Naša št - Zasebno



ICT Standards and Guidelines for the PS Information System

Version: 2020

GENERAL 3

Server hardware 3

User hardware 4

Tablet computers 4

Software – GENERAL 4

Server software – OS 4

Databases 5

System software 5

Virtual environment 5

Business software 5

Development tools 6

User system software 6

Web client (browser) 6

User utility software 6

New solutions and applications 7

Communications equipment 8

Connecting the UPC to contractual partners’ IT systems 8

Given the number and distribution of Pošta Slovenije’s locations, the information system has to be built in a systematic and well thought out way.

In order to ensure that the information system best meets all business needs, but at the lowest total cost of ownership and taking into account the always limited number of qualified personnel available, the IT Department has given much consideration to standardisation and recommendations. Only a homogenous hardware and software IT infrastructure can ensure the highest level of availability for the services provided by the IT Department.

The IT Department has operated in this way since its creation, when the first standards were set, but rapid development requires their constant adjustment and updating.

The IT Department provides all support for the standards listed below, has the necessary resources with the necessary training, and ensures organised and appropriate maintenance at all levels.

The software is almost exclusively Microsoft’s, with whom we have entered into an Enterprise Agreement, which gives us the option to use new versions and lower licensing costs immediately, or is closely related to the vital components of the software infrastructure such as SQL or Active Directory.

STANDARDS and RECOMMENDATIONS

The IT Department uses the following server architecture for the operation of the system and application software:

- Intel x86 platform

- Intel x64 platform

The number and speed of the CPUs, the working memory size, the bus speed and the disk capacity all depend on the specific needs involved as well as current technological capabilities.

The IT Department uses the following user hardware architecture for the operation of the user software and applications:

- Intel x86 platform for workstations and portable computers

- Intel x64 platform for workstations and portable computers

- Intel x86 platform for thin clients

- Intel x64 platform for thin clients

The number and speed of the CPUs, the working memory size, bus speed and disk capacity all depend on the specific needs involved as well as current technological capabilities.

Note: please see the user hardware allocation policy

Regarding the operation of user software and applications on mobile devices, the IT Department supports tablet computers with the following specifications:

- phones and tablet computers size 4'' – 11''

- Android and MS Windows 8 or 10 operating system

- Atom or i3 CPU or better

- at least 64 GB of storage space

- at least one USB port

- SD expansion slot

In general, the IT Department primarily provides the latest version of the system server as well as the user software and support required. However, due to the specific requirements of particular software solutions and the periodic update of software, we generally supply, provide support for and install software solutions for one (and in exceptional cases two) older version(s) in addition to the current one.

The IT Department currently still uses the following basic platforms for the operation of other system software:

- Microsoft Windows Server 2008 R2

- Microsoft Windows Server 2012 and 2012 R2 64-bit

- Microsoft Windows Server 2016 64-bit

- Microsoft Windows Server 2019 64-bit

The choice of Standard or Enterprise (or Datacenter) versions depends on the specific application and tool, and whether resources or a failover setup are required.

When acquiring new system application software, it is necessary to ensure compatibility and appropriate operation on the Windows 2016 version as well as the Windows Server 2019 version.

Pošta Slovenije uses and supports the following storage and data processing equipment:

- Microsoft SQL Server 32-bit or 64-bit (currently still v. 2008 R2 2012, 2016 and the latest)

The selection of standard or enterprise versions depends on the need for resources or failover setup.

When providing business services at Pošta Slovenije, we use a wider range of Microsoft tools (current or -1 version), such as:

- Microsoft Active Directory

- Microsoft Exchange

- Microsoft HIS

- Microsoft SharePoint Server

- Microsoft Project Server

- Microsoft IIS (web applications)

- Microsoft Terminal Services

- Microsoft System Center

- Microsoft TMG

- Microsoft CRM

- Microsoft FIM

- etc.

