Durham County goes Cisco for enterprise network ops and security proficiency

The government in Durham County, N.C., was spending hours and hours manually provisioning its network and keeping security policies current, so it decided two and a half years ago to upgrade for the sake of efficiency and security.

Since then, the government’s IT staff of four has migrated its traditional point-to-point network to a more modern enterprise featuring the software-defined technologies of Cisco’s Application Centric Infrastructure (ACI) and DNA Center that support its 2,100 enterprise end users and online services for 315,000 county residents. 

As a result, time spend on certain manual chores has plummeted, freeing up staff time for forward-looking projects.

ACI is Cisco’s overarching software-defined networking (SDN) technology for data center and cloud networks. DNA Center is the heart of ACI, featuring automation capabilities, assurance setting, fabric provisioning and policy-based segmentation for enterprise networks.

40Gbps fiber ring links five data centers

Durham’s core data center is distributed among four – soon to be five – buildings over a dark-fiber ring in Durham, creating a 40Gbps network backbone serving the data centers and 55 remote sites across the county. That includes seven libraries, social services, the heath department and other critical public services locations.

“We utilize leased lines from two different vendors with various speeds to connect remote sites to our central data center and have redundant internet circuits with speeds up to 1 gig to improve business continuity and connect all sites to the internet,” said Joel Bonestell, the network and security services manager for Durham County government.

The network includes Cisco Nexus 9000s in a spine-and-leaf configuration and integrates a range of other networked gear, including security cameras and load balancers. ACI and DNA Center control this environment and give the county’s IT staff a single point of control, reducing the overall complexity of its data center operations.

“We embarked on this project some two and a half years ago when our traditional data center model – where we manually configured each node and spent days making the simplest manual upgrades – to an environment where we can now make configuration and security updates in minutes across the data center,” Bonestell said.

Dramatic time savings for network and securtiy tasks

Bonestell said manual network provisioning took some 40 minutes, and updating or creating a new security policy took about 60 minutes. With ACI deployed, it takes about four minutes to provision – a 90 percent reduction – and about five minutes to update security policies – a 91 percent reduction.

“In the past we spent about 80 percent of our time and resources maintaining the network and 20 percent on new projects or improving services and innovation,” Bonestell said. “Now we have more time for new and innovative projects that will benefit our residents and businesses with new capabilities and services.”

For example, Bonestell’s group has been able to help its applications development team build new a program to remind citizens of court dates and a mobile app for submitting documents to the county. “Our ultimate vision is to automate as much as possible,” he said.