IT Infrastructure Engineering
Definitions: Infrastructure engineering ensures that the IT infrastructure is sufficiently robust, scalable, and efficient to deliver the integrated services underlying the physical environment that supports the processes, physical resources, and operators required for developing, integrating, operating, and sustaining IT applications and support services. Physical resources include facilities, hardware, software, and tools. Operators include engineers, programmers, administrators, and help/service desk personnel. Infrastructure engineering support objectives ensure that a reliable, consistent level of service is available to infrastructure customers and IT service consumers—both human and machine.
Infrastructure operations address the day-to-day management and maintenance of IT services, systems, and applications, as well as the infrastructure, the geographic location, the facilities in which they are housed, and the energy, and hardware usage.
Skilled support resources and defined processes are key to infrastructure operations. These include systems and network administration, data center operations, help/service desks, network operations centers, and service level management.
Keywords: cloud computing, continuity of operation, data center, data center operations, disaster recovery, end-to-end computing infrastructure, IT infrastructure, servers, service management, storage area networks, unified communications, virtualization, wide area networks
MITRE SE Roles and Expectations: Systems engineers (SEs) are confronted with rapid changes in the emerging technology of an IT infrastructure. These changes come from many sources, including organizational objectives to reduce cost, reduce environmental impact, improve efficiency and service levels via automation, enhance business agility, and effectively manage strategic acquisitions. MITRE SEs are expected to support architecture, preliminary design, analysis, implementation, and operations of the infrastructure. Critical areas of focus include information assurance, data strategy, interoperability, application integration, information exchange, networks, and communications services (voice, video, and data). MITRE SEs assist sponsors with initiatives for data centers, application migrations, infrastructure architecture, consolidation of computing services, and IT infrastructure and operations. They develop competencies in data center operations, infrastructure platforms, and IT service delivery. Technical specialties are acquired using a resource reachback staffing approach and include local- and wide-area network design, servers, storage, backup, disaster recovery, continuity of operation (COOP), performance monitoring, virtualization, cloud computing, modeling, visualization, voice over internet protocol (VoIP), IPv6, and other emerging technologies.
MITRE SEs take a systems engineering life-cycle approach to satisfy IT goals and objectives. Infrastructure engineering, IT operations, and service management expertise includes:
- Implementation of Information Technology Service Management and Information Technology Infrastructure Library (ITIL) concepts and policies (For more details, see the IT Service Management article under this topic.)
- Development of infrastructure strategy and IT operational policies, standards, and processes tailored to agency or department missions
- Development of infrastructure and operational requirements in all phases of the system development life cycle
- Development of asset management processes that support the provisioning, tracking, reporting, ownership, and financial status of IT assets
- Data center operations, consolidations, and relocations; planning, implementing, and testing for disaster recovery; daily operations and data center management, including server and systems migrations
- Service desk, help desk, and call center development, implementation, operations, and process improvement
- Service level management through the development of processes, people, technology, and service level and operating level agreements
- Technical strategy, architecture, and design incorporating emerging technologies such as virtualization, cloud and utility computing, IP telephony, and IPv6 planning and migration
- Infrastructure and operations security, such as network and application firewalls, authentication, identity and privilege management, and intrusion detection and prevention
- Beyond technical deliverables, assist with various road shows, Technical Exchange Meetings (TEMs), and conferences to promote the importance of a solid infrastructure.
Government, Industry, and Commercial Interest in IT Infrastructure
In December 2010, the U.S. Federal Government Chief Information Officer released a 25 point action plan that concentrates on areas to reduce IT operating costs and to bring greater value through IT consolidation. The emphasis is on reducing data centers and migrating to lean and agile IT computing services .
The National Institute of Standards and Technology (NIST) took the lead to define cloud computing in the context of cost savings and "increased IT agility." This effort provided the momentum to challenge the rising and unsustainable costs in response to "difficult economic constraints." NIST is partnering with all stakeholders (including MITRE) to face the challenges of security, privacy, and other barriers that have hindered a broad adoption of cloud-based IT infrastructure [2, 3].
The U.S. General Services Administration (GSA) sought and adopted lightweight and agile IT infrastructure to support their common enterprise infrastructure (e.g., enterprise email) while reducing the costs and increasing the efficiency of the associated acquisition and deployment. GSA is also taking a lead role in deploying Software as a Service (SaaS) through the cloud.cio.gov portal . This effort emphasizes compliance with Certification and Accreditation and FISMA  Moderate Impact Data security requirements prior to loading their applications to the store for distribution.
When designing a federal disaster recovery solution, MITRE SEs take into account Federal Information Processing Standards (FIPS) and NIST guidelines so that they will be supported by the end product [6, 7]. Here is a sample:
- FIPS 199 "Standards for Security Categorization of Federal Information and Information Systems"
- FIPS 200 "Minimum Security Requirements for Federal Information and Information Systems"
- NIST SP 800-34 "Contingency Planning Guide for Federal Information Systems"
- NIST SP 800-53 "Security and Privacy Controls for Federal Information Systems and Organizations"
In addition, each agency typically has its own policies and guidelines that must also be addressed.
