Confidentiality Statement

CONTENT S

1. Purpose of the document .............................................................................................................................................................5

2. eOffice Deployment Framework ..................................................................................................................................................6

3. Type I Deployment guidelines ....................................................................................................................................................7

4. Type II and III Deployment guidelines ........................................................................................................................................8

Annexure–A (REQUIREMENTS FOR EOFFICE) ..............................................................................................................................9

1. Categories Based On User Base.......................................................................................................................................................................... 9

2. Hardware Requirements.....................................................................................................................................................................................10

3. Software......................................................................................................................................................................................................................12

4. Disaster Recovery...................................................................................................................................................................................................12

ANNEXURE–B (CHECK LISTS) .......................................................................................................................................................13

1. Check List– Type I eOffice Deployments ......................................................................................................................................................13

2. Check List– Type II and III eOffice Deployments......................................................................................................................................14

ANNEXURE–C (ROLES AND RESPONSIBILITIES) ........................................................................................................................15

1. Roles and Responsibilities for Type I Deployments ...............................................................................................................................15

2. Roles and Responsibilities for Type II and III Deployments ...............................................................................................................16

ANNEXURE–D (PERFORMA FOR FORMAL HANDING OVER AND TAKING OVER OF EOFFICE SERVERS) ..............................18

ANNEXURE-E (EOFFICE DEPLOYMENT READY RECKONER) .....................................................................................................20

Abbr eviations

BCP Business Continuity Planning

DC Data Centr e
DR Disaster Recover y
DSA Designated Systems Administr ator s
ESA eOffice Systems Administr ator s
LDAP Lightweight Dir ector y Access Pr otocol
NDC National Data Centr e
NTP Networ k Time Pr otocol
RAID Redundant Ar r ay of Independent Disks
SAN Stor age Ar ea Networ k
SDC State Data Centr e
SSL Secur e Socket Layer
SR Str eaming Replication (Postgr eSQL Database)
VM Vir tual Machine
Amendment Histor y

Date of Date of
S.No. Ver sion Amended By Amendments
Release Amendment
1. 1.0 19-01-2014
Specifications revised in
Annexur e A- Requirements for
eOffice Premium edition.
2. 1.1 12-12-2014 11-12-2014 eOffice Division
Specifications revised in
Annexur e A- Requirements for
eOffice Lite edition.
Revision of categories based on
user base revised in Annexur e
- A.
eOffice deployments types
3. 2.0 01-06-2016 01-06-2016 eOffice Division
based on products revised in
Annexur e - A.
Hardware requirements
revised in Annexur e - A.
1 . PURPOSE OF T HE DOCUM ENT

The eOffice Product is being implemented across the Government levels of Centre, State and Districts.
The deployment of eOffice product can be on the cloud infrastructure of National Data Centre (NDC),
State Data Centres (SDC), large organisations with their own data center infrastructure or special
deployments in department’s computer cells/ units due to sensitive nature of the departments or the
different way of conducting work/ business.

Establishing an eOffice Deployment Framework is important and the areas to be included in

framework for ensuring effective deployment management and sustainability of eOffice are as follows:

Deployment Strategy
Approach & Model for Deployment
Defining the Responsibility Matrix
Process and Guidelines
Provisioning a Secured Infrastructure
Availability of Deployment Infrastructure:

This document includes all above factors covering the guidelines.

2 . EOFFI CE DEPLOYMENT FRAMEW ORK

The eOffice Deployment Framework categorizes eOffice deployment into three broad types based on
location and for each type, the corresponding check lists & roles and responsibilities matrix are also
defined.

Deployment Type

Type I: Deployment of eOffice in Cloud at National Data Centr e (NDC)

Under this type, the ministries and departments of GOI are deployed in National Data Centre
(NDC).

Type II: Deployment in local NIC/ Depar tments ser ver s due to sensitive natur e of
wor king

Under this type, the deployment is done in department’s computer cells/ units due to the
sensitive nature of the departments. Their computer cells may not be full-fledged data centers
but subject to fulfilling of eOffice pre-requisites, the eOffice deployment is done. The access to
eOffice in these departments is strictly made available as per department’s rules and
regulations and is generally in their private IPs based network. e.g. PMO, Cabinet Secretariat
etc.

