NETWORK WORLD NEWSLETTER: CAROLYN DUFFY MARSAN'S ISP NEWS REPORT
10/12/05
Today's focus: Tales from the front: Running crypto over an IP
network
Dear networking.world@gmail.com,
In this issue:
* How Nlets upgraded from a legacy frame relay network to an IP
network with encryption
* Links related to ISP News Report
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by HP
Free Whitepaper, Traffic Management; From The Network Core To
The Network Edge
Traffic management becomes critical as your network
infrastructure expands to support different types of traffic and
users. Most traffic management solutions have serious
limitations: too expensive, difficult to use, and overly taxing
on bandwidth. However ProCurve Networking by HP addresses these
requirements, overcomes the limitations of other solutions, and
gives you valuable insight into LAN performance. Click here to
download HP's Traffic Management Whitepaper
http://www.fattail.com/redir/redirect.asp?CID=117254
_______________________________________________________________
GRID SURPRISE
Once considered a specialty technology, the latest buzz pegs
grids as great all-around application servers. Network
executives are finding that once grids are installed, they are
useful for a far wider variety of applications than just
computationally heavy ones. Are there any hitches? Click here
for more:
http://www.fattail.com/redir/redirect.asp?CID=117175
_______________________________________________________________
Today's focus: Tales from the front: Running crypto over an IP
network
By Carolyn Duffy Marsan
If you're thinking about running encrypted traffic over an IP
network, consider the experience of the International Justice
and Public Safety Information Sharing Network (known as Nlets),
the nation's premier interstate law enforcement network.
Nlets has one of the most demanding network applications and
customer bases on earth. Nlets interconnects 18,000 local, state
and federal law enforcement and public safety agencies. Law
enforcement officials use the network on a daily basis to query
databases that contain critical information such as motor
vehicle registrations, criminal histories and U.S. citizenship
records.
In the next two issues of this newsletter, we'll look at how
Nlets upgraded from a legacy frame relay network with
special-purpose protocols to an off-the-shelf IP network with
built-in encryption. You'll learn why Nlets operators chose an
all-Cisco IP network, with services from AT&T. And you'll also
get some tips about how best to roll out encryption on an IP
network.
Prior to the upgrade, Nlets had a frame relay network built on
aging Motorola gear that ran a proprietary bisynchronous
protocol. However, this network couldn't handle encrypted
traffic. When the FBI issued a mandate that all networks
accessing its data must be encrypted by 2005, Nlets operators
decided to migrate to IP.
"We have over 559,000 devices using Nlets, and over 1 million
law enforcement and criminal justice folks using those devices
to access data," says Frank Minice, director of operations for
Nlets. "We cannot afford any downtime."
That's why Nlets took a slow, gradual approach to migrating to
IP. Nlets has 97 points of presence, one in each state and in
each federal agency with a law enforcement component. It took
seven years for Nlets to migrate all 97 of its locations to IP.
Once IP was installed, it took about two years to roll out
encryption at all of the Nlets sites.
"We had made the decision to move towards IP for more reasons
than the encryption," Minice says. "IP is much more flexible and
allows us to support XML and Web services. Then the matter of
meeting the FBI's encryption requirements came up, and we had to
move to IP more quickly."
Nlets turned to Darcomm, a Phoenix systems integrator, to handle
the upgrade to IP. Darcomm is a long-time provider of services
to Nlets as well as being a Motorola and Cisco equipment
provider. Darcomm received bids from various IP vendors but
ultimately recommended an all-Cisco approach.
"We chose Cisco mostly because we had good experience with them
with our firewalls," Minice says. "The majority of our users are
using Cisco equipment in their own networks, so that provided an
economy of scale for technical resources. We didn't have to fly
to end locations to hook up devices. Cisco has common,
well-trusted pieces of equipment that everybody is familiar
with. That was one of the major driving factors in choosing
Cisco."
Nlets chose a Cisco VPN/encryption software application that
runs on top of the routers. Nlets encrypts data from its
headquarters in Phoenix to all 97 locations using the AES
standard. The law enforcement agencies that belong to the Nlets
consortium are responsible for carrying the traffic to end
users.
"We're encrypting from our headquarters to our point of presence
on their network," Minice explains. "We own the equipment at the
user sites. So we're able to control those devices and configure
them before we ship them."
