NETWORK AND IT INFRASTRUCTURE WAN DESIGN CRA MODERNIZATION PROJECT Commercial Registry

February 15, 2010 This publication was produced for review by the United States Agency for International Development. It was prepared by Pedro Valdes.

NETWORK AND IT INFRASTRUCTURE WAN DESIGN CRA MODERNIZATION PROJECT Commercial Registry

TECHNICAL ASSISTANCE FOR POLICY REFORM II CONTRACT NUMBER: 263-C-00-05-00063-00 DELOITTE CONSULTING LLP USAID/ POLICY AND PRIVATE SECTOR OFFICE FEBRUARY, 2010 AUTHORS: PEDRO VALDES

DISCLAIMER: The author’s views expressed in this publication do not necessarily reflect the views of the United States Agency for International Development or the United States Government.

CONTENTS

1.0 INTRODUCTION ...... 1 1.1 Purpose ...... 1 1.2 Assumptions ...... 1 1.3 Intended Audience ...... 1

2.0 DATA CENTER COMPONENTS ...... 3 2.1 System Infrastructure Components ...... 3 2.1.1 Storage Area Network ...... 3 2.1.2 Blade System ...... 3 2.1.3 Other Equipment ...... 3 2.2 Security Infrastructure Components ...... 4

3.0 BRANCH OFFICES COMPONENTS ...... 5

4.0 WAN INFRASTRUCTURE ...... 6 4.1 Introduction ...... 6 4.2 Definitions ...... 6 4.2.1 Leased-line Service ...... 6 4.2.2 Frame-relay Service ...... 6 4.2.3 Virtual Private Networks ...... 7 4.2.4 Intranet ...... 7 4.2.5 Firewall ...... 7 4.2.6 Remote Access ...... 8

5.0 CRA WAN TOPOLOGY ...... 9 5.1 Frame Relay Services ...... 9 5.2 ADSL Services...... 11 5.3 Remote Offices Bandwidth Requirements ...... 12 5.4 Data Center Bandwidth Requirements ...... 16

6.0 DATA CENTER SETUP ...... 17 6.1 Data Center Equipment Setup...... 17 6.2 Data Center Racks Setup ...... 18

Technical Assistance for Policy Reform II i CRA IT Application Development

AUTHORS

Pedro Valdes, Manager Deloitte Consulting LLP Technical Assistance for Policy Reform II 8 El Sad El Aali Street, 18th Floor Dokki, T: +2 02 335 5507 F: +2 02 337 7684 M: +2 010 600 4679 [email protected]

Date Document Document Revision Description Document Author Version 01/26/10 1 First Draft Pedro Valdes

Approval Approved Approver Role Approver Date Version

Technical Assistance for Policy Reform II ii CRA IT Application Development

1.0 INTRODUCTION The Government of Egypt has developed a long-term commitment to improve economic performance. The policy reforms are designed to promote investment, attract foreign investment and create new employment opportunities. In this respect, the Ministry of Trade and Industry is concerned with establishing only a Single Registry for Commercial Registration (CRA), General Organization for Import and Export Control (GOEIC) and the Industrial Development Authority (IDA) to support the one window concept.

As part of the Component E: “Facilitating Services for the Private Sector” of the USAID Funded Egypt TAPRII engagement the modernization of the Commercial Registry (CR) is an essential part of the efforts to help Egypt’s enterprises increase their competitive position.

1.1 Purpose The purpose of this document is to document the WAN Infrastructure of the Commercial Registry Offices for the implementation of the new Unified Commercial Registry IT Application. 1.2 Assumptions The following assumptions are taken into consideration in the design of the new WAN Infrastructure of the Unified Registry:

 The CR Branch Offices, GAFI Offices and CoC Offices will have a Juniper UTM Router SSG20

 Each branch office will have a dedicated secure channel (IPSec, VPN) connected to the Data Center Office