Best Practices and Lessons Learned
Translating business objectives into IT infrastructure needs. The most difficult part of infrastructure engineering is identifying the infrastructure requirements that form the basis for the physical environment, system, and application development process implied by the sponsor's business objectives. Business objectives, by definition, are not technological. Deriving the technical requirements for the IT infrastructure needed to support business objectives is a critical technical contribution. For example, translating a business need for enhanced distributed capabilities may require developing a Network Design guide that maps the technical principles for switching (e.g., VLANs, Ethernet, STP), routing (e.g., RIP, EIGRP, OSPF, ISIS, BGP), Quality of Service (QOS), and wiring/physical infrastructure to the business objectives. With such a guideline, clients can make technically supported decisions to meet their objectives.
Governance. Because infrastructure supports the entire range of an enterprise's IT needs, it requires broad coordination to continuously monitor and facilitate the performance and modernization of infrastructure projects across the enterprise. Governance defines the relationships among the Systems Development Life Cycle Management (SDLCM) methodology, Information Technology (IT) Capital Planning, Security, and Enterprise Architecture (EA) requirements and processes for deliverables and key phases. Plan for significant investments of time and resources in governance boards, outreach programs, and socializing change. (For more details, see the Enterprise Governance, IT Governance, and Transformation Planning and Organizational Change articles.)
Infrastructure evolution. Infrastructure engineering is distinguished from other IT efforts by the almost absolute necessity of incremental evolution. Infrastructure evolution is influenced by the transformation of business and technological needs. It is extremely rare for an enterprise to be able to switch from one infrastructure to another in one fell swoop. Plan and organize based on incremental change. Provision for operating both old and new infrastructure components in parallel. (For more details, see the articles in the Configuration Management topic.)
Service level agreements. Because the infrastructure supports the entire enterprise, it is impractical and inappropriate to organize interfaces around traditional interface control documents. Users (and potential users) of an infrastructure or shared core function demand a different kind of performance guarantee based on the one-to-many relationship between the owners of the infrastructure or shared function and their customers. This guarantee is captured in a service level agreement (SLA) that documents the expected performance and behavior of the infrastructure for use. Because the SLA is, in effect, an internal contract between the infrastructure and its users, infrastructure engineering must provide for precise measuring, monitoring, and reporting of the function's behavior in the design and in the operation—to the degree that the SLA can be enforced. This requires significantly more detail and rigor than is usually applied to just developing an infrastructure by itself.
Versioning and provisioning. Our sponsor's enterprise is usually large, complex, and widely distributed. As a consequence, it is virtually impossible to change every physical instance of an infrastructure component at one time. Plan for operating multiple versions of any infrastructure component being updated or replaced. It is common for a physically distributed enterprise to be operating two, three, or even four different versions of a single component at the same time. Account for multiple versions, not just for brief periods but continuously as the infrastructure evolves. (For more details, see the articles in the Configuration Management topic.)
Baseline infrastructure assessment. Assessing an operational environment is often a first step in an infrastructure engineering effort. The focus of the assessment should be based on the customer needs and requirements. Two examples are:
- Assess a baseline configuration of an existing operational environment to use for gap analysis of an "as-is" versus a "to-be" architecture.
- Compare a baseline configuration of an existing operational environment against a secure configuration standard for a security assessment.
Common security processes. Perform trusted, independent vulnerability assessments to highlight issues and help remedy and mitigate risk based on NIST, NSA, and leading industry practices in the information assurance and security realm. Document security vulnerabilities and provide recommendations for resolution, mapping the findings to NIST 800-53  controls and providing a risk level report. Promote a standard set of commercial tools such as NetDoctor, Nessus®, or Wireshark where applicable. These tools reuse a "Findings Dictionary" to document common vulnerabilities and provide a consistent approach across assessors and assessment organizations. Multiple SEs from different organizations can all perform the same science, technology, and engineering for different customers in the enterprise following the same documented processes.
Technology transition testing. Leverage the effort of industry experts by partnering with accredited test laboratories. For example, preparing for changes to computer networks to support the IPv6 addressing plan requires a partnership with NIST, federal agencies, or government entities, and the wide range of commercial network equipment vendors. The IPv6 Transition effort is based on a "target architecture" to focus on operational testing. Test planning includes implementing a test laboratory architecture, proving out operational Dual Stack configurations, and identifying testing requirements for pilot deployment.
