AyTeko has created the infrastructure of the "departmental cloud" of FIPS based on Astra Linux GC solutions

2021: Completion of creation of import-substituted infrastructure "departmental cloud" FIPS based on Astra Linux GC solutions

As part of the National Program Digital Economy of the Russian Federation , the company "" AyTeko created Federal Institute of Industrial Property a software-defined in (FIPS) based on data center a secure hypervisor virtualizations OS Astra Linux Special Edition virtualization environment management complex developed from the composition and software complex "Brest". GK Astra Linux IT Infrastructure meets the requirements for ensuring the 3rd class of GIS protection, Astra Linux Group of Companies announced on April 1, 2021.

The components of the software complex "Basic Information Technology Systems and Services" were deployed, which includes import-substituting solutions for services: a single catalog, certificate management, time synchronization, dynamic configuration of nodes and resolution, domain names managements of the press data storage users (with centralized control of access rights), load balancing of application components and GIS services implemented on the basis of "departmental," clouds e-mail audio and video communication system and service based. software Mind servers A system-based solution and Puppet are used to centrally manage computing and workstations Foreman.

These works were the first stage of the comprehensive project "Creating systems to support the registration and protection of rights to intellectual property objects," which started in 2019 and includes the creation of a number of State Information Systems (GIS) and a platform IT infrastructure designed for the development, deployment and industrial operation of implemented GIS.

According to the solution architecture, all components of the "departmental cloud" are physically located in two, DPC which are redundant for each other. Thanks to this, the reliable functioning of the GIS and the continuity of production processes of the Federal Institute of Industrial Property are ensured. backup The freely distributed subsystem ON Bacula provides the required RTO\RPO indicators to the GIS components.

As part of the subsystem "Automated workplaces of FIPS," the ability of users to work in the Astra Linux environment using an office package based SPO on both physical and virtual AWS (subsystem), VDI launched on the same platform of the "departmental cloud," in its user segment, is implemented. User access to virtual WS is provided by a connection broker that manages the virtual desktop subsystem and application publishing. The global balancing subsystem used provides seamless connectivity to the access portal, virtual desktops, and workstations, regardless of which of the two departmental cloud sites is running. From the virtual machine virtual desktop environment OS Linux with, it is possible to work with applications that have historically worked only on the platform. Windows This scenario of using the VDI subsystem will allow FIPS to quickly switch to. import substitution software

The protection of the "departmental cloud" of the FIPS is provided by the "Integrated Information Security System," which fully corresponds to the set of "Requirements for the protection of information that does not constitute state secrets contained in state information systems" in accordance with Order No. 17 of February 11, 2013 FSTEC of Russia (as amended by 15.02.2017 No. 27 and 28.05.2019 No. 106).

Solutions used to protect information include: a trusted boot system, a FSTEC-certified operating system for servers of the Astra Linux virtualization platform "Smolensk" 1.6, a system for controlling the actions of privileged users, a security analysis system, an firewall system, and a web portal access protection system.

"The use of Windows application delivery technologies to Linux workplaces significantly reduces the cost of licensing Microsoft products, as well as ensures the coexistence of new and legacy FIPS applications in a single employee work environment. And the commissioning of a mail system based on CommuniGate Pro, integrated with the existing MS Exchange mail system, allows you to smoothly switch to an import-substituted solution, without slowing down the work processes of the department. Using an office package based on the ACT on physical and virtual AWS will make it possible to abandon MS Office as the new software is mastered, "said Sergey Popov, Deputy General Director of AyTeko.

"During the implementation of the project, not only technical, but also organizational solutions were developed that will allow FIPS to quickly and painlessly carry out import substitution and ensure the reliable functioning of GIS commissioned regardless of geopolitical events," said Roman Mylitsyn, Director of Innovation, Astra Linux Group of Companies.