Q&A: Network exec on 10G, security and getting his CCIE

Jon Campbell - Cisco Certified Internetwork Expert No. 13772 - is the director of network services at FirstHealth of the Carolinas, a nonprofit healthcare network serving 15 counties and including three hospitals and clinics and other facilities throughout North Carolina and South Carolina. Some of Campbell's recent network deployments include a 10 Gigabit Ethernet backbone for supporting high-resolution digital radiology images and a pervasive wireless LAN for connecting mobile laptop users and more than 300 Cisco 802.11 IP phones used by doctors and nurses. Attending his second Cisco Networkers conference this week, Campbell spoke with Network World Senior Editor Phil Hochmuth about how to go about securing a 10G pipe, his voice/data QoS strategy, the rising cost of copper, and what this CCIE thing is all about.

Where do you start in terms of locking down and securing the network in such an open and frenetic place as a hospital?

We've gone through a major process to secure our environment. We've implemented a combination of IDS [intrusion detection system] and IPS [intrusion prevention system] sensors, depending on where they are located.

I prefer not to use IPS in the core of the network. People will tell me all day long that IPS does not have latency issues, but I'm running 10 Gig switching. So to me there is a latency issue. And I don’t even want a perception to be there from a user standpoint. So, we use IDS in the core and IPS at the edges. And we've been pretty successful at that.

We also have over 2,000 Cisco security agents on our hosts. That's been working well. They caught the Zotob virus that came out recently. When we did the design of our CSA rollout, we started out on the edge, in the WANs, because I knew that if an infection occurred, that's where it was going to occur. So that actually was very successful.

How do you ensure QoS for wireless?

We've had good success with QoS and wireless. We just set up an individual wireless voice virtual LAN. We apply QoS to that particular VLAN, and we always service that VLAN first no matter what.

We use the Wireless LAN Solutions Engine to monitor that [a Cisco software product for managing WLAN access points]. And it gives instant feedback. So if I get congestion in one area, I get an e-mail saying that we're suffering congestion in this area.

As we started getting more wireless devices up in the network, we ended up setting up wireless access points with 802.11a and 802.11b/g for different users. Now I have [802.11a] APs running at 5 Ghz, and 802.11b APs running at 2.4 Ghz. I split them up: for wireless laptops that stay in one area, I use 802.11a; for roaming devices that go everywhere, such as IP phones and handheld devices, I use b and g.

What is the condition of your LAN? Are you forcing gigabits of traffic through megabit-sized pipes, or are you over-provisioned?

In the core, we have three Catalyst 6500 switches, and in the server farm, the switches are Catalyst 4500s. All server farm switches have [10 Gigabit Ethernet] uplinks to the core. We're migrating all high-capacity links to 10 Gig; all interconnects between our core 6500s are 10G. Our [radiology picture archiving and communications, or PACS] system is the driver for that. PACS a bandwidth hog [with images that can range from 100 MB to 500 MB]. But one of the nice things about FirstHealth that I really love is that if you say, "to support this, we need to do that," you get it done.

Are you interested at all in the new IEEE standard for 10 Gigabit Ethernet over Category 5e/6 copper wiring? Do you see that as a way to expand 10G farther or to cut your current fiber costs?

Interesting thing is, the way copper pricing is right now, I wonder which is going to be cheaper in the end? Personally, I think fiber is cheaper in the end. Not right now, but maybe in a few years.

When you look at the cost of copper going from 50 cents a pound to $2 a pound, the expense to me is going to balance out soon. I've seen us paying about $30 for 1,000 feet of [Category 6] copper wiring. Now we're paying close to $90. And it's just going to continue to go up as demand increases. You might not think that demand for copper among developing economies would affect wiring prices, but there's a direct link there.

Cisco talks a lot of about its Services Oriented Network Architecture (SONA), which is supposed to tie together network infrastructure with voice, video, data, security and even applications. Do you see SONA as a technology architecture that you can adopt, or is it more of a marketing concept?

If you look at [SONA], it looks like a very complex thing to put together. But even in our own situation, we're sort of building this kind of one piece at a time. From my perspective, it's a way to securely converge all the voice, video and data and all the infrastructure. I like the concept of creating multiple networks over the same infrastructure. Sometimes it's hard to get your head around it. But with my job, I spend a lot of time doing research. Cisco can get pretty bold in what they're trying to shoot for, but the overall concept is pretty good.

What was your motivation for getting CCIE-certified?

It just felt like the next level to go to. I had a degree in engineering and when I was staring out working at Unisys at one of my first jobs, I saw these guys called CNEs [Certified Novell Engineers]. These CNE guys had no technology degrees, but they were making twice what I was making. So that's the first thing I did, was go and study to be a CNE.

The CCIE was a whole different level. For 15 years, I've worked with all the routing protocols and technologies. I took the [CCIE] written test and passed it. Then I took the lab test and I realized I was an idiot. I realized there were all these different things that I'd done, but no real way of putting it all together. The amount of knowledge that I had and what I was learning was all being put together as I was going through this process and it was just tremendous.

As a manager and a CCIE, are you dealing more with managing network administrators and staff, or are you dealing with nuts-and-bolts technical issues daily?

I'm the director of network services, and I have a staff of 15 people. And a lot of people say, you're a director, why should you be doing this [hands-on] stuff? The way the CIO sees my role is not just as a manager, but also as the technical leader. When we have new designs to implement, basically, they come to me to work these things out. I enjoy the experience of going through the process. The amount you learn, not just from books but also from other people, is fabulous.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.