Nlets uses fractional or full T-1 lines between its headquarters
and its 97 locations. Nlets uses an IP-enabled frame relay
service from AT&T.
"It's a private network with AT&T. There's no public Internet
involved," Minice says. "AT&T also provided our old frame relay
service. That was helpful because they helped us do a staggered
transition to IP."
The total cost of the Nlets upgrade was around $500,000. This
amount includes Cisco routers, encryption software and hot
spares in all 97 Nlets locations plus a disaster recovery site
in Idaho.
Migrating to IP wasn't easy, especially because Nlets had been
using its legacy, special-purpose protocol for 27 years.
"The biggest challenge was to migrate to IP," Minice says. "The
users had to code their systems, which took a lot of time
because we have a lot of mainframes that talk to us in this
legacy protocol. We had to teach the users how to talk to us in
TCP/IP. Once we had IP up, it wasn't an obstacle for us to roll
out the encryption."
To help its user agencies during the transition to IP, Nlets
staff defined a TCP/IP specification for the Nlets application
and set up a secure test environment. Nlets kept its legacy
frame relay network running during the entire migration so that
agency users could test both the new IP equipment as well as the
encryption software.
"We created a full test bed for them to use and a test procedure
for all aspects of cutting over to IP," Minice says. "Agency
users could stress test their code against the test environment
and do lots of things that would give them a comfort level
before migrating."
A slow, careful migration to IP and encryption was important
because of the criticality of Nlets and its data.
"This network is a matter of life and death in a lot of cases,"
Minice says. "We have 99.99% uptime. It's real important for us
to have redundant equipment everywhere and redundant paths. We
had users test for six or eight months before they cut over. We
made sure that every application in a state or federal agency
worked before we cut over. It was an exhausting process."
Next week, find out how well the new Nlets IP network and
encryption services are performing.
The top 5: Today's most-read stories
1. Symantec AntiVirus Scan Engine has serious bug
<http://www.networkworld.com/nlisp8593>
2. Bechtel says move to IPv6 is all about business
<http://www.networkworld.com/nlisp8594>
3. You won't find this book on Oprah's list
<http://www.networkworld.com/nlisp8595>
4. IETF effort promises fewer net failures
<http://www.networkworld.com/nlisp8596>
5. The ABCs of SOA <http://www.networkworld.com/nlisp8597>
_______________________________________________________________
To contact: Carolyn Duffy Marsan
Carolyn Duffy Marsan is a senior editor with Network World and
covers emerging Internet technologies and standards. Reach her
at <mailto:cmarsan@nww.com>
_______________________________________________________________
This newsletter is sponsored by HP
Free Whitepaper, Traffic Management; From The Network Core To
The Network Edge
Traffic management becomes critical as your network
infrastructure expands to support different types of traffic and
users. Most traffic management solutions have serious
limitations: too expensive, difficult to use, and overly taxing
on bandwidth. However ProCurve Networking by HP addresses these
requirements, overcomes the limitations of other solutions, and
gives you valuable insight into LAN performance. Click here to
download HP's Traffic Management Whitepaper
http://www.fattail.com/redir/redirect.asp?CID=117253
_______________________________________________________________
ARCHIVE LINKS
Archive of the ISP News Report newsletter:
http://www.networkworld.com/newsletters/isp/index.html
Wide Area Network Research Center:
http://www.networkworld.com/topics/wan.html
_______________________________________________________________
EXCLUSIVE HOW-TO WEBCAST - Proactive Endpoint Security.
You can't have a winning endpoint security solution until you
can define it: Easy to deploy and manage, simple to use, minimal
user impact, real-time monitoring and notification, flexible
reporting and low total cost of ownership.
http://www.fattail.com/redir/redirect.asp?CID=117096
_______________________________________________________________
FEATURED READER RESOURCE
Network World Technology Insider on Security: Is Encryption the
Perspective?
Encryption won't solve all your security issues but these days
there is no excuse for not safeguarding your organization's
sensitive data. From Clear Choice product coverage to new
regulations and high-profile breaches, this Technology Insider
on Security covers it all. Click here to read now:
<http://www.networkworld.com/nlisp7451>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: networking.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment