Mpls vpn

MPLS VPN Services MPLS ? MPLS VPN Operation RCOM Network overview Challenges – Data Network Remote Connect - RA MPLS VPN Telecommuter confidential

Shifts in the Application Deployment The nature of applications has changed From batch-driven applications (i.e. Payroll, inventory control) to highly interactive applications and business critical applications (ERP, such as SAP, peoplesoft) New technologies bring new applications Voice and video conferencing E-learning, e-support, e-collaboration, ... e-everything“ Centralization vs. Decentralization of applications Centrally hosted applications depend on the quality of the network IP Best Effort can hardly meet today‘s and tomorrow‘s application requirements

Current Effects on Corporate Networks Demands on network deployment Networking Evolution Changing Business Environemt Shift in Application Deployment Flexibility Scalability Security Virtual Private Networks (M)Any-to-(M)Any IP Quality of Service Further technological development

How Can These Demands Be Met ? Different solutions might have to be implemented depending on the demands of the corporate network A convergence of different technologies might be necessary to build intranet and extranet solutions Flexibility Easily add or move existing sites within the network Any-to-Any Adapt to changing needs of corporate communication VPN Privacy equivalent to what private networks offer today IP QoS Meet the changing demands of todays and tomorrows IP based applications MPLS VPN MPLS VPN MPLS VPN MPLS VPN

The Technology Challenge Technology options are growing at an exponential pace, while the ability of businesses to assimilate these new technologies is growing at a steady pace... Complexity Time DataQuest Technology Assimilation Gap Rate Of New Technology Introduction Rate At Which Businesses Assimilate New Technology

Data Network - ‘Do it all by yourself’ Data Center Internet Leased Lines VSAT Internet IP-VPN Call Center

A Network you can plug into – To bring your biz entities on-line with your IT apps Wired Wireless Terabit MPLS Network with All India Reach Call Center Own/ 3 rd Party Data Center ERP CRM E-mail Supply Chain Mgt Intranet Portal

A Virtual Private Network is constructed over shared infrastructure V irtual – Not a separate physical network, but appears to be one P rivate - Separate addressing and routing N etwork A partitioned private network over common shared IP backbone using technologies to ensure privacy of data either self-provided or provided by Service Provider VPN ? Corporate HQ Mobile User Branch Factory Supplier Shared Infrastructure

VPN R E Q U I R E M E N T S Extend Corporate Network Reduce Hardware costs by decreasing termination ports Prioritization of applications like voice/video Integrate Suppliers and Customers to Corporate Network Remote Access from anywhere, anytime Scalable and Flexible Predictable performance and pro-active management Highly secure in conformation to world standards Ability to support Private Addressing Ability to support Convergence Corporate HQ Mobile User Branch Factory Supplier Shared Infrastructure Business Technical

L2 Vs. L3 VPN L2 VPN delivers either virtual circuits Customer controls Layer3; SP just provides tunnel Referred as Overlay VPN Typically for Point to Point solutions L3 VPN requires peering between CE router and PE router Provider maintains routing tables for every VPN customer site Referred as Peer-to-Peer VPN Typically for Site to Site and Access VPNs Ethernet IP IP Ethernet Virtual Circuit Layer3 Peering Layer3 Peering Tunnel Terminated on PE Layer2 Layer3

CPE based Network based Public Do it Yourself Best Effort IP Sec Scalability limited Private SP provsioned Predicatable Inherently Secure Extremely scalable Current Technologies Reliance offering Site to Site Internet MPLS FR/ATM Depending on the need Enterprise chooses appropriate technology – No integrated approach. MPLS gives an Integrated Approach Remote Access Reliance offering

M P L S ? M ulti P rotocol L abel S witching

“ Label Substitution” what is it? BROADCAST: Go everywhere, stop when you get to B, never ask for directions. HOP BY HOP ROUTING: Continually ask who’s closer to B go there, repeat … stop when you get to B. “Going to B? You’d better go to X, its on the way”. SOURCE ROUTING: Ask for a list (that you carry with you) of places to go that eventually lead you to B. “Going to B? Go straight 5 blocks, take the next left, 6 more blocks and take a right at the lights”. One of the many ways of getting from A to B:

Label Substitution Have a friend go to B ahead of you using one of the previous two techniques. At every road they reserve a lane just for you. At ever intersection they post a big sign that says for a given lane which way to turn and what new lane to take. LANE#1 LANE#2 LANE#1 TURN RIGHT USE LANE#2

