Google Cloud Lite No DR
Total Page:16
File Type:pdf, Size:1020Kb
Level-1 IT Support Messaging Service Provider Enterprise Architecture Diagram Messaging Services Enterprise Level-2/3 IT Support Google Messaging and Adjunct Services (GMAS) 727 Logging Blackberry 727 Server and Associated Storage supporting GMAS 413 SMTP Relay Support Handles all COV SMTP relay requests from 3rd Party apps and multifunction devices ????? 413 GMR01 GMR02 GMR03 ????? Veritas EV.Cloud ????? On-Premise Portion 727 Hosted Mail Archiving ????? All servers listed are virtual. (HMA) GMAS has infrastructure in the COV based datacenter. Server infrastructure including the associated storage used to support the Google Load Balancer Custom VITA Log Application Server Messaging and Adjunct Services are provided by LAP04201 (Syslog) the Server Services Supplier. As part of that service, storage is included. Custom app created for VITA to log various events within the G Suite environment by utilizing Google’s Reports API. App uses both Google Cloud Platform (GCP) and on an on-premise server. Atos Server where TN FTP’s SIEM data in Syslog format. Email Data Loss Prevention (EDLP) AirWatch Cloud Mobile Devices Load Balancer Unified Communication (UC) Management Email Encryption 727 Messaging Service X.X.77.91 727 Integrated unified messaging and communication services integrated with G-Suite and existing Cisco 727 Workspace ONE communication system. Unified Endpoint CloudLink provisions and disables users. Management (UEM) SaaS Cloud CloudLink Service Platform Servers for AD User Sync VM’s – W2008 R2 TCP 443 / 2001 Directory Integration Servers to COV All servers listed Currently in VAR submission stage. COVMSGCES-ACC1 COVMSGCES-ACC2 are virtual. AD Acct Sync CoV L AD Acct Sync CoV COVMSGCES-APL02 COVMSGCES-APL07 COVMSGCES-APL11 COVMSGCES-APL16 COVMSGCES-APL06 GMAS COV Users and VITA Agencies All servers listed are virtual. COVMSGCES-APL03 COVMSGCES-APL08 COVMSGCES-APL17 Email Data Loss Prevention (EDLP) Virtru Email Encryption Directory Integration Servers for DSS Virtru Data Protection (VDP) Platform COVMSGCES-APL12 413 COVMSGCES-APL04 Messaging Mailbox ADD-ON COVMSGCES-APL15 rd 3 Party Google-based App COVMSGCES-APL18 COVMSGCES-SM1 COVMSGCES-SM2 COVMSGCES-SM3 COVMSGCES-SM4 COVMSGCES-SM5 COVMSGCES-SM6 COVMSGCES-APL10 OUD Acct Sync DSS L OUD Acct Sync DSS Unused Server ??? ??? ??? COVMSGCES-APL05 Mobile Users DARS / DRS COVMSGCES-APL09 COVMSGCES-APL19 Media Application Gateways rd Load Balancer COVMSGCES-APL13 3 Party Applications App Tunnel Servers COVMSGCES-ATS1 X.X.71.76 TCP 80 / 443 / 636 Tunneling V2 / 12 VMware OVA COVMSGCES-MAG2 COVMSGCES-MAG1 COVMSGCES-ATS2 App Tunneling Proxy App Tunneling Proxy Tunneling V2 / Mail Sync; Calendar Sync; Contact Sync Secondary – x.x.11.132 L Primary – x.x.11.131 L VMware OVA Virtru Client – Dashboard Virtru Client – Secure Reader Multifunction Devices End-2-End Encryption Optional add-on to Google’s Messaging Mailbox. ESNA Officelinx for G-Suite Fax 413 413 TDM 413 VITA’s VoIP Secure Socket Layer Service and Voice Messaging Systems Faxing, Fax to Email, and Voicemail to Email 727 TCP 80 / 443 / 2020 / 8443 727 Google Suite – G-Suite CTI Integrates with G-Mail Up to 59,000 COVA executive branch CUMI access licenses procured ESNA1 ESNA3 ESNA2 ESNA4 CUPI SIP Trunk (REST API) VoIP / Fax Google Calendar Messaging Mailbox All servers listed are virtual. Google G-Mail Logging Enterprise Handheld Services (EHS) Google Hangouts Meet Google MDM Video Conferencing 269? Cloud IronPort Email Security Mobile Device Management (MDM) 197? Appliance (ESA) Server Up to 25 users (Basic) 50 users (Enterprise) simultaneous 113? Virus and Spam Filtering conference sessions. Okta Enterprise Identity Management Solution. Identity and Access Management Solution Single-Sign-On (SSO); Multi-Factor Authentication; Universal Directory https://hangouts.google.com Google Cloud Platform (GCP) Federated users sign in with Okta. 727 virginia.gov.okta.com Lite Virus and spam Filtering only 727 Google Vault Cisco IronPort Hosted Mail Archiving No DR Security Appliance Messaging Archive Service P 443 / 80 TC ESA Server Cloud Storage Transport Layer Service 1.2 Data Protected in Transit by FIPS 140-2 level 2 validated. Google Hangouts Chat WAP03923 Backup Instant Messaging Enabled by VITA CSRM Security Exception Only – not App Engine Multifactor Authentication Up to 100 people in group turned on for all users in the domain. Currently being discussion. used on a limited basis for calendar attachments by WAP03934 WAP03935 agencies that have signed a waiver. Drive is currently Pub / Sub Primary on in the following domains due to agency requests: ALTFA, CSA, DARS, DBVI, DCR, DGIF, DGS, DHCD, DHP, DHR, DJJ, DMV, DOAV, DOE, DPB, DRPT, DSBSD, GHP, GOV, JYF, TAX, TRS, VBPD, VDACS, VDDHH, VDEM, CDOT, VFHY, VITA, VMFA, covdsldap.cov.virginia.gov G-Suite Administrator Console VMNH, VSP, and WWRC. LDAP Secure SSL 636 Google Drive File Sharing, Collaborations, and 413 Collaborative Editing 0 43 / 8 727 Google Cloud Directory Sync (GCDS) 413 25 / 4 TCP = Single point of messaging failure assessment Primary WAP03922 Backup WAP03923 COV Active Directory (AD) System Roles and Custom Roles Already operational on premise. User identities managed on = Other VARs premise. COV Directory Services LDAP Server All servers listed are virtual. COV AD Domain Controllers used by CloudLink RK-1 - What DR is available for the CESC block of my messaging diagram? = VAR-413 COVENICES-ADC80 COVENICES-ADC81 Dave Brackins: They are NOT/NOT subscribed to DR. Still waiting to hear back from COVENICES-ADC82 COVENICES-ADC83 TN on their DR plan. = VAR-727 Google Domains Dave Brackins: I know TN is having issues with their SSP, and they have DR as part of that. 727 COVENICES-ADC84 COVENICES-ADC85 Let me follow up with them and I’ll get back to you. Cloud-based. No CoV = Virtual Machine (VM) Dave Brackins: It seems TN is pointing to Unisys for all server issues. Trying to confirm infrastructure. Config Settings; now. Core Services; User Accounts Dave Brackins: CESC Servers Tempus Nova Updates 1-31-2019 (002)_fm-Dave-Brackins- Google Cloud L = Logging Server Mar-7-2019-1019-email.xlsx Google.Virginia.Gov = Custom Coded Symbol VITA Draft Discussion Document // REV – Mar 20, 2019 Robert Kowalke ~ Enterprise Architecture ~ [email protected] PURPOSE: To depict the VITA messaging enterprise in support of leadership decision making. Benefits to the COV and VITA program is a consistent enterprise service offering that will meet agency requirements for messaging services. TempusNova (TN) and Google provide flexible and highly collaborative platforms to increase COV user productivity, provide flexible and secure options for configuration, and allow the COV to significantly reduce messaging costs. By deploying a Google Relationship Management & Governance (RM&G) @ Virginia Information Technologies Agency (VITA) Commonwealth Enterprise Solutions Center (CESC) solution, COV resources can be allocated away from email system maintenance to more business critical applications, which will change the way information is shared and decisions are made. The MDM environment is a hybrid cloud configuration with components hosted in the VMware SaaS cloud and in VITA’s datacenter. As of Mar 20, 2019: 1) Overall diagram accuracy is assessed at 95%; 2) Overall diagram completion is assessed at 98%. Architectural Artifacts/Graphs/Views/Matrices/etc. reference page: http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap35.html • Microsoft Active Directory (AD) – Unisys understands that VITA has an internal and external directory structure. Unisys will manage both directories. • Google Vault – aka Hosted Mail Archiving (HMA) – is an enterprise-wide messaging archiving service solution allowing any customer subscribed to Unisys Clarified Response RFP 2017-04-E-mail 1-02.3.1 Exh (Solution - Server Storage Data Center) 20180125__Jan-29-2018.docx. In general a network Messaging Mailbox to archive all inbound and outbound emails. The messaging archiving service is an enterprise-wide solution that allows any directory service is a database composed of records or objects describing users and available network resources, such as servers, printers, and applications. customer subscribed to Messaging Mailbox to archive all inbound and outbound emails. This solution includes storage for all mail archives for a period A directory service can be used to specify who has the right to log on to a computer or restrict what software can be installed on a computer. Making of determined by the customer's retention policies. There is no storage limitation with Google Vault. To be eligible for this service, users must be sure the directory service is structured and designed correctly before using it is critical. Windows Active Directory became part of the Windows family of subscribed to a 30GB or unlimited mailbox. https://support.google.com/vault/answer/2462365?hl=en The Hosted Mail Archiving (HMA) solution is server OSs starting with Windows 2000 Server. You can structure Active Directory and organize the objects representing users and resources in a way that known as Google Vault. Can only be accessed via an Internet Browser. Automatically archives all incoming and outgoing emails from the Google makes the most sense. Active-Directory-AD-Intro_Chap-3_Nov-25-2008.pdf. Gmail Enterprise mailbox, or for users who have purchased a Google Vault license without user interaction. Agencies can elect to subscribe to G Suite Basic if they do not want to utilize the Google Vault Option. G Suite for