Upload
marina-larrabee
View
220
Download
1
Embed Size (px)
Citation preview
1© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Cisco Connected Government
Technical Overview
October 2005
2© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Agenda
• Connected Government Overview
• Overview of Cisco® Connected Government—Intra-agency Roadmap
• Overview of Cisco Connected Government—Interagency Roadmap
• Applying Cisco Connected Government to Public Safety Agencies
• Mapping Case Studies to the Phases of Cisco Connected Government
• Why Cisco?
• Discussion
3© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Connected Government Overview
4© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Government Agency Challenges
• Improve operational efficiencies with proactive strategic planning, policy development, resource allocation, and administrative and financial planning
• Increase reach and responsiveness of constituent services
• Reduce operational costs
• Enhance quality and flow of information across chain of command
• Establish resilient network infrastructure that supports interagency collaboration
5© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Source: “Forecast: State and Local Government, North America, 2004–2007” (Gartner; 2004)
Current Trends in Public Safety Agencies—Investments to Improve Information Flow
• Investments in last-mile wireless and communication technologies
• Investments in new business processes
• Investments in critical public safety applications
Computer-aided dispatch (CAD)
Records management system (RMS)
Multijurisdictional communication networks
Mobile data terminals
Biometrics
Auto vehicle locator
Mug shots and digitized images
Crime analysis
6© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Agency Drivers for Change
Intra-agency/Interagency Collaboration
• Enable interoperable communications to support constituent services, agency collaboration, and joint operations
• Consolidate common government services to enhance operational efficiency
Shared Services
Information Sharing
• Improve operational efficiency by providing equal interagency access to critical information
• Foster sharing of physical resources and equipment (e.g., incident command vehicles, aircraft, etc.) across agencies to reduce costs
Infrastructure Sharing
7© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
What Is a Connected Government?
• All branches of government support the controlled flow of information
• Services reach constituents when they need them, where they need them, and in the way they need them
• Services reach more constituents with less cost
• Government is engaged with constituents
8© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Overview of Cisco Connected Government
• Reference network and application architectures with a corresponding roadmap
Uses government and private-sector best practices to enable improved information sharing across organizational boundaries
• Roadmap transitions governments through a multiphase approach, synchronized with process change
Yields realistic near-term benefits while making progress toward long-term objectives
• Network Assessment tool
Compares department mission with IT capability
9© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
How to enable and control information flow across application and organization boundaries and services?
How to consolidate and manage the network, computer and storage needs acrossapplication and organization boundaries?
How to collaborate with public and private sectorconstituents, partners, and suppliers across application and organizational boundaries?
Data CenterData CenterBranchBranchCampusCampus TeleworkerTeleworkerMAN / WANMAN / WAN
Server
Network Virtualization Services
Places in the Network
Storage Clients
Infrastructure Sharing
Application Services Voice & Collaboration Services
Computer Services
Identity Services
Security Services
Mobility Services
Storage Services
InfrastructureServices
Information Sharing
IPC/IPCC Security Wireless
Collaboration
Ser
vice
s
Services that Can Be Easily Modified, Distributed, Scaled,and Maintained and that Integrate Legacy Systems Cost-Effectively
Goal: Moving to
a More Connected
Government
Goal: Moving to
a More Connected
Government
Addressing the Government Challenge: Improve Service Without Increased Budgets
10© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Cisco Connected Government Roadmap
• Sections illustrate common application of roadmap, but there are exceptions
For some agencies, sharing across groups within one agency is as complex as sharing between agencies
For these agencies, all six phases can be applied within the same agency before branching out between agencies
Intra-agency FocusEnhances agency’s ability to serve constituents wherever they are and whenever they need assistance
Phases 1 to 3
Interagency FocusEnables connectivity, communication, and collaboration between agencies
Increases service effectiveness and public safety
