CASE STUDY
PUBLIC SECTOR INCREASE PRODUCTIVITY, HIGH SPEED LINKS, INCREASE BANDWIDTH BETWEEN SITES, SECURE IL3 CONNECTIVITY AND REDUNDANCY OVER THE WAN
Summary
Company: Food Standard Agency
Industry: Government
Challenges:
• Increase bandwidth
•Increase Redundancy..
• Improve network scalability
• Security for IL3 Data Traffic with IL3 Integration.
Selection Criteria: Food Standard Agency needed new WAN Infrastruture with High Speed Links which is fully secure IL3 and IL2 Integration, scalable, Redundant and fully Compliance with PSN and Cabinet Office guidelines.
Network Solution:
• Cisco ASA 5500 Firewalls
• Cisco 3750 Core Switches
• Cisco 3925 ISR Routers
• Cisco 2911 ISR Routers
• MPLS Cloud
Results:
• High speed MPLS cloud run on different VRF for IL3 and IL2
• Encrypted Tunnels between each sites over the MPLS for IL3 Security
• Realized integration between the network and VMware cloud environment
• Acheived redundancy from Access Layer to the Core and over the MPLS Cloud.
The Food Standards Agency is an independent government department responsible for food safety and hygiene across the UK. FSA work with businesses to help them produce safe food, and with local authorities to enforce food safety regulations. Currently they have number of Remote Layouts to connect to Corporate Infrastructure. FSA works with stakeholders, other Government departments and public bodies, and international relations. FSA UK headquarters are in London, but the Agency also has offices in York, Scotland, Wales and Northern Ireland.
Challange
As the Agency is a Public Sector and IL3 compliance Network, so Security was main focus of the Solution. Redundancy over the WAN between all sites was also main requirements. The whole migration process required minimum downtime and site by site with existing current Infrastruture. Also solution require accredited CoCo approved products from Cabinet Office and CESG compliance approach.
Selection Criteria
FSA looked for a WAN Migration path which would provide high performance integration with its existing environment, and enhanced security features to reduce the configuration steps required to maintain logical separation between IL3 and IL2 data. The selection process was based on Security, Minimum downtime, Seamless Integration with Existing Infrastructure, Adaptable with Existing IP Design and Budget all key criteria. DMVPN solution presented by Third Party was not an option because of its long teerm cost but required similar type of solution with maximum security over the MPLS. Cisco ASA firewalls, ISR Routers and Cisco 3750 Core Switches Infrastucture fullfill the requirements for both IL2 and IL3.
Solution
I proposed a Solution, which fit the FSA environment perfectly. The Cisco 3925 ISR Routers at Hub sites and Cisco 2911 Routers at spoke terminate the MPLS Links and ASA Firewalls at each sites with IPSEC tunnels provided secure transmission of IL3/IL2 Data Traffic end to end. Redundancy is maintained with High Speed Redundant Links at each sites with Redundant set of hardware. Each site have fully mesh IPSEC Tunnel to other sites. All IL3 Infrastructure presented on single VRF over the MPLS for Dynamic Routing. Redesigned the Edge connectivity to each site with new Cisco 3750 Switches core to link with internal Environment for high throughput and reliability. The new infrastructure was built in parallel with existing network and fully tested before migration for minimum downtime.