Table Of Contents
Lessons on Freedom and Power
An End-to-End Network for Delivering
Broadband for Government Organizations
Today, technology plays a central role in sparking the imagination and creating new possibilities in virtually every application environment. In particular, high-speed wired and wireless networking technology can bring government facilities into the Internet fold, enable new capabilities such as IP telephony and provide future-proof infrastructures that are scalable. This design guide considers the local-area network (LAN) technology needs—including critical requirements for security, redundancy, quality of service (QoS) and integrated management—of government agencies, organizations and institutions.
The foundational requirements needed to achieve leading edge functionality for government include the advantages of high-speed LANs, the migration from hubs to switches in the wired environment, and the enhanced flexibility, mobility, portability, and scalability enabled by a combined wired and wireless infrastructure. Within this design guide isan overview of key Cisco switching, wireless LAN(WLAN) and broadband product platforms, which together allow government organizations to build a robust, end-to-end network that meets the current and future needs of workers. Also, sample network diagrams provide practical deployment strategies to help government organizations maximize resource utilization and achieve the greatest benefits from the network.
Networking Challenges and Opportunities for Government OrganizationsFederal, state, and local governments alike face enormous challenges developing and maintaining infrastructures that keep pace with the demands of today's high-tech society and global community. Besides supporting administrative requirements, government organizations must have the appropriate technology available to support demanding research, defense and other scientific programs. Technology must also expand communications and business activities in a fast-paced Internet economy. Administrators may understand what it takes to keep up, but limited staffing and financial resources can make it difficult to deliver the needed technical services. Organizations in the government market must also juggle expanding technical demands with increasingly limited human and financial resources.
The good news is that improvements in technology are addressing many of these needs. Combined advances in switching technology and WLANs actually help financially constrained government agencies achieve more value and functionality within their existing budgets. For a very reasonable cost, government organizations can implement a high-bandwidth infrastructure that is able to support a wide range of leading applications. In turn, these applications will deliver a host of new capabilities, making work life more efficient and even leading to substantial cost savings. A sampling of these applications include:
•Process Automation—Government organizations can Web-enable their processes, boosting productivity by giving workers the ability to rapidly share complex documents with internal users, external suppliers, and the general public. In fact, entire processes can be automated throughout government organizations, regardless of worker location.
•Online Content—In the government environment, online content quickly is becoming the rule. This content—which may include legislation, rules, reports, and correspondence—can be created, managed, distributed, and accessed online.
•Multimedia Capabilities—Rapidly, rich multimedia content is replacing flat data files in reports, presentations, briefings, and so on. Therefore, government networks must be robust enough to support the convergence of data, voice, and video, aswell as streaming media.
•Information Distribution—Agencies can enhance existing services and introduce new functionality. For instance, they can move procurement processes online, deploy expanded citizen services such as Web-based Social Security information, set up video-based training programs, conduct video conference staff meetings, enable broadcasting and much more.
•Converged Voice, Video, and Data Applications—Government offices can rapidly integrate the latest networking technologies to benefit from new Internet and integrated data, voice, and video applications such as IP telephony, interactive call centers, unified messaging, e-learning, e-commerce, CRM, and more.
These applications all require the support of a robust, high-bandwidth network infrastructure. Fortunately, a cost-effective solution exists for all government organizations that can be deployed regardless of the organizations' existing wiring or installed devices.
Cisco Wired TechnologiesHigh-speed LAN technologies deliver broadband capabilities to entire government departments, agencies and institutions. Cisco solutions integrate broadband into any wired environment—whether the media is Category 1, 2, or 3 copper telephone wire, Category 5 copper or fiber. Therefore, government agencies do not need to expend the time, expense and effort of rewiring to achieve tremendous bandwidth.
Cisco Wireless TechnologiesWLAN technology affordably extends your network's flexibility when it is not practical to install cable or when flexible, mobile access solutions are required. Wired and wireless technologies each have a place in the government LAN and collectively deliver LAN-to-LAN capabilities.
Cisco Building Broadband Service ManagerThe Cisco Building Broadband Service Manager (BBSM) is a software-based service creation platform that provides government agencies with a highly automated, hassle-free way to deliver broadband services to sites or groups of users without IT support. Combining Cisco BBSM with Cisco wired and wireless infrastructures enables government agencies to create, market, and operate broadband access services.
These technologies allow government organizations to upgrade their networks for minimal incremental cost, preparing them for the future with a robust, flexible infrastructure. They can then leverage their network investments to streamline operations, deliver information quickly to workers, and provide enhanced services to citizens.
