Scribd
Upload
21 views

EvergreenRelocation_vVendor

Uploaded by

vameboj718
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views

EvergreenRelocation_vVendor

Uploaded by

vameboj718
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Proposal

Evergreen Relocation

CONFIDENTIAL
FOR INTERNAL USE ONLY
2023
Proposal for Evergreen Relocation

Background:
For Office relocations, office will relocate from existing building to new office.

Strategy:
 Server and Computing Facility (Backbone, Server, Storage) will move to DataCenter
(colocation)
 Employee and End Point (Desktop, Laptop, Printer, etc) will move to new Office
Building.

DataCenter

Office Building

CONFIDENTIAL FOR INTERNAL USE ONLY


Data Center Migration Scope
RACK 01 Network RACK 02 Server
Scope
42 DEMARCATION PATCH PANEL 42 DEMARCATION PATCH PANEL
Spec Status 41
40 Internet – Circuit #1
41
40
39 Internet – Circuit #1 CPE 39
Core Switch (L3) 2 Unit 9300-24T-A Include FC Module 8 Port NM8X 38 38
- Configure Stacking (HA) 37 Internet – Circuit #2 Future 37
- Migrate Existing Server and related VLAN to new DC 36 Internet – Circuit #2 CPE Future 36
35 35
- Integration with Firewall Fortigate and Server / other access switch 34 MPLS / LL / Other – Circuit #3 Future 34
- Move VLAN 109 (Server), 115 (SAP), and new VLAN creation (DMZ, OOB) 33 Internet – Circuit #3 CPE Future 33
DELL Lab-3 Server
32 32
Fortigate 1 Unit 90E with Advanced Threat Protection (IPS, Advanced Malware 31 MPLS / LL / Other – Circuit #4 Future 31 DELL Lab-2 Server
30 Internet – Circuit #4 CPE Future 30 DELL Lab-1 Server
Protection Service, Application Control, and FortiCare Premium) 29 29
- Configure HA with existing Customer own spare unit Forti 90E 28 ATS - Network Future 28 ATS - Server Future
- Configure Integration with new Internet Link 27 27
26 Fortinet F/W #1 26
- Assessment of the network topology to Configure S2S VPN with customer 25 Fortinet F/W #2 25
Tape Backup (autoloader MSL2024)

sites (+/- 10 Branch S2S VPN) 24 24


23 WAN SW01-1 (L3) Future 23
NAS Backup (Synology RS3621xs+)
Migration - 7 Unit Server (3 old unit, 4 Production Hyper-V, with list of VM on next 22 WAN SW01-2 (L3) Future 22
21 21
slide. 20 DMZ SW01-1 (L2) Future 20 Server Backup
- Health Check (+Confirm Customer VM inventory) 19 DMZ SW01-2 (L2) Future 19
- Test Restore 18 18 FSS-HST-01 (non SAP Hyper-V #1)
17 Core Switch (L3) 17 FSS-HST-02 (non SAP Hyper-V #2)
- Plan Migration scenario 16 Core Switch (L3) 16
- 1 unit Storage 15 15
FSS-VHST-01 (SAP Hyper-V #1)
14 OOB SW01-1 (L2) Future 14
- Vendor to propose with migration step 13 OOB SW01-2 (L2) Future 13
- Eg. Labeling, dismentle, Moving, install, final labelling, insurance. 12 12
FSS-VHST-02 (SAP Hyper-V #2)

- Infrastructure UAT (from Vendor, include Standard Infra VM – eq. AD, File Sharing, DNS, 11 Server Switch (L2) 11
DHCP, etc) 10 Server Switch (L2) 10 Huawei SAP Storage
9 9
- Application UAT (from User, supervise by Vendor)
8 8
7 7
6 6
5 5
4 4
Optional Forti Manager License 3 3
2 2
- From above assessment, Configure the SDWAN for +/- 10 sites. 1 1
CONFIDENTIAL FOR INTERNAL USE ONLY
Office Migration Scope
RACK 01 Network RACK 02 User
Scope 42 DEMARCATION PATCH PANEL 42 DEMARCATION PATCH PANEL
41 41
Spec Status 40 Internet – Circuit #1 40 Patch Panel Facility #1 (WiFi, CCTV, etc) 24 port
39 Internet – Circuit #1 CPE 39 Cable Management
Core Switch (L3) 2 Unit 9300-24T-A Include FC Module 8 Port NM8X 38 38 Patch Panel Future
37 Internet – Circuit #2 Future 37 Cable Management
- Configure Stacking (HA) 36 Internet – Circuit #2 CPE Future 36 Patch Panel Future
- Migrate Existing User Segment and related VLAN to new Office 35 35 Cable Management
- Integration with Firewall Fortigate, access switch, and WiFi 34 MPLS / LL / Other – Circuit #3 Future 34 Patch Panel User #1 24 port
33 Internet – Circuit #3 CPE Future 33 Cable Management
- Move VLAN 110 (Client), and new VLAN creation (Wifi , OOB) 32 32 Patch Panel User #2 24 port
31 MPLS / LL / Other – Circuit #4 Future 31 Cable Management
Migration - 2 Unit Fortigate 81F 30 Internet – Circuit #4 CPE Future 30 Patch Panel User #3 24 port
- Reconfigure the Fortigate with new Office Internet IP 29 29 Cable Management
28 28
- Reestablish the S2S VPN to new DC (or Branches). 27 ATS - Network 27 ATS - Network
- 3 Unit Access Switch Production (and several more +/- 3-5 unit) 26 26
- Patching between Patchcord and Access Switch 25 Fortinet F/W #1 25 Facility Switch (L2)
24 Fortinet F/W #2 24 Cable Management
- 4 Patch Panel (3 For User, 1 for Facility eq. Wifi, CCTV, etc) 23 23 User Switch (L2)
- 100 Patch Cord Provided 22 Core Switch (L3) 22 Cable Management
21 Core Switch (L3) 21 User Switch (L2)
- Vendor to propose with migration step
20 20 Cable Management
- Eg. Labeling, dismentle, Moving, install, final labelling, insurance. 19 Core Switch (L3) 19 User Switch (L2)
18 Core Switch (L3) 18
17 17
16 DR Server Future 16
15 DR Server Future 15
14 Off site Backup Storage Future 14
13 Off site Backup Storage Future 13
Optional PC Movement (+/- 35 unit) 12 12
11 11
10 10
9 9
8 8
7 7
Wifi ACCESS POINT;AP-514,ARUBA + Aruba Central AP Foundation 3y Sub E-STU 6 UPS #1 6 UPS #2
(4 unit – estimated, please assess base on material for room and coverage) 5 5
4 4
- Installation & Configuration (+/- 4 SSID, User, VIP, IOT, Guest) 3 3
2 2
1 1

CONFIDENTIAL FOR INTERNAL USE ONLY


Data Center Relocation - Overview

Network Topology:
All sites are run on IP Sec VPN under Fortigate 60F, 80F and 90E
Infrastrcuture pointing to HQ Jakarta

Strategy:
 It is important to bring new Datacenter link UP and
reconfigure all the branches (if not the branch will disconnect
and required engineer to configure on each distrik/branch
site)

Fortigate 90E FGT90E4Q16003292 26-Jul-2018


Fortigate 81F FGT81FTK20000325 8-Apr-2021
Fortigate 81F FGT81FTK20000520 8-Apr-2021
Fortigate 81F FGT81FTK21011099 20-May-2022
Fortigate 60F FGT60FTK2009A0P0 28-Jul-2021
Fortigate 60F FGT60FTK20085528 8-Apr-2021
Fortigate 60F FGT60FTK20086209 8-Apr-2021
Fortigate 60F FGT60FTK20089269 8-Apr-2021
Fortigate 60F FGT60FTK20088932 8-Apr-2021
Fortigate 60F FGT60FTK2009A0PN 8-Apr-2021
Fortigate 60F FGT60FTK2009A0WJ 8-Apr-2021

CONFIDENTIAL FOR INTERNAL USE ONLY


Data Center Relocation - Overview

Application:
Business : SAP, Krishand, QPR, Zahir Accounting
IT Infrastructure : Microsoft Operating System (Server & Client), Office, o365, ESET Antivirus, Veeam
Backup, Duplicati, Netbox & SipeIt (Asset Management), OCS (Inventory discovery),
OTRS (Ticketing), PFSense & Squid (Proxy & WebFiltering), Zimbra, Zabbix, PRTG.
FMIS : Custom (Testing FMIS access to HQ File Server for Upload Map)

Hardware:
Network : Fortinet (Firewall), Huawei (L3 Switch) & Cisco (router), Cisco
(Switch), Ruckus (Access Point)
Computing : Server (DELL), Storage (Huawei)
End User Devices : PC & Laptop(DELL, HP)

Dell PowerEdge R520 BZL03W1 #N/A


Dell PowerEdge R540 3WP09R2 31-Aug-2018
Dell PowerEdge R540 5SP3LQ2 #N/A
Dell PowerEdge R630 GWMQY42 19-May-2015
Dell PowerEdge R630 9XMQY42 19-May-2015
Dell PowerEdge R640 36NT933 26-Mar-2020
Dell PowerEdge R640 36NV933 26-Mar-2020

CONFIDENTIAL FOR INTERNAL USE ONLY


Data Center Relocation - Overview

Preparation Team:
Current structure of IT team to do all the testing work with Vendor
Team Member
1. Network
• Configure Fortigate in new DC as HUB Site
• Reconfigure all Brach Fortigate pointing to new DataCenter
• Configure new CoreSwitch with all VLAN Parameter from existing Huawei for Server
Network
2. Infrastructure Server
ABI-DC-001 Active HQ-SVR-001 VM 10.178.9.47 domain controller 1 infra
ABI-DC-002 Active HQ-SVR-002 VM 10.178.9.48 domain controller 2 infra
ABI-EST-001 Active HQ-SVR-001 VM 10.178.9.80 eset av infra
ABI-FS-001 Active HQ-SVR-001 VM 10.178.9.49 file server 66c infra
ABI-OCS-001 Active HQ-SVR-002 VM 10.178.9.60 aset inventory PC infra
ABI-WSUS-001 Active HQ-SVR-002 VM 10.178.9.65 windows update infra
AKG-VBCS-11 Active FSS-CLS-002 VM 10.178.9.112 vm backup server infra
snipe it, asset mgmt online-
AM-ABI-001 Active HQ-SVR-002 VM 10.178.9.52 infra
offline
FSS-EST-01 Active HQ-SVR-001 VM 10.178.9.50 eset av old, tdk aktif infra
FSS-MAN-001 Active HQ-SVR-002 VM 10.178.9.111 hyper v mgmt infra
OTRS-HTI-001 Active HQ-SVR-001 VM 10.178.9.70 otrs, ticket mgmt infra
PFSense Squid 71 Active HQ-SVR-002 VM 10.178.10.71 proxy load balancing infra
PFSense Squid 72 Active HQ-SVR-002 VM 10.178.10.72 proxy load balancing infra
PFSense Squid 73 Active HQ-SVR-002 VM 10.178.10.73 proxy load balancing infra
PFSense-SVR03 Active HQ-SVR-002 VM 10.178.10.74 haproxy infra
Zabbix Monitoring Active HQ-SVR-001 VM 10.178.9.56 zabbix 5 infra
Zimbra Mail
Active HQ-SVR-001 VM 10.178.9.44 zimbra infra
Server

CONFIDENTIAL FOR INTERNAL USE ONLY


Data Center Relocation - Overview

Team Member
3. SAP Basis
AKG-VAPP-11 Active FSS-CLS-002 VM 10.178.15.20 sap prod sap
AKG-VDB-11 Active FSS-CLS-002 VM 10.178.15.23 sap prod db sap
AKG-VDB-12 Active FSS-CLS-002 VM 10.178.15.24 sap hr db sap
AKG-VDEV-11 Active FSS-CLS-002 VM 10.178.15.17 sap prod dev sap
AKG-VDEV-12 Active FSS-CLS-002 VM 10.178.15.18 sap hr dev sap
AKG-VIDS-11 Active FSS-CLS-002 VM 10.178.15.36 sap prod sandbox sap
AKG-VSOL-11 Active FSS-CLS-002 VM 10.178.15.26 sap solman / router sap
FSS-DC-001 Active HQ-SVR-002 VM 10.178.9.110 AD server for sap cluster (host) sap

4. Application Team
FSS-EFK-001 Active HQ-SVR-002 VM 10.178.9.45 efaktur finance, user vnc access aplikasi
ABI-RNS-02 Active HQ-SVR-001 VM 10.178.9.30 aplikasi hrd db aplikasi
ABI-RNS-01 Active HQ-SVR-002 VM 10.178.15.29 aplikasi hrd apps, tdk ikut dibawa aplikasi
ABI-SVY-001 Active HQ-SVR-001 VM 10.178.9.53 aplikasi survey, tdk aktif aplikasi
ABI-VAPPS-01 Active FSS-CLS-002 VM 10.178.15.52 hrd apps tdk ikut aplikasi
FSS-ACC-01 Active HQ-SVR-002 VM 10.178.9.28 accurate db, tdk aktif aplikasi
FSS-APP-01 Active HQ-SVR-001 VM 10.178.9.41 app hr lama, tdk aktif aplikasi
ZAHIR Active HQ-SVR-002 VM 10.178.9.58 zahir, tdk ikut support aplikasi

5. FMIS Team
FMIS DEV Active HQ-SVR-001 VM 10.178.9.42 fmis dev fmis
FMIS Server Active HQ-SVR-001 VM 10.178.9.39 fmis fmis
FSS-DB-01 Active HQ-SVR-001 VM 10.178.9.37 fmis db fmis

CONFIDENTIAL FOR INTERNAL USE ONLY


Active Directory Overview

Intranet AD Internet
DomainA.com : - User Login for computer/laptop join Domain (ABI-DC-001 & Microsoft Tenant: tenantA.onmicrosoft.com
002) DomainB.com : - Domain manage in Godaddy.com
- Synchronize to Microsoft tenant tenantA.onmicrosoft.com - Synchronize to Internal AD DomainA.com
via Azure AD Connect are installed in Primary AD (ABI-DC- - MX record pointing to Azure (o365) and need to check the
001) email flow to Zimbra internal mail server
- Mapping to File Server (using Policy)
- Zimbra internal mail server (for lvl <4)
- For pfsernse Squid Proxy Authentication
DomainB.com : - Only use for 2 SAP Hyper-V Host (FSS-DC-001)

Assesment : - DNS Record


- SMTP Record (zimbra + otrs + zabbix + prtg have send email capability
pointing to Zimbra server 10.178.9.44)
- Firewall Rule adjustment

CONFIDENTIAL FOR INTERNAL USE ONLY


CONFIDENTIAL FOR INTERNAL USE ONLY

You might also like