Current Environment

1
(No Transcript)
2
Current Environment

• 250 rural communities have little or no
  affordable access to high-speed
  telecommunications network.
• Most schools have no high-speed access to the
  Internet.
• Health care requires high-speed digital
  communications.
• Departments need access to maintain productivity.
• Executive Government duplication of services and
  slow adoption of electronic service delivery.

3
Shared Infrastructure Project

• Joint undertaking with Government as an anchor
  tenant.
• Design and develop new network services to
  provide for current and future needs of all
  sectors.
• Initial proposal completed in January 2000.
• Concept approved by Cabinet in June 2000.
• Detailed proposal completed in October 2000.
• Cabinet and Treasury Board approval in December
  2000.
• Service agreements (Network Service, Internet,
  Security Special Services, SCN Satellite
  Service) were signed in February 2001.

4
What Is CommunityNet?

• Shared, advanced communications network that
  will
• Connect schools and post-secondary institutions
  in the province
• High-speed Internet access no usage charges
  (flat rate)
• Distance education applications (technology
  enabled learning, video conferencing)
• Connect health care facilities in the province
• Telemedicine, remote diagnostics, access to
  specialists on-line
• Secure, confidential access to patient
  information
• Connect government offices
• Expand ability to undertake e-government
  services, and share data and resources
• Connect public libraries
• Extend Internet services to citizens who may not
  otherwise have the skills or the financial
  ability to obtain the necessary computer
  equipment
• Provide initial step towards access for small
  rural communities that have minimal or no access
  to advanced services today

5
Why CommunityNet?

• Access at affordable rates
• Schools, health facilities and government
  departments throughout province.
• Sets stage for economic development
• Enables public sector organizations to offer
  e-commerce services in rural Saskatchewan.
• Helps to overcome barriers of distance and market
  size.
• Strengthens viability of rural communities.
• Cost-effective
• 20 savings over piece-meal, one-off approach.
• Far greater capacity for same or reduced costs.

6
How Can We Build This?

• By organizing executive government and public
  sector stakeholders as one large customerthe
  anchor tenant.
• By using existing public sector expenditures to
  lever federal funds where possible.
• By establishing a long-term, stable partnership
  between the government and SaskTel.
• Ability for SaskTel to plan and implement optimal
  network design province-wide a holistic
  approach.
• Provides SaskTel with critical mass to
  rationalize advancing infrastructure in rural
  Saskatchewan.

7
Who Is Included?

• 350 communities
• 795 education locations which includes boards,
  high schools, elementary schools
• 30 regional colleges
• 310 health facilities
• 256 Government offices
• 86 First Nations schools
• 162 Libraries

8
Where?

• 10 Major Regina, Saskatoon, Lloydminster, North
  Battleford, Prince Albert, Yorkton, Weyburn,
  Estevan, Moose Jaw, Swift Current
• Next 8 Humboldt, Kindersley, La Ronge, Meadow
  Lake, Melfort, Melville, Nipawin, Warman
• Next 28 Assiniboia, Balgonie, Battleford,
  Biggar, Canora, Davidson, Esterhazy, Fort
  QuAppelle, Hudson Bay, Indian Head, Kamsack,
  Kerrobert, Lumsden, Maple Creek, Martensville,
  Moosomin, Outlook, Oxbow, Pilot Butte, Rosetown,
  Rosthern, Shaunavon, Tisdale, Unity, Watrous,
  White City, Wilkie, Wynyard
• Next 220 Smaller centers distributed across
  Saskatchewan

9
Where?
10
CommunityNet Basics

• CommunityNet is a province-wide data network, not
  just Internet access.
• IP protocol only.
• Three VPNs today
• Government, Education/Libraries and Health.
• No connectivity between VPNs unless specified.
• One central Internet service.
• One access per facility.

11
CommunityNet Basics

• Private class addressing scheme (10.x.x.x and
  172.x.x.x).
• Across the network core, CommunityNet traffic has
  a higher priority than public Internet traffic.
• A PSTN gateway is presently not available.
• CommunityNet interconnections to other SaskTel
  services are established as needed.

12
CommunityNet Basics

• Dial access to every end router with closed user
  group.
• 7x24 proactive monitoring (ping).
• 7x24 maintenance of SaskTel customer premises
  equipment is included. Outside normal SaskTel
  working hours, on-site customer personnel must be
  available to provide SaskTel representative
  access to hardware and perform allowing for
  required testing.
• Trouble response time objective is 1 hour (report
  identify problem).

13
CommunityNet Basics

• Repair time objective (problem to its final
  resolution).
• 3 hours in Regina and Saskatoon.
• 5 hours in other locations (under 54th parallel).
• Multimedia QoS (Optional).
• Network upgrade for real-time applications based
  on 64kbps increments.

14
CommunityNet Speeds and Services

• Fibre-based connections
• 100 Mbps or 10Mbps
• Customer connection one 100 Mbps or 10 Mbps
  Ethernet port
• Copper-based DSLAM
• 384Kbps symmetrical, 640Kbps symmetrical,
  640Kbps/1.5Mbps asymmetrical or 640Kbps/4 Mbps
  asymmetrical
• Customer connection one 10 Mbps Ethernet port
• Satellite (Education only)
• 56Kbps/400Kbps asymmetrical
• Customer connection one 10 Mbps Ethernet port
• Service provided supported by SCN

15
Inside Wiring
16
Inside Wiring

• Fibre Services.
• Required from the first point into the building
  (network demarc) to the equipment location
  (service demarc) if the service demarc is
  different than the network demarc (example
  server room).
• For 10 or 100 meg services, if the distance from
  the network demarc to the service demarc is
  greater than 90 meters then fibre cabling and
  conduit are required. If the distance is less
  than 90 meters, Cat 5 BDN cabling can be used.
• Copper Services.
• If the distance is less than 90 meters jacket
  wire will be used.

17
I.P. Addressing Strategy
10 Majors
Next 220
Next 36
Prince Albert
Lloydminister
Swift Current
Weyburn
Estevan
Meshed
Saskatoon
Yorkton
N. Battleford
I.E. Justice 10.1.x..x
Regina
Moose Jaw
Justice/Kindersley 10.1.2.x
Justice/Eston 10.1.3.x

• ITO will mandate customer
• CommunityNet will use 10.x.x.x and 172.x.x.x
  private class addresses
• The network is a hierarchical design
• IP range for each subscriber
• Within each major region the range is
• further segmented

• Provides route summarization - enables
• improved management of routing table
• Simplifies rule sets in the central Firewall
• Simplifies access control lists in multi-tenant
• buildings on the Government VPN
• 192.168.x.x networks reserved for Telco use.

18
Option - If Refusal to Migrate to 10.x.x.x

• If your LAN uses IP networks that have not been
  assigned by SaskTel, you have to NAT to the
  address assigned
• Only the 10.x.x.x 172.x.x.x address range will
  be advertised on CommunityNet
• The customer is responsible for their own
  firewall or NAT device

19
Internet Strategy for CommunityNet
Infrastructure
CommunityNet
100 Meg Access
Intrusion Detection
Availability 7x24
Remote Access
Web Server
DNS DHCP
DMZ
Tunnel Server
Remote Access is a VPN solution
Redundant Internet Feeds
Internet
Firewall Cluster
20
Internet Strategy for CommunityNet

• Includes more than firewall service
• Intrusion detection 5 probes
• 1 per VPN, 1 outside CommunityNet, 1 in DMZ
• Secure remote access
• IP management
• DNS/DHCP 6 servers
• 2 per VPN
• SMTP Mail Relay server
• On-line change management forms/process

21
Security Service Strategy
22
DNS/DHCP

• Each CommunityNet VPN will have a separate domain
  name which will be used for identification and
  resolving domain names within the VPN and between
  the VPNs.
• Each VPN will have two DNS servers, one primary
  server and one secondary server, the other two
  VPNs DNS servers will be setup as secondary
  servers to the VPN with the primary server.
• CommunityNet will provide the DNS service for
  customers that do not have a DNS.
• Customers who run their own internal DNS will be
  set up as the primary and CommunityNets DNS
  servers will be the secondary.

