core technology architecture -...

Core Technology Architecture

Version 4.0

April 2002

This page intentionally left blank.

Table of Contents

TABLE OF CONTENTS

INTRODUCTION .......................................................................................................................................................1 THE CORE TECHNOLOGY ARCHITECTURE: A LIVING DOCUMENT ..............................................................................1 WHAT IS THE CORE TECHNOLOGY ARCHITECTURE? ..................................................................................................1

Architecture ...........................................................................................................................................................1 Infrastructure..........................................................................................................................................................1

RECOMMENDATIONS LEADING TO THE CORE TECHNOLOGY ARCHITECTURE.............................................................2 SCOPE OF THE CORE TECHNOLOGY ARCHITECTURE...................................................................................................3 REQUIREMENTS FOR NON-COMPLIANCE WITH THE CORE TECHNOLOGY ARCHITECTURE ..........................................4

ENTERPRISE NETWORK ARCHITECTURE ......................................................................................................5 STRATEGY ..................................................................................................................................................................5

Conceptual Diagram of the Enterprise Network. ...................................................................................................7 COMPONENTS OF THE NETWORK ARCHITECTURE.......................................................................................................8

Summary of the Network Architecture Components. ............................................................................................8 District Architecture Components .......................................................................................................................10 Division/Office Architecture Components ..........................................................................................................11 Area Office Architecture Components.................................................................................................................12 Maintenance Office Architecture Components....................................................................................................13

BENEFITS OF ENTERPRISE NETWORK ARCHITECTURE STRATEGY ............................................................................14 EMERGING TECHNOLOGIES ......................................................................................................................................15

OPERATING SYSTEMS..........................................................................................................................................16 STRATEGY ................................................................................................................................................................16 WORKSTATION OPERATING SYSTEM ARCHITECTURE...............................................................................................17

LAN-attached PC workstations ...........................................................................................................................17 Laptops and non-LAN-attached PC workstations................................................................................................17 Determining Which PC Workstation Operating System To Use .........................................................................18 Personal Digital Assistant (PDA) Operating Systems .........................................................................................18

SERVER OPERATING SYSTEMS..................................................................................................................................19 General Print and File Servers .............................................................................................................................19 Application and Database Servers .......................................................................................................................19 Server Operating System Summary .....................................................................................................................20

BENEFITS OF OPERATING SYSTEM STRATEGY ..........................................................................................................20 ENTERPRISE CROSS-PLATFORM SCHEDULER ............................................................................................................21

Strategy................................................................................................................................................................21 Benefits of a Cross Platform Scheduler ...............................................................................................................21

EMERGING TECHNOLOGIES ......................................................................................................................................22 RELATIONAL DATABASE MANAGEMENT SYSTEM (RDBMS)..................................................................23

STRATEGY ................................................................................................................................................................23 RDBMS RESEARCH AND RECOMMENDATION..........................................................................................................24 SELECTING A DATABASE FOR NEW APPLICATIONS...................................................................................................25 ENTERPRISE/WORKGROUP SERVER DATABASE ENVIRONMENT ...............................................................................27

DB2 UDB ............................................................................................................................................................27 Oracle ..................................................................................................................................................................27 Microsoft SQL Server..........................................................................................................................................27 Sybase Adaptive Server Enterprise (ASE) formerly known as Sybase SQL Server............................................27

PC WORKSTATION/LAPTOP AND SMALL WORKGROUP DATABASE ENVIRONMENT..................................................28 Sybase Adaptive Server Anywhere (ASA) formerly known as Sybase SQL Anywhere .....................................28

Core Technology Architecture - Version 4.0 i TxDOT 4/02

Table of Contents

Microsoft Access .................................................................................................................................................29 M

G

H DWAR

ST

ST

ST

R OTE /

C

O ICE SU

G UPWA

ENTERPRISE SYSTEM MANGEMENT ..............................................................................................................53

AINFRAME DATABASE ENVIRONMENT ..................................................................................................................30 DB2 UDB ............................................................................................................................................................30 ADABAS C .........................................................................................................................................................30 VSAM..................................................................................................................................................................30 SAS......................................................................................................................................................................31

ATEWAY PRODUCTS...............................................................................................................................................31 Description of Gateway Products ........................................................................................................................31 Concepts of Gateway Products ............................................................................................................................31 Sybase Gateway Products ....................................................................................................................................32 Gateway Product Integration ...............................................................................................................................33 Benefits of Gateway products..............................................................................................................................33

BENEFIT OF RDBMS STRATEGY ..............................................................................................................................33 EMERGING TECHNOLOGIES ......................................................................................................................................33 AR E ARCHITECTURE............................................................................................................................35 STRATEGY ................................................................................................................................................................35 STRATEGY FOR THE MAINFRAME .............................................................................................................................35 STRATEGY FOR PC WORKSTATION AND LAPTOP PROCESSORS.................................................................................35

RATEGY FOR SERVER PROCESSORS.......................................................................................................................35 Novell and Windows NT Server Processors........................................................................................................35 UNIX Server Processors ......................................................................................................................................36

STRATEGY FOR PC WORKSTATIONS.........................................................................................................................36 STRATEGY FOR LAPTOPS ..........................................................................................................................................39 PC WORKSTATION AND LAPTOP ACQUISITION STRATEGY .......................................................................................39

RATEGY FOR SERVERS..........................................................................................................................................40 Novell and Windows NT/2000 Servers ...............................................................................................................40 UNIX Servers ......................................................................................................................................................40 RATEGY FOR PRINTERS, PLOTTERS, SCANNERS, AND FAX/COPIER/PRINTERS......................................................40 Printers.................................................................................................................................................................40 Plotters .................................................................................................................................................................41 Scanners...............................................................................................................................................................41 FAX/Copier/Printer .............................................................................................................................................42 Benefits of Hardware Strategy.............................................................................................................................43

EMERGING TECHNOLOGIES ......................................................................................................................................43 EM DIAL-IN / DIAL-OUT..........................................................................................................................44 STRATEGY ................................................................................................................................................................44

OMPONENTS ...........................................................................................................................................................44 Remote / Dial-in ..................................................................................................................................................44 Dial-out / Modem Pooling ...................................................................................................................................45

BENEFITS OF REMOTE/DIAL-IN/DIAL-OUT STRATEGY..............................................................................................46 EMERGING TECHNOLOGIES ......................................................................................................................................48 FF ITES.......................................................................................................................................................49 STRATEGY ................................................................................................................................................................49 COMPONENTS ...........................................................................................................................................................49 BENEFITS OF OFFICE SUITES STRATEGY...................................................................................................................49 EMERGING TECHNOLOGIES ......................................................................................................................................49 RO RE ARCHITECTURE .........................................................................................................................50 STRATEGY ................................................................................................................................................................50 COMPONENTS OF THE GROUPWARE ARCHITECTURE ................................................................................................51 EMERGING TECHNOLOGIES AND FUTURE CONSIDERATIONS.....................................................................................52

Core Technology Architecture - Version 4.0 ii TxDOT 4/02

Table of Contents

STRATEGY ................................................................................................................................................................53 CAPABILITIES ...........................................................................................................................................................53 CONFIGURATION ......................................................................................................................................................54 SELECTION ...............................................................................................................................................................55 BENEFITS..................................................................................................................................................................55 EMERGING TECHNOLOGIES AND FUTURE CONSIDERATION ......................................................................................56

RELIABILITY AND FAULT TOLERANCE ........................................................................................................57 STRATEGY ................................................................................................................................................................57 COMPONENTS OF THE RELIABILITY & FAULT TOLERANCE ARCHITECTURE .............................................................57

File Servers ..........................................................................................................................................................57 UNIX Servers ......................................................................................................................................................58 Local Area Network (LAN).................................................................................................................................59 Wide Area Network (WAN)................................................................................................................................59 Mainframe ...........................................................................................................................................................60 Virus Scanning.....................................................................................................................................................60 Additional Topics to be Considered for a Future Version ...................................................................................60

EMERGING TECHNOLOGIES AND FUTURE CONSIDERATIONS.....................................................................................61 INFORMATION SECURITY ARCHITECTURE.................................................................................................62

Strategy................................................................................................................................................................62 Components .........................................................................................................................................................63

COMPONENTS ...........................................................................................................................................................66 Mainframe Server ................................................................................................................................................66 Print/File/Application Servers .............................................................................................................................68 Print/File/Application Servers .............................................................................................................................68 Client Workstations .............................................................................................................................................69 Information Resource Transfer to Non-TxDOT Entities .....................................................................................70

E-MAIL .....................................................................................................................................................................72 EMERGING TECHNOLOGIES / FUTURE CONSIDERATIONS ..........................................................................................73

GLOSSARY ...............................................................................................................................................................75

Core Technology Architecture - Version 4.0 iii TxDOT 4/02

Table of Contents

This page intentionally left blank.

Core Technology Architecture - Version 4.0 iv TxDOT 4/02

Introduction

INTRODUCTION

The Core Technology Architecture: A Living Document The Core Technology Architecture document is a living document and is meant to be updated periodically to incorporate changes in technology and business requirements.

What is the Core Technology Architecture? The core technology architecture of TxDOT is a key ingredient to providing information quickly and effectively to people. The desire is to have an enterprise-wide technology architecture that supports the data and applications architectures while being consistent, manageable, non-redundant, comprehensive, and easily integrated. The user group requiring information is no longer just individuals within TxDOT. Individuals and organizations outside of TxDOT need access to transportation related information located throughout TxDOT. The technical architecture provides the base upon which applications are built that supports these needs.

An architecture is a blueprint rather than a facility. It is often compared to the city plan that lays out major highways, sets zoning ordinances, and defines locations and utilities. It does not describe the details of houses, though it may impose standards of size, construction, and safety.1 The architecture is not intended to limit the solutions or creativity of the individuals involved with the business enterprise. The purpose of the architecture is to provide guidelines that promote and facilitate the integration of systems and development of an infrastructure that is consistent, manageable, scaleable, and easily integrated. Within the Information Technology profession, two terms, architecture and infrastructure, are used interchangeably; however, each has a very different meaning. For this reason, clarifying these terms initially should reduce the potential for any misunderstanding.

Architecture Architecture defines the guiding principles that will create the framework from which the infrastructure can be defined. It is the general direction that the operating systems, hardware, and networks will take. Architecture refers to the logical view of the data, processes, applications, technology, and standards

s

Infrastructure area

network (WAN), hardware, operating systems, printers, and relational database management system (RDBMS). The infrastructure is defined based on the recommendations of the architecture. The architecture provides guiding principles; whereas, the infrastructure defines the specific components that are required.

required to support the business from an information and technology perspective. The architecture also defines the standards, policies, and procedures for implementing an environment. Architecture addresses the structure and interconnection between information processing and technology as well athe logical information and technology architecture required to support business systems.

Infrastructure defines the specific components that make up the local area network (LAN), wide

1 “Shaping The Future - Business Design Through Information Technology” - Peter G.W. Keen, 1991, p.200

Core Technology Architecture - Version 4.0 1 TxDOT 4/02

Introduction

Recommendations Leading to the Core Technology ArThePro

Information technology architecture is a series of principles, guidelines, or rules used by an organization to direct the process of acquiring, building, modifying, and interfacing

tools, IT organizational structures, and more. The benefit of an cture is a more efficient business providing greater service to the end

The foll

• • • ployee

• lopment, maintenance, and integration of the data, application, and

• Involve stakeholders throughout the Department in definition and evolution of the technology

• nd

chitecture following recommendations were made in the IS BPR report “Phase 2: Vision Statements and cess Improvement Recommendations” (page 62):

with IT resources throughout the enterprise. These resources can include equipment, software, communications protocols, application development methodologies, database systems, modelingintegrated architeuser and promoting a greater sense of collaboration that will contribute to the best use of available resources.

owing recommendations were made:

Provide an integrated, scaleable, and supportable technology architecture Coordinate solutions and information flows for technology architecture development Include appropriate controls and access for enterprise, business area, workgroup, and emcomputing Ensure effective devetechnology architectures

architecture Include a “configuration management” process by which existing data, applications, atechnology components can be managed and migrated toward the defined architecture.


Introduction

Scope of the Core Technology Architecture The Core Technology Architecture is the basic foundation for all the IS processes and TxDOT IT business functions. It is on the critical path to enable future Information Systems Division business projects. The focus of the Core Technology Architecture is to provide TxDOT with an enterprise-wide blueprint

t

• Enterprise Network Architecture • • Management System (RDBMS) • • • • • ystem Management • • ure

The following legacy projects are

for the future technical architecture. The Core Technology Architecture is one of the essential pieces thaallows business application teams to develop applications to support TxDOT.

The topics addressed in this document include:

Operating Systems Relational DatabaseHardware Architecture Remote/Dial-in/Dial-outOffice Suites Groupware Enterprise SReliability & Fault Tolerance Information Security Architect

included in the scope of this document:

• Intelligent Transportation Systems (ITS) projects, including transportation management centers,

•

freeway traffic management systems, high occupancy vehicle lane traffic management systems, arterial traffic management systems, closed loop traffic systems, and ITS and traffic managementrelated research and development projects. ITS projects that are under operation, or that are in the process of being installed are exempt from the Core Architecture requirement. ITS projects inthe planning stage fall under the Core Architecture requirement. The Registration and Title System, version II (RTS II). The use of OS/2 with RTS II is permitted until such time as it is replaced with another operating system. The existing RTS system is exempt from the Core Architecture requirement.


Introduction

Requirements for Non-Compliance with the Core Technology Architecture The following conditions must be met to justify non-compliance with the Core Technology Architecture:

A strong business case must be made to the Information Systems Division for not following the architecture when developing or implementing a new application. It must be shown that the application being developed or purchased cannot be logically, technically, and economically developed or implemented using the architecture.

•

•

•

The Information Resource Council must approve all exceptions to the architecture not approved by the Information Systems Division. In addition, if a system is chosen that has not been identified in the architecture, all costs associated with the implementation and support of the system will be borne by the requesting District/Division/Office. An existing system cannot be economically converted to the architecture. In this case, attempts should be made to develop future enhancements to existing systems utilizing the architecture.


Enterprise Network Architecture

ENTERPRISE NETWORK ARCHITECTURE

Strategy The enterprise network architecture is the foundation of the overall architecture. All other components rely upon the availability and capabilities of the network.

The enterprise network architecture is summarized as follows:

Transmission Control Protocol / Internet Protocol (TCP/IP)

In order to address the needs of future client/server and intranet technologies, the present multi-protocol topology of the TxDOT wide area and local area networks should be consolidated into a single TCP/IP protocol.

Ethernet Topology

Ethernet is recommended as the media of choice for local area connectivity for all new sites. Present locations at District/Division/Office locations will continue to use both Token Ring and Ethernet with eventual conversion to Ethernet when feasible. All new installations at locations owned or leased by TxDOT should be based on Ethernet.

Wiring Specifications

All data wiring in TxDOT owned or leased buildings shall comply with the EIA/TIA 568 standards and use unshielded twisted pair (UTP) category five e (5e) or better wire. All telecommunications wiring in TxDOT owned or leased building shall comply with EIA/TIA 568 standards. Existing data and voice wiring in TxDOT owned or leased buildings are exempt from this standard until the building(s) are renovated, remodeled or rewired through a TxDOT technology project. ( Reference: Texas Administrative Code Rule 201.13)

Network Extension

The TxDOT WAN/LAN TCP/IP network has been extended to all offices. Three (3) Mbps ATM circuits connect all Divisions and Districts where provided by the TEXAN 2000 infrastructure. Connections from Districts to Area Offices and Unattached Maintenance Offices are at least 768 kbps. Redundancy in Network

The existing wide area network should be reconfigured to provide redundant connectivity where possible. This will provide a more robust fault-tolerant network, which is required for a successful implementation of client/server and intranet technologies.

3270 Terminal Connection

All connections to the TxDOT mainframe shall be through microcomputer workstations running TN3270 emulation.



Other LAN Protocols

LAN protocols such as Internet Packet Exchange (IPX), NetBIOS Extended User Interface (NETBEUI), Xerox Network System (XNS) and AppleTalk are not recommended for future development and expansion. System Network Architecture (SNA) will be phased out as soon as practicable. (Reference :Texas Administrative Code Rule 201.13 (August 31, 2001 deadline))



Figure 1 is the Enterprise Summary Diagram representing the overall TxDOT LAN/WAN strategy graphically.

Conceptual Diagram of the Enterprise Network.