 Fixed public IP addresses will be assigned to the WAN interface of each router. The establishment of each secure IP Tunnels between Data Center and Remote Offices depend on such fixed IP Schema/Distribution.  Connectivity to the branch offices will be provided by the Ministry of Communication and Information Technology (MCIT).  The National Management Institute will be responsible for the Administration, Configuration and Monitoring of the CR WAN Infrastructure 1.3 Intended Audience Managers and Technical Staff within the Commercial Registry Authority and those individuals responsible for IT security at system and operational levels can use the principles presented in this document. This description includes the following personnel:  Managers responsible for overseeing IT operations or business processes that rely on IT systems  System administrators responsible for maintaining daily IT operations

 Information System Security Officers (ISSOs) and other staff responsible for developing, implementing, and maintaining an organization’s IT security activities

Technical Assistance for Policy Reform II 1 CRA IT Application Development

 System engineers and architects responsible for designing, implementing, or modifying information systems  Other personnel responsible for designing, managing, operating, maintaining, or using information systems.

Technical Assistance for Policy Reform II 2 CRA IT Application Development

2.0 DATA CENTER COMPONENTS For informational purposes, the equipment procured for the Data Center is described in this section. It provides for expandability, reliability and full redundancy at each layer. 2.1 System Infrastructure Components 2.1.1 Storage Area Network A 4GB Fibre Channel Dual Controller Modular Smart Array with an initial capacity of 2TB as standalone storage and a maximum expandable capacity of 14.4TB in a RAID 5/10 set with 14x146GB 3G 15K rpm 3.5 inch Dual-port SAS Hard Disk Drives 2.1.2 Blade System Two Blade System Enclosures that accomodates currently a total of ten (10) blade servers to host the different system components as follows:  ARABDOX Servers (2 HP Proliant BL480c Server Blades, p/n 404707-B21): The ARABDOX servers host the workflows engine and the document management system (ARABDOX Third Party Software). It is recommended to connect the Centralized Storage Array to the ARABDOX Servers using a fiber channel configuration. The ARABDOX server will be configure as a two nodes cluster (A/P).

 MS SQL 2005 Database Servers (2 HP Proliant BL480c Server Blades, p/n 404707-B21): For maximum performance, the Centralized Storage Array is connected to the database servers using a fiber channel configuration. The Database Server is configured as a two nodes cluster (A/P).

 Web Application Servers (2 HP Proliant BL480c Server Blades, p/n 404707- B21): The web application Server is the server where the Commercial Registry System executable is stored. The Web Application server is configured as a two nodes load balanced cluster (A/A).

 Primary Domain Controller and Backup Domain Controller (2 HP Proliant BL460c Server Blades, p/n 447707-B21): The Primary Domain Controller (PDC) server will use Active Directory to manage users and to grant access to a number of computer resources within the domain. The PDC Server will use the Backup Domain Controller (BDC) server for high availability. The PDC Server will not share the centralized Storage Array.

 Deployment Testing and Training (2 HP Proliant BL460c Server Blades p/n: 4477707-B21): The Deployment/Training Database server will have a similar configuration as the Production Database Server and will be used for testing of pre- production releases of the CRA IT application. Also the server will be used for training purposes.

2.1.3 Other Equipment  Standalone Backup Server – HP DL360R05 p/n 399524-B21: 4GB FBD PC2-5300 2x2GB kit, 3x146GB 10k 2.5 SAS HP SP HDD, HP Slim 8X/24X DVD-ROM Drive, HP P400i Controller, HP FC1242SR 4Gb PCI-E DC HBA. The Veritas Backup Exec 12.5 Software, which is part of this solicitation, will be installed on this server.

