MD2298 SD-WAN and associated cloud transition services

In 2014, MD1350 approved expansion of the GLA’s private cloud infrastructure and in 2017 MD2079 approved an upgrade of the GLA’s local area network (LAN). DD1275 approved an additional network connection into City Hall. In line with the GLA’s 2016 IT Strategy and to support flexible and partnership working the GLA needs to complete further work to prepare its public cloud infrastructure and connectivity.

The GLA’s “IT Strategy 2016” commits to providing a secure IT infrastructure to support new ways of working by moving IT services into the public cloud, which means making services more accessible to end users from anywhere on the internet. Currently the GLA’s desktop and wifi internet connectivity, end user authentication and email routing is all dependent upon the GLA’s private cloud environment (even for services which have been migrated into the public cloud already).

It is proposed that the GLA procure hardware and consultancy services to upgrade the GLA’s current IT infrastructure by designing and implementing a software defined wide area network solution and associated network and systems reconfiguration work to enable flexible working and partnership working.

A software defined wide area network (SD-WAN) is a cloud enabled virtual WAN infrastructure which makes use of any available connection to the internet by constructing a web of virtual private network (VPN) connections. This allow the GLA to make use of additional connections to the internet and thereby provide a much faster end user experience when working online and allow for increased flexibility when connecting remote sites to the GLA for shared IT support and partnership working. It also decreases the chance of an interruption of services while GLA staff are working online as it allows services to be accessed over more than one connection to the internet.

The SD-WAN enables VPN connections into Microsoft’s Azure public cloud infrastructure. In addition to the connections into Azure there are other tasks required to build the necessary Azure environment and enable connectivity to the GLA’s existing private cloud environment and these tasks will be completed using the consultancy services discussed in this report. This work allows for the decommissioning of our private cloud Microsoft Exchange messaging infrastructure by enabling authentication for email and other Office 365 services directly using Microsoft’s public cloud based identity and permissions management solutions.

This MD seeks approval for expenditure of up to £219,000 to support implementation of the SD-WAN, comprising:
o up to £55,000 capital expenditure for Professional Services for financial year 2018/19; and
o up to £14,000 revenue expenditure for Professional Services for financial year 2018/19; and
o up to £150,000 capital expenditure for financial year 2018/19 for the hardware and licences to enable the SD-WAN infrastructure. The hardware will take the form of appliances to be deployed at City Hall and other GLA locations and the licences are required to run these appliances.

The £69,000 for Professional Services to be used as follows (i) Software Defined WAN (SD-WAN) design and implementation; (ii) Microsoft Azure design and implementation (iii) Decommissioning of outgoing messaging technology (including re-routing of mail flow and authentication using the new SD-WAN and Azure implementations).

The procurement of the services required under this decision (professional services, hardware, software and services) is expected to be run using an approved framework such as the TfL resellers framework (ICT11445) that was procured in accordance with the Public Contracts Regulations 2016. Any call-off contract will be procured and entered into in accordance with the terms of the framework with support from TfL Procurement.

Implementation of an SD-WAN infrastructure and associated infrastructure configuration changes will deliver the following outcomes:

- Enable load balanced / automatic failover connectivity using the GLA’s TfL MAN connection and our (up to) 24Gbit secondary internet connection for connectivity to the internet and cloud services for all desktop and wifi devices within City Hall.

- Allow for satellite sites to be connected to the internet and cloud services and connectivity back to the GLA.

- Configure Azure infrastructure and enable the specific connections required for Azure infrastructure cloud services.

- Remove the GLA’s reliance upon its private cloud environment for Microsoft Active Directory authentication.

- Remove the GLA’s reliance upon its private cloud environment for Microsoft’s mail online email message routing.

The professional services discussed in this report will be used to achieve the above outcomes by designing and implementing the SD-WAN solution and associated network and systems reconfiguration work to enable flexible working and partnership working.

The hardware will take the form of appliances to be deployed at City Hall and other GLA locations and the licences are required to run these appliances. It is expected that Cisco Meraki appliances will be deployed for this purpose. Each appliance requires a corresponding Cisco licence to work. The licences both enable the devices to work and also provides secure global administration, usage reporting and device configuration backup using Cisco’s online management systems.

Under Section 149 of the Equality Act 2010, as a public authority, the GLA must have ‘due regard’ of the need to:

• eliminate unlawful discrimination, harassment and victimisation; and
• advance equality of opportunity and foster good relations between people who have a protected characteristic and those who do not.

The public sector equality duty requires the identification and evaluation of the likely potential impacts, both positive and negative, of the decision on those with protected characteristics (age, disability, gender reassignment, pregnancy and maternity, race, gender, religion or belief, sexual orientation).

The Authority’s equality duty has been considered when planning this project and an impact analysis has been carried out. The SD-WAN network and associated changes will allow for improved flexibility and support new ways of working. Currently flexible working is provided which supports GLA’s accessibility objectives and responsibilities. The proposals outlined in this report allow for improvements in the resilience and speed of access of these access methods and allow for access to services from more device types. It has been assessed that no impact on any individuals with any protected characteristics will result from the proposals outlined in this report.

This report addresses the networking technology needed to help address corporate risk C2 “Business continuity” as reported in the GLA’s Corporate risk register. The outcomes articulated in this report help address this corporate risk by enabling wide area network connectivity to corporate services run from the public cloud and therefore allows key satellite sites, such as the Union Street office, to use for business continuity purposes.

The outcomes articulated in this report improve the wide area network parts of the GLA’s IT infrastructure which therefore helps to address all Mayoral priorities which reply upon technology.

The GLA’s “GLA IT Strategy 2016” was published in 2016 for consultation.

All changes will be assessed and approved via the Technology Group (TG) change control process to manage risks associated with implementation.

Approval is being sought for expenditure of up to £219,000 in financial year 2018/19 consisting of £205,000 capital expenditure and £14,000 revenue. This will be funded from the TG Budget in 18/19. The licences procured will run for 5 years from the date of deployment.

The foregoing sections of this report indicate that:

(a) the decisions requested of the Mayor concern the exercise of the GLA’s general powers, falling within the GLA’s statutory powers to do such things considered to further or which are facilitative of, conducive or incidental to the promotion of economic development and wealth creation, social development or the promotion of the improvement of the environment in Greater London; and

(b) in formulating the proposals in respect of which a decision is sought officers have complied with the Authority’s related statutory duties to:

- pay due regard to the principle that there should be equality of opportunity for all people;
- consider how the proposals will promote the improvement of health of persons, health inequalities between persons and to contribute towards the achievement of sustainable development in the United Kingdom; and
- consult with appropriate bodies.

In taking the decisions requested, the Mayor must have due regards to the Public Sector Equality Duty; namely the need to eliminate discrimination, harassment, victimisation and any other conduct prohibited by the Equality Act 2010, and to advance equality of opportunity between persons who share a relevant protected characteristic (race, disability, gender, age, sexual orientation, religion) or share it and foster good relations between persons who share a relevant protected characteristic and persons who do not share it (section 149 of the Equality Act 2010). To this end, the Mayor should have particular regarding to section 3 (above) of this report.

Officers have indicated in paragraph 1.8 of this report that the:

(a) framework under which it is proposed the hardware, software and licences required are to be “called-off” can be used by the GLA by virtue of its procurement by Transport for London in accordance with relevant procurement law; and

(b) the services/supplies required will be procured fully in accordance with the requirements of that framework.

Officers must ensure that appropriate “call-off” documentation is put in place and executed by the successful bidder(s) and the GLA before the commencement of the services/supplies.

To the extent that any services/supplies are unable to be procured via the framework as per paragraph 6.3 above, such services/supplies required must be procured by Transport for London Procurement who will determine the detail of the procurement strategy to be adopted in accordance with the GLA’s Contracts and Funding Code.

Officers must ensure that appropriate contract documentation is put in place and executed by the successful bidder(s) and the GLA before the commencement of any such services/supplies.