Proposal for the construction of intelligent manufacturing industry operation center in a new generation industrial park

(To get the full version of the document, please add attention and communicate by private message!) ）

1. Overview of the construction of industrial parks

Second, the analysis of the pain points of the operation of industrial parks in XX City

2.1 Park management pain points

The support policies of traditional parks are unreasonable or not conducive to the long-term management and development of the park; Traditional park management and investment promotion methods, are relying on resources, policies, prices and other factors to support enterprises, many preferential policies can not promote the sustainable development of park enterprises for a long time, and some policies are unreasonable or not conducive to the long-term management and development of the park, and even some policies are not responsible for the management of the park, such as: only short-term obvious results, and the long-term cost to the rear boundary, more enterprises use policy funding to do things unrelated to the development of park enterprises, and the park is difficult to control without effective supervision and management tools. Some investments are ostensibly to do business, but in fact they are to take policies and earn money from banks, leaving behind an abandoned piece of land;

2.2 Pain points of enterprise operation

The cost investment of enterprises is large, the utilization rate of assets is not high, and the corresponding depreciation and performance decay are fast. High-tech enterprises into the park investment cost is very high, such as: early investment in a large number of high-end equipment, high-end talents, but the utilization efficiency of these assets is not high, over time, these high-cost investments corresponding to depreciation and performance decay is very fast, especially high-paying technology is the easiest to be surpassed, easy to decay, if the enterprise can not obtain enough profits in the short term, these investments can not be adequately guaranteed;
Financing is difficult. Many small and medium-sized enterprises in the park have orders but no collateral, and although there is a lot of valuable data within the enterprise, the cost of obtaining this information is too high, so the bank is reluctant to lend.

III. Industrial Analysis of Industrial Parks (Resident Enterprises)

3.1 The relationship between the park and the urban area

3.2 Industry Analysis

3.3 Industry Analysis

3.4 Future Economic Analysis

3.5 Planning of the XX City on the Information Industry

4. Overall solution and content of park construction

4.1 Background and Meaning

With the decline of ZG economic development growth rate, the economy will be in medium and low growth for a long time, while the upgrading of market consumption has led to excess of low-quality products and excess capacity, while the costs of manufacturing enterprises are rising, and the level of production and operation management needs to be improved.

The specific performance is that enterprises are facing various management and operating costs rising, profit decline, personalized demand and small batch multi-frequency orders are increasing, the same large-scale orders are getting less and less, the traditional ERP software for large-scale industrial assembly line production standard products is no longer adapted to the production experience management of enterprises, enterprises need to adapt to flexible production of more flexible information systems, and in today's network era, to be able to cooperate more closely with upstream and downstream cooperative enterprises.

At present, the global manufacturing industry is in the key opportunity to accelerate from the digital stage to the network stage, the mainland with the integration of industrialization and industrialization, the promotion of ZG manufacturing 2025, and the proposal of supply-side reform, and the deepening of "Internet + advanced manufacturing" new tasks, new requirements, manufacturing enterprises facing the transformation and upgrading must rely on the integration of information, digitalization, Internet, artificial intelligence and other scientific and technological elements, and industrial Internet + intelligent manufacturing has become the key to the innovation and development of manufacturing.

A few days ago, the "Guiding Opinions on Deepening the Development of the Industrial Internet in "Internet + Advanced Manufacturing" proposed to make efforts from the supply side and demand side of the industrial Internet platform to accelerate the construction of the industrial Internet platform, promote millions of industrial enterprises to go to the cloud, and build a new manufacturing ecology with two-way iteration and mutual promotion of the platform and use the platform. Accelerating the construction of a new capability system of the mainland industrial Internet platform and forming an open value ecology with large-scale application is the key to achieving the strategic goals of the mainland industrial Internet development.

Therefore, the industrial Internet platform we plan to build must be a professional service platform that is data-driven and manufacturing capabilities as the core. First, data is the core element of the platform, and cooperation based on data capabilities is the power source of platform business development and model innovation. Second, building an open and shared value network is the basis for the development of the industrial Internet platform, and no company can independently provide end-to-end solutions such as "cloud infrastructure + industrial terminal connection + data analysis + application services" of the industrial Internet platform, and building partnerships and ecosystems is the main way for platform development. The third is to gradually shift from platform functions and products as the center to value co-creation as the center. As the platform gradually has the ability to automatically quantify the value of services, the platform will realize the transformation from selling products or services to selling quantifiable value results around market demand, driving changes in service pricing methods, financial instruments, and risk prevention and control mechanisms, and redefining the competitive landscape and industrial structure.

4.2 Basic conditions and development advantages of the region

4.3 Overall Objectives

By introducing the experience, capabilities and technologies and products of national high-end intelligent manufacturing service innovation demonstration enterprises, and at the same time introducing innovation-leading policies and regulations in XX urban area, combined with the elements of capital, production capacity, scientific research, talents and infrastructure in the region, we will introduce wisdom to manufacturing enterprises in existing industries in XX city, create a high-end regional center, redefine the competition pattern and industrial structure, and build a network covering technological innovation, resource integration and dynamic allocation, platform services, enterprise participation, and value co-creation as the guide. The multi-party collaborative park opens up the network value ecology, breaks the traditional path of chain development of the traditional closed industrial technology system, and realizes lane change and overtaking.

The goal of the project is to promote 100 industrial enterprises to go to the cloud and establish a new manufacturing ecology that uses the platform for two-way iteration and mutual promotion. Accelerate the construction of a new capability system for industrial Internet platforms in XX city and industrial parks, form an open value ecology with large-scale application traction, and lead manufacturing enterprises in XX city to improve their industrial structure.

