36% :
Apr 22 2010

Riding the Pipe

Network gear plays a critical role in achieving broadband's potential in state and local government.

In the rural mountains of western Virginia's Franklin County, Wi-Fi hot spots and virtual private networks link 721 square miles of backwoods terrain to the outside world.

After building out a Motorola Canopy wireless backbone in 2006, Franklin County deployed a wireless LAN by equipping its 16 volunteer fire stations with Wi-Fi access points and firewalls. In addition, the county deployed VPNs to link branch locations with the main data center for the first time.

"With access nodes at our fire stations, any of our field personnel -- deputies, building inspectors, code enforcement, public safety -- can drive up and get onto our network," says Sandie Terry, Franklin County's IT director. "Since cell phones don't work in many areas, the fire stations have become our saving grace."

As the National Telecommunications and Information Administration and the Rural Utilities Service begin to award some $7.2 million in broadband grants, state and local governments are eager to take advantage of the healthcare, education, public safety and business opportunities that expanded access will bring. Public-sector organizations are preparing their network infrastructure to tie into broadband and building out high-speed networks with a raft of gear, including switches, routers, firewalls and wireless access points.

Choosing the most appropriate connectivity components requires considering big-picture needs. "Understanding what your people want to do with broadband infrastructure will drive decisions," says Craig Settles, founder and president of broadband consulting firm Successful.com. Franklin County, for example, found IP telephony to be a critical cost-recovery mechanism to partially offset broadband and IT expenses.

Finding the Right Gear

When evaluating network equipment for its broadband buildout, Franklin County focused on quality. "Rather than work with just one vendor, we looked at best-of-breed," says Terry.

Technical Services Manager Tony Leete cites as an example the routers, firewalls and switches chosen by the county. "For best integration with our new Cisco-enabled VPNs, we deployed a Cisco 2811 Integrated Services Router in combination with a Cisco Adaptive Security Appliance 5510 firewall at our main data center," Leete says. The county also deployed Cisco System's ASA 5505 firewalls at fire stations and branch offices, but chose Brocade FastIron Edge switches for certain applications. "With their dual power supplies, the Brocade switches reduce hardware complexity and provide fault tolerance," he says.

Sandie Terry (top) and Tony Leete (bottom) rolled out a wireless broadband network to transform service delivery in rural Franklin County, Va.

Photo Credits: Forrest MacCormack

Power options, adherence to open standards and minimizing network complexity were also critical. Leete chose models with Power over Ethernet support for resiliency and high availability. This includes Aruba AP-70 wireless access points that are centrally controlled by an Alcatel wireless LAN switch at the data center.

"We prefer open solutions whenever possible instead of proprietary equipment for improved interoperability," Terry adds. "Once we select a vendor, we standardize on equipment models because we have limited resources, so it reduces our administrative overhead."

Policing on the Mesh

For the city of Providence, R.I., community policing applications shaped connectivity decision-making for its broadband mesh network.

Providence's broadband deployment provides police officers and firefighters with access to the network as they drive past wireless mesh access nodes. Consequently, police officers spend more time in the field because they're now able to complete many tasks using squad car notebooks.

"We developed the mesh infrastructure strictly for public safety," says Joe McGarry, deputy director of communications. "It needed to integrate with our new police and fire dispatch and management system." These factors helped determine bandwidth and security requirements.

"For high availability, we worked with reputable vendors," McGarry says. "Because we planned to build out the deployment to provide access to building inspections, planning and public works departments, we also required compatible connectivity to meet those needs."

In addition, because cellular carriers were dismantling their legacy networks at the time, a rapid deployment was critical. As a result, McGarry chose network devices that his technicians were familiar with, rather than new technologies that would require a learning curve.

Going forward, Providence will re-evaluate connectivity as it incorporates new applications, particularly video surveillance. Video applications are currently piloted over the city's mesh network, but full deployment will require the bandwidth offered by fiber.

"We're cooperating with a consortium of agencies on a fiber initiative, which will require a connectivity refresh," McGarry says. "Until then, we've controlled bandwidth demands by limiting the number of cameras in the field so we don't overload our networking equipment."

On-Ramp to the DDN

In South Dakota, networking demands also drive connectivity related to the state's wired backbone, the Digital Dakota Network (DDN).

"Video is strongly affecting us," says Otto Doll, CIO. "Even the small Department of Transportation field shops are shooting video instead of photos, which requires more bandwidth to upload. We're upgrading connectivity devices, such as edge routers, to higher-performance models."

Evolving Wi-Fi security concerns have also resulted in modifications. "We've moved away from an autonomous architecture, where access point configuration and management is localized to each individual device," explains Doll, who is also co-chair of the National Association of State CIO's broadband committee.

Click here to learn how Oklahoma uses its broadband backbone.

Today, South Dakota's wireless architecture resembles Franklin County's. "We use a lightweight controller architecture," says Doll. "Configuration and management for wireless access points are centralized."

ROI Matters

To squeeze out a return on investment, Doll recommends planning ahead. "When deployed, your routers may be at a fifth of their capacity, but firewalls may be nearer their maximum," he says. In other words, invest in higher-capacity routers that are designed to be compatible with next-generation firewalls. Then, purchase more cost-effective firewalls that can be swapped out as bandwidth needs change.

Additionally, Doll suggests building in a significant reserve. "In our case, we estimate our total needs for bandwidth or performance, and we add 20 percent," says Doll. "Then we deploy equipment accordingly."

Regardless, standardization is vital. "Standardizing really extends our resources," Doll emphasizes. "Our IT staff become trained experts on a specific set of connectivity devices, and bulk purchasing gives us the best cost dynamics."

For South Dakota, this means partnering with Fortinet for firewalls and Cisco for switches, routers and access points.

Finally, in such a rural state, vendor support capabilities are paramount. "We're literally in the middle of nowhere with over 77,000 square miles to cover," says Doll. "So we select partners that can meet the unique survivability and high-availability demands of our remote and isolated areas."

FCC Unveils Nationwide Broadband Road Map

The U.S. government is working to blanket the country with a national broadband network. In March, the Federal Communications Commission presented the Nationwide Broadband Plan to Congress. An interagency effort, the plan was prepared after receiving year-long input from all levels of government, nonprofit organizations, service providers and private citizens.

In a recent address, FCC Chairman Julius Genachowski said he foresees "a connected America where law enforcement officers and first responders from a thousand jurisdictions can deal with emergencies as one smart, fluid team on a single, integrated, mobile broadband network."

Forrest MacCormack

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.