• United States
Senior Editor

Durham County goes Cisco for enterprise network ops and security proficiency

Jan 23, 20195 mins
Data CenterMobileNetwork Management Software

Cisco’s Application Centric Infrastructure (ACI) and DNA Center are now key parts of the North Carolina county’s enterprise growth

6 network packet analysis data binary world
Credit: Getty Images

The government in Durham County, N.C., was spending hours and hours manually provisioning its network and keeping security policies current, so it decided two-and-a-half years ago to upgrade for the sake of efficiency and security.

Since then, the government’s IT staff of four has migrated its traditional point-to-point network to a more modern enterprise featuring the software-defined technologies of Cisco’s Application Centric Infrastructure (ACI) in the data center and DNA Center in its campus to support its 2,100 enterprise end users and online services for 315,000 county residents. 

As a result, time spend on certain manual chores has plummeted, freeing up staff time for forward-looking projects.

ACI is Cisco’s overarching software-defined networking (SDN) technology for data center automation and management across on-premise and cloud networks. DNA Center is the central management tool for enterprise networks, featuring automation capabilities, assurance setting, fabric provisioning and policy-based segmentation.

Durham’s core data center is distributed among four – soon to be five – buildings over a dark-fiber ring in Durham, creating a 40Gbps network backbone serving the data centers and 55 remote sites across the county. That includes seven libraries, social services, the heath department and other critical public services locations.

“We utilize leased lines from two different vendors with various speeds to connect remote sites to our central data center and have redundant internet circuits with speeds up to 1 gig to improve business continuity and connect all sites to the internet,” said Joel Bonestell, the network and security services manager for Durham County government.

The network includes Cisco Nexus 9000s in a spine-and-leaf configuration and integrates a range of other networked gear, including security cameras and load balancers. ACI is used to orchestrate this environment and give the county’s IT staff a single point of control, reducing the overall complexity of its data center operations.

“We embarked on this project some two and a half years ago when our traditional data center model – where we manually configured each node and spent days making the simplest manual upgrades – to an environment where we can now make configuration and security updates in minutes across the data center,” Bonestell said.

Dramatic time savings for network and securtiy tasks

Bonestell said manual network provisioning took some 40 minutes, and updating or creating a new security policy took about 60 minutes. With ACI deployed, it takes about four minutes to provision – a 90 percent reduction – and about five minutes to update security policies – a 91 percent reduction.

“In the past we spent about 80 percent of our time and resources maintaining the network and 20 percent on new projects or improving services and innovation,” Bonestell said. “Now we have more time for new and innovative projects that will benefit our residents and businesses with new capabilities and services.”

For example, Bonestell’s group has been able to help its applications development team build new a program to remind citizens of court dates and a mobile app for submitting documents to the county. “Our ultimate vision is to automate as much as possible,” he said. 

While ACI and DNA Center have helped increase efficiency of the overall environment, those systems have also bolted down security for the county’s network. “We obviously have a good bit of citizen data and keeping that secure is a priority,” Bonestell said. 

ACI and DNA Center support whitelisting, microsegmentation

ACI and DNA Center support a variety of security techniques, but the ability to whitelist who exactly gets access to what and to see from a single point who is accessing which apps was of utmost interest to Durham County. The ability to microsegment users or isolate specific machines on the network is also a key benefit.

“The ability to automate security policy changes in a matter of minutes saves a lot of our time and eases security concerns, which always keep us on edge,” Bonestell said.  “ACI gives us a health score of everything on our network, and that helps us spot issues quickly – it gives us visibility into all aspects of our networked devices that we never had before.”

Bonestell said the network security team has over 300 pieces of Cisco hardware to manage, so being able to use DNA Center as its enterprise management tool is critical.

Bonestell also talked about one of the group’s first experiences when it turned up DNA Center about a year ago when it spotted error messages coming from an entire group of Cisco 3850 Catalyst switches. It turned out to be a buggy version of code that needed to be upgraded. Bonestell said his group didn’t know about the problem and would not have easily caught it without DNA Center.

Plans to manage wireless with Cisco platforms

While Durham County continues to work with DNA Center and ACI, it is also moving into the wireless world with new projects.

“We are in the process of converting to Cisco wireless, so we can manage our wireless controllers and access points from Cisco DNA Center,” Bonestell said. The county is also piloting Cisco’s Connected Mobile Experience (CMX) wireless suite at its new administration complex to provide an accurate account of who is using the county’s facilities. “We hope to deploy this technology into our courthouse by the end of 2019.”

Bonestell said the group has also entered into a partnership with Duke University to create a large MPLS network that will offer 1Gbps throughput to connect 14 Durham County sites to the county data center. The first phase of the project is expected to be completed in December of 2019, and he hopes to expand it after that.