Enabling Technologies for Your Government LAN
Requirements for High-Speed LANsThe wired LAN is the principal means of connection for the high-speed government LAN—even in an integrated wired and wireless environment. Compared to wireless technology, the wired LAN offers significantly higher transfer rates over both short and long distances. However, steps must be taken to achieve maximum performance for your wired LAN. For instance, the network infrastructure must be optimized with a configuration that delivers sufficient bandwidth and intelligence to meet increasing traffic demands. In addition, your wired LAN should feature:
•Robust Quality of Service (QoS)—QoS enhances bandwidth management so that high-priority traffic receives preference on the network. Cisco Catalyst® LAN switches support the Institute of Electrical and Electronics Engineers (IEEE) 802.1p standard, which enables prioritized Ethernet traffic. Cisco offers several other QoS features, including Weighted Round Robin Scheduling and Strict Priority Scheduling. The switches also allow administrators to designate priority on a per port basis. Intelligent client devices, including the Cisco IP Phone 7960, further assure that high-priority traffic retains preferred treatment.
•Continual Network Availability—Maintaining high availability is vital for any mission-critical LAN. Ciscorecommends a network design that includes redundant components and connections to eliminate or minimize outages and performance degradations. Dual gigabit uplinks provide a redundant uplink incase the primary uplink goes down. Enhanced Spanning Tree Protocol (STP) convergence features—including PortFast, UplinkFast, and Per VLAN Spanning Tree (PVST)—enable LAN switches to be connected redundantly without creating broadcast storms that can slow response times.
•Easy, Integrated Web Management—Cisco management solutions operate end-to-end to alleviate management complexity. Users gain increased control of their networks with Cisco IOS® Intelligent Network Services, which offer advanced features, including IProuting, advanced QoS and security, but enables users to manage their entire LAN with one robust tool—the Cisco Cluster Management Suite (CMS). Cisco CMS, embedded in its fixed configuration LAN switches, letscustomers view and manage multiple stacks of switches using a single IP address.
•Security—In a common infrastructure, data and application access must be restricted and protected. Cisco desktop switches support port security, access authentication capabilities, and security and isolation between ports. The Cisco security features protect both sensitive data on the network and sensitive traffic, such as voice, which requires end-to-end privacy.
These features allow the infrastructure to support a broad range of Internet applications that require an integrated network, such as IP telephony, streaming video and audio, and broadcast. These are applications that most government organizations want to implement now or in the near future to enhance the work experience, as well as improve administrative efficiencies.
The Building Blocks of a Government NetworkTo support next-generation applications, most government organizations will need to upgrade their LANs. At the most basic level, they will need to migrate from shared hub technology to a switched infrastructure. Many agencies also will want to use faster, more intelligent technologies, such as Fast Ethernet or Gigabit Ethernet. In addition, agencies may want to integrate wireless technology into their environments for greater user mobility and LAN accessibility. Below, are the steps that government organizations can take today to build a robust, high-performance LAN. With this functionality in place, the mission of the agency can be taken quickly to the next level.
Migrating from Hubs to SwitchesIn preparing for next-generation applications, it is critical to replace 10 megabits per second (Mbps) shared-bandwidth hubs in the wiring closet with Ethernet/Fast Ethernet (10/100 Mbps) or Gigabit Ethernet (1000 Mbps) switches. These switches dedicate 10-, 100- or 1000-Mbps bandwidth to an individual LAN or WLAN node. Migration from 10-Mbps shared Ethernet hubs to 100- or 1000-Mbps Ethernet switches is now within reach of most government agency budgets, and in most cases will deliver exponential performance boosts. Additionally, migration causes minimal disruption because the new switches are based on traditional Ethernet protocol and require no specialized expertise to deploy.
Unlike a hub, which forwards packets to all connected ports, a switch forwards packets only to one port—the one connected to the destination of the packet. This reduces the overall volume of packets on a network, and enhances overall security since packets are restricted to their designated ports. In addition, a switch provides higher bandwidth and greater intelligence than a hub. Switches also offer defined QoS levels. Hubs can neither decipher different types of traffic nor provide the necessary bandwidth and response times for strategic applications.
Depending on the infrastructure already in place, migrating from hubs to switches may simply require deploying the new switches over the existing wiring to handle the higher speeds provided by Fast or Gigabit Ethernet, or updating the physical cables. Again, a high-speed, robust LAN is necessary to fully take advantage of the increased speeds provided by Fast and Gigabit Ethernet switches. By configuring the appropriate switching device(s), government organizations can ensure that all ports and network segments will experience sufficient performance and responsiveness.
Migrating to Multilayer Advanced SwitchesFor many government environments with hubs or Ethernet/Fast Ethernet switches, a migration to advanced, higher-performance multilayer switches will also be necessary. The reason is simple, with the growth of multi-point traffic and the introduction of demanding, bandwidth-hungry applications, the network comes under more and more stress. Inevitably, bandwidth and intelligence must be increased at the backbone of the network or at the top of the stack. For most Ethernet environments, a migration to a multilayer Gigabit Ethernet aggregation switch is the next logical step. Originally, Gigabit Ethernet could run only on fiber-optic wiring, so buildings without fiber would incur the costs and time of rewiring. Today, Gigabit Ethernet can run standards-based 1000 Mbps over the same Category 5 copper cabling that supports 10BaseT and 100BaseT Ethernet. As a result, government agencies can add Gigabit Ethernet devices easily to their existing copper infrastructures without additional cabling costs. With the addition of Gigabit Ethernet switches, the network will deliver the services, the speed and the scalability that users require.