3 Mbps ATM 768 kbps

768 kbps

768 kbps

768 kbps

768 kbps

768 kbps

OC-3

10 MBps Division Site AustinDivision Site Austin

Division Site Austin

Division Site Austin

3 MBps ATM

3 MBps ATM

3 MBps ATM

768 kbps

768 kbps 768 kbps

768 kbps 768 kbps 768 kbps

768 kbps

768 kbps

768 kbps

768 kbps

768 KBps kbps

768 kbps

768 kbps

768 kbps 768 kbps

768 kbps

768 kbps

768 kbps

768 kbps

Area Office

Area Office

Area Office Area Office

Area Office

ntenance Office

aintenance Office

RTS Office

RTS Office Area Office

Maintenance Office Maintenance Office

Maintenance Office

Maintenance Office

Maintenance Office

Maintenance Office

Maintenance Office

Area Office

Area Office

Area Office

RTS Office

RTS Office

RTS Office

RTS Office

RTS Office

District Office

District Office District Office

ATM/Frame Relay Cloud

District Office

ISD

Internet

Figure 1 - Conceptual Diagram of the Enterprise Network

Major Components

ISD Division Office • • • • • •

Division Offices District Offices Area Offices Maintenance Offices RTS Offices



Components of the Network Architecture Figure 2 presents the network architecture at a level more detailed than the conceptual network architecture diagram depicted in Figure 1. It represents the type of components and topology that make up the overall network.

Summary of the Network Architecture Components.

Escon Escon Escon

Escon

ESCON

IBM Mainframe Tr

Tr

56 kbps 56 kbps

3745-310

Tr

56 kbps

3745-210A

Eth

Tr

768 KB kbps

3 Mbps

768 kbps

Router

DASD

Tr

Eth

Tr

e Router

Tr

Tr

Token Ring-40 Token Ring-1

Tr

Tr

Tr

Token Ring-2

OC-3

OC-12

3Mbps

Router

Tr

64 Kbps

3745-170 Tr Tr

Tr Tr

Tr

Token Ring

Eth Eth

PC Workstation

Tape Store

Eth

Eth Eth

PC Workstation

Tr

IBM 3172

Tr

RS232

RS232

RS232

Bridge Router

TrTrToken Ring

RJE 3770

RJE 3770

PC Workstation

Coax

317X ControllerPC Workstation

Eth Tr

Router

Tr RS232

3745-170

Eth Eth

EthTr

Tr Tr

Token Ring-45 Token Ring

PC Workstation

RJE 3770

TrTr

Tr

Tr

RTSRTS-GW

RTS-WS

RTS-WS

eth

PC Workstation

Eth

Router

Eth

EthEth

eth Eth

PC Workstation

Area Office

District Office

MainOffice

ISD Camp Hubbard

Austin Riverside Complex

Austin

Maintenance Office

Novell Server

Novell Server

Novell Server

Novell Server

Novell Server

Dial-up

Citrix Dialup Serve

Training Center

PC Workstation

PC Workstation

RTS-WS

RTS County Site

ATM/Frame Relay

NT PDC

eth eth

Printer

Router Remote Laptop

Printer

Printer

Printer

Printer

Printer

Unix Database/ Application Server

Unix Database/ Application Server

PC Workstation PC Workstation

Printer

PC Workstation

PC Workstation

NT Database/ Application Server

NT Database/Application Server

Figure 2 - Summary of the Network Architecture Components

Major Concepts of the Network Architecture

Division Offices in the Austin area are interconnected with redundant OC-3/OC-12 links providing support for SNA, TCP/IP and IPX protocols.

•

• An ATM network connects 3 Mbps links from ISD in Austin to District Offices.



• District Offices use frame relay network circuits to connect to their adjacent Area , Maintenance cuits

• Citrix server supports dial-in connectivity from laptops or other non-networked workstations. and VTR Regional Offices with 768 kbps (CIR) cir



District Architecture Components

56 kbps

3745-210A

Tr

768 kbps

3 Mbps local eth

768 kbps

Router

3 Mbps

Router

9.6 kbps

56 kbps

3745-170

Tr

Tr

Tr

Tr

PC Workstation

Tr

Tr Tr

RTS-GW

RTS-WS

RTS-WS

eth

PC Workstation

eth

PC Workstation

eth

PC Workstation

Eth

Router

Eth

Eth

Eth 10BaseT Eth

PC Workstation

District Office

ISD Camp Hubbard

Maintenance Office

Novell Server

Novell Server

TxDOT WAN

Dialup

Citrix Dialup Server

Training Center

PC Workstation Area Office

EthPC Workstation

On Site Maintenance Office

Remote Laptop

Dial-out

Netware Connect Server

PC Workstation

On SiteMaintenance Office

RTS County Site

NT Database/

Internet Proxy

Frame Relay

NT BDC andExternal

Information Resources

eth

eth

Router

Printer

Printer

Printer

Printer

PC Workstation

Application Server

Figure 3 - District Architecture Components

Major Components of District Office Architecture

• • • • supports dial-in connectivity from remote laptops or other non-network attached

workstations

Area Offices connect through routers to District Office network. Existing Token Ring networks will be replaced with Ethernet (FY 03 estimated completion) On-site Maintenance Offices connected to District LAN. Citrix server



Division/Office Architecture Components

OC3

OC 3

Escon Escon Escon Escon

Tr

Tr

3745-310

Tr

3745-210A

DASD

Tr

Eth

Tr Bridge Router

Tr

Tr

Tr

Token Ring-1 Tr

Tr Tr

Token Ring-2

Switch

Tape Store

Eth

Eth

PC Workstation

Tr

IBM 3172

10BaseTSwitch

Tr

Tr

Tr

TrTr

Tr

Token Ring

PC Workstation

PC Workstation

PC Workstation

ISD Camp Hubbard

Novell Server

Novell Server

eth Ethernet Hub

PC Workstation

PC WorkstationNT Database/

NT Database Server

Dialup

Dialup

Citrix Dialup Server Remote Laptop

Remote Laptop Dial-up

Netware Connect Srvr

Division/Office

TxDOT WAN

IBM Mainframe

Application Server

ATM/Frame Relay

NTApplication Server

NT PDC

NT BDC and

ExternalInformation Resources

Printer

Printer

Printer

Unix Database/ Unix Database/ Application Server Application Server

PC Workstation

Application Server

Figure 4 - Division/Office Architecture Components

reMajor Components of Division/Office Architectu

• d District Offices through a router. • ith Ethernet (FY 03 estimated completion) • remote users, where a business

Division Offices connect to other Division anExisting Token Ring networks will be replaced wCitrix Server supports dial-in connectivity from laptops and other case exists.



Area Office Architecture Components

10BaseT

768 KBRouter

PC Workstation

Novell Server

PC Workstation

768 KB Router at District

10BaseTEthernet Hub Ethernet Hub

PC Workstation

On Site Maintenance Office

Area Office

Frame Relay

Printer

Printer Printer

Figure 5 - Area Office Architecture Components

Major Components of Area Office Architecture

• • ce. • • ffices will be attached to Area Office LAN.

Ethernet topology utilizing 10-Base-T hubs. 768 kbps connection to adjacent District OffiNetwork attached workstations, printers and NetWare file server. On-site Maintenance O



Maintenance Office Architecture Components

TxDOT

Maintenance

PC Workstation

Office ATM/Frame

Async Dialup

Citrix Server

Token Ring

3 MB Router

District Office

56 kbps 768 MB

PC Workstation

Remote Laptop

Wide Area Network

IBM 3745-170 Router Printer

Novell Server

Major Components of Maintenance Office Architecture

Figure 6 - Maintenance Office Architecture Components

• Ethernet topology utilizing 10-Base-T hubs.

e an extension of the network at those sites.

• 768 kbps connection to adjacent District Office. • Network attached workstations and printers. • Maintenance Offices located on-site at District Offices and Area Offices ar



Benefits of Enterprise Network Architecture Strategy

• Simplification of network configurations for all devices on the TxDOT network with only one in.

• Less resource utilization and fewer network devices. Workstations and routers use less memory ly one protocol.

e facto”

• Many existing applications, i.e. web servers, use TCP/IP as their communications protocol. ment is simplified with only one communications protocol

There are several reasons for choosing Ethernet over Token Ring or other local area network media acce

• Ethernet simplifies the consolidation of engineering and business hardware and software

hernet technology have enhanced its performance and capabilities, i.e. switching and 100 Mbps bandwidth.

• Ethernet is the predominant media choice in TCP/IP based networks. This results in more vendor support and lower hardware prices than with competing LAN media protocols such as Token Ring.

Extension of the LAN/WAN TCP/IP network to all TxDOT offices means that capabilities such as Novell file and print services, e-mail, and 3270 connectivity are available to all personnel requiring these services. Furthermore, the expansion of the LAN/WAN network to all levels of the TxDOT infrastructure is necessary to successfully implement future client/server statewide applications.

Selecting TCP/IP as the protocol of choice for the TxDOT enterprise-wide network has many advantagesover the present multi-protocol environment. Some of these advantages include:

protocol stack to define and mainta• Enhanced troubleshooting due to reduced training requirements (only one protocol to learn) and

fewer required diagnostic tools.

when supporting on• More efficient use of network bandwidth can be achieved because a single protocol can be

optimized more effectively than multiple protocols. • Easier communication to outside agencies because TCP/IP has become the “d

communications protocol.

• Client/server applications developapplication program interface (API).

• TCP/IP is required for all new network installations by DIR.

ss protocols. Some of the reasons for the selection of Ethernet are as follows:

communications components.

• New developments in Et



Emerging Technologies The adoption of the network strategies listed above will be a dynamic process. It is already evident that

s are being developed that offer advantages to future TxDOT network design. Some

newer technologieexamples include:

ATM (Asynchronous Transfer Mode)

ATM is a very high-speed (155 Mbps) connection oriented replacement for Ethernet and Token Ring. It offers the promise of high-speed, predictable communication in multimedia environments.

High Speed Switching

Another new technology already starting to be used as a replacement for network routers and bridgin some networks is the high-speed switch. This device, if used properly, can greatly increase the performance of LAN networks reducing congestion and improving throughpu

es

t.

T network.)

Wireless Connections to the Network

(Note: The Department has high-speed switches at several locations within the TxDO

Wireless technology allows workstations and laptops to be connected to the LAN without having to put in place a wiring infrastructure that connects each workstation to the network. A base transceiver that ne port in the wiring infrastructure and wireless adapter cards in the workstations provide a method to rapidly bring up units on the network.

Additional wireless services (broadcast type) could provide for connection of laptops and personal data assistants (PDA's) to the LAN away from the fixed facilities of the district or division.

The Tx ble platform to meet future TxDOT

connects to only o

DOT Network will continue to evolve into a more open and servicea business requirements.


Operating Systems

OPERATING SYSTEMS

Strategy TxD grapmul com xisting 16-bit applications. Local area network (LAN) connectivity is to be included as an integral part of the operating system.

TxDthroplat ariety of hardware and software configurations. In addition, they provide consistent software application development platforms.

s are recommended for future application development:

• OS/390 and z/OS

The :

• Stability of the product

OT’s strategy for PC workstation and laptop operating systems is aimed at providing a consistenthical user interface (GUI) for the end user, and a high level 32-bit capability with preemptive titasking and multithreading application use and development. The operating systems should providepatibility with e

OT’s strategy for network server operating systems is aimed at providing a high level of connectivity ughout the Department. The LAN operating systems are scaleable across a variety of computing forms. The LAN operating systems support a wide v

The following operating system

• Windows NT Workstation • Windows 2000 Server • Windows 2000 • Novell NetWare • UNIX

following factors were considered when recommending operating systems for the new architecture

• Potential viability of the vendor and the product in the near future

• Support for 16-bit and 32-bit applications • Third party application support • Product market share for operating systems • Training/support requirements.


Operating Systems

Workstation Operating System Architecture

Windows NT Workstation has been selected as the operating systems for all LAN-attached PC workstations. Windows NT Workstation is a 32-bit multita s thexcellent compatibility with existing 16-bit Windows applications and newer 32-bit applications.

l is perm r t be fu sing Windows NT.

The goal for the Department is for all LAN-attached PC workstations and laptops capable of being run the indows NT Work Recom d use

s NT Workstation and Windows 2000 is described below and in the section “Determining Which PC Workstation Operating System to Use”.

Windows NTWindows NT Workstation is recommended as the operating system for all LAN-attached PC workstations with Pentium-level and above processors. Windows NT Workstation provides a high

hould be used T e

ture. The built-in TCP/IP stack allows work.

Windows 2000 is recommended as the operating system for laptops that come with that operating system installed or where an operational requirement for a LAN-attached workstation cannot be

filled using Windows NT Workstation.

Laptops and non-LAN-attached PC workstations Windows 2000 has been selected as the operating system for existing laptops that are not capable of running Windows NT and non-LAN-attached PC workstations. Windows 2000 has “plug and play” device detection that is especially useful when installing and removing adapter cards in laptop computers.

LAN-attached PC workstations

sking operating system at provide

Windows 2000 Professiona itted where an ope ational requirement canno lfilled u

connected to the network toof Window

W station operating system. mende

Workstation

level of workstation security, memory protection, broad network protocol support and sfor the development of and use with mission critical applications. The latest version of Windows NWorkstation (version 4.0) has the Windows 95 shell interface and will provide TxDOT with a singluser interface for all microcomputer platforms in the fuWindows NT Workstation to attach to TxDOT’s IP net

Windows 2000 Professional

ful


Operating Systems

Determining Which PC WorkstaThe operating systems that should be used for PC

tion Operating System To Use workstations are summarized in the following table.

PC Workstation Processor Operating System Minimum RAM

AN-attached PC Workstation Pentium and above Windows NT Workstation Windows 2000 Pro if an operational necessity

64 MB

aptop and non-LAN attached Windows NT Workstation

L

Lw

Pro

64 MB orkstation if the hardware is capable,

otherwise Windows 2000

Table 1 - PC Workstation Operating Systems Selection Guidelines

Personal Digital Assistant (PDA) Operating Systems Pers ss boospec

Windows CE and the Palm operating system are the predominant operating systems for PDAs. PDAs that contains one of these operating systems are approved for Department use. Connection to the TxDOT network is approved only for TxDOT provided PDAs.

onal digital assistants (PDAs) are handheld productivity devices that provide calendaring, addreks and various other application programs such as word processing and spreadsheets. In addition, ialized application programs are developed for PDAs.


Operating Systems

Server Operating Systems

General Print and No een selected as TxD server operating system for local area networks. Novell NetWare is an enterpris enterprise-wide ma t through the use ces (NDS). New additions to the allow printing of print queue, regardless of source. GroupWise, TxDOT’s departmen are is also internally linked to the Novell NDS for enterprise-w leverages TxDOT’s considerable existing investment in Novell NetWare throughout the Department.

Engineering plotting is available via the Iplot suite of products. These products use an NT application server and use standard Windows-based printing and LPR. An NT application server is located at each district office and Austin c

Application and Database Servers

File Servers vell NetWare has b OT’s print and file

e LAN operating system and provides fornagement and suppor Novell network will

of NetWare Directory Servidocuments using the Novellt-wide e-mail and scheduling softwide administration. This decision also

ampus site.

Windows NT / 2000 Server

Windows NT Server has been selected as TxDOT’s application and database server operatinsystem. Windows NT Server offers preemptive 32-bit multitasking with multithreading and s

g upport

for Win rements dictate.

UN

multi-processor servers and multiple network protocols. Windows NT Server will be replaced bydows 2000 on a project by project basis or as business requi

IX

AIXAccIBMRS/UNIX should be considered as an application server platform for those applications, which by design specifications or transaction volumes are considered too large for Windows NT Server to handle effectively. Applications and databases should not be placed on a UNIX server unless it is apparent that a server running Windows NT Server will not provide sufficient computing resources. Such projects need to be developed in close cooperation with ISD to insure that sufficient infrastructure resources are available to support this category of application or database.

OS/390 and z/OS

, IBM’s implementation of UNIX, is TxDOT’s standard operating system for UNIX servers. ordingly, IBM’s RS/6000 line of products is the department’s standard UNIX server platform. ’s Serial Storage Architecture (SSA) drives or standard SCSI drives may be used with the

6000.

OS/390 and it’s successor, z/OS, will continue to be the mainframe operating system for TxDOT and will continue to support the departments legacy applications as well as new enterprise applications whose design can best utilize mainframe performance capabilities. The department plans to convert to the most current release of z/OS in August, 2002.