4.4 Overall Program Content

Build an intelligent manufacturing innovation service center in an industrial park, output the industrial Internet cloud platform, and build six industrial function platforms, including intelligent manufacturing platform, Internet of Things platform, Internet finance platform, innovation incubation platform, capacity trading platform, and training and display experience platform.

It outputs complete intelligent manufacturing solutions for enterprises in XX industrial parks, including manufacturing brain, industrial big data, industrial application platform, and industrial application services, brings product fault diagnosis and early warning to the local manufacturing industry, accelerates product innovation, and meets the big data application of industrial Internet of Things production lines, while providing intelligent application services in industrial supply chain, design, production process, etc., to promote the industrial economic transformation of the region.

Provide end-to-end solutions such as "cloud infrastructure + industrial terminal connection + data analysis + application services + blockchain" of the industrial Internet platform to build partnerships and ecosystems.

The overall proposal and design plan will include:

Scheme design and planning of intelligent manufacturing exhibition center;

Scheme design and planning of intelligent manufacturing training center;

Design and planning of big data centers and network and IT infrastructure;

Industrial Internet cloud computing service platform;

Industrial function platform based on cloud service platform, intelligent manufacturing platform, Internet of Things platform, Internet financial platform, innovation incubation platform, capacity trading platform, training display experience platform.

Exhibition center: including building automation, industrial intelligent simulation production line, AR/VR augmented reality demonstration, intelligent manufacturing park sand table, industry display, industry classification display, enterprise distribution display, competitiveness index, slice focus and government and enterprise services;

Training center: including building automation, integrated wiring, large screen, audio-visual equipment, industry 4.0 system training platform and teaching demonstration system, providing training in intelligent robots, process modeling and simulation, intelligent equipment, flexible production lines, industrial SaaS software, etc.;

Data center: including computer room decoration, high-voltage distribution cabinet, transformer, UPS battery, weak current, HVAC, fire protection, security, access control, cabinet (50), integrated wiring;

IT infrastructure: 10 cabinets in the first phase, including servers, storage, switches, firewalls, routers;

Cloud computing management platform and hyper-converged system: including hyper-convergence, containers, enterprise network disks, IT operation management, automated operation and maintenance, monitoring, IT asset management, and industrial big data;

Industrial application service components: including industrial intelligent components, supply chain collaboration system, manufacturing execution system MES, advanced planning and scheduling system APS, industrial equipment collection CPS, preventive maintenance system, operation visualization system, capacity trading system;

Industrial intelligence support environment: including artificial intelligence, industrial big data storage and analysis;

4.5 Project Construction Period

1. In April 2022, the overall scheme design review;

2. In June 2022, the project was established and started, and the project team was established;

3. From July 2022 to February 2023, complete the design, construction and construction of data centers, training centers and exhibition centers;

4. From February to April 2023, the deployment, configuration, debugging and delivery of cloud computing service platforms and industrial application services;

5. In May 2023, the trial operation of industrial cloud services;

6. In June 2023, it will officially provide operation services to enterprises in the park.

5. Cooperation plans for industrial parks

5.1 Fund Cooperation Programme

Both parties A and B establish an intelligent manufacturing innovation incubation fund or industrial fund in the XX city area, and A subscribes to the fund for not less than 40% of the share. Party B joins and manages the investment of the fund as a GP, actively attracts innovative enterprises in the fields of artificial intelligence, robotics, and advanced manufacturing to settle in the park for incubation, and conducts post-investment management of the invested projects.

5.2 Construction of cooperation programs

In the early stage of the project, our company registered a localization company in XX City Industrial Park, and XX City Industrial Park is responsible for finding investment companies or local urban investment companies to invest in local companies registered with us, which will be responsible for designing, building and delivering data centers, exhibition centers, training centers, industrial cloud service platforms and industrial application services in the park.

Another cooperation scheme is that during the construction of the project, our company provides consulting suggestions, overall scheme planning, detailed scheme design, including construction plan and operation plan for the park, and is responsible for the engineering design and decoration construction general contracting including data center, exhibition center and training center, and is responsible for delivering industrial cloud service platform and complete industrial application services to the park.

5.3 Operation Cooperation Program

During the operation period after the completion of the project construction, our company established a joint venture company with the subordinate company of the park, our company provided professional technical services and operation guidance to the joint venture, and the joint venture company purchased technical support and maintenance services for cloud computing platform and industrial applications from our company.

Our company will coordinate and promote its strategic partners or ecosystem enterprise customers to live in an industrial park, and use its influence in the industrial Internet to publicize and promote the cooperation model and successful cases of XX city park, support the innovation and entrepreneurship activities of XX city industrial park, carry out industrial Internet summit forum, and assist in the introduction of business incubation enterprises, and will also jointly apply for provincial and national intelligent manufacturing special support projects with enterprises living in XX city industrial park.

The park should actively promote the guidance of Internet + advanced manufacturing, and cooperate with our company to build the park into a provincial or national innovation demonstration center for intelligent manufacturing; Promote industrial applications on the platform through guidance or market economy in the park; Establish a gradient technology transformation mechanism and enterprise training mechanism; And actively attract manufacturing enterprises in XX city, Sichuan or the whole country to settle in the park.

5.4 Revenue Cooperation Program

6. Construction plan of intelligent manufacturing service center in the park

6.1 Master Plan and Blueprint

Build an intelligent manufacturing innovation service center in an industrial park, export the industrial Internet cloud platform, and build six industrial function platforms, including intelligent manufacturing platform, Internet of Things platform, Internet financial platform, innovation incubation platform, capacity trading platform, and training and teaching platform. Realize the sharing, complementarity and docking of design capabilities, production capacity and manufacturing resources, promote the online release and trading of manufacturing capabilities and production resources, and build an industrial ecology of social collaboration.