Type III: Deployment in local Depar tments Data centr es or State Data Centr es (SDC)

Under this type, the deployment is done in departments’ data center where the organizations
are very large and they have their own full-fledged data center infrastructure (including DR)
with applications running 24 x 7. In this category, if eOffice is for the state government then
the deployment is to be done at State Data Centre (SDC).

Pr e-r equisites for eOffice Deployment

eOffice Project Division has prepared the server (or compute) and storage requirements based
3 . T YPE I DEPLOYMENT GUI DELI NES

The Type I deployment is essentially meant for the central government ministries and departments
and will start once the approval for hosting is received by eOffice Project Division.

The steps involved in deployment ar e as follows:

1. Based on the eOffice version (Lite or Premium), the necessary provisioning will be done as
per the details mentioned in Annexur e - A.
2. The DNS will be registered under the sub-domain eoffice.gov.in
3. eOffice instance will be setup as per the eOffice Setup instructions provided time to time.
4. The eOffice is restricted to NICNET/ NKN and check at firewall level may be ascertained.
5. The user authentication happens through NIC email-id. The LDAP forms etc. are to be
submitted by concerned departments directly to Mail services group. The departments must
also obtain the LDAP bind string from Mail services group and shared it with ESA.
6. All eOffice sites have to be mandatorily SSL enabled. The SSL certificate must be obtained for
each eOffice instance and configured.
7. Sync the server timings with NDC NTP server. This is critical activity and must be doubly
assured.
8. Register the site with Nagios so that it comes under monitoring dashboard.
9. Ensure that all the forms for scheduling the backup are submitted to NDC.
10. Ensure that DB replication is running.
11. The administrator must refer to check list and ensure that all the activities are checked before
keeping a record of the same.
(Ref: Annexur e - B).
12. The roles and responsibilities for Type I deployment need to be strictly followed.
(Ref: Annexur e - C).
13. After all above activities are completed and the instance is up and running (but not yet Live)
send formal mail to eOffice PMU, eOffice Implementation Core Group, and all eOffice Project
Team members.
14. After the department Goes Live, send another formal communication as above.
4 . T YPE I I AND I I I DEPLOYMENT GUI DELI NES

Under these types, the deployment is done either in department’s computer cells/ units or State Data
Centres (SDC). These sites will be under the control of Department or Local NIC cells or SDC, as the
case may be.

The steps involved in deployment ar e as follows:

1. Based on the eOffice version (Lite or Premium), the necessary provisioning is made available
by the respective department as per Annexur e - A.
2. DNS registration as per SDC/ Department policy.
3. Training to be provided to the system admin team of SDC or Department.
4. eOffice instance will be setup by local admin team under the supervision of eOffice team as
per the eOffice setup instructions provided time to time.
5. The user authentication mechanism will be done through LDAP.
6. SSL certificate is recommended.
7. Sync the server timings with NTP server.
8. Department may register their eOffice instance with local monitoring tools, if available.
9. Schedule the backups as per SDC/ Department policy.
10. Setup the DB replication.
11. The administrator must refer to Check List and ensure that all the activities are checked.
(Ref: Annexur e - B)
12. The roles and responsibilities for deployment need to be strictly followed.
(Ref: Annexur e - C)
13. Knowledge transfer to local admin team and sign out.
(Ref: Annexur e - D)
14. After all above activities are completed and the instance is up and running (but not yet Live)
send formal mail to eOffice PMU, eOffice Implementation Core Group, and all eOffice Project
Team members.
15. After the department Goes Live, send another formal communication as above.
ANNEXURE–A ( REQUI REMENT S FOR EOFFI CE)

1. CATEGORI ES BASED ON USER BASE

Following categories are defined based on the number of eOffice users.

S. No. Categor ies Based on User Base Number of user s

1 Category 1 0-100
2 Category 2 101-250
3 Category 3 251-500
4 Category 4 501-1000
5 Category 5 1001-5000
6 Category 6 5001-10000
7 Category 7 10001-25000
8 Category 8 25001-50000

For above mentioned categories, hardware and software requirements are classified in following
sections. The components required are:

1. Servers to Host services and Database

2. Storage Area Network (SAN): SAN storage should be available. Database/ Application will be
installed in the SAN areas, which will be individually mounted in each server or to EXSi, in case of
Virtualization environment. The demand for storage will only increase in future; therefore,
additional SAN may be required.

3. Set of Public IPs and Private IPs to be provided as per requirement.

4. Power Requirement: The administrator/ manager of the site where the servers will be hosted
2. HARDWARE REQUI REMENTS

2.1 eOffice Pr emium

Ser ver s and SAN Specifications for eOffice Pr emium

Database Ser ver SR Ser ver Application Ser ver s
Categor y
RAM SAN
S.No. Based on RAM RAM Cor es
Cor es Cor es Qty. (GB, (TB)
User Base (GB) (GB) (each)
each)
1. Category 1 16 4 8 2 1 24 6 1
2. Category 2 24 6 12 2 1 32 8 2
3. Category 3 32 8 16 4 1 48 8 3
4. Category 4 48 8 16 4 2 32 8 4
5. Category 5 64 8 32 6 2 48 8 5
6. Category 6 96 12 64 8 3 32 8 6
7. Category 7 128 16 96 12 4 32 12 7
8. Category 8 256 32 128 16 4 48 16 8

2.2 eOffice Lite (eFile)

Ser ver s and SAN Specifications for eOffice Lite (eFile)

Database Ser ver SR Ser ver Application Ser ver s
Categor y
RAM SAN
S.No. Based on RAM RAM Cor es
Cor es Cor es Qty. (GB, (TB)
User Base (GB) (GB) (each)
each)
1. Category 1 16 4 8 2 1 16 4 1
2. Category 2 24 4 12 2 1 16 6 2
3. Category 3 32 4 16 2 1 32 6 3
2.3 eOffice Lite (eLeave - eTour )

Ser ver s and SAN Specifications for eOffice Lite (eLeave - eTour )
Database Ser ver SR Ser ver Application Ser ver s
Categor y
RAM SAN
S.No. Based on RAM RAM Cor es
Cor es Cor es Qty. (GB, (TB)
User Base (GB) (GB) (each)
each)
1. Category 1 16 4 8 2 1 16 4 0.5
2. Category 2 24 4 12 2 1 16 6 0.75
3. Category 3 32 4 16 2 1 32 6 1
4. Category 4 32 6 16 4 1 32 8 1.25
5. Category 5 48 6 16 4 2 24 8 2
6. Category 6 48 8 16 4 2 32 8 3
7. Category 7 64 12 32 4 2 32 12 4
8. Category 8 64 16 32 4 2 48 18 5

2.4 eOffice Lite (SPARROW)

Ser ver s and SAN Specifications for eOffice Lite ( SPARROW)

Database Ser ver SR Ser ver Application Ser ver s
Categor y
RAM SAN
S.No. Based on RAM RAM Cor es
Cor es Cor es Qty. (GB, (TB)
User Base (GB) (GB) (each)
each)
1. Category 1 16 4 8 2 1 16 4 0.5
2. Category 2 24 4 12 2 1 16 6 0.5
3. Category 3 32 4 16 2 1 24 6 0.75
4. Category 4 32 6 16 4 1 24 8 0.75
3. SOFTWARE

1. Linux Redhat Server 7.x (64- bit) or above.

2. PostgreSQL 9.5 or above.

4. DI SASTER RECOVERY

Due to the critical nature of applications, there is a need of DR. DR should be at remote location.
The typical setup is same as the primary and any changes in applications (WAR/ Version or
Products) as well as data (PostgreSQL, ZODB, File System) to be replicated, either using storage-
based replication, or host-based replication. The DR solution should support databases
(PostgreSQL in virtual/ physical scenarios), DR Drills and failover. The har dwar e, softwar e and
other infr astr uctur e r esour ces for DR need to be pr ovisioned separ ately.
ANNEXURE–B ( CHECK LI ST S)