So What is MPLS ? Hop-by-hop or source routing to establish labels Uses label native to the media Multi level label substitution transport

MPLS Building Blocks Customer Edge Router connects Customer Network to MPLS Network. Uses Static Routing or RIP/OSPF to exchange Layer3 information to PE CE P PE Layer3 Information Exchange

PE Provider Edge Router (Label Edge Router) adds Label specific for a VPN site Maintains VRF for each of its directly connected sites P CE MPLS Building Blocks

Provider Router (Label Switch Router) forwards packets based on Labels P routers are not attached to Customer Networks directly No VPN specific information is stored P CE PE MPLS Building Blocks

VRF VRF VRF VRF PE2 PE1 VRF VRF -VPN Routing and Forwarding Routing and Forwarding Table associated with directly connected CEs CE P MPLS Building Blocks

CE PE P Label Switched Path - Static or can be set up dynamically Uses either LDP or RSVP as protocol Unidirectional – Asymmetric bandwidth! LDP/RSVP MPLS Building Blocks

192.168.1.0 192.168.2.0 192.168.1.0 192.168.2.0 VRF Default route as PE added or RIP/OSPF advertises 1. PE1 adds local route to 192.168.2.0 to VRF Green 2. PE1 adds Label and advertises to other PEs using IBGP VRF PEs belong to green VPN installs route for 192.168.2.0 VRF VRF PE2 PE1 PE is configured to associate VRF with Interface or Sub-Interface of CE Multiple VRFs provide separation Uses LSP to move VPN traffic MPLS VPN Operation

192.168.1.0 192.168.2.0 192.168.1.0 192.168.2.0 VRF VRF PE1 installs (label) - the local route as part of Green VPN PE1 advertises the local route learnt from CE to other PEs along with RD (Route Distinguisher), RT (Route Target) PE2 that is part of Green VRN adds it to VRF PE1 PE2 PE1 PE1 PE1 Local Local RT, VPN Identifier RD –VPN site Identifier MPLS Route Learning Label for 192.168.1.0 Label for 192.168.2.0

192.168.1.0 192.168.2.0 192.168.1.0 192.168.2.0 MPLS Packet Forwarding IP Packet PE2 PE1 2.0 VPN VPN Repeat 1.0 Remote Labels learnt through Route learning. Black Label for 192.168.1.0 is stored at PE1 Remote Labels learnt through Route learning. Blue Label for 192.168.2.0 is stored at PE2 192.168.1.1 Forward based on destination IP 192.168.1.1 Forward based on Label 192.168.1.1 Forward based on Label 192.168.1.1 Forward based on Label 191.168.1.1 Forward based on Label 192.168.1.1 Add Label and forward based on Label

192.168.1.0 192.168.2.0 192.168.1.0 192.168.2.0 MPLS Packet Forwarding (Repeat) IP Packet PE2 PE1 VPN VPN 192.168.1.1 Forward based on destination IP 192.168.1.1 Forward based on Label 192.168.1.1 Forward based on Label 192.168.1.1 Forward based on Label 191.168.1.1 Forward based on Label 192.168.1.1 Add Label and forward based on Label

192.168.1.0 192.168.2.0 192.168.1.0 192.168.2.0 192.168.1.1 Packet Forwarding in MPLS IP Packet 192.168.1.1 192.168.1.1 192.168.1.1 191.168.1.1 192.168.1.1 PE2 PE1 LSP Identifies VPN and customer destination address Used to separate customer VPN Added when packets enter and removed when packets leave VPN Swapped after every hop Used for forwarding in MPLS core Identifies the Label Switched Path IP VPN LSP

192.168.1.0 192.168.2.0 192.168.1.0 192.168.2.0 Packet Forwarding in IP Network IP Packet IP Packet Forward based on destination IP IP Packet Forward based on destination IP IP Packet Forward based on destination IP IP Packet Forward based on Destination IP IP Packet Forward based on destination IP

MPLS Delivers As a technology As IP VPN Network based VPN CEs need to exchange Layer3 information only with connected PEs; No need to exhanage routing informatioin with other CEs Overcomes overlapping private IP Address issues Routing Protocols establish reachability Routing at Edge and Swicthing at Core Delivers CoS/QoS Platform to address convergence Without IPSec, Security is as good as FR/ATM Packet switched technology Supports Layer2 and Layer3 VPNs Supports Traffic Engineering

Access Technology Matrix *Tulip Wireless Access solution option is also available on a case-to-case basis

