Network Design Wp Final

7/30/2019 Network Design Wp Final

http://slidepdf.com/reader/full/network-design-wp-final 1/12

WhitePaper

Integrating Network Design with Continuity and Production Concerns to Ensure

Information Availability

SunGardAvailability Services

White Paper Series



2

SunGard Availability Services White Paper Series

Letter from the Group Chief Executive Officer It’s no exaggeration to say that the communications infrastructure is the lifeline of the modern enterprise.

But when it comes to information availability planning, this precious organizational resource is widely misunderstood and too often underestimated. Programs rarely include the level of consideration necessary for primary and secondary production networks or recovery networks.

While the myriad of physical threats—from cyber attacks and terrorism to natural disasters—are outof your immediate control, they can be especially detrimental to your network connection. But, very few organizations can survive more than a few minutes of sustained downtime to their data communications.

So, what’s your plan if your network carrier goes down? And, do you know what your plan shouldbe, given your current business requirements? The best alternate sites, emergency management plans andrecovery testing in the world can’t make up for a lack of a continuous data communication link. In orderto address your thresholds for diversity, redundancy and recoverability, then, your information availability program must thoroughly examine and address network dependencies and realities.

We’ve asked our resident expert and Manager of Network and Security Product Development, ScotLeVan, to speak about this critical issue. The result is this paper, which outlines best-practices-based,step-by-step advice on evaluating, deploying and maintaining a continuously available network. We hope Scot’s insight will provide a better understanding of your production availability concerns

surrounding communications strategy and design. And, we hope that will go a long way in ensuring a comprehensive approach.

Sincerely,

Jim SimmonsGroup Chief Executive Officer, SunGard Availability Services



Overview Your network is absolutely essential for the

data, image and voice communications that make

your business run. It’s not farfetched to plan

for a prolonged outage. They do occur and are

crippling to organizations. However, even theslightest blip could be costly. Moreover, because

network connections support virtually all

automation and technology, they should be

of very special concern.

In other words, you are especially vulnerable

when it comes to your network. (It’s called the

backbone for a reason.) And, your information

availability plan is not complete if it doesn’t

address safety and failover issues, in addition to

recoverability and communication between theprimary and secondary sites.

To ensure comprehensive information

availability, you must take a proactive look at your

network and address business continuity (BC)

and disaster recovery (DR) within your architecture

configuration. You should start by comparing and

contrasting your overall information availability

goals with your existing network strategy and

design. Using your goals for recoverability, pro-

duction availability and cost effectiveness as yourguide, you can elevate your strategy for optimal

redundancy, diversity and recoverability.

Understanding The TermsNowhere in all of BC and DR are the terms

“diverse,” “redundant,” and “recoverable” more

important or misunderstood than in the world

of networking. But without a firm grasp of the

concepts, you cannot implement a comprehensive

program for continuous network availability.

Redundant (backup) networks and access points

provide failover capabilities, but make no accom-

modation for divergent technology. Thus, the

failover itself is not necessarily safe.

Diverse means different and dictates that there is

fundamental dissimilarity between features and

technology. Diverse access, for example, comes

into different sides of a building, thereby ensuring

that the redundancy provides an added measure

of safety.

Recoverable means capable of being resumed or

regained. Diversity and redundancy are key to

ensuring recoverability, but their main function is

to help avoid being in recovery mode in the first

place. It shouldn’t be your first line of defense to

recover any part of your infrastructure—but most

especially your data communications link. In fact,

network recovery should be your last resort, and

adequate diversity and redundancy are key

to prevention.

Integrating Network Design with Continuity and Production Concerns to Ensure Information Availability

2004



4


Dedicated point-to-point

Although fairly easy to deploy and maintain

if configured properly, point-to-point (P-to-P)

networks are notoriously difficult to recover and

require more hardware to support. To compensate,

they must be fully diverse in order to be recovered,

making the technology very expensive in the end.

It’s fairly easy to deliver a diverse network using

point-to-point, however, because you can configureit using different access points and different carriers

for connectivity.

Of course, you need to make sure there is diver-

sity in the access points and carriers for this costly

approach to have any real value. And whatever sav-

ings you derive from linking points in fairly close

proximity, you risk sacrificing by way of real region-

al diversity. Furthermore, P-to-P is most often deliv-

ered on a provider backbone that is ATM or frame

relay, making the configuration entirely dependenton another technology.

Expert insight It is important to remember that circuits are not

diverse if they are traveling the same path and mostbuildings or local exchanges use the same paths or

common access points. To create diversity with

P-to-P, however, redundant circuits must run

through a structure in entirely dissimilar ways and

use two different points of presence (POPs)—and

not traverse anywhere on their paths. That means,

it is very expensive to support full diversity and

redundancy with P-to-P. Moreover, it is difficult

to setup and maintain a converged infrastructure

(voice, video and data that traverse the same

common infrastructure or travel via TCP/IP.)

Recommendations Perform a diversity check on your P-to-P

network, looking for distinct carriers and paths

and/or ask your carrier(s) to provide evidence of

this via an engineering study.

A cost-effective and prudent tactic for time of

test or disaster would be to redirect your P-to-P

circuit to a recovery facility using a third-party,

protocol-independent network. This on-demandapproach offers significant savings over a redundant

dedicated network solution, while providing the

same level of safety and assurance.

Overall rating: ★ ★ ★

Deployment

Redundancy Diversity

Recoverability

★ ★ ★ ★

★★★

★ ★ ★

★ ★

Network Design ChoicesMake no mistake about it. Your network design will directly affect the continuity and recovery of your business.

As a result, the redundancy, diversity and recoverability of your design options should be thoroughly examined as

part of any business decision that relies on technology. And if they have not been considered prior to implemen-

tation, these and their related issues should be revisited in order to ensure an optimal configuration.

Here, SunGard presents best-practices advice to balancing the relevant concerns—with a discussion on

current design alternatives, in addition to considerations for evaluating, deploying and maintaining an

operationally resilient network.

“Although fairly easy to deploy and maintain if configured properly, point-to-point (P-to-P) networks are notoriously difficult to recover and require more hardware to support.”




2004

Frame-relay/ATM

While frame-relay and asynchronous transfer

mode (ATM) technologies are in and of themselves

extremely cost effective, making them redundant

and diverse is decidedly not—and often cost

prohibitive. Although they support point-to-multi-

point connectivity (allowing communication from

one to many on the same physical circuit), full

diversity of frame-relay and ATM means duplication

on two different network carriers with differentPOPs. Moreover, the technologies necessitate

duplication of your permanent virtual circuits

(PVCs) to a secondary data center and/or

dedication of your PVC to a back up site.

That being said, frame-relay and ATM are very

easy to recover, because most carriers have written

scripts to redirect PVCs to alternate sites in the

event of a failure. In other words, recoverability is

already programmed into the technology and simply

needs to be activated by the end-user. And sinceframe and ATM networks have quality of service

(QoS) associated with them, it’s also easier to deploy

a converged infrastructure with these technologies.

Each PVC can be set up to employ the QoS and

prioritize order of attention for traffic. Finally, both

support point-to-multi-point solutions. These fea-

tures make frame and ATM less expensive to deploy

than point-to-point networks.

Expert insight It is difficult and expensive to make frame/ATM

networks diverse and/or redundant. To achieve

redundancy, there must be two frame circuits at

every location, which doubles the expense. To

achieve diversity, there must be a totally separate

frame provider or a secondary technology (i.e.,

Internet VPNs, MPLS or P-to-P) for back up.

This will certainly add significant cost, but could

be cheaper than using a completely secondary

provider. Of course, use of a single provider means

your stability is entirely dependent on its availability.

Recommendations The optimal recovery approach for frame-relay

and ATM would also be a redirect of your circuit

to a recovery facility using a carrier’s Redirect or

Disaster Recovery Option (DRO). Look at how to

deploy alternate technologies (i.e., Internet VPNs,

MPLS or P-to-P) to help reduce the cost of a fully

redundant and diverse Frame Relay/ATM network.

Overall rating: ★ ★ ★ 1/2

Deployment

Redundancy

Diversity Recoverability

★ ★ ★ ★

★★

★ ★

★ ★

★

★ ★ ★

“While frame-relay and asynchronous transfer mode (ATM) technology are in and of themselves extremely cost effective, making them redundant and diverse is decidedly not—and often cost prohibitive.”



Internet VPNs

On the surface, Internet VPN networking is the

most inexpensive. After all, the network itself is

“free” and it is fairly easy to deploy. Any organ-

ization with an Internet connection and a firewall

can create an Internet VPN network by simply

adding the necessary IP security tunnel (IPSec).

No new licenses or hardware are required.

And although diversity and redundancy are notintrinsic in the option, they are easy to configure in.

By adding one additional Internet service provider

(ISP) from a diverse POP and extending band-

width, an organization can achieve Internet VPN

diversity and redundancy. And recovery is as simple

as changing configurations to a new location, which

is very easy and very quick.

But, using an Internet VPN for communication

means you assume the inherent risk of the

Internet—and it is not yours to control. The tech-nology is “best effort” and provides no guarantees,

making your network the same by definition. The

Internet routes data the best way it possibly can—

based solely on traffic—and with no hierarchical

prioritization. That is not to say, however, that the

approach lacks security. To compensate for its “wide

open” nature, the Internet includes IPSecs, which

are encrypted and helpful in recovery mode. All

you need is access to the Internet and the ability to

configure the IPSec tunnels.

20046


Expert insight It is difficult to support a converged infra-

structure on Internet VPN, because there is no

QoS or class of service. As such, all IP packets getthe same priority.

And although easy to deploy and maintain—

and always cheaper for smaller networks—the

technology becomes cost prohibitive within larger

architectures.

Because Internet VPN cannot support dynamic

routing—only static routing—automatic failover is

impossible.

Recommendation For recovery purposes, you should deploy dual

diverse Internet providers and maintain a multi-

homed environment to dynamically recover outages

on one provider’s network. You should also consider

locating backup systems at an alternate site and

performing load balancing between the primary and

secondary location.

“On the surface, Internet VPN networking is the most inexpensive. And although diversity and redundancy are not intrinsic in the option, they are easy to configure in.”


Deployment

Redundancy


★ ★ ★

★★★

★ ★ ★

★ ★ ★ ★ ★

★



Private MPLS

Although it has been around at least five years,

multi-protocol label switching (MPLS) is just now

taking off. Because it’s based on Internet Protocol

(IP), there is a perceived security issue—and it

is not yet widely available. However, this point-

to-multipoint option, which is also known as

IP-enabled Frame and Private IP VPN, does not

require multiple PVCs for multiple access points.

As a result, it is less expensive to use than framerelay and ATM technology, but as secure as these

technologies.

It is both difficult and expensive to make MPLS

networks diverse and/or redundant. To achieve

redundancy, there must be two circuits at every

location, which doubles the expense. To achieve

diversity, there must be a totally separate MPLS

provider or a secondary technology (i.e., Internet

VPNs, frame relay/ATM or P-to-P) for back up.

This will certainly add significant cost, but could becheaper than using a completely secondary provider.

However, using only one provider means your

stability is entirely dependent on its availability.

Expert insight Private MPLS can be a self-healing network if

it is designed properly, making it easy to recover.

In addition, it is easier to deploy a converged

infrastructure with this technology, because it has

class of service (CoS) associated with it.

Recommendation You should deploy dual diverse MPLS providers

and allow the network to dynamically recover outages.

Look at how to deploy alternate technologies (i.e.

Internet VPNs, frame relay/ATM or P-to-P) to help

reduce the cost of a fully redundant and diverse

MPLS network. It is also prudent to consider

locating backup systems at an alternate site and

load balance between them.


2004


Deployment

Redundancy


★ ★ ★

★★

★ ★

★ ★ ★ ★ ★

★

“Private MPLS is less expensive to use than frame relay

and ATM technology, but as secure as these technologies.However, it is both difficult and expensive to make MPLS networks diverse and/or redundant.”



