The following is a continuation of a previous posting where I review common questions and compliance issues that credit unions frequently ask. I hope that this helps in your planning and decision-making process.
1. Flexibility In Case Of Disaster: Recovery and Avian Flu Remote Working. This topic is big from a business resumption perspective and it is important to have options during uncertain or chaotic times. Has the carrier explained how it will handle the redirection of branches to the DR site in the event of a disaster? What is the process for such a redirection? Can instant changes be made if the CU owns the routers? What about instant changes to a “managed service” carrier?
2. Flexibility When Faced With Day-To-Day Operational Issues. This issue relates to finding and determining problems on your POP diverse sites, or “Big Branches”, including routing issues on two routers or Class of Service (CoS) issues between two separate routers.
Another situation might be whether or not a new subnet or manned subnet can have encryption, Quality of Service (QoS), and routing all happen seamlessly and immediately after having zero calls to the service provider. This situation might occur if the credit union or a 3rd party local integration vendor needs to perform troubleshooting. If your answer is no, then what is the process?
3．IMPORTANT: MPLS Project Rollout. You should know how an MPLS project rollout is handled if the CU chooses either a managed or unmanaged product. There is a massive difference here between each carrier’s approach. Some carriers are so cumbersome that it adds a significant burden to the project rollout. To bid on and manage the rollout communication process between last mile carriers (Verizon) and long haul carriers (Qwest, AT&T, Spring), you might consider using a broker.
In a recent conference call I participated in, two credit union clients of mine were discussing MPLS. One had successfully rolled out their MPLS to 14 sites last year, and one was in the final stages of their selection process. One of the important suggestions my client made to the CU was to clean up cabling prior to rollout. This means extending DMARCS and ensuring there is necessary documentation and cabling in place for the last mile carrier technician. I couldn’t agree more: nothing has delayed MPLS rollouts for me more than this issue.
4．Security. Understanding the recommended security architecture is essential. There are enormous differences in carrier options, and the nuances will make your head spin. Carrier marketing department security will not suffice for a credit union. You should know the overall MPLS encryption architecture and understand HQ to DR site encryption.
If the carrier is recommending a “hosted” call center, then you should know how the network encryption will be addressed, as well as laptop security access into the credit union network. Security issues revolving around working at home, traveling, and avian flu, and DR remote site workers all need to be taken into account.
5．Disaster Recovery and Wireless Access. It is necessary to know how remote workers can access the CU network in the event of a disaster. Would users be accessing the Internet and hitting the CU network via the credit union’s own security infrastructure, or would the employee be leveraging an “in the cloud” solution for remote access? A client of mine uses an “in the cloud” firewall service, and it makes me very nervous….with a Tier 2/3 provider as well.
6．Credit Union Network Remote Access For Home Worker or Travelers. You will definitely need to describe how home workers and travelers will remotely access the credit union network using the new MPLS network. Will users be utilizing the CU security infrastructure (a private approach), or a carrier network via another method (semi-private approach)? You might also be asked whether “end-point” security is offered for remote access users, and to explain how it works.
I recommend a CU use its own security infrastructure in most cases to enable remote access for the network and to provide end-point security.
7．Quality of Services (QOS) or (COS). This issue relates to disaster recovery QoS protection from HQ to the DR site. You need to know how the carrier will protect replication traffic and prevent ripples that will affect the entire network. In my experience, carrier QoS/CoS will not work for a credit union. Whatever they might call it (four buckets of protection, color coded etc.,), it is all marketing hype. Credit unions need granularity in QoS. I will write about QoS in more detail as requested.
You might also be asked what would happen if you needed to examine Citrix traffic and manage applications within ICA (independent component analysis) or print traffic within ICA. Also, how fine grained and differentiated can you get with traffic types? You should understand the following types of traffic:
I) AD (replication versus authentication)
III) Citrix ICA
IV) Terminal Services RDP
VII) VDI – RDP
VIII) VDI – other
IX) DR Replication
Other differentiations you will need to make are those between CIFS (Common Internet File System) traffic and IPC (Inter Process Communication) pipe traffic as well as authentication traffic versus AD replication. How are RTM (Round Trip Measurements) for servers and clients met and achieved, and what is the sampling rate? How are they doing this at a layer 7 level? You will need to know how many buckets of CoS/QoS you get (carriers give you between 4 and 6), and whether or not it is layer 7-aware. Finally, issues regarding how bandwidth and queuing is controlled should be understood, and how you achieve ZERO dropped packets.
8．The SLA (Service Level Agreement) . For this type of question, you are going to need to know the SLA process, including how the service is set up, including how to get a troubleshooting-engineer. If you have a POP diverse routing problem, would the same engineer be likely to fix problems with encryption and VoIP jitter issues?
Other issues might include how to find a noisy broadcasting NIC (Network Interface Card), including which escalation path should be chosen and how long it should be. You should also know how many mission critical calls versus troubleshooting calls you get monthly, and who determines the SLA. Do you determine it or do they? Do they have an SLA example that has been set up for a client?
I hope that this guide helps you during the implementing of your MPLS network. You should now have a good idea of what questions might be asked, and what to look for in establishing solutions for your credit union.