Cisco on Cisco
Wireless Security Case Study: Cisco IPICS Enhances Safety and Security at Cisco
Next-generation secure communications and interoperability platform simplifies communications, facilitates handling of emergencies, and saves money.
The population of the Cisco campus in San Jose, California can reach 20,000 people during business hours. Like a similarly-sized city, emergencies can occur. When they do, Cisco Safety and Security (SAS) and the volunteer Cisco Emergency Response Team (ERT) are the first responders to on-campus fire, hazardous materials, and medical incidents. They provide support in the critical minutes before outside help arrives. These two groups work closely with the Cisco Security Facilities Operations Center (SFOC) in San Jose, one of three other SFOCs located in Raleigh, North Carolina; Bedfont Lakes, U.K.; and Sydney, Australia.
Ciscoâ€™s enterprise risk-management strategy assumes that emergencies require an immediate response from within the company as well as external emergency responders.
Cisco SAS is primarily responsible for managing emergencies that occur on company property. That responsibility begins when a Cisco employee or visitor dials 9-1-1 from any Cisco IP phone on campus. The call is routed to the nearest Cisco SFOC, which dispatches Cisco security officers and the Cisco ERT. If the incident requires a local public safety agency, the SFOC patches the call to the appropriate Public Safety Access Point (PSAP).
Figure 1. All emergency calls at Cisco are dispatched through the IPICS PMC
Present on all corporate campuses and office locations with more than 125 employees, the Cisco ERT consists of employee volunteers who handle medical, fire, and other emergencies before public agencies arrive. Cisco ERT members and Cisco SAS security officers are trained to first-responder level. A few ERT members are also certified as Emergency Medical Technicians (EMTs). The Cisco ERT in San Jose responds to 150 incidents per year, of which nearly 40 are considered life threatening.
Clearly, the need for interoperability encompasses not only procedures and equipment but also communication systems. Cisco incidents are managed by the Incident Command System (ICS), a standard methodology used by public safety agencies nationwide. To help ensure a smooth transition of care from Cisco to external responders, Cisco SAS and Cisco ERT conduct drills with agencies, such as the San Jose and Milpitas Fire and Police Departments, the Santa Clara County Emergency Medical Services (EMS) Agency, the Bureau of Alcohol Tobacco and Firearms (ATF), and the Stanford Hospital Air Ambulance.
Before the Cisco Internet Protocol Interoperability and Collaboration System (IPICS), the Cisco SAS and Cisco ERT team's primary means of communications was through a hybrid conventional and trunked very high frequency (VHF) Land Mobile Radio (LMR) system, often known as Push-to-Talk (PTT) radio. Pager and mobile phone Short Message Service (SMS) messages served as secondary communication modalities. Cisco provides radios to every mobile security officer and Cisco ERT volunteers in each building on campus. Other large Cisco facilities in the United States use a similar strategy.
This strategy, however, had severe limitations. First, traditional dispatch systems require dedicated point-to-point circuits (T-1 lines, for example) between the central dispatch facility and Cisco offices where SAS and ERT teams are located. Because Cisco SFOCs in San Jose and Raleigh, North Carolina are responsible for local dispatch at theses campuses and also for numerous Cisco offices in the western and eastern parts of the country, respectively, traditional dispatch deployment is expensive, slow, and cumbersome.
In addition, before IPICS, Cisco SAS could not accommodate failover or collaboration between dispatch centers. That is, if an emergency shut down a dispatch center, another center could not easily take over for it. For example, if a hurricane forced the closure of the Cisco Raleigh SFOC, all East Coast safety and security operations would be affected. Similarly, an earthquake in the San Francisco area would disrupt all western operations.
Finally, any enhancement or modification to the Cisco radio system intended to provide greater interoperability would require the entire radio infrastructure to be replaced at one time. As a result, incremental enhancements to the communications infrastructure were generally discouraged.
Cisco deployed the IPICS solution to address these critical concerns.
Cisco Safety and Security Program Manager
Cisco IPICS is comprehensive emergency response backbone at Cisco offices across the United States, Europe, and Asia Pacific. Whether a scenario involves an earthquake, medical emergency, or building evacuation triggered by a fire alarm, Cisco IPICS helps ensure rapid response from SAS and ERT teams as well as facilitates information flow to other relevant groups, such as Human Resources or the senior-management-level Corporate Crisis Management Team (CCMT).
Meshing Cisco IPICS with the current Cisco LMR system has greatly extended the power and reach of LMR, making it far more convenient to use. IPICS enables Cisco to link its LMR emergency-response system to almost all forms of communication such as IP, cell, and landline phones as well as paging systems - turning these familiar networks into extensions of the LMR system.
Cisco can also contact SAS and personnel via Internet-connected PCs if they are not near a phone or carrying a mobile radio or cell or phone. “Now our emergency workers can connect to each other at any time and at any location using whatever communications network they have at hand. Cisco is just starting to explore the power and convenience of these new capabilities," says Lawrence Ingraham, Cisco Safety and Security Manager.
Radio devices typically cannot communicate with each other unless they operate on the same frequency and mode: conventional, logic-trunked (LTR), digital, or other. Initially at Cisco, radios supported on-campus mobility but did not allow security personnel to communicate directly with people outside their immediate facility. For example, if there were a break-in on one campus, SFOC at another campus would have to attempt to reach security officers via landline, cell phone, or pagers. Poor reception, lack of wire line connectivity, and per-minute billing for cell phones made these solutions impractical, expensive, or both. Lack of voice interoperability also impeded medical response and prevented Cisco managers and executives away from campus from using landline or cell phones to talk to radio-equipped security officers at the scene of an emergency.
Figure 3. Cisco IPICS enables security officers from any internet-enabled location to work with Security Facilities Operations Centers and other Security offices
Cisco solved its radio interoperability challenge through an LMR-over-Internet Protocol (IP) solution that uses the company's multicast-enabled IP network. A combination of technologies enables security staff and management to participate in talk groups from any location on radio, landline phone, wired or wireless Cisco IP phone, or a PC or laptop with Cisco IPICS Push to Talk Management Center (PMC) radio-emulation client software.
In this solution, a rooftop antenna receives a mobile or handheld radio signal and converts it to analog output. This analog signal is routed to an LMR-enabled router with a voice interface card, which converts the signal to voice over IP (VoIP). The Cisco LMR Gateway software, which runs on any Cisco router that accommodates voice interface cards, provides additional capabilities for Push to Talk (PTT) radio communications such as managing tone-controlled radios - smoothing out audio level fluctuation and dealing with jammed PTT buttons on the radios. This software uses a Windows PC-based administration server to manage talk groups. A media software server enables a dispatcher to conference dissimilar radio systems. A small PC client running PMC software can emulate a PTT radio, avoiding the need to purchase additional radios for employees with laptops or PCs.
LMR-over-IP enables significant emergency response flexibility at Cisco. IPICS has taken its capabilities a critical step further by making it possible to transparently integrate enterprise communications with radio networks. Through its ability to connect LMR/RMS (Land Mobile Radio/Radio Mobile Systems) gateways throughout the United States with Cisco dispatch centers, PMC users, and a variety of communications equipment, IPICS has enabled LMR technology to remain a critical part of the emergency system at Cisco.
Deploying Cisco IPICS has resolved several of the most vexing problems facing Cisco dispatch operations.
Figure 4. Cisco IPICS enables the Mobile Command Vehicle to manage incidents and work with outside agencies such as the San Jose Fire Department.
- By linking communications between dispatch and various Cisco locations through the existing IP-based voice-quality WAN, Cisco has eliminated the need to use expensive point-to-point circuits. For example, the San Jose campus now communicates directly with an office 80 miles away in Petaluma, California - using IPICS and LMR over an existing corporate IP network - rather than a separate leased T-1 line.
- Moving to an IP-based solution has also given dispatchers a greater degree of flexibility. For instance, the Cisco IPICS PMC client software handles all dispatch functions, including alert tones for Security and ERT emergencies.
- Dispatch functionality has become location independent. That is, if an incident makes an SFOC unavailable, a dispatcher can launch the PMC software on a PC, establish a VPN connection to Cisco, and handle dispatch duties from another remote location, the Cisco Mobile Command Vehicle (MCV), or any wireless hotspot.
- PMC software also enables Cisco ERT members who do not have radios to monitor emergency radio channels from their PCs and respond quickly to alert tones, rather than waiting for a pager message, which may be delayed several minutes.
- Cisco IPICS also supports SFOC operational redundancy by allowing dispatchers in one center to respond to calls and dispatch resources handled by another. “Cisco IPICS has enabled us to communicate with emergency responders on scene at sites around the globe by using the Cisco network and a computer. We no longer have to send a page or call the cell phone number of the Security Officer in Richardson, Texas, for example. It is as accessible as the Security Officer outside the building in Raleigh," says Cisco Safety and Security Program Manager Wayne Homell.
Safety and Security Manager, Cisco
The Cisco IPICS architecture leverages the company's internal voice-quality network. The IPICS servers in use in the United States coordinate eight LMR gateway points distributed throughout Cisco's large campus locations. This coverage is being expanded to Cisco office locations in Canada, Central and South America, Europe, and Asia Pacific.
