PRE-TENDER CONSULTATION

(1)

TASMANIAN CLOUD

NETWORKING TASMANIA

PRE-TENDER CONSULTATION

November 2014

Networking Tasmania III Project

(2)

2

MINISTER’S

FOREWORD

As described in this Government’s election policy, Growing our Information and

Communication Technology Industry, information and communications

technology (ICT) is a vital enabler of business and service delivery to Tasmanians.

All Government services, from libraries and schools to law courts, policing and health care, depend on ICT services, which in turn are underpinned by critical core infrastructure. That infrastructure is predominantly based on the services provided under the Networking Tasmania (NT) agreements.

The Tasmanian Government currently spends approximately $16 million per year on these data networking and data centre services.

With the current agreements coming to an end over the next few years, I am seeking replacement agreements which take advantage of industry

developments, and which meet the new and emerging requirements of this Government. This includes our drive to:

• establish a Tasmanian Cloud

• support local business through the Buy Local Policy, and

• provide services as one Government, not a group of disparate agencies It is pleasing that the existing NT agreements include mainly Tasmanian suppliers. Successful engagement with local industry now is intended to assist potential suppliers in understanding what government requires, so they can position themselves to supply those services into the future. The engagement should also help the Government to develop its ideas and strategies for improving these critical service delivery infrastructures through the Networking Tasmania III project.

The range of services to be included in the future NT agreements will include services to establish a Tasmanian Cloud for government services, and support the transition to those services over a four year period.

The Government is making decisions which will improve its own capacity to deliver effective services to the community, while at the same time

strengthening our relationship with our vital ICT industry.

Michael Ferguson, MP

Minister for Information Technology and Innovation

(4)

4

1. LOCAL ICT SECTOR

PRE-TENDER CONSULTATION

1.1 Purpose

The Tasmanian Government is seeking to engage with interested parties in the local ICT sector, to inform the development of its strategy for the procurement and delivery of future data networking, hosting and associated services. These services, the foundation of the Tasmanian Cloud for

government, will be known as Networking Tasmania (NT) III.

This paper is intended to support that engagement, by informing interested parties about:

• the Government’s current NT II data networking services and business context

• the drivers and future business model envisaged for NT III services • the service and security models that are emerging

• likely individual service requirements, including the expected grouping of services by type for procurement and delivery purposes

The actual procurement of NT III services and the subsequent transition to future arrangements is expected to involve multiple processes over the next three years. This pre-tender consultation process is expected to continue during that period, for services not covered by any ‘live’ procurement process.

1.2 Important note

This consultation is separate from any procurement that may be undertaken in future by the Government to effect delivery of new NT III services

arrangements. It should be noted that any future procurement will be

undertaken in accordance with Tasmanian Government procurement policies. The Government intends to use and reference information, concepts, ideas and approaches that are provided by any parties who engage through this consultation process to assist in planning, documenting and undertaking the development of its NT III services strategy and any subsequent processes. Any information and comments provided by interested parties will also be subject to the Right to Information Act 2009.

(5)

5

1.3 Focus of pre-tender consultation

The Government is seeking comment on the following:

NT III DISCUSSION POINTS

• The capability of local ICT industry and service providers to deliver the types of services described within the proposed NT III service groups • The proposed development of Tasmanian Cloud services

• The potential impacts of the changed security model on the proposed NT III network core, security services and LAN services

• How the proposed Authentication and Authorisation Service (AAS) may function

• The suitability of proposed NT III service groups, individual services, and the use of multiple suppliers to deliver targeted services

• Transition from NT II to NT III, including approaches to procurement to help manage risk

• Transition to dual IPv4 and IPv6 stack • Other relevant matters

Note - Interested parties who wish to provide information in response to this paper do not need to address all of the discussion points listed above.

1.4 How to participate

All contact should be to Peter Fisher of TMD, Department of Premier and Cabinet:

Email: [email protected] Telephone: 03 6166 3111

Your options for providing commentary are as follows:

1. Send your written response on all or any of the discussion points to the above email address. Please provide your details so that we may contact you if required

2. Send an email with your contact information and areas of interest so that we can contact you

The Government expects to complete strategy formulation in quarter 1 2015. Market consultation will continue past this time for services not covered by ‘live’ procurement processes.