Ensuring Operational ResilienceOperational resilience is about continuous pro-

duction and uptime and the goal of all continuity

and recovery plans. And, maintaining information

availability—constant, uninterrupted access to

critical data—is the underlying motivation forsuch a goal.

In order to determine your optimal networking

technology for your desired level of operational

resilience, you must identify your information

availability objectives and requirements, in

addition to the locations that you need to connect.

Upon doing that, you should have the necessary

data for a risk profile, which will help you

determine your strategy for both the primary

connection and a diverse connection—withregard to deployment, redundancy, diversity,

recoverability, technology and expertise.

The ultimate aim of such an exercise is for you

to get a grasp of the gaps that exist between your

production needs and your current capabilities

and strategies. Whether that is presented as a list

or diagram is not nearly important as the areas

and issues you examine. While we have focused

here on the communications, your entire IT

infrastructure—each component individually and all components together and in relation to

the network—should be of concern. At the very

least, you need to evaluate:

• Platform processors

• Applications by platform

• Tiered applications

• Applications by business processes

• Network diagram

• Business function by business areas

Conclusion—Are You Prepared?High-speed connectivity for data, image and

voice communications has become as fundamental

to business as power and water. And because it

is the foundation of your external link, it’s even

more important to your longevity. With anunprecedented level of criticality that only grows

with technological improvements and dependence,

you must absolutely ensure that your network will

be available when you need it.

To that aim, SunGard provides key areas for

your consideration in developing a comprehensive

information availability plan:

Deployment

How much do you want to/can you spend toachieve the desired levels? What is your threshold

for a sustained network outage? How did you

calculate it and how is it reflected in your network

strategy? How many end locations have to come

back to data centers? Has your deployment

approach made your network stability entirely

dependent on parties and technologies that are

entirely out of your control?

Redundancy and diversity

What is required to have more than oneconnection and applications in more than one

place? Will your chosen approach have redundancy

configured in? If not, how can you achieve it?

Have you configured differing access points and

different carriers into your architecture? Have

you achieved any geographic diversity in your

approach? Have you thoroughly examined the

paths your carrier and circuits are taking—and

rectified any problems? What will it cost you to

not have guaranteed connectivity for the business?

Do you have multiple (rather than common)access points for your multiple connections?

20048




Have your local carriers proven the diversity of

your circuits with independent engineering stud-

ies? Have you examined and addressed the need

for multiple points of presence in your network

architecture? How about duplicate PVCs? Have

you explored adding frame circuits and providers?

Recoverability How critical is it that end users have access

to main systems and applications? What are the

main systems and applications in order of priority?

How dependent are they upon network commu-

nications? Is your primary site technology

recoverable to your backup site? Have you

implemented a plan that utilizes a protocol-

independent network? Have you leveraged the

scripts in your existing networking technology?

Technology How would you like to provide the connectivity

at your primary site? Can you afford it? Can you

really afford it—when you consider redundancy

and diversity issues? What network technologies

are actually available in your location? Have you

considered the specific security concerns? Is there

QoS/CoS associated with your technology choice?

Does your current architecture support your

future plans for convergence?

Expertise What skills/knowledge will you need to

maintain your desired communications infra-

structure? How much more expensive does that

make the configuration?

Finding an Experienced Partner It’s no small task to design and maintain a

network that supports information availability,helps avoid recovery mode, and is, in fact, easy to recover when necessary. Often, organizationsbenefit from expert, third-party assistance. Whenseeking a partner, consider firms that offer extensiveexperience in business continuity planning,disaster recovery and managed services.

SunGard delivers a complete array of servicesto help organizations assess risks, integrate network strategy, business continuity and disaster recovery plans, continually test and improve informationavailability plans, and implement them for fullrecovery. SunGard’s team of communicationsand availability experts help eliminate identified

concerns through targeted risk mitigation services, which address such issues as strategy, policy andprocedure, configuration design and network monitoring and recovery. In short, we help clientselevate their thinking and plans by incorporating critical network considerations.

