With the existing network not being capable of handling the large volume of data transfer associated with typical GIS activity in a timely manner, without adversely affecting existing users, the GIS Department implemented a newly designed network based on today's standards and technology. This new network would create the foundation for an enterprise system, in addition to becoming, as described by one of the top networking security companies in the United States, "the model" for the rest of the City/County network.

In order to properly serve, edit, and administer the vast amount of data that GIS would bring, building a new segment of the network was required.  It was determined that building this new segment of the network would bring several advantages to city and county departments:

•  It would take advantage of the newest technology and networking methodologies

• It would dedicate a high amount of bandwidth to each of its users
• It would dedicate a high amount of bandwidth to each of its data servers
• It would break away from the large broadcast domain of the current network
• It would not adversely affect existing users or network bandwidth
• It would not compromise the security of the existing network
• It would relieve the existing network of some of its workload and lower its broadcast traffic, thus providing more bandwidth to users on the remaining domains
• It would still allow communications between the old and new networks
• It would not affect any upgrades done on the existing networks in the future
• All of this could be done in house, within budget and substantially below previous cost estimates
• The City / County would not have to fund as large of an upgrade to its existing network due to the fact that GIS network has already upgraded its portion with more than 25 departments and 11 offsite Wide Area Network (WAN) locations utilizing the GIS network.

 The GIS Network was designed and built to meet the predetermined demands of individual departments needing access to GIS data. The following is a list of goals that the GIS department has successfully implemented in what had been determined to be necessities in a successful enterprise wide GIS system:

•  100 Mbps of bandwidth will be dedicated to each client computer

• GIS Data Servers will be connected to the network at a speed of 1 Gbps
• Edge switches will be connected at a speed of 1 Gbps
• All network components will be in a locked and secure cabinet
• Departments will be protected from the possibility of broadcast storms
• A private addressing scheme will be implemented
• Implement security that follows industry guidelines and standards
• All client and server activity will be handled by the Core of the network
• Individual offices will not be affected by the activities of the others unnecessarily
• Ownership of equipment is clearly defined
• Administration of data and equipment is clearly defined

 The GIS network includes two transport solutions that include a local area network (LAN) and a wide area network (WAN). The volume of data (measured in bits) that can be transported per second represents the capacity of a specific network segment. This capacity is called network bandwidth and is typically measured in millions of bits (megabits) or billions of bits (gigabits) per second.

 The GIS Local Area Network (LAN)

Below is a diagram and description of the GIS switched LAN that has been described in the Security Posture Assessment performed by Cisco Systems, Inc. “Because the GIS network is a switched environment, it can serve as a model for beginning the process on the remaining networks”:

The Core

The GIS department maintains its own physical network segment running at Gigabit speed over fiber for its backbone and switched to the desktop.  Fiber optic cabling has been run from the Evansville Water and Sewer Utility cold room to various closets in the Civic Center and terminates into locked and secured cabinets.  Each department is connected by Cisco series switches that contain Gigabit uplinks to our core switch.  Each user has 100Mbps full duplex dedicated to their desktop. The core of the network is a Cisco 4006 switch that contains a router switch module and has a backplane speed of 64 Gbps. This routing switch module enables us to takes advantage of what is called wire speed routing.  In simplistic terms, wire speed routing is where a data stream sends its first packet through the router to learn the route to the target computer.  All subsequent packets then do not have to go through the router and can go straight to the destination at wire speed.   When every packet does not have to slow down to go through the routing engine, the rate that data flows is many times faster.  

Subnets

The GIS network is divided into several different subnets and VLANS that in essence gives each department its own sub network within the network.  This provides flexibility and growth, and when coupled with Virtual Local Area Networks (VLANs) the physical location of the subnets is not limited to the user’s physical location. The use of this technology dramatically reduces the broadcast traffic seen between departments, and further ensures that any broadcast storm by a computer on one network will not affect the other subnets.  Another added benefit of using subnets is that it gives the GIS department the ability to isolate problems easier and provide additional layers of security.  The GIS network uses only private addresses for its internal users.

 As a security measure, port security has been implemented on every switch within the GIS network. Port security is where each port on the switch will only allow a designated number of MAC addresses to pass through. The GIS department has setup the switches to allow only one MAC address through a port, thus reducing the potential of an internal hacker plugging a laptop into an existing switch to gain access to the network. When a user moves their desktop or changes a faulty Network Interface Card (NIC), they will be denied access to the network until the proper GIS personnel have been notified and the port has been released.

Speed

The GIS Network has a 1Gbps backbone connection to all edge switches, with future expansion capabilities to 2Gbps. Connections to every device are at full duplex (this means that all devices and computers can send and receive data at the same time, which doubles a devices capability).  On full duplex systems, the device does not have to stop receiving a data stream to send an acknowledgement of what it has received so far. Currently, there is a dedicated bandwidth of 100Mbps to each user on the GIS network. There is also a 1Gbps connection to the GIS data servers, with future expansion capabilities to 2Gbps.

The GIS Wide Area Network (WAN) 

The Evansville Water and Sewer Utility (EWSU) were under a five-year network connectivity contract with SBC-Ameritech that expired in December of 2001. The existing contract had a monthly cost of $3,800. SBC-Ameritech estimated that the contract would continue at a new monthly rate of $8,400 unless renewed. The renewal rate would be $6,400 a month based on another five-year period, which equates to a $2,600 a month increase in cost. This is a $156,000 cost increase over this five-year period. The GIS department also learned that the current system being used is problematic and didn’t effectively meet the present and future needs of the EWSU employees.

 The GIS department had numerous meetings with Network Engineers discussing the best and most cost effective solution available. The solution chosen provided the following enhancements:

·        Superior Network Design

·        Dedicated Bandwidth – Heavy usage by one site will not affect other sites

·        Increased Bandwidth – Current design shares available bandwidth with the rest of City/County network, thus reducing the amount of available bandwidth to EWSU employees

·        Modular Design – Provides flexibility to distribute resources where they are needed

·        Upgradeable – Provides capability to add additional site(s) at a minimal expense

·        Site Independence - If one site has a failure, no other site will be affected

 Under the new agreement, the Leased Line services cost $2,666.88 a month, which equates to a savings of $3,733.12 a month over the proposed renewal rate of $6, 400. If you extend this savings over the five-year renewal period, EWSU is saving $223,987.20.

 In May of 2002, the GIS Department and the Evansville Water Sewer Utility merged networks. This expanded the capabilities and roles of the GIS Department.  The Wide Area Network consists of any site that is not within the Civic Center.  Currently, EWSU has eleven WAN locations. For sites having higher bandwidth requirements, multiple T1 connections have been installed. In addition, a degree of fault tolerance can be achieved by installing multiple T1 lines that enter the facility at different points. While engineering the WAN solution, it was determined that having the ability to monitor the system in-house would be a substantial cost savings for EWSU. This solution also enabled the EWSU/GIS Department to extend this cost effective solution to other government offices that needed connectivity to the Civic Center for an approximate cost of $170/month after initial end component (router and WIC) hardware expenses.

 To assist in the management, the GIS Department utilizes Cisco Works 2000 management software to administer and monitor all of the Cisco equipment on the LAN and WAN.  The use of this software combined with in-house expertise saves the EWSU/GIS Department $20,700 a year for the initial four offsite locations. This cost savings increases with each additional site added. Currently there are eleven offsite locations connected.

If you add the savings from the monthly costs and management together, the total savings for the EWSU is $327,487.20 over a five year period. As EWSU has done in the past, connectivity to the Civic Center from other remote locations were offered at the same cost savings benefit to the rest of the city/county. With this system already in place and with its capability for expansion, there will be no need for other WAN solutions which will reduce any unnecessary duplication of technology, expenditures, or administrative overhead.

 Depicted below is a simple diagram of the EWSU/GIS WAN. We now have 11 T1 connections. The cost of more T1 connections has a very minimal financial impact because the DS3 connection is capable of handling 28 T1 connections.  If more than 28 T1 connections were needed only one additional  DS3 module would need to be added to the existing router.  Our router is capable of handling several DS3 modules.