Freely subscribe to our NEWSLETTER

Over time, the agency’s network grew more complex as it needed to support a
fast-growing number of applications and IP devices, leading to a significant drain on
network management resources. The problem accelerated as performance decreased,
and it became increasingly difficult and inefficient to remain in compliance with
regulatory standards and conduct mandatory, intensive bi-annual network audits on
time and on budget.

Navigating a Complex Network Jungle

With more than five hundred IP network devices, such as routers, switches, firewalls,
VPN concentrators, and load balancers provided by myriad third-party vendors, the
agency was spending several months per year supporting both bi-annual and
supplemental audits of its internal IP network infrastructure by the Government
Accounting Office (GAO). Additionally, it had to support multiple Web-based
applications for internal users and external partners, as well as a newly introduced
Voice over IP (VoIP) network for employees.
There were other complexities linked to the dynamic nature of the agency’s network
configuration. Often, after spending months supporting the GAO audits, which had
to be performed manually, results were not completely accurate, given the daily
configuration changes made to various IP network devices. There was also no
established process for ensuring that the network complied with the Federal
Information Security Management Act (FISMA), legislation designed to bolster IT
and network security within the Federal Government and affiliated parties by
mandating yearly audits as compliance checkpoints.

“As a result of the rollout of
Telcordia IP Assure, the agency
can easily accommodate the
largest, most complex and dynamic
IP infrastructures.”

Taking Back Control

The agency urgently needed a solution that could immediately help it reduce
the cost of supporting the GAO audit, while improving network security and
reliability and VoIP Quality of Service (QoS), and ensuring compliance, as a
publicly accountable body, with FISMA. Given the participation of the agency’s
network engineering and security groups in the GAO audit, the solution had to
provide clear value to both groups, without increasing the workload for either.
Essentially, the agency needed a way to gain unprecedented visibility into its
network, take back control, and stem the drain on IT resources while improving
overall performance — all while under the watchful eye of the public.
Upon conducting extensive research and testing of leading market solutions,
the agency selected Telcordia® IP Assure, a flexible software solution for
automated and non-intrusive assessment and awareness of IP networks, based
on cost and, most importantly, its ability to meet the agency’s stringent needs
and requirements.

THE RESPONSE

Telcordia conducted a comprehensive analysis of the agency’s IP network
infrastructure over a period of three months. This analysis included reviewing
data related to device configurations, interacting with the network engineering
and IT security personnel, and identifying pain points and associated issues.

A Customized Approach

As part of the deployment, Telcordia defined custom rules to enforce the agency’s
VoIP QoS and security policies. Separate Telcordia IP Assure access accounts
were created for security and network engineering personnel to enable them to
rapidly find the precise network data they needed, empowering them to work
more efficiently and more effectively.

Telcordia IP Assure was also integrated with the agency’s existing Network
Configuration Management Software (NCCM) to extract IP network device
configuration data on a weekly basis and match it against a built-in knowledge
base of best-practice rules, custom rules, and the FISMA requirements. This
ensured that the agency could be confident it was at all times compliant with
FISMA guidelines without needing to poll the network manually to discover
issues and correct them.

Firewall information was provided to security personnel and data from routers,
switches, and other non-security devices was sent to the network engineering
team to enable them to quickly take any necessary corrective measures. This
enabled the network management team to stay incredibly organized and
proactively address newly discovered issues before they became problems.

Additionally, utilizing Telcordia IP Assure in simulation mode to test
configurations before pushing them out to the network helped to prevent many
common issues entirely.

“The agency has reduced the time spent conducting the bi-annual
GAO audits by 65 percent, and since the deployment of Telcordia
IP Assure it has not encountered the need to conduct supplemental
audits.”

Access On Demand

To gain considerable efficiencies in the time consuming, bi-annual auditing
processes, a Telcordia IP Assure account was created for GAO personnel that
enabled them to view detailed data every week, and create summary reports
as needed.

THE RESULTS

The agency has fully deployed Telcordia IP Assure and experienced
significant gains in efficiency and performance, achieving:

• Cost Reductions – The agency has reduced the time spent conducting the
bi-annual GAO audits by 65 percent, and since the deployment of Telcordia IP
Assure it has not encountered the need to conduct supplemental audits.

• Performance Boosts – IP device configuration errors are proactively detected,
further reducing network configuration management costs and improving network
security and reliability.

• Error Reductions – Since the deployment of Telcordia IP Assure, the agency has
not encountered any network issues that could be traced to incorrect IP device
configurations.

• Compliance – The agency can now efficiently manage compliance with regulatory
bodies, including FISMA, with much less internal work.

• Scalability – As a result of the rollout of Telcordia IP Assure, the agency can easily
accommodate the largest, most complex and dynamic IP infrastructures.

“Since the deployment of
Telcordia IP Assure, the agency has
not encountered any network issues
that could be traced to incorrect IP
device configurations.”