1. CHECK LI ST– TYPE I EOFFI CE DEPLOYMENTS

(Fill Boxes with ‘Y’ or ‘N’ or as mentioned in activity)

1. Copy/ email for approval of hosting of eOffice instance of department

2. Deployment Sub category: eOffice Lite or eOffice Premium

3. Registered DNS (under eoffice.gov.in) received

4. VMs and Storage provisioned

5. Public/ Private IPs assigned

6. Time syncing with Network Time Protocol Server (NTP)

7. Sent the IP details to Project Manager for filling LDAP form

8. SSL Certificate deployed

9. LDAP Bind string received

10. Firewall rules placed as per the policy

11. eOffice Stack deployed

12. CRONS scheduled

13. Backups scheduled

14. DB replication

15. Registered with Nagios for monitoring

2. CHECK LI ST– TYPE I I AND I I I EOFFI CE DEPLOYMENTS

(Fill Boxes with ‘Y’ or ‘N’ or as mentioned in acti vity)

1. Copy/ email for approval of hosting of eOffice instance at local servers

2. Deployment Sub category: eOffice Lite or eOffice Premium

3. Deployment Infrastructure available as per eOffice specifications

4. VMs/ Servers and Storage provisioned

5. Public/ Private IPs assigned

6. Time syncing with Network Time Protocol Server (NTP)

7. SSL Certificate procured

8. eOffice Stack deployed

9. Activation key deployed

10. Authenticated through LDAP

11. CRONS scheduled

12. Backups scheduled

13. DB replication

14. Deployment confirmation sent to Project Manager, eOffice Project Team and PMU

15. Go Live Date intimation received from Project Manager

16. Knowledge transfer to local system administration team

ANNEXURE–C (ROLES AND RESPONSI BI LI T I ES)

1. ROLES AND RESPONSI BI LI TI ES FOR TYPE I DEPLOYMENTS

These sites are fully under the control of eOffice Systems Administrators (ESA). The roles and
responsibilities matrix for Type I deployments are as follows:

S. No Activity/ Ser vice Responsibility Remar ks

1. Allocation of VMs and Storage ESA Subject to Availability and Approval

Configuring and making VMs
2. ESA
ready
Allotment of Public/ Private
3. NDC
IPs
4. Firewall rules ESA+ CSG NIC Ensure Audit certificate is available

5. DB server/ replication setup ESA

6. eOffice setup ESA

7. DNS registration ESA

8. Generation of SSL Certificate ESA

9. Deployment of SSL Certificate ESA

10. LDAP configuration ESA

11. Backup scheduling and DR ESA +NDC

12. Registering with Nagios ESA

Monitoring and trouble
13. ESA
shooting
2. ROLES AND RESPONSI BI LI TI ES FOR TYPE I I AND I I I DEPLOYMENTS

These sites will be under the control of Department or Local NIC cells or SDC. The roles and
responsibilities matrix for Type II and III deployments are as follows:

S. No Activity/ Ser vice Responsibility Remar ks

1. H/ W procurement and shipping Department

2. Power cabling DC
H/ W assembling, RAID
3. Department
configuration and Firmware
Management IP assignment
4. DC
(OA/ ILO)
5. Placing servers in DC DC

6. ESXi installation on servers Local Admin Team If applicable

7. IP allocation to servers DC

8. SAN allocation DC
Installation of OS/ database will
be done by Local Admin Teams.
ESA will provide training to the
Local Admin Team & will
Configuring Servers / Creation of
9. Local Admin Team supervise the installation.
VMs
However, ESA team’s role
during supervision will be
limited to specific issue
resolution only.
10. Allotment of Public/ Private IPs Local Admin Team
17. Generation of activation key ESA
ESA team will provide support
18. DB server/ replication setup Local Admin Team
for specific issue resolution
ESA team will provide support
19. eOffice Setup Local Admin Team
for specific issue resolution
20. Deployment of activation key Local Admin Team
Issue of SSL Certificate and its Department &
21.
deployment Local Admin Team
22. LDAP bind configuration Local Admin Team
DC & Local Admin Initial Support will be provided
23. Backup scheduling
Team by ESA
NIC Mail Group &
24. Secondary LDAP setup If applicable
Local Admin Team
Local Admin Team
25. Starting of services and Go live
& ESA
DC & Local Admin
26. Disaster Recovery setup
Team
ESA team can provide support
27. Monitoring and trouble shooting Local Admin Team
for specific issue resolution
ESA team will provide support
28. Performance and availability Issues Local Admin Team
for specific issue resolution
29. Data ownership Department
This will be a planned activity
with advance intimation. The
30. Release management Local Admin team
release document will be
provided by ESA team.
ANNEXURE–D (PERFORMA FOR FORMAL HANDI NG OVER AND T AK I NG OVER OF EOFFI CE SERVERS)

Per for ma for for mal Handing over and taking over of the eOffice Ser ver s deployed at State Data Centr e (SDC) or Local Data Centr es

Behind
Ser ver / Softwar e Stor ag
Ser ver Physical/ Load
S.No. VM and Pr ivate IP Public IP Backup IP Allotte
Descr iption VM Balancer
Specificat ions ver sion (in GB
(Y/ N)

1 Database Server

2. DB SR Server

Application
3.
Servers
The servers mentioned in above table are hereby handed over to ________________________________
_______________________________________ [Name of the Designated official with designation and office details]
on ___________________ [Date of transfer] [Time].
The Server Administrator Passwords are also provided to them in sealed envelope. On taking over,
the designated administrator is required to immediately have the passwords and other credentials
changed.

Official Taking over << Signature of the Designated Server Administrator from the State DIT / NIC State Unit /
Department>>

Official Handing over << Signature>>

Roles and Responsibilities & Ser vices of the Designated Ser ver Administr ator (DSA)

1. eOffice Servers Administration (OS, Tomcat, ZOPE)

2. eOffice Database Administration
3. Addressing the Firewall, LDAP and Load Balancer issues
4. Ensuring that adequate SAN Storage is available and taking steps for needed augmentation on
timely basis.
5. Ensure that the backup is taken regularly based on the backup plan enclosed.
6. Deployment of new versions after the approval from appropriate authority.

eOffice Project Division, NIC Delhi shall provide new releases with release notes to the DSA for
deploying, as and when a new version is released.
ANNEXURE-E (EOFFI CE DEPLOYMENT READY RECKONER)

eOffice Deployment Ready Reckoner

Deployment
Scope Hosting Activities Annexur es
Type
National Data Centr e Appr oval by concer ned NIC cell/ Division. Annexur e-A
Type I Centr al Gover nment (NDC), Shastr i Par k, Pr ovision of r esour ces by NDC/ eOffice Annexur e-B
Ministr ies/ Depar tments New updates fr om eOffice as and when
Delhi Annexur e-C
available
Appr oval by concer ned NIC cell/ Division.
Pr ovision of r esour ces by Local NIC
cell/ depar tments
Local Constitution of a dedicated System Annexur e-A
Sensitive depar tments of
NIC/ Depar tments with Administr ation Team by the NIC Annexur e-B
Type II GOI or other similar
no outside/ r emote cell/ depar tment for eOffice deployment and Annexur e-C
gover nment depar tments
access system suppor t Annexur e-D
For mal Handing over fr om eOffice
New updates fr om eOffice as and when
available
Appr oval by concer ned NIC cell/ Division.
Pr ovision of r esour ces by Local NIC
State Data Centr es or cell/ depar tments
State Gover nments, PSUs or Constitution of a dedicated System Annexur e-A
Data centr es of the
or ganisations with their Administr ation Team by the NIC Annexur e-B
Type III or ganisations with
own Data Centr es managed cell/ depar tment for eOffice deployment and Annexur e-C
r emote access allowed
by them system suppor t Annexur e-D
if r equir ed For mal Handing over fr om eOffice.
New updates fr om eOffice as and when
available