Ahead of the Game

You May Also Like

Also From Alcatel-Lucent

• Interoperable Reality
• The Call for IP-Based Convergence
• Converging Communication
• First in the Nation
• Communication Is Critical for Public Safety
• Ways to Win
• Now and in the Future

Tools Sponsored By

Found in: Case Studies

 The converged information network in Harris County, Texas, serves as the Internet service provider for the county government. Operated by the Harris County Information Technology Center (ITC), the network supports voice over IP (VoIP), video and high-speed access for more than 275 remote locations, e-commerce applications, and wireless local area network and radio convergence for the entire county. With so many missioncritical
systems relying on the ITC's converged information utility, the network cannot be compromised without serious consequences. With more than 16,000 users whose actions cannot be controlled by the ITC, the county has learned security must be integrated
within the network.

The county relies on Alcatel-Lucent OmniSwitch Chassis LAN switches equipped with the Alcatel-Lucent OmniVista 2770 Network Management System, which comprises the Quarantine Manager module and Alcatel-Lucent Access Guardian, to detect and quash threats before they harm network operations. Plus, this solution performs in the face of intense user-traffic. The network managed more than 3 billion Web page hits and more than 61 million e-mails during 2006. That year, the ITC thwarted nearly 80 million Internet attacks and processed 1.8 billion secure non-PC-based transactions. The solution's combination of content management tools, firewalls, intrusion prevention systems (IPSs) and other security appliances were critical to that achievement. Built-In Security The network switches and security appliances provided by Alcatel-Lucent enable county technicians to detect abnormal network activity and quarantine the user or affected area of the network, stopping the problem before it can propagate. "When switching first came out, the whole idea was how fast you can move traffic. But the thing nobody thought about was: If you get a virus, an attack, what you just managed to do was move infected data at a million bits per second through your network. There was nothing to stop it," said Keith Bryant, division manager for networking and security at the ITC. "The type of hardware we have now allow us to stop it."

The OmniVista 2770 can receive feedback from other security devices, such as firewalls and IPSs, and can automatically quarantine the affected network area or alert network managers, depending on how managers choose to configure it. "If we get a rogue device, I can take that device out of the system. If harmful traffic goes past the device where it's in an area supported by a port, I can take the port out. If it goes past there and travels to the switch level, I can take the switch out," said Bryant. He said the process typically happens without other network users being the wiser. "The biggest thing this solution gives end-users is stability," said
Harris County CIO Steven Jennings. "With that stability, they often never know when a problem actually is impacting the network. We have a lot of automatic rollover capability in our network from ports and different switches and systems. If the system senses the network is having a problem in one area, it automatically rolls over to a different path, and the customer never knows his primary path is taken out of service. "It has worked very well for us to be able to notify other departments, let them go down to the infected device and tell them what to do with it." The solution also includes the Alcatel-Lucent Access Guardian authentication platform, which can screen devices and gives them access to the network areas they're pre-authorized to enter.

The Harris County Alcatel-Lucent solution also centralizes all county network management. "This approach really allows us to become network-centric and do network-centric management," Jennings said. "We're not dependent on multiple management stations to review only portions of how the network flows." He said centralization enabled a more comprehensive, proactive approach. "We can manage outages from a single location," Jennings said. "We can see and do trend analysis, allowing us to adjust bandwidth to meet our needs. In the same center, we can also watch security, and if a security issue happens or if we see a trend in bandwidth out of the norm, we can do online diagnostics to stay ahead of the problem, instead of trying to react to it." That proactive approach saves the county money through increased productivity. It keeps government work from stalling by avoiding battles with security threats after they do their damage.

Limitless Potential

Harris County can scale its network infrastructure to meet a broad array of needs, due to Alcatel-Lucent's open standards foundation. The solution works with any system an agency adds, saving technicians from navigating various proprietary obstacles And the network's flexible and scalable bandwidth enables endusers to reliably operate the numerous tools, such as VoIP and transactional applications, that rely on the network even during user traffic spikes. The county Information Technology Center can dramatically multiply the bandwidth capacity of network switches without replacing them. Technicians merely upgrade the switch interface
to allow more bandwidth to pass through the switch. "We're trying to be very proactive as far as providing way more bandwidth than necessary, as well as putting in networks that can support anything that's requested, whether that is voice over IP, video or data," Bryant said. The solution included Alcatel-Lucent's mobile user functionality, network switches and virtual local area network (VLAN) tagging, which allows multiple bridged networks to transparently share the same physical network link without leaking information between those networks.

"In the justice building and the juvenile justice building, we allow the attorneys to have wireless Internet access but at the same time, have no access to our network," said Bryant. The VLAN capabilities enable the ITC to easily establish normal network functionality at temporary locations under limited network conditions, which is vital while responding to emergencies. The solution proved critical during Tropical Storm Allison, when the ITC connected more than 2,000 relocated employees across eight different buildings in three days.

"Because we have static IP addresses, we could utilize VLAN tagging, enabling us to extend one subnet across multiple buildings, and do it over a weekend, without pulling one piece of cable," Bryant said. Jennings said the solution's equipment and technical support were pivotal components to making the county network ready for any challenge.

"We have the reliability and support of the equipment because it is quality manufactured equipment, and Alcatel-Lucent includes an in-house FE in the maintenance contract to help us manage and maintain that equipment as well as provide training for the network staff. We have redundancy because we keep spare parts onsite. We also have redundancy engineered into the equipment."

The inherent security, open standards and scalability of the county's converged information utility empowers the government to meet any technical challenge. "This puts us in a proactive position," said Bryant. "It also
puts us in a position to say 'yes' to anything our users request. We know we've got enough bandwidth. We know we've got the security. We know we've got reliability. We know we've got quality of service, and that allows us to support whatever requirements departments come up with. For example, if they want to upload video from squad cars, we can do it. We can use existing hardware. We don't have to go buy or reinvent a network to do this."