(6)

6

2. VISION AND OBJECTIVES

2.1 Tasmanian Cloud Policy

The Government’s policy, Growing our Information and Communication

Technology Industry1_{includes the following statement, made as part of the data}

centre action strategy for Tasmania:

“To play our part, we will set a goal of moving whole-of-government data to the Tasmanian Cloud (secure, on-island data centres) – setting an example for other major organisations such as the

University of Tasmania, local government and Tasmanian businesses. By establishing a four-year goal of moving to on-island data

sovereignty arrangements (where all public sector data is stored on data centres within Tasmania) we will be protecting security of data, employing Tasmanians and reducing the cost of data traffic on the Bass Strait links.”

The NT III agreements are a key element in the delivery of this commitment. Note that the Tasmanian Cloud is intended as an on-island cloud service which will securely support key public sector data and ICT services. The use of public cloud services by government agencies has not been ruled out as an option for some activities. A new Tasmanian Government ICT Strategy is now under development through the Government’s peak ICT authority, the ICT Policy Board. This is expected to clarify the scope and implementation of the Tasmanian Cloud policy, as it affects IT within government.

2.2 Vision

The Government’s vision for the next generation of Networking Tasmania is a set of agreements and services that:

1. create and support the Tasmanian Cloud

2. provide maximum opportunity for local ICT suppliers

3. provide Government staff with secure and controlled access to Government ICT services ‘anywhere, anytime’

4. promote a one-Government approach to service delivery to Tasmanians

1_{Available at:}_{https://www.tas.liberal.org.au/policy}

NT III Pre-Tender Consultation Paper 14/43786 TMD, Department of Premier and Cabinet

(7)

7

2.3 Key objectives

1. All government staff to have access to all the information and services that they need to perform their role regardless of their physical location and organisation context within government, including the ability for agency staff to roam

2. A high level of security (availability, integrity and confidentiality) for all services

3. ‘Who you are’ not ‘your agency or location’ as the determinant of which electronic information staff and other users may access

4. Ease of collaboration and mobility, including, where authorised, routine access of whole-of-government or other agency services

5. The Government’s data and ICT services are to be located in the Tasmanian Cloud

6. Value-for-money to Government, including minimised transition cost and risk

7. Support for gradual change to processes across government, to unlock the benefits of the new infrastructure and services over the life of the new agreements

2.4 Delivery method

The services framework and infrastructure required for achievement of the Government’s vision and objectives will be delivered via the Networking Tasmania (NT) III project. The purpose of this project is to procure the next generation of network core and related ICT services, to replace current NT II contracts which commence expiring from May 2015.

Planning for NT III has been underway for some time, with the high-level approach has been endorsed by the Government’s ICT Policy Board. Additionally, a separate strategic review and business case has also been undertaken on requirements for data centre services and related ICT

infrastructure services. The recommendations from this work2_{have also been}

endorsed by the ICT Policy Board.

NT III planning and the implementation of the strategic review and business case on data centre services have now been combined into a single body of work3_{, which also includes the effective delivery of the Tasmanian Cloud.}

This project will deliver services, not technology. Achievement of Government’s vision and objectives will be gradually and incrementally realised over the life of NT III as Government agencies adopt and utilise the services delivered via the NT III project.

2 http://www.egovernment.tas.gov.au/ict/data_centres_and_managed_services

3 The data centre services under NT III and the business case include hosting, computing and storage services to be used by agencies in support of their business operations. They are not related to any proposals to develop new data centre facilities in Tasmania.

NT III Pre-Tender Consultation Paper 14/43786 TMD, Department of Premier and Cabinet

(8)

8

3. WHAT WE THINK NT III WILL LOOK LIKE

3.1 High-level network architectural models

Diagram 1 Networking Tasmania II – high-level network architecture – current state

(9)

9 Diagram 2 Networking Tasmania III – high-level network architecture – future state concepts

(10)

10 Diagram 3 Networking Tasmania III –high-level network architecture - day one concepts

(11)

11

3.2 NT III business model

The current NT II business model comprises a number of contractual arrangements with suppliers (called Head Agreements) for the delivery of network and related ICT services, which are managed via Service Level Agreements.

Government agencies and other eligible customers purchase directly from the NT suppliers in most cases, with a single invoice for all services rendered to each customer / agency. There is no single government agency that purchases, and then re-sells, all services on behalf of the others (except where TMD is the customer for the NT core services. TMD then re-bills the agencies for their proportionate use of the core).

