Liquor Control Board is a state agency that operates liquor stores across Washington State. The project involved procuring fractional T-1 Circuits for 175 stores to replace dial up connections used for credit card transactions. We built two geographically disparate firewalls to secure the credit card transaction processing between each liauor store and their payment processing service. My portion of the task involved developing Small Office Router configurations, designing the MPLS Transport Network and designing the geographically diverse firewall failover strategy. I was the technical escalation point for conflicts between the Liquor Control Board, the software development contractor, the Frame Relay Telco, and our Network Control Center. The project was successful.
Develop a network solution that enable multiple state agencies to continue critical business operations within the Emergency Management Division's facility in the event of a regional disaster. The objective is to create two new MPLS Node sites within the EMD facility. The node sites contain Cisco Catalyst 6500 switches and firewall service modules. The deliverables are implement an infrastructure capable of supporting MPLS to virtual routing and forwarding tables (vrf) for each agency. We were required to secure each vrf with Firewalls, incorporate an Internet connection as well as connections to the state mainframe and other state resourses. The project was implemented with success.
DIS supports a seperate infrastructure (DMZ) for internet services called the Public Governmental Network (PGN). The PGN has interfaces into the state network as well as the Internet. This network was historically seperate from, our internat state network. The objective of the project was to design and implement a solution that allows Internet applications to operate on devices used for internal state business. This solution was facilitated using MPLS VPNV4. The deliverable is implementation of new firewalls and policies to permit the removal of superfluous equipment. The project encountered numerous objections from the security team but was eventually completed after additional security such ad BOGON Lists, Reverse Path Checks, Infrastructure Security Lists etc were documented.
In an effort to support disaster recovery, DIS was asked to develop a design to support geographically separated firewalls. The objective was a network design compatable with stateful firewalls seperated by hundreds of miles, so the network would not be permitted to forward traffic asymmetrically. The deliverable was a ubiquitous design that could be offered to all customers with simular design constraints. The design was delivered, but was abandoned due to its complexity.
DIS operations must replace three core network management devices that are at the manufacture's end of support. Two devices are Cisco 7513 routers used to import customer network devices into the state's management and monitoring system, the other device is a network management layer-3 switch. Important risks include removal of mpls Ethernet over MPLS connections between an unused backup system in Spokane and Olympia. Migration of the Import/Export process off of the 7513 onto a new platform, redesign of the BGP connections between the 7513s and the Layer-3 switch. Key objectives of the project are to are to replace Layer-3 switch and 7500 routers with devices with greater port density, fault tolerant processors and power supplies, and minimize impact to monitoring systems. Key deliverables are installation of new OSPF connections into the core network, redesign routed connections, migration of servers onto the new device, and deactivation of the EOL equipment. The project encountered several delays do to unforeseen technical challenges. Removal of the Ethernet over MPLS required an outage. Although we verified the capabilities of the metro ethernet switch with the vendor, it was unable to support all of our routing tables. The power supplies in the Metro switch failed three times before we identifed identifiend a power issue in the cabinet. The project was eventually successful.
The Dept of Transportation (DOT) is a DIS Internet customer without adequate fault tolerance and insufficient bandwidth. The objective of the project is to redesign internet connections so geographic as well as hardware redundancy available. An additional requirement is to provide transport speeds up to 500 Meg/sec. Key deliverables are a design proposal, implementation of the design and minimal impact to internet connectivity during the change. The design was accepted and implemented. The project was a success.
The network control center is required to convert its management network onto a secure platform. The objective of the project is to secure management protocols within an MPLS network, and replace Telnet with Secure Shell. The deliverables for the project is the creation of a secure vrf for connections to node sites, a secure entry point into vrf to isolate the NCC, adoption of a new management vty application. The project is fully designed, network devices are being upgraded as a part of the project plan, and the project is on schedule.