From the Technology Administrator, Mark Thompson
Information Systems
The mission of the Information Systems Department is to increase productivity by streamlining the flow of information and providing technical support and training to all Town offices. We have been working with Town departments so that information generated from one can be utilized by many.
Twenty-five new desktop computers, six LED computer displays, and eleven color printers were purchased and distributed to Town departments. Fourteen new laptops were purchased for department supervisors and staff. This allows them to connect the laptop to a docking station in their offices, and to allow remote access as needed.
Ten Apple iPads were purchased for the Department of Public Works, replacing their five-year-old Android tablets. Another iPad was purchased for the Park and Recreation Director.
We continue to make progress establishing a network disaster recovery site at the new Police Station. The fiber connection speed between the Police and our network hub, the Flynn building, is now at 20GB, providing ample bandwidth for data replication between the two buildings. The formation of core switch replication between the two sites copies the routing, VLANs, and networking protocols at the Flynn to the Police network, allowing it to take over that role if the core switches at Flynn were suddenly unavailable.
We added an additional core switch at the Police Station, stacking the core switches with 160 Gbps throughput between the two core switches as well as adding redundancy to our Police infrastructure. The secondary switches at the Police station were also stacked together, increasing the throughput between the switches from 10Gbps to 20Gbps.
We now have a dual virtual infrastructure in the Town. The primary virtual cluster is located at the Flynn building with a secondary cluster at the Police Station, which is our disaster recovery site. The dual virtual centers allow us to load balance our servers between the two environments. We upgraded the capabilities of our backup software in order to set up site replication so that the virtual servers at Flynn are copied to the Police Station’s virtual network in a passive state. All virtual servers running at the Police Station are also replicated over to the Flynn Building. The establishment of virtual site replication ensures server redundancy in the event of a disaster. To protect our virtual infrastructure in the event of a town-wide disaster, we’ve added a cloud backup module to our data retention solutions. This module backs up the Town’s mission critical virtual servers to a cloud based virtual infrastructure. These virtual standby servers can be activated, recovering our virtual infrastructure in the cloud in the event of a town-wide network disaster. Our mission critical applications will run in this cloud environment until the compromised town network is restored. We also are given a week of testing to confirm the viability of our backups and to document the procedure for cloud network recovery.
The Town’s firewall located at the Flynn building was approaching end of life. After extensive research and beta trials, we decided on a new firewall and security design for our network which added internet redundancy and protection modules which were best suited to address the Town’s external security needs.
During our three-month evaluation period, we created a new firewall security design for the Town. The new design consists of two firewalls one at the Flynn Building and the other at the Police Station. The firewalls would be set up as a highly available (HA) pair, in an Active/Passive deployment. If the primary firewall at the Flynn building fails, the traffic will automatically failover to the secondary firewall located at the Police Station, providing maximum availability. Single-mode fiber will connect to each firewall, providing the HA connection between the two firewalls. The Internet ISPs used by the Town will be added to separate VLANs that will connect to the primary and secondary firewalls. Combining these resources will increase our internet bandwidth for maximum speed and performance. Having two of the ISPs, FLComcast and FLFiOS, in the Flynn building and the other, POFiOS, at the Police Station gives us the ability to survive a building-wide catastrophe and still have Internet access. Our DNS management service used for external IP failover has been modified to account for the addition of the POFiOS ISP.
We have added Intrusion Prevention System (IPS) service, as well as adding subscriptions for Threat Prevention, URL Filtering, Wildfire, and GlobalProtect to our firewalls.
Below is a short description of the subscription modules:
Threat Prevention
The Threat Prevention subscription adds integrated protection against network-borne threats, including exploits, malware, command and control traffic, and a variety of hacking tools, through IPS functionality and stream-based blocking of millions of known malware samples.
URL Filtering
URL Filtering provides us with granular, user-based controls over Web activity through URL categories and customizable white- and black-lists, as well as protection from Web-borne threats through malicious categories like “malware” and “phishing.”
WildFire
The WildFire subscription actively analyzes unknown threats, including malware, websites, and command and control traffic, and delivers automatically created protections and intelligence back to subscribed firewalls all over the world for proactive global prevention.
GlobalProtect
GlobalProtect extends the protection of our firewall to endpoints both inside and outside of the Town’s network, delivering consistent security to users in all locations. Mobile devices can use GlobalProtect apps for iOS and Android to connect to the Town’s firewall, and we can apply the state of the endpoint device as part of the context for security policy using the Host Information Profile (HIP). GlobalProtect subscriptions can also be deployed internally to protect local and wireless network users.
The upgrade to a next-generation firewall allows us to classify all traffic, including encrypted traffic, based on application, application function, user, and content. We can now create comprehensive, precise security policies, resulting in safe enablement of applications. This lets only authorized users run sanctioned applications, greatly reducing the possibility of cyber-attacks on our network.
The Town purchased a product that provides a complete data security platform for protecting and governing the unstructured data that the Town currently has on its file servers. The Data Advantage intelligent data use analytics (Engine) and the Data Advantage Server Probe modules give us visibility into the data, which resides on the Town’s network. We also can access a complete audit trail on every file touched on our monitored servers. The software makes recommendations on file permissions by analyzing user file activity. We can then model the recommendations to see how the permission changes would affect our users.
We also purchased software, which gives us insight into our network switch/router infrastructure by dynamically creating network maps based on the devices added to the interface. The software allows us to troubleshoot virtually any network problem, including slow applications and unstable networks. We can create documentation for the network that simplifies our inventory management, design reviews, and compliance audits. We can also model network changes to see the impact of new configurations on the network.
We have added security training for the Town through a yearly training subscription with KnowBe4. Every Town employee computer user is required to complete the online 45 minute Security Awareness Training offered by KnowBe4 each year. During the year, the IT department launches simulated phishing email attacks targeting Town computer users. If an employee fails to recognize the attack and clicks on the compromised link or opens the malware attachment, they are required to complete reinforcement training to help them recognize the tactics used by these cyber criminals. When we first started the simulated phishing attacks, we saw an 11% failure rate. The current rate is now about 3.5%.
The Town’s telephone network infrastructure is now complete. This consists of two Cisco Unified Communications (UC) virtual environments, one located at the Flynn and the other at Police. These telecommunication sites consist of a Cisco UCS C220 M3 virtual host that contains five virtual servers: Cisco Communications Manager (CUCM), Unity Connection (UCNX), IM &Presence, Emergency Responder, and Informacast. These dual VoIP virtual systems enable the telecommunications network to function even if a virtual host is down.
The Town also has two Primary Rate Interface (PRI) telephone lines located at the Flynn Building and the Police Station. The existence of these two lines allows us to balance our inbound and outbound calling. The DPW, Fire, and Police use the PRI at the Police Station for inbound/outbound calling and the Fairbank, Town Hall, Goodnow Library, and Flynn buildings use the PRI at the Flynn Building. If any one of those PRI lines were to fail, the phone traffic would automatically be redirected to the one remaining PRI line, thus creating no disruption in our phone service. If both PRI lines were to fail, the system would utilize our twenty-one (21) Centrex backup lines located at the DPW, Goodnow Library, Fairbank Community Center, Flynn, Police, and Fire locations. The redundancy of our telephony design provides the town with a reliable town-wide telecommunications system.
Another benefit of the VoIP system is the ability for staff to call any Town building phone with a 4-digit internal extension, eliminating the need for an outside line. The Town’s IT Department also worked with the Sudbury Public School Department to establish two-way extension dialing to all five of the K-8 schools. The linking of the Town and K-8 phone systems allows the Police to page all of the telephones in both the Town and K-8 school buildings. The paging technology can be used for announcements as well as building-wide alerts.
We have added the Instant Messaging and Presence module to our VoIP infrastructure. This module allows users to communicate with town staff through a Jabber software client installed on their PC. The software integrates with the Microsoft Outlook contacts, allowing users to search for a person and then call them directly by clicking on the contact. It also has the ability to use instant messaging to chat with town employees, asking questions or sharing documents. The software also integrates with their Outlook Calendar so when a person is in a scheduled meeting, their status will show as “in a meeting.” It also keeps a log of all recent activity, so users can click on a missed call in the log and automatically dial that person back. It has collaboration features built-in such as screen sharing, chat, and conferencing.
We have completed our goal of consolidating our telephony services into one unified system, thus allowing our buildings to share telecommunication services. This will result in an annual cost savings and help streamline the management and functionality of the Town’s telecommunications network.
We are continuing with our implementation of a new centralized IP Camera security system. Currently the Police, Goodnow Library, Flynn Building, and all of the K-8 schools have been added to the system. This centralized surveillance system offers the public safety dispatchers the ability to access any of the IP cameras through a web-based central controller interface. If a situation arises in a town or school building equipped with this technology, the Police will be able to determine the best course of action based on the surveillance video coming from the building. In conjunction with the IP Camera system, a centralized access control system was also added to these Town and school buildings. The system uses access badges which are encoded with an ID. The web-based software allows us to establish access rights for the employee badge, which is then distributed to the employee at the building. ID’s were also given to committee chairmen who have night meetings at the Flynn Building. The Town hopes to deploy these technologies to the remaining town buildings and LSRHS in the near future.
We are continuing development of the Town’s website within the WordPress Content Management System (CMS). Our web developer, Edward Hurtig, has been working on improving the website’s functionality and addressing any software bugs that have been discovered. Edward has also been engaged in redesigning the website so it is responsive (Mobile Aware), which will help users easily navigate the website with smaller devices, such as smart phones.
We introduced the financial application called ClearGov: https://sudbury.ma.us/selectboard/?p=2808) ClearGov is a leading municipal transparency and benchmarking platform. The tool enables taxpayers to easily see how Sudbury is funded and how this funding is allocated to provide services to its residents. You can access this application by going to the Town website and clicking on the button “Sudbury by the Numbers” or going to https://sudbury.ma.us/cleargov/.
The Town has added a new application called Sudbury Connect. The application allows users to report non-emergency problems to the Town of Sudbury from their smartphone, tablet, or computer thanks to our new partnership with Commonwealth Connect, powered by SeeClickFix. Use Sudbury Connect to report quality of life concerns such as potholes and street or traffic light outages. You can access this application by going to the Town website and clicking on the button “Sudbury Connect or going to https://sudbury.ma.us/sudburyconnect.
Residents now can request public records through an online portal. The form documents the request and the responses and is compliant with the Massachusetts regulations and guidelines regarding public records. Eight hundred and eleven public records requests were made last year through this portal, which is located at https://sudbury.ma.us/publicrecords.
The introduction of Constant Contact has been a tremendous success. Constant Contact greatly improves the process of subscribing and unsubscribing to our email groups. A convenient Subscribe button was created on the top right-hand corner of the Town’s website. By clicking the Subscribe button, users may choose from multiple email groups. You will be given the option of unsubscribing from one or more email groups at any time. Our email subscriptions to all of our groups now are at 8,795 subscribers.
Google Analytics Tracking is our website’s primary statistical reporting tool. It currently captures approximately 99 percent of our web traffic. We have seen a 16% downturn in our web traffic. We attribute this decline to the popularity of the Town’s Facebook page and the lack of a responsive design for mobile users. We will continue to add new features that will enhance the user experience on our website.
A new cloud-based dog-licensing program by Stellar Corporation was introduced on January 1, 2017. We have migrated 10 years of dog licensing information to the new platform. Since the program is cloud-based, we have given the Dog Officer access to the program for citations. Next year we plan to offer residents the ability to license their dogs through a web portal. This will eliminate the need to register dogs through the mail or in person.
The Information Systems Department continues to upgrade and add new technology to further the Town’s goal of serving its citizens in a timely and efficient manner.