Guest

Cisco Catalyst 4500 Series Switches

University Builds More Secure, Collaborative Campus

  • Viewing Options

  • PDF (194.3 KB)
  • Feedback

Université de Montréal uses network to help faculty, students, and researchers work better together.

Business Challenge

Located in the heart of beautiful Montreal, the Université de Montréal is the third largest research institute in Canada and ranks among the Top 100 universities around the globe, according to the Times Higher Education Supplement. With 55,000 students and a research budget of CAD$450 million each year, the University is exploring new areas in fields such as science, physics, health, pharmaceuticals, and law. Technology plays a critical role in enabling academic collaboration at this world-class institution.
"Having a good network and advanced communications services is critical to our ability to attract the best teachers and researchers," says Michel L'Heureux, director of telecommunications, Université de Montréal.
However, providing the right technology can be challenging, because each department has distinct requirements for working with colleagues and groups, both inside and outside the University. For example, private researchers working with the University might have specific security requirements to safeguard intellectual property on their networks. The University must also comply with regulatory requirements, such as the need to preserve the confidentiality of patient records on health research networks. To separately lay out different networks, each with its own set of technologies, would be both complex and expensive.
"In the past, adding researchers to the network with the right authentication, bandwidth, and security policies was a complicated and time-intensive process," says L'Heureux.
Network reliability is also a top concern for the Université de Montréal. Some simulations and calculations running over the network can take days, and even a few seconds of downtime can have a serious impact on research efforts.
To build on its reputation as a leader in academic research, the University needed a network solution that would provide secure connectivity for approximately 25 buildings on its main campus, as well as facilities at its campus in Ste. Hyacinthe, Quebec. The solution would have to provide the performance that faculty expected, as well as flexibility to support collaboration with a wide range of research groups. And the new network would have to be dependable, yet easy to manage and maintain.

Network Solution

To deliver the power and versatility that students and faculty expected, the Université de Montréal initiated a complete upgrade of its voice and data network. At the heart of the solution is a Cisco ® network featuring a Multiprotocol Label Switching (MPLS) architecture, which lets organizations deliver a wide variety of advanced,
value-added services over a single, intelligent infrastructure.
"There has always been a need for specialized networks inside our institution for research or network services," says Ghilaine Roquet, vice-rectoress for information technology at Université de Montréal. "The Cisco Catalyst 6500 VSS solution makes it much easier for us to support these services, and MPLS gives us a great deal more flexibility in the network than we used to have."
In the network core, the University installed high-performance Cisco Catalyst ® 6509 Series Switches, running the Virtual Switching System (VSS). VSS technology lets organizations combine multiple Cisco switches into one virtual switch for enhanced bandwidth, efficiency, and nonstop communications. The new solution lets the University expand its network backbone to 10 Gbps, for world-class scalability and performance throughout the institution.
The University has also deployed an identity-based 802.1X access solution for its wired and wireless networks. This standards-based technology was chosen because of its flexibility, simple hardware requirements, and compatibility between multiple hardware platforms. Each user's identity determines the level of access that students, faculty, and researchers receive. The solution is connection- and location-independent, and provides the appropriate level of user access, no matter how and where a user logs in. By combining identity with VLAN and Virtual Routing and Forwarding instances to connect the users to the MPLS core, the University has designed a secure and flexible end-to-end solution.
A Cisco Secure Access Control Server lets the University define and implement a comprehensive access policy that supports multiple profiles for network access. And the Cisco Network Admission Control Profiler dynamically identifies all of the University's endpoint devices and intelligently manages them based on predefined security policies.
"All of the user authentication uses Cisco Identity-based Networking Services on the Cisco Catalyst 4500 Series Switches," says L'Heureux. "If a user is not registered, they don't have an account, so the system is secure. And if they do have an account, they can access their own network privileges and resources."
In the wiring closets, Cisco Catalyst 4506E Series Switches with Cisco 4500 Supervisor Engines 6-E also provide support for the University's access solution with a built-in rich Identity-Based Networking Services (IBNS) feature set such as IEEE 802.1X and extensions, MAC authentication bypass, and customizable web-based authentication that provide flexible authentication options for various types of users and endpoint devices. The Cisco identity extensions such as multidomain authentication and Cisco Discovery Protocol host disconnect notification allow smooth secure integration with existing IP telephony deployment with authentication of IP phones and users behind the phones.
The Cisco Catalyst 4500 Series Switches were selected as the primary access platform for most of the University's wiring closets. The compatibility and consistency of identity features with their existing Cisco Catalyst 3750 Series Switch network were important selection criteria. In addition, the redundant power supply capabilities of a chassis-based solution help ensure higher availability for the Power over Ethernet attached devices.
Built for high performance, Cisco Catalyst 4506E Series Switches enable the University to deliver 1 Gbps access, with Power over Ethernet, to every seat on campus. This capability encompasses approximately 33,000 ports in the current design, with several thousand more to be added over the coming years. This dramatic boost in scalability and bandwidth lets the University support demanding applications, such as video streaming and real-time collaboration, with other universities around the world.
"The new Cisco network lets us offer real-time access from our veterinary medicine faculty to our campuses in Ste. Hyacinthe, Québec," says L'Heureux. "Veterinary medicine students can exchange data, images, and video content over the network."
To extend its network services throughout the campus community, the University is installing Cisco Aironet ® 1250 and 1142 Series wireless access points. These enterprise-class access points use 802.11n technology for up to nine times the throughput of 802.11a/b/g networks. Powering and managing these access points was simple with the Power Over Ethernet capabilities of the Cisco Catalyst 4500 Series Switches.
"Our students were asking for better access that would let them connect to the network from anywhere," says L'Heureux. "We installed 2000 access points throughout campus, which lets us provide high-speed service with ten times greater coverage than we used to have."
To further safeguard sensitive information, L'Heureux and his team installed Cisco Firewall Services Modules and Cisco 4270 Intrusion Prevention System Sensors.
The University has also replaced its aging private branch exchange phone system with a converged IP solution based on Cisco Unified Communications. Running voice services over its IP network, powered by the Cisco Catalyst 4500 Series Switches, lets the institution enjoy a wide range of advanced features, without requiring a separate vendor or network administrator to support the phones. The University has also deployed Cisco Unified Contact Center Express on its Montreal and Ste. Hyacinthe campuses.
To keep the entire solution running smoothly, the Université de Montréal chose a Cisco SMARTnet support plan. Cisco SMARTnet Service is an award-winning technical support service that offers direct, anytime access to Cisco engineers, plus access to an extensive range of technical resources.

