Up until about two and a half years ago, Durham County had a tech problem. The IT staff of the county was spending the majority of their time manually up-keeping the networks security policies. In order to spend more time focusing on “forward-looking” projects the government decided to upgrade the efficiency and security of their network.
In the time since, the traditional point-to-point network has been transformed into something more modern. The new system implements Cisco’s Application Centric Infrastructure (ACI) in its data center and DNA Centers for its campus and provides support to the 2,100 county-wide end users as well as “online services for 315,000 residents”. This has allowed the staff to shift their focus from menial chores to more future-ready projects.
Cisco’s Application Centric Infrastructure (ACI) is a “software-defined technology” that manages and automates data centers both in house in the cloud. Likewise enterprise networks that need “automation capabilities, assurance setting, fabric provisioning and policy-based segmentation.”
Linking Everything Together
In order to serve the 55 remote sites (including libraries, the health dept. and social services) and data centers (currently 4, though 5 shortly) across the county network engineers have built a 40Gbps dark-fiber network. What this means, in the simplest terms, is that the county is using unused fiber bandwidth to create their own private network.
According to Joel Bonestell, Durham County Governments security services and network manager “We utilize leased lines from two different vendors with various speeds to connect remote sites to our central data center and have redundant internet circuits with speeds up to 1 gig to improve business continuity and connect all sites to the internet.” In order to simplify data center operations, the county’s IT staff employs the Cisco ACI, which also manages “security cameras and load balancers”.
Bonestell continued, “We embarked on this project some two and a half years ago when our traditional data center model – where we manually configured each node and spent days making the simplest manual upgrades – to an environment where we can now make configuration and security updates in minutes across the data center”.
Saving Time and Money
With the implementation of the Cisco technologies the county has been able to drastically reduce the time it takes to manually provision network protocols and update security policies. A 90-91% reduction in implementation time means that tasks are done within minutes, not hours.
“In the past we spent about 80 percent of our time and resources maintaining the network and 20 percent on new projects or improving services and innovation,” said Bonestell, “Now we have more time for new and innovative projects that will benefit our residents and businesses with new capabilities and services.”
This has included helping the “applications development team” with creating an application for document submission to the county, and another to remind citizens of their court dates. Even though the “ultimate vision is to automate as much as possible” the Cisco technology has also allowed them to lockdown the county systems as keeping citizen data safe is a top priority.
Whitelisting and Microsegmentation
Durham County wanted to be able to grant specific permissions as well as see who is using which applications on their system. The security tools and microsegmentations have allowed the tech team to look into these network users and hardware with precision.
“The ability to automate security policy changes in a matter of minutes saves a lot of our time and eases security concerns, which always keep us on edge,” Bonestell said. “ACI gives us a health score of everything on our network, and that helps us spot issues quickly – it gives us visibility into all aspects of our networked devices that we never had before.”
The DNA center has allowed Bonestell and his team to monitor and manage the 300+ pieces of Cisco hardware in the county network. The DNA Center has already allowed the team to diagnose and mitigate an issue stemming from Cicso 3850 Catalyst switches that needed a code upgrade. Without the tools available in ACI and the DNA Center, Bonestell says, it would not have been easy to find or remediate the issue.
Moving to Cisco Wireless
“We are in the process of converting to Cisco wireless, so we can manage our wireless controllers and access points from Cisco DNA Center,” Bonestell said. In order to do this, Durham County is piloting the new Cisco Connected Mobile Experience (CMX) suite of wireless products. The program is starting at the county’s administration complex and they “…hope to deploy this technology into our courthouse by the end of 2019.”
Partnering with Duke University has also helped pave the way for a large MPLS (Multiprotocol Label Switching) network with 1Gbps throughput to each of its 14 county sites and the data center. Stage one of this process “is expected to be completed in December 2019” with plans to expand the network after.
Information for this blog post was originally found at Network World on February 28th, 2019.