• United States

Fave raves

Feb 23, 20049 mins
Cisco SystemsSecurityVPN

In their own words, four readers tell us about the network products they love best – from the decades-old to the brand new.

Grady Meeks, Daytona Beach
Stephen Ralston, Daytona Beach
Fred Wettling, Bechtel
Charles Fletcher, Delaware State

Grady Meeks , director of information systems and services (ISS), city of Daytona Beach, Fla.Years in networking: 14His favorite: 802.11b-based wireless LAN access pointsVendor:  Airespace

Police officers already have wireless access to applications [over a General Packet Radio Service network] they use to provide public safety services, but we wanted to give them even better tools. Public safety is a huge concern for Daytona Beach, especially during major events such as the Daytona 500, Bike Week and Spring Break. Wireless networks are great, but they have security issues.

Security was the nice thing about the Airespace system. Airespace allows separation between the access point and the server appliance, providing wireless intelligence while minimizing maintenance costs due to inclement weather and lightening strikes. It provides separate and secure networks (virtual LANs) with priority controls, and it has built-in security that is compatible with the city’s Windows 2003 domain and provides single-point logon for seamless connectivity.

We will equip 120 traffic cabinets, which have fiber, with Airespace wireless access points. An existing NetMotion server will determine the fastest available route back to the city’s network. This will allow public safety officers to benefit from the current 45K bit/sec GPRS network available citywide and the new 802.11b wireless network, which will give them access speeds up to 11M bit/sec within a half-mile radius of the access points.

This tool not only will take care of the main focus on public safety, but also will ultimately serve every other department in the city.

Stephen Ralston , manager of ISS, city of Daytona BeachYears in networking: 6-plusHis favorite: ArcIMS Vendor: ESRI

This tool provides a way of bringing a geographical information system [GIS] to a Web server and spatially presenting the information. For example, if you wanted to know where all the traffic cabinets are in the city, we could give you a list of them, or we could plot them geographically and place them on a map. This is a great integrator of data.

We are concentrating on this as a tool for the fire department. We took ArcIMS and built a Web server off of it. The fire department can look at all calls in a narrative display to find out where a call is taking place and the principals involved. Then they go to ArcIMS and see where the call is taking place, with a 500-ft. buffer around the call.

ArcIMS will show all the streets and give an aerial overview, plus show where the nearest fire hydrants are and, as we gather more data, where hazardous materials are stored. The idea is to remove all surprises.

This also works with development services, for the plotting of water mains, electrical systems, zoning, etc. [The tool] is helping us address the challenges we face with a lot of people coming up for retirement – there is a lot of information on the city’s infrastructure in people’s heads and on old blueprints. Before we have this exodus of knowledge, we’re trying to get everything in a GIS so we can layer on top of that. We wanted something that we can use citywide, for every department. So far, we’ve probably only done about 20% of what we can with this tool.

Fred Wettling, infrastructure architect, BechtelYears in networking: 20-plusHis “old” favorite: Sniffer Vendor: Network Associates

This choice goes back to when Network General first came out with Sniffer, back in the DOS days. (Thinking about it is so funny – the first Sniffer I got was not really even a true laptop. It came without a battery; it was a flip-up type device with a plasma screen.) Other vendors had products that allowed you to analyze network packets in detail, but Network General was an innovator and established a market position that has held up over the years. If I couldn’t have a Sniffer [now from Network Associates], I’d have to find another product that could provide the same level of information. It lets me take a look at the aggregate traffic on the wire itself.

Some of the more recent work we’ve done with Sniffer is in the area of application profiling and application-network impact analysis in conjunction with other tools. For example, two years ago we were going to consolidate HR information into one data center, but we didn’t know how this would affect the network. So we took a distributed Sniffer and set up a test lab where we could measure [about 20 major] transactions at multiple points throughout their paths between the Web server and the application server. We ran the transactions and analyzed the data measured in aggregate. We could determine what performance would be and find where the real bottlenecks would be – and be able to tell that to the application people. Something that can be put on the wire is absolutely critical for this kind of work because it allows the technician and analysts to really understand what’s happening on the network. The guesses are gone and the collected information can be used to make sound decisions.

His “new” favorite: VPNs

Vendor: Cisco

We initially used IP Security-based VPNs for remote user broadband access to Bechtel’s network. But over the last couple of years we’ve been dumping our frame relay circuits as fast as we can and moving to a VPN WAN. Most of our major offices have been cut over already, and a lot of the smaller offices and project sites have been running VPN technology for a while now. Bechtel is mainly a Cisco shop, so if we’re connecting Cisco to Cisco it’s great. But even if we’re connecting to an employee at home or a business partner that doesn’t use Cisco equipment, since we’re basing our connection on an interoperable standard it works.

Now we’re in the process of doing some beta work for Cisco on [Secure Sockets Layer] VPNs, in conjunction with some of its VPN terminators. Bechtel basically builds and fixes big industrial things, like a new [airport] terminal or cleaning up some big mess. We have several offices where we do a lot of engineering work, but basically we’re a project-oriented company. We need to be able to mobilize, to put people in the field, and we’re constantly opening and closing offices and sites. With this VPN technology, we can get everyone connected with a level of performance that allows them to do their jobs. We can set up an office in a hotel, for example, even if we don’t have time to order a point-to-point connection. VPN technology in such volatile environments is interesting to us.

Our overall objective is to improve performance, reduce costs and simplify by reducing the number of moving parts. As you move to Windows XP, for example, you can use a native Windows VPN connector – that’s the level of simplification I’m talking about, where you don’t have to deploy, manage and upgrade throughout your environment.

VPN lays the foundation for converged services over the WAN. It offers reduced latency and improved performance compared to frame relay circuits, and gives us WAN cost savings. A new level of agility is available to Bechtel.

Charles Fletcher , CIO, Delaware State UniversityYears in networking: 20-plusHis favorite:  HiPath SIcurity Card, a smart card system that includes a metadirectory suiteVendor: Siemens Information and Communication Networks

We began looking at smart card solutions prompted by changes in the information that one needs to carry on a card. For years, we had used students’ Social Security Numbers on their ID cards, which we now know is a privacy violation and an identity theft problem. Students also had to carry two cards – one a picture ID and one for physical access to residence halls. So here we had this unique opportunity to combine two cards into one platform, and to do interesting things with identity management.

We actually ended up combining five separate platforms on the card. We use a magnetic strip for a legacy application that acts like an account-debit system for meals and the bookstore. We have a bar code for use with the library system. A magnetic antenna provides for physical access to residence halls, computer centers, labs, etc. The system also records who tries getting in and at what time, so this makes for excellent security. (The police chief just loves it, since computer theft on campuses had been a problem.) The fourth technology is a memory chip. The cards can be inserted in a card reader device on a computer, and after entering a four-digit PIN, the user gets access to appropriate resources. For example, I get access to my budget information, the directory database, student data files for the class I teach. We don’t need username or password, just the PIN, so this provides identity management. The other technology we have on the card is a contactless antenna, for an e-purse application that we’re working on with the Department of Transportation. We want to provide students a cashless way to ride trains. We’ve done our part; now we’re just waiting for the state to install the card readers.

The metadirectory is the core piece. Student ID, financial aid, meal databases, the lock system – this information is all stored on different servers. The metadirectory provides a single point of administration so that updates in a single data repository take effect in other directories and applications. The single biggest benefit is an easier-to-manage system of identity. This card provides something close to a Holy Grail product – if only I could get my bank debit card information on it; now that would be ideal!