Reliance MPLS VPN Solution Regional Office Head Office XYZ Franchisee LMDS Hub Extranet (Dealers / Suppliers) BN Reliance Core Network

Disasters have no preferences 7/26 – Mumbai Floods The enterprise Biz would however prefer to stay unaffected Disaster Recovery

Reliance IDC’s : Integral part of the MPLS Network 4 Level-3 certified IDCs 2 in Mumbai, 2 in Bangalore A ready-to-move-in DR / Primary site

State-of-the-art Facility Redundant network equipment, components, power and network paths The highest physical and network security Domain specific technical expertise Controlled HVAC environment, 24x7 onsite maintenance, monitoring and service support Automated operations Connectivity to the outside world and other data centers.

Primary Data center DR-site ready MPLS Network Reliance IDC as DR site Terabit MPLS Network

Primary Site Near DR Site Far DR Site 50-100 Km Different Seismic Zone Synchronous data mirroring Near DR / Far DR solution Applications Storage Systems Data Storage Systems Data Applications Storage Systems Data Applications Near Real time synchronous data mirroring

OSS/BSS/NOC Services / Applications QoS aware MPLS Core High Capacity Optical Core FTTB Access Network Management End-End Integrated network – Mobile and BB Leadership at every layer of architecture Metro Core Ethernet / TDM POTS, nx64K, BRI, x-DSL DLC with DSLAM DWDM Managed Lambda LMDS, UBR, WiMAX Ethernet, Fast E GbE MEN E1, DS3 STM-1/4/16 PRI ADM BC/DR Solutions Wireless Voice & Data DWDM Intranet Extranet Web Hosted Solutions L2/L3 VPN’s PSTN

Backbone Reliance owned IP/MPLS network Only Optical Fibre backbone network completely based on ring architecture 21 Core & and 172 Collector locations. 7 Primary Core locations Core, Distribution and Aggregation routers 14 Secondary Core locations Distribution and Aggregation routers Dual homed to Primary Core locations 172 Collector locations Aggregation routers Dual homed to Core locations Reliance Data Network (RDN)

7 Primary Locations Heavily Physically Meshed STM 16 (64) connectivity between primary core locations 14 Secondary Locations Fully Logically Meshed STM 4 connectivity to two or more primary locations 172 Collector Locations Connected to a core location STM 1 / n * E1 to core locations Reliance Data Network (RDN) Largest MPLS enabled Core Data Network already

Access Methodology: Wireline FTTB End-to-end optical fiber based self healing topology Connects major nodes within a city (Metro) – act as aggregation points for customer traffic within city Interconnects to all telecom service providers End-to-end (customer premise to core) self healing ring topology Optical Fiber based network to support high bandwidths Cable based on ITU G.652 standard MCN- Media Convergence Node MAN- Media Access Node BAN- Building Access Node BA- Building Access Ring BOI- Building Of Interest BN- Building Node BA Ring Core Backbone Main Access Ring MCN MAN BAN MCN MCN 12-fiber direct building cable MCN BAN BOI (BN location)

Reliance Network Main Access Ring MCN : Media Convergence Node MAR : Main Access Ring BN : Building Node BAN : Building Aggregation Node BAN BAN MCN Copper Copper Network Provisioning – Fiber-to-the-Building (FTTB) Building Access Ring (BA Ring ) Building Access Ring (BA Ring) BN BN BN BN Ethernet G. 703 / Ethernet G.703 /

Reliance Network MCN : Media Convergence Node MAN : Media Access Node BN : Building Node SDH-ADM Copper / Fiber Connectivity Copper/Fiber Connectivity MCN Multi-Point Distribution System (LMDS) Main Access Ring (MA Ring) MAN BN BN BN BN BN BN BN BN

National NOC We monitor your connections 24 x 365 Single point visibility and analysis Lowest Time-to-Restore network performance Enabling you to provide SLAs to your biz USP

Challenges – Data Network Slow Applications due to congestion Video broadcast or conferencing may have bad picture quality or appear jerky Voice sessions may have bad voice quality or periods of silence Critical transactions may take too long (too many seconds) Bulk transfers take too long (too many hours) Poor performance of real time applications which are sensitive to delay, jitter and packet loss. Customer using voice, video, and data application traffic demand varying service requirements. Business Critical Data and Non Business Data treated with same priority at service provider network. No priority for Voice or video traffic. How to meet these Challenges ??

Traffic Class of Service (TCoS) Class of Service (CoS) capabilities enable customer to assign different priority levels to specific applications Class of Service includes features for traffic prioritization and bandwidth management to minimize network delay using Class of Service classification, marking, scheduling and policing. To differentiate between priority enterprise applications like voice, video, ERP, CRM, SCM from non-mission critical applications like e-mail, FTP and web browsing. CoS can reduce the Total Cost of ownership (TCO) of the Network far lower than comparable networks. In an over-provisioned network there may be minimal congestion but the cost to performance ratio is not maximized. With CoS, application performance can be precisely optimized from end-to-end in all kinds of situations

10Mbps 8 Mbps Voice ERP Mail Web Platinum Gold Silver Bronze COS based SLA Traffic Class of Service (TCoS) 30% 20% 30% 20%

Available Queues Platinum Class is suited for latency sensitive applications. Provides guaranteed bandwidth based on customer’s bandwidth allocation. E.g. Voice. Gold Class is for critical data applications. E.g. Video, Mission critical data Silver Class is for Other data applications. E.g. Business data, Network management data. Bronze Class is for all non prioritized traffic. E.g. Web browsing. Traffic Class of Service (TCoS)

Queue Behaviour Platinum The packets will be dropped if the traffic exceeds the bandwidth defined for the platinum queue Gold, Silver, Bronze If traffic exceeds the defined bandwidth, traffic will use remaining bandwidth of other queues, if available. The drop probability will be used for selective dropping during sudden congestion or imminent congestion Gold, Silver For Gold and Silver the exceeded traffic will be marked with higher drop probability. If there is a congestion in Reliance Network, gold and silver packets with low drop probability will pass, packets marked with high drop probability will be dropped. Bronze High and low drop probability is irrelevant. Traffic Class of Service (TCoS)

Traffic Class of Service (TCoS) - SLA Financial penalties for non-conformance of SLA SLAs will be valid between PE to PE. SLAs for CoS Queues Queues Packet Loss Latency* Jitter Platinum < 0.1% 60ms 10 Gold < 0.5% 70ms NC Silver < 0.75% 70ms NC Bronze <1.0% 80 ms NC

Business Rules Customer can choose only one CoS profile for a site with BW >512 Kbps. Customer will be responsible for marking the packets and Reliance will be using those marking for QoS decision as per the CoS Flavour. CoS request will be accepted at least for two or more than two sites. SLA for CoS will be offered only between the CoS enabled sites. SLAs are offered between Reliance’s PE where as for the customers with managed CPE SLAs are offered from CPE to CPE. Customer can view CoS based reports on the CNM portal. Available reports are Service Availability, Packet Loss, Latency, Jitter, BW utilization. Customer will be responsible for marking the packets. Billing is as per the CoS tariff. Traffic Class of Service (TCoS)

I need to send the same data to multiple sites but I need to send one-by-one to every site, wasting time and bandwidth resources. I have a stock ticker to be send to all my clients. My application can send the ticker simultaneously to all clients. Will the network support this feature? Our CEO wants to address all the employees of the regional offices. Can the audio stream be sent to all the offices without sacrificing the bandwidth? Challenges – Data Network How to meet these Challenges ??

Unicast is one to one delivery of information, which requires more then one time transmission of similar data from the source device, if receivers are more then one. Broadcast is transmission of information to all sites of VPN irrespective of their need. Multicast allows the efficient distribution of information within one VPN, from one site (as a Source) to other sites (multiple receivers). For this it allows one time transformation of information from the source device regardless of the number of receivers. Multicasting reduces the flooding and gives the information to specific sites only and thus overcomes the disadvantage of Broadcast. Multicast

Multicasting is the useful feature for the customer who transmits data/audio/video information’s within their VPN to the selected sites. Multicasting feature is a tradeoff between Unicast and Broadcast. As in Multicasting all the respective sites of VPN are connected, source can transmit the information to receivers in one time transmission, which not only reduces the transmission effort but also reduces the chargeable bandwidth and thus overcomes the disadvantage of Unicast. Applications: Stock tickers Financial information Audio streams Video streams Multicast

Limitations Number of RDN PEs involved in the customer VPN should be < or = 35. Case1: If customer has 60 sites in his VPN, 10 at each of the location Mumbai, Delhi, Chennai, Bangalore, Pune and Calcutta and wants the multicasting service then customer is eligible for the service as in Reliance network each of the above location constitute a single PE which means customer is asking for the service between 6 PE which is allowed. Case 2 : If customer has 60 sites in his VPN, each involving a different PE, we will not be able to offer this feature. Multicast stream size support per customer is up to 256 Kbps. Customer can’t have more then one source for each VPN. It should be permanent source so that source location remains same within customer VPN. In case, the source needs to be changed a MACD needs to be initiated accordingly Transmission of multicasting information between two VPN (whether of same customer or different customer) is NOT allowed. Sites connecting through RAMPLS VPN (ISDN access) CANNOT be a part of multicast session Multicast

We are a BPO organization and our actual usage of bandwidth happens at night. Can I have the bandwidth automatically upgraded in the night. Can we periodically upgrade the bandwidth for a specific time interval Can I have a differential bandwidth allocated based on time Challenges – Data Network How to meet these Challenges ??