Before deciding to implement Gigabit Ethernet, you should consider the following issues:
•Is my network optimized to handle an array of broadband services?
•Can my network adequately scale as users are added?
•As broadband services are introduced, will my network continue to be able to deliver top performance for all applications?
To answer these questions affirmatively, Gigabit Ethernet switches often must be integrated into a network. With the introduction of the Cisco Gigabit Ethernet switches, networks benefit from:
•Exceptional Performance—Cisco switches feature wire-speed performance on all ports, including Gigabit ports. Gigabit Ethernet gives government organizations 10 times the network performance as Fast Ethernet for little extra expense.
•Intelligent Network Services—Cisco incorporates Cisco IOS Intelligent Network Services into each of itsnetwork components to achieve true end-to-end services and manageability. These services include highavailability, advanced QoS, security and policy enforcement. Together, they ensure that networks can support a variety of high-bandwidth applications.
•Superior Manageability—The 1000BaseT standard isan extension of Ethernet. Therefore, LAN administrators can continue to use their existing methods of network management. The revolutionary Cisco Switch Clustering technology allows government agencies to quickly expand and upgrade their networks across multiple wiring closets and various LAN media without having to add resources or replace existing switching equipment. In addition, the Cisco CMS enables government organizations—for the first time—to manage the entire LAN with one tool.
•Easy Migration—1000BaseT network interface cards and switches support both 100/1000 and 10/100/1000 auto-negotiation between Ethernet/Fast Ethernet and Gigabit Ethernet. Network managers can expand their networks easily by deploying Gigabit Ethernet incrementally into their networks.
Gigabit Ethernet switches help prevent traffic bottlenecks between the edge of a network and its core. A full line of Cisco switch products allows government organizations to select the right device for specific traffic and budget requirements and ensures a growth path to higher speeds and functionalities.
Integrating Wireless with Your Wired LANFor many government environments, wireless technology is an important addition to the network. In a high-performance, switching environment, wireless technology can deliver Ethernet-level speeds reaching 11 Mbps to open areas, or high-density areas like auditoriums that require network access to a large number of users. Typically, a wireless network cannot replace the wired LAN. However, it can dramatically improve usability and scalability of the existing network. Many successful government implementations have shown that wireless technology delivers substantial administrative, learning, and cost-savings benefits.
Generally, wireless technology assumes three principal roles. First, government organizations add wireless to the LAN to give users greater mobility and flexibility. Secondly, wireless provides LAN access in buildings that are difficult to rewire for high-speed access. And, lastly, wireless bridges deliver LAN connectivity to remote sites and users. Each type of access can yield substantial benefits for government employees.
Portable Computing: More Users with Fewer ConnectionsIn a building or building campus setting, wireless technology allows users to achieve total PC portability and location independence. Wireless allows government agencies to put computer resources wherever they are needed without hardwired connections for every computer. With a WLAN, a single hardwired drop linked to a wireless access point provides a network access point for multiple PCs equipped with WLAN adapters. This type of configuration eliminates the location constraints of hardwired structures, and maximizes utilization of PC resources. As a result, laptops can be taken along and used in any location. In the ever-changing government environment, wireless technology can also reduce the cost and complexity of facility reconfigurations.
Mobile, Cost-Effective Internet AccessWireless technology also allows government organizations to provide broadband capabilities quickly and cost-effectively—without expensive rewiring. For many government agencies today, providing ubiquitous Internet access in existing buildings (not wired for Category 5 cabling) is cost-prohibitive. They must face the tremendous expense of installing higher grade copper or fiber wiring in old, brick buildings, as well as any extraordinary environmental costs, such as for asbestos removal. WLANs avert these problems by eliminating the need to install new wiring. WLANs also lower costs and yield improvements for administrative functions. With a WLAN in place, agencies can immediately announce or check availability of overstock items, send e-mail, and more easily communicate with support offices or the general public. If an employee moves to a different office, or a temporary facility is set up, wireless technology easily accommodates the change without time delays, the high cost of installing new cable, or reworking existing cabling infrastructure.
Integration of Remote Sites and BuildingsFor remote sites, wireless technology can prove invaluable by connecting facilities within a region. Wireless bridges link hardwired Ethernet networks, providing fast, cost-efficient integration of remote sites and users. The technology provides line-of-sight bridging (up to 25 miles between antennas) and has a data transfer rate higher than T1/E1 lines between buildings for a fraction of the cost of digging trenches for cable or paying monthly usage fees. As shown in Figures 1 and 2, a wireless point-to-point or point-to-multipoint bridge can connect remote buildings or embassy offices, especially in locations with inadequate infrastructures. Wireless bridges also allow multiple buildings to share one high-speed link to the Internet without using cables or dedicated lines.
