Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

F E A T U R E

First-Class IT Service

April 17, 2003
By Jonathan Feldman

>> continued from previous page

Keeping Busy

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Discuss this article
	Flame the author

	In this article
	Introduction
	Keeping Busy
	KISS, McCarran Style
	Attitude Is Everything

Besides CUTE, McCarran has other projects keeping its IT staff hopping. Vincent Macri, a systems technician, gave us a peek at the airport's new video-surveillance system: Kalatel 2000E digital video recorders are hooked into more than 100 cameras all over the facility, from the gates to the parking toll booths, with gigabit uplinks to four Matrix E1 core switches. Even before 9/11, immigration-driven video-surveillance regulations had Hughes' team thinking about automating the system. Now, they're doing 8 frames per second and keeping the video in compressed format for about a month, which fits McCarran's surveillance needs nicely. Video is kept on the recorder's hard drive, and Macri burns DVDs as needed for evidence purposes.

Hughes outlined plans for replacing McCarran's older FDDI network, built on Optical Data Systems components, with an Enterasys gigabit core. He says he's still fond of the ODS gear and can't complain about downtime. So why switch? "It doesn't do what we want it to do," he says. For starters, the FDDI (100 Mbps) network doesn't support VLANs, nor can it provide the kind of bandwidth that Hughes needs to ship GIS (geographic information system) data and video around the facility. The GIS need was addressed two years ago with an initial Gigabit Ethernet rollout using Cisco series 6000 gear. After success of that project and discussions with vendors, Enterasys was chosen for the airportwide deployment. With desktop connections at 100 Mbps and a gigabit core, the GIS department (one of the recipients of the new gigabit network) now enjoys faster response times.

In addition, the airport sells dark fiber to the airlines, but, Hughes says, "We could offer them VLANs over copper," which is cheaper and quicker than fiber to implement.

But what about the security implications? The CTO of some airline, for instance, might be uncomfortable using McCarran's VLANs. "[His] data is already on my network," Hughes says. "We have the firewalls in place. We have [operational] security in place. We have intrusion protection in place."

It's interesting to note that McCarran has no chief security officer. There is no dedicated network security person, and Hughes makes no apologies for it. "Security is a shared responsibility," he says, a sentiment with which we heartily agree. He points out that, though McCarran runs a number of Microsoft products, "Our impact from SQL Slammer was exactly zero."

Central Command

McCarran controls all the front-end systems that present information about flights, passengers and personnel throughout the airport, right down to the baggage tag printers.

This speaks well for the facility's patch procedures, network design, content scanning and default firewall rule sets. A quick scan reveals McAfee virus protection on workstations with up-to-date signatures and engines, and when we tried to connect back to our office VPN by plugging into an Ethernet port, we were categorically denied. McCarran's "default deny" posture requires authentication to connect out to the Internet.

McCarran's Cisco PIX firewall handles packet filtering for the network, with failover planned by July. David Webb, the department's senior business systems analyst, has just finished deploying Novell's BorderManager as an authentication-based proxy for Web users.

Speaking of secure (or insecure) transports, no discussion about network facilities would be complete without talking about plans for wireless. The TSA's master IT plan, which includes a plan for wireless facilities, provoked something of a reaction from Hughes, but he diplomatically says, "We've got bigger plans than just [sending] a perpetrator's picture on a PDA."

McCarran is in discussions with several wireless providers, including AT&T, Roving Planet, SpectraSite, Sprint and T-Mobile, and is in talks with Arinc for the airlines' wireless needs. The facility has a limited wireless presence in conference rooms, with appropriate security, the details of which Hughes would prefer we not disclose, for obvious reasons.