Version 1.0 July LHR Airports Limited see photolibrary.heathrow.com. Managed LAN. Technical specification

Similar documents
TECHNICAL SPECIFICATION WIDE AREA MOBILE DATA (WAMD)

Passive Infrastructure Technical Specification. Version 1 / March 14

CCDE Challenge Mela- Construction Group

Document Information:

Data Services. Reliable, high-speed data connectivity

VPN Cloud. Mako s SD-WAN Technology

How Smart Networks are changing the Corporate WAN

Data Services. Reliable, high-speed data connectivity

Network Security Policy

Network Service Description

PassTorrent. Pass your actual test with our latest and valid practice torrent at once

Tiscali Business Services Wholesale IPVPN Services Summary

Vodafone keynote. How smart networks are changing the corporate WAN. Peter Terry Brown Director of Connectivity & UC.

Reliable, fast data connectivity

Mission Critical MPLS in Utilities

Data Center Interconnect Solution Overview

An introduction to MPLS IPVPN. TTB PRES MPLS IPVPN DIRECT v2.indd 1 25/08/ :48

Data Services. Reliable, high-speed data connectivity. Group Ltd

Managed Services Rely on us to manage your business services

GÉANT L3VPN Service Description. Multi-point, VPN services for NRENs

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

4.1.2 NETWORK-BASED IP VIRTUAL PRIVATE NETWORK SERVICES (NBIP-VPNS) (L , C.2.7.3, M.2.1.2)

Private data networks

Introducing Campus Networks

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Reaping the Full Benefits of a Hybrid Network

THE BUSINESS CASE FOR SIP

TetraNode Scalability and Performance. White paper

What can the OnBase Cloud do for you? lbmctech.com

MPLS VPN: Business Ready Networks. The cost-effective, scalable and robust network solution

Data Services. Reliable, high-speed data connectivity

Service Description Safecom Customer Connection Version 3.5

Accelerate Your Cloud Journey

IP VPn COMMITTED TO QUALITY

Global IP Network (GIN) Connects You to the World

/ Lot 1 Standard Service Offer Data Access Services Service Offer RM1045-L1-SSO Pinacl

INTERNATIONAL LAW ENFORCEMENT CCTV NETWORK SERVICES

BT Ethernet Connect Global Service Annex to the General Service Schedule (Doc Ref: 13.1 July 2013)

SD-WAN Transform Your Agency

Realiable and extensive solutions for your business #EmpoweringYourFuture

Never Drop a Call With TecInfo SIP Proxy White Paper

BT Connect Networks that think Optical Connect UK

Data Services. Reliable, high-speed data connectivity

INTERNATIONAL LAW ENFORCEMENT CCTV NETWORK SERVICES

Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN

RFP Annex A Terms of Reference UNHCR HQ Data Centre Colocation Service

Networks - Technical specifications of the current networks features used vs. those available in new networks.

Enterasys K-Series. Benefits. Product Overview. There is nothing more important than our customers. DATASHEET. Operational Efficiency.

NetPro. from Wireless Logic. Available on a per SIM license basis. No CAPEX. Retain your Airtime Contracts with your existing providers

Service Definition Internet Service

Network Services Internet VPN

Metro Ethernet for Government Enhanced Connectivity Drives the Business Transformation of Government

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

Transform your network and your customer experience. Introducing SD-WAN Concierge

E-Seminar. Storage Networking. Internet Technology Solution Seminar

How Cisco ASR 1000 Enables Cisco Business Strategies by Providing Capacity and Resiliency for Collaborative Applications

Cisco ONS Port 10/100 Ethernet Module

Network Service Assurance

Building Infrastructure for Private Clouds Cloud InterOp 2014"

Uptime and Proactive Support Services

Choosing the Right. Ethernet Solution. How to Make the Best Choice for Your Business

Multiprotocol Label Switching for the Utility Wide Area Network

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

MANAGING THE COMPLEXITY.

