Guide: The original "Smart Energy (Electric Power) Big Data Platform Construction Plan ppt, System Architecture, Large-Screen Visualization" (see the end of the article for the source), this article selects the essence and architecture part, with clear logic and complete content, for the rapid formation of sales The former scheme provides a reference.
1.1.1 Overall construction goals
Through the planning and construction of a government cloud technology architecture in a certain district, it will unify resources with the existing platform, expand capabilities, and extend services, providing safe and reliable cloud services for informatization construction, and laying the foundation for building a service-oriented government.
Through the planning and construction of a government cloud technology architecture in a certain district, on the basis of effectively reducing redundant construction investment, energy conservation and environmental protection, the utilization rate of infrastructure resources is improved, and the unified planning, unified construction, on-demand allocation, and deployment of informatization infrastructure resources in a certain district are realized. Ready-to-use, efficient sharing. Through reasonable planning and small steps, while realizing construction intensification, information sharing, service standardization, and benefit maximization, it meets the application needs of users at all levels and the infrastructure of various committees, bureaus, and bureaus in a certain district. The development of government informatization provides a strong informatization support guarantee.
1.1.1.1 Overall planning objectives
Construction is carried out in three phases. In the first stage, the initial construction at the Iaas level is completed, ensuring that the main business systems in the region and the existing and newly-built non-confidential information systems at and below the third level of security protection of various commissions and bureaus are uploaded to the cloud, and the concentration at the physical level is completed. In the second stage, a district-level government cloud Paas platform is built on the basis of the Iaas-level government cloud to provide unified public services, and gradually require new information systems in the district to be developed in accordance with the Paas platform specifications to complete the co-construction and sharing of application resources. The third stage is to complete the construction of the district-level government affairs cloud Daas platform, realize "cloud-digital linkage", and gradually improve the goals of long-term data update and data utilization on the basis of "three realities".
1.1.1.2 Phase 1 Construction Goals
According to the existing informatization foundation and e-government status in a certain district, and referring to the research opinions of the superior competent department and relevant units, the construction of the government affairs cloud in this district considers the combination of service standards and construction standards.
1. Building Model Goals
In the service standard part, the government purchases services, selects two companies with operator qualifications, and builds two cloud computer rooms to obtain preferential service prices and high-quality service capabilities from competitive service models.
For the part of the construction bid, select a powerful integration service provider to build a unified cloud management platform, purchase third-party software, and complete the related work of application system migration. At the same time, it assumes the role of third-party technical supervision and management, connects the basic services of the two cloud service providers, and assists the government to better use and manage the cloud.
2. Resource scale target
Referring to the scale of virtual resource pools in the first phase of government affairs cloud construction in various districts and counties, the scale of virtual resource pools in a district’s government affairs cloud is preliminarily estimated: 40 systems are expected to migrate to the cloud in the first stage, and the demand for the number of physical CPU cores of production servers increases according to the increase 30% redundancy calculation, the total size is about 3000 cores, the memory requirement size is estimated to be about 12000GB, and the storage requirement size is about 300TB at a ratio of 1:4. Subsequent expansion can be carried out smoothly according to construction and actual needs.
3. Safety construction goals
Anti-tampering requirements for cloud platform webpages: Internet application systems of cloud tenants must take webpage anti-tampering measures before deploying to the cloud platform. Without anti-tampering measures, the cloud platform needs to actively provide anti-tampering measures to cloud tenants, and the Internet application systems of cloud tenants that have not adopted anti-tampering measures for web pages will not be allowed to access the cloud platform.
Cloud platform traffic cleaning requirements and web application protection requirements: It is recommended that operators provide cloud tenants with traffic cleaning services and web application protection services in the form of basic services.
Regarding the virtual firewall of cloud tenants: It is recommended that cloud tenants put forward their requirements, and the virtual firewall policy can only be opened after the review by the Science and Technology Commission. In principle, the firewall policy should be set according to the principle of minimum authorization.
Anti-virus requirements: Provide basic anti-virus services in accordance with the requirements of the host protection system. At the same time, in the cloud environment, provide virtualized anti-virus services in accordance with the latest security requirements.
It is required to complete the grade-guaranteed assessment, and the score is required to reach 85 points or above.
