Presentation is loading. Please wait.

Presentation is loading. Please wait.

HKOM+ Marko Erjavec. Goals for HKOM+ Lower the connection expensess (today:lease connections) Lower the maintenace and managing expensess (goal: With.

Published byNickolas Douglas Modified over 8 years ago

Similar presentations

Presentation on theme: "HKOM+ Marko Erjavec. Goals for HKOM+ Lower the connection expensess (today:lease connections) Lower the maintenace and managing expensess (goal: With."— Presentation transcript:

1 HKOM+ Marko Erjavec

2 Goals for HKOM+ Lower the connection expensess (today:lease connections) Lower the maintenace and managing expensess (goal: With one man maintain whole network) –Lower the needed human resources for network maintanance –Lower the complexity of configurations on remote locations: configuration standardisation – simplification of maintenance and management of configurationj –Rule optimisation: Rules on whoo, what and when someone communicate are located in one central point Enabling new services: –VoIP –Multicast Quality supervising on ousourcers and outtaskers Connection to remote locations should be posssible on every known – possible connection independent of connection povider –Frame relay (todays connectios) –Internet –MPLS –Leased lines(copper, optics) –Providers: Telekom, Volja, Amis, Mobitel, Satelite, Vimax …. Bandwidth increase –Possibility of application centralisation (SPIS) –Possibility of introducing and centralisation of VoIP Traffic restriction inside the HKOM+ with MPLS technology Security: Availability, integrity, confidentiality Preparation to EU presidency – process audits an security reqirements in year 2007 Akreditation to security level - restraint Redefinition of procesesses for building, maintenance and manage of network in accordance to appropriate standards and best practices Virtualisation of devices and connections

3 Present production state 800 locations 80 pops Ljubljana 30.000 users 1600 LANs

4 Future production state 890 end locations 1700 LANs 30.000 users Ljubljana Internet Satelite Telekom Mobitel

5 Goals enabling Increasing altogether bandwidth from aprox. 1Gb/s to 8Gbit/s, by changing from leased lines to flat rate. Lower the connection expensess –Tender for Providers ability to provide different bandwidths on different locations(890)

6 Informational request

7 Goals Enabling Security: –Availability: Every remote location is connected to two independent providers NIC Maribor – backup location with all functionality as Primary location in Ljubljana Every provider is connected to Ljubljana and Maribor –Integrity, Confidentiality: All traffic to remote locations is crypted (certificates SIGOV-CA) Preparation to EU presidency – preparation of security procesess according to standard ISO 27001 and special EU security standards Collaboration with security agency to get knowledge of special requirements and influence on creation of security requirements.

8 Goals enabling On all remote locations standardised interface is ethernet (UTP cable, RJ45 connector) Some remote locations have more than one LAN Every LAN has three ethernet connections: –Data –VoIP –DMZ – for larger agencies that have their own IT department and internet applications All configurations on remote locations have the same configuration except IP address and name

9 How we started Negotiating with Telekom –We got good negotiating position with results from Informational request Equipement purchase Designing and building LAB LAB connection to the production network – it is now part of production Making pilot instalations on existing leased lines and new flat rate connections Large deployment to existing leased lines and new flat rate lines –In two months all 600 routers will be placed on site

10 LAB design

11 Production state

12 Physical/Logical Topology MPLS VPN GRE over IPsec

13 Logical Topology

14 Detailed LAB picture

15 Configuration standardisation Every remote LAN has three ethernet connections –Data –VoIP –DMZ – just for some organisation If some exception exist, it must become standard configuration in at least two months. That implies that in two months we have to change “configurator” application Configurator will became center point of provisionng and maintenace of whole HKOM+ network We expect new revisions every two months. Now it covers five differrent Cisco routers and switches that we use in HKOM+ Daily configuration on firewall must be done through CSM – command line is not permited

16 Configurator

17 Other tools MARS –Analitical – corelation tool to predict possible problems in network - Netflow CSM –Cisco firewall GUI configuration tool Cisco works equivalent (Rancid) configuration management on routers and switches Monitor –Custom designed HW and SW for larger (important) remote locations to measure availability of services and SLA OpenView, cacti for all locations Various databases of IP addressing, location address, location specific, SecID authorisation data …. Help desk software –Registering every incident –Making reports, knowledgebase IDS/IPS: ISS products (Proventia, Black ice…) Conclusion: –Everyday work on network is done by CSM and Help desk. Other tools are for alarming and observing network.

18 Services HKOM offer different services to its users HKOM need different services to function properly Services must never go down (24/7)

19 Services HKOM services: –DNS – inside and outside, registrar –Proxy –Remote access for outsourcers –Remote access for users –Authentication, authorisation, accounting –Video conferencing, Video streaming –Syslog –Radius –IPS for all agencies on central point –Firewalling for all traffic that comming or leaving HKOM (internet, ousourcers, some gov. Agencies, EU netw., Data center) –SecurID issue –Mail for some organisations –Access for concessionaires –Load balancing for different web applications (content manager) –Connection to EU networks –Voice (telephone)

20 VoIP Solution for more than one service provider present in HKOM Telephone call free of charge for internal calls Only external calls from HKOM are charged

21 Information request HKOM network Internal call TC HKOM existing telefon central HKOM connections Gateways to service provider HKOm central location Service provider "A" Service provider "B" Service provider "C" Public service provider End locations Public service provider "A" Public service provider "C"

22 Connection schematic Internet Telekom Sinfonika Amis HKOM External call for Telekom subscribers External call for Sinfonika subscribers External call for Amis subscribers Internal call PRA SIP TC HKOM VPN Existing tel. central

23 Information request Request was addressed to 15 service and sollution providers We propose form into which providers put the prices We got 5 proposals Eqipement rent Eqipement buy Without PoE funkc. Eqipement buy Number of subscribersWithout PoE functionalityWith PoE functionality With PoE funkc. (volume discount) First connection Per subscriber Monthly fee per subscriber First connection Per subcsriber Monthly fee per subscriber Price per subscriber (in EUR with tax) 1 - 9990 10 -15 0 13-18 300 - 450400 - 550 1000 -19990 10 -150 13-18300 – 450400 - 550 2000 – 49990 10 -15 0 13-18300 – 450400 - 550 5000 – 99990 10 -15 0 13-18300 – 450400 - 550 10000 -199990 10 -15 0 13-18300 – 450400 - 550 Over 200000 10 -15 0 13-18 300 - 450 400 - 550

24 Current state of HKOM+ upgrade 830 locations of 890 are upgraded Some additional management tools are developed and instaled Remote desktop server (ISL) is implemented

25 Future plans Change of main switch (250 ports) in data and communication core network with fourty smaller (48 ports) distributed 1Gb/s switches Instalation of equipement in backup location in Maribor Developement and instalation of smaller management applications End of activities in 1.1.2008

26 EU networks Network H K O M Network C C N Network E X T R A N E T Network T E S T A I I

27 EU networks CCN – Common Communication Network  Network CCN is under the jurisdiction of EC, DG TAXUD (European Commission, Directorate General for Taxation and the Customs Union)  Network CCN has been established for interchange of regular customs and taxation data  Over network CCN also special data are interchanged - AFIS (Anti-Fraud Information Systems) under the jurisdiction of EC OLAF (European Commission, European Anti-Fraud Office)  Primary connection: leased line -> 256 kb/s  Secondary connection: ISDN  Data crypting: yes Network C C N

28 Network H K O M Network C C N EU networks CCN – Common Communication Network Ministry of Finance Customs Administration Ministry of Finance Tax Administration Ministry of Finance VIES (VAT Information Exchange System) – system for VAT number validation NCTS (New Computerised Transit System) CIS (Customs Information System) - TARIC (TARif Intégré Communautaire), QUOTA,… AFIS (Anti-Fraud Information Systems) – systems for detecting and preventing frauds, corruption and other illegal activities with financial consequences

29 EU networks TESTA – Trans-European Services for Telematics between Administrations  Network TESTA II is under the jurisdiction of EC, ENTERPRISE DG (European Commission, Enterprise Directorate-General)  Network TESTA II is one of the generic services of the Programme IDA (Interchange of Data between Administrations Programme: a European Community Programme)  Projects using network TESTA II: 14POINTS, AFIS, CARE, CIRCA, DUBLINET, ECB.NET, EUDRANET, EUPHIN, EURAMIS, EURODAC, EUROSTAT, FIDES, FIUNET, INTRACOM, PROCIV-NET, SAFESEANET, SFC, SIGL, TACHONET in TESS (most of them are projects of common interest) Network T E S T A I I sTESTA

30 EU networks TESTA – Trans-European Services for Telematics between Administrations Network H K O M Network T E S T A I I Office for Money Laundering Prevention Ministry of Finance Ministry of the Interior Ministry of the Economy Administration for Civil Protection and Disaster Relief Ministry of Defense Ministry of Transport  Primary connection: leased line -> 256 kb/s  Secondary connection: leased line -> 256 kb/s  Data crypting: yes

31  FIU.NET (Financial Intelligence Unit) – system for money laundering detection and prevention  EURODAC – system for fingerprints comparison (identification process of the asylum applicants)  DUBLINET – system for interchanging data about the asylum applicants (DUBLIN II regulation)  SIGL – system for textile and steel import quota checking (before issuing the import documentation)  PROCIV-NET (Civil Protection and Environmental Emergencies European Network) – system for interconnecting national civil protection institutions; essential information interchanging (CECIS - Common Emergency Communication and Information System)  TACHONET – system for interchanging data about professional truck drivers and truck journey (digital tachograph) Network T E S T A I I EU networks TESTA – Trans-European Services for Telematics between Administrations

32 I N T E R N E T (VPN, Crypto) EXCEPTION:  EUDRANET – system for interchanging data about pharmaceutical products (competence: Agency for Medicinal Products and Medicinal Devices of the Republic of Slovenia, Ministry of Health)

33 EU networks EXTRANET – Extranet Network  Network EXTRANET is under the jurisdiction of the General Secretariat of the Council of the European Union  Network EXTRANET has been established for interchanging documents in electronic form (sent from the GSC EU to the EU member states)  Primary connection: leased line -> 256 kb/s  Secondary connection: ISDN (4 channels)  Data crypting: yes Network E X T R A N E T

34 EU networks EXTRANET – Extranet Network Network H K O M Network E X T R A N E T EU-Portal  U32Mail - in Slovenia documents are available over dedicated EU-Portal application

Download ppt "HKOM+ Marko Erjavec. Goals for HKOM+ Lower the connection expensess (today:lease connections) Lower the maintenace and managing expensess (goal: With."

Similar presentations

Network Systems Sales LLC

Network Systems Sales LLC
TANDBERG Video Communication Server March 2008. TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.

TANDBERG Video Communication Server March TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
CP2073 - Networking1 WAN and Internet Access. CP2073 - Networking2 Introduction What is Wide Area Networking? What is Wide Area Networking? How Internet.

CP Networking1 WAN and Internet Access. CP Networking2 Introduction What is Wide Area Networking? What is Wide Area Networking? How Internet.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Firewall Configuration Strategies

Firewall Configuration Strategies
Eric Kilroy. Introduction  Virtual Private Network A way to connect to a private network through a public network such as the internet.

Eric Kilroy. Introduction  Virtual Private Network A way to connect to a private network through a public network such as the internet.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Understanding Eligible Services I 2013 Schools and Libraries Fall Applicant Trainings 1 E-rate Program Understanding Eligible Services.

Understanding Eligible Services I 2013 Schools and Libraries Fall Applicant Trainings 1 E-rate Program Understanding Eligible Services.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Mr. Mark Welton.  Three-tiered Architecture  Collapsed core – no distribution  Collapsed core – no distribution or access.

Mr. Mark Welton.  Three-tiered Architecture  Collapsed core – no distribution  Collapsed core – no distribution or access.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Virtual Private Network

Virtual Private Network
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
The Basics of Networking. Rick Graziani What is networking? Communication! An interconnection of computers and other devices: –Printers.

The Basics of Networking. Rick Graziani What is networking? Communication! An interconnection of computers and other devices: –Printers.
GOVERNMENT DATA NETWORK Central Informatics Organization GDN.

GOVERNMENT DATA NETWORK Central Informatics Organization GDN.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.
VPN for Sales Nokia FireWall-1 Products Complete Integrated Solution including: –CheckPoint FireWall-1 enterprise security suite –Interfaces installed.

VPN for Sales Nokia FireWall-1 Products Complete Integrated Solution including: –CheckPoint FireWall-1 enterprise security suite –Interfaces installed.

Similar presentations

Ads by Google