 Tape Library: HP 1/8 G2 Ultrium 920 SAS Autoloader p/n AH558A

Technical Assistance for Policy Reform II 3 CRA IT Application Development

 Racks: Two HP Universal 10642 G2 Shock Racks p/n: AF002A

 UPSs: Two APC-Smart UPS 5000VA RM 230V p/n: SUA5000RMI5U

 KVM Switch: HP TFT7600 US Rackmount Keyboard and 17” Monitor p/n: AG052A

2.2 Security Infrastructure Components The security appliances selected for the Data Center are as follows:  Perimeter Routers UTMs: Two Juniper Networks SSG-550M-SH Firewall/IPSec VPN Security Appliances

 Data Center Firewall: Two Juniper Networks ISG1000 with IDP

 Headquarters Switches: Two Juniper EX 4200 24T Ethernet Switch 24x10/100/1000BaseT

 Security Management Platform: One Juniper NS-SM-A-BSE NSMXPress Appliance Base System

Technical Assistance for Policy Reform II 4 CRA IT Application Development

3.0 BRANCH OFFICES COMPONENTS The branch offices will be equiped with a  Branch Offices Firewall: 84 Juniper UTM SSG20 Appliances

 Average of 5 Clients per Office

Technical Assistance for Policy Reform II 5 CRA IT Application Development

4.0 WAN INFRASTRUCTURE

4.1 Introduction The best Corporate Network solution is the one that links LAN’s under the existing infrastructure with frame-relay, leased-line and Virtual Private Networks (VPN) connections.

The deployment of modern network devices that provides extensive management reporting and control is the most important requirement in the design of a WAN enterprise solution. The firewall, Web site and any other services like e-commerce are highly technical and important, so that in an environment where IT resources are scarce, the management should consider to outsource them.

Connection strategies are only one part of the story. `The perfect corporate network has a network management system in place that can receive reports in the Simple Network management Protocol (SNMP) from internal network devices and the vendors contracted services. This allows access to graphical reports on the health of the entire network, perform real-time monitoring of devices, and receive alerts to potential problems. The network management system also provides Web access to each station an lets monitor network devices remotely via a browser.

In addition to standard network services, corporate network may also provide newer services such as voice or fax over IP, which allows for long-distance calls and fax transmission over the internet, avoiding related telephone charges.

4.2 Definitions In order to better understand the CRA selected WAN Infrastructure the following definitions will be used to analyze advantages and/or disadvantages of the different connection strategies.

4.2.1 Leased-line Service Lease-line service is the best choice for connecting LAN’s, which are not more than 80-100 Km. apart. Telephone companies offer point-to point circuits that provide connection speeds ranging from 64Kpbps to over 45 Mbps. This leased-line are typically leased as fractional T1 channels (64 Kbps), T1 channels (1.544 Mbps), or T3 links (45 Mbps).

Leased-lines can be expensive because the service is both distance and bandwidth- sensitive, which means that payments are calculated base on the distance and the amount of bit’s transferred.

4.2.2 Frame-relay Service Frame-relay Service provides the T1 speeds of a leased line but at a flat rate, making it a much more cost effective solution. A frame-relay Service divides information into frames of data that it transmits using packet-switching technology. The method is flexible, because the frames can be any size, can include any protocol-control data, and can transmit any network protocol. Frame-relay takes full advantage of T1 speeds by reducing unnecessary overhead on each frame of data. And because frame-relay transmits data in bursts and uses bandwidth only when actively transmitting frames, it can be more efficient than leased lines.

Technical Assistance for Policy Reform II 6 CRA IT Application Development

LAN’s typically access a frame relay network at 1.5 Mbps via a short leased line. The contract with a frame-relay provider is based on specific levels of bandwidth.

4.2.3 Virtual Private Networks Virtual Private Networks links the LAN’s via an internet connection. It is often the most cost- effective method for connecting remote offices. VPN software encapsulates network packets, then securely tracks and delivers them via TCP/IP. Since many systems place high tariffs on calls, VPN’s provides direct cost savings.

To guarantee bandwidth and provide the most stable connection, the best approach is to connect to the internet via leased line to a local ISP. This approach also provides a fast internet connection to the users. VPN software is available for a variety of hardware devices, such as a router, NOS server, or as part of a firewall. An other option is to use a VPN service. Another consideration to optimize performance is to use two similar devices or schemes between VPNs.

A VPN can also be used to create an extranet connection between the LAN’s and external agents, or to provide remote access to the corporate network.

4.2.4 Intranet A corporate intranet provides a host of services to the organization. For instance, a intranet web server is a handy and economical tool for publishing within the organization and is accessible by anyone with a Web browser.

To grant server access to selected external clients, an extranet can be created by letting those users connect to the intranet using a remote-access server or a leased line with a router. TCP/IP-based e-mail and discussion software overcomes preferences in operating systems and software preferences in client computers. But TCP/IP brings its own requirements, including a Domain Name Server (DNS) and IP-addressing scheme such as the Dynamic Host Configuration Protocol (DHCP).

DNS and DHCP have become such an integral part of network operation that many organizations have implemented redundant servers. because TCP/IP gives anyone on the internet potential access to the corporate servers, a crucial part of the intranet is the firewall.

4.2.5 Firewall The simplest definition of a firewall is a system or a combined set of systems that creates a secure barrier between two networks. A firewall protects the servers by inspecting the destination and content off incoming network packets. The protection can be a piece of turnkey hardware, a function in a standalone router, or a capability included in software that is running on a special server. Firewalls come in many varieties as follows:

 Application-level: This type of firewall which looks for valid internet application-level data before allowing a connection. Traffic appear as if it originated from the IP address assigned to the firewall as opposed to the user’s IP address.

 Circuit-level: Circuit-level firewalls validate the connection at the session layer and probe for legitimate handshaking before opening a circuit. Data is sent over the circuit, and the circuit is torn down at the end of the session.

Technical Assistance for Policy Reform II 7 CRA IT Application Development

 Packet-filter: This variety of firewall inspects each packets to check if certain properties, such as an IP address, match a set of predefined rules. The packet is dropped or discarded if it doesn’t match.

 Proxy: This firewall acts on behalf of the user. The request is permitted or denied based on the rules for a user ort group of users. Typically, a proxy firewall will replace a host IP address with its own to hide legitimate addresses.

4.2.6 Remote Access Providing access to users from outside the network requires a remote-access service (RAS). Two comparable methods are direct call-in, which connects users via dial-up modems, and a virtual private network, which connects over the internet. Direct call-in provides superior reliability, and a VPN provides scalability and potentially lower cost for long-distance connections. There are two ways to create the direct call-in route, a standalone remote access server or the installation of multiport analog modems in a dedicated server and adding remote-access software.

Technical Assistance for Policy Reform II 8 CRA IT Application Development

5.0 CRA WAN TOPOLOGY The CRA Wide Area Network Infrastructure setup will use FRAME RELAY services to provide main connectivity from the remote offices to the centralized system. The CR Offices, GAFI Offices and CoC Offices will have a Juniper Router SSG20.  Each branch office will have a dedicated secure channel (IPSec, VPN) connected to the HQ Office  Fixed public IP addresses will be assigned to the WAN interface of each router. The establishment of each secure IP Tunnels between HQ and Branch Offices depend on such fixed IP Schema/Distribution.

The Diagram below depict the proposed CRA WAN Topology

5.1 Frame Relay Services The rationale for selecting Frame Relay as the CRA connectivity is based on the nature and characteristics of the Commercial Registry Authority infrastructure and the need to provide the most reliable services to protect the traffic between remote offices (including Headquarters) and the Data Center. The advantages of using Frame Relay over MPLS are as follows:

 More secure traffic since Service Provider (ISP) is providing Layer 2 Connectivity (Layer 3/IP Address Schema is not exposed to the ISP  Less delays for two reasons:

Technical Assistance for Policy Reform II 9 CRA IT Application Development

o No overhead for labeling o Less nodes to pass trough from source to destination as the ISP do not have label routing in each PoP  Simpler configuration Troubleshooting and there is no need for the ISP to participate in Troubleshooting IP problems (as long as links are up and running properly)