Moreover, wireless bridges lead to a significant reduction in recurring leased line expenses, thus delivering tremendous financial benefits. In some cases, wireless technology provides a communications option where no feasible, cost-effective alternatives previously existed—for example, between buildings that are separated by bodies of waters, public spaces, or other virtually impassable physical barriers. Wireless bridges are not affected by bad weather and do not require an FCC (or applicable agency) license.
Figure 1 Point-to-Point Wireless Bridges
Figure 2 Point-to-Multipoint Wireless Bridges
Wireless Flexibility, FreedomWireless technologies are affordable and provide much-needed configuration freedom, especially in application environments characterized by unpredictable change and growth. In most government agencies, where employee numbers and locations, facility changes and technical needs are difficult to forecast, wireless technology delivers flexibility and nearly instant scalability.
Building Secure, Bridged LANsWLANs can utilize the standards-based, 128-bit wired equivalent privacy (WEP) to protect data traversing wireless links. For additional protection, NIST FIPS 140-1 certified routers, like the Cisco 2621, can be used. These routers can be used in conjunction with wireless bridges to provide data protection through IPSec-encrypted tunnels.
A Combined Wired and Wireless, End-to-End LAN Solution
For effective operation and management, network managers must view the IT infrastructure as an end-to-end fabric—not as separate wired and wireless entities. Any wireless technology should incorporate both the hardware and software functionality to support compatibility with the backbone, integrated network management to simplify operations and administration and security features that protect data and user privacy. End-to-end infrastructure visibility and manageability ensures a responsive, scalable, and highly maintainable network.
Customizing ServicesA government agency can be a highly diverse workplace. Employees require differing services to meet their work-related goals. Often, they seek online resources that reflect these individual aspirations. Government organizations now can support these divergent interests through the Cisco Building Broadband Service Manager (BBSM). Cisco BBSM is a powerful service creation platform that lets governments easily create, market and operate broadband services.
Cisco BBSM allows employees to customize their own online experience. They can select their own levels of bandwidth and services on an as-needed basis. Government agencies can even create portals and content targeted to employee groupings, such as workgroups, offices and departments. Cisco BBSM also provides very cost-efficient service provisioning. Since the system is highly automated, the active involvement of the government organization's IT department is minimal.
End-to-End SolutionsDelivering agency-wide broadband can be a major step. But Cisco makes it easy. Cisco offers end-to-end solutions for every point on the network: from the wiring closet to the backbone to the network core. Cisco wireless products even allow the network to be extended, while Cisco BBSM dramatically simplifies provisioning and customization. Cisco has everything that a government organization needs to deliver broadband services quickly and affordably throughout the office or agency.
Cisco Switch SolutionsCisco offers a selection of switch solutions that simplify integration of next-generation applications and ensure cost-effective reliability and optimum performance across the entire network. Integrated Cisco IOS software provides built-in functionality for end-to-end integration, including bandwidth aggregation.
The Cisco Fast Ethernet, Gigabit Ethernet and Long-Reach Ethernet (LRE) switches described below provide a combination of high data transfer rates, manageability, and expandability ideally suited for government agencies. Cisco switches also have the ability to support networks that integrate data, voice, and video applications, such as IP telephony. Support for new IP telephony applications, such as unified messaging, Web contact centers, and e-learning, requires fast LAN switches with QoS capabilities and high-availability components.
Autosensing Fast Ethernet Switches
Cisco Catalyst 2950 SeriesThe Cisco Catalyst 2950 Series is a family of wire-speed Fast Ethernet desktop switches that deliver the next generation of performance and functionality for the LAN. These standalone, 10/100 autosensing switches provide enhanced QoS and multicast management features. Optimized for the wired LAN, they are managed with the easy-to-use Cisco CMS and integrated Cisco IOS software.
Catalyst 2950 Switches deliver maximum performance. They feature a switching fabric of 8.8 Gbps and a maximum forwarding bandwidth of 4.4 Gbps, providing wire-speed performance on all ports in connecting end stations and users to the LAN. Easy-to-use management and security features include a Web-based interface, multilevel security, robust QoS, autoconfiguration capabilities and a broad range of standards-based connectivity. Importantly, Cisco Catalyst 2950 Switches provide easy migration to Gigabit Ethernet speeds.
Cisco Catalyst 3500 Series XLThe Cisco Catalyst 3500 XL is a scalable line of stackable 10/100 and Gigabit Ethernet switches that deliver premium performance, manageability, and flexibility, with unparalleled investment protection. These low-cost, high-performance switches are ideal for government networks deploying advanced Internet capabilities. Notably, one member of this product family—the Catalyst 3524-PWR XL desktop switch—forms a foundation for supporting converged application traffic with the following features:
•Inline power for IP phones
•Redundant high-speed uplinks with load-balancing capabilities
•Capability to mark Ethernet packets with QoS priorities
Gigabit Ethernet Switches
Cisco Catalyst 3550-12TThe Cisco Catalyst 3550-12T Gigabit Ethernet Switch allows network managers to increase control of their LANs by combining the power of Cisco IOS Intelligent Network Services with the simplicity of Web-based management. This solution helps government organizations significantly improve their network availability, scalability, and security by deploying Cisco IOS Intelligent Network Services in either the network backbone or top-of-the-stack wiring closet aggregation using Category 5 copper cabling. The 12-port Catalyst 3550-12T features mission-critical multilayer services, such as IP routing, advanced QoS, IP security, and easy-to-use cluster management.
Cisco Catalyst 2950T-24 and Catalyst 3500 XLThe Cisco Catalyst 2950 Series and Catalyst 3500 Series XL feature models that support Gigabit Ethernet connectivity, in addition to Fast Ethernet. The Gigabit-over-copper Catalyst 2950T-24 switch offers 10/100/1000BaseT links, enhanced Cisco IOS services, advanced QoS, multicast management, high availability and security.
The Cisco Catalyst 3500 XL Switches also support robust Gigabit Ethernet connectivity with the use of Cisco Gigabit Interface Converters (GBICs). The Cisco 1000BaseT GBIC can be deployed in the Gigabit Ethernet GBIC ports of the Catalyst 3500 XL switches to provide Gigabit Ethernet connectivity over copper to high-end workstations or between wiring closets over the existing copper infrastructure. These built-in dual GBIC-based ports provide users with a flexible and scalable solution for Gigabit Ethernet uplinks and GigaStack GBIC stacking.
The Cisco and Intel AllianceCisco and Intel have teamed to further boost the usability, flexibility and ease of deployment of Cisco Gigabit Ethernet solutions. Now, the Cisco 1000BaseT Catalyst 2950 and 3550-12T switches offer seamless compatibility with the Intel® PRO/1000 T Server Adapter, a Gigabit Ethernet adapter, for Category 5 infrastructures. Government organizations now have ready access to all the tools they need for rapid network integration and a quick migration to Gigabit Ethernet performance with established industry leaders, Cisco and Intel.
Cisco Long-Reach Ethernet SolutionsCisco Long-Reach Ethernet (LRE) is an innovative networking solution that delivers highly affordable, high-performance broadband access to multi-unit structures, such as office buildings. Cisco LRE dramatically extends Ethernet over existing Category 1, 2, or 3 wiring, delivering speeds of 5 to 15 Mbps for distances of up to 5,000 feet. It's a perfect broadband solution when high speeds are required, but wiring is difficult to upgrade due to cost or building age. The complete end-to-end Cisco LRE solution includes Catalyst 2900 LRE XL Switches, the Cisco 575 LRE Customer Premises Equipment (CPE) device, and Cisco LRE 48 POTS Splitter.
Cisco Catalyst 2900 LRE XL SwitchesCisco Catalyst 2900 LRE XL switches provide key features necessary for robust networks, including QoS, scalability, security, and network management.
Cisco 575 LRE CPEThe Cisco 575 LRE CPE bridges LRE and Ethernet, providing one RJ-45 Ethernet connection and two RJ-11 connectors. This device supports POTS traffic that co-exists over the same LRE line by splitting LRE and POTS traffic at the CPE device.
Cisco LRE 48 POTS SplitterThe Cisco LRE 48 POTS Splitter works in conjunction with the Cisco 575 LRE CPE to enable LRE and POTS to exist on the same telephone line. It ensures that POTS service is separate and never compromised by LRE switch configurations or downtime.
Cisco Wireless SolutionsCisco wireless systems integrate seamlessly with wired network backbones, providing end-to-end management and performance visibility. Cisco wireless solutions are IEEE 802.11b and Wi-Fi compliant to interoperate with standards-based wireless networking products and with all major wired-network components. These products operate as extensions to a wired network or can be deployed to create freestanding all-wireless networks.
Cisco Aironet 350 SeriesThe Cisco Aironet 350 Series of WLAN products provides industry-leading performance, security, and reliability at a very reasonable cost. It is the first and only product to deliver a WLAN solution that offers scalable, centralized security, superior range and affordability. The Cisco Aironet 350 features:
•Data rates up to 11 Mbps
•Support for inline power over Ethernet, simplifying and reducing the total cost of installation and ownership
•High-performance 100 Milliwatt radio design, with power management capabilities
•Future-proof architecture that can support additional software features
The Cisco Aironet 350 Series includes products tailored to in-building and building-to-building applications. The in-building products consist of access points and wireless client adapters, including peripheral component interconnect (PCI) adapters and PC cards. Equipped with PC cards, laptops, notebook PCs or PDAs can be moved freely around a government facility and still maintain connections to the network. Wireless PCI adapters allow desktop PCs to be added to the LAN quickly, easily, and inexpensively, without the need for additional cabling.
