Provisioning of Enterprise Remote Access Services

A key function of IT planning and design includes provisioning of remote access services for employees . Remote work is defined as work conducted away from corporate facilities. The provisioning activities described in this section support remote workers in a home office ( telecommuting ), as opposed to another type of virtual office (for example, a satellite or hotel office), instead of commuting to a corporate facility. Cisco's internal remote access offering has changed over the last couple of years ; however, the following information describes the processes that Cisco used to provision services for Frame Relay, ISDN, DSL, and VPN.

All successful remote work arrangements meet the needs of the business while enabling employees to maximize productivity in an advantageous work environment. Working remotely can positively impact job satisfaction, maximize the use of on-site workspace, decrease facilities costs, reduce traffic congestion and enhance air quality, attract and retain key employees, expand the pool of potential candidates, and provide opportunities to showcase Cisco's technology.

Cisco's internal remote access services are categorized as Cisco-managed, vendor-managed, and user -managed. The Cisco-managed services account for the Frame Relay, ISDN, and dialup services, where an internal Cisco IT team provided support for the end-to-end solution. The vendor-managed solution was an outsourced private DSL network where all support services were provided by the vendor. The user-managed solution was created for the internal VPN deployment, and it was a hybrid solution where end users managed the home connection with their selected ISP, and Cisco IT support managed the headend VPN concentrators . For Cisco-managed services, the provisioning IT analysts provide dual functions of administration and provisioning, which include installation, deactivation , and move location of services. Within Cisco, the provisioning of all remote access services requires the approval of the employee's manager. An automated approval process was used to manage this process.

Over the course of time, the policies and procedures have changed from a totally manual process to a semi-automated process. The type of technologies offered, and the employees to whom the services are offered changed as the business climate grew in size and authority. In general, the provisioning process includes the following:

• Installation procedures (sometimes called new installs )

• Automated disconnect procedures

• Billing procedures

Frame Relay circuits were usually provisioned for full-time telecommuters, who have no office space and work entirely from home. The full-time usage could usually justify the high monthly service charge, and was more cost effective than a usage based solution. In some cases, the employee's unique business requirements limited the remote access solution to a Frame Relay connection. A single vendor provides service and the charge is based on linear distance from the employee home to a vendor point of presence (POP). These circuits are piped directly into Cisco from that POP, providing speeds starting from 56 kbps and including fractional T1.

Part-time telecommuters, those needing higher bandwidth than dialup, could be authorized for an ISDN service to be installed in their home. ISDN is mostly usage based and depending on the employee's usage requirements, would be more cost effective than Frame Relay. This service usually is provided by the ILEC for the region, offering speeds of 128 kbps and providing two analog phones for analog telephone calls, negating the need for an additional wire pair to make business calls.

The necessary steps for provisioning Frame Relay and ISDN circuits for enterprise remote access needs are shown in Figure 1-3. Figure 1-3 shows the provisioning process for Frame Relay and ISDN. Some of the descriptions are based on an automated system for provisioning, used by Cisco.

Figure 1-3 is a graphic overview of the manual provisioning order process for the installation of Frame Relay and ISDN. A client requests a remote access service through an internal web-based application. After posting the required information to a template, the request is forwarded to management for approval. After it is approved, a case is opened in a case management tool and the request is sent to the provisioning team. The provisioning team member takes action in several areas:

• Case management tool action Updates the case with the appropriate language to document the process and timelines needed to track the installation of the order, and to set realistic expectations for the client.

• Provisioning page action Reviews the order template for accuracy and sends to the appropriate vendor.

• Administrative page action Updates the database with the referenced case number.

As availability for xDSL services expanded, DSL became a vendor-managed remote access option with fixed rates and lower cost than either ISDN or Frame Relay. It was preferred to have a contractual relationship with a single vendor to provide a low cost, fixed rate private DSL network. Bandwidth varied from 128 k to 512 k depending on the distance from the residence to the provider's DSLAM in the ILEC CO. IDSL and ADSL services were available, and with ADSL bandwidths in excess of 384 k, a Cisco IP telephone could be used effectively from home. This option is shown in Figure 1-1, where the xDSL service is hosted to the corporate-managed router (upper half).

Apart from the vendor-managed private solution, xDSL should be considered in the VPN context as a transport medium. This option is shown in Figure 1-1 in the upper half, where an ISP hosts the xDSL service, but the tunnel to the corporate network is terminated on the VPN concentrator. This type of solution is expected to be the pre-dominant remote access solution of the future.

With new technologies driving down the price of Internet access, Cisco's user-managed VPN solution provides the necessary set of options for VPN over technologies. The solution is technology independent and works with any ISP that provides access to the Internet through cable, xDSL, ISDN, satellite, or wireless technologies.

Through the manual process, a provisioning IT analyst received an e-mail or telephone request, and assessed the need for a remote access service (refer to Figure 1-3). After the type of service need was determined, an order was placed with the ILEC or with a third-party vendor who, in turn , placed the order with an ILEC. In heavily Cisco populated areas, agreements were made with the ILEC to accept these orders. In rural or sparsely Cisco populated areas, an agreement went to a third-party vendor to act on Cisco's behalf to place those orders.

Cisco IT uses an internally developed semi-automated, fully integrated online management system that assists with the provisioning of ISDN/FR services for employees. This allowed for the following:

• Automates the provisioning process

• Automates vendor/order communication

• Provides a central, uniform repository for ISDN and Frame Relay related data

• Improves asset-tracking measures

The implementation of this system provided the following:

• Labor cost savings

• Improved delivery timeframes

• Improved data accuracy/integrity

• Improved vendor tracking measures

• Improved asset management

Automated order e-mail templates were created to meet the processing demands of each ILEC and the requirements of Cisco:

• The service orders were standard for Frame Relay at 56 k and 128 k. The circuit was directed into Cisco's Intranet, using Cisco as the employee's ISP.

• The service orders were standard for ISDN, the speed was 128 k with 256 k B channels. The second channel was given voice priority over data when an analog phone was used in conjunction with the Cisco router. Long distance for ISDN was standard in accordance with a Cisco-vendor contract. The circuit was directed into Cisco's Intranet, using Cisco as the employee's ISP.

• The service orders were standard for the vendor-managed DSL. After management approval of a DSL service request, the vendor processed the order and the vendor communicated directly with the Cisco employee. Cisco provisioning analysts only provided follow-up and expediting when deemed necessary.

• The service orders for DSL are standard, providing the maximum bandwidth available to the employee, based on the employee distance to the ILEC DSLAM. The circuit is directed into Cisco's Intranet, using Cisco as the employee's ISP.

After order verification was received from the ILEC for ISDN/Frame Relay, the remote access engineers could configure a Cisco router designed for the intended service and ship it to the user. DSL routers are configured and shipped by the contracted vendor.

Routing for Frame Relay services would be over a dedicated service provider-based private network into Cisco (see more in Chapter 3, and Chapter 18, "Frame Relay Troubleshooting Scenarios"). Routing for ISDN would be one of several different ways: local Centrex for employees living in the immediate vicinity to the Cisco campus in San Jose or RTP, local long distance for other intra-LATA employees, or local long distance for local inter-LATA employees. All others would be routed on a Cisco contracted 800 number service into a Cisco campus. The routing and distance would determine monthly and usage service rates.

At the time of writing this book, Frame Relay and ISDN are no longer offered as a standard Cisco provided service. The provisioning mechanisms are still available, but not activated for employee access, although special cases are handled as needed. The standard remote access offering is the user-managed service that uses VPN to gain access to the Cisco Intranet.