The Diagram (see next page) depict the proposed ADSL Backup Lines

Technical Assistance for Policy Reform II 10 CRA IT Application Development

5.2 ADSL Services ADSL services have been selected to provide Backup connectivity to selected offices to ensure continious operations if the main line (Frame Relay) goes down. Backup lines have been assigned to CR following the criteria listed below:  One Backup line for each main office within each Governorate (at least 16)  One Backup line for heavy traffic (workload) offices (7)  One backup line for each GAFI Office (4)  One Backup line for each Priority 1 office (9)

The Diagram (see next page) depict the proposed ADSL Backup Lines

Technical Assistance for Policy Reform II 11 CRA IT Application Development

5.3 Remote Offices Bandwidth Requirements Based on the available statistical information, the following parameters have been taking into account in the estimation of bandwidth requirements:  Average Customers per day and office

 Number of Users per office (Total number of users for future growth of computers in the offices)

 Concurrent users per office is calculated as:

CONCURRENT USERS = AVERAGE CUSTOMERS PER DAY/NUMBER OF USERS PER OFFICE

 A web page is equal to a section in any given application form

 Average number of sections per form is 15  Average size of a web page is 60 KB  The recommended fudge factor is 2

 The bandwidth is estimated as follows:

(EXPECTED WEB TRAFFIC) = (EXPECTED PAGE VIEWS) *(WEB PAGE SIZE) *(FUDGE FACTOR),

For reference, see CRA Connectivity Requirements.doc and CRA Connectivity Requirements.xls. The Diagram below depicts the required bandwidth for each office in the CRA WAN Infrastructure

Use the last column in the table below to upgrade or downgrade the bandwidth of offices if needed.

Upgrade Backup Time Estimated or # GOV # Gov Name Office # Office Name Priority Priority Bandwidth Downgrade to 1 0 Cairo 1 Headquarters 1 1 1 Mbps 1 Mbps

2 1 Cairo 2 Cairo Office 1 1 1 Mbps 1 Mbps

3 1 Cairo 3 South Cairo 0 1 512 Kbps 512 Kbps

4 1 Cairo 4 North Cairo 0 1 512 Kbps 256 Kbps

5 1 Cairo 5 GAFI Cairo 1 1 1 Mbps 1 Mbps

6 1 Cairo 6 CoC Cairo 1 2 1 Mbps 1 Mbps

7 1 Cairo 7 El 0 3 256 Kbps 256 Kbps

8 2 Giza 8 Giza 1 1 1 Mbps 1 Mbps

9 2 Giza 9 CoC Giza 0 2 1 Mbps 1 Mbps

10 2 Giza 10 El Saaf 0 3 256 Kbps 256 Kbps

Technical Assistance for Policy Reform II 12 CRA IT Application Development

Upgrade Backup Time Estimated or # GOV # Gov Name Office # Office Name Priority Priority Bandwidth Downgrade to 11 3 Hellwan 11 15th of May 1 2 512 Kbps 512 Kbps 6th of 12 4 12 1 2 256 Kbps 512 Kbps October CoC Shubra 13 5 Qalubeya 13 0 2 256 Kbps 256 Kbps al-Khaima 14 5 Qalubeya 14 CoC Banha 0 2 256 Kbps 256 Kbps

15 5 Qalubeya 15 Banha 1 3 256 Kbps 256 Kbps Shubra al- 16 5 Qalubeya 16 0 3 256 Kbps 256 Kbps Khaima 17 5 Qalubeya 17 Tookh 0 3 256 Kbps 256 Kbps

18 5 Qalubeya 18 Khanka 0 3 256 Kbps 256 Kbps Mahalla al- 19 6 Gharbeia 19 1 2 1 Mbps 1 Mbps Kubra 20 6 Gharbeia 20 Coc Gharbeia 0 2 256 Kbps 256 Kbps