The Cisco Aironet 350 Series Access Point is a WLAN transceiver that can act as the hub of a standalone wireless network or as a bridge between wireless and wired networks. In large installations, the innovative roaming functionality provided by multiple access points lets wireless users move freely throughout a building or building campus while maintaining seamless, uninterrupted access to the network. Up to 128-bit wired equivalent privacy (WEP) encryption provides data security that is comparable to traditional wired LANs. The Aironet 350 Series also utilizes IEEE 802.1x-based extensible authentication protocol (EAP) to provide scalable, centralized security management and support dynamic single-session, single-user encryption keys integrated with network logon.
Cisco Aironet 350 Series wireless bridges connect line-of-sight buildings located up to 25 miles apart. Wireless bridges are ideal for connecting multiple buildings. Sites are easily connected even when separated by obstacles. With no licensing required, no right-of-way issues and no recurring leased line charges, wireless bridges can be far less expensive than T1 lines or fiber-optic cable. Easy to install and configure, bridges can be implemented in a day or less. Operating in the 2.4 GHz band, Cisco Aironet 350 Series products operate reliably even in severe weather conditions. Configuration and management options include direct console or remote configuration via Telnet, File Transfer Protocol (FTP), Simple Network Management Protocol (SNMP) or browser graphical user interface.
Cisco Building Broadband Software Solution
Cisco Building Broadband Service ManagerAs mentioned previously, the Cisco BBSM service creation platform lets government agencies offer a wide range of broadband services—and different levels of bandwidth—with minimal management or support. Cisco BBSM allows workers to provision their own services. In this way, workers and worker groups receive the exact types of services they want.
Cisco BBSM delivers:
•Plug and Play Access—Cisco BBSM ensures that all users can get connected quickly, regardless of their PC configuration. Employees can get online when they need to, without active agency involvement.
•Employee Self-Provisioning—Workers select the services and bandwidth they require. Self-selection empowers employees, while minimizing agency management.
•Forced Portal Connect—Cisco BBSM allows government organizations to set up an online portal that greets employees as they sign onto the system. This portal provides workers with various connection and service options and lets the agency distribute customized information and messages.
•System-wide Automation—Cisco BBSM features automated management and billing, providing cost- and time-savings for the agency.
Cisco BBSM enables government organizations to easily offer services, and manage the connect portal as actively as they like or need. It increases employee satisfaction, provides a powerful communications platform and reduces support costs. Because it is already the most widely used service creation platform for building environments in the world, Cisco BBSM offers reliable and proven performance.
Cisco AVVIDCisco AVVID (Architecture for Voice, Video and Integrated Data) is the foundation of all Cisco products and the basis for converged network infrastructures. Through Cisco AVVID, government agencies are assured of an integrated, end-to-end family of networking products that guarantee forward and backward system compatibility. Cisco AVVID encompasses these elements:
•Infrastructure hardware and software
•Directory services and associated policy management capabilities
•Integrated data/voice applications
•A range of client devices, such as phones and PCs
•Service and support
Cisco AVVID enables government agencies to deploy IP-enabled applications, implement a standards-based open architecture, and migrate to a converged network in a customized timeframe.
Service and SupportA vital part of an overall network solution, Cisco service and support provides the expertise to respond to any needs that arise after the initial installation of a Cisco solution. Rapid deployment services are available through the Cisco Total Implementation Solutions (TIS) program. In addition, ongoing operational support, as well as advanced services to optimize the network for high-availability performance, is provided by Cisco through service offerings such as SMARTnet™ or SMARTnet Onsite.
Key Global Service Features and Benefits:
•TIS—Includes offerings designed to address the challenges that organizations face when installing, implementing, and upgrading their networks. The program provides support where and when it isneeded by the customers to support the rapid deployment of new technology.
•SMARTnet—Provides enhancement and maintenance support resources during the operational lifetime of acustomer's Cisco networking device. SMARTnet augments the resources of the customer's operations staff; it provides them with access to a wealth of expertise, both online and via telephone, the ability to refresh their system software at will, and a range of hardware advance replacement options.
•SMARTnet Onsite—Provides all SMARTnet services and complements the hardware advance replacement feature by adding the services of a field engineer (critical for those locations where staffing is insufficient or unavailable to perform parts replacement activities).
Customers interested in learning more about service should work with their Cisco Account Manager, Global Services Manager (GSM), or visit www.cisco.com.
Sample Network Designs
Veterans Administration Hospital NetworkEven with a simple infrastructure in place, government organizations can take advantage of a hierarchical switching architecture to intelligently manage users, servers, and links to the outside world. High-performance, high-availability Layer 3 switches manage the network core functions and ensure an optimally performing backbone.
Individual or stackable Layer 2 desktop switches can be star-wired off the Layer 3 switch to deliver the access solutions for traditional user stations in fixed locations. For offices and other locations (for example, patient wards, libraries, temporary facilities) that require flexible connection options, a single connection to a wireless access point can be installed in place of multiple cables to fixed stations. Agencies gain the flexibility to take advantage of portable computers across multiple work sites, each with access point coverage, or easily and quickly change the configuration in an office without changing the cabling.
The Veterans Administration hospital design in Figure 3 is based on high availability from the WAN edge all the way to the servers. The Catalyst access layer switches and administrative servers are connected in a redundant fashion to the Layer 3 core using Gigabit or Gigabit EtherChannel® technology. High-speed wired connections to the network backbone are provided to bandwidth-intensive locations like the imaging center and accounting department. Legacy infrastructure allows the use of Cisco routers to connect the off-site clinic via the hospital campus WAN. In older buildings with Category 1, 2, or 3 cabling like the off-site clinic, Cisco LRE solutions can be used to deliver high-speed access. To avoid laying cabling to the medical library, Cisco Aironet bridges were installed to connect the library to the hospital network.
In addition, the patient wards are installed with Cisco Aironet access points, allowing a prepackaged and bar-coded medication distribution process. In the pharmacy, every drug package is pre-packed with a barcode. Using a wireless handheld or portable device, nurses can scan both the patient's bar-coded wristband and the barcode on the drug package to make sure that the prescription is assigned to the correct patient. The portable client device communicates to a wireless access point and then to the pharmacy computer system. The records are checked, patient identity and prescription verified, and the confirmation notice is sent back to the portable device in real-time.
Figure 3 Sample Network Design for Government Veterans Administration Hospital
High-Function ImplementationsIn areas of the world where leased-line connectivity is not cost-effective or the public infrastructure is unreliable or non-existent, Cisco Aironet wireless bridges can provide connectivity requirements where the public infrastructure falls short. In Figure 4, an embassy has installed a wireless bridge with an omnidirectional antenna in order to communicate with the warehouse and ancillary building several miles away. To protect the data that will traverse the wireless links, standards-based, 128-bit WEP is utilized. In addition, the Cisco 2621 router, a NIST FIPS 140-1 certified router, is used in conjunction with wireless bridges to provide data protection through IPSec-encrypted tunnels.
Within each location, wired LANs are deployed. Catalyst switches are used to deliver high-speed, 10/100/1000 connectivity to individual users and other network devices.
Figure 4 Sample
Network Design for Wireless Embassy
ResourcesCisco provides numerous resources for government institutions, including materials for every stage of infrastructure implementation. Visit www.cisco.com for a comprehensive listing of available materials. The following list provides a sampling of helpful resources.
•Networking Essentials Guide
This guide describes the primary building blocks of networks and the role each one plays. Find out about the most popular networking technologies or methods for moving data, and determine which approach to networking and which technologies are best for your government building or facility. Topics include: basic network components, network technologies, government networking examples, network how-to's; network design considerations, and a "basics" checklist.
•Optimizing Your Network: Migrating from Hubs to Desktop Switches
This guide explains the advantages of upgrading from 10-Mbps, Ethernet-based LANs to 10/100-Mbps switching. Included is background on the traffic and bandwidth management features in 10/100 switches that help boost performance and accommodate a growing number of users, as well as suggestions for how to migrate a hub-centric LAN infrastructure to a switch-based environment for maximum effectiveness.
•Easy Migration to Gigabit Ethernet over Copper
This document discusses the benefits of migrating from a 10/100 Fast Ethernet network to a high-performance 1000BaseT Gigabit Ethernet network. Sample designs show how to upgrade networks to support Gigabit Ethernet speeds—over the building's existing Category 5 copper cabling. Included is a discussion of the devices that comprise the Cisco Gigabit Ethernet over Copper solution.
•Cisco Catalyst 2950 Series Switches
Cisco Catalyst 3550-12T Gigabit Ethernet Switch
•Cisco Catalyst 3500 Series XL Switches
•Cisco Catalyst 2900 Series LRE XL Switches
•Cisco Aironet 350 Series Wireless Products
•Cisco Building Broadband Service Manager (BBSM)
•Cisco Midmarket Business and Technology Solutions
Access PointA wireless LAN (WLAN) transceiver that acts as a center point in a wireless network and bridges between wireless and wired networks.
ATMAsynchronous Transfer Mode. Under ATM, multiple traffic types (such as voice, video, or data) are conveyed in fixed-length cells (rather than the random-length "packets" moved by technologies such as Ethernet and Fiber Distributed Data Interface [FDDI]). This feature enables very high speeds, making ATM popular for demanding network backbones. With networking equipment that has recently become available, ATM will also support wide-area network (WAN) transmissions. This feature makes ATM valuable for large, dispersed organizations.
BackboneThe part of a network that acts as the primary path for traffic moving between, rather than within, networks.
BandwidthThe "data-carrying" capacity of a network connection, used as an indication of speed. For example, an Ethernet link is capable of moving 10 million bits of data per second. A Fast Ethernet link can move 100 million bits of data per second—10 times more bandwidth.
BridgeA device that passes packets between multiple network segments using the same communications media. If a packet is destined for a user within the sender's own network segment, the bridge keeps the packet local. If the packet is bound for another segment, the bridge passes the packet onto the network backbone.
