Digital GlobalSoft set up Digital Park, a 21-acre state-of-the-art campus at
Bangalore. The campus is home to 600 software developers today and its two
planned data centers (one an active physical center and the other a back-up
disaster recovery center), which will provide managed hosting services to its
Indian and global customers. The company has earmarked an investment of Rs 13
crore in setting up the data centers, installing a gigabit backbone network, and
purchasing desktops. This would grow to house about 4,500 professionals as the
company grows. Its plans include:
-
Setting up two separate campus-LAN networks–one exclusively for Compaq and
another for its other customers that are looking for e-infrastructure services.
This is part of its larger objective of providing high-end infrastructure
management solutions, application consulting and implementation, and expanding
its offering in areas of security and network management for customers. -
Connecting its 600 software professionals and providing them multiple means
of communications. -
Supporting its data centers’ needs of high bandwidth and redundancy.
-
Implementing a scalable infrastructure that will support its expansion plans
(4,500 professionals over the next two-three years).
Why New Infrastructure?
Digital GlobalSoft’s core business is IT solutions and services for
enterprise and technology markets. Its business model relies on the offshore
model of software development and its data centers for providing
e-infrastructure services to its customers.
Digital GlobalSoft’s existing infrastructure comprised:
-
LAN networks operational at the three digital office
locations in Bangalore. The LAN switches were sourced from Enterasys/Nortel. The
routers were sourced from Cisco. -
Traditional Nortel PBXs at these locations.
-
VAX VMS mainframes and terminals with applications
primarily based on Microsoft platforms. -
Major application used is SAP. Microsoft applications
include as SQL Server, Outlook, NetBios over WAN to connect to central exchange
servers, HTTP/Java-based applications, Microsoft Conference Server and
Netmeeting and Citrix.
However, the current legacy infrastructure had some inherent
limitations that did not support Digital GlobalSoft’s needs of:
-
Multimedia applications
-
A single security policy for each user regardless of
where they access the network, and the ability to centrally administer security
policies for all users of the network -
Network availability and scalability
-
Lower total cost of ownership (TCO) for the
infrastructure -
24x7 redundant data center setup to ensure that its
e-infrastructure clients were convinced that it could manage their services. -
Realization of its IT vision for service delivery
|
"In order to create alternative forms of communication
in our growing, multi-location operations, we at Digital felt the need to go
beyond legacy modes of communications such as mail and basic telephony and
implement solutions such as desktop-to-desktop video, Net meeting, and streaming
media which necessitated our opting for Convergence," says AN Rao, CIO,
Digital GlobalSoft.
Going forward, the key challenges for Digital GlobalSoft
clearly were greater scalability and decrease in time to deploy, greater
reliability and higher time to service (high availability), ensuring
anytime-anywhere connectivity and enhanced network security. And all this had to
be done on a platform that brought in integration from design upwards and was
highly manageable.
"The challenges get enhanced when one has to plan for a
campus that grows over a period of time and forms the service delivery
infrastructure for a diverse set of businesses–existing and new. Business
should have the flexibility of multiple modes of connectivity to support the
traffic and technology patterns that are unique to them. That really formed the
design philosophy behind bringing up the campus infrastructure," adds Rao.
The Solution
Keeping in mind Digital GlobalSoft’s future plans
(providing e-infrastructure services to its existing and potential customers),
the need was to clearly invest in a converged IP-based infrastructure. For
convergence at Digital GlobalSoft to become a reality, the new infrastructure
was to provide not only a new world experience to its employees by delivering
the benefits of voice, video, and data services but also ensure that its
e-infrastructure customers were convinced of its capabilities to manage their
infrastructure.
For this, Digital GlobalSoft opted for two separate campus
LAN networks at its new Digital Park Campus–a Compaq Network exclusively for
Compaq and a Digital Network for its other customers who would want
e-infrastructure managed services. In addition, the infrastructure would be
required to support the need for isolated secure networks for individual
customers whose delivery might be from anywhere in the campus.
Hence the two campus LANs, which have been set up, have their
own central resources such as core switch, server farm switch, servers, etc.,
which are located in the physical data center. This means that the physical data
center has separate sections, one where the Compaq Network central resources and
servers reside and the other where the Digital Network central resources reside
currently and their future customers’ servers will reside. The Compaq Network
connects the existing 600 professionals working on Compaq at Digital Park to
their colleagues working on Compaq in the other three Bangalore offices through
a WAN. The Digital Network currently connects through the WAN to the Digital
Proximity Centre in Houston, Texas. The Digital Network will provide
e-infrastructure managed services such as SAP support, VPN, security, and
network management solutions among others to potential clients.
Both the campus LAN networks are based on Cisco’s AVVID
architecture and deploy Cisco’s IP telephony and security solutions.
The networks are alike and are designed and configured as
follows:
The campus LAN infrastructure is modelled and designed on
Cisco’s multi-layer campus design, which is hierarchical and modular. It
consists of a central core switching component where the emphasis is on
high-performance multi-gigabit transport designed to deliver maximum of 256 Gbps
speeds. The server farm module has high-density gigabit/fast Ethernet
connectivity to servers and central resources. The distribution switch
aggregates a lot of wiring closet access switches on the building floors and
connects to the core on multiple redundant gigabit links (4 Gbps). The prime
functionality of the distribution switch is to provide secure, policy-based
access to users on access switches. The access switches provide connectivity to
desktops and converged devices such as IP phones and support
converged-applications like video, multicast, and data.
