effective February 10, 2020
Director's Directive No. 11
Developments started before the introduction of the Director's Directive No. 11 of 10.02.20 will be carried out in accordance with the provisions of the agreement and based on present IT profile.
Centre of Registers and Information Systems, IT-profile
1. Scope of application
This document (hereinafter the IT-profile) provides the technical requirements applied to the information systems of the Centre of Registers and Information Systems (hereinafter CRIS), proceeding from administered information systems and the existing infrastructure, and adheres to the principles of national information technology architecture and interoperability framework.
2. General basis
2.1. The objectives of introducing technological standards are:
2.1.1. reduction of administration, maintenance, and training expenses for the given information system;
2.1.2. minimization of possible issues and costs through integration of different information system parts;
2.1.3. ensurance of continued development of employed information technology (hereinafter IT) related solutions at CRIS;
2.1.4. compatibility of employed software and hardware, enabling notable savings through centralized procurements and acquisitions;
2.1.5. minimization of security risks affecting relevant systems;
2.1.6. efficient, secure, and convenient working environment for system users.
2.2. Proceeding from above goals and for the purpose of attainment thereof, the following principles are adhered to in selecting IT products and components:
2.2.1. the number of components with the same functionality from different manufacturers must be minimized. In acquiring standard hardware, equipment from a single manufacturer should be preferred, ensuring better equipment compatibility and operativeness of the entire IT infrastructure;
2.2.2. all selected products must comply with valid industrial standards, whereat open standards should be preferred;
2.2.3. software in a testing stage (beta, release candidate etc.) may be used for testing purposes only;
2.2.4. components and products must comply with security rules provided by CRIS.
2.3. This IT profile is amended and supplemented as required, yet not less frequently than once a year.
2.4. Detailed installation and configuration instructions of employed software are provided separately.
3. Standard hardware configuration
3.1. Server standard:
3.1.1. Servers must belong to the manufacturer’s most recent product generation upon acquisition;
3.1.2. Servers must be installed in equipment cabinets. Blade server solutions are preferred as more rational to manage, saving room and electricity, and reducing cooling needs;
3.1.3. Acquired servers must be IBM, HP, Dell x86 platform servers or equivalent;
3.1.4. There should be at least two 10G server network interfaces (unless otherwise specified in technical specifications of the procurement);
3.1.5. The hard drive of acquired servers must be 146GB or larger;
3.1.6. If a server uses local discs, such discs must be hot swappable and at least two hard drives must function in RAID1 configuration;
3.1.7. Database servers and servers that require high availability must be possible to supplement with SAN Qlogic Fibre Channel Cards that are 2-port and enable booting from SAN disc array;
3.1.8. It must be possible to execute blade server solution and server administration from a web based console and authenticate users via Windows Active Directory;
3.1.9. All server components (discs, memory, network card etc.) must be approved by the server manufacturer and be covered by a common warranty. It must be possible to purchase all of the server components during five years as from termination of server production;
3.1.10. In the interests of later server expansion, at least 3 memory slots per processor should remain free upon acquisition, unless 16GB memory modules are used;
3.1.11. Power and cooling for a rack server must be in an N+1 configuration;
3.1.12. Servers must support bare-metal virtualization (e.g. Vmware vSphere); the server must be included in the software manufacturer’s Hardware Compatibility List (HCL);
3.1.13. It must be possible to perform server hardware monitoring (disc, memory, etc. errors) over SNMP or WBEM/CIM.
3.1.14. A minimum of 3-year on-site 9x5 4 hour warranty is required, including free-of-charge software updates for the hardware during warranty period (unless otherwise specified in the technical specifications of the procurement).
3.2. Minimum requirements for blade server solution's data communication switches:
3.2.1. Layer 2 minimum requirements:
1) gigabit switch
2) 4 UPlink ports (or better)
4) administration: HTTPS, SSH, SNMP
5) at least 250 VLAN support
6) support: 802.3 ad, 802.1w, IGMP v2
3.2.2. Layer 3 minimum requirements in addition to Layer 2 requirements:
1) ACL support
2) DSCP support
3) RIPv2 and VRRP support
3.2.3. Blade server solution's SAN Network switches must be manufactured by Brocade or be functionally fully compatible with Brocade products; the switches must be licensed so that an unlimited number of switches can be added to “fabric”. Port speed must be at least 8Gb/s;
3.2.4. A minimum of 3-year on-site 9x5 4 hour warranty is required, including free-of-charge software updates for the hardware during warranty period (unless otherwise specified in the technical specifications of the procurement).
3.3. Minimum requirements for data communication switches:
3.3.1. IEEE 802.1Q (minimum number of VLANs simultaneously used in one switch 200 and GVRP), 802.1p, 802.1D, 802.1w, 802.3ad, 802.3x, 802.1x, 802.3u, 802.3ab, Auto-MDIX;
3.3.2. Data communication switches must support QoS. For each interface there must be at least 4 independent queues into which packages can be directed based on different IP DSCP values. Consequently, the switch must have the capacity to view IP DSCP values on Layer 3 level, classify the values accordingly, and direct them into different output queues;
3.3.3. User authorization (802.1x and RADIUS) in switch port to ensure access for authorized users only and restricting access based on user needs (must support HP ProCurve IDM solution);
3.3.4. RADIUS, LLDP, IGMPv3, SMON, RMON (at least groups 1, 2, 3, and 9), SNMP v1/2/3, SNTP, SSH, HTTPS;
3.3.5. Port Mirroring to monitor network traffic;
3.3.6. MiniGBIC modules must support 1000BaseSX, 1000BaseLX, and 1000BaseLH;
3.3.7. Opportunity to name interfaces logically;
3.3.8. Read-only memory holds two different permanent software tools;
3.3.9. Equipment must be installed in 19” equipment cabinets;
3.3.10. Equipment must be compatible with HP ProCurve manager and HP ProCurve IDM software;
3.3.11. 802.1x based auth simultaneous use supported on each port. A device must support eight 802.1x auth users per port;
3.3.12. A minimum of 5-year NBD warranty is required, including free-of-charge software updates during warranty period.
4. Standard software configurations
In the case of supplied commercial software, the license must include 5-year security updates. If the procurement does not provide specifics on relevant software related solutions, the following requirements must be adhered to and the latest stable software versions should be proposed:
4.1. Based on given needs, the following server operating systems are used:
1) Linux RedHat Enterprise/Centos
2) Microsoft SQL
3) Postgre SQL
4.3. Web servers
2) Microsoft IIS
4.4. Application servers
4.5. Programming languages