ClientA networked PC or terminal that shares "services" with other PCs. These services are stored on or administered by a server.
Client adapterIn a wireless network, a network interface card (NIC) that provides devices with wireless connectivity.
Collision DomainIn Ethernet, the result of two nodes transmitting simultaneously. The frames from each device collide and are damaged when they meet on the physical media.
EthernetA popular LAN technology that uses CSMA/CD (collision detection) to move packets between workstations and runs over a variety of cable types at 10 Mbps.
Fast EthernetUses the same transmission method as 10-Mbps Ethernet (collision detection) but operates at 100 Mbps—10 times faster. Fast Ethernet provides a smooth upgrade path for increasing performance in congested Ethernet networks, because it can use the same cabling (if Category 5 cabling is used), applications, and network management tools. Variations include 100Base-FX, 100Base-T4, and 100Base-TX.
FDDIFiber Distributed Data Interface. A LAN technology based on a 100-Mbps, token-passing network running over fiber-optic cable. Usually reserved for network backbones in larger organizations.
Frame RelayA wide-area network (WAN) service that provides switched ("on-and-off") connections between distant locations.
FTPFile Transfer Protocol. A part of the chief Internet protocol "stack" or group (TCP/IP) used for transferring files from Internet servers to your computer.
Gigabit EthernetGigabit Ethernet (IEEE 802.3z) is an extension of the IEEE Ethernet standard, offering speeds of 1 Gbps (1,000 Mbps) or 100 times more than standard Ethernet (10 Mbps).
HTMLHypertext Markup Language. Document-formatting language used for preparing documents to be viewed by a tool such as a World Wide Web browser.
HTTPHypertext Transfer Protocol. Protocol that governs transmission of formatted documents over the Internet.
HubA device that interconnects clients and servers, repeating (or amplifying) the signals between them. Hubs act as wiring "concentrators" in networks based on star topologies (rather than bus topologies, in which computers are daisy-chained together).
IEEEInstitute of Electrical and Electronics Engineers. A professional organization whose activities include the development of communications and network standards. IEEE LAN standards are the predominant LAN standards today.
IEEE 802.11bThe 11-Mbps, direct sequence spread spectrum standard for wireless LANs as defined by the Institute of Electrical and Electronics Engineers (IEEE).
InternetA massive global network, interconnecting tens of thousands of computers and networks worldwide. It is accessible from any computer with a modem or router connection and the appropriate software.
ISDNIntegrated Services Digital Network. Communication protocol offered by telephone companies that permit high-speed connections between computers and networks in dispersed locations.
LANLocal-area network. Typically, a network or group of network segments confined to one building or a campus. Compare to wide-area network (WAN).
Long-Reach Ethernet (LRE)LRE is a broadband networking solution developed by Cisco that includes the industry's first end-to-end product line for delivering 5-15 Mbps performance over existing Category 1/2/3 wiring. With Ethernet-like performance that reaches up to 5,000 feet, LRE enables simultaneous voice, video and data applications. Cisco LRE can also co-exist with analog voice traffic (POTS) on the same wire and ISDN/ADSL traffic on the same cable bundle.
ModemA device that enables a computer to connect to other computers and networks using ordinary phone lines. Modems "modulate" the computer digital signals into analog signals for transmission, then "demodulate" the analog signals back into digital language that the computer on the other end can understand.
PacketA block of data with a "header" attached that can indicate what the packet contains and the destination where it is headed. Think of a packet as a "data envelope," with the header acting as an address.
POTS, PSTNPlain old telephone service (POTS) and Public Switched Telephone Network (PSTN). General terms referring to the variety of telephone networks and services currently in place worldwide.
Remote-Access ServerA device that handles multiple incoming calls from remote users who need access to central network resources. A remote-access server can allow users to dial into a network using a single phone number. The server then finds an open channel and makes a connection without returning a busy signal.
RouterA device that moves data between different network segments and can look into a packet header to determine the best path for the packet to travel. Routers can connect network segments that use different protocols. They also allow all users in a network to share a single connection to the Internet or a wide-area network (WAN).
ServerA computer or even a software program that provides clients with services—such as file storage (file server), programs (application server), printer sharing (print server), fax (fax server) or modem sharing (modem server). Also see "Client."
SwitchA device that improves network performance by segmenting the network and reducing competition for bandwidth. When a switch port receives data packets, it forwards those packets only to the appropriate port for the intended recipient. This capability further reduces competition for bandwidth between the clients, servers, or workgroups connected to each switch port.
Token RingLAN technology in which packets are conveyed between network end stations by a token moving continuously around a closed ring between all the stations. Runs at 4 or 16 Mbps.
WANWide-area network. Typically refers to a network that connects devices over greater distances, such as geographical regions. WANs often connect two or more LANs together. Compare to local-area network (LAN).
Wired equivalent privacy. Optional security mechanism defined within the IEEE 802.11 standard designed to make the link integrity of the wireless medium equal to that of a cable.