Cisco Exam Questions & Answers

LinchPin. Managed Service For IP VPN Networks. Web Site Telephone

INTERNATIONAL LAW ENFORCEMENT HD CCTV NETWORK

NHS HE N3 update. London 9 th November 2006

MASERGY S MANAGED SD-WAN

Data Center Operations Guide

Logical Network Design (Part II)

CISCO EXAM QUESTIONS & ANSWERS

Unifying the Distributed Enterprise with MPLS Mesh

Custom Connect. All Area Networks. customer s guide to how it works version 1.0

Unified Communications from West

Service description ETHERNET

Chapter 1. Cisco SONA and the Cisco Enterprise Architecture

Customer Managed Connectivity - Milan

COMCAST ENTERPRISE SERVICES PRODUCT-SPECIFIC ATTACHMENT SOFTWARE-DEFINED WIDE AREA NETWORKING (SD-WAN)

System Manual Part 2: TetraNode Architecture

Cloud Services. Introduction

LAN design. Chapter 1

Cisco EXAM Cisco ADVDESIGN. Buy Full Product.

Level 3 Certificate in Cloud Services (for the Level 3 Infrastructure Technician Apprenticeship) Cloud Services

Innovative Solutions. Trusted Performance. Intelligently Engineered. Comparison of SD WAN Solutions. Technology Brief

Converged Platforms and Solutions. Business Update and Portfolio Overview

RingCentral White Paper UCaaS Connectivity Options in the New Age. White Paper. UCaaS Connectivity Options in the New Age: Best Practices

Building Service-Aware Networks

Atmosphere Fax Network Architecture Whitepaper

Special Provision No. 683S27 June 2017

OPTera Metro 8000 Services Switch

Small Enterprise Design Profile(SEDP) WAN Design

DATA CENTRE & COLOCATION

90 % of WAN decision makers cite their

Cloud Leased Line (CLL) for Enterprise to Branch Office Communications

WHITE PAPER. Title. Managed Services for SAS Technology

INTRODUCTION OUR SERVICES

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

World Class. Globally Certified. High Availability.

QUESTION: 1 You have been asked to establish a design that will allow your company to migrate from a WAN service to a Layer 3 VPN service. In your des

Transcription:

Version 1.0 July 2015 LHR Airports Limited see photolibrary.heathrow.com Managed LAN Technical specification

Managed LAN Technical specification Version 1.0 July 2015 2 Contents Introduction 3 Service overview 4 High level design 4 Options 6 Contacts 8

Managed LAN Technical specification Version 1.0 July 2015 3 Introduction Heathrow has been the busiest international hub airport in the world for the past decade, handling more than 70 million passengers on an annual basis. In order to successfully cater for such an extraordinary high volume of traffic, the airport operation must be based on using a robust groundwork, providing a reliable, uninterruptible service. The IT infrastructure at Heathrow has been built to meet challenging criteria, and is being constantly upgraded to adopt the latest innovations and standards. Its proven design can handle the daily routine operation, as well as cope with unexpected events. The Managed LAN service is the core offering within the Heathrow s Commercial Telecoms portfolio. It provides a secure, reliable, flexible and inexpensive solution to network data and IT systems within a given terminal or terminals. Customers can connect end station equipment (PCs, printers, servers, workstations) directly to the LANs ethernet infrastructure while Heathrow seamlessly facilitates connectivity. The Heathrow s Managed LAN service delivers an impressive stability at unbeatable costs. Please note: These prices are subject to a signed contract.

Managed LAN Technical specification Version 1.0 July 2015 4 Service overview The Heathrow Airport Managed LAN service delivers an environment connecting together multiple sites and uses the industry standard technology to deliver secure scalable customer VPNs. The service, wrapped in the ITIL service management set of practices, focuses on aligning the IT services with the needs of your business. The service runs over Heathrow s proven Cisco 3-layer hierarchical network, with significant separation and diversity, providing the highest levels of resilience and availability. A modular network design means that supporting changing business requirements can be completed efficiently with the agreed SLAs. The use of layer 3 MPLS (multi protocol label switching virtual private networks) provide logical and secure segregation of customers. The infrastructure fully supports the transport of voice, data and video. The Heathrow LAN is capable of running QoS, is configured to do so, and will be deployed where appropriate. The Managed LAN service will conform to the requirements of Payment Card Industry (PCI). Should a customer require the current certification for their own compliance requirements, access to the current certification will be made available on www.heathrow.com. High level design Heathrow invested significantly in its network architecture in 2008, under its capital investment programme (CIP). This replaced a legacy infrastructure that had grown organically with numerous single points of failure. The legacy infrastructure had triggered a number of significant outages that had a knock on impact to the airlines operating out of Heathrow. Approach Ahead of making any investment, Heathrow considered the key business requirements and concluded these to be resilience, capacity and scalability. Investment in resilience would optimise uptime and a corresponding approach to capacity would ensure optimal network performance at all times. Scalability was considered key in order that the network could expand or contract in-line with changing business requirements and adapt to increasing data consumption without the need for a wholesale refresh. These principles amongst many others are recorded in the network building blocks. These building blocks set out Heathrow s approach to its data network architecture and remain a key reference source for those developing and maintaining the network, ensuring an on-going integrity and avoiding implementation of bespoke solutions. Resilience The approach to resilience was considered from a number of perspectives. One perspective is a physical one, where equipment that is duplicated (core/distribution layers) is at different locations. This hardware has two power supplies and are provided power feeds which are also diversely provided from different supply stations and energy providers. The fibre optic connectivity that connects these devices never shares a cable or uses the same pit and duct system. The same is true of connectivity from the distribution to access layer. The second perspective is that of logical routing or connection of data paths. In order to mitigate single points of failure at the access layer, end user devices are spread across different (access layer) switches, a practice known as interleaving, which means each end user device is provided with a live LAN port fed from two different access layer switches, each fed from a different north or south power supply. A long sequence of multiple events needs to occur to have a widespread impact to services following the failure of the network. Heathrow applies these same principles across the common infrastructure, namely at Terminals 2 and 5.

Managed LAN Technical specification Version 1.0 July 2015 5 Service overview Core Si Si Si Si Si Si Si Si Distribution Access Capacity The approach to capacity takes into account all the services that run over the network. These range from voice and video all the way through to bag messaging. It was important that the network had the capacity to support all these services. Within the network the links between core and distribution devices are 10Gbps. The links between the distribution and access devices are normally 1Gbps. At the access layer a client or end user device is able to connect at speeds from 10Mbps to 1Gbps, depending on the location. Where 1Gbps is allocated to a client device then the uplinks to the distribution layer are increased to 10Gbps. In terms of the service provided to airlines for the common use systems, the configuration at the access layer and distribution layer will always provide a minimum of 100Mbit/s to the end user device. The Heathrow LAN is also capable of running quality of service (QoS) and is configured to do so. Heathrow has QoS policies in place which give higher priority to specifically voice (for IPT) and video (for CCTV). Once utilisation exceeds defined early warning indicators then each separate system will be prioritised by a class of service (CoS). The early warning indicators are defined within Heathrow s capacity management tool and once exceeded automatically generate an incident in the service management toolset for follow up investigation. As a safety precaution, a manual review of utilisation is undertaken monthly. Scalability The adoption of a scalable infrastructure was intended so that a wholesale refresh of the network architecture could be avoided unless there was a major change in the vendor roadmap. This means that the network can be expanded or contracted as business requirements dictate. A good example of this approach to scalability is the use of the modular network devices in the core and distribution layers. Over the time, capabilities can then be added or removed without the need to replace the whole device. This can reduce cost minimising both downtime and risk but also permits a longer term of use of such an asset, thus providing a better return on investment.

