Topologies for Teleworker Connectivity

Facilitating Remote Connections

In Chapter 1, the discussion centered, very briefly, on teleworker architectures. Now that you are familiar with some of the available options, it is an appropriate opportunity to explore the concept further. Throughout the discussions to follow, SONA will continue to guide the overall path of the subject matter. For in-depth details regarding the various available technologies and methodologies regarding teleworkers, Cisco has published the “Business-Ready Teleworker” SRND document, available at http://www.cisco.com/go/srnd. To the outside observer, it might be quite easy to settle on the idea that the role of the teleworker, as compared to an all-out campus architecture, is a detail scribbled in the margin down near the legend on a map of the way to some grandiose treasure. Interestingly enough, the plight of the teleworker has brought about a revolution in the way businesses operate and, obviously, from where they do that business. IIN and the Teleworker The idea of the Intelligent Information Network (IIN) brings into focus the idea that a network should be dynamic, flexible, and, above all, consistent in the experience offered to its user community. The IIN will provide service integration and allow the shared resource pools to maximize the business productivity. Intelligent networks make it possible to merge dissimilar networks (that is, traditional data, voice, and video networks) into a single, converged network. By building in the intelligence to adapt to changing resource needs and overcome resource silos by merging multiple mission-specific networks into a single entity, a tool is forged that is greater than the sum of its parts. How is the IIN a greater tool? It does everything that its predecessors could do and more. More importantly, it can do those tasks at reduced cost due to simplification and virtualization. Cost reductions flow from having only one network to maintain and support rather than several. Value is added because applications and services require no additional infrastructure above what is already part of the IIN. Teleworker connectivity is, by definition, a wide-area network (WAN) connectivity scenario. It contains many of the same needs and requirements as a branch office or other remote site. The connection must be secure, reliable, and capable of protecting critical traffic types such as voice and video. 150x01x.book Page 36 Monday, June 18, 2007 8:52 AM Facilitating Remote Connections 37 Enterprise Architecture Framework SONA was assembled to address the needs of today’s enterprise networks and provide a map of how they can evolve into an IIN. To maintain the SONA mindset, Figure 2-1 repeats the illustration of the SONA model from Chapter 1

Remote Connection Options

The enterprise architecture framework, and therefore the Cisco SRND for teleworkers, emphasizes a few ideas for the overall solution. These ideas are the primary goals of the solution: ■ Defining safe boundaries within which the solution may be deployed (facilitated by proper expectation setting). That is, the solution must maintain the security standards of the corporation to avoid or mitigate exposure. The teleworker must agree to be bound by corporate security policies in the residential office. ■ Providing hardware and software recommendations for a given deployment model ■ Including or referencing performance and configuration information These goals are meant to allow the extension of integrated services to teleworker homes in a safe, secure manner while maintaining a comparable service level to that provided to campus-based employees. The overall goal is similar to that of the other architectures put forth by SONA, including protection, cost reduction, and scalable growth potential. Remote connectivity is not without its challenges, obviously. For each challenge, innovation has brought forth new possibilities for connectivity. Regardless of the chosen option, the common theme still rings true, “Design today with tomorrow in mind.” Some of the available options for remote connectivity are as follows: ■ Traditional Layer 2 technologies such as Frame Relay, ATM, or leased lines ■ Service provider MPLS VPNs offering scalable, flexible, and fully meshed connections ■ Site-to-site and remote-access IPsec VPNs over the public Internet Each of these options could easily be selected and expected to fully serve the basic needs of the remote site or employee. However, each comes with its own challenges where the balance of cost versus security is concerned. Traditional Layer 2 Connections Traditional Layer 2 connections such as Frame Relay and ATM are, most importantly, not available to residential premises (typically). Also, the nature of a Layer 2 connection does not provide much in the way of QoS configuration beyond basic traffic shaping over the link. This aspect alone might be enough to disqualify it as an option if it were available to the teleworker premise. However, these technologies tend to be quite secure, even if there is near-total reliance on the service provider for that security.