Next-generation network—The evolution continues. Network technologies and capabilities continue to evolve with the continued growth of the Internet. The current trend toward converged services is apparent and seen across the federal government. This shift requires a robust core and reliable end-to-end services at a minimum. Key next-generation network infrastructure attributes include:
- Robust core technologies:
- Multi-protocol label switching
- High-end routers/switches
- Voice, video, data on a single infrastructure
- Broadband wireless access (4G/3G)
- Mobile applications and value-add services and applications are drivers
- Carrier class devices
- Network is transparent to end user
- Migrate legacy application to cloud infrastructures
- Multi-platform, multi-media, multi-channel, multi-purpose platforms—Android, Blackberry, iPhone, iPad, and Windows platforms
- Security centric. Sensitive and critical information riding on a single infrastructure requires SLA and carrier class devices/services.
- Low cost. Economies of scale are pushing a low-cost model approach:
- Virtualization and Cloud
- Infrastructure Consolidation
- Green IT
- Unified communications. More than just VoIP:
- Video teleconference, teleconference, virtual meeting spaces
- E-boarding and collaboration
- Presence and mobility
- Platform and technology agnostic
- IP telephony
An efficient infrastructure. An infrastructure should be measured to assess capacity, availability, infrastructure monitoring, energy efficiency, power and heat density, and performance. SEs follow best practices and applicable local codes and ordinances, using the ANSI , EIA , NEMA , and NEC  as references, and create recommendations for sponsors to follow based on standards. Currently, "green" initiatives cost more than standard infrastructure build-outs; however, when life-cycle costs can be shown to be equal (or less) based on operating savings (e.g., lower electric bill due to increased efficiencies), the effort to move to a green infrastructure may be justified. (For more details, see the articles in the Integrated Logistics Support topic.)
Mobile IT management and support. Mobile IT management and support for mobile devices have become standard business offerings that support the end user as devices and applications are frequently being used outside the workplace. As a result, mobile service offerings are expected to perform with the same level of connectivity, accessibility, and reliability in the workplace as the end user experiences outside of the business enterprise. Though mobile devices increase productivity, they also introduce security and vulnerability risks that management must address to maintain the integrity of the private infrastructures that support the devices.
Many mobile devices, including cellular phones, smartphones, and tablet computers, connect to networks via WiFi and 3G/4G Internet-based access to different applications. Although there is a strong desire to leverage off-the-shelf capabilities, many of these devices currently lack the necessary security features and assurances to guard against threats. Mobile IT introduces technological diversity and complexity. Each mobile device type and brand is different, but most have the following elements of a core system stack: browser, application programs, logical and network services, security services, physical services, kernel, boot loader, hardware interface services, CPU, and memory. IT departments should devise a common approach to mobile solutions or design patterns that develop more secure mobile solutions that are responsive to the security risks. Evolving security policies have blurred the lines between the personal and professional role of wireless devices and require security approaches that go beyond traditional firewalls. Most enterprise infrastructure architecture mapping efforts focus on fixed IT assets and the core applications that run on them. Mobile devices and applications are often unaccounted for in future plans of architectures. Required infrastructure engineering capabilities include:
- Mobile Technology Policy/Security Development Support
- Mobile IT System Design Support
- Mobile IT System Integration Support
- Mobile IT Change Management Support
- Mobile Workforce Management Support
- Mobile IT Performance Management Support
References and Resources
- Kundra, V., December 9, 2010, 25 Point Implementation Plan to Reform Federal Information Technology Management, U.S. Chief Information Officer, The White House.
- Mell, P., and T. Grance, October 7, 2009, The NIST Definition of Cloud Computing, NIST.
- Wali, S., October 19, 2010, Cloud-Based Infrastructure as a Service Comes to Government, GSA.
- Cloud.CIO.Gov, accessed March 9, 2015.
- Federal Information Security Management Act (FISMA) Implementation Project, NIST, accessed March 9, 2015.
- Current Federal Information Processing Standards, NIST, accessed August 18, 2014.
- Special Publications, NIST, accessed March 9, 2015.
- NIST Special Publication 800-53, April 2013, Security and Privacy Controls for Federal Information Systems and Organizations, NIST.
- American National Standards Institute (ANSI), accessed March 9, 2015.
- U.S. Energy Information Administration (EIA), accessed March 9, 2015.
- National Electrical Manufacturers Association, Standards, accessed March 9, 2015.
- National Fire Protection Association, 2014, NFPA 70: National Electrical Code.
Additional References and Resources
Foster, I., and Kesselman, C., eds., 2004, The Grid 2: Blueprint for a New Computing Infrastructure, Oxford, U.K., Elsevier.
Hoskins, J., 2004, Building an On Demand Computing Environment with IBM: How to Optimize your Current Infrastructure for Today and Tomorrow, Gulf Breeze, Fla., Maximum Press.
Sasaki, R., S. Quig, E. Okamoto, and H. Yoshiura, eds., 2005, Security and Privacy in the Age of Ubiquitous Computing, New York, International Federation for Information Processing.