Requirement Customer requires higher bandwidth at a particular site and during particular time of the day, everyday For that particular time bandwidth should be upgraded automatically. After the particular time, the bandwidth available should be same as that of contracted one. Time of the Day (ToD) bandwidth USP CIR Time

Time of Day (ToD) is a feature where in customer can choose to allocate a higher bandwidth at a particular Time of Day on a periodic basis Customer can upgrade the bandwidth in the off-peak hours of Reliance (22:00 hrs. to 08:00 hrs.) Customers who have peak usage during the Reliance off-peak hours can drive down their internetworking costs The bandwidth offered at the off-peak hours would be double the bandwidth subscribed for Any new / existing customer can subscribe to ToD Feature. Time of the Day (ToD) bandwidth

Business Rules Time of Day (ToD) feature will be offered only to the sites with Metro Ethernet as the last mile ToD feature will be offered to customers subscribing for at least 1 Mbps bandwidth Customer can upgrade only to twice the subscribed CIR bandwidth for the off-peak time Flat Annual Charges will be charged for ToD Feature based on the subscribed CIR Time of the Day (ToD) bandwidth

Value Proposition Customers having maximum bandwidth utilization at night time can reduce the bandwidth costs significantly In absence of ToD feature customer would have subscribed for a higher CIR bandwidth which would be hardly utilized in the day time It’s a one time activity for provisioning higher bandwidth at the night time. No need to request for the same every day. Customer can upgrade to twice the subscribed CIR bandwidth for his peak utilization time This feature can be subscribed by any one or few sites of the VPN based on the requirement. It is perfectly suitable for those customers having a periodic pattern of need of higher bandwidth at night time Time of the Day (ToD) bandwidth

Reliance MPLS VPN Solution Regional Office Head Office XYZ Franchisee LMDS Hub Extranet (Dealers / Suppliers) Reliance Core Network Mobile Worker ?

Remote Connect : Full portfolio Private IP Access from Anywhere Telecommuter Solution Remote Dial-up PSTN / ISDN CDMA Wireless 7500+ Towns in India Head Office Internet Remote Users

Remote Connect : PSTN / ISDN Provides a secure, high availability, dial-up solution that connects employees, customers, and business partners to corporate intranets, extranets, and the Internet. Scalable to support organizations of all sizes, RA MPLS VPN offers PSTN / ISDN access from 22 locations in India The service offers corporate customers the facility to allow their employees and staff to access their Intranet and central resources securely. Other companies such as partners, supplies, major customers or consultants (Extranet) also can have limited access to this organization’s Intranet. To gain Remote Access, customer dials in to a network access server at the nearest Reliance POP, which enables the dial traffic to be placed into the customer’s VPN

Mode of Access The customer can get a dial up access to his IP VPN through any PSTN / ISDN line from any BSO. Though the customer can dial into the VPN from any PSTN / ISDN line, the data access rate to the VPN will depend on the customer’s local loop as well as the public infrastructure over which the call will travel to the VPN service. The customer will be provided with a unique login id (UserName@CompanyName.com) that will identify the particular user. The ‘User Name’ will be system auto-generated and alias can be created by the customer at the CNM portal In case of PSTN dial-up, multiple users of the same organization can also be allowed to use the same login id Remote Connect : PSTN / ISDN

PC / Laptop based remote access Individual Login ID for Single User Login Unique Login ID for each individual user. This Login IDs will allow only one user to Login. Common Login ID with Multiple Login Users (Applicable for PSTN remote access only) Multiple Users can use same Login ID for Remote Access. The number of simultaneous users using the same Login ID has to be specified by the customer as “No. of Login Users” Remote Connect : PSTN / ISDN

