By Lance Perry, vice president, IT Customer Strategy and Success, Cisco
As the Part I of this article detailed, employees regularly need to collaborate across continents and time zones. Remote access eases the burden of attending meetings outside of regular business hours. Remote access also gives employees the flexibility to work from home in the case of severe weather, natural disasters, or other emergencies. But supporting home- and remote-office solutions has its challenges. Here's how Cisco IT tackled the problem.
To facilitate employee remote access, Cisco IT agreed to support 500 users participating in a remote-access pilot, realizing that a deployment needed four key features:
- A secure VPN remote-access service
- A global deployment and support model
- Global management capabilities
- Low total cost of ownership
Basically, Cisco IT needed to create a solution that would encompass end-to-end support-not just in the networking sense, but also in the lifecycle sense. IT developed a system that was dubbed the Enterprise Class Teleworker (ECT) solution, which combines a router with a broadband connection (DSL or cable) in the home. The software-based router provides IP security, data encryption, and an enhanced set of security features, including firewall, public key infrastructure (PKI), and authentication, authorization, and accounting capabilities.
The solution's underlying technology is the dynamic multipoint VPN (DMVPN) capability, which provides secure, end-to-end VPN connectivity over the Internet and supports "best-path" tunnels between and among multiple users. This allows remote users to communicate easily with each other, rather than having to go through a corporate hub, and provides a more scalable way to build secure peer-to-peer connections.
We still had to tackle the issue of the time it took to configure routers for home use. We calculated that one technician could do only six to eight routers per day, which would not serve the needs of our estimated potential universe of 50,000 users. To solve this problem, we created what we called our "zero-touch" provisioning process. It requires the home user to submit a service request, including specific ISP-related information. Once the user receives the router, he or she must connect it, type in a specific URL, and then a user name and password.
The submitted information is handled by the Cisco IP Solution Center, which provides automated resource management and rapid profile-based provisioning capabilities. While the Cisco IP Solution Center is usually used in service provider and large enterprise networks, it proved invaluable in the home-access scenario. A computer in the solution center downloads a predefined IP address space for the user, as well as policies relating to security and quality of service. It was the creation of this automatic downloading capability that essentially made the process fast and reliable.
By combining the provisioning and support capabilities, along with technologies such DMVPN and PKI, Cisco IT was able to meet the needs of teleworkers around the world. In the process, Cisco IT learned much about its own capabilities-and the potential capabilities of its technology. Prior to the deployment of ECT, we managed 2,400 routers in our worldwide network, and we generally added only about 10 per month. But with zero-touch deployment and integrated management, Cisco IT can support the addition of 35,000 new routers on its network.