More information on the current NT II arrangements is included in the appendices of this pre-tender consultation paper.

The NT III business model will be an evolution of NT II, retaining many of the NT II features that will support the achievement of the Government’s vision and objectives, specifically:

• Provide wide area data connectivity between agency sites

• Multiple suppliers providing competitive tension and contestability • Be able to grow without injection of government capital funds or

increased numbers of staff

• Network as a Service – Agencies will continue to purchase fully managed services – not technologies, not equipment and not do-it-yourself

arrangements

• Improve the opportunities for price improvement through extending contestability and competitive tension into more parts of the agreements • Improve and enhance the security posture to meet new threats and

practices such as the risks associated with increased collaboration, internally and externally, mobile computing, bring your own device (BYOD) and other emerging threats

It is critical to note that:

• Customers will continue to purchase directly from the NT suppliers • TMD will continue to be the contract manager, on behalf of Government.

It will have an oversight role, including the ability to act on behalf of any single customer, at any time. It will likely be the single government customer for the NT core service

• The eligibility of non-government customers is unlikely to change (please refer to the appendices for current NT II customers)

• The Government’s strong preference is for a price model that minimises up-front expense to the customer by recovering capital and transition-in costs over the initial term of the agreement. This is the model employed for both NT I and NT II

(12)

12 • The Government may consider variations to this approach, including the

Supplier recovering all capital costs in its recurrent pricing model.

Alternatively, the Government may consider funding some costs up front, with the rest being built into recurrent charges

• Supplier pricing models will be expected to take account of customer loyalty, scale of the agreements, service volumes, term of commitment, refresh terms and any other factors that may contribute to improved and competitive pricing offers

3.3 Security model

In essence, the Government plans to move

• from an agency-by-agency Virtual Private Network (VPN) security model, in which technical security processes are applied at agency boundaries • to a whole-of-government security model, in which technical security is

applied at service boundaries, based on business rules determined by agencies

The current security model provides each agency with its own network. Services that can be accessed over the network are largely determined by location of the user.

Collaboration across government is presently enabled by numerous “holes” that have been opened in each agency’s network.

This arrangement is no longer able to sustainably and securely support the level of collaboration that occurs across government.

Planning for NT III has defined the following security principles:

1. A government employee will be able to have identical access to ICT resources when using end-user computing devices from any government site.

2. Agencies will be able to easily provision and manage access to ICT services by government employees from any agency, when the ICT services utilise the Authentication and Authorisation Service.

3. All sites, by default, will allow multi-agency collaborative teams to access a range of ICT services, with some ICT services being shared by the team and other ICT services not being shared by the team.

These principles are already a reality in a number of locations. However, implementation has required considerable effort and a growing number of “local” security arrangements.

(13)

13 For NT III, it is proposed to migrate to an ‘identity aware model’. Under this

model, services that a staff member will be able to access will be largely determined by who they are and the device they are using. This will enable them to:

• Roam from government site to government site and retain the ability to access the ICT services that they are allowed to access

• Where authorised, access ICT services of another agency

As part of the transition, NT III will also have to support the current location-based network access model. Agencies are likely to implement the new network access model gradually, as required. In the first instance, the new model is likely to be implemented in those sites, and for those staff, were agencies currently collaborate and share resources.

This new model will be underpinned by the Authentication and Authorisation Service and a new Government ICT Security Framework, which is being developed by a cross-agency working group. The new ICT security

framework will upgrade security policy and guidelines to meet contemporary standards.

3.4 Procurement model

The Government will look at procuring the new NT III services in stages over the next three years.

Procurement is the process of selecting suppliers, agreeing to standing product and service lists and service level agreements (SLAs), and signing head agreements. Each head agreement has its own contract term and may have extension options. Suppliers are then able to sell services, as defined by the agreement documents, to eligible NT customers. Most NT services do not have minimum terms. That is, NT customers may add or remove services at short notice. The exceptions to this are the services that form the NT core service and internet commodity services.

It is proposed to group NT III services into five main procurement groups. Some groups may be further divided into different services. The table and diagrams below outline the likely procurement groupings and services.

