Академический Документы
Профессиональный Документы
Культура Документы
This document contains highly sensitive, confidential and trade secret information,
and may not be disclosed to third parties without the prior written consent of
Plastoworld Worldwide.
1. Introduction ………………………………………………………………………3
2. Process Flow………………………………………………………………………4
5. Network Description…………………………………………………………....7
7. Network Security…………………………………………………………………12
Installations…………………………………………………… …..15
10.Contact Details…………………………………………………………………… 31
Plastoworld’s servers are located in the state of art data center of Reliance in Navi
Mumbai. Reliance Data Center provides the n+2 infrastructure redundancy, i.e.
multiple power supplies, UPS with Battery Backup and captive power plant.
Plastoworld’s Switch ITM runs on IBM’s robust server I5/OS (AS/400) and
Plastoworld has two AS/400s running parallel to each other, where data gets
mirrored online real time, on site.
Process Flow
CITY I
MIMIX ONLINE
MIRRORING
-- Settlement
-- Backups
-- Settlement
- Backups
- Offsite (in city tapes to be stored).
MIMIX ONLINE
MIRRORING
-- Settlement
-- Backups.
SUN Fire V
5 Electra-Sun IDC - 1 R-2 Solaris
240
IDC -
6 AS/400 DR 810 V5R4
BANGLORE
Proliant ML370
7 MOP IDC - 1 R-2 WIN2k
G2
Proliant DL360
8 JUN IDC - 1 R-2 WIN2k
G2
IBM Blade
9 INVAS IDC - 1 R-2 WIN2k3
Center HS20
Proliant
10 Euro Mon IDC - 1 R-1 WIN2k3
ML350 G3
Transaction Monitoring
Proliant DL380
11 + Test Server IDC - 1 R-2 WIN2k
[Application] G4
Proliant DL 380
14 Proxy (INPR01) IDC - 1 R-1 WIN2K
G3
15 AMA2 ML570 3G IDC -2 R-1 WIN2k
EWIDT - Database
17 ML370 G4 IDC -2 R-1 WIN2k
Server
IBM Blade
21 Recon IDC -2 R-1 WIN2K
Center HS20
IBM Blade
22 Ewidt-Lite
Center HS20
IBM Blade
31 EWIDT WIN2K3
Center HS20
Checkpoint FW Log
32 Assembled IDC - 1 R-3 WIN2K
Server
33 Master Card Setup IDC - 1 R-2
34 VISA Rack IDC -1 R-5
Routers
Firewall
Switches
VPN Boxes
Network Description
All the customers of Plastoworld are connected to the two main core routers.
These two core routers are Cisco 3660 series routers.
Both these routers are running HSRP for LAN redundancy to outside network.
These routers are running OSPF as a dynamic routing protocol for routing
convergence.
For the entire customer networks, static routing is used and these static routes
are redistributed into OSPF process.
They have all their servers in 202.138.123.64/27, which is in the DMZ segment
protected by checkpoint firewall.
There is a cluster of two Checkpoint firewall in which one is active and the
other is in standby mode for redundancy.
In this DMZ segment there are multiple servers, which communicate to the
customers ATM switches, and other servers for various banking operations.
Their core router is directly connected to the checkpoint firewall and which in turn
is connected to the Layer 3 switch (Cisco3550).
All the Customers connecting via Leased lines are having ISDN as backup link for
redundancy.
When ever any leased line goes down ISDN is fired automatically within 3
seconds and is disconnected in 300 secs once the leased line comes up.
For ISDN to be connected to the ISDN router E1 PRI is being used and also 8
ISDN lines are used as a backup of E1 PRI.
Direct Expansion Air conditioners are used and the condenser is located on the roof
Capacity of the AC units: 18.5 TR per Unit
Fire Detect and Suppress System is localized with fire detectors placed on each rack.
1) Ionization type
2) Photoelectric type
3) Thermal Detectors
Fire Suppression system used is FM-200 fire extinguishing system (Kidde Finwal
make)
Power System
The power is obtained from two separate feeders of state run KPCTL/MSEB, these
feeders are connected to DG sets which in turn is connected to multiple UPS systems
Diesel Generator used is K.CUMMINS make Diesel Genset with 1250 KVA (3 Nos)
Physical Security
1) Biometric Reader
2) Smart card Access
3) CCTV Surveillance
Salient Features
The salient features of the Plastoworld setup, specifically addressing the
security requirements of the Plastoworld are as below:
All the routers in the Plastoworld are configured with access-lists that prevent
traffic from one customer to flow to the other customer’s network. This
ensures that the Plastoworld network is not used as a transit network to
access one customer’s network from another’s.
