Cisco Catalyst 4500 Series Switches

State Tax Collector Develops Secure, Flexible Network

  • Viewing Options

  • PDF (301.0 KB)
  • Feedback

California Franchise Tax Board secures network and builds solid foundation with Cisco Catalyst switching solutions.

Customer Name: State of California Franchise Tax Board
Industry: Government
Location: Headquartered in Sacramento, California with 13 region offices
Number of Employees: 5500 permanent and 1200 seasonal
●	Align network security with essential IRS regulations while providing dynamic security
●	Support advanced services
●	Provide reliability with continuous service
●	Updated networks with Cisco switches and security solutions to achieve higher-performance network with improved security
●	Reinforced network security to meet IEEE 802.1AE MAC Security standards
●	Helped ensure network continuity through real-time updating that prevents downtime
●	Formed solid foundation to easily add advanced services
Business Challenge

Modern networks have helped enable people around the world to send thoughts, ideas, business, and money digitally. But with an increasing amount of private data being sent over networks, network security and reliability are becoming growing concerns for both organizations and individuals.

The California Franchise Tax Board (FTB) administers two of California’s major tax programs (Personal Income Tax and Corporate Tax) in addition to numerous other programs, including delinquent debt collection. In total, the programs administered by the FTB bring in more than 65 percent of California’s annual General Fund revenue. Headquartered in Sacramento, the FTB runs ten in-state regional offices and three others in New York, Houston, and Chicago.

The FTB fully embraces technology as part of its goals to streamline costs and improve services. Cisco solutions previously helped the organization win a Best of California Award for Most Innovative Use of Technology with its E-Commerce Portal Infrastructure project, which provides a network that is secure, manageable, and scalable to accommodate future growth.

As part of the 2012-2016 Strategic Plan, the FTB is looking at ways to continue its IT growth and achieve its vision of innovative customer service and operational effectiveness. The organization wants to support newer technologies, but the existing network environment was reaching its end-of-life, which limited services that could be provided due to insufficient bandwidth and created concerns about future lack of support.

One requirement for the new network was reliability. During tax season, the FTB may deposit millions of dollars daily. Any delays in deposits can result in delay of revenue or loss of interest, making reliable networking a must.

Above all else, the FTB wanted to reinforce its network security. As an organization that handles large amounts of money, FTB has robust security requirements, and it must follow Internal Revenue Service (IRS) regulations to utilize federal taxpayer information. One of the IRS regulations specifically requires the encryption of data in transit, which the FTB took to mean all data. The FTB needed to reinforce its security measures to meet regulations. At the same time, due to the large number of seasonal and contract workers, the FTB also wanted a more dynamic security system that could assign access without network managers needing to modify the Access Control List (ACL).

Network Solution

After looking at its options, the FTB chose to refresh the network with Cisco solutions. The Cisco solutions include Cisco Catalyst® 4510 E-Series Switches and Nexus® 7000 Series Switches as the infrastructure and Cisco TrustSec® for security, with management capabilities supported by Cisco IOS® Flexible NetFlow, CiscoWorks Prime LAN Management Solution, CiscoWorks Network Compliance Manager, and Cisco Security Manager for overall network management. Cisco Identity Services Engine (ISE) has been implemented to further enhance security and access over the network.

The top differentiator for Cisco was the ability to provide security that met the IEEE 802.1AE MAC security standard (MACsec). With high security standards demanded by the federal U.S. IRS systems, security was a top priority for the California FTB. “With MACsec from Cisco, we can secure networks from the workstation all the way up to the core,” says Jeremy Chau, network engineering manager at the FTB. “After conducting market research, we determined Cisco TrustSec was the best solution for FTB’s environment.”

In addition, Cisco had previously worked with the FTB on its award-winning e-commerce infrastructure. “We’ve had phenomenal support, from both the Cisco TAC team and account team,” says Chau. “The Cisco team has really worked with us to help us maintain our skill sets and understand the architecture.”

Business Results

With Cisco TrustSec, the FTB meets its responsibility for fulfilling IRS security regulations. The secure network with MACsec encryption helps ensure that private taxpayer information will remain private at all points in the network.

Implementing Cisco ISE, one of the core components of Cisco TrustSec, will further help enable the FTB to secure its networks. Because the primary programs administered by the FTB are tax programs, the organization’s workload significantly increases during tax season, and temporary workers are essential to overcome these surges. Previously, network administrators had to modify the ACL for each new worker to help ensure that everyone received the appropriate level of access to networks. Cisco ISE uses device identification and profiles to streamline and automate deployment, which increases IT staff productivity.

Another excellent network feature from Cisco is In-Service Software Upgrade (ISSU), which helps provide reliable service and network consistency. It allows the FTB to apply bug fixes or deploy new features and services with minimal loss of service. “In our testing with Cisco, we were able to do an upgrade on the fly without losing data,” Chau says. This change could make a massive difference in operations, especially during the busy tax season. “During filing season, our systems can deal with billions of dollars in a short period of time, so we can’t afford downtime for any reason,” says Chau. “Previously, this would have prevented us from dealing with any immediate problems, like a security vulnerability. But now, the ISSU function in Cisco Catalyst 4510 enables us to actually make changes without loss.”

Routing and Switching
●	Cisco Catalyst 4510 E-Series Switches
●	Cisco Nexus 7000 Series Switches
Network Management
●	CiscoWorks Prime LAN Management Solution
●	Cisco IOS Flexible NetFlow
●	CiscoWorks Network Compliance Manager
●	Cisco Security Manager
●	Cisco Application Networking Manager
Security and VPN
●	Cisco TrustSec
●	Cisco Identity Services Engine
Cisco IOS Flexible NetFlow further helps with security while optimizing network infrastructure. It identifies traffic, which not only helps detect unwanted network access or attacks, but also optimizes resource usage and network capacity. According to Chau, “The ability of Netflow to identify traffic is key to preparing our networks for future services.”

The Cisco Catalyst 4510 E-Series Switches provide another element for a solid foundation for future services: Power over Ethernet (PoE) helps enable devices to draw power directly from the network architecture without requiring separate wiring for power outlets or power equipment. With this feature, the FTB can lay the foundation for easy network expansion and enhancements.

Next Steps

The FTB plans to further improve its customer service and employee efficiency. With Cisco solutions providing security, reliability, and a solid fundamental infrastructure, Cisco helps the FTB strive towards its vision of a place where employees, innovative technology solutions, and processes work together to provide the most advanced customer service, operational effectiveness, and expert enforcement of tax law.

For More Information

To find out more about Cisco Catalyst 4500 E-Series Switches, go to: