Cisco Systems, Inc. Response to
White Paper
Next Generation Network
March 14, 2013
Cisco Systems, Inc. - Proprietary
Cisco Systems, Inc. Response to
Request for White Paper
Next Generation Network
March 14, 2013
Cisco Systems, Inc.
Cisco Systems, Inc. - Proprietary
.
Legal Disclaimer
Thank you for the opportunity to provide this White Paper for your consideration. Please note that this White Paper
may include proprietary, confidential, and/or trade secret information, which, if included, will be clearly marked as
such.
Cisco Systems, Inc. - Proprietary
Document1
ii
Trademarks
Every effort has been made to identify trademark information in the accompanying text.
However, this information may unintentionally have been omitted in referencing particular
products. Product names that are not so noted may also be trademarks of their respective
manufacturers.
Cisco is a registered trademark of Cisco Systems, Inc.
The Cisco logo is a registered trademark of Cisco Systems, Inc.
Cisco Systems is a registered trademark of Cisco Systems, Inc.
Cisco Systems, Inc. - Proprietary
Document1
iii
Table of Contents
The Next Generation Network for Public Sector .............................................................................1
Executive Summary .........................................................................................................................1
Future IT Trends ......................................................................................................................... 2
Current Network Capabilities for Government Services ............................................................ 3
Contract Scope ............................................................................................................................ 5
Procurement Delay...................................................................................................................6
Scope Recommendations .........................................................................................................7
Terms and Conditions ................................................................................................................. 7
Public Sector Use Cases ............................................................................................................. 7
Future IT Trends ..............................................................................................................................8
Network Capabilities for Government Services ............................................................................12
The Way Forward ..................................................................................................................... 14
Architecture Rationale .............................................................................................................. 16
Impact of Commoditization ...................................................................................................... 17
Networking Components .......................................................................................................... 19
Network Infrastructure ...........................................................................................................23
Cloud/Data Center .................................................................................................................23
Collaboration Services ...........................................................................................................24
Physical Security ....................................................................................................................25
Network Management ............................................................................................................26
Procurement and Technology Scope .............................................................................................28
Typical Components of State-Wide IT Procurements .............................................................. 29
Objective ................................................................................................................................29
Purpose ...................................................................................................................................30
Scope of Work .......................................................................................................................30
Definitions of Terminology ...................................................................................................30
Scope Recommendations .......................................................................................................... 31
Products and Services Scope..................................................................................................32
Addition of New, Value-Added Technological Advances during Contract Term ................34
Eligible Users .........................................................................................................................34
Manufacturer’s Fulfillment Partners ......................................................................................34
Terms and Conditions ....................................................................................................................35
Common Contractual Issues and Concerns .............................................................................. 35
OEM as Prime/Contractor Holder with Resellers as Subs.....................................................35
Limitation of Liability............................................................................................................35
Most Favored Nation Language or Similar Language ...........................................................35
Pricing Based on Minimum Discounts versus Fixed Price ....................................................36
Capital Lease Financing .........................................................................................................36
Refurbished Equipment .........................................................................................................36
Cisco Systems, Inc. - Proprietary.
Document1
iv
Payment Terms ......................................................................................................................36
Delivery, Inspection, Acceptance, and Rejection ..................................................................36
OEM’s Standard Warranty ....................................................................................................37
Standard Maintenance Offerings ...........................................................................................37
Standard Software License.....................................................................................................37
Consequential, Incidental, Indirect, Special, or Punitive Exclusion ......................................37
Liquidated Damages ..............................................................................................................38
Rights and Remedies of State for Default ..............................................................................38
General Indemnity .................................................................................................................38
Patent, Copyright, and Trade Secret Indemnity .....................................................................39
Rights in Work Product(s) .....................................................................................................40
Right to Copy or Modify........................................................................................................40
Stop Work Order ....................................................................................................................40
Returns ...................................................................................................................................40
e-Procurement or Online Catalog ..........................................................................................41
Confidentiality Provisions .....................................................................................................41
Contract Term ........................................................................................................................41
Public Sector Use Cases for the Next-Generation Network ..........................................................42
General Government Operations .............................................................................................. 42
Virtual Citizen Services ............................................................................................................ 43
Health and Human Services ...................................................................................................... 44
Education .................................................................................................................................. 44
Public Safety ............................................................................................................................. 45
Justice........................................................................................................................................ 46
Summary ........................................................................................................................................46
Glossary of Current and Future Technology .................................................................................48
Acronyms .........................................................................................................................................1
List of Figures
Figure 1. The Network Is the Foundation ....................................................................................... 4
Figure 2. Trends in Networking and Supporting Infrastructure ..................................................... 8
Figure 3. Cyber Security Is Needed across the Network ................................................................ 9
Figure 4. Applications, Devices, and Support .............................................................................. 12
Figure 5. Application Layers on the Same Network Infrastructure .............................................. 15
Figure 6. User Services Are Supported by the Network Services and Foundation ...................... 17
Figure 7. Underbuilt Network Cannot Support Extra User Services ............................................ 18
Figure 8. Virtualization Enables Network Consolidation ............................................................. 19
Figure 9. The Four Layers of Shared Network ............................................................................. 24
Figure 10. Digital Signage ............................................................................................................ 56
Figure 11. OSI Model ................................................................................................................... 61
Figure 12. WAN and Application Optimization Lifecycle ........................................................... 63
Cisco Systems, Inc. - Proprietary.
Document1
v
Figure 13. Architecture Overview ................................................................................................ 66
List of Tables
Table 1. Vendor Solutions .............................................................................................................. 6
Table 2. Five Technology Areas ................................................................................................... 13
Table 3. Network Capabilities Examples...................................................................................... 20
Table 4. Essential Networking Components Support Government Services ............................... 22
Table 5. Cloud Computing versus Traditional IT ......................................................................... 23
Table 6. Major Technology Categories ........................................................................................ 32
Cisco Systems, Inc. - Proprietary.
Document1
vi
The Next Generation Network for Public Sector
Executive Summary
Technologists, business managers, and policymakers in the Public Sector expect Information
Technology (IT) to improve service delivery with the same or fewer resources and to contain
costs. IT procurement poses unique challenges, because of the rapid pace of technological
advances and the lengthy timeframe for competitive processes to take place. Often, contracts are
out of date before the procurement process is complete. For example, existing contract vehicles
for networking, communications, and data center technology did not foresee innovations such as:




Cloud computing
The Bring Your Own Device (BYOD) to work trend
Video and web conferencing for collaboration and training
Network-connected sensors for public safety and facilities management.
As a result, many Public Sector organizations have had to develop supplemental Requests for
Proposal (RFPs) or Requests for Information (RFIs) and reissue or withdraw RFPs, complicating
the procurement process and sometimes delaying project starts.
This White Paper is intended to share information that may make it easier for public-sector
procurement officers to meet organizational needs and provide guidance on how to develop new
RFPs to be more flexible. This White Paper describes:

Future IT trends that we expect connected governments to adopt over the next decade to
increase efficiency, improve citizen services, and reduce costs.
Cisco Systems, Inc. - Proprietary
Document1
1




Current network capabilities for government services needed to support user services
today and into the future, including the network infrastructure, cloud and data center
solutions, collaboration services, physical security, and connectivity to service providers.
Scoping the contract to make it flexible. Building flexibility into the procurement process
allows Public Sector Chief Information Officers (CIOs) and procurement officers to take
advantage of technological advances. It also helps procurement officers take advantage of
changes in pricing and licensing models, manufacturing innovations, and catalog changes
resulting from acquisitions or spinoffs which occur frequently in a world of consolidation
and innovation.
Terms and conditions that either increase or decrease the flexibility of the contract.
While every Public Sector entity has its own terms and conditions, some make it harder
for vendors and system integrators to respond with the best solution and pricing.
 We have provided some highlights of terms and conditions that cause problems for
most technology companies from a “risk” perspective. Contract requirements that are
considered non-standard in the IT industry tend to create significant additional
financial burden on companies to comply with, which will ultimately impact the
pricing of their offerings under the contract.
 We provide alternative legal language to enable Public Sector procurement officers to
protect the public interest, get the products and services their agencies want, meet
their legal requirements, and enable the vendor community to do business without
undue risk.
Public Sector Use Cases help you have a conversation with your stakeholders; we have
included use cases for government services, public safety, justice, health and human
services, and other departments.
Future IT Trends
The public and private sectors are at the threshold of a massive transition in how and where work
is performed. Just a few years ago, work was a place. You sat at a desk and used a Personal
Computer (PC) to access information and applications hosted on servers somewhere in the
building. To meet with someone, you took a trip. To learn about departmental news, you went to
a meeting or read a newsletter.
Today, work is no longer a place, but an activity. An increasingly mobile workforce expects
remote access to use voice, video, and data services from anywhere, any time, on any device,
including personal smartphones and tablets. Many existing contracting vehicles did not anticipate
the contemporary government workplace:



Cloud services are supplanting departmental servers to enable IT services sharing
A more mobile workforce has given rise to Bring Your Own Device (BYOD) policies
and virtual desktops
Video has become a mainstay for collaboration, training, justice, and public safety
Cisco Systems, Inc. - Proprietary
Document1
2




Cyber security is more complex; the result of:
 more sophisticated attackers
 the move to cloud services
 mobile computing
 remote access
 Other Key Threats
Software Defined Networking (SDN) is helping governments provide better performance
with existing bandwidth
“Big Data” analytics are enabling smarter government and more personalized citizen
service
Networks connect people, places, and devices to create an “Internet of Everything.”
Read more about future IT trends.
Current Network Capabilities for Government Services
The old government paradigm where employees sit in offices to perform their work in order to
access essential services and perform job functions is obsolete. While there will probably always
be capital cities and major city government office complexes, current technology innovations
provide government agencies operational efficiencies and increased productivity and enable
employees to work anywhere, anytime, on multiple devices as needed to do their jobs. Most
employers and employees now see the benefits of anywhere, anytime access to information using
any device. These shifts in how and where we work, coupled with innovations in IT, are driving
changes in our basic ability to collaborate with one another and get the information we need to
meet our needs.
More and more flexibility, more remote access, more non-standard, non-IT issued devices and
equipment accessing the network means that today’s communications networks must have
capabilities that yesterday’s basic data networks never envisioned. The burden to deliver these
new capabilities falls largely on procurement officers. As procurement officials meet the needs
and challenges presented by a demanding public, a mobile workforce, and agency managers,
their new contracts and procurement vehicles must incorporate a broad array of new technology.
New contracts must be broad enough and flexible enough to adapt to future changes and
innovations in technology.
Chief Information Officers and technology professionals understand the pace and changes in
technology, and they want contracts that enable them to provide solutions to business problems
facing government agencies and current and innovative technology to meet government
workforce requirements. Procurement officials can help the technology professionals be
successful and enable government to gain operational efficiencies while reducing operational
costs.
Cisco Systems, Inc. - Proprietary
Document1
3
It all starts with understanding that networks are the foundation upon which all other IT
solutions function. Guaranteeing that everything works to its highest level of functionality and
meets the security requirements of today’s workforce requires approaching IT procurement from
an architectural perspective (Figure 1).
Figure 1. The Network Is the Foundation
By working with IT professionals to develop a complete architecture, IT procurement will
leverage the network to transform day-to-day operations.
Utilizing an architectural/solutions based approach to contracting, as opposed to procurements
for single point products, will create this IT platform for transformation and provide a foundation
to enable future IT services and capabilities. The following includes the Next Generation
Network (NGN):

NGN Requirements for the Public Sector
 Low total cost of ownership: Acquisition costs are only a fraction of the total cost of
ownership. To lower operational costs, an NGN also needs easy-to-use management
and troubleshooting tools and the ability to scale without a network redesign or
equipment replacement.
 Global availability: Availability has a growing impact on the business of
government because the network supports critical applications for public safety and
citizen services. The growing popularity of cloud services in government requires
highly available connections to cloud service providers.
 Consistent quality of experience: Successfully integrating collaboration capabilities
such as instant messaging and videoconferencing into business processes requires a
good quality of experience. Without it, adoption suffers.
 Transport virtualization: Rather than building and maintaining multiple networks
for voice, video, energy management, and so on, governments are consolidating to a
Cisco Systems, Inc. - Proprietary
Document1
4




single physical network that supports multiple virtual networks. This lowers costs
while also providing economies of scale for management, redundancy, and so on.
Cyber security: Attacks are becoming more frequent and more sophisticated. The
NGN needs information assurance capabilities that allow high-priority applications to
continue functioning even during attacks. Requirements include authentication, rolebased access control, and prevention of attacks intended to bring down servers.
Secure mobility: An increasingly mobile workforce needs access to government
services from anywhere, from any device — including personal tablets and
smartphones.
Support for video and other rich-media applications: The NGN needs the
performance and management tools to deliver a consistent video experience without
interfering with the performance of other applications running over the same network.
These are known as medianet capabilities.
Energy awareness: To lower energy consumption, the NGN needs to report energy
utilization of devices connected to the network, and automatically power them down
when appropriate. An example is powering down wireless access points and Internet
Protocol (IP) phones when offices are closed.
Read about Network Capabilities for Government Services.
Contract Scope
In the IT world, there are at least two distinct types of procurements: products and/or
commodities; and services and solutions. Governments continue to need to make commodity and
product procurements. However, in order to make sure that your contract remains flexible
enough to enable your customers to acquire the equipment they need, the scope needs to broaden
the narrow focus on products to include solutions and architectures. To make sure that your
buying vehicles remain relevant as technology, organizational needs, and licensing models
change, the scope should frame “the ask” in a way to address specific business requirements or
solve specific problems. Instead of specifying a “box” that meets specifications such as speed or
number of ports, consider writing requests for solutions that meet a business need such as:




Video or Web conferencing solutions to provide distance learning
Voice over IP to reduce telephone line costs and leverage the data network infrastructure
Data center consolidation and virtualization solutions to reduce costs
Interoperable communications solutions that enable public safety employees to talk
directly using any type of radio or phone and to also share video and blueprints.
Each of these solutions requires a complete architecture, which includes some combination of the
components shown in Table 1. Vendor solutions for public-sector business needs require a
combination of infrastructure, services, devices, and applications.
Cisco Systems, Inc. - Proprietary
Document1
5
Table 1. Vendor Solutions
Solution
Component
Examples
Infrastructure
Routers, switches, compute, servers, storage, wired and wireless Local Area
Network (LAN)
Services
Security policy, role-based access control, XaaS
Devices
IP phones, immersive video endpoints, sensors and actuators, IP video
surveillance cameras, government-owned thin clients and zero clients, personal
devices like tablets and smartphones
Applications
Unified communications, contact center, video surveillance management,
interoperability for first responders
With the advent of solution based and architectural RFPs, some innovative procurement officials
are also incorporating third-party products or services as part of their overall solution in their
product catalog contracts. In this way, a solution might be enabled through a single contract
which results in a turn-key solution rather than having to develop multiple contracts.
Procurement Delay
The current proposal process typically does not keep pace with the speed of technology
innovation. In most cases, from the time of RFP release to the time the contract has been
awarded, the approved products in the contract will have most likely gone through an upgrade,
been replaced with newer models, converged with new technologies or even discontinued. For
example, many current government contracts did not anticipate the revolution in convergence of
voice, video, and data into a single IP network. Current contracts last for 5 years or more. Most
procurement officials who were not technologists did not foresee the convergence of voice,
video, and data into a single IP network.
Many current contracts have limitations that prevent companies from providing comprehensive
products and services offerings, which in turn prevent agencies from being able to order
complete solutions through the contract. Their inability to procure complete solutions under a
contract causes them to issue multiple RFIs and/or RFPs in order to get the complete equipment
they need from vendors, which defeats the purpose of the original contract. Alternatively,
customers may have to issue multiple purchase orders under multiple contracts in order to get the
complete solution. This is where opportunities for efficiency gains can be captured. State
contracts were initially designed to save government and education members’ time and money
by having a complete parts list that would streamline the procurement process and provide
business managers with complete solutions or capabilities.
Today the network is the foundation for day-to-day operations of every level of government and
should be looked at as a utility. Governments need to upgrade their network at a much faster
pace than through the traditional RFP process to realize the gains of technology advances. These
contracting problems are not new and solutions have been found at the federal level with the
General Services Administration (GSA) contract.
Cisco Systems, Inc. - Proprietary
Document1
6
As IT procurement shifts from individual “point” products towards solutions and capabilities that
meet business requirements, a complete networking solution is known as an architecture.
Networking architectures typically include:





Switches and routers
Network services that operate in the background to provide a good user experience such
as fast application response and smooth video
Endpoints connected to the network, such as IP phones, immersive video units, and thin
clients used to access “virtual desktops,” IP video surveillance cameras, or sensors
Compute and storage capabilities
Applications such as voice, instant messaging, or video surveillance monitoring.
Switches are not commodities, like printers or cables. The least expensive switches do little more
than transport data. In contrast, switches with the right set of advanced features can do much
more, quickly paying back the incremental investment. For example, features that simplify
management, automate port configuration, and accelerate troubleshooting can lower operational
overhead. Similarly, the ability to carry voice and video traffic can eliminate the costs of
building and maintaining separate networks.
Scope Recommendations
This section provides example RFP language that can be used in an RFP to help the Procurement
Officer to ask for:



The best pricing
The broadest feature set
Equipment that meets Public Sector agency use requirements today and into the future.
The original RFP and awarded contract should contain anticipatory provisions that allow for the
future addition of new, supplementary, or converged network-centric IT products, services,
software and/or solutions as a value-add.
Read more about contract scope.
Terms and Conditions
Being aware of suppliers’ perspectives on terms and conditions when you craft the RFP can help
suppliers offer you advantageous pricing. Examples include authorizing Original Equipment
Manufacturers (OEMs) to work with certified resellers as subcontractors; basing contracts on
minimum discounts rather than fixed pricing; and agreeing to standard OEM warranty terms.
Read more about terms and conditions.
Public Sector Use Cases
Public sector use cases provide a description of common discussions between procurement
officers, politicians, government leaders, managers, and CIOs. We have provided some examples
Cisco Systems, Inc. - Proprietary
Document1
7
of use cases to help procurement officers connect these discussions with Network Capabilities
that would provide the complete solution for the Use Case. In the end, we hope that we help
buyers understand where the technology is headed; what the capabilities of their networks must
be to meet current and future government business needs; and how to ask the market to provide
these capabilities over the duration of the next contract period.
Read more about Public Sector Use Cases
Future IT Trends
It is a very exciting time to be in the IT field and in particular in government IT. The ongoing
promise of IT innovation has been to increase capabilities and/or productivity while decreasing
cost for companies and governments alike. Over the last decade, we have seen this happen at a
greater rate than ever before as technologies such as PCs, Web/Internet and wireless LAN
networks have been integrated into the business of government. This innovation insertion will
continue to occur and our governments will provide more capabilities to more citizens at a lower
cost. Some of the trends that will impact the future operation of government are described below
and shown in Figure 2.
Figure 2. Trends in Networking and Supporting Infrastructure
Many of these trends are already integrating into state and local governments.
Cisco Systems, Inc. - Proprietary
Document1
8
Cyber security: Cyber security is a comprehensive approach to information assurance that
encompasses policy, supply chain, IT architectures, and security solutions (Figure 3).
Figure 3. Cyber Security Is Needed across the Network
Cyber security reduces the risks presented by the pervasiveness and interdependence brought
forth by the global network.
This is accentuated by the use of cloud and the move to mobile computing. Privacy, identity, and
data integrity are all critical elements of a government IT system and should be addressed by
good cyber hygiene. However, as we have seen in the recent years, attacks are more directed to
specific targets and attackers are more capable than ever before. This puts pressure on all
entities, both public and private sector, to secure assets (data and infrastructure) in such a manner
to quickly adapt to any cyber threat. Cyber security will continue to be a key priority for all
levels in government until a comprehensive, adaptable, and effective defense is systematically
delivered to protect our government and citizen assets.
Desktop Virtualization: Desktop virtualization/Virtual Desktop Infrastructure (VDI) is the
movement of workloads from PCs to data center servers, creating virtual clients. In this
environment, applications and complete operating environments are hosted on servers and
Cisco Systems, Inc. - Proprietary
Document1
9
storage in the data center. This allows users to access their desktop from any location, without
being tied to a single client device, since the resources are hosted. For government IT, this means
a more centralized, secure, and efficient client environment that is easier to maintain. Some
solutions can go beyond traditional desktop virtualization, providing an integrated and optimized
multimedia, voice, and video solution that considers the complete workspace: computing,
communications, and collaboration.
Mobility and BYOD: With the pervasive deployment of high-speed broadband technologies
like Wi-Fi, cellular networks, and the parallel advancements in mobile computer devices
(smartphones, tablets, and ultra-books), it is no surprise that we are seeing the movement to a
mobile workforce. This movement started in the consumer voice market, where mobile phone
usage topped landline usage in 2002 and has continued to grow to more that 5x landline usage by
2010. As the mobile devices became more intelligent and capable through compute power and
common user interfaces, more typical desktop workloads have been moved to the mobile device.
Email and web browsing were the first use cases; however, more and more vertical specific
applications are being ported to these mobile devices daily. Today it is typical to see taxis using
smart devices for point of sale transactions, realtors using tablets to sell properties, and airline
pilots leveraging these devices to replace hundreds of pages of flight documents.
Cloud: Simply put, cloud is the umbrella term for enabling and delivering a service offering
which has been created to be shared among others to lower costs and allow resource flexibility.
In the coming years, states will become cloud consumers, providers, and brokers for themselves
and smaller government entities and will have a portfolio of options to choose from.
The National Institutes of Standards and Technologies (NIST) have done a great job creating a
classification system for the various types of clouds to help consumers, vendors, and providers to
have a common taxonomy. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
Video-Enabled Services: The use of videoconferencing and video streaming has become very
common in government agencies. However, these technologies are still primarily used in the
traditional office sense of providing virtual meetings, distance learning, and the streaming of
leadership communications. We believe that video technology will have an ever expanding role
in increasing productivity and bringing new capability/services to government agencies.
Leveraging video tools to enable remote interpretation services to courts in Florida provides a
cost-effective way of delivering critical citizen services. Video cameras along the highways
which are networks and connected to analytical engines can provide valuable safety and timely
maintenance services. Similarly, video capabilities are changing the way medical consultations
occur in remote locations. Video capabilities will continue to be tied to government missions as
the best way to allow government services to virtually serve citizens.
Big Data: The amount of data in the world is being collected and stored at unprecedented rates.
According to a study by International Data Corporation (IDC), the world’s information is
doubling every 2 years. In 2011, the world created a staggering 1.8 zetabytes, and it is projected
that by 2020 the world will generate 50 times that amount of information. This is a small statistic
that shows that data, especially machine-generated unstructured and semi-structured data sets are
growing at an enormous rate.
Cisco Systems, Inc. - Proprietary
Document1
10
Big Data is defined as, when data sets become so large that traditional technologies, techniques,
and tools do not apply for extracting insights in a reasonable timeframe and cost-effective
manner. This lends itself to a new generation of technologies and corresponding considerations.
These data sets are crucial for making decisions, providing insights, and driving productivitybased growth in the economy. In recent years, federal, state, and local governments have seen
their data sets grow exponentially in the volume, variety, and velocity attributes. They are
looking for ways to manage, analyze, and extract value from these Big Data sets to support
government and citizens. There are several benefits of big data analytics for the government. In
Public Sector government, Big Data insights can provide higher quality citizen services; cost
savings from operation efficiency; increased government accountability; fraud and cost error
reduction; open data source for citizens; and finally, public trust in governments. Furthermore,
Government Healthcare and Education can see large benefits from Big Data Analytics.
Internet of Everything (IoE): Networks will see explosive growth as everyone understands the
benefits of the interactions between people, machines, and sensors. The network as a whole is
greater than the sum of its parts. Many technologies that are currently not networked will become
networked such as transportation, building controls including physical security, Heating
Ventilation and Air Conditioning (HVAC), and lighting, and eventually there will be an Internet
of Everything.
The Internet of Everything is the intelligent connection of people, process, data, and things.
Today more than 99 percent of things in the physical world are unconnected. In the future,
networked connections will be more relevant and valuable than ever before, creating
unprecedented opportunities for countries, businesses, and individuals.
The Internet of Everything requires a distributed networking, computing, and storage
platform to connect people, process, data, and things in ways that were not possible before.
The explosion of new connections joining the Internet of Everything is driven by the
development of IP-enabled devices, the increase in global broadband availability, and the
adoption of IPv6.
The network plays a critical role in the Internet of Everything—it must listen, learn, and
respond to support billions of context-aware devices. The ability to build, to manage, and to
secure end-to-end IP-based platforms for people, process, data, and things will fuel the
growth of the Internet of Everything.
For example, a bridge could be embedded with sensors to eliminate the need for inspection,
while at the same time offering constant real-time data on its safety. IT technology like this and
network analytics can eliminate or reduce the costs in other parts of government operations. Each
technology will be added as its Return on Investment (RoI) becomes clear. Specifically, as IT
equipment capability improves, the management of the network by personnel (which is the
biggest part of any budget) is reduced and centralized.
Cisco Systems, Inc. - Proprietary
Document1
11
Network Capabilities for Government Services
Even if there were no future IT trends, current network capabilities would continue to advance
into a Next Generation Network (NGN). Government Services include Government Operations,
Virtual Citizen Services, Health and Human Services, Education, Transportation, Public Safety,
and Justice. Government Services will be radically altered from the paradigm where employees
sit in offices to perform their work to a mobile network that accesses essential services to
perform job functions in the field 24/7.
The NGN is going to be more integrated, mobile, cloud based, and centrally managed. These
trends will enable more capability to be added to the network (Figure 4).
Figure 4. Applications, Devices, and Support
Everyone wants their organization to be more mobile and focused on productivity through
software and mobile devices; however, to make these devices work well, you need to make sure
the network can support them.
Converged communication networks are one of the top resources that organizations must invest
in to allow the organization to meet their mission requirements. A resilient, high-performance
network ensures that the organization can successfully pursue its goals; inversely, a poorly
designed network hinders an organization. The members of the organization are much more
productive if the network can reliably and efficiently address their requirements for
collaboration, web conferencing, chat, videoconferencing, email, and data sharing.
Organizations that rely on their communication network to support and enable their daily
operations must address the following requirements in the network’s design and deployment.
Cisco Systems, Inc. - Proprietary
Document1
12
A standardized design that addresses business use cases to eliminate guesswork and reduce idle
time for newly purchased equipment:
 Enterprise-class reliability
 Flexible architecture to help ensure easy migration and expansion as the organization
grows in various ways: sizes of individual sites, total number of sites, and the number of
people who comprise the organization, as well as the number and type of endpoints that
comprise the network
 Uniformity of user experience, regardless of the network access method: wired and
wireless LAN network connectivity at headquarters, a remote site, or remote-access
Virtual Private Network (VPN)
 Security and high availability for corporate information resources, servers, and Internetfacing applications
 Continual improvement in WAN performance while reducing the cost of network
administration
 A solution that can be deployed and operated by IT workers who have a moderate level
of technical education.
Currently, there are many technology areas that are being converged into an all IP network and
are relevant to government (Table 2).
Table 2. Five Technology Areas
Network Infrastructure
Collaboration Services
Access Routing
Unified Communications
Managed LAN Switching
Immersive video
Wireless LAN for the Organization
Web Conferencing
Network Security
Desktop Video
Virtualization
Service Provider
Cloud/Data Center
Physical Security
Content Security
Digital Signage
Storage Area Networking
Building Controls
Software as a Service
Video Surveillance
Infrastructure as a Service
Energy Controls
Unified Computing
Application Switching
Virtual Desktop
These areas have seen huge growth over the past several years and, as noted earlier, some of
these technologies such as BYOD, cloud, immersive video, and virtual desktop did not exist
when many current government contracts were issued.
Cisco Systems, Inc. - Proprietary
Document1
13
The network cannot be thought of as parts added on to a core in a piece-meal fashion, but as a
network growing in many directions at once. This can be confusing unless you understand the
network as a whole and keep it organized based on standard virtual architecture.
The core data center has been virtualized and is being expanded into a cloud where network
resources are distributed over a wide area. The LAN, WAN, and mobile networks are rapidly
being able to offer the same speed as the core. This new capability is an opportunity for new
devices and services to be added. Now, the role of government IT officers is evolving into a
governance, compliance such as Children’s Internet Protection Act (CIPA), and managerial role
of these devices and the people using them. The computing, networking, and storage network are
merged into one virtual block that can simply be added as a single unit to expand the network.
Big Data is already a part of government IT, but now it can be unlocked from agency siloes and
used in the field by phones, tablets, and laptops.
Narrow scope on older contracts has limited vendors to bid on routing and switching or another
specific category only. As the networking industry consolidated and vendors grew into many
adjacent markets, inflexible contract scope meant that vendors were unable to add new
technologies to their parts list in the contract and provide comprehensive, turn-key solutions to
their customers.
New contracts cannot simply play catch up; they need to be flexible going forward in order to
incorporate IT expansion into new technology areas.
The Way Forward
Meeting the changing mission and operational needs of government agencies requires that
features and technologies must be implemented and rapidly deployed within what we will call
the Next Generation Network for the Public Sector (NGN).
The transport network, which used to be limited to moving data and is why most existing
contracts for networking equipment were known as “data communications” contracts, must be
flexible to provide secure and rapid provisioning of new and emerging technologies (Figure 5).
The network empowers government agencies to accomplish their mission while maintaining
compliance with government standards and regulations. Embedding intelligence in the network
is key to providing these services.
Cisco Systems, Inc. - Proprietary
Document1
14
Figure 5. Application Layers on the Same Network Infrastructure
Network services such as virtualization, mobility, pervasive security, data analytics, and
automation are some of the features that can provide the flexibility to meet these changing
operational requirements. Designing architectures with these capabilities in mind now will help
future-proof the NGN transport architecture and deliver the mission-critical capabilities that
government agencies seek.
Changes are rapidly empowering mobility for every user:




Mobile workforces expect to use government-provided IT services from anywhere, on
any device, at any time.
Cyber Security has become more nuanced because cyber-criminals are exploiting older
systems with the newest technologies. Governments need pervasive and comprehensive
security architectures that are context-aware and need to consider not just the source and
destination of the request, but the context such as: who, what, where, when, and how,
before they grant access to the service.
Video has become a mainstay for collaboration, training, and public safety. Video and
immersive video has been used for remote meetings.
 For example, the cost and time spent by Senators travelling to and from the capitol
every week back to their home district for the weekend is enormous. The savings
from even 1 year justify putting in this kind of system.
Connected Devices connect people and sensors to government networks.
 Citizens interact with government networks to retrieve information, such as fees or
forms, and also to input information, such as payment details and applications.
 Sensor networks collect information and trigger actions by other devices.
Cisco Systems, Inc. - Proprietary
Document1
15
For example, sending a message to turn off lights and lower the temperature when the
last person has left the building.
Big Data imposes new demands on networks, servers, and storage. Continually adding
more bandwidth is prohibitively expensive, so governments need smarter networks that
optimize existing resources.


Architecture Rationale
The purpose of an overall architecture is to provide a technical framework to meet the business
needs of today, and be flexible to meet the needs of tomorrow without replacing that framework
and impacting the application. An architecture is made up of many interconnected systems,
which together bring value to the organization. The architecture is typically dependent on certain
specific technologies to ensure stability, resiliency, security, and operational simplicity. These
technologies are critical and should be called out in the architecture and not disregarded in
procurement because of cost.
For example, if an agency leverages a specific protocol to provide resiliency for the overall
architecture such as Equal Cost Multipath Protocol (ECMP), if an acquisition occurs of a product
that does not leverage that protocol, then the overall architecture is at risk.
Additionally, a variety of factors determine whether a user has a good experience with an
application. For the web browser: we open a hyperlink, and the page is presented to us
immediately. To make this a positive experience, three specific pieces of the network need to
function together to provide the web content to the user:
1. A network that provides basic services such as high availability, performance, scalability,
and resiliency
2. Network services that operate in the background, improving and enabling the experience
without direct user awareness
3. The applications or end-user devices with which a person interacts directly, known as
user services.
Networks must allow organizations to take advantage of their investment in capabilities that are
offered in modern application software platforms at the User Services layer of the Open Systems
Interconnection (OSI) model (Figure 6).
Cisco Systems, Inc. - Proprietary
Document1
16
Figure 6. User Services Are Supported by the Network Services and Foundation
The network must be seamless and transparent to the end user while providing a robust platform
for innovation and service adoption; and to achieve this, the network must first be baselined.
Compared to 10 or even 5 years ago, the role of the network has evolved from a simple transport
infrastructure to that of a critical services or utility like power or water.
These Next Generation Networks must address higher speeds and broader support for application
data, particularly regarding voice and video traffic as well as applications hosted on private and
public cloud-service platforms. Virtual desktop environments, a wide variety of user endpoints,
and tighter integration between the desktop and data center all demand that the network provide
a fast, stable platform to ensure that applications perform to meet productivity expectations.
Impact of Commoditization
Networks can be underbuilt, which delivers disappointing performance, or they can be overbuilt
because equipment was bought to provide unnecessary or underutilized capability.
As services such as enhanced mobility, unified communications, IP-based video
teleconferencing, and other video applications begin to proliferate across government networks,
commoditization of the network can decrease the ability to implement new and innovative
technologies by the IT professionals that manage the network. When the network is viewed as a
commodity providing transport services, the capabilities of the entire enterprise architecture can
be limited to the lowest common set of services that the network can provide, resulting in a slow
rate of adoption of new services and capabilities across the network, while increasing the
operational expense for maintaining legacy equipment.
As a procurement officer, organizational or political pressure can force you to make purchasing
decisions that add short-term value but cause long-term problems to the network. For example,
Cisco Systems, Inc. - Proprietary
Document1
17
your unified communication system is underbuilt, but there is pressure from executives to add
immersive video. The cheapest solution to upgrade cannot support immersive video because the
Unified Communications (UC) base is siloed or underbuilt (Figure 7).
Figure 7. Underbuilt Network Cannot Support Extra User Services
Commoditization also prevents the ability to take advantage of enhanced features and services
that should be provided end-to-end within a mission-critical architecture to ensure delivery of
critical services and applications.
A commodity service is one in which there is no “qualitative differentiation” across the market.
In networking/infrastructure terms, the network is built around just meeting a set of industry
standards, not around feature/capability innovation. When building an NGN that will transport
mission-critical voice and video services, an end-to-end architectural approach is necessary.
With commoditization, fewer value-add end-to-end features are available to accommodate
current and future next generation services.
Commodity switches are for office automation only, and application layering is not possible.
The short-term saving you get from buying cheap switches is lost when you must build a second
network to support any new business application. For example, if you use commodity switches
to build a VoIP network, then you cannot add to that network; therefore, you must build a
second complete network for Continuity Of Operations (COOP).
Networks are no longer required to be siloed into physically independent infrastructures.
Figure 8 shows the network before and after consolidation.
Cisco Systems, Inc. - Proprietary
Document1
18
Figure 8. Virtualization Enables Network Consolidation
Across the entire network, but each part of the siloed network functions as a separate network.
Virtualization and consolidation saves funding through reduction in equipment, maintenance,
energy, and support. NGN should be designed to transform government operational processes
for the future and provide scalability and seamless adoption of new and emerging
technologies. The network must be modular and logical, enabling services across a common
transport, rather than creating costly parallel infrastructures.
Networking Components
The network is critical to the operation of organizations where workforce productivity is based
on the expectation of nonstop access to communications, applications, and data resources. Using
a services tiered approach to building your network with a tested, interoperable design allows
you to reduce risks and operational issues while increasing deployment speed (Table 3). The
network is the foundation and there are essential networking components that support the user.
Next Generation Networks play an essential role in supporting government daily operations. The
network is mission critical. When designing network architectures, one must consider both
current requirements and expected future needs.
Cisco Systems, Inc. - Proprietary
Document1
19
Table 3. Network Capabilities Examples
These NGN architectures must address a diverse range of requirements and mission needs. As
the role of the network moves beyond simple transport to a Mission Critical Service Delivery
Platform, one must take the following into account:


Cost Effectiveness
 Acquisitions: Networking and storage requirements are steadily climbing. Therefore,
it is essential to maximize the effectiveness of acquisition dollars by putting in place
an infrastructure that is scalable, flexible, and long-lived.
 Operations: Operational costs dwarf acquisition costs over time. Therefore, it is
essential to create a network architecture that simplifies management, while allowing
flexibility and scalability.
 Scalability: Traffic levels and storage requirements are steadily growing. The
network should be able to easily accommodate the growth of applications, traffic
loads, and storage without having to redesign the network or to replace existing
equipment.
Global Availability
 Mission-critical systems require near perfect availability and convergence times
measured in milliseconds to provide resiliency for real-time interactive applications.
Cisco Systems, Inc. - Proprietary
Document1
20
Community or Private Cloud services through data center consolidation towards
centralized/regional data repositories, increasing the reliance on the network to
provide seamless application delivery regardless of data center location.
 High availability from the network through the application layer due to changing
mission operations moving towards globalization and 24x7x365 operations.
The Move toward Collaboration and Real-Time Communication Application
Services
 The user experience is becoming a top priority for mission communication systems.
 As Unified Communications become the primary form of
communication/collaboration, end-to-end quality of service and mission system
uptime become even more critical.





Transport Virtualization
 Reduction of Capital Expenditures (CAPEX) and Operation Expenditures (OPEX)
costs through the virtualization and consolidation of multiple physical networks onto
one common Mission Critical Communications infrastructure enables secure
segmented services such as multi-tenancy, physical security, energy management,
video distribution, etc.
 Communities of Interest (CoIs) through partitioning network traffic to provide secure,
independent environments.
 Virtualized services that are enabled within the transport infrastructure and which
extend through the cloud infrastructure.
Information Assurance  Secure and Resistant to Attacks
 Endpoints and network infrastructure must be resistant to attacks in an environment
where attacks are becoming more numerous and more sophisticated. High-priority
applications should still function even while a security event is occurring. Only
authorized users should be granted network and resource access. Critical systems and
data must be protected and backed up.
 Network-based authentication in compliance.
 Role-based access control standards-based link-layer encryption (802.1ae) to provide
additional secure segmentation.
 Control plane security and policy to prevent denial of service attacks to the transport
infrastructure.
Secure Mobility
 Anywhere, anytime access to the network, providing a seamless customer experience
when accessing applications.
 Increased use of portable devices (BYOD) is driving the demand for full featured and
secure mobility services.
 Guest access for partners, contractors, and other guests as mission partnerships and
collaboration evolve.
Cisco Systems, Inc. - Proprietary
Document1
21


Next-Generation Applications and Medianets
 Dynamically allocate network resources and adapt to changing network conditions to
deliver optimal video quality.
 Enable multimedia services anytime, anywhere, to any device.
Energy Awareness
 Compliance to reduce energy consumption.
 Visibility into energy utilization of the network and attached devices.
 Administer the energy requirements of Power over Ethernet (PoE) devices.
Table 4 shows the network as the foundation on the left column by six services that the
government typically provides. The cells in the matrix are links that connect to use cases in this
document showing the network components needed for the use case.
Table 4. Essential Networking Components Support Government Services
Virtual
Citizen
Services
*N/A
Health and
Human
Public
Services
Education
Safety
TeleDistance
Vehicles
medicine
learning
Unstaffed
Citizen
Service
Center
Health
Virtual
Exchanges desktops
Creating a
force
multiplier
Mobility
Flipped
classrooms
Enabling
Video kiosks
collaboration for citizens
N/A
N/A
N/A
Remotely
monitor
video
Remote
arraignments
Server
Network
Management Consolidation
N/A
N/A
Highperformance
Wi-Fi
N/A
N/A
Trends (End- Big Data
to-end
architecture)
N/A
N/A
Virtual field
trips
Interoperable N/A
communicati
on
Government
Operations
Network-based
Network
Infrastructure training
Cloud/Data
Center
Private Clouds
MultiCollaboration Unified
Communications channel
Services
contact
centers
Physical
Security
Connected
Buildings
Justice
Video
interpretation
E-Warrants
* N/A = Not Applicable
Cisco Systems, Inc. - Proprietary
Document1
22
Most users perceive the network foundation as a simple transport utility to shift data from one
point to another as fast as possible; many sum this up as “speeds and feeds.” In reality, the
network affects all traffic flows and must be aware of end-user requirements and the services
offered. Today’s networks must be built for intelligent transport and support of critical
operations and applications.
Network Infrastructure
With ever-changing mission requirements and deployment scenarios that are unique to the
government, the network must be designed around service delivery, consistent end-user
experience, and the ability to insert new technologies and capabilities at a rapid rate. While the
initial CAPEX might be lower when considering the access layer as a commodity, there are
typically higher long-term OPEX and Total Cost of Ownership (TCO) due to the network not
being able to provide the necessary capabilities over the lifetime of the deployment.
Because Network Infrastructure enables Cloud Computing/Data Center, Collaboration Services,
Physical Security, Network Management, and any future trends in technology, it is important to
understand the equipment needed at this level of the network. Routers, switches, firewalls and
VPNs, Intrusion Prevention System (IPSs), load balancers, and wireless LAN access points and
controllers are needed to provide the improvements to the network from end-to-end.
Cloud/Data Center
The previous trend within enterprise organizations was to construct physical “Data Centers” in
an on-demand fashion as new applications and services were required (Table 5).
Table 5. Cloud Computing versus Traditional IT
Traditional
Cloud
Consumption
Ease of Use
Scalability
Availability
Dedicated
Traditional Hardware Procurement
New Services Added Manually
Manual Repair of System Failure
Provisioning
Cost
Months
Incremental CAPEX Purchases
Shared
Self Service
Scale On-Demand
Automated Recovery Due to
Integration/Interoperability
Minutes
Pay Per Use
This led to the construction of multiple data centers with siloed applications (and infrastructure)
that may serve only a single purpose or customer.
Cloud technologies and capabilities will be the building block for dynamic shared services in
governments. It will be common for a state, large municipality, or agencies to deploy multiple
clouds (private, public, Infrastructure as a Service (IaaS), Software as a Service (SaaS) based on
the use case, cost model, and application dependencies.
Some states are building private clouds to provide IaaS to departments, saving money and
reducing wait times for new infrastructure from weeks to hours. This requires servers/storage/
Cisco Systems, Inc. - Proprietary
Document1
23
networking plus automation tools so that departments can self-provision with nominal
involvement from the government IT team.
Other governments want to use public clouds, either for IaaS, SaaS, or Platform as a Service (PaaS).
IaaS can be used to provide services such as web conferencing, email security, or web security. SaaS,
the most common form of cloud, is used to deliver application to governments from a public provider;
examples include Google mail and Microsoft 365. Connecting to public cloud services requires a
network with the necessary performance, flexibility, reliability, and security.
Collaboration Services
Collaboration is two or more people working together to achieve a common goal. Collaboration
has always been the life blood of an organization. The methods people use to communicate over
the years have changed, but the ability to work with others inside and outside your organization
has always been essential to the success of a business. Technology allows organizations to
choose many different modes of communication from a simple instant message to a fully
immersive experience that includes high-definition video, spatial audio, and real-time data
sharing.
Collaboration Services incorporates LAN, WAN, wireless LAN, security, application
optimization, server load-balancing, and unified communications technologies to provide
complete solutions to an organization’s challenges (Figure 9).
Figure 9. The Four Layers of Shared Network
Using Role Based Access Control (RBAC), a single physical network can be securely divided
into areas for guests/contractors and any number of tenants.
Cisco Systems, Inc. - Proprietary
Document1
24
For example, the same campus could be home to federal, state, and local government offices that
share a single network. Collaboration focuses on unified communication, video collaboration,
and web conferencing. These three elements make up the vast majority of the collaboration use
cases for an organization. Two keys to the success of the solution are allowing your employees
to be in constant contact with each other and making the most efficient use of your underlying
network foundation. A solution-level approach simplifies the system integration normally
associated with multiple technologies, which allows you to select the individual components that
solve your organization’s problems, rather than worrying about the complex technical details of
an overall collaboration solution.
Why Collaboration?
Some of the benefits of collaboration are:








A standardized design that has been tested to reduce capital outlays and operational costs
Optimized architecture for organizations with remote sites
Flexibility to allow easy migration as the organization grows
Seamless support for quick deployment of wired and wireless voice, along with room
system video
Faster decision making
Immediate access to other government experts and productivity gains
Travel expense reduction and lower carbon footprint
Improved work/life balance for employees.
Physical Security
IP-based physical security is being deployed in some of the most demanding security
environments in the world, including many public and government facilities. This solution
delivers the reliability, investment protection, flexibility, and authenticity assurance that
municipal organizations require.
Physical security can help you achieve the following benefits:



Protect Your Assets: With physical security, you can remotely monitor a facility after
hours or during closures. The solution lets you use recorded video in conjunction with an
alarm system to prevent vandalism, theft, and arson; log in to see live video when an
alarm is triggered; and record images during an alarm event and send them to specified
users via email.
Deter and Prevent Violations: The presence of video cameras and monitoring
equipment can serve as a deterrent, effectively dissuading and discouraging violations
before they occur. Video equipment has been shown to circumvent the costs and
difficulties of theft, vandalism, and other crimes.
Attain Easier Management, Higher Availability: Increase regulation compliance and
security with high-quality, tamper-proof, digitally watermarked video, while expanding
Cisco Systems, Inc. - Proprietary
Document1
25


your security reach with the ability to scale to thousands of cameras, viewers, and
archives; access security operations anywhere, anytime using remote and mobile access;
access any camera from any monitoring or recording device for any application. With
integrated IP converged system, you reduce downtime with video and system availability;
reduce disruption for maintenance, system updates, and upgrades; while protecting your
investment through interoperability with third-party equipment.
Reduce Expenses: With a single, unified surveillance system, you can eliminate
redundant Closed-Circuit Television (CCTV) infrastructure and system maintenance
costs, while saving on storage and equipment space. In addition, Video Surveillance
offers high availability and reliability that translates to less maintenance and increased
surveillance capabilities.
Protect Your Investment: Video Surveillance preserves your existing investment in
surveillance equipment through a smooth “pay as you go” migration approach that
enables you to start with a hybrid analog and IP system and then move to an all IP system
as your needs dictate. Because you can use your existing displays, controls, cameras, and
matrix switches, you won’t need to upgrade that equipment or invest in operator
retraining. The standards-based IP solution is also interoperable with equipment and
software from many third-party vendors.
Network Management
The International Organization for Standardization (ISO) network management model defines
five functional areas of network management. The ISO network management model’s five
functional areas are listed below:





Fault Management — Detect, isolate, notify, and correct faults encountered in the
network
Configuration Management — Configuration aspects of network devices such as
configuration file management, inventory management, and software management
Performance Management — Monitor and measure various aspects of performance so
that overall performance can be maintained at an acceptable level
Security Management — Provide access to network devices and corporate resources to
authorized individuals
Accounting Management — Usage information of network resources.
Network management and automation products help you optimize the operation and
management of sophisticated and advanced networks. Network management helps simplify and
accelerate adoption of market transitions such as unified communications, next-generation video,
cloud, and fixed mobile convergence.
Intelligent automation of management tasks offloads management from people to the network for
data center automation, cloud computing, and IT systems management. It provides management
and orchestration capabilities to complement networking and compute solutions for the data
center.
Cisco Systems, Inc. - Proprietary
Document1
26
Network management solutions include Operations Support System (OSS), network
management, and cloud intelligent automation products that provide highly effective tools with
which to implement a network. Use these tools to accelerate deployment of innovative network
architectures and bring differentiated value to your network operations.
Benefits of network management and intelligent automation include:






Improved usability and simplified network management
Efficient operations through common components and day-one device support
Reduced operational and capital expenditures
Improved network and service availability
Accelerated time to market of services
Enhanced end-user experiences.
Industry standards results in systems that will easily integrate into your current process and
procedures. Network management helps you achieve unparalleled time-to-value for equipment,
platforms, and technologies.
Cisco Systems, Inc. - Proprietary
Document1
27
Procurement and Technology Scope
Today’s procurement processes and perhaps the underlying reasoning that governs IT
procurement are out of sync with the pace of technology change occurring in the marketplace.
One does not need to know anything about government IT procurement to understand that it is
difficult to stay current when Apple is on a 6-month refresh of its core iPhone and iPad platform,
or Android’s competitive platform’s refresh rate.
The RFI to RFP timeline, which can take up to 18 months, is too slow compared to a technology
refresh rate of 6 to 18 months. By the time an RFP is awarded, the technology might be out of
date. CIOs and procurement officers generally agree that Public Sector contracts need to include
language that will allow vendors to help procurement officers to procure the right technology at
the right time. Contract scope that is specific enough and yet broad enough to ask the market to
provide the best-of-breed products and solutions or functional equivalents along a continuum
without having to go back to the market to ask for the next version or refresh or innovation is
desirable.
It is also becoming broadly accepted that vendors and procurement officials need to be able to
have conversations among all parties involved to answer questions such as:




What do I need in my parts list?
What is the right technology?
Does this really address my need or solve my business problem?
Yet in most jurisdictions, communications between procurement officials and the vendor
community is limited or non-existent once an RFP is on the street but not yet awarded.
One early trend in procurement has State CIOs and procurement officials requesting proposal
responses from equipment manufacturer’s for:




Data, voice, and video communications products and services
All related software and OEM maintenance
Training to provide turnkey solutions along specific architectural lines
Full product and services catalogues updated as often as monthly to ensure availability of
the most current products and solutions.
Another trend is to create multi-vendor awards to establish multiple contracts with qualified IT
vendors who will supply data, voice, and video communications equipment and related software
including OEM maintenance and training, or maintenance authorized by a third party to qualified
contract purchasers. For example, the current Western States Contracting Alliance (WSCA) data
communications contract award takes this approach to ensuring the widest availability of the
most comprehensive products and services manufactured by world-class companies to its
member states. And yet another approach which mirrors some federal procurement vehicles is
simply to ask the vendor community to provide discounts to their entire catalog of offerings in
Cisco Systems, Inc. - Proprietary
Document1
28
specific product or solution categories to allow the broadest opportunity for buyers to access the
products and services of the market leaders.
In order to ensure that equipment and solutions are designed and installed by certified and
trained experts with local geographic presence, prime contractors are allowed to provide a list of
subcontractors for each member contracting authority for each contract. Subcontractor
participation will be governed by individual participating procurement officials and the prime
contractor. The contracting entity has the sole discretion to determine who will accept services
from a subcontractor.
To be successful in procuring the right products and services in support of the business of
government, procurement officials must be great communicators. Given the nature of executive
appointments and professional government employees, there is sometimes a disconnect between
the CIO and the business manager and the procurement official who must support both by asking
the vendor community to supply complex products, services, and solutions. Executives ask for a
capability that the CIO then tries to fulfill. Often times, the CIO has no budget authority and
must therefore make a business case and uses a chargeback model to finance a solution where the
chargeback can be blocked by a business manager. There are many factors in a decision process,
but one issue repeatedly comes up in which a business manager makes an IT decision based on
cost avoidance without looking at the whole IT budget or the total cost of ownership.
When it comes to communications infrastructure, an end-to-end solution always brings a better
ROI, because it addresses the network as a whole and the IT manager seeks to maximize the
performance and security and total capability of the utility rather than addressing a specific
agency capability. Moving forward, technology will be more integrated, and point solutions will
always cost the network more over the lifetime of the solution. For perspective, on average,
equipment is only 20 percent of a network’s cost. Eighty percent goes to management,
electricity, and other expenses. An end-to-end solution always simplifies management, and
virtualization reduces the electricity, HVAC, and space requirements.
To understand the issue better, the business manager must understand the impact any new
capability has on the network. The user must be able to access the application, endpoint, service,
and network. This transaction process across all layers of the network means that an end-to-end
solution must be considered to sustain the network. Cheaper point products, in the short run, will
simply add expense somewhere else in the network or IT budget.
Typical Components of State-Wide IT Procurements
Objective
The objective of new procurement contracts is to obtain deeper volume price discounts than are
obtainable by an individual government entity. This discount is based on the collective volume
of potential purchases by the numerous state and local government entities.
The contracts resulting from this type of procurement should always be able to be used by all
branches of government and political subdivisions, such as city and county government, and
Cisco Systems, Inc. - Proprietary
Document1
29
public and higher education. The contracts may also be used by authorized non-profit
organizations within a state who are engaged in fulfilling services or programs which would
otherwise be delivered by a Public Sector entity.
Purpose
The broad purpose of a communications contract should at a minimum be to provide for
Network-Centric Information Technology, Networking, Telephony, Security, Voice, Video and
Data Communications products, system solutions, and systems hardware and software. Any
solution(s) must satisfy the requirements for interoperability, compatibility, and resource sharing
of existing legacy networking equipment and current state-of-the-art Internet Protocol (IT)
networking solutions.
The contract should be designed as a flexible end-user solution to embrace diverse current and
future network-centric information technology requirements in support of a next generation or
converged IP network. The contract should ensure interoperability through standards-based
technology and it should implement a constant evolution of state-of-the-art technology and
system solutions through a system of regular contract and product review. The review process
should be designed to add to the existing contract new and innovative IP networking and
network centric solutions without having to return to the market through time consuming
requests for proposal.
Provision for the introduction of New Network-Centric Information Technology Services and/or
products such as New Network-Centric IT product, service, and/or solution within the scope of
the original request for proposal, but not currently available under contract, is needed. These
technologies may be added to the existing contract as long as the product or service is
commercially available and is available through the contractor’s then current price book. These
technologies are added at the discretion of the contracting officer upon periodic review.
The addition of any new product or service by the contracting officer shall make that product or
service available to any or all Public Sector buyers utilizing the master agreement established as
a result of the original request for proposal.
Scope of Work
The scope of new contracts should be to obtain contracts directly with data communication and
security related equipment manufacturers to provide a full range of equipment, software,
maintenance, training, and services represented by their entire price list as periodically updated
at the deepest discounts possible for all participating Public Sector entities (states and their
political subdivisions) on an as-needed basis. All products, related software, solutions, or
services may be supplied by local equipment and service resellers as approved and listed by the
manufacturers.
Definitions of Terminology
Here is a list of definitions to be used in a proposal, to help procurement officers use the same
language as CIOs, System Integrators, and Vendors:
Cisco Systems, Inc. - Proprietary
Document1
30







Next-Generation Network means a packet-based core, Internet, and access networks
that leverage high-speed protocols such as IP, Multiprotocol Label Switching (MPLS),
and Ethernet to transport data, voice, video, and other multimedia services on a
converged content-, service- and application-aware network. The next-generation
network is a single telecommunications network that’s able to transport all information
and services, including voice, data, and multimedia.
Equipment refers to data, voice, and video communications products and related
software specific to this RFP; LAN/MAN/WAN routing, switching, wireless LAN, voice,
video equipment, and/or software and associated management, monitoring, and security
solutions.
Products shall mean Contractor’s commercial networking products as identified in the
Commercial Price List, including hardware products with embedded Software and
Software Products in object code form, associated end-user documentation (the
“Documentation”), and other related materials, if any, supplied to Purchasing Entity in a
commercial package.
Purchasing Entity means a State or another legal entity, such as a political subdivision,
properly authorized by a State to enter into a contract for the purchase of goods described
in this solicitation. Unless otherwise limited in this solicitation or in a Participating
Addendum, political subdivisions of Participating States are Purchasing Entities and
Participants authorized to purchase the goods and/or services described in this
solicitation.
Services shall mean the support and maintenance services provided by Contractor, or its
authorized subcontractor, to Purchasing Entity pursuant to Contractor’s Purchasing Entity
support plans described in the Support Program.
Software or Software Products shall mean Contractor’s software products and the
software embedded in or bundled with Contractor’s hardware products.
Specifications shall mean the applicable technical specifications for the product as set
forth in the end-user documentation applicable to such product.
Scope Recommendations
This section provides example RFP language that can be used in an RFP to help the Procurement
Officer to ask for:




All components necessary to provide the current and future networking capabilities of the
Public Sector buyers
The best pricing
The broadest feature set
Equipment that meets Public Sector agency use requirements.
Given the capabilities required of today’s networks to successfully and securely support the uses
and demands placed upon a Public Sector communications infrastructure, government
Cisco Systems, Inc. - Proprietary
Document1
31
procurement vehicles today must be set up to allow for total end-to-end communications delivery
capabilities. In order to achieve robust and flexible IT procurement contracts, the original RFPs
for these agreements must be thoughtfully developed to capture current business needs and
requirements (based on existing technologies available), but also anticipate and allow for easy
adoption and inclusion of new emerging capabilities during the contract terms. Due to the rapid
speed of technological advances, the current challenges for most IT Procurement Offices are to
ensure that their contracting vehicles do not inadvertently:



Become outdated in a year or 2 after contract award
Contain gaps that prevent end users from efficiently purchasing whole solutions under
one contract
Limit the ability to “add” new pertinent, related new technologies or services.
In addition, State-wide contracting vehicles should continue to be available for usage by all
executive, legislative, and judicial branch agencies of that respective State and any or all political
subdivisions (such as city and county government, and public and higher education) allowed
under that State law. Many political subdivisions are heavily dependent on State-wide Indefinite
Date/Indefinite Quantity (IDIQ) contracts for their procurement purchases, especially with
severe budget constraints and limited procurement resources.
In order for many global manufacturers under direct contracts with States to adequately support
Public Sector customers, they rely heavily on the use of resellers, as subcontractors, to take, to
process, and to fulfill orders. Such hybrid models have been successfully implemented under
many state-wide procurement vehicles across the United States (U.S.) and should continue to be
an option for manufacturers to offer in their bid responses.
Products and Services Scope
The scope of the next generation networking or data communications RFPs needs to be broadbased, solutions-oriented, flexible, and effectively address the convergence of technologies into
the IP network. Therefore, it is highly recommended that the next generation of RFPs should
request equipment manufacturers to provide comprehensive proposals for networking products
and network-centric information technologies, solutions, and value-added services, including but
not limited to, the following major categories (Table 6).
Table 6. Major Technology Categories
Network Infrastructure (Hardware, Software, and Services)
Access Routing
Managed LAN Switching
Wireless LAN for the Organization
Network Security
Optical Networking
Virtualization
Cisco Systems, Inc. - Proprietary
Document1
32
Other Related Management/Monitoring Tools, Solutions, and Software
Maintenance Services, Installation and Configuration Services, Professional Services,
and Training
Cloud/Data Center (Hardware, Software, and Services)
Content Security
Servers and Storage Area Networking
Software as a Service (SaaS)
Infrastructure as a Service
Unified Computing
Application Switching
Virtual Desktop
Maintenance Services, Installation and Configuration Services, Professional Services,
and Training
Other Related Management/Monitoring Tools, Solutions, Software, and Services
Collaboration Services (Hardware, Software, and Services)
Unified Communications (Voice over Internet Protocol [VoIP], Web-Based Tools)
Audio and Video Conferencing (Desk-Top and Immersive)
Web Conferencing
Maintenance Services, Installation and Configuration Services, Professional Services,
and Training
Other Related Management/Monitoring Tools, Solutions, Software, and Services
Physical Security (Hardware, Software, and Services)
Building Controls
Energy Controls
Video Surveillance
Sensor Networks
Maintenance Services, Installation and Configuration Services, Professional Services,
and Training
Other Related Management/Monitoring Tools, Solutions, Software, and Services
Ideally, manufacturers should be able to provide their entire pricebook in support of the entire
compute, storage, and networking requirements of modern governments; provided, however, that
the offerings meet the scope of the RFP and are network-centric IT related products or services.
In any event, all offerings must satisfy the requirements for interoperability, compatibility, and
resource sharing of existing legacy networking equipment and current state-of-the-art Internet
Protocol networking solutions.
Cisco Systems, Inc. - Proprietary
Document1
33
Addition of New, Value-Added Technological Advances during Contract
Term
The original RFP and contract awarded should contain anticipatory provisions that allow for the
addition of new, supplementary, or converged network-centric IT products, services, software
and/or solutions that are value-added. Contracts should provide a process whereby manufacturers
can request the addition of new technologies to their awarded contract offerings, regardless if
those new offerings were developed in-house or obtained through product or company
acquisitions. The Federal GSA product modification is an example of this type of process. All
additions to an awarded manufacturer’s contract offerings must be products, services, software,
or solutions that are commercially available at the time they are added to the contract award and
fall within the original scope and intent of the RFP (i.e., converged technologies, value adds to
manufacturer’s solution offerings, etc.).
Eligible Users
The resulting state-wide contract(s) from the next generation network RFP should continue to be
available to all governmental entities within each State subject to applicable laws, including but
not limited to state offices, agencies, departments, boards, bureaus, commissioners, institutions,
and colleges and universities. The state-wide contract(s) should also be accessible on a
convenience basis by other “down-stream” governmental entities such as state authorities, local
governments, municipalities, cities, townships, counties, school systems (K-12 school districts),
and other political subdivisions of the applicable State.
Manufacturer’s Fulfillment Partners
In order for manufacturers under direct government contracts to satisfactorily provide their
customers with optimal local support and technical expertise, many manufacturers will need to
continue to utilize their certified resellers/partners as subcontractors. These resellers are
authorized to accept and process orders directly from customers, including invoicing and
collecting payments. Under this hybrid model, the certified resellers are strategically deployed by
the manufacturers to provide “feet on the street” and end-to-end customer support as well as the
specialized product and service certifications necessary to support installations and deployment
of today’s complex IP networking solutions. Therefore, it is critical that the next generation of
RFPs and contracts continues this best practice and allow the usage of certified resellers as
fulfillment agents of the manufacturers.
Cisco Systems, Inc. - Proprietary
Document1
34
Terms and Conditions
The following identifies common, recurring contractual issues and concerns that many global
technology companies experience with prime contracts or IDIQs. By sharing the supplier’s
perspectives on key terms and conditions, we hope to further facilitate full transparency,
meaningful dialogue, and productive contracts negotiations with Procurement Offices on the next
generation of IT contracts, which will clearly be even more complex compared to several years
ago. Please note that many of these issues, as stated, represent varying degrees of additional
financial exposure to OEMs, which would have a direct impact on any discounts offered.
Common Contractual Issues and Concerns
OEM as Prime/Contractor Holder with Resellers as Subs
As a result of the success of many contracting vehicles or IDIQs where the OEMs are the
contract holders, OEMs will continue to pursue their direct relationships with Public Sector
customers, wherever possible. However, in order to satisfactorily provide customers under the
prime contracts with optimal local support and technical expertise, many OEMs will also need to
continue to utilize their certified resellers/partners as subcontractors. These resellers are
approved to accept and process orders directly from customers, including invoicing and
collecting payments. Under this hybrid model, the certified resellers are strategically deployed by
the OEMs to provide “feet on the street” and end-to-end customer support. For Public Sector
customers who are currently unable to support such hybrid model due to system or
administrative challenges, resolution of these challenges is highly recommended in order to
enjoy the many benefits of going direct with OEMs with authorized resellers underneath.
Limitation of Liability
OEMs’ standard terms generally provide for a reasonable liability cap that is consistent within
the IT industry. For products, the liability of each party should be reasonably limited to the
greater of:
(a)
One hundred thousand dollars ($100,000), or
(b)
The money paid to the OEM under the contract during the 12-month period prior to
the event that first gave rise to such liability.
However, in the case of any professional services performed under a Scope of Work contract
(“SOW”), the liability of the OEM should be limited to the amount paid by the customer
pursuant to the relevant SOW during the 6 months preceding the event or circumstances giving
rise to such liability.
Most Favored Nation Language or Similar Language
Global OEMs must be able to reserve their right to change their Global Pricing Catalogue
(pricelist) and provide discounting as they deem necessary to compete and maintain the viability
of their commercial offerings in the marketplace. The firm price requirement is inconsistent with
Cisco Systems, Inc. - Proprietary
Document1
35
many global OEMs’ standard commercial practices. OEMs do factor other contractual
considerations (i.e., volume commitments, fair and reasonable Ts & Cs, etc.) when determining
and offering discounts or special pricing. Therefore, it is actually difficult to compare contracts
for Most-Favored-Nation (MFN) purposes, given the many variables (i.e., legal and business
terms, global customer base, etc.) that make up and distinguish each opportunity.
Pricing Based on Minimum Discounts versus Fixed Price
Given that technology products generally depreciate over time and go through typical product
lifecycles, it is more favorable for customers to have prime contracts be based on minimum
discounts off the OEMs’ commercially published pricelists versus fixed pricing. In addition,
OEMs must have the ability to update and refresh their respective price books, as long as the
agreed-upon discounts are fixed. Minimum guaranteed discounts do not preclude an OEM and/or
its authorized resellers from providing deeper or additional, incremental discounts at their sole
discretion.
Capital Lease Financing
Given severe budget constraints that many Public Sector agencies and organizations are
experiencing, capital lease financing is a viable payment option that gives many IT departments
the ability to procure the necessary equipment for their organizations. Where permitted by law,
government contracts should allow for manufacturers to offer capital lease financing
arrangements under their awarded contracts.
Refurbished Equipment
Many IT manufacturers offer refurbished equipment at a substantially lower cost with attractive
warranties that also address risk concerns some customers may have with refurbished gear. By
allowing manufacturer-certified refurbished equipment to be available for procurement under
government contracts, IT departments would have another budget-friendly option to consider and
use to balance budget limitations versus necessary purchases.
Payment Terms
Standard commercial payment term is NET 30 days. Since many OEMs use resellers under their
prime contracts as subcontractors, any payment term that exceeds 30 days will impose a financial
hardship on these resellers, many of whom are small- to medium-size businesses. These resellers
need reasonable payment cycles in order to keep their businesses afloat.
Delivery, Inspection, Acceptance, and Rejection
Publicly traded technology companies whose core business consists of product offerings must be
able to timely recognize revenues. Therefore, any contractual language that requires inspection,
formal acceptance, and/or rejection for every product order and delivery will delay an OEM from
recognizing its sales in a timely manner. Since purchasers are typically protected by the OEM’s
standard warranty and shipping terms (i.e., FOB Destination) for any product defects and/or
Cisco Systems, Inc. - Proprietary
Document1
36
damages during transit, contract terms that require formal acceptance and/or inspection periods
are unnecessary and create additional financial burden for the OEM.
OEM’s Standard Warranty
Each OEM has standard warranties for its hardware and/or software that are sold worldwide. In
order to support such standard warranties on a global basis, each OEM has to build and
implement complex systems, tools, and business processes. Any modification or change to an
OEM’s standard warranties would create a significant operational and financial burden for the
OEM and would impact the overall pricing of its product offerings. Most OEMs’ global backoffice operations are not set up to manage or track non-standard warranties (i.e., “one-offs”).
Most likely, additional resources and manual processes would need to be established and
implemented at an additional cost incurred by the OEMs to support any non-standard, unique
warranties that are contractually required. With the introduction of manual processes, there is
also a greater risk for error. Note that in the federal procurement space, most IT OEM products
qualify as commercial items pursuant to Federal Acquisition Regulation (FAR) 2.101. As such,
purchasers are only entitled to obtain products under the OEM’s standard commercial license
and warranty terms (see FAR 52.227-19).
Standard Maintenance Offerings
Global OEMs build standard maintenance offerings in order to provide consistent and uniform
level of service to all its customers. In addition, the standardization of an OEM’s maintenance
offerings allows it to keep costs down for its customers through efficiency gains and scaling
capabilities. Any non-standard maintenance that is contractually required can be costly and
difficult to implement and integrate into the OEM’s existing systems, tools, and business
processes.
Standard Software License
Again, this is a similar issue as above. Given the large sales volumes and customer base, global
OEMs must, as a necessity, standardize their software license(s). Accordingly, it is not feasible
nor financially prudent for any global OEM to agree on unique software license terms for a
specific set of customers, since operationalizing such non-standard, software license terms
would essentially require the OEM to set up separate internal systems, tools, and resources.
Consequential, Incidental, Indirect, Special, or Punitive Exclusion
It is standard in the IT industry to exclude consequential, incidental, indirect, special, or punitive
damages in contracts since such potential damages could subject OEMs to liabilities that far
exceed the value of such contracts. Such potential risk exposure is too great for any publicly
traded company to assume and could easily exceed insurance coverage limits as well.
Cisco Systems, Inc. - Proprietary
Document1
37
Liquidated Damages
Standard terms in the IT industry do not encompass such damages. Any additional damages
language will represent material, non-standard commercial risk and exposure for any OEM,
which is generally not contemplated under its standard terms and discount structure.
Rights and Remedies of State for Default
It is standard for global OEMs to provide their customers with remedies for default. However, it
is unreasonable to ask OEMs to assume additional liability on “any loss or damage” incurred by
a customer, since such damage is equivalent to consequential, incidental, indirect, or special
damage.
General Indemnity
A common concern for technology companies is when prime contracts have overly broad
indemnity provisions that may be unenforceable. The scope of the indemnity should be
reasonably limited to the OEM’s products and services supplied under the prime contracts. In
addition, the extent of the indemnification obligations should be apportioned relative to fault.
Suggested Language:
1. Subject to governmental immunities of the Customer, each party shall defend, indemnify,
and hold harmless the other, its corporate affiliates and their respective officers, directors,
employees, and agents and their respective successors and assigns from and against any
and all claims, losses, liabilities, damages, and expenses (including, without limitation,
reasonable attorneys’ fees) arising out of or in connection with a claim, suit, or
proceeding brought by a third party based upon bodily injury (including death) or damage
to tangible personal property (not including lost or damaged data) arising from the
negligent or intentional acts or omissions of the indemnifying party or its subcontractors,
or the officers, directors, employees, agents, successors, and assigns of any of them.
2. In the event that the indemnified party’s or a third party’s negligent or intentional acts or
omissions contributed to or caused the injury or damage for which a claim of indemnity
is being asserted against the indemnifying party hereunder, the damages and expenses
(including, without limitation, reasonable attorneys’ fees) shall be allocated or
reallocated, as the case may be, between the indemnified party, the indemnifying party,
and any other party bearing responsibility in such proportion as appropriately reflects the
relative fault of such parties, or their subcontractors, or the officers, directors, employees,
agents, successors, and assigns of any of them, and the liability of the indemnifying party
shall be proportionately reduced.
3. The foregoing indemnification obligations are conditioned upon the indemnified party
promptly notifying the indemnifying party in writing of the claim, suit, or proceeding for
which the indemnifying party is obligated under this Section, cooperating with, assisting
and providing information to, the indemnifying party as reasonably required, and
Cisco Systems, Inc. - Proprietary
Document1
38
granting the indemnifying party the exclusive right to defend or settle such claim, suit, or
proceeding.
Patent, Copyright, and Trade Secret Indemnity
There is the same concern as above with overly broad IP indemnity clause. From the OEMs’
perspective, the terms, scope, and breadth of the OEMs’ indemnification obligations should be
clear and reasonable, including the conditions or events that trigger such obligations. It is
common for technology vendors to require certain exceptions or exclusions to their IP
indemnification obligations. For example, an OEM would not be responsible for indemnifying if
its product was modified by a third party or by the OEM itself, or in accordance with the buyer’s
specifications or instructions. In addition, because OEMs are now faced with potentially large
damages that may far exceed the contract value, it is reasonable for OEMs to require limitations
of liability with respect to the scope of its IP defense and indemnification obligations. Equally
important, OEMs, as the IP owners of their product offerings, should be able to control the
defense of any indemnity claim, including settlement negotiations.
Suggested Language:
a. Claims. OEM will defend any claim against Customer that a
Product infringes third-party patents or copyrights (“Claim”) and
will indemnify Customer against the final judgment entered by a
court of competent jurisdiction or any settlements arising out of a
Claim, provided that Customer:
(a) Promptly notifies OEM in writing of the Claim; and
(b) Cooperates with OEM in the defense of the Claim, and grants OEM full
and exclusive control of the defense and settlement of the Claim and any
subsequent appeal.
b. Additional Remedies. If a Claim is made or appears likely,
Customer agrees to permit OEM to procure for Customer the
right to continue using the Product, or to replace or modify the
Product with one that is at least functionally equivalent. If OEM
determines that none of those alternatives is reasonably
available, then Customer will return the Product and OEM will
refund Customer’s remaining net book value of the Product
calculated according to generally accepted accounting principles.
c. Exclusions. OEM has no obligation for any Claim based on:
(a) compliance with any designs, specifications, or instructions provided by
Customer or a third party on Customer’s behalf
(b) modification of a Product by Customer or a third party
(c) the amount or duration of use which Customer makes of the Product,
revenue earned by Customer from services it provides that use the
Cisco Systems, Inc. - Proprietary
Document1
39
Product, or services offered by Customer to external or internal
customers
(d) combination, operation, or use of a Product with non-OEM products,
software, or business processes
d. Sole and Exclusive Remedy. This Section states OEM’s entire
obligation and Customer’s exclusive remedy regarding any
claims for intellectual property infringement.
Rights in Work Product(s)
Such rights are generally only appropriate if the customer is hiring an IT vendor or OEM to
create, develop, and/or build new, original, unique hardware and/or software. Although OEMs
may provide some customization to its product offerings based on the buyer’s technical
requirements, such customization is typically limited in nature and do not justify providing buyer
with rights into the developed work products. More importantly, OEMs are generally not in the
business of building custom software code for individual purchasers. Again, in the federal arena,
most IT OEM products qualify as commercial items pursuant to FAR 2.101. As such, purchasers
are only entitled to obtain products under the OEM’s standard commercial license and warranty
terms (see FAR 52.227-19).
Right to Copy or Modify
Technology companies are generally very reluctant to allow third parties, including customers,
the right to copy or modify its hardware or software for any reason, unless it’s a formal licensing
arrangement with royalties or licensing fees included. Absent such specific business
arrangement, granting customers the right to copy or modify under an IDIQ contract would
undermine that technology company’s intellectual property rights and control of its assets.
Stop Work Order
Stop Work Order provisions create significant revenue recognition issues under accounting rules
for publicly traded corporations. As such, any proposed Stop Work Order terms represent
material, non-standard commercial practice for OEMs.
Returns
For enterprise IT products that are not “off the shelf” (i.e., non-consumer products), returns
would only be acceptable for defective items that are still under OEM warranty. Because these
enterprise IT products are often configured per customer’s technical requirements, they could not
be readily resold if returned for non-defective reasons. Therefore, it is standard practice for
OEMs to have an “All Sales Final” term, subject to their warranty provisions, which would still
allow for the repair or replacement of defective products.
Cisco Systems, Inc. - Proprietary
Document1
40
e-Procurement or Online Catalog
As discussed above, some OEMs’ products offerings are not “off the shelf” products and do
require some degree of configuration or customization. Therefore, online catalog requirements
would not be appropriate or applicable. The concept of the shopping cart buying method is not
feasible for many enterprise IT products that require complex configuration during the
manufacturing process. Many IT products, such as networking equipment, should not be
considered “commodities” or be compared to products like PCs, printers, or office supplies. In
addition, many OEMs have complex pricelists that cannot be easily translated or implemented
into an online catalog format. Substantial implementation costs would need to be incurred by the
OEM, which will, subsequently, have a direct impact on the overall cost of the product offerings
or discounts offered.
Confidentiality Provisions
Technology companies understand the importance of maintaining their customer’s information
confidential and often agree to reasonable confidentiality provisions. However, technology
vendors also expect that the confidentiality provisions are mutual/reciprocal given that they are
routinely asked to share proprietary information regarding their product and services offerings in
response to RFPs, Request for Quotation (RFQs), and other project proposals.
Contract Term
The supplier community supports the existing practice of most customers in issuing multi-year
prime contracts or IDIQs, with automatic 1- or 2-year renewals or simple extensions. Given the
amount of time and resources for both a customer and the awarded vendors to operationalize any
new agreement, it is mutually beneficial for all parties involved to have a reasonable multi-year
contract term so that there is minimal disruption to the end users.
Cisco Systems, Inc. - Proprietary
Document1
41
Public Sector Use Cases for the Next-Generation Network
The following use cases are representative of the business environments common to most
governments and are provided as a context for procurement officials to engage in a conversation
with department business leaders about their business needs over the next contract period. Then
you can align their business needs with the IT capabilities they might need over the duration of
the next contract period.
General Government Operations
The network supports more effective and efficient back-office processes, including
communications, training, finance, administration, general services, printing, and human
resources transactions and other functions typical of most government employees.