For systems virtualisation, Pošta Slovenije uses:

- MS Hyper-V

Pošta Slovenije also uses the following tools for provision of business services:

- MS Remote App

- MS Terminal Services

- Scala (ERP)

- MAOP (HR, salaries, fixed assets)

For software development in-house as well as by external vendors (outsourcing) we require the following:

- Microsoft Visual Studio

- Microsoft TFS

-

For user applications we currently provide current (and -1) versions of the OS, which at the time of writing are:

- Microsoft Windows 7 / 64-bit (in a limited scope)

- Windows 8 / 64-bit

- Windows 8.1 / 64-bit

- Windows 10 / 64-bit

When acquiring new user application software, it is necessary to require compatibility and appropriate operation in the 64-bit versions of Windows 7 and Windows 8 and operation in a terminal environment (Windows 2008 R2 / 2012).

Only the following versions of Microsoft Explorer are used for web applications:

- Microsoft Explorer 11

- Microsoft Explorer Edge

For office operations we also provide, maintain and manage Microsoft software (current and -1 versions) such as:

- Microsoft Office

- Microsoft Visio

- Microsoft Project

- Microsoft Outlook

- Microsoft System Center

- etc.

For special requirements and purposes we also support other utility software that runs on the MS platform, such as: AutoCAD, CorelDraw

When implementing new solutions or software, it is essential that they meet the following requirements:

- support integration into the existing hardware and software scheme (described above)

- linked to Active Directory

- provide single sign-on

- use a Microsoft SQL database (if a database is required for its operation)

- also supports terminal mode (if the tool or application is intended for business users – users at business units, PLCs and management board – and is not a web application)

- if the application is also intended as a web service, its architecture must be appropriately separated into levels. This means that the presentation part (web) operates independently within the perimeter of the Pošta Slovenije security protection, and that the database can be located separately and independently from the application

- an installation package has been prepared for implementation in production both for the actual installation of the programme code, the necessary services, system variables, directory structures, etc. and for uninstalling

- system instructions have been formulated and a precise architectural picture formed of the final set-up, including all system requirements

- installation instructions have been formulated

- user instructions have been formulated

- the scope of implementation is known (quantity of users, minimum requirements for operation, amount of data generated per unit of time, necessary retention of data, requirement for security copies, defined “down time” (the time in which it is possible for regular maintenance work to be carried out on an application or in an environment)), with the aim of determining the impact on the Pošta Slovenije IS

- the solution has clearly defined maintenance and the provision of corrections and new versions for new OS

- (if possible) the adoption of the original application code is made a condition upon purchase

- if a particular solution deviates from the defined standards and there is no comparable alternative solution on the market, the vendor or provider must also carry out all adjustments required for the Pošta Slovenije IS in terms of the exchange of data and documents

For connections between network structures, the following should be used exclusively and on all segments :

- Cisco switches

- Cisco routers

- Cisco security devices (PIX, ASA, IDS, IPS)

- Cisco DWDM

- etc.

Any deviation from the above in the current HR framework would mean that the IT Department would be unable to offer adequate support, would lack the required hardware, would not have trained personnel for other platforms such as Unix or Linux, and it would lack competence with other databases such as Oracle, DB2, Ingres, etc. Furthermore, no maintenance has been arranged for any of the above.

This would involve unreasonably higher costs, and would call into question the appropriate level of availability and operation of the solution.

Within the UPC application, we support certain processes in cooperation with external partners. In such cases, we have to connect at least two IT systems. We have standards in place for the connection procedure and method. The security aspect plays the decisive role with regard to the connection method, followed by: scope of operations, level of requirement of data analysis, amount of development needed in the UPC application and at the contractual partner, etc.

We have 4 separate types of IT connections with contractual partners:

1) Support for PS internal processes

This variant is not an actual connection with contractual partners. It involves support for internal processes – off-line transactions (letter and parcel acceptance, delivery, retail sales, etc.) at the point of the transactions – which are closed within the PS system and are not connected outside the PS system (except for the established procedure of the introduction of fiscal cash registers). From the data analysis perspective, this operating method ensures a full range of the desired data. The security risk is low, since data capture and flow do not exit the PS system, thus allowing its full control. This is the largest operation within the UPC application, both from the standpoint of data traffic and revenues generated.

