RENATER RIEThe French Interdepartmental

Government Network

TERENA TF-MSP 6-7 May 2013

2

RIE : Starting point

On May 25th, 2012, the Council of Ministers has decided to implement a “secured interdepartmental telecommunication network, unifying departmental networks and ensuring the continuity of public action in case of severe Internet failure”. The network will replace overall existing departmental networks (17 000 sites).

Project timeline2012 2013 2014 2015

Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1

SCN creation

Technical model definitionContracts

preparation

Launch of consultations on infrastructure building

Contracts notifications

Economic analysisBudget validation

Backbone and fiber optic infrastructure construction

Sites step-by-step connection to the network

First perimeter department sites

Other sites

Financial and technical framework definitionImplementation phase: infrastructure building and time-phased connection of department sites to the network

4

RIE : goals

Renovation of public action :Secured and unified network dedicated to public administrationsNational scope : metropolitan and overseas territoriesLong term and high performance infrastructure based on RENATER

Concrete answer to strategic government issues :

Simplified collaboration between public administrationsSecured network : improve security against « internet »Controlled operational costs : sharing network between different entities

Improvement for end-users :Single operator for public administrations : SCN RIEUser-oriented evolving services : at the core of digital transformation

5

RIE : a dedicated government agency

With national authority:• SCN RIE = Service à Compétence Nationale - Réseau

Interministériel de l’Etat• SCN RIE = national (metropolitan and overseas) authority• National and international connectivity between all public

administrations

SCN RIE assignments:• Design and roll-out of network• Management of network including security and operating

conditions• Implementation of shared services

Key success factor:

Architecture based on high-speed fiber optic backbone

Points of connection with the backbone hosted in departments datacenters

17 000 sites connected to the points of connection via operators networks (end-to-end)

Perennial and flexible architecture supporting the implementation of high-speed connectivity and the development of new services.

Mobile access External hosts

International networks

Remote sites

Partners

Administrations

Selection of an architecture which meets financial efficiency and technical flexibility requirements

6

Key success factor (2): 4 basic principles

1. Long-term operability, supported by sustainable technological options, high-speed backbone and addressing scheme optimizing cross-department exchanges.

2. Network resilience, thanks to a high degree of autonomy from third-party networks and overall IT security management ensuring defence in-depth.

3. Flexible connection options: various types of connections are offered to department sites to respect their constraints and meet their needs (network throughput, availability and service level)

4. Progressive connections to the network: departments impacted by the territorial administrations reform and Culture and Communication department will be connected first. Remaining departments will be connected afterwards according to the expiry date of their operator contract.

7

Two major challengesLocal administrations optimisation and mutualisation requirements strengthened by territorial administration reform

Government IT systems security

FactsCurrently, departmental networks are operating

separately, they are expensive and unable to evolve according to organizational changes. More their services offer is fragmented while the need for interdepartmental coordination is stronger.

Challenges Develop interdepartmental exchanges as part of

territorial administration reform, following previous initiatives on infrastructure level (AdER/SIGMA network) and service level (Chorus, ONP)

Ensure service continuity and a high quality level Control IT costs

Facts A steady increase in cyber attacks against

government IT systems A exponential growth of the number of entry points

on departmental networks Different IT systems security levels according to the

department considered Strengthened information systems defence and

security measures since 2011 (information system security policy (PSSI), general security database (RGS), French Network and Information Security Agency (ANSSI))

Challenges Protect French government data heritage Prevent cyber attacks Preserve confidence in government data and

services 8

RENATER Metropole

9

RENATER overseas

10

RENATER near Paris

11

• Based on the French NREN RENATER• Fiber optic infrastructure• Acknowledged expertise• Economic benefits > €20 million

• Dedicated wavelength for flow transportation• Functional autonomy• Security

• Additional links to be built

• Interconnecting points with the backbone located in department data centers

Network infrastructure construction phase

12

• A flexible and evolving architecture based on optic fiber

• Points of connection with the backbone hosted in departments data centers

• Building on existing capabilities for key functions of network operations management

• Backing on RENATER has been instructed and validated− An agreement between RENATER and DISIC is in

progress• First contracts notifications have been issued

• Fiber optic infrastructure installation has been Iinitiated

• The construction of the backbone has been launched

Interdepartmental telecommunication

network

13

Global architecture

14

Global architecture with lambdas

15

Example : NR and PIB

vers Nantes

vers Montpellier

PIB-Toulouse

NR-Toulouse

NR-Bordeaux

PIB-Bordeaux

Shelter

Shelter

16

NR = Nœud Réseau = Network NodePIB = Interconnexion point to backbone

Cyberdefense is structurally integrated to the government network• The French Network and Information Security Agency (ANSSI) is

associated to all work in progress to integrate intrusion detection systems.

• The information systems security is part of a specific working group which involves all departments.

• Best practices and security requirements are natively part from network specification.

• During the operational phase, security teams will ensure the maintenance in a state of operational security in close partnership with the French Network and Information Security Agency • A security operating center will be created

Focus on security

17

Use of NREN for ministry of defense !!!!! Or some other ministries … needs a security audit of RENATER backbone (NR vs PIB)

RENATER must fit security requirements of ALL ministries • Physical security • Access and redundancies • Electricity• … • Need a regular reporting; monitoring of lightpaths

• Data much critical than for ESR … ?

Focus on security (2)

18

19

• Questions ?