Export complete intelligent manufacturing solutions to enterprises in XX industrial park, including manufacturing brain, industrial big data, industrial application platform, industrial application services, bring product fault diagnosis and early warning to the local manufacturing industry, accelerate product innovation, meet the big data application of industrial Internet of Things production lines, and provide intelligent application services in industrial supply chain, design, production process, etc., provide one-stop cloud manufacturing services for enterprises, lead the development of manufacturing industry in the direction of automation and intelligence, and promote the transformation of the industrial economy in the region.

Provide end-to-end solutions such as "cloud infrastructure + industrial terminal connection + data analysis + application services" of the industrial Internet platform to build partnerships and ecosystems.

The planned industrial Internet platform must be a professional service platform that is data-driven and manufacturing capabilities as the core. First, data is the core element of the platform, and cooperation based on data capabilities is the power source of platform business development and model innovation. Second, building an open and shared value network is the basis for the development of the industrial Internet platform, and no company can independently provide end-to-end solutions such as "cloud infrastructure + industrial terminal connection + data analysis + application services" of the industrial Internet platform, and building partnerships and ecosystems is the main way for platform development. The third is to gradually shift from platform functions and products as the center to value co-creation as the center. As the platform gradually has the ability to automatically quantify the value of services, the platform will realize the transformation from selling products or services to selling quantifiable value results around market demand, driving changes in service pricing methods, financial instruments, and risk prevention and control mechanisms, and redefining the competitive landscape and industrial structure.

By building a platform that integrates industrial gateway, industrial big data collection and analysis, artificial intelligence, industrial operating system, industrial business application and service management, it can provide manufacturing enterprises with the ability to solve actual business scenarios, help manufacturing enterprises quickly transform and upgrade through shared intelligent manufacturing service resources, alleviate excess capacity, transform from manufacturing to service, and reduce operating costs and improve yield rate.

The intelligent manufacturing cloud service platform has three product capabilities:

IT cloud computing services (such as hyperconvergence, cloud monitoring, virtualization)

Smart factory services (e.g. big data, artificial intelligence, IoT)

Plant business services (e.g. collaborative manufacturing, production management, equipment management, operational visualization)

Based on the ubiquitous network, the intelligent manufacturing cloud service platform of XX Airport Industrial Park constitutes a service cloud (network) of intelligent manufacturing resources and capabilities for user-centered unified operation of intelligent manufacturing resources and capabilities with the help of digital, networked and intelligent technical means that deeply integrate four types of technologies, such as intelligent manufacturing technology, Internet of Things technology, big data technology and manufacturing application technology, so that users can obtain intelligent manufacturing resources and capabilities anytime, anywhere through intelligent terminals and intelligent manufacturing cloud platforms. Promote the integration and optimization of people/organizations, business management, technology/equipment (three elements) and information flow, logistics, capital flow, knowledge flow and service flow (five streams) in the whole system and life cycle activities of manufacturing, and form a new model of intelligent manufacturing based on ubiquitous network user-centered, human/machine/thing/information integration, interconnection, service, collaboration, personalization, flexibility, and socialization, and a new format of "ubiquitous interconnection, data-driven, shared services, cross-border integration, independent wisdom, and innovation", so as to be efficient and efficient. High-quality, saving, green and flexible manufacturing of products and services users, improve the market competitiveness of enterprises (or groups).

System Architecture Diagram:

6.2 Cloud computing data center construction plan

Engineering construction plan

Design principles, The design of this project starts from the overall building area and characteristics, not only paying attention to the importance and recognizability of individual buildings, but also considering the harmonious play of an important role as an overall area. Rational planning of space, the pursuit of efficiency and convenience, to create a modern, concise and atmospheric architectural image.

The planning area, one floor to two floors, 500 to 1000 square meters, the computer room area can accommodate 50 to 100 cabinets.

Design requirements

1. Construction engineering

General floor plan

Planed design

Façade design

building material

2. Structural engineering

Load-bearing, 1000kg/m²

Ceiling height, 10 meters

Structural materials, waterproof treatment, temperature resistance

3. Water supply and drainage engineering

headwaters

Water supply system

Drainage system

Fire protection system

4. Electrical engineering

Substation and distribution system

Power supply

Electricity load calculation

Power lighting power distribution

Lightning protection grounding measures, fire prevention

4. HVAC engineering

Air conditioning ventilation and smoke extraction

5. Building information system

Integrated wiring

Network, voice, trunk, wiring

Wireless intercom, cable TV

Public broadcasting, information display

Security system

Multimedia conferencing

Construction equipment management

(1) Environmental monitoring

(2) Air conditioning unit equipment monitoring

(3) Elevator control system monitoring

(4) Monitoring of air supply and exhaust equipment

energy management

Lighting control

Machine room process scheme

2.1 Functional layout planning scheme

Data centers are expected to meet the requirements of 3-5 years in the medium term and 6-15 years in the long term. Each layer of the data computer room and its supporting equipment room are arranged according to the modular configuration, and the racks and supporting equipment can be gradually loaded according to the actual operation needs, and can finally be accurate to each rack. The cloud computing center computer room is located in the XX floor of the center, of which the X building is the production supporting room, including: diesel generator room, air conditioning and refrigeration room, power distribution room, fire control room and duty room and other areas; The X floor is the standard computer room plan, including: data room area, air conditioning area and power battery area; In addition to the data room and its related supporting areas, the X floor is also divided into multi-functional halls and large conference rooms as needed.

In the main equipment area (that is, the data room), which is divided into ordinary IDC room area and high-level IDC room area, the data equipment cabinet arrangement adopts face-to-face and back-to-back mode, that is, the front panel of the adjacent two-row cabinet is opposite or the back panel is arranged relative to each other. In this scenario, the cabinet is planned to have a face-to-face aisle spacing of 1200mm and a back-to-back aisle spacing of 1000mm. Each row of cabinets is considered according to the power cabinet of 1 machine and the network cabinet of 1 machine, and the actual arrangement needs to be adjusted according to the later equipment installation.

Several influencing factors on the computer room

The area where the data equipment is installed has high requirements for rack heat dissipation and power distribution. The power distribution in the entire computer room will implement a modular way, divided into modules according to the area of the computer room, and each module power distribution area can implement dual power supply to the cabinet, which meets the requirements of the current specification of the dual system mode. There are several factors involved in the heat dissipation of the frame: the layout of the frame, the production requirements, the air supply method of the air conditioner, etc.

2.2 Data center building security layout plan

1) Security level management

Set the appropriate security level according to the importance of each region, and set up the access management system at each level. A large gate is installed at the entrance of the building, enabling reliable security management and smooth access when multiple people are visiting.

The personnel of the base are divided into three levels: average, higher and highest.

General level: access to the building part;

Sub-senior: Personnel pass through the building to enter the central part of the accusation;

Highest level: Personnel can enter the computer room section through the building and the accusation center part.

This is a step-by-step process. Each link needs to be detected and identified before it can move on to the next link.

2) System technology application

(1) Unified platform intelligent monitoring: security monitoring, access control system, centralized monitoring of power environment, smoke early warning system;

(2) Anti-tailgating system: anti-tailgating door;

(3) Infrared early warning technology;

Water leakage detection, mainly used in air-conditioned areas, directly below water pipes.

Power system scheme

Data center data center power consumption statistics

Data center data center power consumption statistics
serial number	Computer room area	Number of racks (racks)	Single Rack Power (KW)	IDC Device Power (KVA)	Air conditioning power consumption (KVA)	Battery Charge Current (KVA)	Lighting Equal Load (KVA)	Total (KVA)
1	Data room	50	5.00	277.78	138.89	100.00	60.00
total	50	277.78	138.89	100.00	60.00	576.00
Note: The power factor is calculated as 0.9

Power transformation and distribution schemes

In this phase, it is planned to use 10KV high-voltage incoming lines, and a total of 2 10KV incoming lines will be introduced in the final game, each with 800KVA capacity, and each 2 channels will be introduced from independent substations. The power load level needs to meet the requirements of the first load of electricity.

Oil turbine scheme

This plan installs one high-pressure oil machine with a standby power of not less than 1000KW on the first floor.

According to the requirements of the fire code, the reserve time of the daily fuel tank of this project is about 3 hours, in order to ensure long-term oil supply, the oil depot can be established or the local petrochemical company can sign a fuel supply agreement, and the coordination can be carried out when necessary

Uninterruptible power supply solutions

This uninterruptible power supply adopts a 2N system, each system capacity is 150KVA UPS (battery backup time 15 minutes), a total of 6 sets.

2.4 Air conditioning system scheme

Cold source scenarios

Calculation of cooling load of air conditioning in the machine room

Chillers

The air conditioning and refrigeration unit adopts the (N+1) method; The cooling tower adopts (N+1) method; The air conditioning cooling water system adopts (N+1) mode;

Refrigeration host: set up four (three uses and one backup) 1400RT (4924Kw) centrifugal chillers, install frequency converters, the total cooling capacity of three chillers XXKW, when any host fails, it can still ensure the normal operation of the system and meet the requirements.

Auxiliary equipment correspondence requirements:

Cooling tower:.

Chilled water circulation pump:

Cooling water circulation pump:

Cooling water disaster reservoir:

Energy-saving modular UPS as an uninterruptible power supply equipment.

2.5 Weak current system scheme

(1) Integrated wiring

The data center integrated cabling project realizes efficient and redundant cabling management with its flexibility and scalability, and the entire structured cabling system should comprehensively avoid the occurrence of a single point of failure hidden danger system.

The integrated cabling system of this project is divided into two parts, one is the integrated cabling system of the business network, which supports the daily production and management system of the government affairs and extranet in the main engine room; The second is the integrated cabling system of the operation and maintenance network, which supports the voice and data exchange functions and the information transmission of security, fire protection, environmental control and other systems in the data center building.

(2) Office operation and maintenance network integrated wiring construction plan

The integrated wiring copper wiring subsystem of the office operation and maintenance network of this project is designed as E class (Cat.6 class), and the application devices (cables, connection hardware) are E class (Cat.6 class). Security, dynamic monitoring, KVM, and automatic control networks are included in the operation and maintenance network, and two network ports are reserved for centralized aggregation on the wall and support area of the data center. The transmission medium and type selection of the integrated cabling system of the office operation and maintenance network are as follows: the 4 pairs of twisted pair copper cables all adopt CMP grade, and the optical cables all adopt OFNP grade; The large logarithm of speech adopts the CMR level.

1) Workspace subsystem

According to the specific conditions of each computer room and the layout of office furniture, reasonable design, uneven distribution. The workspace subsystem principles are as follows:

The density of each office seat is not less than 2 data points and 1 voice point;

In the duty operation area, conference room and monitoring room, etc., the distribution density is not less than 1 data point + 1 voice point / 10 square meters;

All cables, optical cables, wiring equipment, etc. should be labeled and identified. The logo design is based on the TIA 606 standard and the Technical White Paper on Management and Operation and Maintenance of Integrated Cabling Systems.

Information sockets are required to use six types of information socket modules (CAT6), and the transmission parameter test should reach 250MHz. The electrical performance meets the requirements of TIA/EIA CAT6.

2) Horizontal subsystem

The horizontal subsystem design principles are as follows:

A horizontal subsystem consisting of UTP cables, with a maximum horizontal distance of 90m (295ft) from the port of the patch panel in the management room subsystem to the information socket in the work area;

The total length of patch cord, patch cord of connected devices, and cross-connection lines of the work area does not exceed 10M;

The phone line and data cable can be flexibly interchanged, which can easily realize the interchange between all voice points and data points;

In functions where shielding is required, shielded twisted pair or optical cable is used.

3) Manage subsystems

The management room subsystem design principles are as follows:

All copper cable information points are terminated on 24-port Category 6 unshielded quick-connect distribution frames, and voice and data connection management is connected to data switches or voice wiring through different jumpers;

The connection of the vertical backbone of the optical fiber adopts 24-port/48-core LC optical fiber distribution frame;

The voice jumper in the wiring room adopts RJ45-110 pair of jumpers, which connects the quick-connect distribution frame and the 110 distribution frame. The data jumper design adopts six types of unshielded double-ended RJ45 finished jumper.

4) Backbone subsystem

The principles of the skeleton subsystem are as follows:

The data backbone adopts 50/125μm indoor OM4 multimode optical cable, and each floor telecommunication room (FD) adopts two 24-core backbone optical cables;

The voice backbone adopts more than five categories of 25 pairs/100 pairs of large-logarithmic trunk cables, and each voice tap backbone is configured with 1 pair of copper cables, and leaves more than 25% expansion margin.

5) Device room subsystem

The device-room subsystem design principles are as follows:

The wiring closet is equipped with a 19" standard network cabinet. For the installation of distribution frames and network equipment;

Each group of server cabinets shall be equipped with a network cabinet for network access of the group of server cabinets, and the number of server cabinets in each group is recommended to not exceed seven;

The voice main distribution frame adopts 110 type distribution frame;

The optical fiber main distribution frame adopts 24-port/48-core LC optical fiber distribution box, and the trunk optical cables are connected to it;

The data part is completed through the optical jumper between the main network equipment and the main distribution frame of the optical fiber;

The management of the voice section is managed through ordinary jumpers between the patch panel on the switch side and the main patch panel of the structured cabling system.

(3) Service network integrated wiring construction plan

The service network integrated cabling system is designed according to the following parts: equipment distribution area, horizontal distribution area, intermediate distribution area, main distribution area, trunk wiring, and horizontal wiring.

The transmission media and types of this project are selected as follows:

All trunk and horizontal optical cables adopt OFNP grade optical cables;

All multimode optical cables use OM4 optical cable, and single-mode optical cables are OS2 single-mode optical cables;

The main trunk and horizontal copper cables are made of Category VI copper cables, and the fire rating is CMP;

Shielded twisted pair or optical cable is used for functions with shielding requirements;

The copper cables are all pre-terminated systems, and the optical cables are pre-terminated cabling solutions for high-density MPO optical cables.

1) Core main distribution area (core-MDA)

In this project, the main distribution area (core-MDA) is set up, and core switches, routers, security devices, etc. are configured to realize the core aggregation of the entire network and the egress function of external links. Its design principles are as follows:

24/48 port copper distribution frames, 1U96-core or 4U288-core high-density optical fiber distribution frames are deployed in the wiring cabinet of the main distribution area;

Considering dual links, each MDA is connected to the operator's access room via copper, OM4, or single-mode cables.

2) Intermediate distribution area IDA (convergence-IDA)

This project is located in the corresponding floor middle distribution area (IDA), responsible for the convergence and management of the wiring of this floor area, and its design principles are as follows:

24/48 port copper distribution frames, 1U96-core or 4U288-core high-density fiber distribution frames are deployed in IDA wiring cabinets;

Consider dual links, with each IDA connected to the MDA via an OM4 cable.

3) Horizontal Distribution Area (HDA)

In this project, a horizontal distribution area (HDA) is set up in the column where the equipment cabinet is located, which is used to aggregate and manage the copper and optical cables laid by the equipment cabinet in the column, and its design principles are as follows:

24/48-port copper distribution frames, 1U96-core or 4U288-core high-density optical fiber distribution frames are deployed in the HDA wiring cabinet;

Considering dual links, each HDA is connected to two IDA cabling cabinets in the same module or the same area via OM4 optical cables.

4) Equipment Distribution Area (EDA)

The Equipment Distribution Area (EDA) consists of each equipment cabinet and is designed according to the following principles:

24/48-port copper distribution frame and 1U96-core high-density optical fiber distribution frame are deployed in the EDA distribution area wiring cabinet;

EDA is planned according to equipment form, business functions, etc. to improve the utilization rate of server cabinets and the management efficiency of computer rooms, and this period is divided according to industry experience and customer business needs, such as: PC server area, minicomputer area, storage area, high-density server or blade area, special-shaped machine area, etc.;

For each regional EDA, the number of electrical ports (including KVM) and the number of optical ports (including SAN) should be planned according to the equipment type, regional characteristics and industry standards;

The number of electrical ports and optical ports in the EDA cabinet needs to be designed according to the idea of short-term refinement and long-term planning.

2.6 Cable Routing Frame

It is recommended to use a grid bridge for the strong and weak electrical routing frame of the data center. Compared with traditional bridges, grid bridges have the following characteristics in data centers;

(1) The maintenance and repair work is simple. Equipment is often added, subtracted or changed in the machine room, and cables are removed or added at the same time, and the use of open bridges allows maximum visibility of cables, so it is easy to identify cables that need to be replaced, making maintenance and repair work simple.

(2) Flexible and simple. Products do not need to go to the factory to order any elbows, tees and other components, are made in various forms according to the actual situation of the site at the construction site, this feature is very simple for designers and installers, patented connectors and FAS quick installation system can greatly shorten the installation time.

