Professional Documents
Culture Documents
UK Firewall Change Processes - Use Cases v3
UK Firewall Change Processes - Use Cases v3
C2 General
Introduction and Context
• This slide deck will outline the process to follow in order to get firewall changes implemented across
different areas of the estate in the UK, including when GDC (Group Datacentres – Dublin, Ratingen
and Milan DCs) flows are required
• The complexity of the Vodafone network leads to a complexity of the process, which means for each
use-case might be different teams involved and different portals to raise the request
• The aim of this guide is to provide enough information for the requestors to identify under which
use-case does their request fall.
• If after going through this guide, it is still unclear to understand your use-case, please raise a request
for a Consultancy in the GNED Portal.
Need a
Firewall Raise a WOW request in Testing YES
Confirm Closure of
change Engage Cyber Security Send email for Implementation Connectivity successful? WOW request
GNED Portal using OfficeIT UK
to Hosting Team
UK providing: Fixed Line product
as advised from GNED IPLAN Design
Requestor Project HLD Attaching: Attach completed Comms Matrix
Comms Matrix with IPs Comms Matrix NO
and UK Security approval
UK Security approval
Request Troubleshooting
from the Hosting change
team
if thereǯs issue on Fixed Line flows
3. Email Hosting Change Management to raise change in Fixed Line Remedy (Ref
CHG000000XXXXXX)
• Once the GNED/IPLAN engagement has concluded – you will be provided with an updated Comms Matrix/RFC (Request for
Change)
• You will need to send the designed Comms Matrix and security approval email to the Hosting Change Management Team
change-request@vodafone.com mailbox, who will then facilitate raising a Fixed Line Remedy change for implementation
Request Troubleshooting
from the Hosting change
team
if thereǯs issue on Fixed Line flows
2. Check Group compliance for Security and Routing in Connectivity Compliance Portal (CCP)
• If Group IPs are involved in the flows, then raise Comms Matrix (either directly in tool here, by Group Comms Matrix Template or
by unhiding the ‘FW Matrix’ tab in the UK Comms Template) into CCP Tool
• If non-compliant from Security perspective, raise a Security Exemption via CCP here and provide evidence of Cyber Security UK
approval for Comms Matrix (if exemption requires UK involvement)
14 Tuesday, June 15, 2021
C2 General
Use-case 4 – Group and UK Managed
3. Raise request into TO Portal for GDC network design and implementation (Ref
RLMXXXXXX/RITMXXXX)
• Once Comms Matrix is verified in CCP, to initiate an implementation request you need to go to the TADO Portal and search for
End-to-end IP Connectivity Analysis and Implementation product in the Search field (or copy this link to your browser
https://servicecatalogue.vodafone.com/catalogue?id=sc_cat_item&sys_id=c3d4c9d34fb51a0047abc9318110c71a .)
• You will need to include the CCP Comms Matrix url and attach the Cyber Security UK Approval Mail.
• From this engagement, GDC will complete their design and will engage GNED IPLAN via a WOW demand on customer’s behalf, for
any work required on the UK side.
• Once the GNED/IPLAN engagement has concluded – you will be provided with an updated Comms Matrix/RFC (Request for Change)
• After the UK design is also completed, you will be advised from an IPLAN engineer, to raise the demand for implementation as in use-
cases 1, 2 or 3. So sending an email to Hosting Change Management if the Comms Matrix contains UK Fixed Line flows, raising a
Tufin request if UK Mobile flows, or both.
Need a
Firewall
change Testing Confirm Closure of
Engage Cyber Security UK Raise a Connectivity Request in YES
Connectivity successful? RLM request
providing: TO Portal
Project HLD Attaching the url of CCP of
Comms Matrix with IPs Comms Matrix and Cyber
Requestor
Security UK approval email NO
Note: The Firewalls that are Group Managed only, might still need Cyber Security UK approval even though the are no UK IPs at all. Some of the UK
applications are hosted in the Group Datacentres
2. Raise request into TO Portal for GDC network design and implementation (Ref RLMXXXXXX/RITMXXXX)
Same as in use-case 4
3. Testing and troubleshooting When the design is completed and the flows are
implemented, test internally and notify the GDC Delivery Manager who picked up the RLM request to close the ticket if the testing is
17 Tuesday, June 15, 2021
successful or request a troubleshooting using the same RLM reference
C2 General
Support Contacts
• Cyber Security UK
– Demand – Jonathon.davies@vodafon.com martyn.pritchard@vodafone.com or terry.coffey@vodafone.com
– Escalations – tauqeer.hassan@vodafone.com or gary.bradshaw@vodafone.com
– General Tufin queries – DL-OSS-ToolFactory-Operations-Tufin@vodafone.com
• CCP Contacts
– GTS-FA - DL for Group Security Approval - gts-fa@vodafone.com
– Manager of GTS-FA - Neelkanth.Dwibedi@vodafone.com
– CCP Support - zlatina.dimitrova@vodafone.com
• Group Network Engineering and Delivery (Demand Delivery and IPLAN Design)
– Demand – olsi.korkuti01@vodafone.com, elena.Dobrin@vodafone.com or mihai.sandu@vodafone.com
– Demand Escalations – luciano.gandini@vodafone.com
– Design – taher.ali@vodafone.com or anca.maracineanu@vodafone.com
– Design Escalations - pedro.gomes@vodafone.com
• Group Data Centre (GDC) Delivery and Design
– Delivery support – Pawan.Kaul@Vodafone.com, Sadanand.Humane1@Vodafone.com or Pramod.Singh5@Vodafone.com
– Delivery Escalations – andre.kossmann@vodafone.com
– Design Escalations – ana.sousa@vodafone.com
• Hosting Change Management
– Demand – change-request@vodafone.com
– Escalations – zubair.hussain@Vodafone.com or jeffrey.jarvis@vodafone.com
• UK Tech Ops IP Security
– Demand – DL-IPSecurityTeam@internal.vodafone.com
– Escalations – https://ipsecurity-rfe.internal.vodafone.co.uk 18 Tuesday, June 15, 2021
C2 General
Tooling Access
• Cyber Security UK Engagement
– Global Cyber Security Demand Portal – accessible to all Vodafone employees, must use Internet Explorer
• Group Network Engineering Delivery (GNED) Consultancy, Design and Feasibility
– GNED Portal – accessible to all Vodafone employees
• Implementation Requests (Firewall Change Process)
– Tufin SecureChange (Mobile) – application accessible using AD credentials, support and guidance found here,
UK workflows restricted to UK employees only (i.e. not Group) unless granted ‘SecureChange Requester’ role via
following UAM process (copy url in your browser
https://workspace2.vodafone.com/Group/TDO-UAM/Access%20Request%20Forms/Access_Request-Tufin.xls )
– Fixed Line Remedy (for approvals only) – accessible to those with WID and Fixed Line Remedy accounts for
approvals only – changes are raised on behalf of requestor by change-request@vodafone.com
– Connectivity Compliance Portal (Group) – support and guidance can be found here