IT Governance Business Case
Enterprise Data Centers and Firewall
Solutions
Refresh Technology
Background
The Department of Technology Solutions (TS) aligns the City’s information technology infrastructure and systems to the business needs of the City’s departments. It designs, implements and maintains the technology hardware, applications and programs.
In 2019, TS purchased Palo Alto on-premise firewall with the 5-year capitalization plan. Current licenses will expire in October 2024.
In 2020, TS implemented two new server clusters at the City Hall data center. The products were initially purchased on a 5-year capitalization plan, and now there is a need to renew and upgrade expiring VMware and Nutanix software and licensing in 2025, as part of the normal data center refresh cycle. The refresh will be resized to our current needs.
In 2022, the Police Department implemented a Nutanix server cluster software and licensing. The hardware pro support and software license will expire in 2025.
Current Business Problem
The licensing to use several data center software and hardware resources are expiring across the enterprise requiring a refresh. The software upgrades come with license renewals. The resources are the following:
• City Hall Nutanix and VMware licensing
• PD Nutanix and VMware licensing
• Firewall Licensing and Hardware
Current Pain Points
• Licensing is expiring which will not allow us to continue using key data center resources critical to running enterprise operations applications
• Licensing is expiring on the firewall, requiring us to renew
Strategic Alignment
City of Durham's Strategic Plan Goal:
Innovative & High Performing Organization
TS Objective #1: Plan and allocate IT investments in accordance with IT Governance principles to ensure sustainable growth
TS Objective #3: Maintain and modernize all the City's assets to align to the evolving and emerging technologies in the marketplace for City business units
Future State Benefits
• Maintain and modernize the City's data centers assets to align to the evolving and emerging technologies in the marketplace to improve the City's operational performance
• Maintaining licensing to continue using data center resources
• Increased Efficiency: Consolidated resources and optimized use of the Nutanix and VMware clusters, utilizing the infrastructure at an optimal capacity level. Software renewals are in sync with hardware lifecycle management
• Cost Savings: Resources are used efficiently through careful planning of renewals, balancing immediate cost with long-term benefits an ensuring uninterrupted service and support
• Improved Scalability and Flexibility: The IT environment is scalable and flexible to easily adjust to changing needs and demands without significant additional investments
• Long-term Sustainability: Ensured long-term sustainability and relevance of IT resources, avoiding shortterm solutions that could lead to problems down the line
• Enhanced Compliance and Security: The IT infrastructure is streamlined and updated to enhance compliance with relevant regulations and improve overall data security
• Optimized IT Infrastructure Management: Streamlined management of virtual environments to improve efficiency and performance. The IT infrastructure management is simplified by clarifying roles and responsibilities and streamlining processes for dealing with vendors and support issues.
Analysis and Recommended Solution
City Hall Nutanix License Renewal Cost
Cost item 3 Years (prepayment) 5 Years (prepayment) Renew Nutanix Files License $127,752 (-18%) $187,658 (-28%) Renew Nutanix VM $325,749 (-26%) $473,363 (-35%) Renew VMware $96,768 (-26%) $160,992 (-26%) Total Cost $550,269 (-24%) $822,013 (-32%) Average Total Cost Per Year $183,423 $164,403
compared to a yearly renewal option for each line item.
* Green numbers in brackets reflect percentage savings
Police Department Nutanix License Renewal Cost
numbers
Cost item 3 Years (prepayment) 5 Years (prepayment) Renew Nutanix Software and Hardware Pro Support $215,843 (-17%) $318,093 (-27%) Renew VMware $43,008 (-26%) $71,552 (-26%) Total Cost $258,851 (-19%) $389,645 (-27%) Average Total Cost Per Year $86,284 $77,929
* Green
in brackets reflect percentage savings compared to a yearly renewal option for each line item.
Firewall and VPN Renewal Cost
* Green numbers in brackets reflect annual percentage savings compared to a 3-year renewal option for each line item.
Cost item Palo Alto 3440 (3 years upfront) Palo Alto 3430 (5 years upfront) Firewall Hardware $67,532 $51,508 (-24%) Pro Support $52,304 $87,174 (0%) Firewall Software License $132,974 $208,668 (-6%) VPN License $33,454 $52,384 (-6%) Implementation $24,000 $24,000 (0%) Total Cost $310,264 $423,734 (-18%) Average Total Cost Per Year $103,421 $84,747
Analysis of Proposed Solution: City Hall and PD Nutanix renewal
City Hall Nutanix renewal
• For Nutanix VM, VMware, and Nutanix Files, there will be reduction in capacity utilization envisioned within the next 5 years. We propose the 5-year software renewal to receive the full-term discount. After the 5-year term, we may be able to reduce licensed capacity post Next Generation ERP and Next Generation Inspections and Planning deployments.
• There are no hardware upgrades envisioned in the next 5 years. Pro Support coverage (about $17,000 per year) is included in the base budget and is out of scope of this request.
Police Department Nutanix renewal
• For Nutanix VM, VMware, Nutanix Files, and Pro Support, there could be reduction in capacity utilization envisioned within the next 5 years if their solution migrate to the cloud. We propose the 5-year software renewal to receive the full-term discount.
Analysis of Proposed Solution: Palo Alto Firewall and VPN
• Palo Alto is the leader in cybersecurity solutions, focusing on advanced firewalls that secure networks, endpoints, and infrastructure. Its Next-Generation Firewall (NGFW) technology is providing visibility and control over network traffic threats.
• Comprehensive features include Advanced Threat Prevention, Advanced URL Filtering, Advanced Wildfire, DNS Security, SD-WAN, and Global Protect VPN.
• Replacing the 2nd generation PA-5220 with the 4th generation PA-3430 firewall hardware will ensure the ongoing access to latest security features for the next 5 years and beyond.
• Palo Alto is the existing firewall and VPN vendor and is well-integrated into the City's security infrastructure. Keeping the Palo Alto as a vendor will minimize disruption caused by this upgrade.
Recommended Solution: City Hall and PD Nutanix Renewal
Description
Renew existing licenses with Nutanix VM, VMware, Nutanix Files, and Pro Support across the City Hall and Police Department data centers for another 5 years.
Pros
• Take advantage of 27% - 32% discounts of the 5-year contracts
• Stability of IT strategy and long-term planning to forecast IT infrastructure needs and costs accurately
• Operational efficiency from reducing time and resources spent on renewal process annually
• Consistent updates and support to mitigate the risk of security vulnerabilities and system failures
Cons
• Potential of underutilizing capacity post migration to Next Generation solutions
Recommended Solution: Refresh Palo Alto Firewall and VPN
Description
Refresh the firewall and VPN solutions with Palo Alto 3440 Next-
Generation Firewall hardware and Core Security Subscription Bundle
Pros
• ML-powered firewall
• Advanced security features including encrypted traffic and comprehensive threat prevention
• High-speed internet gateway deployments
• Dedicated processing and memory
• Advanced URL Filtering, Wildfire feature, DNS Security, SD-WAN subscription
Cons
• N/A
Security Review
The recommended solution meets the required cyber security standards for the City of Durham.
Architecture Review
The recommended solution meets the required architectural standards for the City of Durham.
Recommended Solution - Project Financial Estimate
COST ESTIMATES FUNDING Description Implementation Costs (Hours) Post Implementation Run Costs (Hours)/ KTLO Departmental Funding Amount: $0.00 Labor $ (Hours) Internal TS Department: 386 Hours Funding Requested (Y/N): Y Business Analysis 12 hours Internal Labor New FTE – Year 1 Costs $0.00 Project One Time Costs (External) $0.00 Managed Services 16 hours *Total CapEx Funding Requested for Year 1 $1,635,392 Data Center Services 58 hours Cyber security 140 hours ***No recurring costs for 5 years due to capitalization of recurring costs $0.00 PMO 160 hours External Labor $: $24,000 Non-Labor $ Software License - City Hall Nutanix: $822,013 $0.00 Software License - PD Nutanix: $389,645 $0.00 Software License - Firewall: $348,226 $0.00 Hardware – Firewall: $51,508 $0.00 * Total Project Funding Requested Year 1 includes New FTE Labor, External Labor and Non Labor
Risk Identification
Description of Risk Risk Impact (High/Medium/Low) Mitigated (Y/N) Contingency(Y/N) Vendor performance Low N N Cyber Security Low N N Project Team Turnover Low N N Poor Execution Low N N
Mitigation Risk (Costs)
• N/A
Contingency Risk (Costs)
• N/A
Our ask
We ask the IT Governance Steering Committee to approve the business case to renew key data center software licensing and hardware.