Unified communications: Replacing the Private Branch Exchange (PBX) or Centrex
system with a modern unified communications system eliminates local and long-distance
charges for interdepartmental calls, and also avoids service provider fees of $150 or more
for every telephone-extension move, add, and change. Centralized unified
communications systems eliminate the need for separate voice systems in branch offices.
The RFP needs to include routers for these branch offices.
Self-service web sites for common business functions: Examples include vacation
requests, travel arrangements, benefits selection, and expense reimbursements.
Network-based training: Training costs typically decrease when participants and
trainers interact face-to-face over the network instead of traveling to a meeting room.
Participants can join the training session from their desktop to see and hear the presenter,
collaborate on documents, join breakout sessions, and more. People who can’t attend the
live session can click a link to view the recorded sessions, including video and shared
documents.
Connected buildings: Connecting all systems, devices, and sensors to a unified IP
network enables them to work together to accelerate event detection and response.
 For example, if a fire occurs in a library, the fire system can immediately signal the
airflow system to close the dampers, restricting airflow. At the same time, it can
signal the building access system to release all door locks; instruct elevators to return
to the nearest floor, open, and cease operating; and instruct video surveillance
cameras to begin streaming live video; and initiate a phone call to the fire department,
faculty, students, and staff. Automating these actions can help to save lives and limit
property loss.
 Florida’s Ave Maria University took this approach in a new building. Savings
amounted to more than $1 million on redundant cabling for building systems;
$350,000 annual personnel cost avoidance by enabling the IT team to also manage
building systems; and an estimated $600,000 in annual energy savings from
monitoring and control of air conditioning and lighting systems.
Cisco Systems, Inc. - Proprietary
Document1
42
Private clouds, collaboration technologies, and BYOD initiatives can quickly pay for themselves
and provide subsequent ongoing savings. In the coming decade, Public Sector organizations that
have not done so already are likely to introduce some of the following technologies.





Server consolidation: Consolidating multiple application servers on a virtualization
platform lowers capital and operational costs (space, power, cooling, and management).
Minnesota Department of Transportation saved more than $300,000 in hardware costs by
replacing 350 rack servers with 25 blade servers. The department also lowered energy
bills and qualified for utility rebates.
Private clouds: Building a private cloud to offer IaaS saves significant staff costs to
procure, install, cable, and configure servers and storage. Employees request
infrastructure through an online service catalogue, and the infrastructure is provisioned
automatically, without involvement by the IT department. Arizona Department of
Economic Security lowered 5-year server costs by 81 percent, from $8500 to $1600 with
IaaS. The state of Alaska lowered the rate it charges departments for computing resources
by nearly 50 percent. And both organizations became more agile, giving staff the
infrastructure to start new projects the same day instead of waiting weeks or months.
Desktop virtualization: When employees’ applications and files are housed in the data
center instead of on the device, they can access their virtual desktops from any device,
including a personal tablet. Security and management costs can decrease significantly
because IT staff define and update policies and applications just once for all devices.
Telework: Encouraging employees to work from home some or all of the time reduces
real estate costs. The U.S. Patent and Trademark Office saved $11 million in office space
over the 13 years that its employees have teleworked.
Increasing revenue by harnessing big data: The idea is to bring together all citizen data
in one place. When a citizen visits a web site to renew a driver’s license, an application
can look to see if they owe taxes and offer to accept credit card payment. The application
can also offer to accept payment for a fishing license renewal due the following month, or
offer a vanity license plate.
Virtual Citizen Services
State and local governments are aiming to reduce the costs of citizen interactions while
maintaining or improving existing service levels. The following are several ways governments
are using their networks to improve citizen interaction.

Multi-channel contact centers: A citizen who wants to check on eligibility for a
government program can dial a three-digit number providing access to all services or visit
the web site and click the Chat button. Agents who need an answer from an expert
consult an online directory to find an expert who is currently online, and then just click to
send an instant message, call, or initiate a web collaboration session. Phone, web, and
email interactions can be managed in the same queue, helping to make sure all citizens
receive a timely response and keeping agents productive.
Cisco Systems, Inc. - Proprietary
Document1
43
Oregon Employment Department lowered staffing costs by joining three previously
separate contact centers, sharing resources such as foreign-language speakers.
 The State of Texas Health and Human Services Commission began saving an
estimated $400,000 annually after consolidating its separate contact centers.
Unstaffed citizen service center: State agencies can also deploy video kiosks to deliver
services to rural areas without additional staffing. A citizen who needs advice about
licensing and taxes for a home-based business might visit one of these centers. An IP
video surveillance camera detects the citizen’s presence in the room and alerts a virtual
concierge in the central citizen services center. After greeting the citizen on an immersive
video system, the concierge invites the citizen to take a ticket from the queuing system.


Health and Human Services
With growing case loads, limited resources, and fixed budgets, health and human services
agencies need creative solutions to provide vital services to citizens in need, including those in
rural communities. Proven strategies include:



Mobility for eligibility-determination workers, inspectors, home health nurses, and
other field workers: When mobile workers can retrieve and input case information from
the field, government reduces travel time and costs while also lowering greenhouse gas
emissions.
Health exchanges: In response to the Affordable Care Act, some government agencies
will build health benefit exchanges or health information exchanges over the next few
years. The challenge is making sure that the cost model is sustainable. States are
considering cloud computing because each healthcare provider or insurance provider
needs only one connection—to the cloud—instead of one connection to every provider in
the exchange. Requirements include a scalable cloud platform, a network with the
security characteristics to transmit private information, and collaboration tools.
Telemedicine: Government hospitals and clinics working with patients experiencing
post-traumatic stress disorder and other issues use immersive video technology to see
more patients in a day. Providing a video setup in veterans’ homes saves them from
having to make arduous trips, and also eliminates the considerable expense of ambulance
rides. Used in the California Department of Corrections and Rehabilitation, telehealth
saved taxpayers $13 million by eliminating the costs of transporting inmates long
distances under guard to see specialists.
Education
School districts and higher education institutions are adopting new approaches to engage a
generation of learners who expect more video, more interactivity, and the freedom to learn from
anywhere, not just inside the classroom. The public education system is taking advantage of IT
for programs such as:
Cisco Systems, Inc. - Proprietary
Document1
44





“Flipped classrooms,” where students view video lectures before class so that valuable
class time can be spent on group projects, discussion, and labs.
Distance learning using immersive video or a video and web-sharing cloud service,
enabling students and faculty to join audio and high-quality videoconferences and share
their desktops from anywhere, with any device.
Virtual field trips, exposing K-12 students to destinations and experts anywhere in the
world.
High-performance campus Wi-Fi networks that take advantage of the BYOD trend to
deliver digitized textbooks, interactive quizzes during class time, review of video lectures
between classes, and more.
Virtual desktops stored in the cloud, giving students the freedom to use any personal
device to work with specialized applications that previously were available only in labs.
At Volunteer State Community College, in Gallatin, Tennessee, students previously had
to come to campus to work with lab applications. Now the college hosts lab applications
as virtual desktops that students can access from personal devices. The project has
lowered per-user desktop costs by 30 percent while also increasing agility.
Public Safety
The network has become critical to the gamut of public safety programs: crisis management,
urban security, border control and critical infrastructure protection, and situational awareness at
mass venues and events. Examples include:






Vehicles: Enabling public safety officers in their vehicles to access law enforcement
databases, hazardous materials databases, mug shots, building floor plans, and more,
increasing situational awareness to plan an effective response.
Creating a force multiplier: When a bridge collapsed in Minneapolis, Minnesota, in 2007,
the city saved an estimated $500,000 by monitoring the site with video surveillance
instead of deploying police officers 24 hours a day.
Enabling police officers to remotely monitor video feeds from schools, shopping centers,
or other densely populated areas.
Interoperable communications: Enabling first responders and government officials
involved in incident response to communicate directly using any type of radio
technology, traditional or IP phones, mobile phones, softphones, any device to any device
regardless of platform.
Accelerating incident detection by filtering out false alarms.
Enabling collaboration within city government, with partner agencies, and with the
private sector.
 The city of Joliet, Illinois, deployed outdoor IP video surveillance cameras after
receiving a four-to-one matching grant from the federal government to secure the area
Cisco Systems, Inc. - Proprietary
Document1
45

along the port of Chicago. The city can share video with the Illinois Department of
Transportation if barges cause damage to bridges.
To foster economic development, the City of Baltimore, Maryland, bid successfully
to host the 2011 Grand Prix street race, expected to attract 100,000 people and inject
the local economy with an estimated $70 million. Rather than funding a separate
video surveillance system, the city invited 20 federal, state, local, and private
organizations to share their video surveillance camera feeds and first responders’
locations for the event.
Justice
The network plays a growing role in judicial agility and public spending control:




E-Warrants: In the city of San Antonio, Texas, detectives who need a search warrant
right away use an in-vehicle laptop with software for high-definition videoconferencing
to connect to a judge. Obtaining the search warrant at the point of need instead of waiting
up to 12 hours helps detectives take advantage of a window of opportunity to execute the
warrant.
Remote arraignments: Transporting prisoners from the jail to the courthouse can be
very costly and also has the potential to put employees and citizens in harm’s way. Collin
County, Texas, is saving money and reducing the risk of escape or violence by
transporting inmates to a video arraignment room in the jail. The inmate appears before
the judge on high-definition video, accompanied by an attorney if appropriate. The judge,
who can work from any county office or home, views pertinent documents on one screen
and the inmate on another.
Video interpretation: For decades, the federal government has required courts to
provide interpretation services for criminal cases. Now the requirement is extending to
non-criminal cases, including those tried in civil as well as family, probate, and juvenile
courts. As a result, county courts face the prospect of triple or quadruple the number of
cases requiring an interpreter. To avoid skyrocketing costs and judicial delays while
overburdened contract interpreters travel between courtrooms, courts can adopt video
interpretation. States can use the same investment in endpoints and underlying network
for visitation, education, telepsychiatry, and arraignments.
Video kiosks for citizens: Citizens appreciate the option to appear for motions or
testimony from a video kiosk near their home or workplace. Judges in any location can
hear the case, helping to reduce case backlog and use scarce resources and expertise more
effectively.
Summary
Government is complex and government is diverse. Employees need access to the most advanced
tools and platforms to do their jobs. More is expected of everyone in government service today.
Employees must be enabled to do their jobs anywhere, anytime, using any device, across
Cisco Systems, Inc. - Proprietary
Document1
46
multiple platforms. The network that connects them to everything and everyone they need must
be invisible and transparent, and always on.
As the demands on network services and resources continue to evolve, so will the requirements
on network technologies. An example of the complexity and the sophistication embodied in
today’s network infrastructure relates to the network access layer. In the past, the access layer
provided connectivity to centralized network services. Today, the access layer is the intelligent
demarcation point between the network infrastructure and the computing devices that leverage
distributed network services. The network access layer provides a secure, services-oriented, and
policy-aware trust boundary. It is the first layer of defense in the network security architecture
and the first point of negotiation between end devices and the network infrastructure.
When looking at the overall enterprise architecture, the access switch provides the majority of
the first-hop services required in an end-to-end architecture and is a key element in enabling
next-generation services.
Having a feature rich access layer provides capabilities that reduce operational costs by reducing
operational complexity. This includes the ease of replacing/upgrading/configuring switches
through zero- touch deployment. Streamlining and accelerating deployment of video and other
collaboration capabilities through media-centric network helps ensure optimal user experience
for those capabilities during daily operations. It also enables the government to meet energy
mandates and reduce IT energy costs through energy management. This feature-rich access layer
can also contribute to increased defense-in-depth for network cyber security, which provides
pervasive security throughout the network.
When planning an RFP for communications and networking equipment or a network upgrade,
procurement officials need to keep in mind that approximately 80 percent of the network’s Total
Cost of Ownership (TCO) consists of continuing operational expenses, whereas only 20 percent
of the costs are from initial one-time capital expenses.
Asking the vendor community the right questions and securing vendor partners who can meet the
current and future network capabilities is an essential element of doing more with less and
guaranteeing operational excellence. The initial promise of lower costs up front from
commoditizing the access layer is deceiving. Funds saved in taking a commodity- or productcentric approach to your network will be lost by the increased daily operational costs the
government will experience for years to come when new capabilities and services are needed to
be implemented across the network. A product-centric approach is too narrow and purchasing is
too focused on initial savings. With enough planning put into procurement, the best-of-breed
products and services with a solutions and architecture approach will lead to success.
Cisco Systems, Inc. - Proprietary
Document1
47
Glossary of Current and Future Technology
To help explain the technology presented in this White Paper, a glossary of terms was created.
Each term is defined by what role it plays in Government Services.
Access Routing (Internet Edge)
Today, the network edge is becoming more important to the day-to-day functions of your
organization. As people work in the field, work while traveling, or work from home, they need
real-time access to data in the data center. To achieve this, they need access routing to bring data
to the edge. The WAN can be made to operate almost as fast as the core, which enables
teleworkers to access the small amount of data they need at any given moment. Police officers,
social workers, and construction crews working in the field can operate in real time if you make
simple adjustments to your network design.
Government demand for IT connectivity has increased steadily over the last few decades; for
many organizations, access to Internet-based services is a basic requirement for conducting dayto-day activity. Email, web access, remote-access VPN and, more recently, cloud-based services,
are critical functions enabling government agencies to pursue their missions. The government
network that supports these services must enable the organization to accomplish its operational
goals. A well planned and designed end-to-end network will save time, funds, and increase the
capability of the organization.
The network infrastructure is the foundation of the services that employees and citizens will use.
Network Infrastructure enables Cloud Computing/Data Center, Collaboration Services, Physical
Security, Network Management, and any future trends in technology. Three factors define the
operational requirements for an organization’s Internet connection:





Value of Internet-based activity:
 Cost savings/revenue realized from Internet activity
 Savings realized by Internet-based services.
Time/funds and revenue impact from loss of Internet connectivity.
Capital and operational expense of implementing and maintaining various Internet
connectivity options.
The organization must identify and understand its Internet connection requirements in
order to effectively meet the demands of Internet-based business activity.
Organizations must meet the following requirements and address these issues:
 Organizations need to provide users access to Internet services (email and web).
 Users need access to services inside the organization from remote locations.
 Organizations need to provide controlled access to data and/or services for the public,
partners, and customers.
Cisco Systems, Inc. - Proprietary
Document1
48
Organizations need to improve employee productivity by restricting Internet access to
non-work-related locations.
Organizations need to manage security risks associated with Internet connectivity. The
Internet Edge provides connectivity for traffic traversing between the organization and
the Internet. This includes traffic to and from the organization, the Internet, and
Demilitarized Zones (DMZs).
An organization’s Internet Edge deployment needs to enforce the organization’s security
policy and function as a real-world representation of that policy.



The services that the Internet Edge provides are connectivity to the Internet Service Provider,
resiliency for Internet services, and access control for services like email, instant messaging, and
web. As part of this access, appropriate use of Internet services by employees is an important
consideration, as it helps to maintain productivity, avoid legal issues, and reduce costs associated
with work-related bandwidth consumption.
The Internet Edge also provides users remote access to the services and data they require to
perform their role, from any location. In borderless networks, a user could be an employee, a
contractor, a partner, or a customer. Each user has different needs for access, data, and services.
As users’ Internet access requirements broaden, the risk associated with such access has to be
managed. There are three main types of risk that need to be managed:



Attacks against services
Attacks against clients
Phishing attacks that involve tricking a user into clicking on a malicious web site or
opening a file that contains malicious code.
The result of not protecting the organization against this activity includes loss of intellectual
property, data theft, or even potential legal liability.
Application Growth
Virtual computing model provides for using a simple Graphical User Interface (GUI) for rapid
deployment of additional physical servers that share common attributes. Using a virtual
computing manager service profile, you can define the configuration of an individual server
including:



Boot characteristics
Interface addresses
Firmware versions.
Each profile can be done separately from any physical hardware.
You can also generate service profiles from a template and keep them linked to the template to
facilitate updates across multiple servers in the future. This gives you the ability to create a new
server by cloning an existing service profile or using a template. It also means that it only takes a
Cisco Systems, Inc. - Proprietary
Document1
49
few minutes to deploy a new server, and you can limit physical server hardware to a flexible and
common pool of spare parts as your data center grows.
Application Switching
Through a broad set of load balancing and content switching capabilities, coupled with unique
virtualized architecture and granular user access control, application switching provides time and
cost reduction for application deployment, build-out, and performance or security enhancement.
IT departments and end users benefit directly through faster application rollout, improved
response time, and long-term investment protection.




Application Availability: To increase application availability, application switching uses
Layer 4 load balancing and Layer 7 content switching algorithms coupled with highly
available system software and hardware. Application switching can provide a state-ofthe-art failover system with an extensive set of application health probes that helps ensure
that traffic is forwarded to the most available server. To help ensure data center
availability, application switching can be integrated with a data center availability
system. Data center switching provides connection failover between data centers and
helps ensure business continuity.
Application performance: Application switching is designed to accelerate the
application experience for all users, whether they are in the office or on the road. To
enable optimal application performance for remote and traveling users, application
switching can use a range of acceleration capabilities to improve application response
time, reduce bandwidth volume, and improve the efficiency of protocols.
Security: Application switching is designed to serve as a last line of server defense.
Application switching provides protection against application threats and Denial of
Service (DoS) attacks with features such as deep packet inspection, network and protocol
security, and highly scalable access control capabilities.
Customer Benefits: Application switches offer several customer benefits:
 Reduced ongoing cost of application infrastructure and increased server efficiency
 Better end-user productivity through improved application availability
 Up to 500 percent faster response times
 Up to 400 percent lower power and cooling expenses
 Up to 75 percent more rapid application deployments and build-outs.
Application Switching Layers 4 to 7
Data centers are evolving to adopt a cloud service model. Cloud computing is increasing
demands on applications, and the application-delivery infrastructure (Layer 4-7) must meet the
challenge. Application switches allow enterprises to meet this challenge via four primary IT
objectives:
Cisco Systems, Inc. - Proprietary
Document1
50




Increase application availability and scalability
Accelerate performance of Web-based applications
Enable data center consolidation through fewer servers, load balancers, and firewalls
Improve application and data center security.
Availability and Business Continuance
Virtual computing data centers are designed to ensure availability with the use of resilient
network devices, links, and service models. Virtual computing extends this resiliency to the
servers themselves. A virtual computing model uses service profiles to provide a consistent
interface for managing all server resource requirements as a logical entity, independent of the
specific hardware module that is used to provide the processing capacity.
The service profile approach is applied consistently on both virtualized servers and “bare metal”
servers, which do not run a hypervisor. This approach increases overall availability and
dramatically reduces the time required to replace the function of an individual server module that
has failed.
Big Data
Big Data will continually transform society by enabling science and business to inform and
decide. Supply chain logistics, financial data, and university researchers will continually need to
manage Big Data. Government will provide the backbone of the network and continue to benefit
from the analysis of data the government generates.
Bring Your Own Device (BYOD)
Bring Your Own Device is a network design that allows employees to use any device anywhere
and at any time to connect to your network. Today laptops, Apple, and Android devices need to
be used on your intranet and to VPN into your network from anywhere in the world. This can be
done by setting up security in-depth and role-based access control. This can save funds on
equipment purchases and maintenance and enable employees to do their job better with less
stress.
Building Controls
Building controls are currently siloed into separate systems that do not communicate with each
other. Building controls need to be converged to address a pervasive need to reduce costs.
Convergence reduces Capital Expenditures (CapEx) and Operating Expenses (OpEx) by
reducing the duplication of components performing similar functions. This reduction applies to
components at every level, from the types of wiring used to the human skills required to install,
operate, and maintain the components. Convergence can also increase business value for the real
estate promoter and developer.
A Building Management System (BMS) is a computer-based system, consisting of both
hardware and software, which controls and monitors a building’s mechanical, electrical, and
electronic equipment such as air conditioning, lighting, power, fire, and security systems.
Cisco Systems, Inc. - Proprietary
Document1
51
A BMS extends the network as a platform to transform the way buildings are built, operated, and
experienced. The BMS:



Helps reduce energy usage across global operations
Leverages your network expertise in collaboration, convergence, and security to foster
sustainable energy use
Provides flexible integration of new technologies that deliver energy efficiency, clean
energy, and environmental stewardship.
The BMS collects data from the building, IT, energy supply, and energy demand systems, which
use different protocols that are otherwise unable to communicate. It then normalizes the data into
a common data representation. This enables the BMS to perform any-to-any protocol translation
and to provide information to the end user in a uniform presentation.
This network-based framework creates a common, standards-based, open platform that then
allows enterprise applications, cloud services, and building/IT systems to communicate. The
BMS is protocol-agnostic (open source) and extends the network to serve as an effective
foundation for sustainability management.
Cloud Computing
Cloud computing will provide a seamless connection between employees and data. The network
will store data and have computing power that workers can access from anywhere, anytime, on
any device through Web apps. Workers can complete their job in the field. Government can use
commercial apps and develop apps for specific functions to enable their employees.
Cloud Definitions
The NIST offer the following Cloud definitions:



Infrastructure as a Service (IaaS) provides users with processing, storage, networks,
and other computing infrastructure resources. The user does not manage or control the
infrastructure, but has control over operating systems, applications, and programming
frameworks.
Platform as a Service (PaaS) enables users to deploy applications developed using
specified programming languages or frameworks and tools onto the Cloud infrastructure.
The user does not manage or control the underlying infrastructure, but has control over
deployed applications.
Software as a Service (SaaS) enables users to access applications running on a Cloud
infrastructure from various end-user devices (generally through a Web application). The
user does not manage or control the underlying Cloud infrastructure or individual
application capabilities other than limited user-specific application settings.
NIST defines the following Cloud deployment models:

Private clouds are operated solely for one organization. They may be managed by the
organization itself or by a third party, and they may exist on-premises or off.
Cisco Systems, Inc. - Proprietary
Document1
52



Public clouds are open to the general public or a large industry group and are owned and
managed by a Cloud service provider.
Hybrid clouds combine two or more clouds (private or public) that remain unique
entities but are bound together by technology that enables data and application
portability.
Community clouds feature infrastructure that is shared by several organizations and
supports a specific community. They may be managed by the organizations or a third
party and may exist on-premises or off.
Children’s Internet Protection Act
Content security is ideally suited to help U.S. public schools and libraries adhere to the
requirements of the Children’s Internet Protection Act (CIPA), a federal law that was enacted by
the U.S. Congress in December 2000 to address concerns about access to offensive content over
the Internet on school and library computers. CIPA imposes certain types of requirements on
schools or libraries that receive funding support for Internet access or internal connections from
the E-rate program, which makes certain types of technology more affordable for eligible schools
and libraries.
In early 2001, the Federal Communications Commission (FCC) issued rules for the
implementation of CIPA:



An Internet safety policy must include technology protection measures to block or filter
Internet access on computers that are accessed by minors for pictures that: (a) are
obscene, (b) are child pornography, or (c) are harmful to minors.
Schools subject to CIPA are required to adopt and enforce a policy to monitor online
activities of minors.
Schools and libraries subject to CIPA are required to adopt and implement a policy
addressing the following: (a) access by minors to inappropriate matter on the Internet; (b)
the safety and security of minors when using electronic mail, chat rooms, and other forms
of direct electronic communications; (c) unauthorized access, including so-called
“hacking,” and other unlawful activities by minors online; (d) unauthorized disclosure,
use, and dissemination of personal information regarding minors; and (e) the restriction
of minors’ access to materials harmful to them.
Content security can provide a full featured set of protections consistent with the requirements of
CIPA.
Connected Government
Connected justice, healthcare, and other agencies will always be on and able to perform. A
completely digital system will enable new ways to connect different locations to each other. For
example, prisoners do not have to leave the prison to meet with a judge if they use Immersive
video. Doctors can see patients via Immersive video. Physical security and travel time are big
Cisco Systems, Inc. - Proprietary
Document1
53
costs for justice, and a specialist doctor now has a much wider area that he can meet with
patients, but have come in if necessary.
Content Security
Businesses strive to maximize business continuity and security, increase employee productivity,
control information theft and legal liabilities, and reduce operational expenses and management
burden. Most businesses find it difficult to attain these business goals, given the steady stream of
Internet threats that target client systems. Content security solutions provide strong protection
and control for business network communications. They stop network threats such as viruses,
worms, spyware, spam, and phishing; and control unwanted email and web content, while
reducing the operational costs and complexity of deploying and managing multiple point
solutions.
Viruses and other malicious code can overwhelm your IT resources, disrupting business
operations and impacting business transactions. The onslaught of spyware and unwanted Internet
content can seriously impact employee productivity and expose individuals to identity theft.
Providing comprehensive malware protection and content control, content security allows
enterprises to make full use of the Internet without the risks and costs associated with infections
and threats impacting client systems. Combining a firewall with high-quality malware protection,
content security:



Provides protection and control for network communications
Stops network threats such as viruses, worms, spyware, spam, and phishing
Controls unwanted email and web content while reducing the operational costs and
complexity of deploying and managing multiple point solutions.
Content security provides you with:





Enhanced business continuity by preventing malware infections and security breaches
from disrupting business-critical applications and services
Cost savings by reducing the need to remove spyware, viruses, and other malware
Increased employee productivity due to reduction of spam, spyware, and related
distractions
Efficient use of network resources by removing non-business relevant traffic and
content
Optimized for small and medium-sized organizations and remote branches through its
simplified deployment and ease of use.
Cyber Security
The network needs to be protected in-depth. Each employee and citizen needs to access
government networks anytime and anywhere, but that access should be limited based on role and
security to prevent hacking. New approaches to security make this possible by securing the
network. A CIO can have one policy that applies to intranet, wireless LAN, and cellular network
Cisco Systems, Inc. - Proprietary
Document1
54
access. VPN can be installed on any device and that device can be provisioned according to its
status and the user’s role.
Desktop Video
The immersive video-collaboration experience is a perfect example of using technology to bring
people together. Try to imagine just 5 years ago, when “meeting” someone for the first time over
video was not a good experience.
Today, you can talk with someone across the world as easily as if you were both sitting in the
same room. The vivid expressions on their full-size images are very clear, their body language
tells you a lot about what they are thinking, and their voice comes from the side of the room on
which they are sitting. There are no remote controls or complicated procedures for starting a
meeting. You just sit down and work together without technology getting in the way. After
meeting with them, you feel as though you have met them in person because the experience was
very life-like. This is the reality of collaboration.
Video collaboration allows your organization to reap the budgetary and productivity gains that a
remote workforce allows—without compromising the benefits of face-to-face interaction.
The following are benefits of video collaboration in a work environment:









