialization of change. (For more details on governance, refer to the articles on Enterprise Governance, IT Governance, and Transformation Planning and Organizational Change.)

Infrastructure evolution. Infrastructure Engineering is distinguished from other IT efforts by the almost absolute necessity of incremental evolution. It is extremely rare for an enterprise to be able to switch from one infrastructure to another in one fell swoop. Plan and organize based on incremental change. Provision for operating both old and new infrastructure components in parallel. (For more details, refer to the articles on Configuration Management.)

Service level agreements. Because the infrastructure supports the entire enterprise, it is impractical and inappropriate to organize interfaces around traditional interface control documents. Users (and potential users) of an infrastructure or shared core function demand a different kind of performance guarantee based on the one-to-many relationship between the owners of the infrastructure or shared function and their customers. This guarantee is captured in a service level agreement (SLA) that documents the expected performance and behavior of the infrastructure for use. Because the SLA is, in effect, an internal contract between the infrastructure and its users, Infrastructure Engineering must provide for precise measuring, monitoring, and reporting of the function's behavior in the design and in the operation—to the degree that the SLA can be enforced. This requires significantly more detail and rigor than is usually applied to just developing an infrastructure by itself.

Versioning and provisioning. Our sponsor's enterprise is usually large, complex, and widely distributed. As a consequence, it is virtually impossible to change every physical instance of an infrastructure component at one time. Plan for operating multiple versions of any infrastructure component being updated or replaced. It is common for a physically distributed enterprise to be operating two, three, or even four different versions of a single component at the same time. Account for multiple versions, not just for brief periods but continuously as the infrastructure evolves. (For more details, refer to the articles on Configuration Management.)

Baseline infrastructure assessment. Assessing an operational environment is often a first step in an infrastructure engineering effort. The focus of the assessment should be based on the customer needs and requirements. Two examples are:

• Assess a baseline configuration of an existing operational environment to use for gap analysis of an "AS-IS" versus a "TO-BE" architecture.
• Compare a baseline configuration of an existing operational environment against a secure configuration standard for a security assessment.

Common security processes. Perform trusted, independent vulnerability assessments to highlight issues and help remedy and mitigate risk based on NIST, NSA, and leading industry practices in the information assurance and security realm. Document security vulnerabilities and provide recommendations for resolution, mapping the findings to NIST 800-53 [6] controls and providing a risk level report. Promote a standard set of commercial tools such as NetDoctor, Nessus®, or Wireshark where applicable. These tools reuse a "Findings Dictionary" to document common vulnerabilities and provide a consistent approach across assessors and assessment organizations—multiple system engineers from different organizations can all perform the same science, technology, and engineering for different customers in the enterprise following the same documented processes.

Technology transition testing. Leverage the effort of industry experts by partnering with accredited test laboratories. For example, preparing for changes to computer networks to support the IPv6 addressing plan requires a partnership with NIST, federal agencies, or government entities, and the wide range of commercial network equipment vendors. The IPv6 Transition effort is based on a "target architecture" to focus on operational testing. Test planning includes implementing a test laboratory architecture, proving out operational Dual Stack configurations and identifying testing requirements for pilot deployment.

Next-generation network — The evolution continues. Network technologies and capabilities continue to evolve with the continued growth of the Internet. The current trend toward converged services is apparent and seen across the federal government. This shift requires a robust core and reliable end-to-end services at a minimum. Key next-generation network infrastructure attributes include:

• Robust core technologies:
• Multiprotocol label switching
• High-end routers/switches
• Convergence:
• Voice, video, data on a single infrastructure
• Broadband wireless access (4G/3G)
• Mobile applications and value-add services and applications are drivers
• Carrier class devices
• Network is transparent to end user
• Multi-platform, multimedia, multi-channel, multi-purpose platforms—Android, Blackberry, iPhone, iPad, and Windows platforms
• Security centric: Sensitive and critical information riding on a single infrastructure requires SLA and carrier class devices/services.
• Low cost: Economies of scale are pushing a low-cost model approach:
• Virtualization and Cloud
• Infrastructure Consolidation
• Green IT
• Unified Communications: More than just VoIP:
• Video teleconference, teleconference, virtual meeting spaces
• E-boarding and collaboration
• Presence and mobility
• Platform and technology agnostic
• IP telephony

An efficient infrastructure. Assess cabling, power, grounding, Heating, Ventilation and Air Conditioning, raised flooring, load bearing, fire suppression, physical access and egress (ADA compliance). They follow applicable local codes and ordinances, using the ANSI-EAI, NEMA, and NEC as references, and create recommendations for sponsors to follow based on standards. Currently, "green" initiatives cost more than standard infrastructure build-outs; however, when life-cycle costs can be shown to be equal (or less) based on operating savings (i.e., lower electric bill due to increased efficiencies), the effort to move to a green infrastructure may be justified. (For more details, refer to the articles on Integrated Logistics Support.)

Mobile IT management and support. Mobile IT Platform diversity complicates IT management and help desk activities because these platforms are incompatible. IT departments need to revise processes for developing applications to accommodate the new workflow and mobile data platforms. Evolving security policies and blurred lines between the personal and professional role of wireless devices require security approaches that go beyond traditional firewalls. Most enterprise infrastructure architecture mapping efforts focus on fixed IT assets and core applications that run on them. Mobile devices and applications are often unaccounted for in future plans of architectures. Required infrastructure engineering capabilities include:

• Mobile Technology Policy/Security Development Support
• Mobile IT System Design Support
• Mobile IT System Integration Support
• Mobile IT Change Management Support
• Mobile Workforce Management Support
• Mobile IT Performance Management Support

References & Resources

1. 25 Point Implementation Plan to Reform Federal Information Technology Management.
2. The NIST Definition of Cloud Computing, NIST Cloud Computing Program, NIST.
3. Cloud-Based Infrastructure as a Service Comes to Government, GSA.
4. U.S. GSA Apps.Gov Portal, GSA.
5. Federal Information Security Management Act (FISMA) Implementation Project, NIST.
6. Recommended Security Controls for Federal Information Systems and Organizations, NIST.

Additional References & Resources

• Hoskins, J., 2004, Building an On Demand Computing Environment with IBM: How to Optimize your Current Infrastructure for Today and Tomorrow, Maximum Press.
• Foster, I., and Kesselman, C., eds., 2004, The Grid 2: Blueprint for a New Computing Infrastructure, Elsevier.
• Sasaki, R., 2005, Security and Privacy in the Age of Ubiquitous Computing, International Federation for Information Processing.