LAN based remote access Unique Login ID for each LAN based access. The customer may specify a Static IP to be provided for a particular user from the defined WAN IP Pool. If not specified, the IP will be dynamically allocated from the WAN IP Address Pool The customer must specify the LAN IP Address to enable the PCs on the LAN to access the VPN. The customer may specify more than one LAN IP Address. The Router used by the customer must be capable for dial-up access and should allow configuring the Login ID on the router. Remote Connect : PSTN / ISDN

A A A Reliance Remote Connect Solution PSTN / ISDN R A S Reliance PSTN Network Regional Office Head Office Extranet (Dealers / Suppliers) ISDN Reliance Core Network Remote Users Other BSOs PSTN Network PSTN

Nationwide availability of the Reliance CDMA wireless data services Pan India coverage (over 7500 towns and 30,000 villages) Fast & Secure CDMA 2000 1X Technology. No exposure to Internet Scalable & redundancy of the network Fundamental bandwidth of 9.6 Kbps burstable to 144 Kbps Fast Deployment No WPC/SACFA approvals required Low upfront cost of CDMA terminal Add endpoints / applications on the same back end network at no extra cost 24 X 7 support and central monitoring from NNOC Remote Connect : Wireless CDMA Wireless Data VPN (WDVPN) USP

Key Features Security CDMA technology ensures security over the air Isolation of customer traffic after the radio network up to customer server over VPN Option to choose Data Only or Data + Voice service profile Option to choose WDVPN service only or a combination of WDVPN & Net-Connect service on the same device Option to choose Static or Dynamic IP addressing Common dial access no #777 for data-calls across India Speed up to 144 Kbps / Latency 200 ms ~ 400 ms Per BTS 3 sectors - 90 concurrent data connections Dormancy after 10 sec. of inactivity for optimizing the RF network resources without dropping the session. Remote Connect : Wireless CDMA USP

Supported Devices Mobile Phone with Data Cable FWT with Data Cable FWP with Data Cable CDMA Wireless PCMCIA Data Card (for laptop users) CDMA USB Modem Remote Connect : Wireless CDMA

Remote Connect : Wireless CDMA Your CXO’s and other senior executives Stay connected to your office network while traveling One hop secure connection to your company’s e-mail / ERP / Intranet while u travel across the country

Remote Connect : Wireless CDMA PDSN AAA Reliance MPLS Network PE PE PE Switch 10/100 Secure L2TP Tunnel Per PC LNS Firewall LNS Firewall LNS Firewall LNS PE PE PE P P P PE P P PE Ethernet PE Reliance’s IDC,DAKC,Navi Mumbai PE PE PC PE PE Reliance CDMA Mobile FWT PC Reliance CDMA Network Reliance MPLS Network Firewall Access Ring

WDVPN – Other Applications Online Gaming Solution Over 70% market share ATM solution used by about 15 Banks & Euronet Over 6 00 ATMs connected till date POS solutions used by 4 Banks and Venture Infotek Over 10,000 POS Terminals deployed by the banks Automatic Meter Reading To be deployed very soon

Let your employees transform their Home into a workplace Instead of going to work, let the work come to employees Telecommuting apart from freeing up office space is also a good option to foster employee retention, boost worker productivity, and slash real estate costs. Welcome to the Age of Portable job !!

Telecommuter Solution – Work from Home ! USP

Telecommuter ? Who is a Telecommuter ? Empowered by ubiquitous broadband availability and increased wireless options, telecommuters just aren't what they used to be No longer are work-from-home (WFM) arrangements limited to new mothers or other employees who have extenuating circumstances and need to rotate between the office and home, depending on the day of week -- Telecommuters have become Tele-workers - Employees across professions and market sectors who W ork full time F rom H ome

Telecommuter Requirements Always ON network Same solution ubiquitously available across the country Secure Access to the VPN with NO exposure to public Internet Uniform Tariff across country

Telecommuter Solution Based on WiMAX Technology Non-Line of Sight (NLOS) Always ON network Ubiquitously available across the cities covered for WiMAX (Top 10 cities in Phase 1) Ideal solution for Telecommuter - Work from Home (WFH) Concept Secure Access to the VPN Bandwidth up to 256 Kbps Same infrastructure could be used for personal Internet Access

What is Wi-MAX ? Worldwide Interoperability for Microwave Access (WiMax) IEEE name 802.16. It works in point to multi point, non-line of site (NLOS) mode. It is capable of delivering broadband Internet and extending services like VPN. WiMax offers a fast, affordable, and convenient solution to widespread access needs.

