TO: HONORABLE MAYOR AND MEMBERS OF THE CITY COUNCIL
FROM: Diego Chavez, Administrative Services Director
PREPARED BY: John Borger, IT Manager
SUBJECT:
title
Information Technology Network Infrastructure Upgrades and Backup Refresh Project
end
RECOMMENDATION
recommendation
Amend the Fiscal Year 2025/26 Operating Budget as referenced in the Fiscal Impact statement;
Approve the purchase of new Cisco firewalls and switches, Veeam backup software solution, and Object First backup storage device from CDW-G;
Approve the combined contract amount not-to-exceed $702,977.66 and authorize the City Manager to approve up to 10% in change orders for contingencies; and
Authorize the City Manager to execute all related documents and request orders.
body
PRIOR ACTION/VOTE
None.
CITY COUNCIL GOAL
Maintain a high performing organization that values fiscal sustainability, transparency, accountability and organizational efficiency.
DISCUSSION
The City of Murrieta's (City) information technology (IT) infrastructure supports essential public services across all departments and facilities, including public safety (Police and Fire stations), public access (Library), administrative operations (City Hall), and virtual server environments. The current systems, particularly core network switches, firewalls, and the legacy backup solution, have reached their hardware lifecycle limits, are unsupported, or are insufficient to meet the demands of modern technology. IT staff has obtained quotes to replace core switches, main firewalls, switches supporting virtual servers, and to implement a new backup system as described in further detail below.
These upgrades are not optional enhancements, but planned replacements and investments to ensure operational continuity, protect against cyber threats, and enable effective Disaster Recovery (DR). Delaying them exposes the City to significant risks, including operational disruptions, data loss, and impacts to critical City services.
Network Infrastructure Upgrades: Ensuring Reliability and Performance
The proposed network infrastructure upgrades include replacing several core switches. The core switches form the backbone of the City’s network, handling high volume of data traffic between departments and critical sites. The existing switches are at the end of their useful life, leading to potential bottlenecks, reduced performance, and an increased risk of failure.
The following switches are planned for replacement: one at the Library, one at the Police Station, multiple at various fire stations, and switches supporting virtual server environments located at City Hall and the Police Station.
Replacing these will provide:
• Higher throughput and lower latency to meet growing data demands (e.g., increased Wi-Fi usage, video surveillance, and remote access);
• Improved reliability, reducing downtime that could affect emergency communications or public services; and
• Improved capacity to support evolving needs, including more connected devices and higher bandwidth requirements.
The network infrastructure upgrades also include replacing firewalls at City Hall and the Police Station. The current firewalls lack advanced threat detection capabilities, leaving the City vulnerable to evolving cyber threats. The new firewalls will:
• Provide robust protection against unauthorized access, malware, and advanced threats; and
• Enforce strict access controls and monitor traffic in real time to safeguard sensitive data handled by City administration and law enforcement.
The quote for the proposed network infrastructure upgrades is included as Attachment 1…
Backup System Replacement: Addressing End-of-Support Risks and Enabling Disaster Recovery
The City’s legacy backup system is no longer supported by the vendor, which means no security patches, updates, or technical assistance are available. This creates severe vulnerabilities, including:
• Unsupported systems cannot address known exploits, increasing exposure to ransomware and data breaches;
• Lack of modern features, such as immutability, makes them vulnerable to deletion or encryption by attackers; and
• Without reliable DR capabilities, a significant incident (e.g., ransomware, hardware failure, or a natural disaster) could cause permanent data loss and prolonged outages.
The proposed backup system replacement includes the Veeam software solution (Attachment 2) with the Object First storage hardware (Attachment 3). Together, they will provide a secure, modern backup system designed to protect data from loss and ransomware. The replacement will provide:
• Immutable storage: Backups are protected from being altered or deleted, even by administrators or ransomware. This ensures clean recovery points are always available;
• Ransomware resilience: Hardware is purpose-built for Veeam, with zero-trust principles, high-performance ingest and recovery, and secure object storage;
• Disaster recovery focus: Fast restores, automated testing, and scalability to protect critical data across all sites, enabling quick recovery with minimal downtime; and
• Compliance and efficiency: Supports regulatory requirements while simplifying management and reducing long-term costs compared with maintaining unsupported legacy systems.
Risks of Inaction
Delaying these upgrades puts the City at risk of:
• Operational disruptions: Network failures could affect Police and Fire communications, Library services, or administrative functions;
• Cybersecurity threats: Outdated firewalls and unsupported backups heighten ransomware risks, which frequently target municipalities and, in nearly all cases, attempt to destroy backups;
• Data loss and high costs: Without immutable DR backups, recovery could take weeks or be impossible, resulting in operational impacts, legal liabilities, and public frustration; and
• Public safety impacts: Delays in emergency response caused by unreliable infrastructure.
These investments align with best practices for municipal IT resilience and will deliver long-term savings by preventing costly incidents. The proposed upgrades are essential to modernizing the City’s IT infrastructure, mitigating critical risks, and ensuring the uninterrupted delivery of public services.
FISCAL IMPACT
The total cost of the project is $702,977.66. Staff is requesting a 10% contingency ($70,297.77) to cover any unforeseen project costs. Currently, $473,020 is budgeted for these projects.
To fund the known costs and the requested contingency, staff recommends amending the Fiscal Year 2025/26 Operating Budget by increasing the IT budget in the amount of $300,255.43, to be funded using available Information Technology Fund unassigned fund balance. As shown in the table below, one of the projects has excess budgeted funds. This request includes a reduction to that project’s budget, which will partially offset the total project cost.
|
Project Description |
Cost |
10% Contingency |
Available Budget |
Requested Appropriation |
GL String |
|
Switches/Firewalls |
$ 585,257.96 |
$ 58,525.80 |
$ 285,500.00 |
$ 358,283.76 |
7268340-71030 |
|
Storage |
47,787.00 |
4,778.70 |
25,520.00 |
27,045.70 |
7268340-62160 |
|
DR Solution |
69,932.70 |
6,993.27 |
162,000.00 |
(85,074.03) |
7268340-60480 |
|
|
$ 702,977.66 |
$ 70,297.77 |
$ 473,020.00 |
$ 300,255.43 |
|
ATTACHMENTS
ATT 1 - Cisco Quote PRWL114
ATT 2 - Veeam Quote PQWG173
ATT 3 - Object First Quote PSLD870