21 6 Gharbeia 21 1 3 256 Kbps 512 Kbps

22 7 Port Said 22 CoC Port Said 0 2 256 Kbps 512 Kbps

23 7 Port Said 23 Port Said 1 3 512 Kbps 512 Kbps

24 8 Daqahleia 24 CoC Daqahleia 0 2 256 Kbps 256 Kbps

25 8 Daqahleia 25 Mansoura 1 3 512 Kbps 512 Kbps

26 8 Daqahleia 26 Aga 0 3 256 Kbps 256 Kbps

27 8 Daqahleia 27 Dekerness 0 3 256 Kbps 256 Kbps

28 8 Daqahleia 28 Meet Ghamr 0 3 256 Kbps 256 Kbps

29 8 Daqahleia 29 Sinbellawain 0 3 256 Kbps 256 Kbps

30 8 Daqahleia 30 El Manzala 0 3 256 Kbps 256 Kbps

31 9 Beni Suef 31 Beni Suef 1 2 256 Kbps 256 Kbps

32 9 Beni Suef 32 Coc Beni Suef 0 2 256 Kbps 256 Kbps

33 9 Beni Suef 33 Beba 0 3 256 Kbps 256 Kbps

34 10 Menia 34 Menia 1 2 256 Kbps 256 Kbps

35 10 Menia 35 Coc Menia 0 2 256 Kbps 256 Kbps

36 10 Menia 36 Melawwy 0 3 256 Kbps 256 Kbps

37 10 Menia 37 0 3 256 Kbps 256 Kbps

Technical Assistance for Policy Reform II 13 CRA IT Application Development

Upgrade Backup Time Estimated or # GOV # Gov Name Office # Office Name Priority Priority Bandwidth Downgrade to 38 11 Fayoum 38 Fayoum 1 2 256 Kbps 256 Kbps

39 11 Fayoum 39 Coc Fayoum 0 2 256 Kbps 256 Kbps

40 11 Fayoum 40 Ebsheway 0 3 256 Kbps 256 Kbps

41 11 Fayoum 41 Tameya 0 3 256 Kbps 256 Kbps

42 12 Sohag 42 Sohag 1 2 512 Kbps 512 Kbps Shared with 43 12 Sohag 43 Coc Sohag 0 2 256 Kbps Sohag

44 12 Sohag 44 Tahta 0 3 256 Kbps 256 Kbps

45 12 Sohag 45 Maragha 0 3 256 Kbps 256 Kbps

46 12 Sohag 46 Tama 0 3 256 Kbps 256 Kbps

47 12 Sohag 47 Kawthar 0 3 256 Kbps 256 Kbps

48 13 Qena 48 Qena 1 2 1 Mbps 512 Kbps

49 13 Qena 49 CoC Qena 0 2 256 Kbps 256 Kbps

50 14 Behaira 50 1 2 256 Kbps 256 Kbps

51 14 Behaira 51 CoC Behaira 0 2 256 Kbps 256 Kbps

52 14 Behaira 52 Kafr El-Dawar 0 3 256 Kbps 256 Kbps

53 14 Behaira 53 Rashid 0 3 256 Kbps 256 Kbps

54 14 Behaira 54 Kom Hamada 0 3 256 Kbps 256 Kbps

55 15 Ismailia 55 GAFI Ismailia 1 1 256 Kbps 256 Kbps

56 15 Ismailia 56 Ismailia 1 2 256 Kbps 256 Kbps

57 15 Ismailia 57 CoC Ismailia 0 2 256 Kbps 256 Kbps Tenth of 58 16 Sharqia 58 0 2 256 Kbps 256 Kbps Ramadan City 59 16 Sharqia 59 Zagazig 1 3 512 Kbps 512 Kbps

60 16 Sharqia 60 Ibrahimia 0 3 256 Kbps 256 Kbps

61 17 Asyut 61 GAFI Asyut 1 1 256 Kbps 256 Kbps

62 17 Asyut 62 Asyut 1 3 512 Kbps 512 Kbps

63 17 Asyut 63 Abo Teeg 0 3 256 Kbps 256 Kbps Kafr El- 64 18 64 Kafr El-Sheikh 1 2 256 Kbps 256 Kbps Sheikh

Technical Assistance for Policy Reform II 14 CRA IT Application Development

Upgrade Backup Time Estimated or # GOV # Gov Name Office # Office Name Priority Priority Bandwidth Downgrade to Kafr El- 65 18 65 Desouk 0 3 256 Kbps 256 Kbps Sheikh 66 19 66 Alexandria 1 1 256 Kbps 1 Mbps East of 67 19 Alexandria 67 0 1 1 Mbps 1 Mbps Alexandria GAFI 68 19 Alexandria 68 1 1 256 Kbps 256 Kbps Alexandria

69 19 Alexandria 69 Burg Al Arab 0 3 256 Kbps 256 Kbps Marsa 70 20 70 Marsa Matrouh 1 3 256 Kbps 512 Kbps Matrouh 71 21 Suez 71 Suez 1 2 256 Kbps 256 Kbps

72 22 North Sinai 72 Arish 1 2 256 Kbps 512 Kbps

73 23 South Sinai 73 Tour 1 2 1 Mbps 512 Kbps

74 24 Read Sea 74 Ras Gharib 0 3 256 Kbps 256 Kbps

75 24 Read Sea 75 Hurghada 1 3 512 Kbps 512 Kbps

76 24 Read Sea 76 Shalateen 0 3 256 Kbps 256 Kbps

77 25 Monofiea 77 Shebin El Kom 1 2 256 Kbps 256 Kbps

78 25 Monofiea 78 Menouf 0 3 256 Kbps 256 Kbps

79 25 Monofiea 79 Achmoun 0 3 256 Kbps 256 Kbps Berket El- 80 25 Monofiea 80 0 3 256 Kbps 256 Kbps Sabaa 81 26 81 Damietta 1 3 512 Kbps 512 Kbps

82 27 Aswan 82 Aswan 1 3 256 Kbps 512 Kbps

83 28 Luxor 83 Luxor 1 3 256 Kbps 256 Kbps

84 29 Wadi Gedid 84 El Dakhla 0 3 256 Kbps 256 Kbps

85 29 Wadi Gedid 85 El Kharga 1 3 256 Kbps 256 Kbps

Technical Assistance for Policy Reform II 15 CRA IT Application Development

5.4 Data Center Bandwidth Requirements The CRA Data Center will be connected to two different ISPs to ensure reliability of services. The estimation of total bandwidth requirement at the data center to connect to the ISPs has been calculated using the following formula: 푛=85 푇퐵퐷 = OBD 푛=1

The formula variables are as follows:

Variable Description

TBD Total Bandwidth n Total number of remote offices

OBD Remote Office Bandwidths

MF Minimum Bandwidth Factor

The number of connections per category is shown on the table below

Bandwidth Category # of Offices In Mbps

1 Mbps 9 9

512 Kbps 17 8.5

256 Kbps 58 14.5

Sharing other office 1 0

TOTALS 85 32

The minimum bandwidths for Main and Backup Lines are calculated below Minimum Bandwidth for Main Lines = Total Bandwidth * 0.7 = 32 Mbps * 0.7 = 22.4

Minimum Bandwidth for Backup Lines = Total Bandwidth * 0.4 = 32 Mbps * 0.4 = 12.8 Final Requirements for Data Center: Two Main Lines with a minimum of 22 Mbps

Two Backup Lines with a minimum of 12 Mbps

Technical Assistance for Policy Reform II 16 CRA IT Application Development

6.0 DATA CENTER SETUP The diagrams below depict the Data Center Equipment Setup and the Racks Setup 6.1 Data Center Equipment Setup

Technical Assistance for Policy Reform II 17 CRA IT Application Development

6.2 Data Center Racks Setup

Technical Assistance for Policy Reform II 18 CRA IT Application Development

Technical Assistance for Policy Reform II Deloite Consulting LLP, 18 El Sad El Aali Street, 18th Floor, Dokki, Giza Egypt ZIPCode: 12311 Phone: +2 02 335 5507 Fax: +2 02 337 7684 Web address: www.usaideconomic.org.eg19