SYMMETRIC HIGH-BIT-RATE DSL INTERFACE CARD FOR CISCO 1800, 2800, AND 3800 SERIES INTEGRATED SERVICES ROUTERS AND CISCO 1700, 2600XM, 2691, AND 3700 MULTISERVICE ACCESS ROUTERS

Cisco® multiservice access routers and integrated services routers offer a wide variety of WAN connectivity modules to accommodate the range of application needs in customer networks. The new Cisco 1-Port G.SHDSL WAN Interface Card (part number WIC-1SHDSL-V3) offers G.SHDSL-based WAN connectivity for modular routers deployed in small to medium-sized branch offices (Figure 1).

OVERVIEW

The new G.SHDSL WAN interface card (WIC) provides 1-port symmetric high-bit-rate DSL (SHDSL) connectivity to a WAN. The modular routers that support the new card are the Cisco 1841, 2801, 2811, 2821, 2851, 3825, and 3845 series integrated services routers; the Cisco 1721, 1751, 1760, 2600XM, 3725, and 3745 series multiservice access routers; and the Cisco 2691 Multiservice Platform. The interface card is available on Cisco access routers, starting with Cisco IOS® Software Release 12.4(3) Mainline and special Cisco IOS Software Release 12.4(2)XA. The first T-train image that will support the new interface card will be 12.4(3rd)T.
The new interface card is the latest G.SHDSL-based WIC for Cisco modular routers. It supersedes existing interfaces (part numbers WIC-1SHDSL and WIC-1SHDSL-V2) while maintaining feature parity with WIC-1SHDSL-V2. (Table 4 later in this document compares the three interface cards.)
G.SHDSL technology offers customers high-speed, symmetrical WAN connectivity at a lower monthly cost than most traditional WAN circuits. Using single or dual-pair copper wires, Cisco access routers with SHDSL interface card (part number WIC-1SHDSL-V3), can provide businesses the necessary bandwidth for critical traffic such as voice and videoconferencing, and can allow customers to save money by integrating voice and data traffic on the same WAN link. Service providers can increase subscriber revenue by bundling services and offering differentiated service levels through service-level agreements (SLAs).
A product of the ITU-T, SHDSL is the first standardized multirate symmetric DSL technology. It is designed to transport rate-adaptive symmetrical data across a single copper pair at data rates from 192 kbps to 2.3 Mbps, or 384 kbps to 4.6 Mbps over two pairs. This covers applications traditionally served by high-bit-rate DSL (HDSL), symmetric DSL (SDSL), T1, E1, and services beyond E1. G.SHDSL represents the worldwide-accepted DSL standard for symmetrical DSL, based on ITU recommendation G.991.2.

Figure 1. Cisco 1-Port G.SHDSL WAN Interface Card (part number WIC-1SHDSL-V3)

FEATURE SUMMARY

• Offers symmetrical WAN speeds up to 2.3 Mbps over a single copper pair and up to 4.6 Mbps over two copper pairs

• Based on ITU Recommendation G.991.2 (accepted worldwide)

• Supports Dying Gasp; uses power status bit (section 7.1.2.5.3 of G.991.2) for signaling

• Supports Wetting Current (Section A.5.3.3 of G.991.2)

• Supports G.SHDSL Annex A (U.S. signaling) and Annex B (European signaling)

• Multiple G.SHDSL WICs configurable per Cisco 1800, 2800, and 3800 and Cisco 1700, 2600XM, and 3700 router chassis

• Offers toll-quality voice over data with ATM Adaptation Layer 2 (AAL2) on Cisco 2800, 3800, 2600, and 3700 series routers; and AAL5 and voice over IP (VoIP) on the Cisco 1800, 2800, 3800, 1700, 2600, and 3700 series routers

• Supports extensive ATM classes of service (CoS) and IP quality of service (QoS)

• Operates back to back or with DSL access multiplexer (DSLAM)

• Sustains up to 23 virtual circuits per WIC

SYSTEM REQUIREMENTS

• The WIC is supported on all modular Cisco integrated services routers-the Cisco 1841, 2801, 2811, 2821, 2851, 3825, and 3845. It is also supported on the older multiservice routers-the Cisco 1721, 1751, 1760, 2600XM, 2691, 3725, and 3745 routers.

• The new WIC is supported on these access routers using the Cisco IOS IP Base feature set and up. For the Cisco 1700 Series, the minimum Cisco IOS Software feature set required to support the card is IP/ADSL or IP Base.

• The routers listed previously need to run Cisco IOS Software Release 12.4(3) Mainline and above or 12.4(2)XA to support the new WIC. The interface is also supported in Cisco IOS Software Release 12.4(3rd)T and above.

• The system requires no additional flash or DRAM memory other than the specified minimum memory for the Cisco IOS Software releases listed.

• No slot placement restrictions are placed for the new interface card on any of the platforms.

FEATURES AND BENEFITS SUMMARY

Table 1 summarizes the features and benefits of the new WIC.