The following section details the security that has been implemented by
fine-tuning and hardening the configuration of routers and switches.
o All the traffic coming from external customer networks is forced to go through
firewall, which protects and prevents Plastoworld’s internal network from any
external attack or security breach.
o Secure IPSEC tunnel for HDFC customer is configured as per client’s security
requirement.
o The backup ISDN lines for leased lines are configured with PPP CHAP
authentication, which allows for a secure client router authentication with
Plastoworld’s core routers EURORT1 and EURORT2.
o SNMP access-lists to limit SNMP access to the router and switches have been
implemented.
o Exec-timeout of 2 minutes 30 seconds has been enabled on the Telnet,
auxiliary as well as console ports.
o TCP keepalives on incoming connections has been enabled (with service tcp-
keepalives-in). This helps to guard against both malicious attacks and
"orphaned" sessions caused by remote system crashes.
o Un-necessary services like HTTP, Finger, and bootp have been disabled.
The Core routers (EURORT1 and EURORT2) use OSPF for communicating
network reachability.
These OSPF routes are exchanged using secure route authentication
(through secure MD5 HASH), which verifies that routes learnt are
indeed through authenticated valid OSPF peers.
4. Miscellaneous Settings
The Cisco discovery protocol is disabled on all interfaces thereby preventing the
neighboring devices in learning about directly connected devices, which might
result in sharing of device information to wrong hands of the hacker.
The PPP session that results when an ISDN call is established between the
Plastoworld routers and their customer routers is authenticated using PPP CHAP
authentication. This ensures that only authorized customer routers with a correct
CHAP password can connect to the Plastoworld network.
Activities
OS installation
PTF installation
Disk Installation
Hardware Installation
Server Installation
Router Installation
Modem Installation
Full system backup of AS/400 Servers and RS6000 Server is conducted through their
respective consoles as TCP/IP services has to be put down during the backup process
The Data center AS/400 activities involves monitoring all the aspects of the three
servers like
1) Disk Status
2) CPU % utililization
3) ASP % utilization
4) Subsystem Status
5) Job Queue Status
6) Work Problem Entries
7) SRC codes
8) Network Status
9) Output queue Management
10) Shared Pool Utilization
11) Tape Drive Status
12) Last night backup status
Hourly Monitoring
1) ASP % utilization
2) CPU % utilization
3) Display Message
A program is scheduled in an hourly basis generating the current CPU and ASP
status
Any unusual reading is crosschecked and the activity responsible for elevation or
decline in the normalcy is either halted or terminated
Any hardware related issue is reported as an entity of Incident reporting under the
guidelines prescribed in the incident management Policy. (Refer Incident
management Document)
MIMIX Monitoring
1. Check the system asp and cpu utilization using WRKSYSSTS 89.88/10.4
2. Check the DASD status using WRDSKSTS and confirm that all are ACTIVE OK
3. Check the subsystem status using WRKSBS and confirm that all subsystems are active OK
4. Use the WRKPRB command to detect new problems within the system OK
5. Check the SYSOPR message queue for any Message needing Reply OK
6. Check the logs for Daily and Weekly backup for successful completion OK
The spool files for daily and weekly backup can be obtained from D5AOUTQ outq
8. Check that the jobq’s are all in the RLS mode by using WRKJOBQ command OK
11. Check the Message Queue of OMS400 to detect the Delay in the mirroring Process Done
13. Check the file QPDSPSTS using the command WRKSPLF Vijay to obtain the CPU Done
Utilization and ASP status in the interval of 60 minutes
Comments
Date:
Checked by
Verified by
MOP
JUN
INVAS
Euro Mon
Transaction Monitoring + Test Server [Application]
SDMS 1-1.2
SDMS - 2 - 1.5.1
Proxy (INPR01)
AMA2
EWIDT - Data miner
EWIDT - Database Server
Plastoworld Services Desk (CRM)
Plastoworld Service Desk Middle ware
ATM Next
Recon
Ewidt-Lite
Central SQL DB Server (AMA-1)
Terminal Server
FTP Server
Veritas Backup/ restore Server
EN Finance
INDC01
INEX01
INMU1-adp-sv1o
EWIDT
The Servers are running windows 2000 & windows 2003 with the latest patches
on IBM / HP/Compaq Proliant Servers.
The servers are all on RAID and an exhaustive backup Strategy is implemented for
disaster recovery or failure
The health of the systems is monitored twice every day, once in the morning and
again in the evening
3) Raid Status
4) CPU utilization
6) Security Logs
7) Performance logs
Daily
In Monthly we are taking All User Libraries backup + Configurations + Security Data.
Quarterly
1. Daily backup tape we are preserving for one week. (Ex. Monday tape will be use on
next Monday backup.) One LTO Tape require for each day backup and it takes
around 30 MIN. to complete after settlement.
2. Weekly backup tape we are keeping for one month. Out of 5 weeks we are
preserving last week tape till Quarterly backup complete. One LTO Tape require for
each week backup and it takes around 30 MIN. to complete after settlement & daily
backup.
3. Monthly backup tape will be preserve for three months. We will re-use 1 st month
backup media on 4th month backup. Out of three months last month backup media
we are preserving life long. One LTO Tape require for each month backup and it
takes around 45 MIN to complete after settlement & daily backup.
4. Quarterly backup tape (Entire System Backup) will take every three months as per
down time we will get and this backup media we are preserving life time. One LTO
tape require for each quarter backup and it takes around 2 Hrs to complete after
settlement & daily backup.
List of Daily backup libraries. Total 35 Libraries. (No down time required.