4. App Migration Target
After preliminary research and analysis, it is estimated that 40 business systems will be migrated to the cloud computing center for this business relocation. All systems and units in the region that meet the requirements of the third-level security protection and have the conditions and willingness to migrate to the cloud will be evaluated, tested, and designed in accordance with the standard migration process, and will be summarized into a final cloud migration plan and delivered to The cloud service provider performs the migration implementation.
1 Necessity and feasibility of project construction
1.1 Project Background
The construction of a government cloud computing platform in a certain district closely focuses on the urgent needs of the district government and various government departments to deepen the application of e-government affairs and improve the ability to perform their duties. It provides a public technical environment and service support for various departments to achieve government affairs and business goals, and effectively supports government affairs. Departments flexibly and quickly deploy application services to meet the needs of continuous business development and reform; meet the needs of cross-regional, cross-department, and cross-level information sharing, and the combination of industry systems and government applications; meet the needs of large amounts of data access, storage and intelligent processing needs; to meet the needs of safe and reliable operation.
In order to promote the construction of a service-oriented government, promote the development of a district's government data industry, meet the needs of a district's rapid development of e-government, e-commerce and other informatization, and ensure the repeated construction and information island problems that arise in the future development of informatization construction, it is very useful It is necessary to separate the infrastructure and resources required for the construction of information systems by all departments in a certain district from their respective business applications, intensive construction, unified management, and on-demand use, forming a public platform to support the information construction of various government departments.
1.2 Necessity of project construction
1.2.1 Analysis of main problems
1.2.1.1 The degree of intensification of e-government construction is not high
The various information systems that have been built in our district effectively support the needs of government management and people's livelihood services at this stage. However, due to the different planning standards, it is difficult to support the transformation of government functions. It is urgent to strengthen the overall coordination of e-government planning, construction, and operation, and transform from independent construction and self-contained systems to a cross-department and cross-industry intensive government cloud model.
1.2.1.2 The degree of sharing of information resources is low
Due to the departmental management of many business systems, the "three difficulties" of cross-sectoral resource integration, cross-domain business collaboration, and cross-departmental information sharing still exist. Disadvantages such as out-of-control monitoring.
1.2.2 Policy Guidance Requirements
The state attaches great importance to the development of a new generation of information industry represented by cloud computing, and the municipal government has specified 16 district governments to independently build district-level clouds, which are logically integrated with city-level clouds. The city finally formed the architectural requirements of the "1+16" city and district cloud system.
At the district level, it is required to complete the construction of all district-level government affairs clouds with reference to the goals and requirements of the city-level cloud, separate from the city-level cloud at the facility resource level, share at the intermediate platform layer, and link at the application service layer. Second, the district-level cloud provides centralized cloud services for various departments and units in the district. For the original business systems of the municipal-level lines, under the guidance of relevant municipal departments, the application of government affairs cloud is carried out in combination with the actual conditions of the district.
1.2.3 It is the need for business application and development of government at all levels in the district
From the business point of view of the information system, after the infrastructure is centralized, the project management unit of the government information system can save the planning and maintenance work of the basic implementation resources and the responsibility of security protection.
From the perspective of information data, the intensive construction of network and storage in the cloud architecture provides a more convenient channel and foundation for data aggregation, exchange, and sharing.
From the perspective of overall management and supervision of the information system in the region, the centralized information management of equipment in the whole region can be realized through a unified cloud management platform. It avoids the communication cost brought by the original decentralized management, and makes the overall arrangement and scheduling of informatization in the region possible.
1.3 Feasibility of project construction
Cloud computing technology has matured, and relevant national policies have been issued. Therefore, it is suggested that a certain district build a unified e-government cloud.
Coordinate the use of existing computing resources, storage resources, network resources, information resources, application support and other resources and conditions, according to business needs, new resource pool construction, unified construction and for a district government, various government departments, and various commissions and bureaus A cloud computing-based service platform that provides services such as infrastructure, supporting software, application functions, information resources, operation assurance, and information security, realizes centralized management of service resources, and improves the existing technical service management model and team.
1.3.1 Consideration of construction mode
This project adopts a brand-new service purchase model, while Pudong, Chongming, Jiading and other districts in various districts and counties adopt the traditional construction model. It is understood that Changning Government Affairs Cloud and Yangpu Government Affairs Cloud, which will start bidding within this year, both include service bids (service purchase model) and construction bids (traditional model). Therefore, it is recommended to fully consider the selection of the construction model before starting the construction of the government affairs cloud in a certain district.