(14)

14 Group Description & service elements

1. Network core service

(Network core service individual groups are listed below)

This centre-piece service is a high availability, highly redundant IP network core service, providing

physical carriage, equipment and management for all data transmission, switching & security between customer sites, and customer and external networks. The network core provides secure gateways enabling all entry and exit of data traffic for NT

1(a) - NT III Core • Provides network routing and switching 1(b) - Security

services • Various security services to protect, monitor & respond to security incidents and including firewalls, intrusion detection & Security

information and event management (SIEM) • Proxy services supporting staff access to internet

& intranets, subscription proxies, transparent proxies for unmanaged (or all) devices, audit internet access and configurations

• Address & domain management services e.g. manage Government's IP address plan, domain name registration for tas.gov.au and DHCP • Malware filtering, i.e. blocking of malware like

viruses & spam passing into / via NT III

• Authentication and Authorisation Service (AAS) – a central network service that is situated in the NT III core network and interworks with each agency’s directory service.

1(c) - Customer care

centre • Day to day coordination of service calls; may also include incident management services 1(d) - DC-NT core

interconnect • High-speed resilient data connect services connecting the NT III core and all contracted data centres

2. Internet commodity services

• Connects Government services to the Internet

3. Connection, Extension & Remote Access, services

• Over 950 individual services inter-connect the network core with Agency sites or alternatively inter-connect 2 sites directly, within the NT domain. Various access technologies, including NBN, are used to underpin delivery of services

(15)

15 Group Description & service elements

4. DCaaS and IaaS • Data Centre as a Service

• Infrastructure as a Service, including computing and storage services, and related services such as backup as a service, hosting services and other services as required

5. In-building

services • Fixed line cabling, LAN switching and Wi-Fi

3.5 Transition model

The NT II agreements currently allow for up to a 12 month transition-out period to ensure an orderly migration from any NT II suppliers who will not be providers of the equivalent service under NT III. It is likely that the

government will adopt a phased transition process and this will be tailored to meet the needs of transition for each of the respective service groups. The timing and effort required for government to transition from the NT II services to the new NT III services will vary depending on the NT service group involved.

Learnings from this pre-tender consultation process will assist government to mitigate the various transition risks that are likely to emerge.

The Government expects that there will be multiple procurement processes. The timing and content of each procurement process will be informed by a range of factors including:

• Available government resources to manage the procurement in a timely, appropriate and professional manner

• Feedback from interested parties via the pre-tender consultation process • Emerging industry trends and changed business requirements

• Mitigation and management of NT II current service delivery issues, including technical and capacity constraints

• Mitigation and management of transition risks and costs

The range and detail of the services to be procured under NT III is still being refined and may change.

(16)

16

3.6 Network addressing (DNS and IPv6)

The Tasmanian Government presently owns and manages the ‘tas.gov.au’ domain and subdomains through an NT II supplier. This arrangement will continue under NT III.

NT II is an IPv4 network.

The Tasmanian Government owns two Class B and several Class C

addresses. Government owned addresses are utilised within government sites. Private IP addressing is also used within the network. The network core service supplier also uses their own addresses to manage the NT core. It is intended to migrate to IPv6 via a dual stack approach. To facilitate this, the Tasmanian Government has procured a block of IPv6 addresses. The likely migration plan will be:

• NT III network core, including security services – support for dual stack from day one

• Public facing agency websites and services – progressively migrated to dual stack, recognising that for some services there may be technical or security constraints

• End user equipment and LANs – progressively migrated to dual stack • Internal government services – only implement dual stack if there is an

identified business benefit. Where practicable implement dual stack for new services

(17)

17

4. DETAILED DESCRIPTION OF

SERVICE GROUPS

This section provides more detail about the range of services that are

expected to be delivered through NT III, along with an indication of the level of change expected in moving from NT II to NT III.

NT customers purchase services by ordering via one of a series of service level agreements (SLA). Each SLA will include a description of the service and key metrics, such as fault restoration time, or bandwidth. There may be a range of service levels for the customer to choose from, for some services. Please note that the likely contract term noted in the tables below is for the head agreement only, not the underlying contracts between the customer and supplier. The head agreement likely term is based on an assessment of: • The level of commoditisation of the service

• Period for supplier to achieve a reasonable return on investment • Cost of government retendering and changing suppliers

The Government strongly prefers that individual services provided under the head agreement not be locked into contract terms.

Please note also that most service types are likely to be ‘mandated’ to core government users. This means that Agencies will normally be required to use these agreements to meet their business requirements for those services. However, depending on applicable Government policies, Agencies may be permitted to ‘in-source’ some types of services.

A key Government policy in this regard is the Government’s commitment to implementing the Tasmanian Cloud within four years from 2014.

Eligible customers which are not Government Agencies will not be required to use any NT III services.

(18)

18

4.1 NT III core service group

4.1.1 NT III network core service

Overview - Physical network core (carriage & equipment) & management, providing all necessary data transmission, switching, routing & security between customer networks, external networks & services

- Network design, capacity planning & monitoring at a level where typically

o core device processor load <50% average across key core switching elements

o individual core device processor <75% average for each key core switching element

o core link utilisation <50% average across all key core data links

o individual core link utilisation <75% average for each key core data link

- Provide Connection Service access points for 950+ links from customer sites to connect to the network core (at various bandwidth speeds, provided by any NT III Connection Service supplier)

- All incoming data to government delivered via the network core - for Internet data via an Internet gateway, for specific applications via bespoke gateways

- Class of Service (CoS) management & Quality of Service (QoS) features

- Supports management of various brands of LAN switches & wireless access points

- Desirably housed in NT III contracted data centre(s)

Supplier model - Single supplier - Mandated service

Service metrics - Critical service – 7x24 operations, supported by highest grade metrics – incident response, restoration, downtime & service availability metrics. Productive use measures, redundant features, disaster and business continuity plans Likely term - Likely 5 year contract with extension options Change from NT II - Change in security model, disaggregated

(19)

19

4.1.2 Security - Management services

Overview - Range of security services to protect, monitor & respond to security incidents, such as firewalls, intrusion detection & SIEM

- Proxy services for internet & intranet access by staff. Includes subscription proxies & transparent proxies for unmanaged (or all) devices. Ability for agencies to audit internet access by users & tailor service based on the users' authorisations

- Address & domain management services e.g. manage Tasmanian Government’s IP address plan, domain name registration for tas.gov.au, DHCP - Malware content filtering, i.e. blocking of malware

such as viruses & spam passing into & via NT III - Desirable that the service(s) be housed in the

Government’s NT III contracted data centres services

Supplier model - Potentially a single supplier, mandated service. Could be supplied by the Network Core service supplier or by an independent, specialist service supplier.

Service metrics - Fault restoration times, 7x24 very high service availability, productive use measures, event / incident response capability and times, detection levels etc

Likely term - 3 to 5 year contract with extension options Change from NT II - Impacted by changed security environment &

Government’s ICT security model

4.1.3 Security - Internet filtering

Overview - Content filtering, i.e. blocking of unwanted websites

- Common standard across government agencies, with each agency able to tailor its requirement - Common minimum standard for all schools and

libraries, with each school and library able to tailor the filtering as required

(20)

20 Supplier model - Potentially one provider per internet service

provider

- Mandated service. Could be the Core Network service supplier, the Security management service supplier or Internet Commodity service supplier Service metrics - Fault restoration times, 7x24 very high availability,

productive use measures, rate of false positives & false negatives

Likely term - 3 to 5 year contract with extension options Change from NT II - Small changes

4.1.4 Security - Authentication & Authorisation service

(AAS)

Overview - Provision of Active Directory, LDAP, SAML 2.0, OAuth, OpenID & other authentication services to authenticate users & authorise access to NT III (internally & remotely), government email, VOIP & over time other ICT services

- Will utilise a meta directory

- The data for the meta directory will be sourced from agencies, data feeds need to be changed as required, and are likely to include agency Active Directories, HR systems or their own identity management service

- Requires the ability to link with other external identity services and external services, such as cloud services

- Initial use of the service is expected to include access to the data network (including Wi-Fi and remote access), whole of government email, and telephony. Over time this is likely to expand to include a range of government ICT services. - May include provision of the Government x.500

Directory Service (GDS) - www.directory.tas.gov.au

- Desirable that the service be housed in the Government’s NT III contracted data centres Supplier model - Single supplier, mandated service. Expected to be

the Network Core service supplier, the Security management service supplier or the LAN services supplier

(21)

21 Service metrics - Fault restoration times, 7x24 very high availability,

productive use measures Likely term - To be decided

Change from NT II - A new service (The GDS is an existing service. The current email, telephony and Wi-Fi services have their own authentication services.)

4.1.5 Customer care centre service

Overview - Deliver a contemporary help desk service that provides extensive range of functionality.