23
DNS/DHCP

• Customers who wish to continue running fully
  qualified domain names (FQDN) on CommunityNet may
  do so.
• Customers FQDNs would be duplicated to the
  non-registered IP addresses in use on
  CommunityNet.
• For customers who maintain an internal FQDN and
  use CommunityNet to provide their internal DNS, a
  letter of commitment is required.
• Any Internet FQDN's (external DNS changes)
  changes would have to go through the Security
  Change Control Request process for SaskTel to
  administer the change.

24
Secure Remote Access

• The service uses Checkpoints Firewall 1 VPN
  tunnel software
• Two types of VPN clients are available
• Secure client provides extra level of security
  for the clients machine, by including the ability
  to develop a policy to prevent routing to the
  client, thereby protecting the client
• Remote client provides an encrypted tunnel over a
  shared infrastructure, and offers no security for
  the machines on which they run, only encryption.

25
Secure Remote Access

• Clients who have their own tunnel server VPN
  solution will be allowed to go through the
  central firewall and be relayed to their own
  tunnel server located within CommunityNet.
• Certain restrictions apply
• The client must be able to be NATed to the
  non-routable 10.x.x.x before being routed onto
  CommunityNet
• Clients running IPsec or PPTP currently not
  supported

26
Change Requests

• Change request forms for Security Services and
  Network Services have been created and will be
  hosted on a server in the DMZ off the central
  firewall.
• Access to the forms is restricted with
  authentication through user ID password.

27
Network Change Requests

• Cover areas such as
• Speed changes on circuits
• Moving of circuits
• Adding circuits
• Deleting circuits
• DHCP routing

28
Security Change Requests

• Standard (Up to 48 hours).
• DNS changes, tunnel keys additions (when existing
  client keys are in place), static NAT additions.
• The sectors will submit names of who will be
  allowed to access the change request form.
• Critical (Up to 5 days).
• New inbound services requiring authorization, new
  tunnel clients where none exist.
• Authorization required from the ITO or SPMC, or
  may need to be addressed with the Technical
  Advisory Group first.

29
Trouble Reporting

• Help Line - 1-866-619-8811
• An IVR has been established to receive incoming
  trouble calls. The customer calls are further
  directed to the proper queue based on the IVR
  prompts sent by the caller.
• Prioritization on trouble resolution - treat all
  troubles the same, FIFO (first in first out),
  with the exception health safety first.

30
MPOCs for Trouble Resolution

• Executive Government
• SPOCs will be the IT managers of each
  department.
• No trouble calls after normal work hours.
• Health/SHIN
• SHIN Help Desk
• Education/Libraries
• Existing technical support processes in each
  school district/library region should be
  followed.
• No trouble calls after normal work hours.

31
CommunityNet Rollout Strategy

• The rollout strategy will consist of three areas
• Network rollout
• Collecting information from customers before
  migration
• Access rollout

32
CommunityNet Rollout Strategy

• Access Rollout
• SaskTel began access implementation June 1, 2001
• CommunityNet will have a 3-year rollout plan at
  45 accesses a month
• The Government will provide, in conjunction with
  the Sector Primes, an access installation list
  which will provide a systematic migration plan.
  This list will help SaskTel determine if extra
  construction is required.

33
CommunityNet Rollout Strategy

• Customer Migration
• A cut-over template has been created for each
  customer. This template collects information on
  the customers current network so it can be
  mirrored on CommunityNet.
• The template will be sent out to all customers to
  review and complete.
• SaskTel, ITO, and SPMC will visit the customer 6
  weeks prior to migration and go over the cut-over
  template to ensure all required information is
  collected.

34
For More Information

• www.communitynet.ca

35
Thank You!