Managed Cybersecurity Solutions Tailored for City of Modesto

Our Reliable IT Support Fit Modesto's Business Needs

I give Telcion an A+ in the delivery and implementation of this project. It was well done, and the City received the value that was promised.
— Kevin Harless, IT Director

About the Client

Name | City of Modesto

Location | Modesto, CA

Industry | Government

Number of Employees | 1000+

Solution

Cisco DNA

Cisco C9500 Core Switches

Cisco C9300 Access

Firepower Threat Defense

75 Meraki Access Points

Cisco UCS Server

Nimble Storage System

Cisco ISE

Main Outcomes

Increased bandwidth

More security

Better network visibility


The Problem

City of Modesto’s aging network infrastructure was more than 10 years old in some areas and it was time to invest in a new network architecture that would last for another decade.

Outdated Security Architecture

Their security architecture had worked well but was turning end-of-life. It needed to be re-architected to support modern firewall technologies and faster throughput for bigger internet pipes that would be needed in the near future.

Limited Bandwidth

There was limited 10gig capability within the core, and only 1gig connections to off-campus locations. They needed a scalable backbone with 10gig to the edge, 10gig connectivity to servers, and 40g/100g in the core to handle the increased traffic capacity. High resiliency was still an absolute requirement.

Lack of Network Visibility

Another issue that needed to be resolved was the lack of good network visibility. It was imperative that the solution include a solid network management platform that would provide network visibility and easy administration.

The Challenge

There were many challenges that needed to be overcome for a successful outcome.

Lack of Advanced Features on Very New Hardware

In order to provide the longest possible life, the new architecture would be early in its lifecycle meaning that many of the advanced features may not be available when it was time for production. We needed to navigate through this carefully to make sure the new system stayed current on software to maximize new features, and that a lack of features wouldn’t hinder a successful outcome.

Multi-Phase Rollout

With approximately 40 sites across the City, the upgrade wouldn’t be able to be completed in single cutover. Instead, it would need to be rolled out in phases and co-exist with the existing production network. Support for both the existing network and the new network would need to be provided during this transition. This would be a multi-phased rollout of technologies, starting with the edge, then the core, wireless, security, and finally network management.

Outdated Fiber Cable

Some of the fiber in use wouldn’t support 10gig due to media limitations over distance, and needed to be replaced and upgraded. Every IDF closet needed to be retrofitted with new thin patch cables, wire management, and in some cases completely overhauled and cleaned up, adding significant time to the project and requiring longer outages.

Small Maintenance Window

Remote locations generally had more flexible maintenance windows, but on the main campus downtime would need to be minimal. The infrastructure would have to be well tested and integrated with the existing network first, and then all services transitioned from the old core to the new core, with the final removal of the old core from production.

Budget

Finally, due to the project approval process, the project budget limit was $1.5mil. We needed to design a solution that would fit within these financial constraints and still meet all of the needs and requirements.

The Solution

The City was clear that they wanted to pick an architecture that would last for another decade and wanted to make sure that any investment they made would have this in mind.

Cisco DNA

As they began the evaluation process of available Cisco technology, it became clear that the long-term investment needed to be based on the Cisco Digital Network Architecture (DNA). This was where Cisco’s strategic R&D dollars were being invested, and all products were being migrated to support this platform. If the City chose this platform, there was a high probability of longterm support within this product suite.

New Switches, Access Points, Server, Storage, and Cisco ISE

In order to support Cisco DNA, all network switching products had to specifically support this architecture to be managed under the DNA umbrella. This meant that all access switches would be based on the Cisco Catalyst 9300 platform. The data center core would be based on the Cisco 9500 switches with a 100gig backbone and 40gig uplinks within the data center. The wireless infrastructure, including about 75 access points, were upgraded with new AP’s and controllers. A Cisco UCS server infrastructure with Nimble storage system was deployed to facilitate numerous virtual machines required for this deployment, including the network management platform, Cisco Identity Services Engine, and the Cisco DNA appliances.

LiveAction Network Management

The network management was deployed using LiveAction with vendor training provided to the staff to bring them up to speed.

Results

The entire solution was deployed in multiple phases over a 15-month span. Telcion provided ongoing support after the cutover and for the first full year after project sign-off. As a result of this upgrade, the City now enjoys significant increases in bandwidth within it’s core (100gig) data center and directly connected switch stacks (10gig), the latest security hardware and software that will enable better protection now and in the future, and new network monitoring tools that provide much improved visibility to the network.

 

Networking solutions

Read more