Table 1. G.SHDSL WICs with Cisco Access Routers Features and Benefits

Feature

Benefits

Flexibility
Cisco IOS Software Support
· Provides the industry's most robust, scalable, and feature-rich internetworking software support using the accepted standard networking software for the Internet and private WANs
· Constitutes part of the Cisco Systems® end-to-end network solution, including multiprotocol routing (IP, Internetwork Packet Exchange [IPX, AppleTalk, and IBM/Systems Network Architecture [SNA]) and bridging
Integrated Voice and Data Networking
Voice and Data Integration
· Reduces long-distance toll charges by allowing the data network to carry interoffice voice and fax traffic
· Works with existing handsets, key units, and private branch exchanges (PBXs), eliminating the need for a costly phone-equipment upgrade
· Supports critical IP QoS features in Cisco IOS Software
· Provides traffic management with ATM CoS
Digital Voice Interfaces
· Provides toll-quality, award-winning derived VoIP; software-support VoIP/AAL5 and voice over ATM (VoATM)/AAL2 (Cisco 2800, 3800, 2600, and 3700 only); and AAL5
Analog Voice Interfaces
· Supports analog voice for VoATM/VoIP over AAL5
Standards-Based H.323 Signaling
· Allows an ecosystem of third-party vendors to develop applications for a complete solution; allows rapid low-cost deployment of VoIP
Digital Signal Processors (DSPs) and Voice-Compression Codecs G.711, G.729a, G.723.1, and G.726
· Provide hardware-based compressed voice to fit significantly more voice lines over a single copper pair without breaking the end-to-end delay budget
Sub-Cell Multiplexing (AAL2) (Cisco 2800, 3800, 2600, and 3700 only)
· Helps enable multiple voice channels to share an ATM cell, leading to efficient bandwidth utilization
Modular Architecture
Variety of WICs, Voice Interface Cards (VICs), and Network Modules
· Offers added flexibility and investment protection
· Provides easy migration from Frame Relay or asymmetric DSL (ADSL) to SHDSL
Multiple Platform Support
· Supports G.SHDSL WICs across a variety of Cisco platforms, including the Cisco 1841, 2800, 3800, 1700, 2600, 2600XM, 2691, and 3700 series routers
· Reduces cost of maintaining inventory, and allows reuse of modules
Security with VPN and Integrated Firewall
Hardware-Based Encryption
· Helps enable creation of VPNs by providing industry-standard data privacy, integrity, and authenticity as data traverses the Internet or a shared public network
· Offers hardware-based VPN encryption through onboard processor or Advanced Integration Module (AIM) VPN card
Triple Digital Encryption Standard (3DES) IP Security (IPSec), Advanced Encryption Standard (AES), Generic Routing Encapsulation (GRE), Layer 2 Tunneling Protocol (L2TP), and Layer 2 Forwarding (L2F)
· Offers choice of standards-based tunneling methods to create VPNs for IP and non-IP traffic
· Offers full interoperability with public certificate authorities and IPSec standards-based products
· Constitutes part of the scalable Cisco end-to-end VPN solution portfolio
Cisco IOS Firewall
· Cisco IOS Firewall includes context-based access control for dynamic firewall filtering, denial-of-service (DoS) detection and prevention, Java blocking, and real-time alerts
· Allows internal users to access the Internet with secure, per-application-based, dynamic access control while preventing unauthorized Internet users from accessing the internal LAN
Network Address Translation and Port Address Translation (NAT/PAT)
· Hides internal IP addresses from external networks
· Prevents certain DoS attacks from outside networks
· Allows multiple users access with a single IP address
Password Authentication Protocol/Challenge Handshake Authentication Protocol (PAP/CHAP), Microsoft CHAP (MS-CHAP), RADIUS, and TACACS+
· Supports all leading user identity verification schemes
Route and Router Authentication
· Accepts routing table updates from only known routers, helping ensure that no corrupt information from unknown sources is received
Internet Key Exchange (IKE) and X.509v3 Digital Certification
· Helps ensure proper identity and authenticity of devices and data
· Supports Certificate Enrollment Protocol (CEP) with certification authorities (CAs) such as Verisign and Entrust
ATM Features
ATM Traffic Unspecified Bit Rate (UBR), Non-Real-Time Variable Bit Rate (VBR-nrt), Real-Time Variable Bit Rate (VBR-rt), and Constant Bit Rate (CBR) with Traffic Shaping
· Helps ensure QoS guarantees for real-time traffic, with ability to send traffic over the appropriate virtual circuit to provide ATM-level shaping and ensure that no head-of-line blocking occurs between circuits of different or equal traffic classes
Up to 23 Virtual Circuits per WIC
· Helps enable more sessions at a time; is relevant for small and medium-sized businesses and small branch offices with 50 to 200 employees
· Supports per-virtual circuit queuing in Cisco IOS Software releases 12.2(2)XK, 12.2(4)XL, 12.2(13)T, 12.2(8)YN, and subsequent releases (per-virtual circuit queuing not supported in Cisco IOS Software releases 12.2(4)T, 12.2(8)T1, or 12.2(11)T)
Point-to-Point Protocol (PPP) over ATM
· Helps ensure compatibility with existing network
F5 OAM Continuity Check (F5OAMCC) and Loopback
· Supported in Cisco IOS Software releases 12.2(4)XL, 12.2(11)T2, 12.2(8)YN, and subsequent releases
Interim Local Management Interface (ILMI)
· Supported in Cisco IOS Software releases 12.2(4)XL, 12.2(13)T, 12.2(8)YN, and subsequent releases
PPP over Ethernet Client
· Meets service provider requirements and eliminates the need for additional network software on LAN-connected client PCs
RFC 2684 Routing
· Supports RFC 2684 Routing
ATM Oversubscription for DSL
· Allows bandwidth oversubscription to be configured for VBR and UBR+ service classes
· Supported in Cisco IOS Software releases starting with 12.4(2)XA; also available in Release 12.4(3rd)T and above
Multiqueue
· Multiqueue for DSL lines helps enable a priority and a regular (nonpriority) queue for traffic streams
· Supported in Cisco IOS Software releases starting with 12.4(2)XA; also available in Release 12.4(3rd)T and above
Device Integration
Integrated Router, Voice Gateway, Firewall, and VPN in a Single Device
· Reduces costs and simplifies management

IP QUALITY OF SERVICE

The Cisco 1800, 2800, 3800, 1700, 2600XM, 2691, and 3700 series with a G.SHDSL WIC support the integration of voice and data over the same G.SHDSL circuit using VoIP. The Cisco 2800, 3800, 2600XM, 2691, and 3700 support VoATM, thus allowing for further reduction of recurring monthly WAN charges. Table 2 describes all the IP QoS features that are supported on the new WIC. For more information about IP QoS, refer to the following URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122y/122yn8/ft_ipqos.htm

Table 2. Supported IP QoS Features

Feature

Description

Classification and Marking
· Class-based marking with differentiated services code point (DSCP) (data only)
· Committed access rate (CAR) with DSCP (Ingress-Ethernet/Fast Ethernet; Egress-G.SHDSL)
· Dial-peer DSCP/IP Precedence marking
Queuing and Scheduling
· Class-Based Weighted Fair Queuing (CBWFQ)
· Low Latency Queuing (LLQ)
· Driver per-virtual circuit queuing
Congestion Avoidance
· Class-Based Weighted Random Early Detection (WRED) with DSCP (egress)
Policing and Traffic Shaping
· Class-based policing
· Per-ATM virtual circuit shaping for VBR-nrt
· ATM cell loss priority (CLP) bit marking*
Link Efficiency
· Tunable Tx ring buffer for values 2 through 601
· Multilink PPP (MLPPP) link fragmentation and interleaving (LFI)
· MLPPP with LLQ, CBWFQ, and other QoS features*
· Compressed Real-Time Transport Protocol (cRTP)*
Other (IP QoS)
· Local policy routing (LPR)
· Policy-based routing (PBR)
· IP QoS map to ATM CoS
* Supported in Cisco IOS Software Release 12.3(2)T or later
The G.SHDSL WICs for the Cisco 2800, 3800, 2600XM, 2691, and 3700 provide support for ATM CoS (CBR, VBR-nrt, VBR-rt, and UBR) features that help service providers manage their core ATM network infrastructures to deliver scalable, cost-effective services with CoS guarantees to their customers. Permanent-virtual-circuit (PVC) traffic shaping and queuing allow further optimization of the existing bandwidth between customers and various services.

INTEROPERABILITY

The new interface cards are based on the Conexant chipset (Firmware 3.0.1), and they operate when connected back to back or when connected to a DSLAM.
Customers can deploy G.SHDSL WICs in a back-to-back configuration to take advantage of existing copper wiring in a building, campus, or neighborhood where DSLAM aggregation equipment is neither needed nor financially justified. In back-to-back mode, one side of the connection is configured in central-office mode and provides functions similar those of a DSLAM (Table 3).

Table 3. DSLAM Interoperability

 

WIC-1SHDSL-V3

(2-wire ATM mode)

WIC-1SHDSL-V3

(4-wire ATM mode)

Alcatel ASAM 7300 (12- and 24-Port Line Cards)

X

X

ECI HiFocus SAM 240 (16-Port Metalink-Based Line Cards)

X

X

Lucent Stinger FS (32- and 48-Port Line Cards)

X

X

Table 4 lists the primary differences among the new line cards, and Table 5 gives details about platform support.

Table 4. Primary Differences Among 1-Port G.SHDSL WAN Interface Cards

Features, Parts, or Firmware

WIC-1SHDSL

WIC-1SHDSL-V2

WIC-1SHDSL-V3

Dying Gasp

No

Yes

Yes

4-Wire Support

No

Yes

Yes

Wetting Current

No

Yes

Yes

Conexant Firmware Version**

1.5

A29733 (based on 2.3.1)

3.0.1

Annex A-B and ANFPB Support

No

Yes

Yes

** Firmware versions current as of 8/20/2005

PLATFORM SUPPORT

Table 5. Platform Support Details

 

WIC-1SHDSL-V3

Platforms Supported

Cisco 1721, 1751, 1721, 1751, 1760, 1841, 2801, 2811, 2821, and 2851 routers

Cisco 1721, 1751, and 1760; Cisco 2610XM through Cisco 2650XM; and Cisco 2691, 3725, 3745, 3825, and 3845 routers

Onboard High-Speed WIC (HWIC) or WIC Slots

Yes

Yes

NM-2W Support

No

Yes

NM-1FE2W, NM2FE2W, NM-1FE1R2W Support

No

Yes (except for 2600XM)***

NM-1FE2W-V2, NM2FE2W-V2, NM-1FE1R2W-V2 Support

No

Yes (except for 2600XM)***

*** NM-1FE2W, NM2FE2W, NM-1FE1R2W, NM-1FE2W-V2, NM2FE2W-V2, NM-1FE1R2W-V2 are not supported on 2600 XM routers
Table 6 gives the maximum number of G.SHDSL WICs per platform.

Table 6. Maximum Number of G.SHDSL WICs per Platform

Platform

Maximum Number of G.SHDSL WICs

Cisco 1721, 1751, and 1760

2

Cisco 1841

2

Cisco 2600XM

4

Cisco 2801

3

Cisco 2811 through Cisco 2851

4

Cisco 2691

5

Cisco 3725

7

Cisco 3745

11

Cisco 3825

8

Cisco 3845

12

SOFTWARE REQUIREMENTS

Table 7 gives software requirements, Table 8 gives ordering information, and Table 9 gives hardware specifications for the new interface cards.

Table 7. Minimum Cisco IOS Software Release Required for New WICs

Platform

Minimum Cisco IOS Software Release for WIC-1SHDSL-V3 Support

Minimum Cisco IOS Software 'T' train support

Recommended Cisco IOS Software Release

Cisco IOS Feature Set

Cisco 1841 and 2801

12.4(2)XA

12.4(3rd)T or 12.4(6)T

12.4(5)M

IP Base and up

Cisco 2811 through Cisco 2851

12.4(2)XA

12.4(3rd)T or 12.4(6)T

12.4(5)M

IP Base and up

Cisco 3825 and 3845

12.4(2)XA

12.4(3rd)T or 12.4(6)T

12.4(5)M

IP Base and up

Cisco 1721, 1751, and 1760

12.4(2)XA

12.4(3rd)T or 12.4(6)T

12.4(5)M

IP/ADSL, IP Base, and up

Cisco 2610XM through Cisco 2651XM and Cisco 2691

12.4(2)XA

12.4(3rd)T or 12.4(6)T

12.4(5)M

IP Base and up

Cisco 3700 Series

12.4(2)XA

12.4(3rd)T or 12.4(6)T

12.4(5)M

IP Base and up

Table 8. Product Number and Ordering Information

Product Number

Description

WIC-1SHDSL-V3

1-port G.shdsl WIC with Four Wire Support (system)

WIC-1SHDSL-V3=

1-port G.shdsl WIC with Four Wire Support (spare)

CISCO1841-SHDSL-V3

1841 DSL bundle, WIC-1SHDSL-V3 (4-wire), IP Broadband, 32F/128D

C2801-SHDSL-V3/K9

2801 DSL bundle, WIC-1SHDSL-V3 (4-wire), SP Svcs, 64F/192D

C2811-SHDSL-V3/K9

2811 DSL bundle, WIC-1SHDSL-V3 (4-wire), SP Svcs, 64F/256D

Table 9. Hardware Specifications

G.SHDSL Chipset

Conexant Chipset

Dimensions (H x W x D)

0.75 x 3.08 x 4.38 in. ( (1.91 x 6.93 x 9.86 cm)

Weight

2.4 oz (68g)

LEDs

CD (carrier detect)

LP (loopback)

OK (DSLSAR download complete)

Ports

Single RJ-11/RJ-14C connector

Cabling

RJ-11 line cord

Network Equipment Building Standards (NEBS) Compliance

Level 3 compliant (Type 2/4)

SAFETY, EMC, TELECOM, NETWORK HOMOLOGATION, POWER, ENVIRONMENTAL REQUIREMENTS, AND REGULATORY APPROVALS

When installed in a Cisco 1700, 1841, 2600, 2800, 3700, or 3800 series router, the new Cisco SHDSL WIC does not change the standards (safety, EMC, telecom, network homologation, power, environmental requirements, and regulatory approvals) of the router itself. Refer to the following data sheets for additional information about mechanical, environmental, and agency certifications:

• For Cisco 1721 and 1760:

• For Cisco 1800 Series (modular):

• For Cisco 2600XM and 2691:

• For Cisco 2800 Series:

• For Cisco 3700 Series:

• For Cisco 3800 Series:

2007/05/04 11:42 2007/05/04 11:42

트랙백 주소 :: http://thinkit.or.kr/network/trackback/331

댓글을 달아 주세요

G.shdsl WAN Interface Card

for the Cisco 1700 Series

The Cisco 1700 Series with a single-pair high-bit-rate digital-subscriber-line (G.shdsl) WAN interface card (WIC) is the industry's first multiservice router to deliver business-class broadband service with scalable performance, flexibility, and security for small-medium businesses and small enterprise branch offices. Together with the integrated G.shdsl WIC (WIC-1SHDSL), the Cisco 1700 is the perfect solution for a variety of businesses that require high-speed business-class DSL access on a secure, high-performance modular platform. (See Figure 1.)

Figure 1 Single-Port G.shdsl WIC (WIC-1SHDSL)

Combined with the WIC-1SHDSL, the Cisco 1700 delivers cost-effective, high-speed, symmetrical bandwidth at a lower monthly cost than most traditional WAN circuits. This provides businesses with the necessary bandwidth for such critical traffic as voice and videoconferencing, and allows customers to take advantage of the cost savings of integrating voice and data traffic on the same WAN link. Service providers can benefit by offering differentiated service levels through service-level agreements (SLAs) at a more competitive price.

The G.shdsl standard (ITU G.991.2) represents the first DSL standard accepted worldwide and is the latest in DSL technology. The G.shdsl WIC is based on ITU recommendation G.991.2 and, therefore, allows for better interoperability with third-party vendors. For more information on G.shdsl technology and the Cisco suite of DSL products, see the following URL or contact your local representative:

http://www.cisco.com/warp/public/779/servpro/solutions/dsl/gshdsl.html

Feature Summary

The Cisco 1700 combined with the WIC-1SHDSL provides:

Symmetrical WAN speeds (up to 2.3 Mbps) over a single copper pair

Multiple G.shdsl WICs per Cisco 1700 chassis

Support for voice over IP (VoIP) over DSL with IP quality of service (QoS)

Support for IP QoS map to ATM class of service (CoS)

Back-to-back operation or operation via DSL access multiplexer (DSLAM)

Support for up to 23 virtual circuits per WIC

Key Benefits: Business Class DSL

Symmetrical, High-Speed, Cost-Effective Bandwidth

Based on the ITU G.991.2 global industry standard, the Cisco G.shdsl solution delivers symmetrical data rates from 192 kbps up to 2.3 Mbps. Speeds vary, depending on the loop length and line conditions. More traditional WAN links, such as leased-line and ISDN, provide similar service, but often at a much higher monthly cost. The G.shdsl WIC delivers symmetrical connectivity and provides the necessary bandwidth for business applications such as VoIP, videoconferencing, and toll bypass at a lower monthly charge.

The dual WAN ports on the Cisco 1700 Series platforms allow for flexibility in installing WAN access lines. Multiple G.shdsl WICs can be configured per router chassis to provide additional bandwidth through a second WAN link, and supply connectivity to additional sites or service providers. With the broad array of WICs available for the Cisco 1700 platform, flexible configurations, including asymmetric DSL (ADSL), dial, ISDN, E1/T1, and Frame Relay are also possible. Secondary WAN links can, therefore, be used to provide more available bandwidth or redundancy for mission-critical applications.

Business-Class Security

The Cisco 1700 can be optimized for virtual private networks (VPNs). VPNs allow for secure use of any shared network incorporating the same policies and levels of security and performance as a private network. The Cisco 1700 Series provides VPN security through optional hardware-based encrypted tunneling at Triple Digital Encryption Standard (3DES) IP Security (IPSec) speeds of up to wire speed (T1/E1). VPN capability over G.shdsl allows for secure access to corporate networks without the costs and limitations associated with point-to-point links.

In addition, the Cisco 1700 Series incorporates Cisco IOS® Firewall Technology (Cisco Secure Integrated Software) supporting stateful firewall and intrusion-detection functionality. With an always-on DSL connection, Internet security is a critical component in protecting corporate resources from malicious attacks.

Integrated Voice and Data over G.shdsl

Service providers increase revenue by building differentiated service options based on premium, standard, or best-effort service classes. This requires a QoS mechanism to differentiate service levels and prioritize traffic accordingly. The Cisco 1700 with G.shdsl WIC provides ATM CoS features that enable service providers to manage their core ATM network infrastructures and deliver scalable, cost-effective services with QoS guarantees to their customers. Permanent-virtual-circuit (PVC) traffic shaping and queuing allow further optimization of the existing bandwidth between customers and various services.

Many customers require IP QoS to differentiate between high- and low-priority traffic. The Cisco 1700 with G.shdsl WIC supports VoIP over DSL with IP QoS map to ATM CoS. These enhanced QoS features enable data and voice traffic to be transmitted on the same virtual circuit, thus allowing for further reduction of monthly recurring WAN charges.

Support for Analog and Digital Voice Interfaces

Cisco 175x (1750 and 1751) routers feature one voice-interface-card (VIC) slot and two WAN/voice-interface-card (WIC/VIC) slots. Cisco 1751 VICs include dual-port foreign exchange station (FXS), foreign exchange office (FXO), ear and mouth (E&M), and direct inward dial (DID), all of which provide the analog voice interface to legacy telephony equipment (phones, fax, private branch exchange [PBX], and key telephone system [KTS]) and the Public Switched Telephone Network (PSTN). It provides users a cost-effective way to migrate toward a packet-based multiservice infrastructure without deeming legacy telephony equipment obsolete. Cisco 1751 supports digital voice with dual-port ISDN Basic Rate Interface (BRI) NT/TE VIC (network and user-side Q.931 BRI). This enables users to easily connect ISDN PBXs and KTSs to a multiservice network with a minimum of configuration changes on the PBX. In addition, users can immediately take full advantage of multiservice capabilities, such as telephony toll-bypass applications and full gateway integration within Cisco AVVID (Architecture for Voice, Video and Integrated Data). The Cisco 1750 does not support digital voice interfaces (BRI) or analog DID, but does support the other voice interfaces referenced in this section.

Standards-Based Voice Technology

The voice functionality of the Cisco 1700 with the G.shdsl WIC, which is based on H.323 standards, enables third parties to develop applications to a standard protocol. This results in an ecosystem of compatible voice applications such as enhanced call control via gatekeepers, service billing, and network management. Such an ecosystem provides a complete solution for rapid deployment of intranet voice services for branch offices and enterprise teleworkers.

DSLAM Interoperability

The G.shdsl is based on the Globespan chipset and operates either back to back or connected to a Cisco 6160 and 6260 DSLAM. Interoperability testing with third-party vendors' DSLAMs is likely to be conducted on an ongoing basis. Additional information on this will be provided when testing is completed.

Customers can deploy G.shdsl WICs in a back-to-back configuration to take advantage of existing copper wiring in a building, campus, or neighborhood where DSLAM aggregation equipment is either not needed or not financially justified. In back-to-back mode, one side of the connection is configured in server mode and provides functionality similar to that of a DSLAM.

Quality of Service

IP QoS

The Cisco 1700 with the G.shdsl WIC supports the integration of voice and data over the same G.shdsl circuit using VoIP, thus allowing for further reduction of monthly recurring WAN charges. Enhanced QoS is offered through mapping of IP QoS to ATM CoS features. Table 1 lists the QoS features and their benefits.

Table 1  Features and Benefits of Cisco 1700 with G.shdsl WIC

Feature
Benefit
Low-Latency Queuing (LLQ), also called Priority Queuing/Class-Based Weighted Fair Queuing (PQ/CBWFQ)

Achieves low latency by classifying and prioritizing voice traffic over data

Differentiated Services

Classifies and marks high-priority traffic so that it receives the assigned QoS across the network

Multilink PPP (MLP) with Link Fragmentation and Interleaving (LFI)

Fragments larger data packets into smaller segments and interleaves voice packets to overcome serialization delays over a multilink interface

Committed Access Rate (CAR)

Provides bandwidth commitments and specifies policies for handling traffic that exceeds this bandwidth commitment

Weighted Random Early Detection (WRED)

Specifies policies for congestion management


These features are supported on a per-virtual circuit basis (mixing of voice and data traffic) and supported on a virtual-circuit bundle in process/fast/Cisco Express Forwarding (CEF) switching modes for differentiated services (DiffServ) and CAR. MLP using LFI over ATM is supported on a single virtual circuit on the ATM interface, and in process and fast switching modes.

Managed Services/Applications

1. Managed Internet access

2. Managed VPN service

3. Managed VoIP service

4. Back-to-back deployment in a campus environment

Scenario 1—Managed Internet Access

Figure 2 Managed Internet Access with WAN Backup

The modularity and flexibility of the Cisco 1700 Series with G.shdsl WIC is highlighted in Figure 2. Service providers can provide the end customer with a managed service using the G.shdsl as the primary WAN access using ISDN as a secondary line for backup. The customer also has the flexibility to select a second G.shdsl line using a different Internet service provider (ISP).

Scenario 2—Managed VPN Service over G.shdsl

Figure 3 Secure VPN through the Internet over G.shdsl

Service providers can deliver a managed VPN service for business customers that takes advantage of the huge cost-saving opportunities of VPN technology by deploying VPNs over G.shdsl. Symmetrical bandwidth and high bit rates allow customers to deploy mission-critical applications to remote sites at an affordable cost without the fear of compromising data security. The Cisco 1700 G.shdsl solution, along with an optional hardware encryption module, can deliver hardware-encrypted data at wire speeds (T1/E1). VPN technology with IPSec 3DES combined with integrated Cisco IOS Firewall technology gives branch offices the added security needed for an "always-on" connection to the Internet.

Scenario 3—Managed VoIP Service

Figure 4 Intranet Toll-Quality Voice

Service providers can deliver a managed VoIP service to their customers by taking advantage of the Cisco 1700 combined with the WIC-1SHDSL. This solution enables interoffice voice calls to be sent across the DSL network and thus avoid the long-distance toll charges incurred from a long-distance carrier, local exchange carrier (LEC), or Post, Telephone, and Telegraph (PTT). Customers lease an ATM virtual circuit between one or multiple sites and use VoIP over DSL to pass intranet voice traffic between sites.

Scenario 4—Back-to-Back Deployment in a Campus Environment

Figure 5 Back-to-Back G.shdsl Deployment in a Campus Environment

Many businesses today require data and voice connectivity between multiple buildings in a campus environment. Often copper wire is the only means to interconnect each facility to the campus main building. G.shdsl technology allows customers to link up two Cisco 1700s with WIC-1SHDSL cards back to back over standard 26 AWG telephone wire and provide up to 2.3-Mbps WAN connectivity between the two facilities. This setup allows for the deployment of data, voice, and video over the existing copper wire infrastructure without a costly infrastructure upgrade. Multiple WIC-1SHDSL pairs can be used to allow for additional bandwidth between each facility.

G.shdsl WIC Business Class DSL Features and Benefits

Table 2  Features and Benefits Summary

Feature
Benefits

Flexibility

 

Cisco IOS Software Support

Required (base IP/DSL image [`y7' image]); all Plus images also support DSL; a Plus image must be used for IP QoS map to ATM CoS features (enhanced QoS features)

 

Provides the industry's most robust, scalable, and feature-rich internetworking software support using the accepted standard networking software for the Internet and private WANs. Is part of the Cisco end-to-end network solution (including multiprotocol routing [IP, Internetwork Packet Exchange (IPX), AppleTalk, IBM/Systems Network Architecture (SNA)] and bridging).

Integrated Voice and Data Networking

 

Voice and Data Integration

Reduces long-distance toll charges by allowing the data network to carry interoffice voice and fax traffic

Works with existing handsets, key units, and PBXs, eliminating the need for a costly phone-equipment upgrade

Supports ATM CoS features

Supports IP QoS features

Advanced QoS Features

Offers mapping of IP QoS to ATM CoS features

Supports LLQ (PQ/CBWFQ), DiffServ, MLPPP with LFI, CAR, and WRED

Digital Voice Interfaces

Provide toll-quality, award-winning derived VoIP

Standards-Based H.323 Signaling

Allows an ecosystem of third-party vendors to develop applications for a complete solution

Allows rapid low-cost deployment of VoIP

Digital Signal Processors (DSPs) and Voice-Compression Coders/Decoders (Codecs) G.711, G.729, G.729b, G.723.1, G.726

Provide hardware-based compressed voice to fit significantly more voice lines over a single copper pair without breaking the end-to-end delay budget

Modular Architecture

 

Multiple WAN Slots

Supports flexible configurations, including WICs that support G.shdsl, ADSL, dial, ISDN, E1/T1, and Frame Relay

Support for VIC Slots

Offers added flexibility and investment protection

Multiple Platform Support

Supports G.shdsl WIC on Cisco 1720, 1750, and 1751 at FCS

Reduces cost of maintaining inventory

Lowers training costs for support personnel

Protects investments through reuse on various platforms

Security with VPN and Integrated Firewall

 

IPSec 3DES Hardware-Based Encryption

Enables creation of VPNs by providing industry-standard data privacy, integrity, and authenticity as data traverses the Internet or a shared public network

Hardware-based VPN encryption performance at wire speed (T1/E1)

3DES IPSec, Generic Routing Encapsulation (GRE), Layer 2 Tunneling Protocol (L2TP), Layer 2 Forwarding (L2F)

Offers choice of standards-based tunneling methods to create VPNs for IP and non-IP traffic

Is fully interoperable with public certificate authorities and IPSec standards-based products

Is part of the scalable Cisco end-to-end VPN solution portfolio

Cisco Unity Client Support

Cisco 1700 Series Routers can terminate VPN tunnels initiated by the Unity Client

Cisco IOS Firewall Feature Set

(Cisco Secure Integrated Software) Includes context-based access control for dynamic firewall filtering, denial-of-service detection and prevention, Java blocking, and real-time alerts

Allows internal users to access the Internet with secure, per-application-based, dynamic access control while preventing unauthorized Internet users from accessing the internal LAN

Network/Port Address Translation (NAT/PAT)

Hides internal IP addresses from external networks

Prevents certain denial-of-service attacks from outside networks on internal hosts

Allows multiple users access via a single IP address

Password/Challenge Handshake Authentication Protocol (PAP/CHAP), MS-CHAP, Remote Access Dial-In User Service (RADIUS), TACACS+

Supports all leading user identity-verification schemes

Route and Router Authentication

Accepts routing-table updates from only known routers, ensuring that no corrupt information from unknown sources is received

Internet Key Exchange (IKE), X.509v3 Digital Certification

Ensures proper identity and authenticity of devices and data

Enables scalability to very large IPSec networks through automated key management

Offers support for Certificate Enrollment Protocol (CEP) with certification authorities (CAs) such as Verisign and Entrust

ATM Features

 

ATM Traffic Unspecified Bit Rate (UBR), Non-Real Time Variable Bit Rate (VBRnrt), Real-Time VBR (VBRrt), and Constant Bit Rate (CBR) with Traffic Shaping

Ensures CoS guarantees for real-time traffic, with ability to send traffic over the appropriate virtual circuit to provide ATM-level shaping and ensure that no head-of-line blocking can happen between circuits of different or equal traffic classes

Up to 23 Virtual Circuits per WIC

Enables more sessions at a time; relevant for small and medium-sized businesses and small branch offices with 50-200 employees

Point-to-Point Protocol (PPP) over ATM

Ensures compatibility with existing network

PPP over Ethernet Client

Meets service-provider requirements and eliminates the need for additional network software on LAN-connected client PCs

RFC 1483

Supports RFC 1483

Device Integration

 

Integrated Router, Voice Gateway, Firewall, Encryption, VPN Tunnel Server, Data/Channel Service Unit (DSU/CSU), and NT1 in a single device