At present, 17 different radio channels are available to the Cisco IPICS installation. In addition to the security and safety teams, Cisco Workplace Resources (WPR), the Cisco facilities management team, leverages IPICS - allowing WPR employees in Raleigh, NC to communicate with their East Coast dispatch center in Boxborough, Massachusetts.
Emergencies have already proven the unique capabilities of Cisco IPICS. Recently, a natural gas leak at a Raleigh construction site required the evacuation of the entire Cisco Raleigh campus, including its SFOC. During this major emergency, San Jose-based SFOC dispatchers took over dispatch for East Coast operations. Meanwhile, facilities and emergency managers in the United Kingdom and in several locations in South America communicated directly with the Incident Commander in Raleigh. Similarly, when a burst water pipe flooded one of the San Jose headquarters buildings, managers in Raleigh and Boxborough, using different radio systems, could be patched in to assist with the response. The bottom line? As long as the Cisco network is up, global communication is both possible and highly efficient.
With the successful implementation of Cisco IPICS at the four existing Cisco SFOCs, Safety and Security is planning to implement Cisco IPICS at remaining theater-based dispatch centers in Asia and Europe. In addition, the company is planning to open a fifth Cisco IPICs-enabled SFOC in Bangalore in 2008.
Cisco IT is currently piloting an ERT listen-only channel, which is designed to eliminate delays in emergency response. All ERT members will have a custom “skin" installed on their PCs, enabling them to hear real-time alerts and status updates at the desktop. “No longer will we need to rely on sending "bulk" transmissions to team members," says Deon Chatterton, Cisco Safety and Security Program Manager. “Instead, they will be able to get into action immediately. Listen-only will save us the time of composing and sending a page and give the ERT a good three-minute jump on response.
In addition, Cisco plans to deploy IPICS 2.1 notification capabilities in the near future and expects to benefit from its enhanced functionality. The upgraded software will enable Cisco security personnel to locate all emergency responders regardless of the communications devices that they are currently using. IPICS 2.1 will accurately track and log responses and make it possible to create talk groups and select groups to be informed in case of emergency at the touch of a button.
|Table 1. Bill of Material: Enterprise Safety and Security. One IPICS server and one 3845 LMR/RMS with maintenance|
|CIS-IPICS2.0-K9||Cisco IPICS 2.0 Server Software, 50 VTG, 2 OpsView, 4 channel, 4 PMC, 10 IP Phone||1|
|CIS-IPICS-PM1||IPICS Policy Manager for IPICS 2.0 â€“ includes Dial Engine, 4 dial ports||1|
|MCS-7845-H2-S31||MCS 7845 Server with 4 GB RAM for IPICS Server HW||1|
|CIS-PMC-SUB||Cisco IPICS PMC software updates (1 year subscription)||4|
|CIS-IPICS-SUB||IPICS Server Software updates (1 year subscription)||1|
|CIS-PM1-SUB||Cisco IPICS Policy Manager software updates (1 year subscription)||1|
|CON-SAS-CISIPICS||SW APP SUPP IPICS 2.0 Server||4|
|CON-SAS-CISIPICS||SW APP SUPP IPICS 2.0 Server||4|
|AS-OTHER-CNSLT||Cisco IPICS Advanced Services Starter Kit. Includes prepare, plan, deploy, implement (PPDI) for Cisco IPICS product starter kit at one site.||1|
|CON-OSP-3845SEC||SMARTNET Onsite support Cisco 3845||1|
|CISCO3845||3845 w/AC PWR,2GE,1SFP,4NME,4HWIC, IP Base, 64F/256D||1|
|MEM3800-64U256CF||64 to 256 MB CF Factory Upgrade for Cisco 3800 Series||1|
|MEM3800-256U768D||256 to 768MB DDR DRAM factory upgrade for the Cisco 3800||1|
|VWIC2-2MFT-T1/E1||2-Port 2nd Gen Multiflex Trunk Voice/WAN Int. Card - T1/E1||1|
|VIC2-2E/M||Two-port Voice Interface Card - EandM||2|
|NM-HDV2-2T1/E1||IP Communications High-Density Digital Voice NM with 2 T1/E1||1|
|PWR-3845-AC-IP||Cisco 3845 AC-IP factory upgrade option power supply||1|
|PVDM2-64||64-Channel Packet Voice/Fax DSP Module||1|
|FL-LMR=||LMR Feature License (2600XM,2691,2811,2821,2851,3700,3800)||1|