2) Support for processes connected to the systems of STRATEGIC contractual partners

These are processes that we carry out together with our contractual partners. The design is based on the concept that transactions have to be conducted such that they are automatically shown on Pošta Slovenije’s databases (high level of data analysis), as well as at our contractual partners. The security risk is low, since the partner is connected to the PS system only in the data exchange segment, following established protocols. Data capture is carried out exclusively in the UPC application. We use this connection option when working with our strategic partners, where there is a large amount of data traffic and a high level of revenues generated, which consequently requires a high level of system management.

Standard method of connecting systems – data exchange via online services.

3) Online applications connected to the UPC (internal partners)

This is a form of connection between the UPC and contractual partners, where the partner’s online application is to a greater or lesser extent specifically designed solely for use with the UPC and/or PS employees. Online applications hosted on the UPC are designed in line with UPC standards and are usually installed on PS’s systems infrastructure. This ensures low security risk. In this option the online application supports only semi-automatic recording of events in the UPC system, which is partly acceptable to us depending on the specific content and scope of the services. This means that after completing their work on the online application, the user at our contractual partner still has to carry out semi-manual entry in the UPC. We use this form of connection with our partners in cases where we conclude that our own UPC development of an application in cooperation with our partners (following variant 2 above) would not justify the investment in view of the expected scope of the planned services.

4) Online applications connected to the UPC

This is a form of connection between the UPC and contractual partners where the online application designed for connection to the UPC is also designed to be connected to other systems outside of PS. The online application is of course installed outside of the PS system. In this case, the contractual partner has a single application that it sets within specific parameters depending on the requirements of the specific host. It is usually used to provide services (including international) for which the contractual partner is not able to adapt to the host’s IT system, but offers its own online application as a “closed universal box”. In this case, the online application is an “island” within the UPC and does not provide automatic recording of events in the UPC system. Each change to the online application (which is not adapted to the UPC) can cause an immediate error in the UPC application. From the security aspect this option is medium risk, since we have to fully trust our partner that their application will not cause other applications to malfunction or otherwise interfere with our internal system. In this case we are not the owner of the analytics and have to fully trust our partner to send us the appropriate data on the realisation of transactions. Since from the perspective of the UPC these are nonstandard applications, additional training of users is also required. Variant 4, the potential hosting of a contractual partner’s online application on the UPC application, has the following weaknesses:

- the UPC has to meet the contractual partner’s technical requirements, which is not always possible for PS,

- any changes to the contractual partner’s online application could potentially require the adjustment of the system settings in the UPC environment,

- the application functions as an “island” within the UPC application, and therefore the UPC does not record the transactions (everything takes place in the contractual partner’s database),

- PS has no record of transactions conducted via the online application,

- this type of connection is NOT APPROPRIATE for connecting to the systems of our strategic partners.

Drafted by:

IT Department

-----------------------

GENERAL

Server hardwareGENERAL

Server hardware

User hardwareServer hardware

User hardware

Tablet computersUser hardware

Tablet computers

Software – GENERALTablet computers

Software – GENERAL

Server software – OSSoftware – GENERAL

Server software – OS

DatabasesServer software – OS

Databases

System softwareDatabases

System software

Virtual environmentSystem software

Virtual environment

Business softwareVirtual environment

Business software

Development toolsBusiness software

Development tools

User system softwareDevelopment tools

User system software

Web client (browser)User system software

Web client (browser)

User utility softwareWeb client (browser)

User utility software

New solutions and applicationsUser utility software

New solutions and applications

Communications equipmentNew solutions and applications

Communications equipment

CONNECTING THE UPC TO CONTRACTUAL PARTNERS’ IT SYSTEMSCommunications equipment

CONNECTING THE UPC TO CONTRACTUAL PARTNERS’ IT SYSTEMS

-----------------------

[pic]

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download