McCarran's Cisco PIX firewall handles packet filtering for the network, with failover planned by July. David Webb, the department's senior business systems analyst, has just finished deploying Novell's BorderManager as an authentication-based proxy for Web users.
Speaking of secure (or insecure) transports, no discussion about network facilities would be complete without talking about plans for wireless. The TSA's master IT plan, which includes a plan for wireless facilities, provoked something of a reaction from Hughes, but he diplomatically says, "We've got bigger plans than just sending a perpetrator's picture on a PDA."
McCarran is in discussions with several wireless providers, including AT&T, Roving Planet, SpectraSite, Sprint and T-Mobile, and is in talks with Arinc for the airlines' wireless needs. The facility has a limited wireless presence in conference rooms, with appropriate security, the details of which Hughes would prefer we not disclose, for obvious reasons.
McCarran's desktop management philosophy: "Simpler is better." The biggest deployments are, of course, at the gates and ticket counters, and for desktop management McCarran uses Arinc's tools, which load a stripped-down version of Microsoft Windows NT, with a custom shell, over the network (see CUTE diagram, page 48). The Arinc package has the agent authenticate after choosing his or her airline (see CUTE chooser, below), and CUTE then launches the appropriate emulator. The airline uses straight IP routing or gateway-protocol-conversion technology to get the session back to corporate. Straight leased lines and frame relay are also in use.
As far as network management goes, as the gigabit upgrade progresses, the associated closet and core network gear is plugged into a Computer Associates Unicenter management framework, which should be completed by August. After experiencing one prolonged network outage, management made uptime a priority. The older FDDI network was exceptionally reliable, even though various pieces of the network broke down over the years as a result of dual counter rotating rings, dual power supplies and dual switched fabrics on the backplane of the core switch. To provide the same high level of fault tolerance on the gigabit network, the closet switches (Enterasys E7s and E1s) are all dual-trunked using Spanning Tree, with backup trunks on separate cards.
Service Levels and Staffing