Managed LAN Technical specification Version 1.0 July 2015 6 Service overview Network management The Heathrow network is supported by highly qualified and competent resources, and a combination of complimentary network management tools. Network management is undertaken by a set of tools selected for their relevant strengths. At the centre is EMC Smarts which provides real time information about the status of the network to the engineering teams. This capability includes the automatic raising of incidents in the service management tool once defined thresholds have been breached. Alongside is Concord ehealth which acts as a capacity and availability reporting tool to identify trends over time. Configuration management is controlled by alterpoint device authority. This is a powerful capability that governs change on the network through its policies and also provides an advanced capability for the backup, configuration and regression of network changes. Security Heathrow network service is aligned with the principles of the ISO 27001 International Information Security Standard. For encryption and authentication of the private customer networks, the Internet Protocol Security (IPSec) is used. All access ports have bridge protocol data unit (BPDU) guard enabled which prevents rogue switches from connecting to the secure network, protecting the data centre core. The inter-vpn security is provided by firewalls using the virtual domains (VDOMs) to create a virtual firewall for VPN to maintain the integrity of the MPLS VPNs. The inter-vpn traffic is then governed by the firewall rules set specifically for each VDOM. Options MPLS Virtual Private Network Whenever there s a need to provide managed LAN service across multiple airport terminals, a MPLS VPN is deployed. It allows a device to connect across the terminals to other devices on the same MPLS VPN. The MPLS VPN is configured for the customer over the Heathrow s MPLS backbone, benefiting from the functionality, security and management policies of the private network. The design of the MPLS VPN is based around layer 3 VLANs deployed in terminals which are part of the same Virtual routing table (VRF) that allows them to communicate with each other as if they were all directly connected to the same private network. The customer is just presented with ethernet ports at the access layer and Heathrow manages the rest of the infrastrucutre leaving the customer to get on with their day to day activities. The MPLS VPN can have an egress point to a WAN circuit for external connectivity out of Heathrow Campus. This can be to the company s HQ or DC for corporate services. Edge site Core Edge site Terminal 3 VPN A VPN A PE PE MPLS VPN B VPN B PE PE

Managed LAN Technical specification Version 1.0 July 2015 7 Service overview Virtual local area network Within a single airport terminal, a virtual local area network VLAN is deployed. A single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a virtual local area network, Virtual LAN or VLAN. Each customer is assigned with its own dedicated virtual network, without a possibility to be used or connected to by other customers, while sharing and running on the common infrastructure with the other virtual networks. Terminal domain DSCR DSCR VLANs SCR SCR SCR SCR Storage Lounge Lounge Storage DSCR (distribution communications room), main communications rooms, two in T2A and T2B for example. These house domain level network devices, routers and switches. Physical resilience is provided utilising two geographically separated DSCR rooms for each IP domain. SCR (secondary communications rooms), multiple communications rooms located more frequently across Terminal 2. House access layer switching, have 10U lockable compartments and are located to provide optimal coverage for the Cat6 structured cabling layout. (consolidation point), located every 5m2 across the terminal, s are what makes the Common Infrastructure as flexible as it is. s can serve one or more demises, and each has up to 12 data ports. For areas where a high number of ports are required, Heathrow can flood these areas with more s. Bandwidth 10 Mbit/second Suitable for specific purposes, like telephony 100 Mbit/second A frequently used option, sufficient for most of the applications 1000 Mbit/second Provision for the most demanding data transfer requirements

Contacts Contact: 0208 745 6565 Email: Contact Address: Heathrow@sita.aero Compass Centre, Nelson Road, Hounslow, Middlesex, TW6 2GW Legal Notice Heathrow Airport Common Infrastructure Policy (CIP) and Heathrow Airport Limited reserves all of it rights and remedies in respect of the CIP including but not limited to those rights relating to scope, application and enforcement. The rights and remedies set out in the CIP are in addition to, and not exclusive of, any rights or remedies provided by law. This document and the information contained therein are confidential and remains the property of Heathrow Airport Limited. The document may not be reproduced or the contents transmitted to any third party without the express written consent of Heathrow Airport Limited. This document and information contained therein is subject to contract.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback