Exit eFORT Data Center and Cloud Migration Program 

OIT monitors the core network infrastructure at two data centers and the Capital Complex network (CCLAN) for 17 state agencies. Many of these routers and switches are old and no longer supported by the vendor. This presents the risk of expensive repairs, major network interruptions and security risks. 

Beginning in June 2022, OIT began updating the existing network equipment, firewalls, and DNS to ensure our network infrastructure is up-to-date and secure.

Core Network Refresh FAQ

A robust wireless system that is secure, reliable and easily accessible is a business service that is necessary to meet the need for the growing number of state employee laptops and mobile devices. 

OIT’s enterprise wireless solution has been designed to offer customers instant access to all agency resources while providing a separate network for business guests and mobile devices. State agencies benefit from additional security on both the employee and guest networks by enforcing OIT policies relating to wireless networks and acceptable use. 

Enterprise Wi-Fi Program FAQ

The Statewide Infrastructure Backbone - Session Initiation Protocol (SIP) project is set to replace T-1 trunking with SIP trunking for state agencies on MIPC (Cisco Webex) phones.

The state currently uses T-1 trunking, which uses telephone lines to connect communication points between users. If a worksite loses T-1 trunking, it won’t have phone service. Having SIP trunking technology allows us to communicate over the internet and is a more reliable way to communicate. If one SIP trunking fails, it will automatically roll over to another trunking. 

The state is always striving to be good stewards of taxpayers’ dollars. With that in mind, OIT realized that significant cost savings could be achieved by consolidating hardware from eFORT into the newly modernized state data center.

Not only will a considerable amount of money be saved each year, but the facility also offers state-of-the-art equipment and security, making it the best choice to help set a foundation for modern infrastructure to advance digital government services. 

eFORT Data Center Relocation FAQ

The storage devices used for file shares, backups and our main on-premise storage area network (SAN) are reaching end-of-life or end of support with our vendors. They need to either be refreshed with newer hardware or moved to another solution. An assessment will be performed of the technologies being used and will either migrate them over to another solution or procure newer hardware. 

Microsoft SQL Server 2008 and 2012, the databases on which many of our applications live, are past the end of life. SQL Server 2008 no longer offers support and does not provide server patching updates, which makes these servers vulnerable from a security perspective. 

This project aims to migrate applications and systems from the old servers onto a cloud and/or physical environment to ensure stronger security.

SQL Server 2008 and 2012 Upgrade Program FAQ

Microsoft ended support of Windows Server 2008 in Jan. 2020. In anticipation of this, OIT began work in June 2018 to decommission, upgrade or modernize servers running on this operating system before support ended. Nearly three years later, one year past Microsoft’s support window, out of the original 170 servers,  there are still over 100 servers with applications owned by multiple agencies running on the Windows Server 2008 and 2003 operating systems. 

Windows 2008 Retirement Program FAQ

Microsoft will end Windows Server 2012 (WIN2012) support in October 2023. In anticipation of this, OIT will decommission, upgrade, or modernize servers running on this operating system. Through this project, the team is upgrading and moving applications currently dependent on WIN2012.

Windows 2012 Retirement FAQ

OIT is implementing an Identity Services Engine (ISE) to allow us to detect network-based attacks throughout the network on wired and wireless infrastructure. This enables us to provide trusted network access based on the context that provides more visibility and control of who, what, when, and where users and devices access the network and the associated resources. 

CDPHE: Identified end-of-life phone systems at CDPHE have been successfully replaced with updated hosted phone services.

CDHS: End-of-life phone equipment at 4 Division of Youth Services (DYS) has been upgraded to Avaya IP Office.

In an effort to keep network services secure and network equipment updated, OIT will implement a dedicated firewall or virtual system (VSYS). A firewall provides a mechanism to filter out malicious traffic before it crosses the network perimeter. 

The current configuration within the state's network security utilizes a multi-fire firewall. We are moving the main edge firewall onto dedicated hardware. This aligns our firewall and edge internet configuration with best practices. This enhances security by creating a physical separation between the edge and agency firewalls.

As part of the roadmap for Network and Security Optimization, the Internet Bandwidth Increase effort addresses the higher rate of internet usage by state employees over recent years. To ensure we don’t experience unplanned outages or high latency (slow downloads, delayed responses), we plan to upgrade network services and architecture, increasing internet bandwidth from 10 gb to 20 gb. This will allow state employees to connect to a network with a smaller chance of connection issues, buffering or long load times. 

We're replacing old phone service infrastructure with an updated platform to enhance service availability and support efficiency.

Statewide Voice FAQ

As part of OIT’s technical debt remediation efforts, the Core Network Refresh—SD-WAN project is key to addressing accumulated challenges within our Wide Area Network (WAN) infrastructure. Our current network setup suffers from complexity, single points of failure and technical issues. To mitigate these issues, OIT will upgrade to Software-Defined Wide Area Networking technology (SD-WAN), a smarter, more flexible and cost-effective way to manage the network.

A comprehensive network assessment will determine the existing infrastructure, connectivity requirements and potential areas for improvement. Based on the assessment findings, a robust SD-WAN architecture will be designed, considering site locations, bandwidth requirements, security protocols and scalability.

Lumen (in collaboration with OIT) monitors and maintains the OIT network infrastructure for 17 state agencies. Many of their routers and switches are old and are no longer supported by the manufacturer, presenting a risk of expensive repairs, major network interruptions and a cascading security risk on an enterprise level. 

Vendor Edge Refresh Project FAQ

In collaboration with OIT, Lumen monitors and maintains network equipment on Colorado’s state network infrastructure. Given that Lumen’s network equipment at OIT’s five core locations has reached or is reaching end-of-life and is no longer supported, there is a risk of expensive repairs, major network interruptions, and a cascading security risk on an enterprise scale. Lumen will replace the network equipment at the five core locations to reduce this risk.