Phases 3 to 6
1 2
Work from inside out
11© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Overview of Cisco Connected Government—
Intra-agency Roadmap
12© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
1Phase 1: “Siloed” Information and Communications Systems
• Redundant systems, resources, information, and processes designed for independent operation within each department
• Prerequisites to enter next phase
Ensure quality of service (QoS)
Achieve high network availability
Establish robust, integrated network security
13© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Phase 1: “Siloed” Information and Communications Systems—Cont’d
Limited Network Redundancy
Data Center Headquarters
Branch
No Integrated Security
Separate Voice and Data Network
Limited Connectivity to the Data Center
Mobile Network
Limited Mobile Data Access
Connectivity to Data Center Is Potential Single Point of Failure
Lack of Any-to-Any Voice, Video, or Data Real-Time
Communication
DMZ
Increased Cost and Complexity
Network Downtime Network at Risk
SiSi
Public Switched
Telephone Network (PSTN)
Leased Lines
Internet
14© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
High AvailabilityHigh AvailabilityQoS and Convergent
CommunicationsQoS and Convergent
Communications
CollaborationApplicationsCollaborationApplications
Integrated SecurityIntegrated Security
Getting Out of the Silos
15© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
High Availability: Resilient Network Design
• AutoSecure, Warm Reload, Control Plane Policing, Nonstop Forwarding/Stateful Switchover (NSF/SSO), Switch Cluster, Configuration Rollback, Fault Containment, and Generic Online Diagnostics
• Routing Protocol and Spanning-Tree Enhancements, Cisco EtherChannel® Technology, Multiprotocol Label Switching (MPLS) Traffic Engineering, Gateway Load Balancing Protocol (GLBP)/Hot Standby Routing Protocol, Multilink Point-to-Point Protocol, Dial-On-Demand Routing, and Resilient Packet Ring
• Survivable Remote Site Telephony (SRST), CO-Based Gateways, Teleworker, Advanced Worm Mitigation, Call Center Resiliency, and User Mobility
Device-LevelResilience
Network-LevelResilience
Systems-LevelResilience
In Case OfEmergency
16© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Core Distribution Access
• Protect bandwidth and priority traffic
• Protect switch CPUs
• Enforce access control policies
• Secure access for authorized users and “safe systems”
• Secure “hot ports” and protect switch CPUs
• Mitigate man-in-the-middle attacks
• Protect links proactively
Integrated Security
Protect core as high-speed interconnect to rest of the network
Ensure authorized user access, protect links and switches, and defend against malicious attacks
Protect links to distribution and core from attacks that interrupt control traffic and device manageability
Advanced Integrated Security
17© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Quality of Service
GW
Access DistributionVoice
Data
Core
Scavenger
Voice
Data
Scavenger
QoS Is Integral to the Converged Campus Network
• Guaranteed, predictable behavior for unmatched control over network traffic
• Greater adaptability to future needs
• Protects against network security threats by guaranteeing bandwidth
18© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Cisco Convergent Communications
• Workplace services
• Voice mailand unified messaging
• Emergency responder
• Customer contact• Rich-media
conferencing
Applications Endpoints Call Control Infrastructure
• IP phones• Wireless phones• Cisco IP
Communicator• Cisco VT
Advantage
• Hosted call control• Cisco CallManager• Cisco CallManager
Express• Integrated services
routers
• Intelligent network infrastructure
SecurityQoSAvailabilityManagementAdministration
A Completely Flexible, Resilient, and Secure Suite of Communications Applications that Scale and Adapt to the Needs of Any Organization
19© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Converged Communications for Distributed Branches
Headquarters
100–200 Employees
Regional Headquarters
25–75 Employees
Branch
10–20 Employees
Cisco Integrated Services Router with Cisco
CallManager Express, Cisco Unity Express, and Cisco IOS
FirewallCisco Integrated Services
Router with Cisco CallManager Express, Cisco Unity Express,
and Cisco IOS Firewall
Cisco Integrated Services Router with Cisco CallManager Express, Cisco Unity™ Express, and Cisco
IOS Firewall
Public Internet, VPN, or Private WAN with Voice
over IP
PSTN
20© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Headquarters
A
PSTN
WAN
Cisco Integrated Services Router with SRST
Cisco 7200
ApplicationsServer
• WAN link fails—IP phones lose contact with CCM
• IP phones exchange Keep Alive messages and Call Processing messages with Campus-Located CallManager (CCM)
• IP phones register with local router as router of last resort
• Router queries phones for configuration and auto-configures itself
• Router provides call processing for duration of failure via PSTN
• Upon restoration of WAN, IP phones revert back to CCM
Police Station
SRST—How It Works
Cisco CallManager
Cluster X
21© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Voice
Video
IM
Web
Integrated Rich-Media Conferencing
Voice Conferencing
• Scalable IP and TDM platform
• IP integration to backbone, platform, and desktop
Web Conferencing
• Tightly integrated fourth-generation solution
• Complete meeting management and control
Videoconferencing
• Integrated multipoint videoconferencing
• Broad endpoint support
22© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Rich-Media Conferencing Experience
Who’s SharingWho’s Speaking
Who’s AttendingHow Attending
2004 Results
Movable, Sizable Video Window
As Natural and Effective As Face-to-Face Meetings
Complete Voice, Video, and Web Conferencing Capabilities and Control
23© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
List of Relevant Resources
• IP Communications
http://www.cisco.com/go/voice/
• Routing and Switching
http://www.cisco.com/go/routers
http://www.cisco.com/en/US/products/hw/switches/index.html
24© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Branch
Branch
Campus
Data Center
SRST
Cisco Unity Messaging
Integrated Router Security
Centralized Management and Call Control
SiSi SiSi
Cisco MeetingPlace
DMZ Internet
IP WAN
IP WAN
Delivers Secure Communication and Collaboration Through a Complete Suite of Applications Integrated with the Infrastructure
Phase 2: Intra-agency Collaboration
25© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Still Unable to Integrate Remote and Field Workers
Remaining Challenge:
Phase 2: Intra-agency Collaboration
26© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
VPNsVPNs Enterprise MobilityEnterprise Mobility
Network Capacity Design
Network Capacity Design
Network IdentityNetwork Identity
Integrating Remote Resources
27© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
VPNs: Advanced Secure Access for Remote Sites
Internet
= DMVPN Tunnel
2800
Customer B
Customer C
Provider EdgeRouter
Customer A
www.cisco.com/go/ipsec
Branches and Field Networks Are Protected by an Underlying Self-Defending Network
IP Security (IPSec) Dynamic Multipoint VPN (DMVPN)
Zero-Touch Provisioning, Dynamic Mesh VPN Tunnels
Generic Routing Encapsulation (GRE) and
IPSec with Dynamic Routing
Use the Best Routing in the Business for Maximum Control
and Flexibility
Voice and Video Enabled VPN (V3PN)
Best-in-Class QoS with IPSec VPNs for Multiservice, High-
Quality, Jitter-Free Voice, Video, and High-Priority Data
IPSec Easy VPN
Remote-Access Hub and Spoke VPNs Using Centralized Policy
Push
28© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
User Identity-BasedNetwork Access
User-Based Policies Applied(Bandwidth, QoS, etc.)
HQ or Branch
AuthorizedUsers and Devices
UnauthorizedUsers and Devices
Identity-Based Network Access Determines Who Gets Access and What They Can Do
• Equivalent to placing a security guard at each switch port
• Only authorized users can get network access
• Unauthorized users can be placed into “guest” VLANs
• Prevents unauthorized access points (APs)
29© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Access Control,Packet Inspection
Firewall Services
Application Intelligence, Content Inspection, Virus Mitigation Intrusion Prevention
System (IPS) and Networking Audio and
Video Services
Identity, Virtualization, QoS Segmentation, Traffic Visibility
Network Intelligence
CiscoPIX
CSA
NAC
Quarantine VLAN
Cisco Router
CSA
VPN Access
VPN
Cisco DDoS
CSA
Cisco ® Router Cisco
Catalyst ®
Cisco Catalyst
Identity-BasedNetworking
Cisco IPS
Application Inspection, Use Enforcement, Web Control
Application Security
Malware and Content Defense, Anomaly Detection
Anti-X Defenses
Traffic and Admission Control, Proactive ResponseContainment and Control
SiSi SiSi
Extending Security to Remote Users:Security Across the Infrastructure
30© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Privacy Control Management
Enterprise-Class Encryption
WPA—Temporal Key Integrity Protocol
WPA2—AES
Secure Connectivity
for Wireless LANs (WLANs)
WLANWLAN
WLAN
Management for WLANs
Centralized Configuration, Monitoring, and Analysis
Single Management Console
Automation of Repetitive Time-Consuming Tasks
Trust and Identity Solutions for
WLANs
Robust Per-User Authentication
802.1X and Extensible Authentication Protocol Types
Identity-Based Networking
Threat Defense for WLANs
WLAN Threat Defense Solution
Rogue AP Detection and Suppression
Protection from Network Attacks
Rogue APMalicious
Hacker
Enterprisewide Mobility:Wireless LAN Security Across HQ
Protection
Cisco Wireless Security Suite
Cisco Wireless Security Suite
Cisco SWANCisco Structured Wireless-Aware Network (SWAN)
31© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
2. Identify Location and Early Evidence
2. Identify Location and Early Evidence
3. Identify Resources3. Identify Resources
Message: Suspected Card Poster at Dean St. and Soho Sq. Proceed To Area with Caution.