Reduces costs and simplifies management


G.shdsl WIC Business Class DSL Feature Highlights

Scalable Bandwidth

Delivers from 192 kbps to 2.3 Mbps bandwidth (symmetrical)

Rate adaptable using G.hs (handshake)—automatically selects optimal speed setting

Longer Reach Than Other DSL Technologies

Provides 2.3 Mbps at up to 11,000 feet on 26 AWG (subject to line conditions)

Operates at distances up to 22,000 feet

Repeatable for even greater distances

Spectral "friendly" technology gives less interference with other transmission technologies

Voice Support

Support for VoIP over DSL with QoS using H.323 signaling

Cisco IOS Software and Platform Support

First supported in Cisco IOS Software Release 12.2(4)XL

Supported on Cisco 1720, 1750, 1751 at FCS

Functions in built-in VIC/WIC slots

Country Support

Complies with ITU G.991.2 standard

Worldwide-accepted technology

Memory and Software Requirements (Recommendation for 12.2(4)XL)

A base IP/DSL image can be used to run the G.shdsl WIC on the Cisco 1700 platforms at a minimum. In addition to the base IP/DSL image, the DSL feature (`y7' image) is also available in all Plus images. In order to run the enhanced QoS features, a Plus image is required.

Table 3  Memory and Software Image Requirements

Product Number
Image Name
Software Image
Flash
DRAM

S17C-12204XL

c1700-y-mz

Cisco 1700 IOS IP

8 MB

32 MB

S17C7-12204XL

c1700-y7-mz

Cisco 1700 IOS IP/DSL

8 MB

32 MB

S17C7P-12204XL

c1700-sy7-mz

Cisco 1700 IOS IP/DSL Plus

8 MB

32 MB

S17C7K8-12204XL

c1700-k8sy7-mz

Cisco 1700 IOS IP/DSL Plus IPSec 56

8 MB

32 MB

S17C7K9-12204XL

c1700-k9sy7-mz

Cisco 1700 IOS IP/DSL Plus IPSec 3DES

16 MB

48 MB

S17CH-12204XL

c1700-o3y-mz

Cisco 1700 IOS IP/FW/IDS

8 MB

32 MB

S17C7HK8-12204XL

c1700-k8o3sy7-mz

Cisco 1700 IOS IP/DSL/FW/IDS Plus IPSec 56

8 MB

32 MB

S17B-12204XL

c1700-ny-mz

Cisco 1700 IOS IP/IPX

8 MB

32 MB

S17B7HP-12204XL

c1700-no3sy7-mz

Cisco 1700 IOS IP/DSL/IPX/FW/IDS Plus

16 MB

48 MB

S17Q-12204XL

c1700-bnr2y-mz

Cisco 1700 IOS IP/IPX/AT/IBM

8 MB

32 MB

S17Q7P-12204XL

c1700-bnr2sy7-mz

Cisco 1700 IOS IP/DSL/IPX/AT/IBM Plus

16 MB

48 MB

S17Q7HK8-12204XL

c1700-bk8no3r2sy7-mz

Cisco 1700 IOS IP/DSL/IPX/AT/IBM/FW/IDS Plus IPSec 56

16 MB

48 MB

S17Q7HK9-12204XL

c1700-bk9no3r2sy7-mz

Cisco 1700 IOS IP/DSL/IPX/AT/IBM/FW/IDS Plus IPSec 3DES

16 MB

48 MB

S17C7HK9-12204XL

c1700-k9o3sy7-mz

Cisco 1700 IOS IP/DSL/FW/IDS Plus IPSec 3DES

16 MB

48 MB

S17CVP-12204XL

c1700-sv3y-mz

Cisco 1700 IOS IP/Voice Plus

16 MB

48 MB

S17C7VP-12204XL

c1700-sv3y7-mz

Cisco 1700 IOS IP/DSL/Voice Plus

16 MB

48 MB

S17C7HV-12204XL

c1700-o3sv3y7-mz

Cisco 1700 IOS IP/DSL/Voice/FW/IDS Plus

16 MB

48 MB

S17B7HPV-12204XL

c1700-no3sv3y7-mz

Cisco 1700 IOS IP/DSL/IPX/Voice/FW/IDS Plus

16 MB

48 MB

S17C7VK8-12204XL

c1700-k8sv3y7-mz

Cisco 1700 IOS IP/DSL/Voice Plus IPSec 56

16 MB

48 MB

S17C7VK9-12204XL

c1700-k9sv3y7-mz

Cisco 1700 IOS IP/DSL/Voice Plus IPSec 3DES

16 MB

48 MB

S17C7HVK8-12204XL

c1700-k8o3sv3y7-mz

Cisco 1700 IOS IP/DSL/Voice/FW/IDS Plus IPSec 56

16 MB

48 MB

S17C7HVK9-12204XL

c1700-k9o3sv3y7-mz

Cisco 1700 IOS IP/DSL/Voice/FW/IDS Plus IPSec 3DES

16 MB

48 MB

S17Q7HVK8-12204XL

c1700-bk8no3r2sv3y7-mz

Cisco 1700 IOS IP/DSL/IPX/AT/IBM/Voice/FW/IDS Plus IPSec 56

32 MB

64 MB

S17Q7HVK9-12204XL

c1700-bk9no3r2sv3y7-mz

Cisco 1700 IOS IP/DSL/IPX/AT/IBM/Voice/FW/IDS Plus IPSec 3DES

32 MB

64 MB


Product Number and Ordering Information

Table 4  Cisco Product Numbers and Descriptions

Product Number
Description

CISCO1720-SHDSL

Cisco 1720 bundle with G.shdsl WIC, IP/DSL image, 8-MB Flash, 32-MB DRAM

WIC-1SHDSL=

One-port G.shdsl WIC


The Cisco 1750 and 1751 can be configured with the G.shdsl WIC.

Hardware Specifications

Table 5  Hardware Specifications

G.shdsl Chipset
Globespan Chipset

Dimensions (H x W x D)

0.75 x 3.08 x 4.38 in. (1.91 x 6.93 x 9.86 cm)

Weight

2.4 oz (68 gram)

LEDs

CD  (Carrier Detect)

LP  (Loopback)

OK (DSLSAR download complete)

Ports

Single RJ-11 connector

Cabling

RJ-11 line cord (included)


Cisco 1700 Platform-Specific Technical Specifications

Refer to the Cisco 1700 data sheets for additional information on mechanical, environmental, and agency certifications. See the following URLs for Cisco 1700 data sheets:

For the Cisco 1720 data sheet and technical specifications, refer to the following URL:

http://www.cisco.com/warp/public/cc/pd/rt/1700/prodlit/1720_ds.htm

For the Cisco 1750 data sheet and technical specifications, refer to the following URL:

http://www.cisco.com/warp/public/cc/pd/rt/1700/prodlit/1750_ds.htm

For the Cisco 1751 data sheet and technical specifications, refer to the following URL:

http://www.cisco.com/warp/public/cc/pd/rt/1700/prodlit/c1751_ds.htm

2007/05/04 11:41 2007/05/04 11:41

트랙백 주소 :: http://thinkit.or.kr/network/trackback/330

댓글을 달아 주세요

MANAGED SECURITY SERVICES FOR SMALL, MIDSIZE, AND ENTERPRISE ORGANIZATIONS

EXECUTIVE SUMMARY

Network security breaches can affect an organization on many levels, from productivity losses to costly downtime, from operational disruptions to unprotected proprietary data. Businesses do not have to engage in e-commerce or e-business transactions to find themselves at risk from an Internet transmission. Internal networks, data and file sharing, e-mail communications, mobile or offsite workers, and worldwide access amount to a network with multiple points of vulnerability. Few organizations have the resources for 24-hour monitoring or the ability to keep informed of the latest network security technologies; those that do may spend more time and money than necessary to support their security operations.
Effective business security is available, however, whether you choose to manage network security operations internally or to out-task to a service provider. This overview explains the basics of network security; the options for small, midsize, and enterprise organizations; business requirements; and some examples of security solutions.
Finding the right security solution for your organization begins with assessing and prioritizing your specific requirements, as well as becoming informed about your alternatives and some of the common decision points. This overview provides a starting place. To learn more, go to Cisco.com or contact a Cisco Systems® representative or Cisco® Powered Network provider.

MARKET OVERVIEW

In the networked business environment, security is not only critical, it has taken on a level of complexity that has affected organizations of all sizes worldwide. Network security today includes constant monitoring and management of both internal and external network operations, from the desktop to e-business transactions to global communications and file sharing. In order to retain their competitive agility and time-to-market responsiveness, businesses find they must maintain a level of openness and connectivity with vendors, partners, customers, and/or employees working remotely. This increased need for external connectivity places network infrastructures at greater risk than ever before. Small businesses can no longer rely only on standard off-the-shelf virus programs to provide sufficient security, while large enterprises experience vulnerability along an infrastructure extended to local, regional, or global offices.
Although the demands of securing daily workflow, transactions, and data have increased substantially, businesses may be reluctant to out-task network security functions, fearing that loss of control over security will put them at greater risk. However, reliable service providers can create a comprehensive security offering that meets the needs of organizations large and small, while building in features that give businesses the control and peace of mind they require. Service providers may manage some or all of their customers' network security functions, helping organizations to take advantage of sophisticated technologies, dedicated manpower, and 24-hour watchfulness, as well as routine maintenance and management of disaster operations.
Security is no longer optional in today's business market and out-tasking is one solution for reducing risk and expenditure, while concentrating on essential business functions and enhancing productivity.

SERVICES DESCRIPTION

Managed security is the out-tasked management and monitoring of network and customer premise security devices, systems, and processes according to a business' security policy. Managed security services include all the provisioning, installation, maintenance, monitoring, operations, and administrative functions associated with managing a secured network environment. The primary benefit is 24-hour service that improves network security posture and lowers security costs.
Securing a business may encompass hardware and software implementation, management, and monitoring, depending on a particular organization's current infrastructure and requirements.
Services may include:

• Managed firewalls-Firewalls protect internal and external network borders by restricting the types of network protocols and traffic allowed across the network border. Firewall appliances, which the service provider manages remotely, include dedicated hardware and software platforms located on your business premises.

• Managed intrusion detection systems (IDSs)-Intrusion detection determines when inappropriate access to your network, systems, services, applications, or data has occurred or is underway. Intrusion detection services rely on network-based or host-based monitors, and often match monitored traffic or activity against profiles of known attacks.

• Managed IP-VPNs-VPNs are secure, end-to-end, private network connections over third-party networks, such as the Internet or extranets.

• Managed antivirus protection-This service most often involves checking for viruses at the gateway or firewall as well as in e-mail messages and attachments, and in file transfers. Automatic updates may be included in the service provision.

• Managed endpoint threat protection-This service detects and prevents anomalies from occurring on endpoint devices, such as desktops and servers.

• Managed authentication-Authentication monitors and directs processes and technologies to verify the identity of a user attempting to gain access to systems or applications.

• Managed content filtering-Filtering is used to isolate and block content deemed inappropriate by internal policies or regulatory policies.

• Vulnerability assessment-Involves security risk assessments, network scanning, and probing to reveal network, operating system, or application vulnerabilities in Internet-facing systems.

BUSINESS REQUIREMENTS

If you are considering out-tasking some or all of your network security functions, or widening the array of security services your business currently receives from a service provider, you are part of a trend. Analysts predict a surge in out-tasked security, with the most significant increases in VPN and firewall services.
Out-tasking security does not have to mean relinquishing control over critical business processes. A managed service provider can work with you to help ensure that you maintain control of workflow in your organization. Businesses with in-house IT expertise can determine where control is desirable, and where managed service provider support can free time and resources to devote to widespread infrastructure management and strategic business initiatives.
What primary factors are causing businesses to out-task security and rely on the experience, economies of scale, and advanced technology of a service provider? Businesses today are motivated by the following:

• Increased security threats-High-profile feats of hackers and intruders have heightened awareness of network security breaches and security risks. Managed security service providers have the manpower for 24-hour monitoring of the changing security landscape.

• "Day Zero" damage-Rapidly spreading attacks occur too fast for reactive products to halt them immediately. Managed security service providers have automated security systems with warning mechanisms and proactive capabilities.

• Growing use of Internet and remote access-As businesses increase their investment in the Internet, intranets, extranets, and remote access connectivity, they concurrently increase their exposure to network security threats. Managed security service providers can secure the full range of business connectivity options.

• Dynamic technology-Managed security service providers can acquire and keep pace with the latest network security technology. Small and midsize businesses often do not have these in-house capabilities, while enterprises can reduce the cycle of continually investing in new security technologies and training.

• Growing complexity of e-business models-Complex e-business models require complex network security solutions. Businesses are finding initial investment costs high for implementing security in house and costly maintenance requirements for adapting existing solutions. Out-tasking security services is one potential avenue for controlling and reducing IT costs.

• Lack of customer confidence-Business customers and partners understand the risks, and they are raising network security concerns. Managed security offerings can bolster perceived security of business extranets.

• Regulatory issues-Regulatory agencies have begun to require industries to improve network security postures by specific timeframes. Examples include the e-signature law, which makes online contracts with electronic signatures as binding as hard-copy versions, requiring comprehensive authentication capabilities; the Safe Harbor Agreement for compliance with data privacy requirements in the European Union; and the Health Insurance Portability and Accountability Act (HIPAA) for healthcare organizations. Managed security service providers have experience meeting regulatory requirements.

Whether these factors directly affect your business, you may gain the same benefits as other organizations that choose managed security services. These benefits include:

• Reliability-The most important benefit of network security is reliability-businesses in today's marketplace cannot afford to take chances with their security coverage. A managed security service provider's reputation depends on delivering reliability day in and day out. Organizations require the 24-hour support and state-of-the-art expertise provided by out-tasking security services.

• Focus-Out-tasking security services allows an organization to focus its workforce, infrastructure, and IT resources on core business capabilities and strategic initiatives, while using the expertise and advanced technologies of a reliable managed service provider.

• Lower costs through economies of scale-Out-tasking security products and software, which can be costly and complicated to implement and manage, can decrease the total cost of network ownership. For this reason, managed security providers can deliver the latest technologies and expertise to their customers at a lower cost.