1.3.2 Analysis of construction mode
1. Division of Responsibility Boundaries
First of all, before the specific analysis of the construction mode, it is necessary to clarify the construction participants and their division of responsibilities. According to the situation of the municipal affairs cloud, the two operators of China Telecom and China Mobile are responsible for the purchase of computer rooms, networks and basic equipment, and build the cloud foundation. The clouds under construction in Pudong, Jiading, etc. are divided into multiple packages to call operators, integrators, manufacturers, etc. to participate in the construction of government cloud. For the bidding within this year, the Changning Cloud and Yangpu Cloud projects will select two operators for the basic cloud construction (mainly the computer room) according to the service target model, and at the same time, deliver integration services (cloud management, migration) and other work to the integration services business is responsible. In order to achieve the purpose of a reasonable allocation of work tasks.
2. Analysis of advantages and disadvantages of service standards
The main advantage of the service standard model is that the government can purchase services on demand, which guarantees disaster recovery and subsequent expansion services. At the same time, there is less pressure on the government's one-time construction expenditures to avoid future asset management problems. The disadvantage is that the service boundary and service catalog of the government cloud are not yet perfect, and the work service boundary between cloud operators and application developers is also relatively vague, resulting in unclear requirements for service bids in the bidding stage, complex follow-up coordination and high overall service prices risk, and it is difficult to replace the cloud service provider in the future.
3. Analysis of advantages and disadvantages of construction standards
The main advantage of the construction standard model is that under the premise of a clear cloud system, the total construction volume and construction content are clear and controllable, which is conducive to intensive construction, and the service content and service boundaries are easy to define. Since the construction party and the operator are independent, it is relatively flexible to replace the cloud service provider in the future. The disadvantage is that the government needs to invest a part of the funds for construction in the early stage, and has higher and more detailed management requirements, and there will be asset management problems in the construction part at the same time.
In summary, we suggest that our district’s government affairs cloud combine the advantages of the two construction models, adopt the service target model for parts with clear service content, high degree of standardization, and low risk, and gradually clarify service content, high degree of personalization, and low risk. The larger part adopts the model of construction bid.
1.3.3 Considerations regarding the selection of one or more operators
Through the preliminary research and the configuration of each operator’s computer room in the area and adjacent areas, there are two options for choosing one or two operators. The pros and cons are analyzed as follows. The service fee calculation comparison of the two options is shown in the attachment:
1. Select two operators (municipal cloud model)
Advantages: The advantageous resources of different operators can be comprehensively selected. According to the current construction progress of the municipal affairs cloud, different operators have differences in the service items and service prices provided, and can be selectively selected according to the different requirements of the cloud system different operators. And in the process of cloud migration of the system, the services and prices of different operators can be comprehensively compared, and the appropriate operator can be selected to provide services. If you are not satisfied with the service of a certain operator in the future, you can gradually increase the number of cloud systems on the other operator, taking into account cost-effectiveness and flexibility;
Disadvantages: Selecting two operators will generally increase the cost of purchasing services (mainly in terms of network and disaster recovery). In terms of district-level unified cloud management, communication, and task coordination, it is necessary to connect with two operators at the same time, which increases the cost and complexity of management and communication. In the future, there may be differences in the service standards of the two operators, and the difficulty of monitoring and scheduling will also increase.
2. Choose an operator (Jiading, Chongming, Pudong and other district models)
Advantages: On the basis of clarifying the work interface and service catalog in the early stage, only one operator needs to be connected, and management and communication are relatively simple. The complexity of construction is reduced, especially in the case of a small-scale system in the first stage, and the construction and maintenance costs of operators are relatively low. In terms of operation, the interfaces for work order distribution, cloud platform monitoring, and cloud migration are clear. If a failure occurs, the follow-up responsibilities and punishments are also relatively clear.
Disadvantages: Selecting a single operator may easily lead to monopoly. During the service period, the service may not be in place, and the price of non-standard services may be high. It is necessary to clarify the corresponding management methods and service requirements in the early stage. After the service period expires, if it is necessary to change the operator, due to the lack of participation of other operators in the early stage, there may be a problem of difficulty in migration.
Based on the above considerations, it is recommended that the government affairs cloud in our district choose two operators to provide a computer room each, so as to avoid a large amount of repeated investment while forming competition and service advantages.
1.1 Overall Technical Architecture Design
District-level cloud architecture: It consists of a facility resource layer, an intermediate platform layer, and a business application layer. Under the guarantee of the government cloud management system and security system, through various user terminals, it provides unified information support for the government and provides efficient services to the public. external service. See Figure 5-1 below:
Figure 5-1: Schematic diagram of the overall technical architecture of a cloud platform in a district
1.1.1 Design ideas
The construction of a cloud data center is a complex and socialized project, which should be based on a relatively high starting point. From a long-term point of view, we should fully consider the internal integration of the current business system, flexible application of resources, deployment, high availability, and business requirements for unified management. Moreover, high requirements must be put forward in terms of information technology, implementation technology and platform technology.
Based on the principle of "overall planning, intensive resources, and efficient service", adhere to "five unifications, four modernizations, and three collections", the unified planning, unified construction, unified standards, unified management, and unified operation and maintenance of the technical architecture of a government affairs cloud platform in a certain district , Realize the standardization of design, intensification of construction, resource sharing, and integration of operation and maintenance of a government affairs cloud platform in a certain district, and realize resource intensification, data concentration, and business integration. By separating the technical environment from the data and business systems it carries, it promotes the process optimization and content simplification of a district government's informatization construction project, realizes "moving up the platform and extending down the service", and provides "resource coordination" for the informatization construction of a district government , high-efficiency management, flexible deployment, and on-demand distribution" high-quality services.
1.1.2 Service Implementation Architecture
Considering the business characteristics of each committee, office, and bureau, each committee, office, and bureau provides resource services in the form of a virtual data center (VDC).
Each committee, office, and bureau applies for corresponding VDC resources according to business needs. VDCs are divided into Internet applications and government applications according to different areas of business deployment, and virtualized resource pools, physical resource pools, and data resource pools are divided according to load conditions. Unify the export of e-government external network and the Internet.
See Figure 5-2 below:
Figure 5-2: Schematic diagram of the cloud platform service implementation architecture in a district
The platform needs to implement:
Ø Templated VDC, business online in minutes: Through the pre-defined VDC (Virtual Data Center, Virtual Data Center) template, automatic service provisioning is performed, eliminating the need for data center infrastructure planning, construction, installation and commissioning required by traditional methods Complicated and cumbersome steps, once modeled and used multiple times, greatly shortened the construction period, and at the same time visualized, application-oriented rapid modeling, users can simply and flexibly customize according to different business needs.
Ø Unified management: Manage and maintain all data center infrastructure, IT infrastructure and upper-level applications through unified management tools and user-oriented interfaces, which greatly simplifies management and improves efficiency.
Ø Flexible scheduling of cross-domain resource pools to improve resource utilization: through the cloud operating system, use virtualization technology to integrate computing, storage, and network resources scattered in various data centers into a unified resource pool to realize cross-domain resource pools Flexible scheduling to meet business requirements.
1.1.3 Overall logical structure
The overall logical architecture of an e-government cloud in a district is shown in Figure 5-3 below:
Figure 5-3: Schematic diagram of the overall logical architecture of the cloud platform in a district
The government affairs cloud in a certain district mainly includes Internet service applications and government affairs extranet office applications according to the different service objects and users of the user's business system. Zones are logically isolated. At the same time, the two districts carry out unified operation and maintenance management.
The business area is divided into virtualization resource pools, material resource pools, and data resource pools according to business characteristics.
The storage area performs unified storage, and divides different resource pools according to different data types. For example, structured data uses SAN storage resources, and unstructured data uses NAS storage resources.
1.1.4 Government cloud system
Government cloud system: Based on the construction principle of "centralization + distribution", the government purchases services and relies on the government extranet to provide unified services for various departments. Gradually realize the integration of each department's cloud to the district-level cloud sub-center. The whole district eventually forms a "1+N" district-level cloud system, so the district-level cloud system from the perspective of a district's e-government cloud is shown in Figure 5-4 below
Figure 5-4: Schematic diagram of a district’s government affairs
1.1.1.1 Detailed Design of Network System
Corresponding to the logical architecture, the physical architecture of the data center is as follows
How to get the full version
How to get the full version:
For the complete electronic version of the content, refer to the study
You can follow + comment + forward this article
Private message me: plan