Electronically accessible to customers, self-service with comprehensive reporting on various

activities including status of Service Requests & Incidents, response & resolution times & service escalation. Knowledge base capability

Supplier model - Single supplier, mandated service. Could be supplied by the Network Core service supplier or by a single, specialist service supplier

Service metrics - Contactable 7/24, delivery, response &

completion metrics, escalation services, speed of answer & response. On-line reports

Likely term - 3 to 5 year contract with extension options Change from NT II - Same or changed service

4.1.6 Data Centre & NT III - core interconnect service

Overview - Redundant high speed network services

connecting all contracted NT III data centres, to create a virtual NT III Network Core

Supplier model - Single supplier, mandated service. Could be supplied by either the Network Connection service supplier or the Core Network service supplier

(22)

22 Service metrics - Fault restoration times, 7x24 very high availability

& productive use measures, latency

Likely term - 3 to 5 year contract with extension options Change from NT II - New service

4.2 Data Centre and Infrastructure as a

Service (DCaaS & IaaS)

4.2.1 DCaaS and IaaS

Overview - Provision of serviced, secure managed racks Supplier model - Multiple suppliers, multiple sites

- Mandated service

Service metrics - Fault restoration times, 7x24 very high availability & productive use measures

Likely term - Up to 5 year contract with extension options Change from NT II - Likely to be minimal changes in the SLAs

4.2.2 IaaS

Overview - Range of services to host government computing & storage requirements. It is anticipated that Agencies will migrate to the new services over a three year period

- In mid-2013 it was estimated agencies had approximately 1,700 to 2,000 virtual & physical machines & 1,500 terabytes of storage. These figures include test, development, production, secondary, & backup services

- The service is to be housed in the Government’s NT III contracted data centres

- Will also include related ICT services (backup, specialist hardware, hosting etc)

(23)

23 Supplier model - Multiple suppliers

- Mandated service

Service metrics - Fault restoration time, 7x24 very high availability, productive use measures & provisioning times Likely term - 3 to 5 years with extension options

Change from NT II - Increased scale & breadth of services

4.3 Internet commodity services

Overview - Provision of internet download services

- The Department of Education has downloaded an average of 42Tb per month to date in 2014 with a peak month of 65TB. The download is growing at around 40% per annum.

- For the same period, corporate government has downloaded an average of 28TB per month (with a peak month of 30TB). The download is growing at around 30% per annum.

Supplier model - Multiple suppliers, one for education sector & one for the rest of government

- Mandated service

Service metrics - Fault restoration time, 7x24 very high availability & productive use measures

Likely term - 2 year contract with extension options Change from NT II - Likely to be minimal changes

(24)

24

4.4 Connection services

Overview - Provision of:

o Physical carriage connection services from government sites throughout Tasmania to the NT III core

o LAN extension services connecting government sites in a local area, current services include fibre & wireless technologies. o Fibre services connecting government sites to

each other & the NT III core

- Over 950 connection services as at 2014 - Bandwidth ranges from 512kbps services to

10 gigabit ethernet services, employing xDSL, GWIP, TTLS, Layer 2, Dark Fibre, 3G, 4G & NBN wireless underlying technologies

- Suppliers will utilise a range of technologies & services, including underlying NBN services. The NBN will increase the reach & range of high speed broadband services available to customers Supplier model - Multiple suppliers

- Mandated service

Service metrics - Fault restoration times, variable service availability, connection speed, productive use measures, provisioning times

Likely term - 2 to 3 years with extension options Change from NT II - Likely to be minimal changes

(25)

25

4.5 In-building services

Overview - Management of LAN equipment, either as a fully managed service, including provision of LAN switching equipment, or management of agency owned equipment

- Includes wired & Wi-Fi services

- From June 2013 most agencies have purchased LAN equipment via a managed panel contract for Extreme, HP, CISCO & Juniper equipment - Agencies have procured managed services via the

NT managed Wi-Fi service which utilises CISCO access points

Supplier model - Potentially multiple suppliers for LANs; single supplier for Wi-Fi

- Mandated service (but likely to remain primarily in-sourced for some time)

Service metrics - Fault restoration times, service availability & productive use measures, connection speed, provisioning times

Likely term - 3 year contract with extension options

Change from NT II - Management of LAN equipment is a new service offering. WiFi services were introduced in 2013.