WiMAX Specifications Range – 2.5 Km radius from base station Speed – Up to 24 Mbps per Base Station Non-Line Of Sight (NLOS) : Line-of-sight not needed between user and base station Frequency bands – 3.3 GHz Licensed band dedicated to Reliance Communications NO Interference Subscriber Station This consists of an ODU typically mounted on the building rooftop / Window seal CAT5 cable laid till customer end equipment. The CAT5 cable also carries the power (POE) to the ODU. Subscriber Station

Telecommuter Network Ubiquitous Coverage Quick Deployment Always ON Highly Secure WiMAX Network Reliance Core Network Head Office Firewall ERP Server Messaging Server Application Server

Telecommuter Network WiMAX Network Extension of LAN CXO Home Reliance Core Network Head Office Firewall ERP Server Messaging Server Application Server

Telecommuter Network What I need at Home ? PC How do I connect ? Just Connect the Ethernet Cable from the RRU to your PCs NIC Work as you work at Office !! Back

Security in Wi-MAX Security is achieved in three stages between Subscriber Station and Base Station Authentication Data key exchange Encryption (Data Transfer) Security is implemented at MAC layer.

Security Information Information available in SS (Subscriber Station) X.509 Certificate Public key MAC address Unique number of CA Digital signature of CA Private Key Encryption capability (SHA-1 Algorithm) Information available in BS (Base Station) Information for all the SS (Subscriber Station) in the data base The public key of Certificate Authority (CA) which helps in accessing the data base

Telecommuter Self Service Portal (TCSS) http://cnm.reliancecommunications.co.in

Telecommuter Self Service Portal Customer Network Management (CNM) Web-based online Telecommuter Self Service Portal (TCSS Portal) available on CNM, allows to add Telecommuter sites of the subscribed Profile. The Portal provides both single site addition as well as bulk request option for every subscribed profile. At TCSS portal customer administrator will also have the following administrative privileges Deletion of Telecommuter site Contact Detail Change Installation Address Change Service Migration (within the existing profile) In event of any problem with the service, customer can raise a Trouble Ticket (TT) online. Based on the selected period, Active users, Added users & TT reports will be available on the portal.

Telecommuter Self Service Portal CNM Portal Enter Login ID Enter Password CAN Number Select to enter in your account

Telecommuter Self Service Portal Service Summary Page Customer Logo

Telecommuter Self Service Portal List of VPNs & Telecommuter profiles Link for Hub site Selection shows the site detail as in case of VPN. “ TC links” indicating different profiles added through CAF. Selection gives the list of sites (TCUIDs) having same profiles.

Telecommuter Self Service Portal User Addition for existing profile & city - ADD ADD button Submit

Telecommuter Self Service Portal User Addition for existing profile & city – Bulk Upload Bulk Upload Button Download the given file NOTE : Attachment of file will add the records with “WIP” status similar to ADD.

Telecommuter Service Management New CAF Customer wants to migrate the TCUID from existing to - New profile & New city - New profile & existing city - Existing profile & new city Migration of TCUID 6 TCSS Portal (Delete from one city and create the same in another city) Customer wants to Migrate the TCUID from one city to other existing city which has the required profile. Migration of TCUID 5 TCSS Portal Customer wants to Migrate the TCUID between the existing profiles for the same city. Migrate TCUID 4 TCSS Portal Customer wants to change the Installation address for the same profile & city. Installation Address change 3 TCSS Portal Customer wants to change the contact person’s details (Name, Contact No. E-Mail ID etc.) Contact detail change 2 TCSS Portal Customer wants to delete one of the “Active” site Delete TCUID 1 Mode Description Feature Sr. No.

Telecommuter Self Service Portal Change requests - Delete Delete - Change Contact Detail Change Contact Detail - Installation Address Change Change Address - Migration of service in same city in existing profile Migrate TCUID Select

Telecommuter Self Service Portal In case of any problem the customer administrator can raise the Trouble Ticket (TT) online on the Portal against each Telecommuter site (TCUID) The TT Reports are also available at the TCSS portal for customer reference Alternatively, customer can call the RCOM call centre and mention the Subscriber ID (of the profile to which the effected site belongs) and the TCUID of the Telecommuter site to log a Trouble Ticket Service Assurance

Create Trouble Ticket Telecommuter Self Service Portal Trouble Ticket Select any of the problem for which you want to create TT Reports

Private WEB access Private access for a designated C/S application Full network access for a designated workstation Customizable Application Access Multiple Modes of Operation

