Say you run an iconic sports arena and the flagship conferencing, hospitality and events business that goes with it. Your security, corporate services, EPOS, lighting control and IP TV screens need a robust network backbone year-round, while on match days up to 82,000 sports fans want wireless access.
That's challenge enough for your network, but on any given day, multiple mixed-use zones might be configured as bars, hospitality areas, conference rooms or press centres. In each, users need to connect and gain reliable access to the services they require - how do you provision phones, give EPOS machines compliant access to the merchant services backend, and grant PCs and other devices appropriate, secure access to your systems - all without running your team on the ground into the ground?
That was just one challenge facing the Rugby Football Union (RFU) at its flagship Twickenham Stadium. With rooms changing use from day to day, the need to manually re-provision ports was a frequent bottleneck, and with the IT team tied up in low-level firefighting, their focus was drawn away from the wider picture of overall system performance.
We worked with the RFU to design and implement a robust, future-proof network that would excel for the present, and keep pace with the RFU's strategy and requirements for many years to come. Ideal solutions architect Richard Harvey explains how our system design also cleared the provisioning bottleneck, and saved the in-house teams a recurring headache.
We knew from experience that we could solve the RFU's provisioning problem with Identity-Based Networking Services (IBNS). In essence, the network would be setup with multiple VLANs, each configured appropriately for the purpose for which they're used, and the switches themselves would identify each connected device and assign it to the correct VLAN.
The trick to IBNS comes in appropriately identifying a device when it's connected, so the switch can be sure to get the right VLAN - whether that's the corporate LAN, EPOS, guest access or whatever. To do this we set up a series of authentication steps for the switches to step through when a new device is connected: the switch basically probes the device to understand what it is and applies the correct access.
Of course, all of this places a lot of dependency on the authentication infrastructure, so a lot of the preparation we did was working with the RFU to identify all the device types we needed to support, and thoroughly testing the solution to be sure that it worked reliably every time. We could optimise certain aspects of the system: for example, because the RFU is using latest-generation Cisco switches we can run many of the authentication steps in parallel, so the port is ready for use in just a few seconds.
The right result
IBNS means that network ports at Twickenham shouldn't need re-patching, even when the room they're in changes use or configuration. Instead, they'll automatically extend the correct access level to almost any device that gets plugged in. This alone takes a big workload off an IT team that's often very busy, freeing them up to focus on higher-level goals such as optimising performance.
Another advantage is the big improvement in security. With manual provisioning there's always the risk that a port isn't disconnected or re-configured as a room changes use, potentially leaving a privileged connection available to the wrong user or device. With IBNS, each port returns to a secure default state whenever a device is removed or turned off: any new connection has to be re-authenticated from scratch.
There's a further benefit if a switch should fail: an engineer can pull all 48 cables, swap out the hardware and plug everything back in again in any order, knowing the ports will be configured correctly in moments. All in all, it's a comparatively simple and elegant solution to a tricky business challenge.
We're proud of the network we designed and installed for the RFU at Twickenham. For more details, read our RFU case study.