4.6 Optional services

Overview - Suppliers may be invited to offer additional, optional services, related to their ‘primary’ service Service metrics - To be determined

Likely term - As per the supplier’s ‘primary’ NT III service contract(s)

Change from NT II - To be determined

(26)

26

APPENDICES

Appendix A – NT II overview

A.1 Services overview

The current NT II arrangements have, over time, facilitated the provision of data network and associated specialised ICT services to support a broad range of the Government’s business needs. These services include: • A highly available and redundant network core to support the secure

carriage and switching of all data transmitted to and from all Government sites in the course of transacting electronic business with other staff, agencies, clients and external parties.

• 950+ sites connecting to the network core via fixed broadband services. • Remote access and mobile connections enabling staff to access electronic

resources from any non-government location and also supporting telemetry functionality (school signs, traffic signs, water metering etc). • Internet download services, delivered via two discrete feeds, for the

education and the corporate government sectors respectively.

• Off-site data centres, for hosting and aggregation of business applications, computing equipment and services within specialised, highly available and secure facilities.

• Systematic scanning, inspection and filtering of the huge volumes of data traffic entering the government domain in order to assure the security, integrity and availability of government’s critical information assets. • The new government-wide Wi-Fi service, currently providing over 3,000

universally available network access points at corporate sites and schools across Tasmania.

A.2 Business model overview

The business drivers of NT II are to:

• Provide wide area data connectivity between agency sites

• Be able to grow without injection of government capital funds or increased numbers of staff

• Utilise network-as-a-service, and not technology-based purchasing The business model used to deliver this is based on:

• Multiple suppliers providing competitive tension and contestability • Limited trust between government agencies, with each agency having its

own secure network

• A security model based on physical location and government agency

(27)

27 • Shared applications being the exception

• All services delivered under NT II being based on a defined service requirement as opposed to a specific technical description

The NT II purchasing model involves government agencies purchasing directly from the NT suppliers in most cases, with a single invoice for all services rendered to each customer / agency. There is no single government agency that purchases, and then re-sells, all services on behalf of the others (except where TMD is the customer for the NT core services. TMD then re-bills the agencies for their proportionate use of the core).

A.3 Who are our NT II suppliers?

The current NT II suppliers and the services that they deliver are:

Supplier NT II services provided

Telstra

www.nettas.com

- NT II core services

- Network connection services (including NBN)

- Internet service (corporate sector) - Data centre services

- Government Wi-Fi services TasNetworks

www.tasnetworks.com.au/industry-

and-development/telecommunications

- Network connection services (including NBN) & fibre connection services

- Data centre services

iiNet

www.iinet.net.au/business/nettas

- Network connection services (including NBN)

TasmaNet

www.tasmanet.com.au

- Data centre services - Network extension services

AARNet

www.aarnet.edu.au/ - Internet service (Education sector)

Anittel

www.anittel.com.au - Infrastructure as a Service (IaaS)

(28)

28

A.4 Who are our NT II customers?

The entities who are eligible to be NT II customers are: Customer

group Description

Government departments

Government Departments and other inner-budget Agencies are required to purchase services from the NT II agreements in accordance with the relevant Treasurer’s Instructions

State

government organisations

Other government organisations, including Tasmanian Authorities, local councils and government business

enterprises, are eligible. www.service.tas.gov.au/GovOrgs/ and

www.service.tas.gov.au/GovOrgs/local

Non-government customers

Other organisations providing services to the community, such as private schools and hospitals, may be eligible in some cases

A.5 How much is spent on NT II?

Total expenditure under the NT agreements has grown from approximately $6 million in 1998-99 to around $16 million in 2013-14. Key customers (Departments) currently consume around 80% of NT II services, at a price commensurate with that level of consumption.

A.6 Current NT II activity

All NT arrangements are structured in such a way as to facilitate the introduction of new and improved services throughout the term of the current contract life-cycle. In this way, the range of services that any supplier is contracted to provide may be enhanced, replaced or retired as the case may be, subject to Government approval.

It is intended that all NT III arrangements will continue to be structured in such a way as to enable this process of service improvement to continue. The contract covering the NT II network core service was recently extended for a period of 2 years from May 2015 in order to assure that the increased current demand for Internet download services can continue to be

accommodated.

(29)

29

Appendix B – NT II statistics

Information current as at 28 October 2014 Number of customers _{• 14 anchor customers (agencies and GBEs)}

• 45 non-anchor customers (other eligible entities)

Connections to sites _{• Approx. 1,021 customer Local Area Network (LAN) sites are connected to the Network Core}

Mobile connections • 4,937 connections for 20 customers, including telemetry services (e.g. school signs, water management), health workers & police

Remote access (Via Internet ) • 616 services for 35 customers, providing remote access via secure Internet VPN

Wi-Fi connection points • 2,944 Wi-Fi connection points for 9 customers, including 256 DOE sites (schools, libraries, LINC), providing seamless and wireless connection to agency network services and Internet

Whole of Government

Directory service • Provides contact and organisational information about government functions and employees for more than 30,000 entries, both within government and externally. • Approx. 160,000 searches in September 2014, and an average 158,000 searches per month since 2007 Email support services _{• Includes monitoring for SPAM, virus scanning, backup and storage. In September 2014, there were 5.7 million}

inbound emails, 3.2 million outbound emails, and 2.4 million emails blocked

Internet connectivity • Average 69 terabytes (TB) of Internet data downloaded monthly. DOE consumes 60% and corporate government consumes 40% of the download. The download rate is increasing by 30% to 40% annually • High availability for all customers provided by Telstra, and lower availability for schools provided by AARNET Security Services _{• Internet security monitoring, Content Filtering, Firewalls , external gateways -e.g. secure access to Australian}

Government agencies

Dark Fibre network Hobart • 45 sites across the Hobart area are supported by dark fibre connections between Government offices and local data centres

IaaS (Infrastructure as a

Service) • Purchased capacity of 128 “Units of Compute” replacing physical servers in agencies : _{• Equivalent to264GHz of compute, 816GB of RAM & 27TB of storage} • 5 agencies now utilising the IaaS platform

Data centre hosting • 3 Data centre providers (Aurora, Telstra and Tasmanet) over 5 sites Domain Names • Management of internet domains and websites

• 448 domain names tas.gov.au

(30)

NEXT STEPS

The Government expects to operate to the following events and timeline. Release of this pre-tender consultation paper and commencement of

market consultation 14 November 2014

Finalisation of new Government ICT Security Framework Q2 2015 Commencement of procurement activities, to be advertised via the

Tasmanian Government Tenders website www.tenders.tas.gov.au 2015 & 2016 For information on how you can participate, please refer to Section 1.4 of this pre-tender consultation paper.

TMD, Department of Premier and Cabinet Level 9, 22 Elizabeth St, Hobart, TAS, 7000

Phone: 03 6166 3111 Email: [email protected]

PRE-TENDER CONSULTATION

TASMANIAN CLOUD

NETWORKING TASMANIA

PRE-TENDER CONSULTATION

November 2014

CONTENTS

MINISTER’S

FOREWORD

1. LOCAL ICT SECTOR

PRE-TENDER CONSULTATION

1.1 Purpose

1.2 Important note

1.3 Focus of pre-tender consultation

NT III DISCUSSION POINTS

1.4 How to participate

2. VISION AND OBJECTIVES

2.1 Tasmanian Cloud Policy

2.2 Vision

2.3 Key objectives

2.4 Delivery method

3. WHAT WE THINK NT III WILL LOOK LIKE

3.1 High-level network architectural models

3.2 NT III business model

3.3 Security model

3.4 Procurement model

3.5 Transition model

3.6 Network addressing (DNS and IPv6)

4. DETAILED DESCRIPTION OF

SERVICE GROUPS

4.1 NT III core service group

4.1.1 NT III network core service

4.1.2 Security - Management services

4.1.3 Security - Internet filtering

4.1.4 Security - Authentication & Authorisation service

(AAS)

4.1.5 Customer care centre service

4.1.6 Data Centre & NT III - core interconnect service

4.2 Data Centre and Infrastructure as a

Service (DCaaS & IaaS)

4.2.1 DCaaS and IaaS

4.2.2 IaaS

4.3 Internet commodity services

4.4 Connection services

4.5 In-building services

4.6 Optional services

APPENDICES

Appendix A – NT II overview

A.1 Services overview

A.2 Business model overview

A.3 Who are our NT II suppliers?

A.4 Who are our NT II customers?

A.5 How much is spent on NT II?

A.6 Current NT II activity

Appendix B – NT II statistics

NEXT STEPS