Answers to the “Do I Know This Already?”
Q&A 1. The Application Layer 2
The network is the essential piece that they all have in common. This applies to all infrastructure (Layers 1, 2, and 3) as well as supplemental services that might be shared additionally. 3. Teleworker architecture 4. Campus, data center, branch, WAN/MAN, enterprise edge, teleworker 5. This is a rather subjective answer as it calls upon the reader to reference a solution from his or her own experiences. To a large degree, the solution will be based on personal networking experiences. A sample solution would include ■ Cisco ISR with SRST, VPN, and Content Engine enabled. It may also be prudent to add an AIM-CUE to the ISR to provide a local automated attendant and voice messaging capabilities for some users (up to 25 on an AIM CUE). A 150x01x.book Page 589 Monday, June 18, 2007 8:52 AM Answers to the “Do I Know This Already?” Quizzes and Q&A Sections 590 Appendix A: Answers to the “Do I Know This Already?” Quizzes and Q&A Sections ■ QoS-enabled MPLS WAN connectivity with bandwidth sufficient to support the voice, video, and data needs of those 50 users. ■ Cisco IP Phones and IP Communicator Software for user laptops. 6. Voice and collaboration services Device mobility services Security and identity services Storage services Computer services Application networking services Network infrastructure virtualization Services management Adaptive management services Advanced analytics services Infrastructure management services 7. Resources to which virtualization capabilities apply include infrastructure components such as VLANs, VRFs, MPLS, virtual firewalls, VPNs, presence information, message routing, load balancing, hard disk space, IO, CPU cycles, and more. 8. SONA is the framework that provides a technological and architectural guide for enterprise networks in the quest to become an IIN. SONA is the path; IIN is the destination.
Q&A 1. IPsec
VPNs utilize a CPE router that maintains a nailed-up connection to the central site at all times. A remote-access VPN is a client-initiated connection to the central site. 2. High availability for services and applications, removal of any single point of failure, secure the network infrastructure, implement QoS throughout the entire network, decide on central site VPN solution (IPsec or remote access or both), Internet access, Cisco IP Phone, and Cisco Unified Video Advantage camera solution at teleworker’s home. 3. MPLS provides larger sites with Layer 3 connectivity and any-to-any communication capabilities. MPLS also provides for QoS traffic markings to be honored within the provider’s network. Frame Relay and ATM are traditional Layer 2 WAN technologies. These are useful in providing connectivity to sites that do not require integrated services and applications. Traffic flows are governed by traffic-shaping techniques that do not recognize Layer 3 DSCP markings. Site-to-site VPN is useful in connecting to partner or company site networks over the public Internet. Obviously, the nature of the public Internet means that all traffic is best-effort. 4. High-speed Internet access in residences, IP telephony, IP video capabilities, IPsec and remote-access VPNs, service provider network augmentation and service offerings, and QoS traffic classification and protection guarantees. 5. Network administration personnel go to somewhat great lengths to ensure the security of the network through firewall, IPS, IDS, and traffic filtering. This mitigates the effects of day-zero virus outbreaks, exploit exposure, and so on. When an enterprise chooses to support a teleworker solution, they extend the enterprise network presence to the home of the teleworker employee. This adds significant risk and exposure because the company might have a difficult time controlling traffic flow to and/or from the teleworker home. The Internet surfing habits of the teleworker and others in the home pose a potential risk as a point of entry for viruses, spyware, malware, and more. Support for the teleworker home network is also a significant factor. Most homes today have wireless networks that exist in varying degrees of security. Enterprise network administrators do not necessarily wish to dictate wired and/or wireless security practices to individuals in their own homes. 6. There are quite a few ways in which the risks posed to the enterprise by teleworker home networks might be mitigated. The teleworker must agree to the corporate security policy regarding network access, of course. However, some options, such as personal firewalls, antispam, anti-spyware, and other related software can assist in mitigating risks. Such software should be dictated and supported by the enterprise network administrators. Disallowing options in the VPN connectivity, such as split-tunneling, might also be considered. 150x01x.book Page 591 Monday, June 18, 2007 8:52 AM 592 Appendix A: Answers to the “Do I Know This Already?” Quizzes and Q&A Sections 7. Satellite connectivity does offer some degree of connectivity to the teleworker when other access methods are not available. It should be understood that the service levels provided by high-speed, low latency solutions such as DSL, cable, and fiber are more suited to the needs of a converged network. Some services might not function properly via satellite. Other options might include leased lines at the home. A T1 or fractional T1 terminated at a residential premise is not unheard of in the realm of possibilities. Obviously, there is the potential for significantly higher cost in such a solution. There are many additional possibilities. Each will come with its own set of challenges and benefits. These must be considered when offering teleworker services to employees. 8. Cisco.com contains a well-documented solution guide, known as an SRND, which contains tested best practices and configuration examples. It can be found at http://www.cisco.com/ go/srnd.