Operating Systems

Server Operating System Summary owing table. The operating systems selected for servers are summarized in the foll

Operating Systems Selection Guidelines Print/File Server • Novell NetWare

• Windows NT/2000 for plotting services Application Server • Windows NT/2000 Server

• UNIX (High transaction volumes) • OS/390 and z/OS Mainframe Server

Database Server • Windows NT/2000 Server • UNIX (High transaction volumes) • OS/390 and z/OS Mainframe Server

Table 2 - Server Operating Systems Selection Guidelines

Benefits of Operating System Strategy

The selected operating systems architecture supports the following TxDOT business objectives:

• ting environment by providing consistent orms.

velopment

• Standardized operating systems will lead to reduced administration, support, and training costs. ced end user satisfaction with the

Facilitates TxDOT’s migration to a distributed compudevelopment operating systems across hardware platf

• Enhances software application developer’s ability to execute rapid application deprojects with homogeneous/interoperative operating systems.

• More effective delivery of central support services and enhancentral support services


Operating Systems

scheduler

St tThe purcoordin T, and OS/390. As lseparate of differinto adapt production systems to change, it has become very difficult for even highly trained individuals to opeschedul rmed correctl TxDOT’s enterprise cross-platform scheduler is published by Stonebranch. It provides an any-to-any commuapplicatcomma ng system to a different platform e interfac The cro

• • ation between individual system platforms, and •

BeneThe Sto

• • •

d have to be manually corrected • • • • tforms to run backups, restore files and execute programs

Enterprise Cross-Platform

ra egy pose of a cross-platform scheduling product is to address the enterprise business need of ating application processes across multiple system platforms, especially Unix, N

app ication systems increasingly reside on diverse processing complexes (which may be located at sites), the ability to manage all scheduling from a single focal point becomes critical. Because

g operating systems, the intertwining of application processing on multiple systems, and the need

rate these systems with no errors and within stringent time deadlines. An enterprise cross-platform er automates various operational activities to assure that multi-platform processing is perfoy and efficiently.

nications and management layer for cross-platform systems management and application-to-ion interface. Stonebranch's approach is not specific to any one computing platform. Any nd or group of commands can be routed and executed from one operati

. Any type of program, command or script file that can be executed from the command line by this cross platform scheduler.

ss-platform scheduler supports department needs by: scheduling across multi-platform environments, transferring and tracking informautomating administration of complex connections between systems and platforms.

fits of a Cross Platform Scheduler nebranch Cross-Platform scheduler: provides a means to schedule the execution of programs with cross-platform dependencies coordinates scheduling across the network and mainframe for projects in development prevents jobs from running if dependencies are not being met, thus eliminating erroneous data that woulfacilitates the sharing of information across different operating system platforms provides a multi-platform error reporting mechanism gives analysts the ability to schedule unattended, after hours work communicates across pla


Operating Systems

Emerging Technologies Emerging operating system technologies that should be considered in the future include:

• Microsoft XP Professional – TxDOT will replace the existing NT workstation operating system with MS XP Pro after thorough testing with existing applications. Projected timeframe for the completion date for MS XP Pro installation in TxDOT is December 31, 2003.

• Windows .NET Server – TxDOT will replace existing NT/2000 Server operating systems with .Net Server. Projected time frame for the introduction of .Net Server is the second quarter of calendar year 2003. ISD will thoroughly test .NET Server prior to implementing this product in the field.

• 64-bit operating systems - The current development of 32-bit operating systems is the result of the design of 32-bit processor architecture. The next generation of 64-bit microcomputer processors is in the design and testing stage now. Operating systems must be developed to handle these newer and larger capacity processors.

• Linux - Linux is an independent POSIX implementation of UNIX. It includes true multitasking, virtual memory, shared libraries, demand loading, proper memory management, TCP/IP networking, and other features consistent with UNIX-type systems.

• Symmetrical multiprocessing (SMP) for large numbers of processors (massively parallel computers) - SMP is the combining of several physical processors to make a large logical processor capable of handling multiple operations. The benefit of this technology is to take relatively inexpensive (when compared to a mainframe) processors, link them together logically with the operating system and perform larger tasks. Operating systems must be able to take advantage of this technology. • Management of large capacity storage devices - It will become increasing important that operating systems be able to handle very large storage devices. Storage capacity technology is on an exponential development curve with larger and large capacity devices and a decreased physical size. Operating systems must be able to support these devices.

• Multimedia effects on OS efficiency - Multimedia operations such as teleconferencing, computer based training and distance learning will require additional bandwidth in our telecommunications networks. Operating systems must be able to manage the incoming data streams in an efficient manner.

• Object Oriented Operating Systems - Traditional operating systems link lines of written code as applications are developed. Object oriented operating systems allow the linking of objects. The objects contain coded operations for particular operations. This will aid in the rapid development of information systems.

• Interoperability/Compatibility between PC workstation OS and LAN OS - To decrease the amount of support necessary for the integration of PC workstation operating systems and LAN operating systems, it will become increasingly important that both types of operating systems communicate with a minimum of interface overhead. The development of appropriate drivers for PC workstations is a critical element in the interoperability between the two types of operating systems. • Network Computers - The goal of NCs are to be easy-to-use and easy-to-manage desktop devices that connect to networked servers, making it simple to easily distribute and change applications across a business. Such devices are still immature but may evolve into a useful cost effective technology for enterprise deployment.


Relational Database Management System (RDBMS)

RELATIONAL DATABASE MANAGEMENT SYSTEM (RDBMS)

Strategy In order to address the database needs of future application development, a relational database management system should be used for enterprise and workgroup applications in development and production environments.

Enterprise applications are applications that span multiple business areas and multiple Districts, Divisions, or Offices.

Workgroup applications are applications that meet the District, Division, or Office internal needs and can be provided by the business area.

ISD may be contacted for criteria to differentiate enterprise applications from workgroup applications.

For all new enterprise applications and certain workgroup applications that impact IT resources, the project manager will be required to request a meeting with ISD technical staff for a Technical Architecture Design Assessment* which includes

choosing the most appropriate database for the application.

The following products will be supported as application databases:

DB2 Universal Database (UDB) for all new applications without spatial data components • • Oracle for a limited number of applications that have a major spatial data component and are

approved by ISD DB2/2 for the Registration and Title System (RTS) in the OS/2 WARP environment •

•

• • •

•

Sybase Adaptive Server Enterprise (ASE), formerly known as Sybase SQL Server, for maintenance of legacy applications ADABAS C (ADABAS) for maintenance of legacy applications Microsoft SQL Server for limited use when integrated with proprietary software Sybase Adaptive Server Anywhere (ASA), formerly known as SQL Anywhere, for small workgroup applications and for PC workstation applications that have the potential of expanding beyond a single workstation Microsoft Access for individual workstation database applications

Applications currently exist that will require the continued use of databases that are not recommended for uture application development. f



*Technical Architecture Design Assessment Due to the complexity of application implementation and development projects, the cost, the risk, the various platforms, the various databases and a variety of technology involved, a Technical Architecture Design Assessment will be required to determine the best database for the application. The technical architecture validation step must be included in the project plan and schedule. During this step of the project the technical requirements of the application must be analyzed and documented. These requirements will be assessed against TxDOT's current technical architecture. Appropriate personnel from ISD and the project team will analyze project requirements and TxDOT infrastructure components to determine the best database, as well as other technical architecture components, for the project to utilize.

RDBMS Research and Recommendation In December 1994, a project team was formed to formally evaluate Relational Database Management

During the summer of 1999, a project team was asked to re-evaluate the enterprise database direction

oup advised that the RDBMS market had narrowed to the "Big Three" vendors from the former "Big Five" vendors on a few platforms. Many factors were carefully considered. The

al isting

base

t in light of changing requirements, application interfaces and complexities, proprietary

Systems (RDBMS) and to recommend an RDBMS for future applications at TxDOT. The project teamcompiled detailed requirements and published a Request For Information (RFI). Through an extensive RFI evaluation process, the team recommended the selection of the Sybase solution for new application development and the continued use of ADABAS on the mainframe.

made in 1995. This project was activated due to the continual change and progression in technology, change in the RDBMS market place, and the need for a database that supports the GIS spatial data requirements. The Gartner Gr

recommendation from this research was to use Oracle for applications that have major spatial data components. However, each project’s RDBMS will have to be approved as part of the technicarchitecture design assessment process. Support for Sybase and ADABAS would continue with exapplications, but would not be recommended for new major development projects. The use of SyAdaptive Server Anywhere (ASA), formerly known as SQL Anywhere, and MS Access would continue as recommended in 1995. Mass DBMS migration was not advised at this time due to significant cost andrisk to TxDOT. As much as TxDOT would like to standardize on a single strategic RDBMS product, standardizing on one product is difficulapplication software requirements, the market place, and the overall cost and risk to the department. Until further decisions have been made, project teams developing new enterprise applications must contact ISD to arrange for a technical architecture design assessment meeting to determine what database would best be suited for the specific application.



Selecting a Database for New Applications Table 3 indicates which database should be used in most cases for the development of specific application types. Different databases have specific strengths. The criteria listed in Table 3 should be considered when making database selection decisions for application development, modification, and maintenance.

Database Alternatives When to Use DB2 UDB • Enterprise applications without spatial data components Oracle • Enterprise and Workgroup applications with major spatial data

components Support of prapplications Sybase Adaptive Server

Enterprise (ASE) • • If required by a proprietary package that meets TxDOT business needs

Support of legacy applications

Sybase Adaptive Server Anywhere (ASA)

• • PC workstation applications with potential for being shared among a

•

formerly SQL Anywhere

Workgroup applications

workgroup Applications with the potential of expanding above size and use limitsPC workstation applications for a single user with no data sharing

ADABAS C • • age that meets TxDOT business needs

Support of legacy applications If required by a proprietary packSupport of legacy applications

SAS • Support of legacy applications OtherDatab

PC Workstation ases

• Support of legacy applications

Microsoft SQL Server • oprietary software for Enterprise and Workgroup

Microsoft Access •

VSAM •

Table 3 - Database Selection Criteria for New Applications



Table 4 indicates when a Technical Architecture Design Assessment is required and which database should be used in most cases for new, existing and legacy applications.

Application Type

Database Options for Application Development and Support

New Applications Existing/Legacy Applications

Technical Architecture Design Assessment (Required)

DB2 UDB

Oracle (limited to applications with major spatial data component)

Microsoft SQL Server (limited to support of proprietary software)

Sybase Adaptive Server Anywhere (ASA)

Microsoft Access

Sybase Adaptive Server Enterprise (ASE)

ADABAS DB2/2

Enterprise X X X X X X X Workgroup X X X Workstation/ Single user

X X

Laptop/Single user

X X

Major Spatial data components

X X

Table 4 - Database Selection Guidelines by Application Type



Enterprise/Workgroup Server Database Environment

DB2 UDB DB2 Universal Database (UDB) was procured by TxDOT in summer 2001 and is recommended for all new enterprise applications without major spatial components on the UNIX platform. DB2 UDB is a multi-user, robust RDBMS that includes such features as data referential integrity, data security, triggers, stored procedures, and access to the data via structured query language (SQL) queries. DB2 provides scalability for any future growth, flexibility with size and types of applications it can support, and availability (24 x 7 if needed).

The core technology of DB2 UDB is the same for all platforms. The platform recommendation will be based on the application needs and the information provided during the project's Technical Architecture Design Assessment, described in the strategy portion of this section.

Oracle Oracle was purchased in March 2000 and is the recommended database for a very limited number of applications with major spatial data components. Oracle Enterprise Edition is a powerful database available for driving enterprise applications, on-line transaction processing applications (OLTP), query-intensive data warehouses, and high capacity web sites. Oracle Enterprise Edition has scalability that spans from single CPU servers through massive server clusters and mainframes. Oracle Enterprise Edition integrates technologies like native support for XML, Java and SQL. The recommendation for using this database will be based on the application needs and the information provided during the project's Technical Architecture Design Assessment, described in the strategy portion of this section.

Microsoft SQL Server Microsoft SQL Server is recommended for limited use and only when it is integrated with proprietary

sing

Sybase Adaptive Server Enterprise (ASE) formerly known as

n as Adaptive Server Enterprise (ASE), was the RDBMS procured y

software for Enterprise and Workgroup applications. Microsoft SQL Server is currently being evaluated to determine where it may fit within the Core Technology. The recommendation for uthis database will be based on the application needs and the information provided during the project'sTechnical Architecture Design Assessment, which was described in the strategy portion of this section.

Sybase SQL Server Sybase SQL Server, now knowfrom Sybase in 1995. Sybase has been used for enterprise-wide and workgroup applications. Manconfiguration issues and complementary products must be considered prior to developing an application with an RDBMS. For information on the components and complementary products, contact ISD.



PC Workstation/Laptop and Small Workgroup Database Environment PC workstation/laptop databases are defined as those that reside on a user PC workstation or laptop and are typically only accessed by one user. Small workgroup databases are those that reside on PC workstations or servers and are typically accessed by multiple users. Two products are recommended for these environments: Microsoft Access and Sybase Adaptive Server Anywhere (ASA). Because each database environment has different requirements, the databases should be selected based on to the following guidelines:

• Adaptive Server Anywhere (ASA) is the recommended database for workgroup applications that

• tions.

a multi-user RDBMS server that can be run on a network server

require a database to be located on a server, workstation or laptop. Adaptive Server Anywhere (ASA) is recommended for small workgroup applications requiring multi-user access. Microsoft Access is the recommended database for stand-alone PC workstation applicaAccess is a flexible, easy-to-use PC workstation database that is included in the recommended office product suite.

Sybase Adaptive Server Anywhere (ASA) formerly known as Sybase SQL Anywhere

Adaptive Server Anywhere (ASA) isor high-end PC. It has relational data-integrity and network-based client/server structured query language (SQL) access. Adaptive Server Anywhere was originally marketed as Watcom SQL byPowersoft and was acquired by Sybase with the purchase of Powersoft.

Adaptive Server Anywhere (ASA) is recommended for developing applications that will be used by a single user or workgroup and require the features of a large enterprise-wide application, such as triggers and stored procedures, cascading updates and deletes, and built-in referential and entity integrity. Adaptive Server Anywhere (ASA) should not be used for enterprise applications. Adaptive Server Anywhere (ASA) supports full transaction processing with automatic data recovery. The product uses the Open Database Connectivity (ODBC) standard as its functional application programming interface (API).

All of the code developed to access Sybase Adaptive Server Anywhere (ASA) can be migrated to access other databases if needed.

With SQL Remote, Adaptive Server Anywhere (ASA) provides replication of data between databases in different offices connected only occasionally, for example by a periodic dial-up link or by e-mail. This allows replication of databases between several offices or between Adaptive Server Anywhere (ASA) and Sybase. Changes made on a remote computer, such as a laptop, can be submitted for replication to a consolidated database on a local area network and updates of data in the consolidated database can be replicated to the remote computers.

Adaptive Server Anywhere (ASA) can be used by developers without the need to interact with central DBAs for database creation and modifications.



Figure 7 demonstrates how Sybase Adaptive Server Anywhere (ASA) fits into a client/server environment.

PC Workstation•Sybase ASA with SQL Remote

PC Workstation•Sybase ASA Client

•Sybase ASA with SQL Remote

Network Port

Replication

Modem

Laptop•Sybase ASA with SQL Remote

.

Network Server•Sybase ASE and/or•Sybase ASA with SQL Remote

LaptopReplication

Replication

Replication

Replication

Replication

Figure 7 - How Adaptive Server Anywhere (ASA) fits into a Client/Server Environment

Microsoft Access

Microsoft Access is the recommended database for a single user with no data sharing.

This recommendation is based on the following:

Integration with Microsoft Office Suite - With a suite of products on the PC workstation, users are able to easily share and move information between products in the suite. This capability to move data to the most appropriate product for further handling the immediate task provides the user the best use of his/her time and the tools available.

•

•

•

Ease of use - Microsoft Access is an easy to use database for novice users and experienced developers. It shares a common user interface consistent with the other Microsoft Office applications.

Powerful development environment - Microsoft Access is a relational database accessed with ANSI-SQL.



•

t recommended unless strong business reasons can be presented to support the development.

ications and also for purchase of proprietary software that requires the use of VSAM datasets.

Data Integration - Microsoft Access using ODBC links other data together for user manipulation and reporting.

Mainframe Database Environment The current mainframe database environment is comprised of the primary DBMS, ADABAS, as well as VSAM and SAS datasets. Although their roles have been reduced in the Core Technology Architecture, they are included in order to provide continued support of legacy applications and when business needs dictate their use. DB2 UDB has been implemented on the mainframe and is the recommended database for enterprise applications being developed on the OS/390 platform.

