Exit eFORT Data Center and Cloud Migration Program
About the program
The state’s lease of the eFORT Data Center is currently one of the most costly capital lease expenses. Since the state always strives to be good stewards of taxpayers’ dollars, OIT identified that significant cost savings could be achieved by consolidating hardware from eFORT into the newly modernized Lakewood Data Center. Not only will a considerable amount of money be saved each year, but the facility offers state-of-the-art equipment and security, making it the best choice to set a foundation for modern infrastructure and advance digital government services in Colorado.
When we began our work to migrate out of the eFORT data center in June 2022, 145 racks were in use. As of June 2024, we have 37 racks in use! That is a 74% reduction in usage, helping to save money and secure the state for all Coloradans.
Take a look at the eFORT Data Center Migration Project video for an inside look at what it takes to move a data center and how this is helping set the stage to make state government easier for Coloradans.
Key Outcomes:
Save taxpayer dollars by vacating and ending the lease at the eFORT Data Center. Technical debt will be reduced by consolidating physical IT assets and expanding the use of cloud infrastructure. Ultimately, this project will save the state millions of dollars while becoming more agile and efficient in how data is collected, stored and used.
What are the projects?
Core Network Refresh
OIT monitors the core network infrastructure at two data centers and the Capital Complex network (CCLAN) for 17 state agencies. Many of these routers and switches are old and no longer supported by the vendor. This presents the risk of expensive repairs, major network interruptions and security risks.
Beginning in June 2022, OIT began updating the existing network equipment, firewalls, and DNS to ensure our network infrastructure is up-to-date and secure.
Enterprise Wireless
A robust wireless system that is secure, reliable and easily accessible is a business service that is necessary to meet the need for the growing number of state employee laptops and mobile devices.
OIT’s enterprise wireless solution has been designed to offer customers instant access to all agency resources while providing a separate network for business guests and mobile devices. State agencies benefit from additional security on both the employee and guest networks by enforcing OIT policies relating to wireless networks and acceptable use.
Session Initiation Protocol (SIP) - Complete
The Statewide Infrastructure Backbone - Session Initiation Protocol (SIP) project is set to replace T-1 trunking with SIP trunking for state agencies on MIPC (Cisco Webex) phones.
The state currently uses T-1 trunking, which uses telephone lines to connect communication points between users. If a worksite loses T-1 trunking, it won’t have phone service. Having SIP trunking technology allows us to communicate over the internet and is a more reliable way to communicate. If one SIP trunking fails, it will automatically roll over to another trunking.
Exit eFORT Data Center
The state is always striving to be good stewards of taxpayers’ dollars. With that in mind, OIT realized that significant cost savings could be achieved by consolidating hardware from eFORT into the newly modernized state data center.
Not only will a considerable amount of money be saved each year, but the facility also offers state-of-the-art equipment and security, making it the best choice to help set a foundation for modern infrastructure to advance digital government services.
Storage Renewal - Complete
The storage devices used for file shares, backups and our main on-premise storage area network (SAN) are reaching end-of-life or end of support with our vendors. They need to either be refreshed with newer hardware or moved to another solution. An assessment will be performed of the technologies being used and will either migrate them over to another solution or procure newer hardware.
Upgrading SQL (2008 & 2012) Servers
Microsoft SQL Server 2008 and 2012, the databases on which many of our applications live, are past the end of life. SQL Server 2008 no longer offers support and does not provide server patching updates, which makes these servers vulnerable from a security perspective.
This project aims to migrate applications and systems from the old servers onto a cloud and/or physical environment to ensure stronger security.
Windows 2008 Retirement
Microsoft ended support of Windows Server 2008 in Jan. 2020. In anticipation of this, OIT began work in June 2018 to decommission, upgrade or modernize servers running on this operating system before support ended. Nearly three years later, one year past Microsoft’s support window, out of the original 170 servers, there are still over 100 servers with applications owned by multiple agencies running on the Windows Server 2008 and 2003 operating systems.
Windows 2012 Retirement
Microsoft will end Windows Server 2012 (WIN2012) support in October 2023. In anticipation of this, OIT will decommission, upgrade, or modernize servers running on this operating system. Through this project, the team is upgrading and moving applications currently dependent on WIN2012.
Identity Services Engine (ISE) - Complete
OIT is implementing an Identity Services Engine (ISE) to allow us to detect network-based attacks throughout the network on wired and wireless infrastructure. This enables us to provide trusted network access based on the context that provides more visibility and control of who, what, when, and where users and devices access the network and the associated resources.
Phone System Replacement - Complete
CDPHE: Identified end-of-life phone systems at CDPHE have been successfully replaced with updated hosted phone services.
CDHS: End-of-life phone equipment at 4 Division of Youth Services (DYS) has been upgraded to Avaya IP Office.
Network and Security Optimization Phase 3 - Network Security - Complete
In an effort to keep network services secure and network equipment updated, OIT will implement a dedicated firewall or virtual system (VSYS). A firewall provides a mechanism to filter out malicious traffic before it crosses the network perimeter.
The current configuration within the state's network security utilizes a multi-fire firewall. We are moving the main edge firewall onto dedicated hardware. This aligns our firewall and edge internet configuration with best practices. This enhances security by creating a physical separation between the edge and agency firewalls.
Network and Security Optimization Phase 3 - Internet Bandwidth Increase - Complete
As part of the roadmap for Network and Security Optimization, the Internet Bandwidth Increase effort addresses the higher rate of internet usage by state employees over recent years. To ensure we don’t experience unplanned outages or high latency (slow downloads, delayed responses), we plan to upgrade network services and architecture, increasing internet bandwidth from 10 gb to 20 gb. This will allow state employees to connect to a network with a smaller chance of connection issues, buffering or long load times.
Network and Security Optimization Phase 3 - Statewide Voice
We're replacing old phone service infrastructure with an updated platform to enhance service availability and support efficiency.
CORE Network Refresh - Next Gen Networking - SD-WAN
As part of OIT’s technical debt remediation efforts, the Core Network Refresh—SD-WAN project is key to addressing accumulated challenges within our Wide Area Network (WAN) infrastructure. Our current network setup suffers from complexity, single points of failure and technical issues. To mitigate these issues, OIT will upgrade to Software-Defined Wide Area Networking technology (SD-WAN), a smarter, more flexible and cost-effective way to manage the network.
A comprehensive network assessment will determine the existing infrastructure, connectivity requirements and potential areas for improvement. Based on the assessment findings, a robust SD-WAN architecture will be designed, considering site locations, bandwidth requirements, security protocols and scalability.
Vendor Edge Technology Refresh
Lumen (in collaboration with OIT) monitors and maintains the OIT network infrastructure for 17 state agencies. Many of their routers and switches are old and are no longer supported by the manufacturer, presenting a risk of expensive repairs, major network interruptions and a cascading security risk on an enterprise level.
Data Center Core Equipment Upgrade - Complete
In collaboration with OIT, Lumen monitors and maintains network equipment on Colorado’s state network infrastructure. Given that Lumen’s network equipment at OIT’s five core locations has reached or is reaching end-of-life and is no longer supported, there is a risk of expensive repairs, major network interruptions, and a cascading security risk on an enterprise scale. Lumen will replace the network equipment at the five core locations to reduce this risk.