1. Identify Potential Situation
1. Identify Potential Situation
5. Collate Evidence5. Collate Evidence
Enterprisewide Mobility:Connecting the Mobile Vehicle and Worker
Headquarters Branch
Applications
Database
Police Station
Police Station
Mobile vehicles connected to the headquarters via IP to enable applications (e.g., filing, fingerprints, geographic information systems, photos, database queries, video)
Street officers connected to the headquarters via wireless with PDAs
Nearest Responding Officer ID: #234Dept: Street MaintenanceLocation: Dean St.Distance: 28 yards
4. Deploy Resources4. Deploy Resources
Police IntranetIP Is the Connecting Glue of
Wireless and Wire Line
Police IntranetIP Is the Connecting Glue of
Wireless and Wire Line
32© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
WLANHotspot
s
WLANHotspot
s
General Packet Radio
Service (GPRS)Fallback
General Packet Radio
Service (GPRS)Fallback
GPRS Wireless
Cisco Mobile Access Router
Local WLA
N
Local WLA
N
InternetInternet
Mobile Access Router, WLAN, and General Packet Radio Service Fallback
33© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Source of Relevant Resources
• Security
http://www.cisco.com/en/US/products/hw/vpndevc/index.html
• Mobility
http://www.cisco.com/en/US/products/hw/wireless/index.html
34© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Phase 3: Integrated Remote Resources
Remote Workers
Partners/SuppliersBranch
Headquarters
Data Center
SiSi SiSi
Cisco Secure Access Control Server
WirelessLAN Solution
Engine
WirelessLAN Services
Module
Cisco APsCisco
Compatible Clients
Cisco Compatible Clients
Cisco APs
Cisco Compatible Clients
Cisco APs
Identity based networking
Media Encryption
Enables Worker Mobility and Secure, Real-Time Access to All Agency Resources Regardless of Location
DMZ
VPN
VPN
WAN
Internet
WAN
35© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Phase 3: Integrated Remote Resources
Lack of Communication Between Agencies
Remaining Challenge:
36© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Resilient WAN and Metropolitan-Area Network (MAN)
Resilient WAN and Metropolitan-Area Network (MAN)
Enabling Interagency Collaboration
Network ScalabilityNetwork Scalability
37© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
High Availability
Security Scalability
QoS Management
The Enterprise WAN and MAN: The Glue that Binds
Headquarters 2
BranchMobile Workers
Headquarters 1
Headquarters 1 Data Center
Internet
EnterpriseIntranet
38© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
The Organization’s WAN and MAN:Flexibility and Deployment Choices
• Choose from a variety of scalable technologies to connect your whole organization
• Manage as much or as little of your WAN as you require
• Migrate to new WAN technologies by using your existing Cisco investment
• Five architecture alternatives:
Encrypted Layer 2 connectivity (frame relay, ATM, etc.)
IP VPN (Service Provider [SP]–managed MPLS)
IPSec VPN (Internet)
Multi-VPN routing and forwarding (VRF) segmentation (per VRF
tunneling)
Self-deployed MPLS VPN segmentation
39© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Reduces Overall Administration and Management Costs by Providing
Automated Resource Management, Rapid Profile-Based Provisioning, and
Audit and Monitoring Capabilities
IP Solution Centerfor MPLS VPN and QoS
Northbound Interface
Layer 3 VPN Layer 2 VPN
QoSMPLS Traffic Engineering
Trouble- Shooting
Cisco IP Solution Center
Network-Intelligent Element Manager for MPLS and Metro Ethernet Networks
Planning Provisioning
Cisco MPLS VPN Simplifies, Integrates, and Automates VPN and QoS Management
Customer Operations
SupportSystem
GUI
MPLS Core
40© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Source of Relevant Resources
• Next-Generation WAN and MAN Design Guidelines
http://www.cisco.com/en/US/netsol/ns483/networking_solutions_packages_list.html
41© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Overview of Cisco Connected Government—
Interagency Roadmap
42© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
WAN
Phase 4: Interagency Collaboration
Remove Workers
Branch
Headquarters 1
Data Center
SiSi SiSi
Headquarters 2
SiSi SiSi
Self- Deployed
MPLS
Encrypted Layer 2
Connectivity
IPSec VPN
SP-Managed MPLS VPN
Implements Agencies’ Access Policies and Enables Interagency Communication and Collaboration
VPN
ISP, Broadband,
etc.
IP VPN(MPLS,
V3PN, etc.)
43© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Phase 4: Interagency Collaboration
No Data Center Continuity or Consolidation
Remaining Challenge:
44© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Enabling Interagency Infrastructure Sharing
Data-Center ConsolidationData-Center Consolidation
Network AutomationNetwork Automation
45© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Evolution of the Data Center
Automation
Storage
Network
Compute
Dynamic Provisioning and Autonomic Information
Lifecycle Management to Enable Business Agility
Business PoliciesOn Demand
Service-Oriented Virtualization
StorageNetworkCompute
EnterpriseApplications
Management of Resources Independent of Underlying Physical Infrastructure to
Increase Utilization, Efficiency, and Flexibility
Data Network
Server Fabric
Network
Centralization and Standardization to
Lower Costs, Improve Efficiency, and Uptime
Consolidation
LANWANMAN
SAN
Storage Network
Intelligent Information
Network
HPCClusterGRID
46© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Shared Pools of Storage Resources
Shared Pools of Storage Resources
Shared Pools of Compute Resources
Shared Pools of Compute Resources
Application Message ServicesMessage Translation and Transformation, Application Authentication and Authorization, and
Business Event Visibility
Intra-data Center Extra-data Center
Storage Network
Fiber ChanneliSCSIFICON
Server Farm
Gig and 10GB EthernetBlade Switch
Server Fabric
Infiniband10GB EthernetBlade Switch
DCInterconnect
DWDM, SONET and SDHWAN, FCIP
DC Access
Internet MPLS, IPSEC, SSLVPN, DNS Optimization
Intelligent Information
MA
NA
GE
ME
NT
Services Integration
Network Integration
Applications
Storage Fabric ApplicationsReplicationServer-less BackupPoint in Time CopyContinuous Data ProtectionVolume Management
AdaptiveThreat DefenseVirtual Firewall ServicesVirtual Intrusion PreventionDenial-of-Service GuardNetwork AntivirusHost Protection
ApplicationOptimizationVirtual Server BalancingWeb, Video, and File CachingWide Area OptimizationSSL OffloadTCP Offload
Application Integration
Mu
lti-
De
vic
e V
irtu
al
Co
nte
xt
Ma
na
gem
en
t
API
Po
lic
y-b
as
ed
M
an
ag
eme
nt
API
Ser
vic
e
Op
tim
iza
tio
n
Ma
na
gem
en
t
Andiamo
Topspin
FineGround
Actona
Riverhead
The Cisco Commitment to the Data Center
47© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Source of Relevant Resources
• Storage and Data Center Design Guidelines
http://www.cisco.com/en/US/products/hw/ps4159/index.html
http://www.cisco.com/en/US/netsol/ns340/ns394/ns224/networking_solutions_packages_list.html
48© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Phase 5: Interagency Infrastructure Sharing
Remote Worker
Branch
Data Center
Comprehensive Continuity
Dense Wavelength-
Division Multiplexing
(DWDM)Network
WANIP WAN
Data Center
Web Servers
Web Servers
Storage Consolidation
Application Optimization
Adaptive Threat
Defensive
Server Consolidation
Enabling a Virtualized, Consolidated, and Automated Data Center
VPN
Headquarters
SiSi SiSi
49© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Phase 5: Interagency Infrastructure Sharing
Sharing Infrastructure and Applications
Remaining Challenge:
50© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Enabling Information and Services Sharing
Network Virtualization• Creates a private, secure, and independent network over a
shared physical infrastructure that is transparent to the end user, increasing utilization, efficiency, and flexibility of the network and the applications
51© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
• Virtualized services
• Centralized policies and services
• Shared infrastructure
Employee Servers
Employee Contractor Guest
Internet
Network Virtualization Drivers
• Closed user groups
Private
Secure
Independent policies (e.g., guests, Network Admission Control [NAC] quarantine)
Remediation Servers
52© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Network Virtualization Requirements
• Create segments for guest access and NAC quarantine
• IT department as a “Network Service Provider”
Provide a private network per group
Use a shared infrastructure
Scalability and simplicity
Minimize operational overhead
Centralize network security policies and access to shared services
Closed user groups extensible over the WAN
• IT departments: From cost centers to revenue centers?
Potential to enhance enterprise business processes
53© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Current Campus Design Recommendation
Modular, hierarchical, and scalable yet not virtualized
Internet
L2
Lay
er 3
L2
Access
Distribution
Core
54© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
A Virtual Network per Group
• Virtualized devices
• Virtualized services
• Virtualized data paths
55© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Global
VRF
VRF
Virtualized Network Devices
• Switch Virtualization—VLANs
• Router Virtualization—VRFs
Logical or physical interface (Layer 3)
Logical or physical interface (Layer 3)
802.1q or others802.1q, GRE, line-statepacket, physical interface, etc.
56© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Partners
Contractors
Resources
Guests and NAC quarantine
Campus Core
Contractor10.2/16
Resource10.2/16
Contractor10.3/16
Partner10.2/16
• Services not duplicated per group
• Economical
Internet Gateway
IPSec Gateway
DHCP
Video Server
Firewall and NAT
Hosted Content
Shared for all groups:
…With Centralized Services and Policies
• Efficient and manageable• Policies centrally
deployed
Internet / Shared
57© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
6Phase 6: Interagency Information-Sharing and Shared Services
• Objective
Final step of the Interagency Roadmap, with network helping connected government agencies extract full value in sharing human resources, information, and services (e.g., payroll, IT, and budgeting)
58© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Police Officer
Police Station
Data CenterWAN
DWDMNetwork
IP WAN
Data Center
Web Servers
Web Servers
Server Consolidation
Phase 6: Interagency Information-Sharing and Shared Services—Cont’d
Sharing Applications and Infrastructure Across Agency Boundaries
VPN
Police HQ 1
SiSi SiSi
Justice
Justice
Constituents
Constituents
Police
Police
59© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Connected Government Is Based on Three Key Tenets of an Intelligent Information Network
Providing resilience to maintain continuity and performance
Adapting to changing needs of government programs
Integrating network with applications and network components
Connected Government
The Cisco Approach for Connected Government
60© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Applying Cisco Connected Government to Public Safety Agencies
61© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Public Safety Agency Challenges
• Improve responsiveness and situational awareness
• Improve public safety
• Reduce administrative overhead
• Improve security of data systems
• Increase government agility by connecting all agencies
• Improve ability and capacity to deliver services through increased efficiency and effectiveness
• Protect investment
• Future-proof network
62© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Cisco Connected Government Benefits Public Safety Agencies
• Cisco helps public safety agencies
Expand visibility, reach, and capabilities
• Cisco Connected Government
Enhances operational efficiencies
Improves response to emergency situations
Provides greater control in safeguarding communities
Increases safety and productivity in emergency and non-emergency situations
Creates greater agility for information-sharing initiatives within and across organizations
63© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Putting Cisco Connected Government to Work
Suspect in a stolen vehicle abducts a child
Witnesses notify 999, providing a description of the vehicle
Mobile command post established on scene
Detectives obtain a photograph of the stolen vehicle from the owner; they also are able to identify the suspect and obtain a picture of the victim
Pictures of the vehicle, suspect, and victim are shared with all local law- enforcement agencies
Community alert system electronically distributes the information throughout the city and county
Virtual command post uses videoconferencing and collaboration between emergency call taker, incident commander, and surrounding agencies to rapidly share information
Suspect is located and the child is safely returned home
64© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Suspect and witness interviews received and correlated with crime databases—match with stolen vehicle and suspect
Mobile operations at crime scene streams video and photo of suspect
Detailed situation video, voice, and data distributed to local and regional responders, and alerts distributed to the public
Local/Reg Police Stations
Police Headquarters
Data Center
Mobile Command Center
Cisco Connected Government: Public Safety Networking
65© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Local/Reg Police Stations
Police Headquarters
WAN WAN
Prevent intrusion of secure wireless network (eg, rogue APs, war driving, and sniffing)
Integrate wireless network into enterprise LAN management and control
Maintain wireless connectivity during roaming, supporting delay-sensitive applications (e.g., RMS, CAD)
WAN optimizes and secures traffic flow of applications
Data Center
Automatic network configuration that supports new and mobile offices
Consistent security and segmentation that secures records, applies access policies, and meets regulatory requirements
Collaboration InfrastructureSharing
Information Sharing
Mobile Command Center
Cisco Connected Government: Public Safety Networking
66© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Mapping Case Studies to the Phases of Cisco Connected Government
67© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Summary of Connected Government Case Studies
Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6
Kent Police X
Humberside Police X
Polish Border Guard X
Upper Merion Police Department X
State of Schleswig-Holstein X
Dutch Victim Tracking System X
izn in Lower Saxony, Germany X
Austrian Federal Data Center X
68© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Kent Police—Phase 2
The Challenge
• Increase quality and speed of communications with community
• Modernize archaic, inefficient telephony system
• Meet pressures to deliver against Best Value performance targets
The Solution
• Cisco IP WAN linking 50 locations around Kent
• Cisco IP telephony solution across the data network
The Benefits
• Return on investment expected within four years
• Cost savings increased by more than 30 percent
• Improved communications with community
• Easier, efficient telephony use among staff
69© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Cisco Solutions are Priced for Success
“As well as savings of more than 30 percent a year, the Cisco solution also gives us a more cost-effective and simpler way for us to expand our communications infrastructure to additional sites….Before, we would have been looking at an investment of around £30,000 to provide the necessary technology. With the Cisco IPT solution, it now costs us only a few thousand pounds.”
Andy BarkerActing Head of Information Services DirectorateKent Police
70© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Humberside Police—Phase 2
The Challenge
• Deliver live video footage to specialist control center to provide complete picture of incidents
• Distribute video signal to several geographically-dispersed specialists
The Solution
• Cisco IP/TV 3400 Series broadcast server to multicast
live video images over Humberside Police’s intranet The Benefits
• Cost-effectively raised quality and quantity of information for improved incident evaluation and decision-making
• Already exceeded number of target users—with users being very satisfied
• Met scalability and flexibility requirements without bandwidth implications
71© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Polish Border Guard—Phase 2
The Challenge• Enable secure database access to Shengen
Information System
• Enable reliable telephone access across the organization
• Ensure voice and data access on top of telephone-cabling infrastructure
The Solution• Single, converged network infrastructure run as a
managed service by Telekomunikacja Polska S.A.
• Cisco IP telephony solution across 300 sites with Cisco’s SRST
• Long-Range Ethernet to create high data rates across old cabling infrastructure
The Benefits• Significant savings on telephone expenses and
administrative costs
• Reallocation of 800 people in support staff to core competency
72© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Upper Merion Police Department—Phase 3
The Challenge• Replace antiquated records-management system with state-of-
the-art system
• Deploy wireless network that enables officers to access new system directly from patrol cars
The Solution• Cisco Aironet wireless bridges and access points
• Video surveillance from Coban Technologies, a Cisco partner
The Benefits• Enabled field access to Internet, new RMS, mobile and field
reporting system, and state’s online accident reporting system
• Streamlined administration
• Maximized situational awareness, visibility, and officer safety
73© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
“With the Cisco IP-based LMR interoperability solution, a dispatcher can patch two different departments together with a couple of keystrokes….It’s an incredible breakthrough.”
Lieutenant Thomas Nolan of Upper Merion Police Department
74© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
State of Schleswig-Holstein—Phase 4
The Challenge
• Implement seven independent data networks with data ranges of up to 128k
• Deploy one outsourced (Deutsche Telekom) voice network operated as leased-line interconnection to connect 300 private branch exchanges (PBXs)
• Create more bandwidth to support Service Advertising Protocol implementation and police-tracing applications
The Solution
• Outsourced voice-over-IP-trunking MPLS network on existing 2-Mbps access-leased lines of PBXs
• Cisco Core (7500, 7200), each access consisting of three routers, one managed MPLS-CE, one managed voice gateway, and one departmental data gateway with encryption
The Benefits
• 30 times more bandwidth
• Centralized management of security and all data and voice operations
• Transfer of operational staff into core business
75© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Dutch Victim Tracking System—Phase 4
The Challenge• Reduce unnecessary suffering of relatives
• Improve process of victim identification
• Improve reach and productivity of first-responders, city councils, and dispatch centers
• Improve resource-allocation (e.g., ambulances, hospitals, etc.) based on plans
• Improve process management based on real-time information available for all relevant organizations
The Solution• Cisco Intelligent Information Network with intelligent network services,
including encryption, availability, and roaming
• WLAN
• Cisco 3200 Series mobile access router
The Benefits• Multiple applications and devices work together to enable greater first-
responder productivity
• Standards-based, future-proof network lowers operational costs and improves administration efficiency
• Vehicles act as mobile hotspots to facilitate decision-making during emergencies
• Public and private networks combine to optimize availability and bandwidth
76© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
izn in Lower Saxony, Germany—Phase 5
The Challenge• Increase data-storage facilities
• Decrease operating costs and standardize operations by consolidating multiple standalone storage networks with a single vendor
• Use IP-based technologies within the storage-area network (SAN) environment to offer more cost-effective services to government customers
The Solution• Cisco Business-Ready Data Center deployed across two
separate data centers for resilience; each center has dualled Cisco MDS 9509 Multilayer Director SAN switches using virtual SAN technology for customer data separation
• Data center is accessible via WAN MPLS backbone known as iznNet, which connects 2200 locations across Lower Saxony
The Benefits• Reduced overhead costs through virtualization of SAN
facilities and single platform management
• Optimized availability of network, resulting in improved service effectiveness
• IP-based protocols allow lower-cost service options, enabling introduction of price-differentiated services to match different classes of data
77© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
“The Cisco Business-Ready Data Center model provides a high level of robustness which other suppliers still have to achieve.”
Herr Erik Krex, Operations and Planning for izn Data Center
78© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Austrian Federal Data Center—Phase 5
The Challenge• Implement ELAK, an electronic filing system, to ensure
a secure, resilient network for Austrian ministries and federal administration
The Solution• Cisco Catalyst 6500 Series switches provide resilience
and security while supporting network core
• Cisco Catalyst 3550 Series switch and Cisco 7200 Series core router connected to all ministries
• Cisco VPN 3000 Series concentrators
• Cisco PIX 525 security appliances
• Dualled Cisco 7200 Series routers linked to data center
The Benefits• Secure, high-performance network expedites access to
data and enables cooperative electronic workflows—improving efficiency by 10 to 15 percent
• 99.7-percent network availability helps move agency toward paperless government system
79© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Cisco Prowess Means Project Progress
“Cisco has performed very well, particularly in areas of critical importance to the project, such as the design and implementation of the metropolitan-area network, the data center, and redundancy, as well as firewalls and content switching.”
Herr Kurt FleckProject Leader of ELAKAustrian Federal Data Center
80© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Why Cisco?
81© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Setting Cisco Apart from the Rest
• Unmatched technical expertise
• Unrivaled partnerships
• Industry-leading, interoperable, standards-based solutions
• Enabler of responsive environment that outpaces changing demands
• Cisco Capital finance programs
82© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Cisco Connected Government—a Networking Approach Built to Last
Modular Network Deployment Based on Integrated Components
Cisco Provides a Highly Adaptable Network Architecture that Allows Public Administrators to Meet Current and Future Needs
Highly Customized Design Based on Proven Best Practices
Optimal Performance
Continuously Expanding Functionality
Future-proofed Roadmap
83© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
How Cisco Helps Your Agency Become a Connected Government
• Cisco solutions demonstrate how to apply previous success in a connected government through:
Assessment tools to create Connected Government network roadmap
Reference architectures that represent Cisco best practices developed from real-world deployments
• Cisco and partner services that coordinate government processes to coincide with technical capabilities
Align incentives, policy, performance management, rewards, and funding to encourage services sharing
84© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
First Assess, Then Progress—The Connected Government Network Assessment Tool
Translates into
Possible resiliency issues in the network may be compromising important capabilities:
• Public notice for emergencies
• Internal workflow management
• Budget management
• Geographic information systems (GIS)
• Dispatch systems
• Field worker communication
• Internal communications
Tells You
85© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
City of Bremen—How Assessments Help
The Challenge• Adopt governance initiatives that help provide service-
level agreements across multigovernmental departments
• Deliver multimedia services to public body’s surrounding communities
• Reduce IT operating costs
The Solution• Cisco and Brekom assessment—IPT Readiness
Foundation Review
• Multiservice IP Campus Backbone (WAN and LAN)
The Benefits• Significant savings on service platforms through
standardized LAN and recentralizing of consolidated LAN structure
• 20-percent savings in network operations
• 38-percent savings in IT headcount
• Increased focus on government affairs
86© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Cisco Provides Clear Path to Goals
“Cisco presented us with a very clear and solid solution….The very strong relationship we had with Cisco was key, in particular with obtaining WAN/LAN. Cisco clearly stood out above the other 10 providers for the new campus solution. We could never have envisaged all these core benefits which have alleviated the strain on IT resources, so we can now become more focused on developing additional services for the City of Bremen.”Dr. Norbert SchulzCEOBrekom
87© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Government Leasing
• Single monthly payment
• Single financing contract
• Ease of administration
• Bundled products and services
• Below commercial-market rates
• Cost-effective, comprehensive solution
88© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Government Leasing Products
• Lease to Ownership Plan
Installment purchase plan—uses capital funds
Purchase title passes upon final payment
• Lease With Option to Own
Operating lease with option to own—leasepayments with fixed purchase option buyout, or fair market value
• Uses operations and maintenance funds annually
End-of-term options—return, renew, buyout, upgrade
Technology-refresh upgrade before or at end of term
89© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
The Road Forward
• Compare department mission and strategy with IT capabilities
• Baseline current IT capabilities
• Define IT capabilities and mission objectives gap
• Develop phased IT roadmap that includes network and application capabilities to close the gap
• Coordinate process and policy change with IT investment plan to match technical, political, and organizational capability
90© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public
Discussion
91© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public