Business Results

Migrating to the new Cisco infrastructure has enabled the Université de Montréal to support more diverse, innovative networks, or tailor bandwidth to certain groups, while keeping costs in check. The key to this versatility is the MPLS architecture, which lets the University provision network services for faculty and researchers with very specific needs. As a result, more research groups are interested in peering with the Université de Montréal research network.
"Our new network is more secure, and we can do a better job by giving more specialized service to people," says L'Heureux. "We can easily tailor service for a research group or specialized lab with high-bandwidth applications peering with other groups."
The University's identity-based security solution has eased collaboration by enabling researchers from outside institutions to easily connect to the network using their own credentials.
"We are members of a program called Eduroam, which is based on 802.1X authentication," says L'Heureux. "Anyone from a participating institution can visit our campus and connect a PC, or use one of our public PCs, with their own username and password. Instead of spending time setting up a guest account, we can give the user the appropriate level of access using their own credentials."
The new network also helps faculty and researchers work more efficiently, because it lets users easily switch from one network environment to another. For example, a professor could easily move from a general network for course scheduling or administrative tasks, to a restricted research network.
Managing the network is easier than before, because a single infrastructure can support all of the University's varied academic needs. Researchers need no longer build their own separate networks, because the University can quickly provision the services that they require. And by running voice and data over the same network, the University can save time on administrative tasks like line moves, adds, and changes.
"The solution definitely provides mobility for users that we could not offer before, except at very high cost," says L'Heureux. "Now if someone is taking his phone from one building to another, we know that it is going to work."
The availability of the network has also improved, which further contributes to the satisfaction of faculty and researchers.
"People have very high expectations of the network," says L'Heureux. "Our faculty are pleased with the reliability of the new system, and welcome our ability to help ensure them improved service continuity."

Next Steps

The Université de Montréal wanted a network that could not only meet its immediate needs, but could scale to accommodate new applications in the future. L'Heureux and his team are confident that the Cisco solution can support its network for years to come.
"We have the capacity of an Internet Service Provider (ISP) in our network now, and we actually consider our organization an ISP," says L'Heureux. "The Cisco solution lets us fulfill our mission to deliver communications services to connect people, and treat their laboratories as though they are autonomous systems."
With its versatile new infrastructure in place, the Université de Montréal is boldly moving forward into the 21st century, while continuing its rich tradition of research and innovation.

For More Information

To learn more about the Cisco solution, visit http://www.cisco.com or contact your authorized Cisco salesperson.