Clientless Mode Access to web-based applications and Citrix No software to be downloaded Best option for limited web application access and unmanaged desktops Applicable for Uncontrolled environment Unknown security posture & system privileges Limited application access Posture assessment, post-session clean-up required Customizable Application Access Multiple Modes of Operation

Thin Client Mode Access to web, email, calendar, IM and many other TCP applications Small client dynamically loaded (No need to have the client on the PC !!) Best option for limited web and client/server applications and unmanaged desktops Applicable for Uncontrolled environment Unknown security posture & system privileges Very granular access controls Posture assessment, post-session clean-up required Customized access portal often desirable Customizable Application Access Multiple Modes of Operation

LAN-Like Mode Persistent, “LAN-like” networked connectivity Access to virtually any application Utilizes small, dynamically loaded client (Can be stored, if required) Best option for broad application access Applicable for Controlled software environment Known security posture & system privileges Diverse application requirements Post-session clean-up optional “LAN-like” remote connectivity desired Customizable Application Access Multiple Modes of Operation

Remote User Employee at Home Supply Partner During SSL VPN Session Is session data protected? Are typed passwords protected? Has malware launched? Post SSL VPN Session Browser cached intranet web pages? Browser stored passwords? Downloaded files left behind? Before SSL VPN Session Who owns the endpoint? Endpoint security posture: AV, personal firewall? Is malware running? Extranet Machine Unmanaged Machine Customer Managed Machine Security Challenges SSL VPN Brings New Points of Attack

Transmission privacy Payload encryption to avoid information sniff, as Internet is a shared network. Corporate Network protection Host checking (based on login, policy and antivirus signature) Automatic installation of thin / thick client on host based on access mode. Detection and filtering of files having viruses attached. Avoid split tunneling – Protection of VPN tunnel against Internet based attackers . Granular and session specific application access control. Session duration control for each end-user. Granular access policy setting for each end-user restricts end-users access to finely defined network resources and not to a network of resources. End point security and information protection Session remnant purging (Removes session specific data from the end device) Virtual desktop (A area stores all session data and removes at the end of session) File download control (Policy setting for file downloading) Virtual keyboard (obfuscation technique for password entry) Security Measures

BN Regional Office Head Office XYZ Franchisee LMDS Hub RCOM MPLS VPN Solution Internet Reliance Wireless Network PSTN Network Reliance Core Network Remote Users RAS ISDN PSTN Wireless Users Mobile Worker Unmanaged PC Cyber cafe Home Internet Kiosk WiMAX MEN

CNM Portal View Network Performance Implementation Status Raise Trouble Tickets Bill View View/Download SLA Reports Get Alerts on Planned Events/Failures Contacts of your Account & Program Managers Some of the above functionalities are on roadmap

CNM Portal Customer Network Management [CNM] Portal High-level capacity planning and advanced trend analysis have never been easier, with web-based online CNM Portal providing detailed information on the bandwidth you are using. At the CNM Portal customer can also monitor all the SLA parameters - Service Availability, Network Latency and Network Packet Loss. In the event of any problem with the network, customer can raise a trouble ticket (TT) online The monthly SLA Reports would also be available at the portal

Bandwidth Utilization (IN) CNM Portal

Bandwidth Utilization (OUT) CNM Portal

Trouble Ticket Module CNM Portal VPN_Ntwrk-Srvcs_Connectivity Packet Loss

The system will generate unique Usernames & a default Password per user name and provide it to the customer The customer will have a CAN, which would be used to access CNM portal. In case of RAMPLS VPN CAF entered in the system, the CNM portal of that customer would have a link at the portal to get into RAMPLS VPN Service page. At the RAMPLS VPN Service page the administrator of the customer would have the List of configured Unique Usernames & default Passwords with corresponding attributes viz. No. of Users, Access Technology, LAN IP address (if applicable), Static WAN IP address (if applicable) The administrator should be able to create aliases of each User Name which he could enter against each User Name and also to change the respective default password The aliases & passwords will be updated at the CNM portal and the customer will be able to login with the aliases The administrator at any time can change either the aliases or passwords or both, at the CNM portal. CNM Portal

CNM : Helping you to analyze performance of your IT applications + Convenience of Ordering – MACD – TT – Bill View – SLA reports ONLINE

We will be glad to keep your Biz UP and connected We will be glad to keep your Biz UP and connected Call Center

Mpls vpn

More Related Content

What's hot (20)

Viewers also liked (10)

Similar to Mpls vpn (20)

Recently uploaded (20)

Mpls vpn

Editor's Notes