DB2 UDB DB2 Universal Database (UDB) from IBM is the leading RDBMS in the OS/390 environment. It was procured by TxDOT in September 2000. DB2 UDB is the recommended database for new enterprise applications on the OS/390 platform. DB2 UDB is a robust RDBMS that includes such features as data referential integrity, data security, triggers, stored procedures, and access to the data via structured query language (SQL) queries. DB2 UDB provides scalability for any future growth, flexibility with size and types of applications it can support, and availability (24 X 7 if needed). Applications can be interactive, such as online transaction processing (OLTP) or decision support (DSS), or they can be batch applications that run independently.

The core technology of DB2 UDB is the same for all platforms. The platform recommendation will be based on the application needs and the information provided during the project’s Technical Architecture Design Assessment, described in the strategy portion of this section.

ADABAS C ADABAS C (ADABAS) was procured by TxDOT from Software AG (SAG) in 1976. While ADABAS C is not a true relational database, it does support the relational model. Continuing to use ADABAS for legacy applications and for the specific applications that it handles best should continue to benefit TxDOT. TxDOT has a massive amount of data and applications residing in ADABAS. Over time, as business needs arise and new client/server applications are developed, data may be moved from ADABAS to an RDBMS.

ADABAS will continue to be available to support legacy applications. Also included will be routine maintenance and modifications/enhancements to existing applications.

As defined by user needs and system design, there may be instances in the future when ADABAS will be the database of choice. The ADABAS environment is very stable. It provides excellent performance (response time) with excellent support and knowledge base at TxDOT. ADABAS securely handles high data volumes and high transaction loads very well. Any development that requires an interface to other ADABAS applications may require the use of ADABAS.

VSAM Future development using VSAM is no

VSAM will continue to be available for support of legacy appl



SAS Future development using SAS is not recommended unless strong business reasons can be presented to support the development.

SAS datasets will continue to be available for support of legacy applications. SAS datasets may be chosen for new development only if:

•

•

•

The key to the interoperability of gateway products is transparency to the user. The following benefits

• Vendor - seamless integration between vendor products • the data resides to access it • • ay products for a variety

Gateway products allow users and developers to gain access to information without concern for the t

t

Concepts of Gateway Products

urces, such as ADABAS and VSAM, through PC-

• They g

• y; translate standard SQL into the target database dialects, identify

The proposed application is primarily processing statistical information, and

The application development cannot be completed in a more timely manner, and

The RDBMS cannot provide a more robust solution.

Gateway Products

Description of Gateway Products Gateway products are used to integrate all major data sources to create seamless environments of data access.

can be realized:

Data location - user does not have to keep track of whereData access language - SQL provides the consistent language interface Administration - support personnel have one tool to administer the gatewof data sources.

location and name of the databases. The result is that the user can access the data utilizing consistenscreens/access mechanisms. A user could ask to retrieve certain data and get the desired results withouknowing whether the data is stored on ADABAS, VSAM or Sybase Adaptive Server Enterprise (ASE) onany platform.

Gateway products provide the following functionality:

• Facilitate users’ access to non-relational data sobased application development and query/reporting software. They allow for read, write and update capabilities, and the ability to join relational and non-relational mainframe data. Enable access to multiple data sources without knowing the details of each piece of data.maintain a global catalog of enterprise data, containing the location of data, differences in naminconventions and data types. Provide full SQL transparencthe distributed data tables, retrieve the needed data, and join it as though it were stored within a single database running on one hardware platform.



Allow mainframe transactions to access and update LAN based RDBMS data and to execute stored procedures.

•

•

•

Allow connection to the LAN based clients and servers on the network without modifying the existing LAN environment or applications. Allow support of mainframe security systems and map a user ID and password as required to access a specific data source.

Sybase Gateway Products

Table 5 is a list of products that can be used for accessing data stored on the mainframe Direct Access Storage Device (DASD).

Sybase Products Description Sybase Open ClientConnect for CICS Sybase Open ServerConnect for CICS

Open ClientConnect for CICS allows mainframe transactions to access and update LAN based RDBMS data and execute stored procedures. Open ServerConnect for CICS makes mainframe data accessible to a client/server computing environment.

Sybase DirectConnect Sybase DirectConnect is a networking product that allows customers to connect their LAN-based Sybase clients and servers to TCP/IP networks without modifying their existing LAN environment or applications. DirectConnect works with Open ServerConnect to support mainframe security systems.

InfoHub InfoHub is mainframe-based software that enables direct SQL access to non-relational data sources such as ADABAS, VSAM and sequential files. It allows for read, write and update capabilities, and the ability to join relational and non-relational mainframe data. InfoHub works with Open ServerConnect.

Adaptive Server Enterprise (ASE) with Component Integration Services (CIS) and Extended Enterprise Option (EEO)

ASE with CIS and EEO is an integrated gateway to multiple data sources. It maintains a global catalog of enterprise data, which hides the location of data, differences in naming conventions and data types from users. It maps user ID and password as required to access a specific data source. It provides full SQL transparency, translating standard SQL into the appropriate target database dialects. These products leverage existing investments by supporting legacy data and providing an evolutionary migration path to new systems and applications.

Table 5 - Sybase Gateway Products for Access to Data Stored on Mainframe DASD



Gateway Product Integration Figure 8 represents how gateway products could be incorporated into the overall database and application architecture.

D a tab ase G a te w ay s S c en a rio s

S y b a se D ir ec tC o n nect S er ver

S yb a se A dap tiv e S erv er E n terp ris e

T C P /I P

C IC S O /S

M a in fra m eM V S O / S

A D A B A S

Om

niSQ

L A

cces

sM

odul

e fo

r Inf

oHub V SA M

C lie n t W o r ksta tio n

L A N C on n e ct io n

Se qu en tial F il e

O pe n Se r ve rC o nn e c t

S yb a se A dap tiv e S er v er E n ter p ri se w ith E E O an d C I S tu rn ed o n

Figure 8 - Gateway Products and Database Architecture

Benefits of Gateway products Benefits of Gateway products include:

• •

•

he benefit of the strategy is to allow ISD staff to work with a project team to determine the database best

Emerging Technologies The adoption of the database strategies should be implemented through the development of new applications. It is evident that databases will continue to grow and additional features and enhancements will be provided.

Leverage existing investments by supporting legacy data Provide a migration path to new systems and applications; legacy data can remain on the mainframe with application data in the Sybase Adaptive Server Enterprise (ASE) database Leverage existing investments by integrating the mainframe into an advanced client/server environment

Note: An evaluation project is underway to replace the current gateway products. At the time this document was published, a decision had not been reached as to what vendor package will be implemented.

Benefit of RDBMS Strategy

Tsuited for an application based on application requirements.



Some examples of the emerging technologies to be investigated include:

ternet/Web-based Applications

Ad hoc reporting for client/server databases

• Gateway technology, especially for DB2 UDB and Oracle

• Data Warehouses vs Decision Support Systems

• Backend for In

•


Hardware Architecture

HARDWARE ARCHITECTURE

Strategy TxDOT’s hardware strategy for workstations, laptops, and servers is to standardize on a single processor architecture. TxDOT’s hardware strategy for printers, scanners and copiers (connected to a workstation, server, or network) is to standardize on Windows NT/2000 compatible devices. Connection to the network will be standard for PC workstations, servers and shared devices. TxDOT will standardize on a limited number of hardware vendors. The goal of this strategy is to strive for the greatest investment protection and lowest overall cost of ownership while providing an adequate platform for future development.

Strategy for the Mainframe The mainframe platform should remain in place to support present legacy applications and future

lities such

uirements for increased capacity on the mainframe can be addressed by the implementation of Parallel Sysplex and the use of CMOS-based technology. These enhancements have the potential of

Strategy for PC Workstation and Laptop Processors

the

Strategy for Server Processors ovell file and print servers and Windows

Novell and Windows NT Server Processors s. The Intel 80x86 processor

applications that may operate more efficiently on the mainframe than in other environments. Applications requiring high volume batch processing, high volume transaction processing facias provided by CICS, or ready access to legacy data may be candidates for residing on the mainframe platform. Future req

increasing capacity and reliability while reducing operating cost.

The primary processor architecture for workstation and laptop processors is Intel’s 80x86 line of processors. The newer processor families in this line are branded Pentium III and IV. This is the predominant processor architecture in use today, has the widest range of software available, and isbest supported processor architecture available.

There are two server categories. The first category contains NNT/2000 application and database servers. The second category is highly scalable, high performance servers running UNIX.

This class of server follows the same strategy as for workstations and laptoparchitecture is the best supported architecture for Novell and Windows NT/2000 Server platforms.



UNIX Server Processors UNIX servers will use IBM’s PowerPC processor architecture. IBM is one of the large players in the UNIX provider market. For this reason a great deal of support exists for the PowerPC line.

Strategy for PC Workstations PC workstations should be Intel-based microcomputers that connect to either the LAN or WAN. All systems will be capable of being connected to the network, either by a network interface card (NIC) or by dial-in. PC workstations are stratified into two levels of utility: low/middle (mid), and high. Recent advances in

• General productivity applications such as e-mail and mainframe access • • IS • • ent • Software development •

There are two classes of workstations:

• Low/Mid - meets the needs of a large portion of users •

•

•

•

•

price/performance capabilities of business level microcomputers have eliminated the previous distinction between low and mid-range workstations. The purposes for which they are used fall into the following categories:

Front ends to future client/server applications Engineering applications such as CADD and GDesktop publishing Document managem

End user support

High - used where performance is most critical

Items common to all machines should include:

PC workstations should have a CD-ROM drive to aid software installation, document distribution, and support. PC workstations should be Desktop Management Interface (DMI) compliant to aid in remote management. PC workstations should have a network interface, either integrated on the motherboard or a PCI network interface card (NIC). The Wake on LAN feature should be included with the NIC. Monitors should be .28mm dot pitch or better and should be capable of non-interlaced operation at maximum resolution.



Optional PC workstation features include:

PC workstations may have business sound to facilitate Computer Telephony Integration (CTI), Computer Based Training (CBT), Video Conferencing, and other emerging technologies and as dictated by TxDOT business needs.

•

• •

DVD ROM to be used in association with training, document distribution and support. CD-RW for low cost data storage and PC backup.

All new microcomputers procured should be part of the hardware model shown in Table 6. These microcomputers should be deployed appropriately considering the user’s needs and the hardware’s capabilities. Note: Modems are addressed in the “Remote Dial-in/Dial-out” section of this document.

Configuration Low/Mid High

Processor 1.3 GHz Pentium IV 1.3 GHz Pentium IV

Monitor One 17"(1280x1024) OR One 21"(1600x1280)

One or two 20-27" (1600x 1280)

CD ROM 32x minimum 32x minimum

Hard Drive 20 GB 1-20 GB OR 4-100 GB RAID array

Memory 128 MB RAM 256 MB RAM, expandable to at least 1 GB

Business Sound Optional Optional

Network Interface

Either integrated or NIC Either integrated or NIC

Approximate Cost

$1,000 - $1,200 $2000 -$4,000

Table 6 - PC Workstation Configuration Guidelines



PC Workstation

Uses Low Mid High

General Client Mainframe access (3270 emulation) Application client General administrative work

Multiple applications Inter-application communication Heavy network communications Time-sensitive work

Not recommended

CADD Occasional use Plan review Measurement Labeling

Full time 2D and 3D drafting Design using GEOPAK, Microstation, CAiCE, GIS, etc.

3D rendering and animation Solids modeling Finite element analysis Advanced design procedures

Software Development

General programming GUI development Client/Server development

Working on large local databases/files CADD programming Advanced GUI development Client/Server development

System Analysis Help desk General use

Networking analysis Remote management Software delivery Enterprise Manage

Support Network Monitoring

r support ment Console

Table 7 - PC Workstation Use Guidelines

The minimum amount of memory in the low end PC workstation is designed to be sufficient for running

• One or more network protocols • •

As well as the following foreground processes:

• One office suite application • An Internet browser or other application (either custom PowerBuilder/Visual Basic/OLE app,

Microsoft recommends 16 MB for Windows NT with any protocols loaded and an additional 8 MB for

the following background processes:

Novell GroupWise eMail GroupWise Notify

database client, or other application)

one office suite application. Additional memory is required for the GroupWise background processes. To provide an adequate platform for future development and to run existing applications well, the entry level workstation should have a minimum of 128 MB RAM.

Disk prices have fallen dramatically, while disk space requirements have increased. The trend is for entry level systems to come configured with at least 20 GB disk drives. This allows the use of larger virtual memory settings, which improves performance. The time between system disk upgrades will be increased, extending the system lifespan and preventing the end user disruption caused by a disk upgrade.



Strategy for Laptops The strategy for laptops is to use devices with a minimum processor speed of 450 MHz using a Pentium processor. There is a lag in processor development for laptops such that they are always a generation behind PC workstation devices. These devices should meet the following minimum requirements:

4.3 GB Hard Drive • • • • • • • •

• • •

• • •

• • •

64 MB RAM, expandable to 256 MB Active or Passive matrix color screen AC converter/battery charger One type II PC card slot Integrated modem/LAN connector (Ethernet) Integrated pointing device CD-ROM or optional DVD-ROM

User’s needs for laptops are more individualized than for workstations. For this reason laptops are not stratified into specific classes of devices. The size of components included should reflect the business application of the device. The benefits of this strategy are:

Dual use at the office and the remote site Remote connectivity The interchangeability of PC cards (formerly known as PCMCIA cards)

PC Workstation and Laptop Acquisition Strategy The acquisition strategy recommended is to procure similar devices in each class to increase parts interchangeability and to reduce the number of different drivers required.

Mainstream users will use a powerful minimum configuration. This will delay the need for major system upgrades or replacement. Benefits of this strategy are:

Avoid the operational impact and disruption to end users caused by major mid-life upgrades Reduce the frequency and number of re-deployments of existing devices (migration) Simplify device migration support by the use of similar devices from a limited number of hardware vendors Increase TxDOT’s ability to exploit next-generation software environments Extend the useful system lifespan Replacement strategy – 36-48 months for workstations, 48 months for laptops.



Strategy for Servers Servers are a strategic component of distributed client/server environments. As such, these devices should have a high degree of reliability and flexibility to ensure the goals of maximum up time and scalability. The server strategy is geared toward facilitating those goals.

Servers are categorized as general print, file, application, and/or database servers or highly scalable, high performance application and/or database servers. Servers satisfy a great diversity of needs from a varied group of users. For this reason, servers are not stratified into classes for specific uses. The components included, and the size of those components, should reflect the business application of the device.

Novell and Windows NT/2000 Servers Hardware options range from stand-alone dual processor tower configurations to rack mounted multi-processor configurations. Listed below are the minimum requirements:

• • • • • • •

Postscript should remain available as an option.

Pentium III or greater based multiple CPU system unit 512 MB RAM RAID level 5 disk arrays DLT tape backup Fault tolerant capabilities Rack mounted chassis where cost effective Uninterruptible Power Supply (UPS)

UNIX Servers A myriad of hardware options exists. Projects contemplating using UNIX servers need to work closely with ISD to determine if sufficient computing resources exist in the central UNIX server farm, or if additional machines, processors, memory, disk space, or I/O adapters must be purchased. ISD will work with users to build specifications when additional purchases are required.

Strategy for Printers, Plotters, Scanners, and FAX/Copier/Printers

Printers Laser printers are recommended for all TxDOT business applications. Impact printers should continue to be used until they can be economically replaced with laser printer or if the business application has a continued need for this type of printer.

PCL5 or 6 is the recommended printer language. This is the predominant printer language in use today and has the widest availability of devices and Windows device drivers. The HPGL2 printer language should be used for engineering output where required due to its increased efficiency.



Listed below are the minimum requirements for laser printers to be used in TxDOT architecture:

• • • • • • •

• • • • • l print controls accessible via the LAN • • • Scalable memory with 128MB minimum

Scanners will be used for a variety of data input tasks ranging from the scanning of business ted

• Resolution - 600 x 600 dpi (minimum) • Scan speed of three (3) pages per minute (PPM) in color, seven (7) PPM for black and white

• • • •

Printer throughput – minimum 16 pages per minute Minimum Resolution - 600 dots per inch (dpi) Paper handling capacity - 500 sheets including both 8 1/2”x 11” and 11”x17” Output - Black and white or color Availability of either a Token Ring or Ethernet 10/100 adapter Printer language - PCL 5 and Postscript compatible. Internal printer controls accessible via the LAN

Plotters Plotters will primarily be used for the production of engineering drawings. Other applications such as the production of project plans, surveys, and GIS information also utilize plotters.

Listed below are the minimum requirements for plotters to be used in TxDOT’s architecture:

Resolution - 1200 dots per inch (dpi) (black and white), 600 dpi color Capacity - A through E size drawings; long axis 36” widths (roll) Paper handling - both roll and sheet devices Availability of either a Token Ring or Ethernet 10/100 adapter (preferred) for attachment to the LAN InternaPrinter language – PCL 5 and Postscript compatible Internal hard drive – Two (2) GB minimum

Scanners

correspondence to engineering drawings. To accommodate this wide range of documents, lisbelow are general specifications for scanners to be used with this architecture:

documents Optional page feeder with a capacity of at least 25 pages Availability of either a Token Ring or Ethernet adapter (preferred) for attachment to the LAN Sizes – True 11” x 17” full bleed on small format; true 36” widths on large format Scan color or black and white

Shared devices are to connect to the network directly whenever possible. This provides the fastest and most flexible method of connecting to a device and allows the use of redundant NetWare or Windows NT servers to provide better device management.



FAX/Copier/Printer A new class of network-attached device is the fax/copier/printer. Approval from ISD must be obtained before connecting a fax/copier/printer device to the TxDOT network. Approval will be based on a thorough test of the requested hardware.



Benefits of Hardware Strategy

Benefits of this strategy are:

Reduced costs associated with end user support, training, maintenance, and deployment • • • • •

•

Reduced duplication of effort Reduced disruption to end users Increased manageability Extend system lifespan

Emerging Technologies The price versus performance curve will continue to change as will the performance needs of users. Industry benchmarking will be repeated at some interval to determine the optimal disk size, processor speed and number of processors, as well as the predominant microprocessor architecture. The strategy will be modified to ensure that new devices are procured from the upper middle portion of the performance curve. The specific manufacturers should continue to be chosen from among the top two tiers as defined by the Gartner Group. Trends and technologies that are emerging now should be examined for inclusion in the hardware architecture. These technologies include:

The Universal Serial Bus II (USB2) has begun to be incorporated into motherboards. This will allow a large number of peripherals to be connected through a single port. The present throughput speed for USB is 12 MBps and higher bandwidth is proposed with USB II.

•

• •

• •

•

•

• •

Firewire - IEEE 1394 connections will allow even faster data transfer speeds between peripherals and microcomputer workstations. Present implementations of Firewire are rated at 100Mbps with proposed increases to over one (1) gigabyte per second. RAMBUS- A direct DRAM replacement that provides very high throughput bandwidth (1.6GBps) Intelligent Internet Workstations - Small form factor units that focus on providing access to the internet for specific applications such as point of sale or data entry terminals Small Computer System Interface (SCSI) is evolving from the current SCSI-II into SCSI-III. Microsoft is adding clustering capabilities into the NT operating system, which may allow for more powerful servers to be configured from a group of less powerful devices. The technology associated with multi-processor machines is changing so that it is becoming easier to produce multi-processor devices inexpensively. 120 MB 3½” floppy drives are beginning to be offered as replacements for existing 1.44 MB 3½“ floppies. Flat panel displays are getting larger and less expensive . Wide format copiers (36” wide media) have changed recently such that these devices may also be used as scanners and printers. These devices are extremely expensive, however their print speed is forty times as fast as current devices. These devices may be able to supplement or replace existing wide format scanners. Business solutions may also exist that leverage existing large format plotter technologies with enhanced precision scanner/copiers and should be investigated prior to purchase for a more complete solution.


Remote / Dial-In / Dial-Out

REMOTE / DIAL-IN / DIAL-OUT

Strategy District remote dial-in services are needed to provide core functionality for four primary groups of users:

Support personnel • • •

Approved telecommuting personnel Remote laptop users at various locations

Remote dial-in must be considered as an option for these groups of users due to the cost comparison of providing dedicated high-speed lines to support telecommuting and laptop users. With a remote dial-in strategy, users will have the ability to connect to the LAN to update files, retrieve mail, check schedules, or synchronize with client/server databases. Support personnel should be able to diagnose and solve problems without the time delays of traveling to the remote site.

Components

Remote / Dial-in District dial-in should be provided to enable core client/server applications and connectivity. Dial-in should be accomplished with a minimum 33.6 kbps modem from both non-LAN attached PC workstations and laptops.

Dial-in should be accomplished through a modem server with the capability of servicing multiple, simultaneous communications sessions over multiple incoming lines (Citrix server software on a dedicated server). The modems on the Modem Server will need to be capable of running in a modem pool. A toll-free number is recommended at each dial-in server to facilitate the dial-in process for remote users dialing long distance.

Division and Office dial-in as well as needs for specialized dial-in servers will be evaluated on a business-need case evaluation. Dial-in servers that are identified as a core requirement will be placed at campus locations.



Dial-out / Modem Pooling Dialing out to external resources should be accomplished through the use of a Novell NetWare Connect server utilizing a pool of high-speed modems. Access to the dial-out server should be limited, for security reasons, and granted to users as business needs are identified. Multiple outgoing phone lines and modems would be monitored to ensure that adequate resources are available for both Area Offices and District headquarters personnel to utilize.

Figure 11 depicts the components for the District dial-in/dial-out architecture, and Figure 15 depicts the components for the Division/Office dial-in/dial-out architecture.

56 kbps

3745-210A

Tr

768 KB

3 Mbps Local ethernet

64 kbps

Router

3 Mbps

Bridge Router

56 kbps

3745-170

Tr

Tr

Tr

PC Workstation

eth

PC Workstation

eth

PC Workstation

eth

PC Workstation

Eth

Router

Eth

Eth

Eth 10BaseT Eth

PC Workstation

District Office

ISD Camp Hubbard

Maintenance Office

Novell Server

Novell Server

TxDOT WAN


Training Center

PC Workstation Area Office

PC Workstation

Dial-out

Netware Connect Server

PC Workstation

On SiteMaintenance Office

NT Database/ Internet Proxy

ATM/Frame Relay

NT BDC and


eth Router

Remote Laptop

Home PC Workstation Dialup

Dialup

Mobile Users & Telecommuters

PC Workstation

Printer

Application Server

Figure 9 - Dial-In/Dial-Out Architecture Components for a District



Tr

3 Mbps

768 Mbps

Router

56 kbps

3745-170

Tr

Tr

Token Ring-45

PC Workstation

eth PC Workstation

eth

PC Workstation

eth

PC Workstation

Division or Office

Novell Server

TxDOT WAN


Dial-outNetware Connect Server

NT Database/

Internet Proxy

Frame Relay

NT BDC and


eth

Router

Remote Laptop

Home PC Workstation

Dialup

Dialup

Application Server

PC Workstation

Figure 10 - Dial-in/Dial-out Architecture Components for a Division/Office

Benefits of Remote/Dial-in/Dial-out Strategy The selected architecture benefits TxDOT business objectives in the following ways:

Enables remote access to applications

TxDOT will be able to develop and use client/server applications in which data synchronization is handled by transferring database changes as necessary without the high cost of direct connections. Users in remote locations will still be able to take advantages of groupware products, such as scheduling, e-mail, the Internet, intranets, and client/server applications.



Supports approved TxDOT Telecommuters

Gartner Group estimates that there is a 70% probability that there will be more than 137 million users worldwide by 2003 that will engage in part-time telecommuting as a function of their employment. Over half of this number will be in the United States. Gartner also believes that employee and corporate productivity/effectiveness will increase for those enterprises that have been able to track key telecommuting performance metrics.2 This strategy will provide an infrastructure that will enable TxDOT to take advantage of telecommuting opportunities as they arise.

Increases High-Speed Modem Availability to More Users

All users requiring modems would have access to high-speed modems. The modem relationship to users will be many-to-many instead of the current one-to-one relationship. Another advantage would be the ability to consolidate the number of modems to one physical area, while maintaining the ability for users to dial-out to resources which exist outside of the Department.

Enables Coordination of Upgrades

By centralizing the location of the remote access servers at the District Offices, the department can capitalize on concentrated efforts to upgrade modems. By concentrating user access to fewer sites, fewer overall modems are needed (as opposed to each user having his/her own modem or even having access servers at the Area Offices). This will enable the department to upgrade to higher speed modems or new technology as they become cost-effective to implement. Also, upgrades become available immediately to all users, not just a few.

Eases support issues

Having both the dial-in and dial-out servers located at the District Office will also help with problem solving by utilizing the training and technical expertise of the District automation support staff.

2 "Key Trends and Drivers of Telecommuting" (IGG-050698-04) Gartner Group



Emerging Technologies Several emerging technologies appear to be viable alternatives for future remote access connections. These include Digital Subscriber Line (DSL), wireless and cellular networks.

Digital Subscriber Line (DSL)

DSL is a modem technology used to transmit speeds of up to 52MBps (for limited distances) under current copper wire technology. A real plus for this type of technology is that it uses existing telephone wiring infrastructure negating the need for new or additional wiring. However, the distance from a central exchange to the endpoint may limit the range of installation for this technology.

Wireless Networks

Wireless networks require little setup in the traditional sense of installing a local area network. A central transmitter/receiver is connected to the LAN. Workstations and laptops have wireless adapters installed to communicate through the central transmitter/receiver. This type of setup is excellent for a training scenario or where a network needs to be set up very quickly.

Cellular Networks

As the cellular systems become more established and extended throughout the state, and as new technologies are introduced, prices should drop to the point that cellular dial-in access could become a viable alternative.

As these technologies mature they should be revisited as to their place in the Remote Access / Dial-in / Dial-out strategy of the Department.


Office Suites

OFFICE SUITES

Strategy Office software suites are software applications grouped together in a single package that generally includes a word processor, spreadsheet, graphics, and database. These products are distinguished by the tight integration between the applications which allows for the sharing of data between applications, common interfaces, and the ability to link objects between the applications.

The recommended office suite is Microsoft Office. Microsoft Office has built-in interoperability between products which facilitates data sharing. Also, Microsoft Office allows users to easily work with existing documents created using WordPerfect and Lotus 123. Users can open most WordPerfect documents using Microsoft Word. Also, most Lotus 123 spreadsheets can be opened and modified with Excel.

Microsoft has an 85% market share of the office application suites, according to the Gartner Group. The large market share should increase the product’s chances of viability in the future. The large market share also provides increased support available from more sources, increased third party development and productivity tools, and more job applicants with product experience.

Components Microsoft Office has the following components:

Word for word-processing • • • •

• • •

Excel for spreadsheets PowerPoint for presentation and graphics Access (in the Microsoft Office Professional Version) for personal database use

Benefits of Office Suites Strategy Benefits of this integrated office suite include:

Interoperability of the office suite components. A common user interface in the applications.

•

Office suite technology that should be included in the future includes:

• ers. • Office suite products that generate Web content.

Limited conversion required of documents created in WordPerfect or Lotus 123. Data sharing between applications through object linking and embedding (OLE).

Emerging Technologies

Office suites incorporating Internet/intranet brows


Groupware

GROUPWARE ARCHITECTURE

Strategy Groupware has been coined to describe applications designed to provide electronic support for individuals within groups working together toward a common goal. The term usually refers to applications that are grouped into a single product encompassing e-mail, scheduling, calendaring, file sharing and workflow.

The TxDOT groupware architecture is composed of GroupWise by Novell. GroupWise by Novell is a workgroup productivity tool that integrates electronic mail, personal calendaring, task management, group scheduling, and workflow routing.

GroupWise features

E-mail capability • • • • •

Personal calendaring Group scheduling Task Management Phone messages


Groupware

Components of the Groupware Architecture Figure 11 presents the GroupWise architecture. It represents the type of components and topology that make up the overall GroupWise deployment within TxDOT.

District Office

ISD Camp Hubbard

Maintenance Office

External E-mailPost Offices

InternetE-mail

Post Office

Area Office

Post Office

Post Office

Post Office

Post Office

Austin Main Office

Post Office

Post Office

Post Office

Post Office

Post Office

CentralPost

Office

Austin Riverside Complex

Post Office

Post Office

Post Office

Figure 11 - Summary of the GroupWise Architecture

Major Components of the GroupWise Architecture

Central Post Office in ISD for clearing messages between Districts, Divisions, and Offices • • • • •

Post offices at all District sites. Some Districts have multiple post offices depending upon size. Post offices located at Area Offices. Dial-in for GroupWise from telecommuters, and laptop users utilizing the Citrix server. Direct connection between Austin Main Office and Austin Riverside post offices to accommodate high traffic volumes.


Groupware

Emerging Technologies and Future Considerations The continued adoption of the groupware strategies listed above will be a dynamic process. It is evident that newer technologies are being developed that offer advantages to TxDOT. Also, some current product offerings should be reconsidered for future architecture releases:

Lotus Notes

Notes is a client/server environment that allows users (or clients) to communicate securely over a local area network or telecommunications link, with a document residing on a shared computer (or server). Notes combines an application development environment, a document database, and a sophisticated messaging system, giving the user the power to create custom applications for improving the quality of business processes in areas like product development, customer service, and client management. Web Based Conferencing

volves a number of different communications solution including a virtual

e of web

Web based conferencing inwhiteboard for group communication and the use of internet based video transmissions for presentations. Video teleconferencing, where bandwidth permits, over the internet is one usconferencing. Extranets

Extranets are secure internet connections between business partners that are used primarily for parts ordering and electronic payment. Business to business (B2B) communication is one of the prime

MS)

components of the e-commerce environment.

Electronic Document Management System (ED

ocument. The EDMS is documented in the EDM architecture d


Groupware

ENTERPRISE SYSTEM MANGEMENT

Strategy The ability to effectively manage TxDOT’s Information Technology resources is critical in a distributed environment. The Enterprise Systems Management architecture is a very important component of the overall management strategy. This solution should be compatible with the other infrastructure decisions made for TxDOT.

Capabilities An Enterprise System Management application will offer the following capabilities:

An overall managing framework

The managing framework provides an overall picture of all SNMP items on the network that are being managed. Agent software on servers feed status information back to the framework and the status of each managed object is displayed on a central enterprise management console. Other SNMP managed objects such as hubs, routers, switches, printers and plotters send SNMP alerts back to the enterprise management console. All status actions are logged and appropriate corrective actions, if necessary, are initiated.

Automatic software and hardware inventory

Automatic software and hardware inventory is a software module that can detect all devices attached to the network, gather inventory information about both the hardware and software, and place this information into its database. An administrator can query the central database and determine, among other things, a machine’s free hard disk space, amount of RAM, or what operating system is running.

Automatic software distribution and installation

Automatic software distribution and installation allows the system administrator to easily perform unattended software installations, using the extensive inventory information to properly target the machines that need software. Software distribution can start from the Central Site Server down to designated distribution servers and onto the clients. The administrator can set up a push or pull installation with the option of a network shared application or a standalone version. The software distribution product will have a method for revision control and updating of previously delivered master images.

Remote Control

Remote control software allows a microcomputer workstation or server to be controlled by another workstation. It is used for remote administration of servers and to provide customer support to end-users.


Groupware

Configuration The Enterprise System Management architecture consists of the following components:

Central Site Server • • •

Primary Site Server Client software.

Software is distributed from the central or primary site down to the clients. Inventory is passed up to a primary site on up to the central site.

Figure 12 represents the configuration architecture of the enterprise system management application at TxDOT.

Maintenance Office

Area Office

District Office

PrimarySite

Server

ISD Camp Hubbard

CentralSite

Server

PrimarySite

Server

Austin RiversideComplex

PrimarySite

Server

MainOffice

Austin

PrimarySite

Server

Figure 12 Enterprise System Management Architecture


Groupware

Figure 13 represents the logical flow of information within an enterprise system management application. Software updates and configuration changes will flow down from the site server to the workstations. Inventory information will flow upward from the workstations to the central site server.

PRIMARY SITESERVER

PRIMARY SITESERVER

CENTRAL SITESERVER

Servers, Workstations, and Laptops

SoftwareUpdates

InventoryInformation

Figure 13 Logical Flow of Information Using An Enterprise System Management Product

Selection Computer Associates' Unicenter has been chosen as the department's enterprise management system. Modules for asset management, software delivery, and remote control provide the ESM foundation while TNG provides the basic framework product.

Benefits Automated hardware and software inventory collection and management is faster, cheaper, and more accurate (compared to manual methods), saving time and money, and making possible more informed business decisions.

•

• •

The ability to remotely troubleshoot machines will save both support time and costs. Automated software distribution reduces installation and configuration costs (compared to manual methods) and provides greater control over software assets.


Groupware

Emerging Technologies and Future Consideration

Browser based management console • • • • • •

Service Level Management Advanced Network Management Application Management Storage Management Single Sign On


Reliability and Fault Tolerance

RELIABILITY AND FAULT TOLERANCE

Strategy The Reliability & Fault Tolerance Architecture is the basis for ensuring that system availability is maximized and effects of hardware/software problems are minimized. The architecture to ensure reliability of systems within TxDOT is described in the following sections.

The Reliability & Fault Tolerance Architecture is designed to provide the framework to deploy hardware and software that will be incorporated into processes and procedures.

Components of the Reliability & Fault Tolerance Architecture

File Servers Placement

All file servers should be placed in a controlled access environment. Division file servers supported by ISD should only be accessible to authorized ISD support personnel. File servers supported by district and division IS staff should be accessible to authorized IS staff for the district, division, or office as well as authorized ISD support personnel.

Backup and Off-Site Storage

File server backup and off-site storage guidelines have been added to the Information Resources Collection - Information Security Volume as Chapter 9 – Microcomputers and Microcomputer Networks. Complete and incremental server backups should be performed using Computer Associates' ArcServe software.

Server backups should be made with magnetic tape or optical backup units. Servers should be able to support unattended backups with direct attachment or remote connection to a backup unit.

NetWare Servers should include a tape or optical backup unit and backup software.

The LAN backup database will be the source of backup information to support LAN administration and data restoration.

Core Technology Architecture - Version 4.0 TxDOT 4/02 57


Redundancy

Redundant systems on NetWare file servers can be implemented at varying levels of protection. These implementations should be based on business needs.

•

• rive (HD) Duplication: Two levels of HD duplication should be implemented. The first

el

Spare Hardware

Server Duplication: Where applicable, NetWare file servers can be mirrored such that two identical server systems are in operation simultaneously. If one server fails the other continues to service its clients without the client's awareness of any problems. In a campus environment file servers can be located in different buildings, further minimizing the effects of a catastrophic event. Hard Dlevel available is Hard Drive Mirroring or RAID (Redundant Array of Inexpensive Disks) Level1, where partitions on separate disks are mirrored by the NetWare operating system software. RAID Level 1 is the lowest level of acceptable HD duplication. The second level is RAID Lev5 (Distributed Data Guarding), which utilizes a special RAID Hard Drive Controller, and distributes parity over each drive. RAID Level 5 is tolerant of single-drive failures.

Sufficient spare parts, up to and including a spare server, for file servers should be available either at

Uninterruptible Power Supply (UPS)

the district or maintained centrally at ISD. The Area Office servers will be identical for each district and a spare will be kept at the district office.

All file servers will be plugged into an appropriately sized UPS. The UPS will be able to and safe

Plan

communicate power outage information to the file server, so it will shut down in an orderlymanner. Recovery

a future version To be defined in

Problem Notification

Problem notification and resolution will be managed through the ISD help desk

UNIX Servers

Placement

All UNIX servers will be placed in a controlled access environment approved by ISD. Only authorized support staff should have access to the servers.

Backup and Off-Site Storage

Databases and file system files will be backed up according to the guidelines in Chapter 9 of the

Redundancy

Information Resource Manual.

should have high availability components including hot swappable drives, redundant UNIX serverspower supplies, mirrored boot drives, etc. Hard drives may be mirrored (RAID Level 1) or striped (RAID Level 5) for data redundancy.



Spare Hardware

There are no plans to store spare parts for the UNIX servers.

Uninterruptible Power Supply (UPS)

All UNIX file servers will be plugged into an appropriately sized UPS.

Recovery Plan

The ISD Operating Systems Development and Support and the Database Administration branches have policies for restoring data from backups. Contact the ISD help desk to request such an operation. Problem Notification

and resolution should be managed through the ISD help desk.

Local Area Network (LAN) LAN can be defined as the physical transport media and

,

Two types of LAN failures usually occur: the first being failures associated with the physical plant or .

The first type of failure encompasses much territory, some of which is covered elsewhere in this wiring,

lude

ol).

Problem notification

For reliability and fault tolerance purposes, thehardware necessary to transport information at the local campus or single building level. This includes Token Ring and Ethernet hubs, fiber optic cable plant, Category 5 (CAT 5) building wiring, patch panelspatch cables, faceplate assemblies and drop cables (from the wall jack to the computer). Devices attached to the LAN via Network Interface Cards (NICs) such as printers, workstations, and file servers can also be included in this definition. However, the concern is more with how these devices communicate with the LAN rather than how well they are operating.

attached devices as defined above and the second being failures caused by the nature of network traffic

document (NetWare File Servers, Hubs, etc.). Items such as the fiber optic plant, CAT 5 buildingand patch cables should be installed by qualified technicians and certified appropriately. Rudimentary test equipment has been provided to each district to test the fiber optic and patch cables. This test equipment is NOT adequate for testing the CAT 5 building wiring.

The second type of failure, due to network traffic, is more difficult to prevent or diagnose. The best preventive measure here is a good network design and good hardware. Future improvements will incToken Ring and Ethernet switches. Virtual LANs (VLAN's) will be implemented, where appropriate, to control network traffic. To help diagnose problems, network management systems running HP OpenView have been provided at each district office, Camp Hubbard, and Riverside, allowing network managers to monitor and diagnose LAN traffic problems. This software communicates with the Token Ring and Ethernet Hubs using RMON (Remote Monitoring) and SNMP (Simple Network Management Protoc

Wide Area Network (WAN) WAN reliability and fault tolerance will be addressed initially by utilizing the Permanent Virtual Circuit (PVC), the Committed Information Rate (CIR) capabilities of Frame Relay and the Quality of Service (QOS) capabilities of the Asynchronous Transfer Mode (ATM).

PVC

PVC's will enable the creation of additional redundant links to the TxDOT WAN. Frame Relay allows for meshed networks. Since each endpoint in a Frame Relay network can have one or more



addresses, each user location can be connected to one other location, several locations, or all locations. If every location were connected to every other location, the network can be described as "fully meshed". Future design of TxDOT’s WAN will incorporate a “partially meshed” structure that will allow districts to have more than one WAN connection. This will enhance the reliability of WAN connections by providing an alternate data path if the primary link fails.

CIR

The CIR is the maximum sustained subscriber data throughput rate that the network commits to supporting per permanent virtual circuit (PVC). At a maximum, the CIR is equal to the interface speed of the router. WAN connections will be monitored and if it is determined that the capacity of a particular link is approaching its CIR, steps can be taken quickly to increase the CIR to reduce bandwidth bottlenecks.

QOS

QOS describes the ability to guarantee the timely delivery of information on networks, control bandwidth, set priorities for selected traffic, and provide security of the data during a transmission.

Mainframe The mainframe architecture includes many features that contribute to its high availability. Among them are redundant hardware components (processors, memory, channels, battery, etc.), concurrent maintenance (hot-swappable components, and an operating system (OS/390 or z/OS) that is highly multi-tasking and self-correcting. The Parallel Sysplex feature and continued software and hardware innovations increase system availability to near-zero downtime.

Virus Scanning PC Workstations, Intel based Servers, and Laptops

All PC workstations, Intel-based servers, and laptops should be scanned for viruses to prevent loss of information or damage to files. The scan should include all files on the disk drive, including all disk partitions.

The virus scanning software that should be used for PC workstations is McAfee VirusScan. A copy of McAfee VirusScan should be installed on each PC Workstation and laptop with updates and patches applied as made available by McAfee. Also, McAfee should be installed and used on each Intel-based server.

This section will be developed further in a future version.

Additional Topics to be Considered for a Future Version PC Workstations •

• • • • •

NT Servers Citrix Server Dial-In Dial-out System Monitoring Databases



• tenance Office Dial-In • • ise • • • • Virus Scanning for UNIX Workstations, UNIX Servers, and the Mainframe

Emerging Technologies and Future Considerations

• Hierarchical backup for LAN/WAN and PC workstations

Off-site MainApplicationsGroupWHUBs Routers Laptops


Information Security Architecture

INFORMATION SECURITY ARCHITECTURE Strategy Information security is an aspect of the core technology that is gaining increasing importance, due to the exposure of more and diverse interfaces, processes and data to business partners, intranet users, and to the outside world. As TxDOT's information environment continues to develop and diversify, it will be necessary to apply different strategies to different aspects of that environment because of the unique security approaches available in each (e.g., mainframe vs LAN/WAN). Both federal laws and state laws, such as Texas Administrative Code (TAC)201.13b, regulate TxDOT's operation in this area, and consequences for non-compliance are becoming increasingly severe. This architecture and the applicable federal and state laws apply to all TxDOT information resources. Information resources are defined as all TxDOT data, software, and hardware (including support infrastructure such as leased communication lines, contracted commercial Internet Service Providers (ISPs), etc.).

The security architecture is summarized as follows:

Physical Security

Critical TxDOT information resources are those resources used to support critical TxDOT functions, and they should be kept behind at least a double layer of security. A double layer of security refers to a combination of two layers of security used concurrently on separate entry locations. For example, a security card reader is used to enter a building, and a combination door lock is then used to enter an office area. In addition, software should be secured in a locked desk or cabinet when not in use to prevent loss, theft, or misappropriation.

Operating Systems Security

Functions such as authentication, using a user ID and password for login, are typically performed by the operating system. A “trusted” operating system (TOS) is a system that goes beyond authentication, providing its applications with an infrastructure to control access to resources using rules defined by a security administration function. OS/390, with CA/Top Secret, is a TOS. AIX, Windows 95, 98, and NT are not, unless an add-on package such as Argus’ Pitbull is implemented. The operating system may also provide other security features such as PKI (Public Key Infrastructure) functionality. Communications Security

Security on a communications link can be accomplished using hardware or software encryption or

ctions

Applications Security

protocol disciplines such as usage of PKI (Public Key Infrastructure), SSH (Secure Shell), or SSL (Secure Socket Layer). Access can be controlled via ser IDs, passwords, proxy servers, native security, etc. The perimeter of a computing facility can be secured using intrusion detection funand firewalls. Security for e-mail is an important subset of Communications Security, introducing additional concepts and their related issues such as digital signatures, non-repudiation of messages, digital certificates, encryption, and content management.

In many cases, a computer application is the only place where security can be implemented ion, and appropriately. The business rules governing the need for security are inherent in the applicat

they are awkward to implement in any other context. In these cases, computer programs must implement the needed access controls, possibly making use of data about users and resources



accessible through an Application Program Interface (API) and originating from a security datIn addition, many proprietary software packages come with "built-in" security features which must be used and which do not interface well with enterprise security packages.

Information Resources Security

abase.

The security of information resources which are of value to the enterprise is important wherever they

f virus

Components plement the security architecture, described below, will vary depending on the

may be, including in computer memory, on storage media (including paper), or in transmission. A business-driven risk assessment should be performed for all automated systems. Then a level of security should be applied to the data/resources which is commensurate with its value to the organization and sufficient to contain the risk at an acceptable level. In addition, some form oscan software should be installed on all hardware to the maximum extent possible where technologically available.

Specific functions to implatform. Architectural considerations for each function will be considered on each of TxDOT’s majorcomputing platforms and transmission methods. A description for each major computing platform follows the individual component definitions.

Identification

Identification is used to distinguish one user from all others and provides a means of gaining access to d TxDOT's information resources. The most commonly used form of identification is a user ID associate

with a password for authentication purposes.

Authentication

Users are authenticated when they are definitively identified by one or more of “who they are,” now” and

thentication when digital signatures are required

• terprisewide public key infrastructure

TxDOT has implemented a user authentication before accessing services scheme.

Auditability

“something they have,” or “something they know.” IDs and passwords implement “what they kare the most commonly used, although not necessarily the best, method of authentication.

When authentication is required, one of the following practices is recommended:

• Authenticate users prior to accessing services • Use Public key / Private key technology for au• Use token-based or strong password-based authentication where public key certificates are not

feasible Use an en

ccess by users to information resources is necessary to establish responsibility for actions

n, e

Security Administration

A record of awhich are regulated by applicable policies and laws. For example, if a user runs a program which changes the contents of a payroll file, it must be possible to hold this user accountable for this actiowhether authorized or not. Most operating systems provide some sort of access logging. However, thdecision to use that logging capability must consider the additional overhead it places on the system and the performance degradation incurred. The audit trails (logs) must be preserved for a reasonable length oftime so that auditing is possible for a history of access, whether proper or improper. Audit logs should be retained for a minimum of 90 days.



Administration of security involves defining and carrying out policy. Policy is implemented by the use of a combination of user awareness and technical controls such as logon passwords and resource access rules. All organizations experience change. Keeping security systems synchronized with that change is essential. For example, employee additions, transfers, and resignations must be reflected rapidly. Administration of security in a distributed environment is a complex task, including the means to administer user accounts, privileges, authentication, and security policy implementation. The complexity of administering security can be reduced by:

• Structuring responsibility for security (i.e., creating an organization structure with defined responsibilities)

• Simplifying the complexity of security requirements (e.g., role-based administration vs. user-based administration)

• Creating security domains with common security requirements and policies • Having the proper tools for performing security administrative functions.

Access Control

Access by users to computer resources is controlled by security software and, in more limited cases, hardware. Rules governing the control of access are prepared by security administrators and implemented in security systems software.

Access controls may be built into the operating system, may be incorporated into application programs or major utilities, or may be implemented in add-on security packages that are installed into an operating system. Access controls may also be present in components that control communications between computers. A multi-platform, inter-operable set of access control services has yet to be fully specified in industry.

ise resources and outside

Separation of Function

The choice of security approach depends on application capability and requirements and the advantagesof a particular approach (e.g., transparency of underlying network protocol, architecture support for a particular choice, and enterprise-wide decisions on securing communications).

External access controls are a means of controlling interactions between enterprpeople, systems, and services. They should permit authorized remote access by authorized employees of the enterprise, citizens, and external trading partners. External access control must also ensure that confidential information transported outside the enterprise is protected from unauthorized access.

orce separation of function to avoid the “fox guarding the hen house” and dual

eness can

Although software can enfnarrow specialization situations, it is important that management and policy be considered. No indivishould have exclusive control over a resource. Changes to enterprise data resources should be communicated to more than one individual in a position of trust and authority so that appropriatbe continuously reviewed and no individual can devise a way to violate policy and avoid detection.

Preservation of Data Integrity

complished by a combination of security, data backup and restore ed

Preservation of data integrity is accapability, contingency planning, checks and balances controls, and auditing. Data integrity is includin the scope of information security but, in many respects, extends outside of it.

Threat Detection and Countermeasures

ging threats such as denial of service attacks and viruses is t

social engineering and false viruses.

Protection of information systems from emeraccomplished by functions including intrusion detection, virus protection software, firewalls, and incidenanalysis. Countermeasures include log analysis, user awareness programs, and running current levels of software. Managers and security administrators must also understand non-technical threats including



Policy Analysis

There will be continuous updating of policy to protect the enterprise from emerging threats. Additionally, ges to infrastructure to implement these policies. There also must be tools that allow there will be chan

security administrators to test whether security controls currently in place are effectively implementing policy and to do “what-if” planning in preparation for introducing new controls.


Title for this section goes here

Components

Mainframe Server The mainframe server is currently running OS/390 or z/OS.

Authentication User ID and password are controlled by CA/Top Secret for Roscoe, CICS, and TSO. Batch authority is inherited from the submitter.

Auditability CA/Top Secret provides comprehensive audit mechanisms including utilities to report on events and violations for two weeks past, and the reports are kept indefinitely. TxDOT has implemented additional alerts and prioritized access event reports. System Measurement Facilities (SMF), a component of OS/390 MVS, is an additional resource available to examine activity on the system which covers events within the previous five years.


The Information Systems Division (ISD) Information Systems Security Branch (ISS) performs central security administration including more sophisticated controls, and distributed District/Division/Office (D/D/O) security administrators (currently about 100 employees) handle routine administration tasks for their organizations across the enterprise.

Access Control Implemented with CA/Top Secret for many computing resources including logon processing. Application programs use “Function Codes,” which are stored in ADABAS and accessed programmatically, to control intra-application access. NCS (“Natural Control System”) is used to administrate function codes.


The structure of scope of authority in CA/Top Secret assures separation of function among security administrators. Procedurally, ISS monitors distributed D/D/O security administrators, and members of ISS monitor each other, and ISD Audit monitors ISS.


Data backup mechanisms protect data regularly from loss or inappropriate alteration, and logic built into applications checks data integrity. Programmers are responsible for the correct execution of processes and data integrity in their areas of responsibility. CA/Top Secret performs access control. A contingency management plan is in place.


Daily, weekly, and monthly reports are produced and examined by ISS staff. Audits are performed periodically (semi-annually) and on an as-needed basis in response to events.

Policy Analysis Policy is documented on the Intranet and communicated to all new employees and contractors in New Employee Orientation (NEO) seminars. All new workers must sign forms acknowledging that they understand and agree to security policies. Tools are available in CA/Top Secret to perform audits (TSSAUDIT utility) and “what-if” checks of policy compliance (TS Simulator). Periodically, studies are done to examine and reconcile mechanisms and processes (such as standard programmer profiles) to assure they are achieving the desired objectives.



OS/390 Server Applications Using the Internet

Application Acronym

Application Name



Print/File/Application Servers The servers are a combination of hardware running NT 4.0/2000 and RS/6000 AIX.

Authentication User ID and password are controlled by the Login process for Novell, Unix, and NT. For NT, screen saver passwords are available for temporary protection while a user is logged on and has stepped away from the workstation.

Auditability NT has the Event Log Service and the Security Log. Unix has the Sys Log and the Security Log.


The ISD ISS Branch, in cooperation with the configuration administrator for each platform (NT, AIX, etc), performs most security administration functions.

Access Control NT folder security is implemented by the “sharing” properties, including permissions, auditing, and ownership specifications. In Unix, directory security is used.


The structure of scope of authority in NT administration assures separation of function among security administrators.


Data backup mechanisms protect data regularly from loss or inappropriate alteration, and logic built into applications checks data integrity. Programmers are responsible for the correct execution of processes and data integrity in their areas of responsibility. A contingency management plan is in place.


Domain Name Server reports are produced and examined by ISS staff weekly. Audits are performed periodically (semi-annually) and as-needed in response to events.

Policy Analysis Policy is documented on the Intranet and communicated to all new employees and contractors in NEO seminars. All new workers must sign forms acknowledging that they understand and agree to security policies. Tools are available on NT and Unix to perform audits. Periodically, studies are done to examine and reconcile mechanisms and processes to assure they are achieving the desired objectives.

Use of the Internet

Access is controlled by proxy server software. (Applications may also perform their own authentication as needed.) Logs are maintained by the domain Name Server. (Applications may also their own logging and reporting as needed.) Applications must provide their own security administration interfaces and mechanisms, and administration of security must be provided by the application.



Client Workstations The client workstations are a variety of hardware running Windows 95, 98 or NT Workstation. LAN/WAN security functionality pertains to LAN/WAN-connected devices, not laptops or standalone workstations.

Authentication User ID and password are controlled by the Login process which is controlled by Novell’s Novell client for Windows/2000 software. Win95/98 and OS/2 versions are also available. Screen saver passwords are available for temporary protection while a user is logged on and has stepped away from the workstation. Applications may also perform their own authentication as needed.

Auditability NT offers the Event Log Service. LAN servers have the ability to track client file accesses from the server. E-mail can be monitored by the GroupWise administrator with respect to originator(s), subject, recipient(s), content, and internet traffic.


Workstation users control setting their own passwords, but the LAN administrator can reset them if needed. Workstation users control setting their own file sharing permissions. Client/Server applications may provide security administration functionality on approved client workstations, of which Site Manager is an example for the Power Builder/Sybase platform.

Access Control There are no access control mechanisms on client workstations--except where it is performed within applications such as Site Manager.


Since a workstation is controlled by the individual, no separation of function is necessary, although all workstations are subject to audit if warranted.


Data backup mechanisms protect data regularly from loss or inappropriate alteration, and logic built into applications checks data integrity. Workstation users are responsible for performing backups and restores as needed and for the correct execution of processes and data integrity in their areas of responsibility.


Network Associates, Inc.’s VirusScan NT is used on most client workstations. The VirusScan program detects, identifies, and disinfects known DOS and Windows computer viruses. VirusScan checks memory as well as both the system and data areas of disks for virus infections. If VirusScan finds a known virus, in most cases it will eliminate the virus and fully repair infected programs or system areas to their original condition. VirusScan is designed to check for pre-existing infections of known and unknown viruses on floppy, hard, CD-ROM, and compressed (DriveSpace, SuperStor, Stacker, DoubleSpace, etc.) disks on both standalone and networked personal computers.

Policy Analysis Policy is documented on the Intranet and communicated to all new employees and contractors in NEO seminars. All new workers must sign forms acknowledging that they understand and agree to security policies. The NT Event Log Service is available on NT to perform audits.



Information Resource Transfer to Non-TxDOT Entities Authentication User IDs and passwords are included in the FTP (File Transfer Protocol)

scripts stored in a mainframe library. This library is highly secured, and access is tightly restricted. In the process of the execution of an FTP transmission, authentication is accomplished with the transmission partner using the script. Applications may also perform their own authentication as needed.

Auditability FTP users are logged either on the proxy server (95%) or on the firewall and monitored. Where feasible, audits should be conducted on a recurring basis to ensure continued safe data transfer.


FTP scripts are initially prepared by application programmers and controlled thereafter by ISS.

Access Control The access control mechanisms governing FTP accesses are controlled on the transmission partner’s computer in the case of a PUT operation -- all TxDOT uses. Which TxDOT computer is involved in a receive depends on the transmission in question, and therefore determines the access control in force.


N/A.


Data integrity protection is inherent in the transmission protocol used by FTP, namely TCP/IP. It is always possible to retransmit the file(s) in question in a timely fashion, if data integrity is an issue.


FTP is currently relatively unsecured except through User ID/password authentication.

Policy Analysis Information resource policy is documented on the Intranet and communicated to all new employees and contractors in NEO seminars. All employees must sign forms acknowledging that they understand and agree to security policies. Policies governing FTP security are under review.

Transfer Media Tape -- Data tapes are sometimes created and conveyed to the recipient via certified mail, Federal Express, or other similar company that offers tracking of packages. CD -- Data and program CDs are routinely created and conveyed to the recipient via the most convenient method. However, where confidential or sensitive data or copyrighted software is involved, a method should be used which will provide some tracking and/or confirmation of receipt. FTP -- Outgoing data transfer is accomplished via a PUT operation using scripts controlled by ISD/ISS. Internet -- The Motor Vehicle Inquiry (MVI) application is currently the only one using the Internet exclusively -- and data access is controlled through CA Top Secret. Several additional applications are under development which will use either native Security or will access data on a mirror server outside the firewall.

Required Forms 1828 (Information Security Compliance Agreement) -- This form must be completed by all users who directly access TxDOT data. 1980 (Request for External Access to TxDOT Information Systems) -- This



form must be completed by all non-TxDOT employee users .



E-mail Authentication The individual is authenticated by LAN/WAN login. If digital signing or

digital certificates are used, authentication is accomplished under PKI principles of the combination of the user’s public key and the key registered with a certified key authority. However the current version of Novell's GroupWise, TxDOT's e-mail package, does not support digital signing.

Auditability A log of emails including sender, recipient, date/time, and subject is maintained for 60 days by the Novell GroupWise Server software. The GroupWise administrator can view content of e-mail, and all GroupWise accounts are subject to audit if warranted. Management reserves the right to examine e-mail content at any time. Users should have no expectation of privacy.


Security for GroupWise users is by LAN/WAN user ID/password.

Access Control There is no access to others’ e-mail or calendars except by proxy, which is under control of the individual who grants such rights to others. The exception to this is the GroupWise administrator.


No separation of function is necessary


Restoring e-mail data from backups is difficult, but not impossible. Backups at the daily, weekly, and monthly levels are kept


Network Associates, Inc.’s VirusScan Enterprise Edition is used on proxy servers. The VirusScan program provides protection against e-mail intrusions. Periodic audits are recommended.

Policy Analysis Policy is documented on the Intranet and communicated to all new employees and contractors in NEO seminars. All new workers must sign forms acknowledging that they understand and agree to security policies. Content management technologies are becoming available to ensure that the content of e-mails and attachments are in compliance with policy.



Emerging Technologies / Future Considerations SSL – Secure Sockets Layer

SSL is a network protocol layer, located directly under the application layer, with responsibility for the management of a secure (encrypted) communication channel between the client and server. SSL was developed by the Netscape Communications Corporation and today is implemented in the major WWW browsers such as Netscape and Internet Explorer. The address keyword "https://" is used to designate a secure connection. SSL is designed to provide privacy, authenticity, integrity, and nonrepudiation. Since SSL requires RSA encryption, it is unsuitable for low-CPU power web devices which may use.

SSH --Secure Shell

SSH is a Unix shell program for logging into, and executing commands on, a remote computer. SSH is intended to replace RLOGIN and RSH and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. SSH can secure only one connection.

Secure FTP

Secure FTP remedies the problem of FTP's use of a lot of connections to get data from one computer to another. SSH can only secure onlyone connection. This means that while a password and all the commands given to the FTP program are secure, THE DATA IS NOT SECURE.

Public access to Web interfaces

Security facilities in Centrix servers (kiosks) are still in the development phase.

Trusted Operating Systems for NT and UNIX

Trusted operating systems will harden the operating system against external penetration attempts, and make access control possible using rules.

Content Management Technologies

These will provide the ability to scan e-mail subject lines and body text for keywords or phrases to assure policy compliance. Evaluation in the TxDOT environment is currently ongoing.

Federal Privacy Requirements

Since TxDOT receives Federal money, the department is obligated to comply with continually evolving Federal requirements.

User Identification Technologies

The following listed user identification technologies are in the development stages in private industry. • Token cards

rints ry

s on

• Biometrics ! Fingerp! Hand geomet! Iris biometrics ! Face geometry ! Voice biometric! Signature recogniti



Smart cards and card readers

Authentication Techniques

The following listed authentication techniques have either been developed or are in development in

ey / Private key cryptography

l signature

distribution, update, and revocation

Certific r

private industry.

Cryptography

• Public k• Public Key Certificate • Message digest • Digital signature• Verifying a digita• Public Key Infrastructure

! Certificate generation,! Key backup and recovery ! Key histories ate epository


Glossary

GLOSSARY 7x24 Operations

A term used to describe an entity (usually a computer system or computing facility) that is operable twenty-four hours a day, seven days a week, 365 days a year.

Access Control Access by users to computer resources is controlled by security software and, in more limited cases, hardware. Rules governing the control of access are prepared by security administrators and implemented in security systems software. Authorization is the permission to use a computer resource; access is the ability to do something with a computer resource. Access controls are the technical means to enforce permissions.

Adapters Devices that connect systems through circuits or channels which enable them to be compatible.

Application Server A computing platform whose primary function is to provide application oriented services to users within the business environment.

Architecture A high-level representation of the data, applications, and technology needed to support the business requirements of the Department. It includes a series of principles, guidelines, or rules used by an organization to direct the process of acquiring, building, modifying, and interfacing with IT resources throughout the enterprise.

Architectural Principles An architectural principle represents an architectural assumption or foundation that has been documented and around which the technological architecture has been designed and constructed.

Archival The process of copying data that is maintained on an operational system in real-time to some other type of storage device such as another system or to a data warehouse and is from that point forward used only for “read-only” historical analysis or a similar type of activity.


Glossary


“As-Is” Assessment A baseline understanding of strengths, weaknesses, and core competencies of the “as-is” processes and known improvement initiatives is required here. The team must understand enough of the “as-is” process to comprehend current problems and know when something different and improved has been developed during the visioning process. Recognizing the problems of the “as-is” can help ensure they are not represented in the “to be”. Briefly, these are processes constructed around the current methods of operation.

Asynchronous Transfer Mode (ATM) A standard developed for high speed networking, capable of supporting all types of information flow including voice, data, and images.

Auditability A record of access by users to resources is necessary to establish responsibility for actions which are regulated by applicable policies and laws. For example, if a user runs a program which changes the contents of a payroll file, it must be possible to hold this user accountable for this action, whether authorized or not. The audit trails must be preserved for a reasonable length of time so that auditing is possible for a history of access, whether proper or improper. Most operating systems provide some sort of access logging. However, the decision to use that logging capability must consider the additional overhead it places on the system and the performance degradation incurred.

Authentication Users are authenticated when they are definitively identified by one or more of “who they are,” “something they have,” or “something they know.” User IDs and passwords implement “what they know” and are the most commonly used, although not necessarily best, method of authentication.

Bandwidth The signaling frequency supported by a circuit. It is generally accepted to mean the capacity provided by a particular circuit expressed as a data transfer rate (bits/second). The term is also used to express a requirement for such capacity.

Batch Interface An interface that is generally used to execute high-volume repetitive tasks during non-peak times as a background process.

BDC See “NT BDC”

Benchmarking Performance gaps relative to best-in-class companies provide an approximation of the magnitude of performance improvement possible, thus allowing legitimate targets to be set.

Glossary


Biometrics A unique, measurable physical or behavioral characteristic of a human being for automatically recognizing or verifying identity. All biometric products operate in a similar fashion. First, the system captures a sample of the biometric characteristic during an enrollment process. Unique features are then extracted and converted by the system into a mathematical code which is then stored as the biometric template for that person. When a user needs to be identified, a real-time sample is taken and matched against the stored template. If the match is within predefined tolerances, the user's identity is established. Biometric systems are not 100% accurate. Sensitivity thresholds can be adjusted depending on the level of security required, the acceptability of the type error which might be generated, and user acceptability. The accuracy of biometrics can be improved by combining two techniques such as fingerprint identification and face or voice recognition

Business Area A set of logically related business processes, usually directed towards a common result or set of results (e.g., Determine and Analyze Transportation Needs).

Business Process Reengineering (BPR) / Business Process Retooling A multidisciplinary approach to implementing fundamental change in the way work is performed across the organization to dramatically improve performance. A field of expertise in which the work processes used to support a business entity are analyzed and modified in order to allow the entity to more efficiently and expeditiously conduct its business activities.

Business Resumption Plan (BRP) Also known as a Disaster Recovery Plan (DRP), this is a plan that has been developed and tested under simulated conditions before it is actually needed and that will be put into operation after a natural or man-made disaster in order to allow a business entity to resume its operations that were temporarily interrupted by the disaster.

Business Users Users that utilize components of the technological infrastructure to perform their normal daily work functions.

Cache A technological architecture component that exists between a computer system’s main memory and its disk storage system used to speed up references to data.

CAD/CAM Computer Aided Design/Computer Aided Manufacture.

Change Imperative A clear, succinct, high-impact argument establishing the irrefutable requirement for change.

Glossary


Client A computing platform component in a client/server architecture that is functioning as the requester of processing services.

Client/Server A networking architecture through which a PC or workstation (client) requests information from a LAN file server, mini-computer, or mainframe (server). The client supplies the user interface and conducts application processing. The server maintains databases and processes client requests.

Communications Management Information Protocol (CMIP) A network management protocol developed by the International Standards Organization.

Collapsed Backbone Router A technology in which a router is used to directly switch LAN traffic from message originator to message addressee thus making the electronic communications process more efficient.

Communications Ring A LAN or WAN based, electronic communications segment that has been organized along some combination of functional, geographical and/or topological boundary. For example, a particular communications ring may be designed to provide LAN services only for users located within a particular building or to provide access only to those systems that are used for application development.

Computing Platform This term is used generically to represent a functional combination of computer system hardware, software and all supporting peripherals and services that when employed together deliver computing services to a user or group of users.

Conceptual Design A stage in the computer system design, specification and development process. In this context, this term refers to the development stage during which the high level requirements, design implications and recommendations are determined and documented. The end result of this activity is known as the architecturally based “Conceptual Design”.

Concurrent Users The group of users within a business processing environment that are requesting processing services from the environment at the same point in time. The size of this group can be equal to but is generally less than that of the “Total Users” group.

Cryptography

A technology used to protect the confidentiality of information and which forms the basis for ensuring the integrity of information and authentication of users. Cryptography uses algorithms to scramble (encrypt) and unscramble (decrypt) information such that only the

Glossary


holder of a cryptographic `key' can encrypt or decrypt the information. A cryptographic "key" is a string of alphanumeric characters used along with the information as input into a cryptographic algorithm.

Customer A person or organization unit who receives an IS service or product.

Digital Audio Tape (DAT) Tape Drive A hardware device used by system administration staff for backups and restores.

Data Backup The process of copying data that is stored on a computer system to some sort of secondary storage device so that a full or partial restoration of this data to the system from which it came can be enabled at some future point in time if required.

Data Integrity A measure of the quality of information. The integrity of data is measured in terms of the following characteristics: accuracy, reliability, timeliness, conciseness, non-redundancy, and consistency. Data integrity has been achieved and can be maintained when the data that is stored on a system is physically and procedurally secure from unauthorized and/or unwanted access, protected from concurrent and/or unauthorized or malicious manipulation, and current and up to date across all locations in which it is maintained.

Database Server A computing platform whose primarily processing activity is centered around that of database processing.

Detailed Design This is one stage in the computer system design, specification and development process. In this context, this term refers to the development stage during which the actual implementation design (the how to do with what) is determined and documented. The end result of this activity is known as the architecturally based “Detailed Design”.

Dial-up Access A type of communication between two computer systems in which they communicate with each other via standard telephone lines or through a similar type of medium.

Digital Signature A process which is the equivalent of a handwritten signature in that it ties an individual to a document. The first step in digitally signing an electronic document is to generate a message digest of the document. The signer encrypts this message digest using the signer's unique private key. The document and encrypted message digest are then sent to one or more recipients.

Glossary


Disaster Recovery Plan (DRP) Also known as a Business Resumption Plan (BRP), this is a plan that has been developed and tested under simulated conditions before it is actually needed and that will be put into operation after a natural or man-made disaster in order to allow a business entity to resume its operations that were temporarily interrupted by the disaster.

Distributed Data Data that is located in more than one physical location, usually across two or more servers within a client/server or similar type of architectural configuration.

Distributed Database A database system that is maintained in more than one physical location within the technological architecture but that is represented to the user community as one logical database instance.

Distributed Processing Processing that occurs at two or more physical locations within a technological architecture which is dynamic supplied by a variety of different computing platform resources.

Domain A cohesive collection of hardware and software that is used to implement the specific function of a system such as the Production System.

EIA/TIA 568 Telecommunications buildings wiring standards published by the Electronic Industries Association and the Telecommunications Industry Association. This wiring standard has been mandated by DIR as the state telecommunications building wiring standard.

Electronic Data Interchange (EDI) A standardized scheme used for exchanging business data between different systems with the aid of defined documents such as invoices, orders, delivery notifications, etc.

Element A generic term used to refer to a uniquely identifiable component within the Core Technology Architecture whose interpretation is subject to its usage context (e.g. computer system, domain, environment, etc.).

Employee Computing Any information service, typically application development and report generation, that the end user provides for himself or for a very small number of users. While the IS staffs provide the enabling infrastructure, these employee computing services are not managed by the IS staffs.

Glossary


Enterprise Computing Any information service that spans multiple business areas and multiple Districts/Division Offices.

Environment A combination of hardware, software and supporting services that cooperatively function to perform work.

Face Geometry Biometrics

Face geometry uses a standard video camera to capture facial images and extracts features that do not easily change, such as the geometry of the eyes and nose, from the images. The template created is matched against real-time images. People do change, and facial hair, positioning and glasses can affect accuracy. Face geometry is less accurate than iris and fingerprint biometrics.

Fail-Over The term that describes when some element within a technological architecture (usually a computer system) has the ability to safely and reliably compensate for its own operational failure by switching its processing load over to some other similar type of element within the architecture that has not been affected by the failure and that is able to assume the operations of the failed element.

Fiber Distributed Data Interface (FDDI) A type of network communications medium that is based upon fiber optic technology and which uses light waves as the signal transport mechanism.

Fingerprint Biometrics Fingerprints have long been used as a manual identification tool for law enforcement. It is only recently that the process has been automated with an acceptable degree of accuracy. Fingerprint recognition systems convert a scanned image of a fingerprint into a mathematical representation of the features for storage in a file or database. Subsequent fingerprint samples are compared to the stored template for a match within tolerances established in the system. The main strengths of fingerprint recognition are its long history, the variability in fingerprints, ease of use, medium cost, and high accuracy. Additionally, it has the potential to be integrated into inexpensive devices such as smart cards and keyboards.

Frame Relay A wide-area communications service that can be used to inter-network most locations found within major worldwide urban areas.

Gap Analysis An analysis and comparison of the desired information systems components (data, applications, technology) which are not part of the current information systems inventory. The gap analysis defines desired information systems components that are new or replace/enhance existing components.

Glossary


Graphical User Interface (GUI) An interface such as that provided by Microsoft’s “Windows” operating system that functions to allow a user community to gain access to available processing activities. This interface is usually characterized by resizable windows, scroll bars, push buttons, etc. and operates in a graphics based, bit-mapped fashion.

Groupware Application programs which run on a network and enable groups of co-workers to interact collectively.

Hand Geometry Biometrics Hand geometry has features similar to fingerprints and similar devices are used in both cases. Hand geometry is less accurate that fingerprints because of a lower number of features and less variability in the features. The larger the set of templates stored, the less accurate the system will be.

Highly-Available, Highly-Reliable Terms which define a condition in which a technological architecture has been constructed with redundant (or backup) systems, components and/or communication pathways such that it is highly resistant to failure.

HP-UX Hewlett-Packard’s version of the UNIX operating system.

Identification Identification is used to distinguish one user from all others and provides a means of gaining access to TxDOT's information resources. The most commonly used form of identification is a User ID associated with a password for authentication purposes. Techniques to improve the security of User IDs include smart cards, biometrics, and tokens.

Incremental Backup A backup in which only the files that have changed since the last backup are copied to and stored on the backup device.

Innovative Practices The result of a search of how other successful organizations provide information services. This search is expected to uncover new and innovative ways of doing business which can be tailored for the business area under study.

Intranet An intranet is an internal adaptation of the Internet. Intranets usually reside logically inside a business organization’s firewall and the network traffic is not broadcast to or accessible from the Internet.

Glossary


Iris Biometrics

Iris identification is one of the most accurate biometric techniques because irises have more complex patterns and therefore more unique information available. It is generally more acceptable to users because a camera is used rather than the infrared beam used in retinal scans but it is expensive because of the special optics required.

Legacy System Typically, an existing system based upon older technologies that is functioning to provide key business related processing for an organization.

Local Area Network (LAN) A communications topology that is contained within a defined area such as a floor segment, building or campus and can be constructed using technologies such as Ethernet, Token Ring, etc.

Local User A user that is directly connected to the computer system being used through a LAN or similar type of connection.

Message Digest A method used to ensure the integrity of information (i.e., that the information cannot be altered without detection). The information is put through a mathematical "hash" function which reduces the information to a small numeric value called a message digest. Even the slightest change to the information would generate a different message digest. To verify that information has not been modified, a user applies the same hash function to the suspected information to generate a message digest. If the resulting message digest matches the original message digest, the information has not been changed. One important use of message digests is in digital signatures.

Middleware Software used to facilitate access to systems which would otherwise be incompatible where a client/server environment is being adopted.

Network Addressing Each item of equipment or logical entity (i.e., an application or a user) connected to a network must have a unique network address to enable it to communicate. A network addressing scheme is usually devised to facilitate the management of network addressing.

Network Bandwidth A measure of how much data can be sent from one point in a communications network to another during a specified period of time.

Network Topology The pattern by which individual items of networking equipment are interconnected. Drivers for particular topologies include service level requirements such as availability.

Glossary


NT BDC Windows NT Backup Domain Controller

NT PDC Windows NT Primary Domain Controller

On-Line Transaction Processing (OLTP) The processing of transactions as they are received. Also called online or real-time systems, master files are updated as soon as transactions are entered at terminals or arrive over communication lines.

On-line Users Users who are directly interacting with a computer system in real-time.

Open System Interconnection (OSI) A set of network architecture standards created by the International Standards Organization.

PDC See “NT PDC”

Peripherals (or Peripheral Devices) Computer oriented hardware components such as printers, plotters, modems, RAID drives, etc.

Policy A general statement of principle to provide broad guidance in fulfilling the agency’s mission and in maintaining an agency work environment conforming to federal and state laws. Policy requires, guides, and restricts present and future decisions and actions of the agency.

Policy Analysis There will be continual updating of policy to protect the enterprise from emerging threats, and changes to infrastructure to implement the policies. There also must be tools that allow security administrators to test whether security controls currently in place are effectively implementing policy, and to do “what-if” planning in preparation for introducing new controls.

Procedure A detailed description of required or allowable actions to be executed in delivering agency services or in supporting the delivery of services. Procedures establish sequence, timing, coordination, and specify what shall be done and by whom. Procedures translate policies, plans, and programs into action.

Glossary


Process A set of subprocesses that take input and create one or more outputs that are of value to the customer.

Protocol A pre-established standard that is used to communicate between two entities where each entity is able to understand and communicate with the other.

Protocol Stack Communications functions are generally divided into separate “layers” of protocol, each of which builds on the functions provided by a more basic layer. The combination of these layered protocols is termed a protocol stack.

Public Key Certificate An electronic document which is made available to anyone wanting to verify a digital signature or communicate confidentially with a certified user. This certificate contains the user's name, public key, an expiration date, and other information. It is considered reliable when a trusted authority, known as a Certificate Authority, digitally signs it.

Public Key Infrastructure

The functions required to issue and manage the public key certificates needed for authentication. The Public Key Infrastructure (PKI) generates, distributes, and manages public keys, incorporates Certificate Authorities and related functions, and includes the following services: certificate generation, distribution, update and revocation; key backup and recovery; key histories; certificate repository.

Public Key / Private Key Cryptography A cryptography technique that uses two related keys. Information encrypted with one key can only be decrypted with the other key. The "Public" Key is made openly available in a repository to anyone who wants to communicate with the user in a secure manner. The "Private" Key is kept only by the owner and is never divulged. Since only the owner has the private key, its use is considered sufficient to uniquely authenticate the owner. A digital signature is an example of a private key being used to verify that the sender (originator of the information) is really who they say they are.

Redundant Array of Inexpensive Disks (RAID) A type of data storage mechanism in which large numbers of small and inexpensive hard disks are utilized in combination to provide for data protection, redundancy and recoverability.

Remote Terminal Access Access to a system by any terminal device which is not directly attached to it via a dedicated connection.

Glossary


Remote User A user that is not located at the same place as is the computer system to which communications have been established. Remote communications for this type of user is usually established through dial-up telephone lines.

Scaleable Architecture A technological infrastructure in which the computing capacity can be increased or decreased (scaled) in both a horizontal and/or vertical direction.

Horizontal scalability occurs when the number of similarly configured machines is increased or decreased within an established architecture.

Vertical scalability occurs when a machine or a number of machines within an established architecture is reconfigured or replaced with machines that have more or less computing horsepower. In this case the number of machines will remain constant.


Administration of security involves defining and carrying out policy. Policy is implemented by the use of a combination of user awareness, and technical controls such as logon passwords and resource access rules. All organizations experience change. Keeping security systems synchronized with that change is essential. For example, employee additions, transfers and resignations must be reflected rapidly. Administration of security in a distributed environment is a complex task. This task includes the means to administer user accounts, privileges, authentication, and security policy implementation.


No individual should have exclusive control over a resource. Changes to enterprise data resources should be communicated to more than one individual in a position of trust and authority so that appropriateness can be continuously reviewed, and no individual can devise a way to violate policy and avoid detection.

Server The component within a client/server architecture that is responsible for satisfying a client component’s request.

Serial Line Internet Protocol (SLIP) An asynchronous Internet communications protocol that is commonly used by mobile computers via dial-up access.

Signature Recognition

Glossary


Signature verification depends on the rhythm, relative trajectories, speed, and number of pen touches. It measures the method of signing rather than the finished signature and so is different from the comparison of a signature. A pen-based computer or digitizing pad is required for signature capture during enrollment and during verification. It has a relatively low level of accuracy. It has limited uses where a large number of people must be identified in a limited time. It also has the disadvantage of requiring the individual to want to be identified. This limits its use in applications such as welfare or social benefits identification.

Simple Network Management Protocol (SNMP) A network management protocol standard developed to complement the TCP/IP protocol suite.

Smart Card A smart card is a tamper-resistant computer embedded in a credit card sized card. The cards have embedded integrated circuits that implement a CPU, application data storage, and RAM used by the CPU. Identification security for smart cards is based on: (1) the user physically having the smart card; (2) the user knowing a password or PIN to activate the card's functions; (3) the security functions available on the cards; (4) the tamper-resistant qualities of the card. A smart card together with a user password or PIN forms the basis of identification. If the attempts to access the card exceed a user-specified number of attempts, the card will disable itself or even destroy itself and its contents, if that is preferred. Like a password, the card can be re-enabled after failed attempts unless it has destroyed itself.

Spatial Data Location identifiers used to indicate positions in space. In TxDOT terms, this includes geodetic points (Latitude and Longitude), TxDOT map coordinates, reference marker, and control section milepoint.

Spatial Database A collection of data that is individually or collectively attached to a geographic location.

Standard A definite rule, principle, or measure established by authority; may be used to measure quality based on specified quantities or values. Examples of IS standards include programming standards, technology configuration standards, and data naming conventions.

Subprocess A set of activities that are performed continuously and which take input and create one or more outputs that are of value to the customer.

Symmetric Multi-Processing (SMP) A type of configuration for a multi-processor computer in which all installed CPU’s share elements of the system architecture (i.e. memory and I/O buses) and where each CPU in the configuration works in close coordination with all others in the configuration.

Glossary


System Administration An activity in which the computer systems resident within a technological architecture are maintained and supported in order to keep them operational and responsive to the user community.

System Architecture The combination of hardware, software, services, policies and procedures that when taken together function to define a computer system organization and capabilities.

System Interface A pre-determined and pre-established interface point within a computer systems architecture that is used by one or more other systems for communications between the systems.

Systems Network Architecture (SNA) IBM’s predominant data communications architecture in mainframe environments. SNA provides static routing between interconnected hosts. It was designed for centralized mainframe installations and is not a suitable protocol for client/server applications.

Transaction A transaction is a discrete automated business function which requires interaction between two systems, or a user and a system. An example is updating a customer name and address. A complete transaction may involve several data exchanges.

Transmission Control Protocol / Internet Protocol (TCP/IP) A communications protocol that is used in both LAN and WAN configurations to communicate between two or more computer systems. This is the protocol of the internet.

Technical Infrastructure This term is applied to all hardware, software, peripheral and supporting services that when taken together function to supply data processing capability to a target user community.


Protection of information systems from emerging threats such as denial of service attacks and viruses are accomplished by functions including intrusion detection, virus protection software, firewalls and incident analysis. Countermeasures include log analysis, user awareness programs, and running current levels of software. Managers and security administrators must also understand non-technical threats including social engineering and false viruses.

Three-Tiered Architecture A technological hardware and software configuration in which the presentation, application and database components of the architecture are resident on separate and distinct systems within the configuration.

Glossary


To-Be Processes Processes constructed around the planned for, future methods of operation.

Token Cards Physical cards similar to credit cards that work in conjunction with a User ID to identify a user to the system. Token cards commonly generate either dynamic passwords or a response in a challenge-response communication between the user and the system.

Total Users The group of users within a business processing environment that are expected to request processing services from the environment, but not all at the same point in time. The size of this group is generally greater than that of the “Concurrent Users” group but theoretically can be equal to this group.

Transaction Volume A measure of the number of processing requests that a computer system will receive and respond to within a specified period of time.

Two-Tiered Architecture A technological hardware and software configuration in which the presentation and application components of the architecture are resident on one system in a two-system configuration and the database component is resident on the other system in the configuration.

User ID Usually a unique series of four to eight alpha-numeric characters assigned to a user by a member of the security staff to identify one user.

Voice Biometrics Voice biometrics is based on distinguishing the sound of a human voice based on the resonance of the human vocal tract. It is different from voice recognition, which is recognizing spoken commands or words. The system is trained by repeating a phrase that will be used as an access code. One shortcoming of voice biometrics is false rejects that deny a legitimate user access. This is due to medium to low accuracy rates and dependence on the type of equipment used.

Voice over IP (VoIP) This technology uses an existing IP data network to provide voice communications to nodes on the data network.

Wide-Area Network (WAN) The component of a communications network that is used to tie together separate and distinct local-area networks by using such services as X.25, Frame Relay, T1 and/or T3 services.

Glossary


Windows A graphical based visually oriented operating system marketed by Microsoft that installs on top of DOS (Microsoft’s Disk Operating System).

Windows 95/98/ME The name of Microsoft’s newest release of the Windows operating system based on the original DOS operating system.

WinSock A TCP/IP communications stack that installs on top of the Windows operating system in order to provide the user with TCP/IP communications capability.

Workgroup Computing Any information service that meets the District, Division, or Office needs and can be provided by the business area and/or the Information Systems Division.

Workstation A generic term for general purpose microcomputers, graphic microcomputers, and UNIX stand-alone engineering computers.

X-Windows A graphical user interface that is supported within most versions of the UNIX operating system.

X.25 A communications protocol that is employed across wide-area networks.

core technology architecture -...

Documents