Seeking better security and control over its network services, a Louisiana city replaced its metro Ethernet wide area network (WAN) with a private fiber optic ring network powered by Ethernet switches from Enterasys Networks. That paved the way for a city-wide 802.11n wireless mesh network for mobile workers.
The upgrade was motivated in part by the challenge of complying with various government regulations, including the privacy requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the security requirements associated with accessing the FBI's National Crime Information Center (NCIC), according to Blake Rachal, assistant director of Information Systems for Alexandria, a Louisiana city with a population of 50,000 people.
"We started looking at HIPAA compliance and NCIC compliance and found that we were way off the mark as far as following their guidelines on security," Rachal said. "Plus, we are our own water and gas utility, so that put us in another whole category in terms of security and compliance."
The city's legacy network was built on BellSouth Metro Ethernet. Rachal had an old Enterasys/Cabletron Systems SSR-8 router in the core of his network at City Hall, with HP ProCurve Gigabit switches at the termination points in the city's 13 other locations. The city shared a couple of DSL lines for Internet access, secured by a firewall.
Rachal began to replace this network about four years ago with a four-phase private fiber ring build-out over 22 square miles. The project is in phase four, with the connection of the last three of the city's 14 locations on the private fiber optic ring. Enterasys N7 chassis switches are deployed in high availability pairs with 10 Gigabit Ethernet (GbE) backplanes at the city's three small data centers in City Hall, the customer service center for the city's utilities and the headquarters for the city's public safety agencies. The other 11 sites on the fiber ring are equipped with either Enterasys C3 stackable Gigabit switches or small N Series switches.
The larger sites on the network also have C3 and B3 switches providing LAN access to end users in different government offices and agencies. Altogether, the city has about 78 network devices from Enterasys, Rachal said.
Hubs on fiber optic ring to form wireless mesh network backbone
Ultimately, the 14 sites connected by the fiber optic ring will become the backbone for an 802.11n wireless mesh network, Rachal said.
Currently, the city's police and fire departments are using cellular services, such as Verizon 3G cards, to get data connectivity in their vehicles, but ultimately those cellular connections will be replaced by the mesh network. Each site on the fiber ring will have 802.11n access points that will act as nodes on a mesh backbone, and other access points will be placed throughout the city to give it blanket Wi-Fi coverage for all of the city's mobile workers as well as employees of county and state agencies.
"We've got agreements in place with our county sheriff and our ambulance services and our state police that will allow them to use this mesh network," Rachal said. "Once the fourth phase of our fiber ring is done, we will turn on the [wireless network] and use those 14 locations as the backbone, breaking up the city into 14 quadrants. This will give us ubiquitous mobile coverage for our building inspectors, meter readers, demolition guys. All of them will be tying into that."
Ultimately, the city will integrate its wireless mesh network with a city-wide geographic information system (GIS) that will enhance the network's ability to track and communicate with mobile users.
Networking to ensure regulatory compliance
Enterasys' policy-based networking capabilities, which allow administrators to automate tasks such as the creation and management of access control lists (ACLs), and Enterasys' integrated Dragon intrusion detection system (IDS) were critical to making sure the new network met the city's various compliance requirements.
"Policy management and the IDS system enable my network administrator to sit down at our network monitoring station, and within two hours he can take care of all network and security occurrences that occur in a week," Rachal said. "Before this, we didn't have any type of IDS or early warning system. If a denial of service or malware attack came in, we would spend weeks trying to find the problem and get it off our network. With Dragon, he can shut a port down and isolate a machine so no packets are going to or from it."
Let us know what you think about the story; email: Shamus McGillicuddy, News Editor