Implementation of a secure co solution through next generati
Alan Brincat is a MITA Enterprise Architect within the Network Services Team
Along the years, MITA always stayed at the forefront in the Information and Communication Technology field by researching, testing, and implementing the solutions that would enable the Government of Malta to achieve its targets in terms of efficiency, productivity, and business continuity. The fundamental, critical, underlying infrastructure that enables all the Government's systems and applications (including Health Information Systems) to be accessed daily by thousands of users from various locations is the Network Architecture.
Back in 2010, MITA had already articulated a Network Strategy Document through which the backbone connecting the two data centres in St Venera and Mater Dei Hospital was upgraded from 2Gbps to 80Gbps providing ample capacity to host and cater for enabling technologies such as Virtualization. Additionally, the connectivity service linking every Government Ministry, department, or small office to the two data centres was also upgraded with more bandwidth at much more competitive prices through the MAGNET III project.
In 2015, MITA underwent yet another extensive and demanding project to add more security, scalability, capacity and resiliency to its Network Architecture. The challenges in upgrading a network architecture vary from the additional capacity required to host the ever-increasing number of personal, more powerful devices to securing the critical systems from unauthorized access. In addition, a significant investment is required to enhance a network architecture the size of MITA's. This resulted in a challenge whereby it was of utmost importance to implement a network architecture that is scalable for a minimum of seven years, thus providing connectivity to every Government employee and supplier using any device such as laptops, smart phones and personal devices.
The firewalling and routing equipment previously used within MITA’s network architecture to segregate and secure internal systems but also to connect remote sites were not designed with the current and future trends of mobility, Internet of things or access based on user and device. This could only be achieved by investing in Next Generation Firewalls that through added functionality and in-built intelligence would meet the future requirements.
Present Days-Procurement and Testing
A long process of research and analysis was initiated as an internal project. Through this process, many key areas of the Network Architecture requiring re-engineering or enhancement were identified. The information acquired by MITA from this process, coupled with the insight from various meetings and presentations held both internally and with industry experts led to a final design with a list of functional, technical, and business requirements that could be transposed into a business case and eventually a call for tender.
Through the procurement process, Next Generation Firewalls were identified that would enable MITA to provide a secure service to the Government of Malta for the seven years to come. Once the contract details were finalized, MITA network engineers attended specialized training and allocated the first 3 months of 2016 testing every feature whilst building the final configuration that would eventually be implemented.
Once the testing was over, the Next Generation Firewalls were configured and connected to the Core infrastructure alongside the legacy equipment that they would eventually replace to facilitate the migration of all the Government systems to the Next Generation firewalls. The two most critical firewalls have been in production for a decade and their decommissioning was delayed until the Next Generation Firewall market was mature enough whereby the added functionality and performance provided would outweigh the considerable effort to replace the critical equipment.
With both legacy and Next Generation firewalls connected to the Core of the Government network, the integration phase of the project commenced during which MITA engineers assessed whether the new firewalls could start taking over the systems and applications hosted on the legacy firewalls. Whilst many small, non-critical systems were migrated to the new firewalls in the data centers at MITA DC and Mater Dei Hospital, a lot of technical work was also being done at a small number of