Save while active – parameter using.)
The offsite backup process involves duplication of the fortnightly Weekly backup and
the Full system backup, once the duplication is done the tapes are dispatched to
Plastoworld BKC office through courier service.
Archive Backup
Archive backup involves backing up of daily transactional Logs, the Archive tapes are
assigned for permanent storage
Weekly we are checking any two tapes of current week and restore on backup server to
check backup integrity.
We are preserving daily, weekly, monthly and quarterly backup. Daily tapes we are
keeping for one week only. This can be restore any time during week. This same applies
for weekly and monthly tapes for respective periods. Only we are preserving Quarterly
full system backup tape life long.
The Application used for the backup function is Veritas backup Exec for Windows
Servers Ver 9.1 and is installed in Plastoworld-3 Server.
The LTO Autoloader Tape device attached to Veritas Server located at IDC – 2.
The Backup Strategy adopted is “Grandfather – Father – Son” Media Rotation
Strategy under which fall Monthly Full system Backup, Weekly full system
Backup and Daily Differential backup.
On Sunday Nights Weekly Full System backup is scheduled and on the first day
of the month Monthly Full System Backup would be conducted.
In the end of the year a Yearly Full System Backup would be conducted
The weekly and Daily Tapes are meant for instant Disaster/Failure Recovery
and would be rotated
Weekly Tapes would be rotated every 4/5 weeks and Daily tapes would be rotated
every 7 days
For added Security the Weekly tapes are rendered Write protected for 4 weeks
and daily Tapes for 5 days.
The Media Rotational backup Scheme Ensures that each bit of Data for the Entire
year is preserved in Monthly/Yearly Tapes.
The transactional logs obtained during the settlement process is restored to the Test
ITM server for Customer related issues
Userprofile management
Creation Deletion and Management of the user profiles are done in accordance with
the User Policy and Password policy of Plastoworld.
Once the Security Officer Approves the creation of user profile with the specific
authority level it is created and the user is intimated about the same
Scheduled maintenance like Purging, Service Pack Install, Bug fix install is carried
out in consultation with the application Team
Security Audit report is generated for AS/400 Production Server and is stored in the
FTP server
Server login and system related issues of the server users are handled as a first level
of support
All the servers are physically checked daily to gather the status of the Fault
indicating Displays
Comments
Date:-
Checked By:-
Plastoworld monitoring is done from GMC on 24x7 basis. All the links and
devices are being monitored through NNM. Service desk is one of the tools,
which is integrated with NNM. So whenever any event occurs in NNM an incident
ticket is generated in Service Desk and a mail is send to the Level 1 engineer
as well as onsite engineer regarding the incident automatically for the
appropriate action.
Weekly as well as monthly reports are sent to customer on regular basis. These
reports mention about the link availability, performance and device performance.
It also contains ongoing as well as and pending issues description and status.
Management Process
Management for all the devices as well as links is done from GMC on 24x7 basis.
Whenever any link goes down a service desk ticket is mailed automatically to the
onsite engineer from Service desk.
Accordingly the onsite engineer rectifies the problem and updates the reason of
outage in GMC Level 1 engineer and he updates the ticket. After the link is up
ticket changes its state to resolve automatically but it doesn’t closes
automatically, it has to close manually by updating the reason for outage.
Escalation Procedure
Escalation for any incident or any event is configured in Service Desk. It does
this by sending mails to the recipients whom are configured
Link Down
Link UP
ISDN Active
ISDN Disconnect
Router Down
Router UP
Firewall Down
Firewall UP
1 hr LL Escalation
2 hr LL Escalation
Switch Down
Switch Up
Shift Handover
This documents will contains the important activities happened in his shift, pending
activities to do, also what action to be taken or is it for only passing information.
Both Onsite as well as GMC engineers have to update this document regularly
Date
Activity/Name 02Status/Time
NOV 2004 Remark Shift Eng
Day
Diebold isdn WEDNESDAY
Fired at 8.30 From Gmc-Bala Prabhakar
Diebold isdn Disc at 10.37am Rajesh called from Prabhakar
BKC.
Sbi isdn Our of order 8.30am Called SBI, spoke to Prabhakar
vikash he will be
looking after this.
Diebold isdn Fired at 5.30pm Nazia called from Prabhakar
BKC
Diebold isdn Disconnected at Nazia called from Prabhakar
3.30pm BKC
Device Status/Remark
EURORT1 Ok
EURORT1 Ok
NOKIA ( Sec) .66 Ok
NOKIA ( Pri ) .65 Ok
CISCO-PIX 501 Ok
CATALYST 2950 Ok
CATALYST 3550 Ok
CATALYST 3550 Ok
SNIFFER Machine Ok
Signature
The escalation of the incidents in Data center is done in accordance with the
Incident management policy of Plastoworld
3) System malfunction
6) Hardware malfunction
7) Virus/Worm Issues
10)System/software vendor
022 27780966
022 30374303
E-Mail – itsupp_india@Plastoworldworldwide.com
Phone – 022-306 47101 - 108
Escalation Matrix
First Level –
Second Level –
Third Level –