Make decisions faster
Provide immediate access to experts
Bring employees in remote offices closer together
Interview job candidates remotely
Enhance employee reviews
Improve telework programs
Get real-time feedback from suppliers directly to the manufacturing floor
Record training sessions and executive messages for later playback over the corporate
network
Improve work/life balance for employees and their families.
An end-to-end video-collaboration solution incorporates a full suite of endpoints, infrastructure
components, and centralized management tools. You can expand it even further by integrating
with external devices, digital signage, and productivity tools.
Digital Signage
Digital Signage provides eye-catching multimedia content on large screens connected to your
existing network (Figure 10). You can deliver the same content to all signs on the network, such
as reminders of events, or deliver different content to different groups.
Cisco Systems, Inc. - Proprietary
Document1
55
Figure 10. Digital Signage
Promotes events and provides emergency updates within the same building, you might display
meetings on one digital sign and information about an upcoming bond election on signs in the
lobby.
Popular uses of digital signage for schools include:





Emergency notifications and instructions
Government news from the state or local office
Event announcements, such as meetings, hearings, and more
Room assignments for events
In-service training.
Energy Controls
Rising energy costs, environmental concerns, and new government directives have increased the
need for sustainable IT operations. Governments, companies, and consumers are more aware of
issues like energy and climate change, air and water pollution, resource depletion, human health
and safety issues, and waste disposal. Networked energy management can help address these
issues.
Networked energy management can automatically discover devices to manage, then enables in
measuring, reporting, and reduction of the power consumption of network infrastructure and
attached devices using specific policies. The power of the network can achieve lower energy
costs and better sustainability.
Cisco Systems, Inc. - Proprietary
Document1
56
IaaS
Infrastructure as a Service (IaaS) provides users with processing, storage, networks, and other
computing infrastructure resources. The user does not manage or control the infrastructure, but
has control over operating systems, applications, and programming frameworks.
Immersive Video
Organizations the world over are experiencing the transformational impact of faster decision
making, stronger working relationships, cost control, and improved productivity delivered by
Immersive video. Immersive video consists of a multiple codec video system, where each
meeting attendee uses an immersive video room to “dial in” and can see/talk to every other
member on a screen (or screens) as if they were in the same room. This brings enormous time
and cost benefits, versus travel. It is also superior to phone conferencing as the visual aspect
greatly enhances communications, allowing for perceptions of facial expressions and other body
language. Immersive video is no longer just for the boardroom. What once was thought of as a
technology out of reach for many is more accessible than ever. The innovative applications and
ways that people are now using the technology are endless.
Immersive video solutions address the human factors that are required in a virtual meeting, such
as communication and collaboration from geographically dispersed locations, where the visual
experience is critical.
Meeting human factor requirements is fundamental in the system design, which results in the
creation of a two-way visual communication experience that makes the participants feel like they
are sitting across from each other. In addition, the image and audio quality is important, resulting
in life-size images of people with all of their body language, including verbal and nonverbal
communication such as eye contact. A complete video collaboration solution includes some or all
of the following endpoint products:


Immersive video: Creates the most realistic in-person meeting experience and provides
an ideal platform for communication and interaction. Meeting participants feel as though
they are having a conversation with a colleague right across the table, even though they
may be miles or continents apart.
Multipurpose room systems: These high-quality systems are designed to be used in
meeting rooms, boardrooms, auditoriums, and other shared environments. Highdefinition, multipurpose video collaboration solutions can offer the same clarity of picture
and sound as immersive video systems, and they are great for team meetings and
collaborating in groups.
Internet of Everything (IoE)
The Internet already handles people-to-people, people-to-machine, and machine-to-machine
data, but 99 percent of things is not connected to the Internet today. Sensors in everyday objects,
buildings, and vehicles will bring capabilities that can provide economic opportunity for
businesses, individuals, and countries. For example, sensors in bridges and roadways can provide
a new level of safety for citizens.
Cisco Systems, Inc. - Proprietary
Document1
57
Key Threats
The following are some of the key threats that affect government networks.






Service disruption — Botnets, malware, adware, spyware, viruses, DoS attacks (buffer
overflows and endpoint exploitation), Layer-2 attacks, and Distributed Denial of Service
(DDoS) attacks on services and infrastructure.
Unauthorized access — Intrusions, unauthorized users, escalation of privileges, IP
Spoofing, and unauthorized access to restricted resources.
Data disclosure and modification — Sniffing, Man-In-The-Middle (MITM) attacks of
data while in transit.
Network abuse — Peer-to-peer and instant messaging abuse, out-of-policy browsing,
and access to forbidden content.
Data leak — From servers and user endpoints, data in transit and in rest.
Identity theft and fraud — On servers and end users, phishing, and email spam.
LAN Switching
The core layer of the LAN is the communications hub of the network. It provides client access to
headquarters and the backbone connectivity for the WAN, data center, and Internet edge, making
it a critical component in the network. The LAN needs to be highly available to support missioncritical applications and real-time media. In the past, high availability meant paying for links that
were redundant and sat unused.
Data networks are critical to enterprise organizations’ viability and productivity. Online
workforce-enablement tools are only beneficial if the data network provides reliable access to
information resources. Collaboration tools and content distribution rely on high-speed, lowlatency network infrastructure to provide an effective user experience. The LAN needs to:





Offer reliable access to organization resources
Minimize time required to absorb technology investments
Allow workforce mobility
Provide guest access
Reduce operation costs.
New technology can impose significant costs, from the perspective of the investment in the
equipment, as well as the time and workforce investment required to deploy the new technology
and establish operational readiness.
Organizations constantly pursue opportunities to reduce network operational costs, while
maintaining the network’s effectiveness for end users. Operational expenses include not only the
cost of the physical operation (for example, power, cooling, etc.), but also the labor cost required
to staff an IT department that monitors and maintains the network. Additionally, network outages
and performance issues impose costs that are more difficult to quantify, in the form of loss of
productivity and interruption of business continuity.
Cisco Systems, Inc. - Proprietary
Document1
58
Managed LAN
By allowing a third party to manage network assets, organizations can control CAPEX and staff
levels, leaving management free to focus on key business goals. Outsourcing LAN management
can help improve service and network performance, and reduce total cost of ownership.
Coordinated LAN management can also reduce the risk of deploying converged networks and
emerging technologies.
Mobility Computing
By 2015, over 80 percent of the handsets sold in mature markets will be smartphones (Gartner).
The mobile network is merging with the wired and wireless LAN network. Employees will be
able to work from anywhere and connect to the network with the best available connection. The
demand for bandwidth will always increase as more video, immersive video, and big data
become available on the web. Government can use video in many ways to generate reports and
for communication.
Network Analytics
Network analytics is the ability to collect, analyze, and act on data to make better decisions.
Performing network analysis enables you to make your network work better and better across the
network lifecycle. Analytics should be broken down into three categories:

Descriptive analytics  using historical data to describe the business. This is usually
associated with Business Intelligence (BI) or visibility systems. In supply chain, you use
descriptive analytics to better understand your historical demand patterns, to understand
how product flows through your supply chain, and to understand when a shipment might
be late.

Predictive analytics  using data to predict trends and patterns. This is commonly
associated with statistics. In the supply chain, you use predictive analytics to forecast
future demand or to forecast the price of fuel.

Prescriptive analytics  using data to suggest the optimal solution. This is commonly
associated with optimization. In the supply chain, you use prescriptive analytics to set
your inventory levels, schedule your plants, or route your trucks.
These methods can improve your network and organizational performance. The benefits of
network analysis include:


Ensure Network Stability: Complete internetwork communications can be easily
obstructed if a network device such as a server or a single segment in a LAN becomes
unreachable. Many different scenarios can cause problems in a large network and being
able to maintain stability is a paramount concern of network managers.
Ensure Network Reliability: Many upper-layer applications present in today’s
enterprise networks require connection-based processing during communications from
one device to another. Maintaining a consistent connection is essential when critical
communications take place between network devices, such as a workstation and a server.
Cisco Systems, Inc. - Proprietary
Document1
59




There is no one single source of information for baselining your network and
applications. IT organizations will need to use different monitoring instrumentation data
in order to gain a solid understanding of the normal behavior of the applications, the
network, and IT resources.
Optimize the Network: Once you have end-to-end visibility of the network and the
applications, you can then determine which optimization tools and technologies to utilize
to best meet the requirements. The second step is to apply the optimization or control
techniques to enhance application performance.
Measure, Adjust, and Verify: Continuously monitoring and collecting information
about the network and application behavior, and comparing the behavior before and after
successive WAN optimization initiatives. Measuring application response times for key
applications both before and after WAN optimization and control techniques allows IT
organizations to determine if the changes achieve desirable results. At the same time, it
allows IT organizations to determine if the changes cause unacceptable impact on the
company’s other key applications.
Deploy Changes: IT organizations regularly deploy new applications and updates to
existing applications to meet changing business needs. As new applications are deployed
or changes are made, new baselines need to be established. The application optimization
cycle must start all over again.
Device Instrumentation Monitoring: Understanding and addressing application
performance issues brings visibility into how an organization actually uses the network
resources, and with abilities to measure how well applications are performing.
Network Security
Network security works when the network is secured at each layer. Security services help you
address both protection and enablement needs such as protecting data, enabling secure access,
assuring regulatory compliance, and thwarting intrusion. Whether your challenge is securely
connecting multi-site, multi-tenant physical and virtual environments; providing secure access to
applications and data from any device; protecting information and privacy; or enabling secure
collaboration anywhere; you plan, build, and manage pervasive security across the network and
within and between clouds to protect your organization.
Office Automation
A network that is always connected to citizens can redefine the work flows and processes within
an organization. Office automation and web apps that can operate without employees will
become standard. This frees up time to do better work. Instead of having employees collecting
data they can be analyzing it.
OSI Layers Model
The OSI Model of the seven layers of the network. (See Figure 11.)
Cisco Systems, Inc. - Proprietary
Document1
60
Figure 11. OSI Model
The OSI model provides an understanding of how the network transports data.
PaaS
Platform as a Service (PaaS) enables users to deploy applications developed using specified
programming languages or frameworks and tools onto the Cloud infrastructure. The user does
not manage or control the underlying infrastructure, but has control over deployed applications.
Processing Resources
Some applications require enough processing and memory that you might decide to dedicate an
entire server or even a cluster of servers to support the workload. Other applications may start
out on a single server where the processor and memory are underutilized, resulting in excess or
wasted resources. In the case where applications need a separate operating environment but not
an entire server for processing and memory resources, server virtualization is the key to
combining applications and optimizing resources.
Server virtualization technologies insert a hypervisor layer between the server operating systems
and the hardware, allowing a single physical server to run multiple instances of different “guest”
operating systems. This increases the utilization of the processors on the physical servers, which
helps to optimize this costly resource. The architecture of virtual computing is optimized to
support the use of hypervisor-based systems or the direct installation of a base operating system.
The service profile structure of virtual computing, along with a centralized storage model, allows
Cisco Systems, Inc. - Proprietary
Document1
61
you the portability of server definitions to different hardware, with or without a hypervisor
system in place.
Profiling and Baselining
The first step to WAN and application optimization is to profile network activity by establishing
a reference from which service quality and application delivery effectiveness can be measured.
The profile of a network describes the traffic patterns and resource bottlenecks of a network.
This identifies for the network operator the links and protocols that are the best candidates for
optimization. Through profiling, a network engineer can focus on only those network
components whose optimization will help improve and develop baselines as a performance
benchmark.
Baselining is the establishment of acceptable network behavior, which includes:




Understanding available bandwidth
Identifying a normal pattern of network behavior such as network delays and what
applications are running on the network
Understanding each application’s behavior (and requirements) on the network
Measuring application response times.
There are key monitoring instrumentation technologies that provide essential information, and
sources of data for meeting the needs of performance management disciplines that optimize the
networks and applications. Performance monitoring tools provide data that network management
software consume. Figure 12 outlines a general process that can be used to incrementally
increase understanding of one’s network and progressively deploy measurable improvements and
adjustments as required.
Cisco Systems, Inc. - Proprietary
Document1
62
Figure 12. WAN and Application Optimization Lifecycle
With proper baselining, administrators can differentiate between consistent network behavior
and anomalous (candidates for improvement) network behavior.
Role Based Access Control (RBAC)
The role you play within the organization determines the access you are granted. This limits the
network’s exposure to threats. Internal threats and phishing scams can cause major damage to an
organization, but they can be mitigated because that employee only has access to specific parts of
the network. With some internal firewalls and network redesign, RBAC is an easy upgrade to the
network.
Remote Access/Teleworker/Virtual Private Networks
In 2010, IDC estimated that there were over 30-million teleworkers (also known as
telecommuters) worldwide. Teleworkers differ from mobile workers in that they require a more
office-like environment and typically work from a single semi-permanent location, in most cases
their houses.
Today, teleworkers are becoming more productive and connected, enabling companies to recruit
the best talent, regardless of their location. At the same time, teleworking allows the workers to
find the optimal life-work balance and job satisfaction while maintaining productivity and
business continuity.
Providing employees access to networked business services from a residential environment poses
challenges for both the end user and IT operations. For the home-based teleworker, it is critical that
access to services is reliable and consistent, providing an experience that is as similar to sitting in a
cubicle or office in the organization’s facility. Additionally, solutions must support a wide range of
teleworking employees with varying skill sets, making it critical to have a streamlined and simplified
way to implement devices that allow for access to the corporate environment.
Cisco Systems, Inc. - Proprietary
Document1
63
Remote access is a subset of teleworking where the end user accesses government services
through their Laptop, Smart Phone, or Tablet using a Virtual Private Network (VPN) service.
Remote access has become a must-have service for employees who work from the road or from
home. More and more organizations are allowing contractors remote access to their networks to
service systems more cost effectively.
Virtualization can support both Secure Sockets Layer (SSL) and IP Security (IPSec), VPN for
remote access, and site-to-site VPN, providing employees and partners a secure way to connect
to the network from the Internet. SSL VPN offers maximum flexibility, offering secure
connectivity for employees and citizens back to the internal network even from assets outside the
organization’s control. If an existing remote access solution is deployed, the architecture is
flexible and can support traditional IPSec VPN clients.
Organizations have been using Intrusion Detection Systems (IDSs) and IPS to detect and block
malicious traffic on networks for years, but recent laws and private sector compliance standards
have moved these systems from a nice-to-have to a must-have in government networks. Virtual
IPS can be deployed on its own as a standalone service with appliance-based solutions for highperformance LAN and server deployments, or integrated into the firewall for network perimeter
protection. Some IPS systems support inline and promiscuous modes that allow the agency to
inspect traffic and either send alerts when malicious traffic is detected or block the traffic in real
time.
Security
The Enterprise Network is the portion of the infrastructure that provides network access to end
users and devices located at the same geographical location. It may span over several floors in a
single building, or over multiple buildings covering a larger geographical area. The campus
typically connects to a network core that provides access to the other parts of the network such as
data centers, WAN edge, other campuses, and the Internet edge. Security is an integral part of
every network deployment. With the need to have secure and reliable networks, protect
information assets, and meet regulatory compliance requirements, an organization needs to
deploy security services designed into the network rather than added on as an afterthought. With
most networks connected to the Internet and under constant barrage from worms, viruses, and
targeted attacks, organizations must be vigilant in protecting their network infrastructure, user
data, and customer information.
Achieving the appropriate level of security is no longer a matter of deploying point products
confined to the network perimeters. Today, the complexity and sophistication of threats mandate
system-wide intelligence and collaboration. To that end, government IT organizations must take
a defense-in-depth approach, where multiple layers of protection are strategically located
throughout the network, but under a unified strategy. Event and posture information is shared for
greater visibility, and response actions are coordinated under a common control strategy.
From a security perspective, the following are the key requirements to be satisfied by the
Enterprise design.
Cisco Systems, Inc. - Proprietary
Document1
64







Service availability and resiliency
Prevent unauthorized access, network abuse, intrusions, data leak, and fraud
Ensure data confidentiality, integrity, and availability
Ensure user segmentation
Enforce access control
Protect the endpoints
Protect the infrastructure.
Service Provider
Some states have started to act as the service provider for all state and local government
agencies. The state sets up one contract with a system integrator such as Verizon or AT&T and
they provide service to each building as needed.
Sensors
Sensors can refer to any device that measures something in the environment such as temperature,
light, sound, pressure, Radio Frequency ID (RFID), and for public safety: chemical, biological,
radiological, and nuclear. These sensors are usually simple and passively send their data over a
wireless network to a computer that aggregates many sensors’ data and then analyses it.
Sensor Networks
A Wireless Sensor Network (WSN) consists of spatially distributed autonomous sensors to
monitor physical or environmental conditions, such as temperature, sound, pressure, etc., and to
cooperatively pass their data through the network to a main location. The networks are bidirectional, also enabling control of sensor activity. The development of wireless sensor
networks was motivated by military applications such as battlefield surveillance; today such
networks are used in many industrial and consumer applications, such as industrial process
monitoring and control, machine health monitoring, and so on.
Sensor networks will enable various manual tasks to be automated and become continuously
monitored. For example, sensors could be put in bridges to monitor them and inform employees
that the bridge needs to be inspected or repaired. This would help prevent bridges from
collapsing unexpectedly.
Shared Services/Multi-Tenancy
One of the essential characteristics of a cloud architecture is the ability to pool resources. The
provider’s compute, network, and storage resources are pooled to serve multiple consumers
using a multi-tenant model, with different physical and virtual resources dynamically assigned
and reassigned according to consumer demand. There is a sense of location independence in that
the user generally has no control or knowledge over the exact location of the provided resources
but may be able to specify location at a higher level of abstraction (e.g., country, state, or data
center). Examples of resources include storage, processing, memory, network bandwidth, and
virtual machines.
Cisco Systems, Inc. - Proprietary
Document1
65
Each tenant subscribed to compute, network, and storage resources in a cloud is entitled to a
given Service Level Agreement (SLA). One tenant may have higher SLA requirements than
another based on a business model or organizational hierarchy (Figure 13). For example, tenant
A may have higher compute and network bandwidth requirements than tenant B, while tenant B
may have a higher storage capacity requirement.
Figure 13. Architecture Overview
The main design objective is to ensure that tenants within this environment properly receive
subscribed SLA while their data, communication, and application environments are securely
separated, protected, and isolated from other tenants.
The key to developing a robust design is clearly defining the requirements and applying a proven
methodology and design principles. The following four requirements were defined as pillars for
the Secure Cloud Architecture.


Availability allows the infrastructure to meet the expectation of compute, network, and
storage to always be available even in the event of failure. Like the Secure Separation
pillar, each layer has its own manner of providing a high availability configuration that
works seamlessly with adjacent layers. Security and availability are best deployed from a
layered approach.
Secure Separation ensures one tenant does not have access to another tenant’s resources,
such as Virtual Machine (VM), network bandwidth, and storage. Each tenant must be
securely separated using techniques such as access control, Virtual LAN (VLAN)
segmentation, and virtual storage controllers. Also, each layer has its own means of
enforcing policies that help reinforce the policies of the adjacent layers.
Cisco Systems, Inc. - Proprietary
Document1
66


Service Assurance provides isolated compute, network, and storage performance during
both steady state and non-steady state. For example, the network can provide each tenant
with a certain bandwidth guarantee using Quality of Service (QoS).
Management is required to rapidly provision and manage resources and view resource
availability.
Siloes
Network siloes are architectures devoted to one task, application, or government entity. They
cause networks to be overbuilt and underutilized. For example, a Time Division Multiplexing
(TDM) phone system is siloed from the rest of the network. A TDM system cannot be integrated
into a VoIP system and now they are obsolete. They are the opposite of a virtualized network
with shared resources.
Software as a Service (SaaS)
Budget stability is always an issue for government. By moving CapEx costs to OpEx budget, the
CIO can achieve a more stable budget year to year. With SaaS, you can offer more services to
citizens and employees without incurring up-front costs to roll out new capability. SaaS removes
risk and is faster to implement and is not more expensive in the long run because your
management costs are fixed. SaaS can be installed on premise or hosted by a system integrator
offsite.
Software Defined Network
SDN is an approach to network design and deployment where the devices can be dynamically
programmed to adjust to the needs of applications or network users. There are several use cases
for SDN in the Public Sector including data center/private-cloud coordination of network
services and campus slicing (common in a research environment in higher education). As this
technology becomes more mature, more use cases will come to light. One promising area for
SDN is to enable mission-specific applications to manipulate network resources to ensure proper
delivery of the data/application.
Virtualization has simplified and increased the capacity of servers while reducing costs. This
same idea is now being implemented for routing and switching to make it virtual also. The SDN
will reduce the amount of physical routers and switches to a minimum but will increase the
amount of routing and switching that can be done on a specific task by allowing bandwidth to be
used as needed. This allows government to use excess bandwidth for data transfer and backup.
Also, big data tasks can be done by the network as a whole instead of dedicating a new array of
routers and switches to a task. The task can be computed in the background when other smaller
tasks consume bandwidth.
Storage Area Network
A Storage Area Network (SAN) is a dedicated network that provides access to consolidated
(restricted access), block level data storage. SANs play a vital role in enabling businesses to
adopt new technologies and applications to help them grow. For many businesses, increased user
Cisco Systems, Inc. - Proprietary
Document1
67
expectations along with government regulations for data recovery make it imperative for 24-hour
access to critical information. Storage costs continue to grow faster than server costs, resulting in
the need for more efficient and cost-effective storage and lifecycle management. SAN
applications enable centralized, storage-vendor-neutral solutions including data encryption, data
migration, and acceleration of backup and replication performance between distant data centers.
Storage Requirements
The most efficient way to manage the investment in additional storage capacity is to move to a
centralized storage model. Virtual computing decouples the computing functions of the server
farm from the storage systems, which provides greater flexibility for system growth and
migration. System storage and boot disk are accessible from either the local disk that is available
on each server or through access to centralized storage located on the Ethernet IP network or
SAN.
Unified Communications
The VoIP revolution is just beginning. Each year more features are added to VoIP systems to
make them better and to integrate them with other IP technology. Connecting to web meetings
and maintaining a presence online has never been easier. Turn a chat into a phone call or a web
meeting all on a mobile phone. UC is enabling the workforce to be free from the desk, but still
able to do the work that is necessary.
Unified Communications products deliver high-quality voice and video communications that
scale from a few people to tens of thousands. Organizations select the features and functions to
meet their specific needs, from simple dial tone and voicemail to complex call centers.
The following are benefits of using Unified Communications services:




Scales as the organization grows from 10 to 30,000 users
Can be tailored to suit the needs of your organization, from basic call functions to complex
call centers with video agents
Builds on your current messaging systems, creating a platform for collaboration
Supports single-line voice endpoints all the way up to multi-screen, high-definition video
endpoints.
Unified Communications supports users that are located at headquarters, regional sites, or a
remote site. It also supports teleworkers or mobile workers in wired and wireless LAN
configurations. The solution integrates the benefits of voice and video communications with
messaging into a modular architecture. Consolidating these services on a single network
creates a cost-effective solution that is simple to set up, manage, and use, thereby helping to lower
the TCO and providing a foundation for other service and business process integrations.
Unified Computing
As an organization begins to grow, the number of servers required to handle the informationprocessing tasks of the organization grows. Using the full capabilities of the investment in server
Cisco Systems, Inc. - Proprietary
Document1
68
resources can help an organization add new applications while controlling costs as they move
from a small server room environment to a more scalable data center design. Server
virtualization has become a common approach to allow an organization to access the untapped
processing capacity available in processor technology. Streamlining the management of server
hardware and its interaction with networking and storage equipment is another important
component of using this investment in an efficient manner.
Scaling a data center with conventional servers, networking equipment, and storage resources
can pose a significant challenge to a growing organization. Multiple hardware platforms and
technologies must be integrated to deliver the expected levels of performance and availability to
application end users. These components in the data center also need to be managed and
maintained, typically with a diverse set of management tools that have different interfaces and
approaches. In larger organizations, often multiple teams of people are involved in managing
applications, servers, storage, and networking. In many smaller organizations, the lines between
these tasks are blurred and often a single, smaller team — or even one individual — may need to
handle many of these tasks in a day.
Business agility in the data center is a growing concern for organizations. The ability to reduce
the time necessary to deploy new applications or expand existing applications to a larger
footprint to handle increasing workloads contributes to the success of a project. The compute
environment needs to be consistent to reduce operational requirements, yet flexible to
accommodate the different requirements of applications and the operating system. Application
availability is key to an organization. Users depend on reaching the systems and information that
are required to run the business just as much as they depend on having lights in the office or a
power outlet to plug in a PC.
Unified Computing System (UCS)
As an organization’s mission changes, the network should be able to adapt. By converging the
network routing and switching with servers into one virtual environment, the network becomes
simpler to manage, uses less boxes and less electricity for cooling, and is faster to provision.
Virtual servers replace physical servers so that many applications can run on one machine. You
need a network that is designed to work together to eliminate server farm sprawl, because point
products that are cobbled together are expensive in the long run, even though they seem to offer
short-term savings.
Video Surveillance
Video surveillance solutions enable your administrators and security personnel to view, manage,
and record video locally and remotely using the IP network and a standard Internet browser.
With this solution, you can access video securely at any time and in any location, enabling faster
response, investigation, and resolution of incidents. You can also record and store video locally
and offsite, as well as manage and combine it with video from multiple locations.
Video surveillance can be used to integrate a wide range of third-party vendor devices and
applications, such as video analytics, providing a solution that is cost effective to deploy, fits
budgets, and enables new capabilities. Furthermore, video surveillance products are designed to
Cisco Systems, Inc. - Proprietary
Document1
69
work with customers’ existing proprietary cameras, analog control keyboard, and matrix
switches for a smooth transition to network-based video surveillance. Whether you are upgrading
an existing surveillance system or building an entirely new one, an IP networked based video
surveillance can meet your specific needs and protect your technology investment.
Virtual Desktop
Organizations are being driven by industry and regulatory compliance (Payment Card Industry
[PCI], Sarbanes-Oxley ]SOX], Health Insurance Portability and Accountability Act [HIPAA]) to
be able to report on who is accessing the organization’s information, where they are accessing it
from, and what type of device they are using to access it. Government mandates like Federal
Information Processing Standard (FIPS) and Federal Information Security Management Act
(FISMA) are also requiring agencies and entities working with government agencies to track this
information. In some cases, an organization may choose to limit access to certain information to
adhere to these regulations.
This information is also key data that can be used to generate advanced security policies.
Organizations see this as a daunting task requiring the use of several advanced technologies, and
often delay implementing a solution simply because they don’t know where to begin.
In today’s environments where BYOD has become prevalent, you can use a Virtual Desktop
Infrastructure (VDI) to accommodate users without the need to certify application across
multiple operating systems and device types. The first phase is to allow users to access the
network with their personal device using their existing network credentials. After authentication,
the device is granted access to the portions of the network required to access the VDI.
VDI allows a client to access a virtual desktop hosted in the data center. This allows the user to
access the same desktop from a variety of different endpoints. This simplifies network policies
by providing a common environment for users and then applying policy centrally in the data
center. The second phase is to provision the device with a digital certificate and network
configuration prior to gaining network access. Once provisioned, the device has full network
access.
Virtualization
Virtualization will change the way government operates on a daily basis by transforming
multiple siloed current physical networks into one seamless network. The capability to handle
data, voice, video collaboration, and immersive video will enable government agencies to
operate in real time 24/7/365 around the world. Information will always be accessible and always
secure because role based access control will limit each person on the network to information
pertinent to their role.
The goal is to build a pervasive, scalable infrastructure that bridges previously siloed domains
and unifies them into a fabric of shared, virtual services that can be provisioned in a fraction of
the time it takes to configure a traditional application environment. Network virtualization
creates a foundation for virtual services added on top. In the design, VLANs are used to create
logical, secure, and reliable segmentation between voice, video, data, wired, wireless LAN, and
Cisco Systems, Inc. - Proprietary
Document1
70
management functions on the network. The design also supports virtual servers and storage in
the server room/data center.
Virtualization technologies can help your organization treat all IT resources as a set of shared
services that can be combined to improve efficiencies and scale quickly. The more efficiently
your organization can use its existing IT assets — servers, storage, networking, and other
equipment — the better your return on investment. Efficient use can also help you defer the cost
of new equipment and significantly reduce power and cooling costs. The data center, servers,
routing, and switching will be virtualized.
Virtualization is typically seen as a way to increase the workload capacity of servers, and to a
degree, storage. Yet greater efficiencies can be gained by applying virtualization to your entire
network. With some key technologies combined with reconfiguration of operational processes
and structures, the network can play a key role in creating a virtual infrastructure for increased
efficiency.
Web Application
A lightweight Web application is software that has been optimized for a specific use. The
programming language can execute quickly and reuses its own code through object-oriented
programming. The app is only a few Mb in size and does one task through the Web. For
example, Kayak.com accesses many sites through your smartphone and finds travel information
based on your input. It can give you real-time data from the mobile cloud. Government can move
to this operations model by having cloud computing and developing specific apps for specific
needs. This can be far more cost effective when compared to other business models.
Web Conferencing
Web conferencing is a service that allows conferencing events to be shared between remote
locations. The service is made possible by Internet technologies, particularly Transmission
Control Protocol/Internet Protocol (TCP/IP) connections. The service allows real-time point-topoint communications as well as multicast communications from one sender to many receivers.
It offers information such as text-based messages, voice and video chat to be shared
simultaneously, across geographically dispersed locations. Applications for web conferencing
include meetings, training events, lectures, or short presentations from any computer.
As government organizations reduce operation expenses and increase operational efficiencies,
they require new ways of doing business. It is simply not feasible to travel to all locations to
meet colleagues, fellow executives, and citizens. It is inefficient and expensive, and it hampers
productivity. Increasingly, workers are trading cubicles at headquarters for remote offices,
mobile workplaces, and virtual rooms. Travel budgets continue to shrink while the need to work
collaboratively with global teams continues to amplify. These new global realities can be
challenging, but they also bring tremendous opportunities.
A variety of factors determine whether a user has a good experience with an application or
endpoint running over the network. Consider the various components and services that have to
work together to make a simple IP-based video call. The device plugs into the network and uses
Cisco Systems, Inc. - Proprietary
Document1
71
various services to find the remote endpoint. When everything works as designed, the person you
called is presented as a clear video image, with natural sounding audio. Three specific layers
need to function seamlessly to provide the user with a consistently positive experience:



A highly available network foundation for the network services and user traffic
Network services that operate in the background, improving and enabling the experience
without direct user awareness
The applications or endpoints with which a person interacts directly, known as user
services.
Wireless Local Area Network (WLAN)
A great way to increase collaboration at the office is to install a wireless network tied into your
current LAN. A Wireless Local Area Network (WLAN) implements a flexible data
communication system that augments, rather than replaces, a wired LAN within a building or
campus. WLANs use radio frequency to transmit and receive data over the air, minimizing the
need for wired connections.
Staying connected regardless of location has become a mainstay of business and daily life. Few
buildings have enough wired networking ports to support every location and every person who
needs to connect to an organization’s assets. Wireless LAN networks help enable the users to
stay connected and keep the flow of information moving, regardless of physical building
limitations.
Wireless LAN connectivity at the headquarters and remote sites uses Wi-Fi technology for the
transmission of voice, video, and data throughout the building. The components provide the
following benefits to an organization:



Network flexibility extends the boundaries of the network without the need for additional
wiring
Centralized control of the wireless LAN infrastructure reduces the management burden
A network core, preconfigured for access points to be connected to any access port,
simplifies deployment.
To meet the requirements for mobility in the architecture, the design incorporates specific
products and configurations to provide a secure, flexible, scalable, and cost-effective solution.
Providing comprehensive wireless mobility services at the headquarters and remote sites, while
also maintaining ease of use and low cost of ownership, can be challenging if access points are
deployed in a standalone mode. Autonomous access points multiply the number of devices you
need to configure, monitor, and manage.
Cisco Systems, Inc. - Proprietary
Document1
72
Acronyms
BI
BMS
BYOD
CAPEX
CCTV
CIO
CIPA
CoI
DDoS
DMZ
DoS
ECMP
FAR
FCC
FIPS
FISMA
GSA
GUI
HIPAA
HVAC
IDC
IDIQ
IoE
IP
IPS
IPSec
ISO
IT
LAN
MFN
MITM
MPLS
N/A
NGN
NIST
OEM
OPEX
OSI
OSS
PBX
Business Intelligence
Building Management System
Bring Your Own Device
Capital Expenditures
Closed-Circuit Television
Chief Information Officers
Children's Internet Protection Act
Community of Interest
Distributed Denial of Service
Demilitarized Zones
Denial of Service
Equal Cost Multipath Protocol
Federal Acquisition Regulation
Federal Communications Commission
Federal Information Processing Standard
Federal Information Security Management Act
General Services Administration
Graphical User Interface
Health Insurance Portability and Accountability Act
Heating Ventilation and Air Conditioning
International Data Corporation
Indefinite Date/Indefinite Quantity
Internet of Everything
Internet Protocol
Intrusion Prevention System
IP Security
International Organization for Standardization
Information Technology
Local Area Network
Most-Favored-Nation
Man in the Middle
Multiprotocol Label Switching
Not Applicable
Next Generation Network
National Institutes of Standards and Technologies
Original Equipment Manufacturer
Operation Expenditures
Open Systems Interconnection
Operations Support System
Private Branch Exchange
Cisco Systems, Inc. - Proprietary
Document1
1
PC
PCI
PoE
QoS
RBAC
RFI
RFID
RFP
ROI
SAN
SDN
SLA
SOW
SOX
SSL
TCO
TCP/IP
TDM
UC
UCS
VDI
VLAN
VM
VoIP
VPN
WAN
WLAN
WSCA
WSN
Personal Computer
Payment Card Industry
Power over Ethernet
Quality of Service
Role Based Access Control
Requests for Information
Radio Frequency ID
Request for Proposal
Return on Investment
Storage Area Network
Software Defined Networking
Service Level Agreement
Scope of Work
Sarbanes-Oxley
Secure Sockets Layer
Total Cost of Ownership
Transmission Control Protocol/Internet Protocol
Time Division Multiplexing
Unified Communications
Unified Computing System
Virtual Desktop Infrastructure
Virtual LAN
Virtual Machine
Voice over Internet Protocol
Virtual Private Network
Wide Area Network
Wireless Local Area Network
Western States Contracting Alliance
Wireless Sensor Network
Cisco Systems, Inc. - Proprietary
Document1
2