(3) Reduce cable procurement costs and reduce energy consumption. Because it is an open bridge, the cable is naturally ventilated and dissipated, heat will not accumulate, and the temperature in the bridge will not rise. As a result, cable performance is optimized and cables with smaller cross-sections can be used, which reduces cable procurement costs and reduces energy consumption in actual operation and extends cable service life.

(4) Aesthetics. Because the cable is visible, the cable is required to be placed sequentially during construction, and the Carbofi bridge is finely made, and it can be sprayed into various colors according to customer requirements, and the whole system appears very vivid after installation, breaking the dull atmosphere of black or gray as the main tone of the previous machine room. Another popular practice is to use a natural color bridge but use colored cables, because it is an open bridge, so it is also very beautiful after installation.

(5) Excellent carrying capacity. Although the grid bridge is lightweight, it does not sacrifice the most important load-bearing performance. THE BRIDGE ADOPTS HIGH-QUALITY STEEL WIRE WITH A DIAMETER OF 4MM-6MM FOR OPTIMAL CONFIGURATION AND MIXING ACCORDING TO THE PRINCIPLE OF MECHANICS, AND ADOPTS HORIZONTAL AND LONGITUDINAL CROSS WELDING AND ITS SIDE ROTATION AND TOP ROTATION T-SHAPED WELDING TO ACHIEVE THAT EACH WELDING JOINT CAN WITHSTAND 500 KG OF TENSION.

(6) Durable. Bridges are available in a variety of finishes. Among them, the thickness of the zinc layer of electro-galvanized is 12-18 microns, and the thickness of the zinc layer of hot-dip galvanization is 60-80 microns, and the coating is uniform and the corrosion resistance is excellent; For some special environments, passivated 304L and 316L high-quality stainless steel series bridges and accessories are also available, which really guarantees the durability of the product.

2.7 cabinet

Considering the air conditioning air supply and floor construction, the cabinet is recommended to use 600mm*1200mm*2200mm (width * depth * height), and the layout of the machine room adopts back-to-back/face-to-face mode, which is in line with the airflow characteristics of the air supply under the air conditioning floor as the air supply static pressure box.

It is planned to build 50 cabinets, and the first phase plans to put in 10 cabinets, each cabinet can accommodate 12 servers.

Each server is 2CH 24-core CPU, 256G memory, 2T hard disk.

Among the 10 cabinets, it is planned to allocate 1 cabinet for big data processing, 1 cabinet for artificial intelligence (GPU configuration), 1 cabinet for storage, 1 cabinet for 3D rendering and industrial simulation, and the remaining 6 cabinets to provide computing services in hyperconverged mode.

The computing power of 6 cabinets includes 72 high-performance services, 3456 core vCPUs, 18432G memory, and 144T hard disks.

If all applications of each enterprise consume 7 vCPUs and 88G memory (7 virtual machines, 2 x 4G, 2 x 8G, 2 x 16G, 1 x 32G), 10 cabinets can support at least 200 enterprises, including big data computing, artificial intelligence, deep learning, 3D rendering, and computing power and data storage for various industrial applications including supply chain and manufacturing.

2.8 Power environment monitoring

The computer room power environment monitoring and monitoring system can realize the unified monitoring of UPS, air conditioning, fire protection, video surveillance, security alarm, power supply and distribution, water leakage, temperature and humidity monitoring and other subsystems, which can reduce the burden of computer room maintenance personnel and improve system reliability, and the rich event history has important reference value for the management of system equipment.

The power environment monitoring system of the computer room can send alarm information through various methods such as chart display, sound, email, mobile phone SMS, etc., and timely inform the person in charge of maintenance management, so that the management personnel can keep abreast of the operation status of the computer room.

The power environment monitoring capacity of the computer room includes the following parts: environmental monitoring part (including temperature and humidity, water leakage, burglar alarm), equipment monitoring part (including mains monitoring subsystem, UPS monitoring subsystem, battery monitoring subsystem, oil generator monitoring subsystem, precision air conditioning monitoring subsystem).

2.9 Security system scheme

Data center security systems include video surveillance, burglar alarm, and electronic patrol systems.

Video surveillance: The video surveillance in the computer room adopts digital high-definition cameras to access the monitoring private network, and then decodes the data room monitoring center through the high-definition decoder, and sets up a disk array to centrally store images, and the image retention time is 90 days. The computer room monitoring center and the security duty room are set up separately.

Anti-theft alarm: set up infrared double detectors at important entrances and exits, elevator halls, etc., and link with video surveillance.

Electronic patrol: offline patrol points at important entrances and exits, elevator halls, etc.

2.10 Fire protection system scheme

Gas fire protection system

Gas fire protection system is divided into pipeline system and pipeline system, and IG541 (smear), heptafluoropropane (FM200), trifluoromethane (HFC-23) are commonly used in pipe network systems; Pipe network systems are commonly used in heptafluoropropane (FM200), trifluoromethane (HFC-23) pipe network systems, etc.

6.3 IT Infrastructure Solutions

1. Overall architecture

The overall architecture is divided into four layers and two systems: physical resource layer, virtualization layer, resource control layer, service layer, information security system and operation management system.

2. Network architecture

As shown in the overall architecture diagram, the overall structure of the cloud data center network adopts the modular partition design concept, all functional partitions are interconnected with the core exchange area, and each partition remains independent to achieve the loose coupling characteristics of the entire design architecture and provide good system scalability. According to different functions, the entire network is divided into the following areas:

(1) Core exchange area: Realize high-speed data forwarding of the cloud data center network to ensure the transmission performance and efficiency of the entire cloud platform central network. The core switch is connected to all partitions, so processing performance, network virtualization applications, and secure access control between partitions are important considerations in the core switch.

(2) Network resource pool area: The network resource pool area provides virtual network resources for the computing resource pool and storage resource pool in the data center, which is not only the link connecting each resource pool, but also the bearer network of data traffic. As a network submodule in the cloud data center, the network resource pool area adopts a two-layer flat architecture networking in design, and adopts a large number of horizontal virtualization and vertical virtualization technologies to achieve VLAN Layer 2 intercommunication to meet the deployment and migration of virtual machines. The two-tier architecture of the data center can greatly simplify the operation and maintenance and management of network resource pools, while ensuring network scalability and easy management.

(3) Internet access area: This area provides services for releasing public cloud applications to the public for various government information systems in the government extranet cloud computing center by connecting to the operator's Internet network, and also provides unified Internet export services for all access units of the autonomous region-level metro network of Guangxi e-government extranet.

(4) External service test area: In the external service test area, all kinds of new applications or hosted applications will be tested online, and only after the test is passed, the business will be deployed to the corresponding network area according to the classification, and the network system connection in the area is divided into the DMZ area location in the Internet access area.

(5) Service network operation and maintenance management area: The business network operation and maintenance management area provides unified management of various resources of the entire cloud data center platform, which is independent of each other from the data network and only carries business management traffic, including application service management, operation and maintenance management and other systems in addition to basic equipment management.

(6) KVM out-of-band management area: This area realizes serial port management of network, server, storage and other devices.

3 IP address and DNS planning

(1) IP address planning principles:

The principles of IP address planning are as follows:

1) The allocation of IP addresses needs to be flexible enough to meet the access needs of various users;

2) Address allocation is driven by services, and address segments are allocated according to the size of the resource pool module's business volume;

3) The allocation of IP addresses adopts VLSM (variable length mask) technology to ensure the utilization efficiency of IP addresses.

4) IP address planning should take into account the needs of network resource pool scale expansion, reserve enough IP addresses to cope with expansion, meet the needs of large Layer 2 networks and Layer 3 routing protocols, realize smooth connection of IP addresses, and ensure network expansion and orderly management of cloud data centers.

(2) Overall IP address planning

The cloud data center will allocate one Class B "10" IP address block and eight Class C "59" IP address blocks for network resource pools, cloud platform management, and virtual networks

4 Network load balancing design

(1) Link load balancing design

Cloud data center network load balancing is divided into link load balancing and application load balancing, link load balancing will be achieved by the load balancing line card of two Internet egress firewalls, because the egress firewall and load balancing board use virtualization technology to virtualize into a logical device, showing a firewall and a link load balancer.

The Link Load Balancer of two Internet private lines of different operators is connected to the Link Load Balancer, which achieves high availability of multiple Internet access by routing traffic on all Internet links and controlling bandwidth service levels. Link Load Balancer virtualizes multiple Internet private lines to ensure that users can access internal and external resources from the best lines. If any ISP line is interrupted, there will be no impact on the service. The Link Load Balancer enables seamless expansion of ISP access lines.

1) InBound traffic load balancing

When the Internet access traffic of government extranet cloud data center and e-government extranet metro network users reaches the link load balancer, the best egress link is selected based on the link state detection results of the link load balancer to improve the user experience.

2) OutBound traffic load balancing

When Internet users access application systems deployed in the Internet access zone of the government extranet cloud data center through links of different operators, the link load balancer and the intelligent DNS resolution function resolve the domain names accessed by different users into different public IP addresses, accelerating application access and improving user experience.

5 Compute and storage hyperconvergence

The fusion of arithmetic units and storage units

Traditional IT architecture uses separate computing and storage units, such as servers with external SAN storage devices, etc., hyperconverged architecture combines computing and storage units, each server node unit has the role of providing computing resources and storage space at the same time, that is, a "Infrastructure in a box" concept, each hyper-converged architecture server node is its own complete infrastructure unit.

The hyperconverged architecture adopts the method of forming multiple nodes into clusters, which can not only provide expansion capabilities by adding cluster nodes, but also provide high availability capabilities through the failure switching function between cluster nodes, and provide data protection capabilities through the write I/O mirror replication function between cluster nodes.

Therefore, by forming clusters, the hyperconverged architecture gets rid of the limitations of SAN architecture, and with the distributed file system that forms the core of the cluster, the server host itself can be used directly to meet the computing and storage needs.

Hyper-Converged Infrastructure (HCI):

Natural coupling: Coupling of computing, network and storage components, integration of two or more elements of standard server hardware No SAN: no need for special SAN storage hardware and software combination: software and hardware are tightly combined to achieve resource integration, unified management and provisioning, and can be easily scaled horizontally to provide storage functions (snapshots, deduplication and compression, replication, etc.) virtualization and hypervisor virtualization layer are closely combined computing virtualization, storage virtualization, network virtualization

6 Backup scenarios

Use the public cloud as the backup solution

7 Security protection system construction plan

(1) Physical and environmental safety

Physical security mainly involves environmental security (fireproof, waterproof, lightning protection, etc.), theft and anti-vandalism of equipment and media. Specifically, it includes: computer room site selection, physical access control, anti-theft and anti-vandalism, lightning protection, fire prevention, waterproof and moisture-proof, anti-static, temperature and humidity control, power supply and electromagnetic protection.

The cloud computing center computer room, UPS power supply, monitoring and other site facilities and surrounding environment and fire safety are designed and constructed in strict accordance with relevant national standards and meet the requirements of 24-hour uninterrupted operation of the government extranet.

(2) Host security

The host includes all computer equipment, including physical servers, virtual machines, and security devices, which mainly refers to their security at the operating system and database system level. Host security includes security construction such as identity authentication, access control, security audit, intrusion prevention, host malicious code prevention, vulnerability management, backup and recovery.

(1) Identification

Identity authentication can be divided into two aspects: host authentication and application authentication.

Host authentication includes account management of the host operating system and centralized host control. The account management of the host operating system must meet the requirements of account and password management policies, such as account permissions, password strength, and login failure handling. Centralized host control can be achieved through domain controllers (for Windows operating systems) or bastion host systems.

(2) Access control

Access control is realized by configuring the server security hardening system, including server authorization, kernel-level security hardening protection for key server operation systems such as database servers and application servers, and mandatory access control for files, registries, processes, services, etc.

The functions of the server security hardening system include file mandatory access control that distinguishes users from processes, registry mandatory access control that distinguishes processes, process mandatory access control that distinguishes processes, service access control, file integrity detection, service integrity detection, etc.

(3) Security audit

Includes host and database audits.

The first is to deploy the security audit system through bypass monitoring, as long as port mirroring is set on the switch or TAP offload is used, there is no need to adjust the existing network architecture (including routers, firewalls, application-layer load balancing devices, application servers, etc.). Collect, analyze and identify network data streams, completely restore application layer protocols, audit responses according to the formulated security audit policies, and realize command level and access logic level authentication and audit for the core system and core application system of business system.

The second is to audit the operation and maintenance behavior of the operating system and database through the bastion host system. By bypassing the bastion host to the aggregation switch, and entering the account password and other information of the host and other network devices into the bastion host system, all O&M operations can be performed through the bastion host, and the system maintenance can be authorized and audited.

The third is to enable the host log audit function, which is collected and audited by the security management platform.

(4) Intrusion prevention

It includes intrusion prevention at both the host and network levels.

Host intrusion prevention is achieved by performing minimal installation of the operating system, minimizing the provision of services, and regularly scanning vulnerabilities and upgrading patches.

Network intrusion prevention is achieved by deploying intrusion detection systems and web application protection systems.

Deploy a network intrusion detection system (IDS), IDS adopts comprehensive and in-depth protocol analysis technology, combined with pattern matching, protocol identification, protocol anomaly detection, association analysis and other technologies, accurately identifies various attacks, and can detect various network application layer protocols; Support detection of worms, network viruses, spyware, and common attack behaviors, including overflow attacks, brute force attacks, SQL injection, DOS, scanning and other attack behaviors. Provides rich intrusion blocking and response methods, including dropping packets, dropping sessions, console alarms, emails, log database records, SNMP traps, and firewall linkage. IDS is used to monitor possible intrusions and attack behaviors, monitor and collect security incidents and trends in real time, and report to the security management center for regional risk analysis.

DEPLOY THE WEB APPLICATION PROTECTION SYSTEM IN THE SERVICE ACCESS AREA TO MINIMIZE THE SECURITY RISKS FACED BY THE WEBSITE IN ALL LINKS. It can prevent SQL injection, cross-site scripting (XSS), cross-site forgery (CSRF), cookie tampering, and application-layer denial of service attacks, and reduce the probability of security incidents such as web page tampering and web page horse mounting. At the same time, it can clean the error information, malicious content and unqualified content of the WEB server-side response online to ensure the credibility of the website.

(6) Vulnerability management

The primary purpose of vulnerability management is to help protect hosts (including virtual machines), network devices, and applications from known vulnerabilities.

This project implements vulnerability scanning and security processing through mainstream vulnerability management software in the industry.

1) Vulnerability scanning:

2) Vulnerability resolution:

(7) Backup and recovery

This project will build a local backup system for data backup and recovery. At the same time, the core router, switch, database server and other key hardware devices and links are built with a redundant architecture.

(3) Network security

In terms of network security, it mainly achieves the following aspects of security protection, including network architecture security, network access control, network security audit, boundary integrity check, network intrusion prevention, and network equipment protection. The main security measures and technologies that can be taken include firewalls, IPS, network security audit systems, strong identity authentication, etc.

(1) Network structure security

Network structure security is the premise and foundation of network security. Consider the redundant backup of key network equipment and important network segments; Divide different virtual networks, network segments, or VLANs according to factors such as the importance of the business and the importance of the information involved. Important network segments containing important business systems and data cannot be directly connected to external systems; Rationally plan routing and establish a secure path between service terminals and service servers. Wait a minute.

(2) Security isolation and access control

It is mainly implemented through network virtualization, Layer 3 MPLS VPN, and Layer 2 VLAN.

1) Security domain division

Common Network Area:

Private Network Zone:

2) Access control between security domains

The corresponding security protection measures are used to effectively isolate each security domain, and the security domain is effectively sorted out and merged, the number of interfaces is reduced, the standardization of the security domain is improved, and the security of the system and network is guaranteed by "key protection and heavy guarding".

3) Layer 2 VLAN isolation

Different subdivided security domains are isolated through VLANs within the security domain, and different service systems are divided into independent VLANs as needed.

This solution uses a virtualization platform to divide VLANs into different virtual machines on a virtual switch, and the VLAN ID is migrated with the virtual machine during the dynamic migration process, ensuring the transparency of the virtual machine migration process from the basic network.

(3) Network intrusion prevention

Firewalls, anti-DDoS attack systems (traffic cleaning systems) and intrusion prevention systems are used to resist cyber attacks.

6.4 7. Investment estimates and sources of funds

7.1 Basis for project investment estimation

According to the principle of overall planning and step-by-step implementation, the initial construction scale is 300 standard cabinets, which will gradually increase with the increase of future market demand, and finally reach the scale of 3000 standard cabinets. The construction of the first phase of the data center housing requires an investment of 8.3 million yuan; In the first year, it is necessary to equip 50 sets of cabinet equipment and system engineering (including power supply, refrigeration, fire protection, security, etc.), 120 servers are configured, 10 million yuan is required, and the cloud platform construction cost is 10 million yuan, with a total cost of 59.3 million yuan. The basic operating expenses are 7 million yuan per year, as shown in the table below.