Digital uses Cisco Catalyst 6500 multi-services switch at the
core, server farm and distribution layers of the network. It also consists of
network analysis modules at the core for network analysis and management. The
server farm switch has an intrusion detection module to protect critical servers
in the data center. The access switches are Catalyst 4006s and Catalyst 3500XLs,
capable of providing the needed back-plane speeds at the access level. That
makes the multi-tier structure traffic engineered to cater to the potential data
streams. All access switches reach the distribution switches on two alternate
fiber paths and all distribution switches dual home into the data centers which
provide fully replicated core and server farm switches. This makes for a highly
available campus backbone that has enough path diversity.
Digital GlobalSoft has deployed Cisco IP telephony solutions
based on the Cisco Call Manager and Cisco IP Phones in a closed user group (CUG).
The IP Phones connect to the Catalyst access switches and provide an additional
connection for user workstations. The server farm switches have E1 services
module for legacy PSTN interconnection to IP telephony, when the solution is
allowed, as well as provide digital signal processing (DSP) resources for
conferencing with IP Phones.
Digital GlobalSoft uses Cisco 7200VXR and Cisco 3600 series
multi-services router platform for running voice, video and data across the WAN.
The Cisco 2600 series platform is used for remote access and Internet
connectivity. The RAS users are authenticated with Cisco Secure ACS software.
The PIX firewall is used for security and VPN services. Firewall and IDS are
managed using the Cisco Secure Policy Manager Network Management Solution (NMS).
The entire network infrastructure is managed with CiscoWorks LAN Management
Suite.
Why Cisco?
Digital GlobalSoft says it opted for Cisco due to two primary
reasons. One, the solution integration was at the design level, and two, Cisco
is an end-to-end solutions provider. "Choosing Cisco as our technology
partner was the culmination of rigorous testing, extensive competitive analysis,
and third-party validation. Based on our thorough assessment, it was clear that
Cisco had the technology, was clearly 6-12 months ahead of its competition in
the thinking and development process and was focused on the end-to-end solution
to meet our needs. Willingness to understand our needs from a business
standpoint and the ability to custom architect a solution to align with those
needs was an important facet that Cisco displayed consistently," explains
Rao.
Cisco’s network infrastructure at Digital Park consists of
carrier-class mutiservice routers, switches, IP telephony, firewalls, network
management and analysis, intrusion detection and load balancing appliances.
"Sourcing all networking solutions from Cisco helped us gain tight
integration and the advantage of cross platform development. This means we could
get IDS technology on switches and that gave us the flexibility we
required," says Rao. He further adds, "Cisco’s platforms also offer
QoS required for offering and controlling services across WAN."
Cisco Catalyst switches were chosen because they offered not
only good performance and scalability but also the benefits of flexible
technology, interfaces, services, security and convergence. The routers were
chosen because of their multiservice capability and value-added security
features like network-based application recognition and extended access control
lists. Cisco PIX firewalls were chosen because of performance and enhanced
security advantages of a dedicated appliance. Cisco IP telephony solution was
chosen for its distinct advantages of rich set of applications and location
independence and from the fact that it was born out of strong data capabilities.
Implementing the Solution
The overall network design was divided into three phases of
implementation. The first phase consisted of installation of two parallel
networks–the Digital Network and the Compaq Network. The details of the
implementation were coordinated between the Digital and the Cisco team.
|
"We decided to do initial staging of switches, routers,
firewalls, intrusion detection, network management and Cisco Secure VPNs as a
proof of concept that whatever was planned would work fine in the final
implementation," adds Rao. The staging process began around August 2001. As
a part of the initial staging process, a staging document was generated with a
detailed IP addressing scheme for the initial phase and the subsequent phases. A
detailed naming convention for all devices used in the design was evolved. The
staging documentation also included configuration and troubleshooting for all
equipment being used in the network. Templates were created for each
configuration. From the templates, a customized configuration was generated for
each device.
"There were enormous challenges which needed to be
overcome to ensure a successful implementation. Critical applications like
Microsoft Conferencing Services, VPNs, and IP telephony services were tested
during the staging phase and most of the issues were resolved during the staging
process itself" explains Rao.
Post the staging process, all configured equipment was
shifted to the data center. Value-added services such as IDS and NAM were fine
tuned after the deployment at the data center. The entire implementation was
effectively carried out by the Digital team in consultation with the Cisco team.
"We have stringent measures to address security, both
internal and external. Firewalls and intrusion detection systems have been
deployed to cater to enhanced security. Cisco’s IDS technology on switches or
firewall/IDS functionality on routers provide the flexibility in designing and
deploying resources and has to a large extent helped address security. Policies
define standards for secure network design and defensive actions, allowing
network managers to incorporate a consistent multilayer defense strategy into
their procedures." To sum up convergence at Digital GlobalSoft, "It
has been a long winding journey since August 2001 but our commitment is
reflected in the fact that the entire implementation has been completed in only
243 days (7.5 months) and looking back, I am glad we decided to partner with
Cisco," says a beaming Rao.