• Faster deployment-Managed security service providers are in the business of implementing network security solutions quickly and efficiently.

• Reduced IT costs-Managed security service providers can cut expenditures by offering financial and network performance guarantees through service-level agreements (SLAs).

CASE STUDY

Providing Network Security to a Global Nutritional Health Company

When a premier global nutritional health company needed enhanced security, its leaders decided to out-task, and selected a service provider that operates its services over a network built end to end with Cisco equipment-and thus displays the Cisco Powered Network mark. The solution included a multisite IDS pilot that helped in the evaluation of IDS implementation and usage throughout its worldwide enterprise network. The company benefited from the service provider's use of efficient, cost-effective, open-source technology. With the help of a reliable service provider, the nutritional health company obtained crucial information about its security network at a reasonable cost, without risking its core business resources.

Decision Tree

When evaluating the role of managed security services in your organization, you will want to assess your current and projected requirements. At a minimum, your assessment should include your:

• Organizational structure-Evaluate the types of offices and network infrastructure that your organization possesses. Consider your headquarters, branch, and remote offices-locally, nationally, and globally-LAN, MAN, or WAN networks; and mobile and offsite workforce, and the number of workers supported.

• Network access and availability-Inventory your bandwidth, application, and usage requirements for both internal and remote workers.

• Information assets-List your computer and server hardware, applications, and critical data.

• Industry requirement-Assess the industry-specific needs of your organization. For example, financial institutions and banks often incur greater network security risks.

The material presented in Table 1 and in Figure 1 can provide a starting place for discussion about your specific business needs with a managed service provider.

Table 1 Assessing Your Network Security Profile

Small Business

Midsize Business

Enterprise Business

  • Low complexity
  • Low traffic volume
  • Few types of information assets to protect (for example, servers, databases, applications)
  • Minimal amount of risk associated with each asset
  • Medium complexity
  • May host dozens of servers, multivendor hardware and software platforms, and multiple applications
  • Several different types of information assets
  • Varying levels of risk associated with each asset
  • High complexity
  • High bandwidth requirements
  • Many types of information assets
  • Maximum risk associated with company assets
  • Large number of remote locations and teleworkers
  • Varying levels of security that depend on a business division or workgroup

Figure 1 Decision Tree for Evaluating Networking Requirements and Managed Security Services

Searching for the right managed security service provider to meet your security requirements can begin with assessing and prioritizing your business objectives. Table 2 shows a checklist of potential business objectives and the benefits you may realize.

Table 2 Assessing Your Managed Service Provider

 

Objective

Benefit

Access to network security expertise and the latest technological security advances

  • Service provider expertise
  • Service provider best practices
 

Excellent customer service

  • 24-hour monitoring
  • Real-time incident reporting
  • Administrative control
  • Onsite support
  • Reliable service backed by SLA
  • Responsive support staff
 

Compatibility with existing equipment

  • Interoperability with existing security controls, and with legacy LAN and WAN environments
 

Protection of broadband Internet connection

  • Protection of Internet-based VPN
  • Secure Internet access solution, bundled broadband connectivity, Web hosting
 

Comprehensive managed security offerings

  • May include consulting, implementation, management, and training services
 

Consulting services

  • Specialized knowledge of security functions
 

Processes and procedures to manage threats and incidents effectively and quickly

  • Specified response times for handling incidents
  • Real-time reports detailing incidents and threats
 

Flexible, individual offerings and security service bundles

  • Ability to expand out-tasked services as trust in managed service provider grows
  • Control over select security functions to maximize workflow, if needed
  • Cost-effective, end-to-end security solutions
 
Whatever your business size, managed security services can facilitate the implementation of your business strategy, as shown in Table 3.

Table 3 Out-Tasking Strategies

 

Business Strategy

Managed Security Services

Enterprise business

Enhance current security operations to effectively mitigate potential security risks and attacks

  • Managed firewalls
  • Managed intrusion detection services
  • Consulting on overall security policy and architecture
 

Protect information flowing in and out of organization

  • Authentication
  • Encryption
  • Public key infrastructure (PKI)
  • VPNs
 

Proactively safeguard network

  • Policies and technologies in place to secure network against current and future threats
  • Content security solutions (e-mail and Web scanning)
  • Intrusion detection
  • Vulnerability analysis

Small to midsize business

Extending Internet usage as a way of replacing or expanding existing WAN connectivity

  • Managed firewalls
  • Virus scanning
  • Managed intrusion detection services

Financial Analysis

Providing continual network monitoring and protection by relying solely on in-house resources can burden resource allocations and budgets for organizations of all sizes. Out-tasking network security services to a managed security service provider can result in significant savings in ongoing management, as well as in implementation and training costs. It also enables in-house personnel to focus on core business competencies.
Consider, for example, the cost savings and benefits of out-tasking two high-priority network security services: intrusion detection and firewall services.
Organization: Enterprise with four IDS servers
Cost Savings: 75 percent in monthly recurring costs by out-tasking managed IDS services
Benefits: The reduced expenditure resulted in an increase in network reliability and monitoring, along with the flexibility to reallocate IT staff to strategic projects. In addition, the organization lowered implementation and training costs.
Organization: Enterprise with 9 sites and 2500 users
Cost Savings: 65 percent in monthly recurring costs by out-tasking managed firewall services
Benefits: Again, the reduced expenditure resulted in an increase in network reliability and monitoring, along with the flexibility to reallocate IT staff to strategic projects. In addition, the organization lowered implementation and training costs.
Ask your Cisco Powered Network managed service provider to help you calculate managed services security return on investment (ROI) with the Cisco ROI calculator.

CISCO POWERED NETWORK PROGRAM

Cisco Systems is the leader in enterprise networking, and small, midsize, and large businesses can enjoy the same reliability, scalability, and flexibility of network services by looking for the Cisco Powered Network designation when they choose to out-task these capabilities. Service providers with the Cisco Powered Network designation are committed to using end-to-end Cisco equipment in their networks and meet high standards of operational excellence and customer service and support. More service providers are offering their business customers managed security services based on Cisco solutions that include managed firewall, network- and premises-based VPNs, and managed IDSs.
Businesses have turned to service providers with the Cisco Powered Network designation to supply reliable, industry-leading out-tasked services that help enable advanced applications based on Cisco end-to-end network equipment and technology.
More than 375 of the most successful service providers around the world are members of the Cisco Powered Network program. Located in more than 56 countries, these program members offer a wide range of services-featuring networks built with Cisco products and solutions-for their small, midsize, and large business customers.
Service providers with the Cisco Powered Network designation are committed to using end-to-end Cisco equipment in their networks and meet high standards of operational excellence and customer service and support.

FOR MORE INFORMATION

To learn more about Cisco Systems solutions for business security, visit: http://www.cisco.com and http://www.cisco.com/go/security.
Please visit http://www.cisco.com/go/managedservices for information on other managed services, including:

• VPN services

• Business voice services

• Metro Ethernet services

2007/05/04 11:39 2007/05/04 11:39

트랙백 주소 :: http://thinkit.or.kr/network/trackback/329

댓글을 달아 주세요