SunGard’s Business and Technology Profileservice can help you understand both of theseenvironments. By correlating functional areas tospecific technology requirements, you can developa more effective information availability strategy. You can also identify potentially dangerous gapsbetween your production environment and yourcurrent IA capabilities.

The SunGard Global Network is a protocol-independent, multi-continental, dedicated network designed to meet your complete recovery, elec-tronic vaulting, testing and production needs andform the basis of an extremely reliable, one-stopsolution that can shorten your recovery window.


2004



Features include:

• 25,000 miles of network backbone and

more than 48 points of presence (POPs) for

subscriber connections

• Rapid restoration of Internet-based functions• 24/7 staffing and monitoring services

• No additional usage fees for testing

• Highly flexible connectivity options that

accommodate specific business needs

• Single point of contact for disaster declarations

SunGard also offers a full suite of services that

leverage the SunGard Global Network and help

customers recover more quickly, securely and

cost-effectively. To this aim, we offer:

• Net ReDirect, where SunGard forwards your

circuit to the desired recovery facility via a

single, protocol-independent connection that

can be linked anywhere.

• Web ReDirectSM, where SunGard rapidly

re-establishes your critical Web-based functions

and provides direct connectivity to 90% of the

Internet via a Private Internet eXchange (PIX)

architecture.

• 10/100 LAN Bridging, where SunGard seam-

lessly connects multiple recovery facilities, so

your network functions as if all your systems

were directly connected through a hub or

switch.

• V*NetSM, A SunGard Private Network Service,

where SunGard provides a virtual network

architecture that integrates access to major net-

works and ISPs in order to allow you to leverage

carrier-class equipment at a fraction of the cost.

About SunGard Availability Services

From initial assessments and plan developmentthrough execution and ongoing management,SunGard Availability Services offers a one-stop

source for helping organizations integrate risk management and incident response into theirinformation availability plans.

SunGard Availability Services delivers solutionsto support information availability—keeping peopleand information connected no matter what.Information availability requires not only technology, but also people, processes and physicalinfrastructure. Therefore, SunGard offers a fullcontinuum of professional services, managed services and business continuity solutions:

• From assessing needs to designing solutions,

our professional services help clients address

availability challenges. We deliver information

security, high availability and business continuity

services, as well as services designed to help

clients address regulatory requirements.

• SunGard’s managed services provide a secure,

reliable environment to host mission-critical

systems and applications. Offering a full

portfolio of outsourcing and support services,

SunGard gives clients the option of point or

turnkey solutions.

• With one of the most extensive infrastructures

in the industry, SunGard also delivers business

continuity services. From traditional hotsites

to leading-edge high availability solutions, our

offerings enable clients to meet availability

requirements.

SunGard Availability Services is an operating

group of SunGard (NYSE:SDS), member of the Fortune 500. With more than 25 years of experience helping organizations ensure informationavailability, we are uniquely positioned to providevendor-independent recommendations and solutions.For more details on our services, visit our website at www.availability.sungard.com orcall 1-800-434-0002.

200410





2004

AuthorsContributing Editor:Scot LeVan, Manager, Network and Security Product Development

Scot’s extensive networking background includesmore than 15 years of design, development,testing, installation and support of the variouscommunications technologies mentioned in thispaper. He also has managerial experience developing and implementing customer networks in supportof SunGard's Managed Network Services andtheir individual disaster recovery testing efforts.

Today, Scot is responsible for product develop-ment and maintenance associated with SunGard’snetwork and security services, including the

SunGard Global Network (SGN).

Managing Editor:Pat McAnally, Senior Director, ThoughtLeadership Program



SunGard Availability Services

680 East Swedesford Road Wayne, PA 19087484.582.2000800.434.0002

www.availability.sungard.com

© 2004 SunGard Availability Services. All rights reserved.

The above material is presented as general information only and dnot constitute legal advice or a legal opinion.You should seek the of legal counsel with respect to your particular circumstances.

WPS-004

Network Design Wp Final

Documents