Freely subscribe to our NEWSLETTER

Over time, the agency’s network grew more complex as it needed to support a fast-growing number of applications and IP devices, leading to a significant drain on network management resources. The problem accelerated as performance decreased, and it became increasingly difficult and inefficient to remain in compliance with regulatory standards and conduct mandatory, intensive bi-annual network audits on time and on budget.

Navigating a Complex Network Jungle

With more than five hundred IP network devices, such as routers, switches, firewalls, VPN concentrators, and load balancers provided by myriad third-party vendors, the agency was spending several months per year supporting both bi-annual and supplemental audits of its internal IP network infrastructure by the Government Accounting Office (GAO). Additionally, it had to support multiple Web-based applications for internal users and external partners, as well as a newly introduced Voice over IP (VoIP) network for employees. There were other complexities linked to the dynamic nature of the agency’s network configuration. Often, after spending months supporting the GAO audits, which had to be performed manually, results were not completely accurate, given the daily configuration changes made to various IP network devices. There was also no established process for ensuring that the network complied with the Federal Information Security Management Act (FISMA), legislation designed to bolster IT and network security within the Federal Government and affiliated parties by mandating yearly audits as compliance checkpoints.

“As a result of the rollout of Telcordia IP Assure, the agency can easily accommodate the largest, most complex and dynamic IP infrastructures.”

Taking Back Control

The agency urgently needed a solution that could immediately help it reduce the cost of supporting the GAO audit, while improving network security and reliability and VoIP Quality of Service (QoS), and ensuring compliance, as a publicly accountable body, with FISMA. Given the participation of the agency’s network engineering and security groups in the GAO audit, the solution had to provide clear value to both groups, without increasing the workload for either. Essentially, the agency needed a way to gain unprecedented visibility into its network, take back control, and stem the drain on IT resources while improving overall performance — all while under the watchful eye of the public. Upon conducting extensive research and testing of leading market solutions, the agency selected Telcordia® IP Assure, a flexible software solution for automated and non-intrusive assessment and awareness of IP networks, based on cost and, most importantly, its ability to meet the agency’s stringent needs and requirements.

THE RESPONSE

Telcordia conducted a comprehensive analysis of the agency’s IP network infrastructure over a period of three months. This analysis included reviewing data related to device configurations, interacting with the network engineering and IT security personnel, and identifying pain points and associated issues.

A Customized Approach

As part of the deployment, Telcordia defined custom rules to enforce the agency’s VoIP QoS and security policies. Separate Telcordia IP Assure access accounts were created for security and network engineering personnel to enable them to rapidly find the precise network data they needed, empowering them to work more efficiently and more effectively.

Telcordia IP Assure was also integrated with the agency’s existing Network Configuration Management Software (NCCM) to extract IP network device configuration data on a weekly basis and match it against a built-in knowledge base of best-practice rules, custom rules, and the FISMA requirements. This ensured that the agency could be confident it was at all times compliant with FISMA guidelines without needing to poll the network manually to discover issues and correct them.

Firewall information was provided to security personnel and data from routers, switches, and other non-security devices was sent to the network engineering team to enable them to quickly take any necessary corrective measures. This enabled the network management team to stay incredibly organized and proactively address newly discovered issues before they became problems.

Additionally, utilizing Telcordia IP Assure in simulation mode to test configurations before pushing them out to the network helped to prevent many common issues entirely.

“The agency has reduced the time spent conducting the bi-annual GAO audits by 65 percent, and since the deployment of Telcordia IP Assure it has not encountered the need to conduct supplemental audits.”

Access On Demand

To gain considerable efficiencies in the time consuming, bi-annual auditing processes, a Telcordia IP Assure account was created for GAO personnel that enabled them to view detailed data every week, and create summary reports as needed.

THE RESULTS

The agency has fully deployed Telcordia IP Assure and experienced significant gains in efficiency and performance, achieving:

• Cost Reductions – The agency has reduced the time spent conducting the bi-annual GAO audits by 65 percent, and since the deployment of Telcordia IP Assure it has not encountered the need to conduct supplemental audits.

• Performance Boosts – IP device configuration errors are proactively detected, further reducing network configuration management costs and improving network security and reliability.

• Error Reductions – Since the deployment of Telcordia IP Assure, the agency has not encountered any network issues that could be traced to incorrect IP device configurations.

• Compliance – The agency can now efficiently manage compliance with regulatory bodies, including FISMA, with much less internal work.

• Scalability – As a result of the rollout of Telcordia IP Assure, the agency can easily accommodate the largest, most complex and dynamic IP infrastructures.

“Since the deployment of Telcordia IP Assure, the agency has not encountered any network issues that could be traced to incorrect IP device configurations.”