Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop. Scalability: Dimensions for PACS System Growth

Transcription

1 Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop Scalability: Dimensions for PACS System Growth Tony Damalas VP Technology, Diebold Security 8 th Annual Smart Cards in Government Conference Washington Dc Convention Center October 27 30, 2009

2 PAC System Scalability This session presents the changes in next generation PACS designs that will provide multiple options for system scalability. Session will address: The meaning of scalability The multiple dimensions of scalability The methods for adding resources Various operating environments Architecture based environments Next generation PACS functionality

3 Scalability a desirable property Scalability refers to the ability of a system comprised of hardware and software to continue to function well when it is changed in size or volume in order to meet a user need indicating its ability to either handle growing amounts of work in a graceful manner, or to be readily enlarged or expanded.

4 Growth in Multiple Dimensions Load scalability Increased demand on capacity Ease with which components are added, modified or removed Geographic scalability Maintaining performance and usefulness when migrating from local standalone to regional or distributed topologies Administrative scalability Multiple organizations or departments sharing one single distributed system

5 Adding Resources Vertically Scaling Up Adding to a single node or host Adding processors, memory, or enhancing capacity capability to a single system Horizontally Scaling Out Adding more nodes to a system; additional computers to a distributed software application Adding access control panels to a single system Adding additional readers to a control panel

6 Adding Resources Data handling Scaling Through Increasing system availability Load sharing Centralized to Distributed Redundancy Failover and Disaster Recovery IT Infrastructure scalability ability to adapt to a given and limited network architecture as usage-demand increases (memory, bandwidth, speed)

7 Operating Environments Virtual Machine Environments Applications operating without dependence on dedicated hardware or in conjunction with other applications running in the same environment Multiple Operating Systems Applications that can run independently of the operating system and/or hardware platform; or, configurable to multiple operating system environments Appliance Based Non-accessible computers and operating systems where the user cannot access anything except for the applications interface created for the application

8 Operating Environments Cloud Computing Environments: Using an Internet Infrastructure supported by virtualized, dynamically scalable host servers, data centers and services segmented into three layers: Infrastructure, Platforms, Applications Cloud Infrastructure Layer the bottom layer of the cloud delivering infrastructure support through para virtualization which includes servers, networks and other hardware appliances delivered as either Infrastructure Web Services or Cloud Centers

9 Operating Environments Cloud Platforms Layer The middle layer of the cloud providing the computing platform or framework (like.net) as a service or stack Cloud Applications Layer The top layer of the Cloud where applications run and interacted with via a web browser and web services

10 Architecture Environments Enterprise Architecture An approach that aligns resources to improve business performance and help the organization better execute their core mission. Architecture Segments Individual elements of the enterprise describing core mission areas and common or shared business services and enterprise services. Segments are defined by the enterprise architecture Segment Architecture Detailed resultsoriented architecture for a segment of the enterprise (e.g. ICAM: Identity, Credential and Access Management Segment)

11 Scaling to Future Functionality Automated provisioning via workflow engines Leveraging authoritative identity data sources Standards based integration interoperability Linkage of PACS to federated networks (e.g. to perform multiple authentication mechanisms in accordance with NIST SP ) and to support enterprise architectures Interoperability with other architecture segments Integration with Logical Access Systems (LACS) Stronger and established trust models supporting local PACS operations for granting access

12 Scaling to Future Functionality Capability to process longer credential numbers (i.e. CHUID) associated with PIV cards along with other credential objects available in PIV cards necessary for government-wide interoperability Capability to fully comply with all levels of assurance and appropriate authentication mechanisms (i.e. NIST SP )

13 Speaker Contact Information Tony Damalas Diebold, Inc. Phone: (757)