True Enterprise Optical LAN Must-Haves

Optical LAN (OLAN) delivers the key features needed in a true enterprise LAN – features that a residential-based Passive Optical Network (PON) offering just cannot meet. Your LAN is not just triple-play traffic flows (e.g. telephone, TV and Internet) between service providers and homes, and ONTs and their Gigabit Ethernet connections do not belong to just one user as they do in a residential service.

 

The  must-have features can be grouped in four (4) categories:

  1. Flexible design choices (including options for G-PON plus symmetrical 10G XGS-PON, multi-rate Ethernet from 10M to 10G,  multimode fiber cabling, and copper cabling connectivity mitigation)
  2. Security (port isolation, port security, IEEE 802.1x and network access control integration, E911 solutions and publicly available system and security test results)
  3. Ease of use / operational efficiencies (true plug-n-play provisioning, link layer discovery protocol, support of MAC OUI based profiles and interoperating with many different services from many different vendors, like Dante audio over IP)
  4. Mission-critical / reliability (geo-redundant OLT protection).

Together, all of these must-have features far surpass what most residential-based PON systems offer, providing a safe, secure and scalable system that exceeds all the needs a modern business’s true enterprise LAN demands – including commercial, federal government, hospitality, education, healthcare or transportation industries specific requirements.

 

Optical LAN Flexible Design OptionsMust Have Flexible Design Items

Optical LAN has the unique ability to connect any network design, cable, service and endpoint. OLAN can be used to scale bandwidth capacity, and number of connected devices, with true network needs. It does this by breaking traditional network barriers for connecting modern smart buildings and IoT. It is a smart investment for CIOs and IT pros who want to ensure the least disruptive path to future technologies, including wireless. This is why your network must have these flexible design choices:

 

Your LAN must support G-PON plus 10G XGS-PON simultaneously.

  • You need the ability to choose which end-points are served by G-PON (ITU G.984) or symmetrical 10G XGS-PON( ITU G.9807.1) on a per port basis.
  • This will allow you to minimize space, reduce energy, lower thermals, noise, and radiation – and ultimately, save you money.

Optical LAN Flexible Design ChoicesYour LAN requires Multi-rate Ethernet connectivity.

  • You are going to need to connect 1G, 2.5G, 5G and 10G within your network. However, the majority of your enterprise users, devices and services do NOT require one gigabit speed service. In fact, many only need a fraction of that bandwidth.
  • That is why your chosen ONTs must have options for both G-PON plus 10G XGS-PON, and they must support options for multi-rate Ethernet (IEEE 802.3bz and IEEE 802.3an). With multi-rate Ethernet available in your network, you will have the confidence knowing you are ready for Wi-Fi 6 (IEEE 802.11ax) and whatever comes next.

Your LAN needs options for your existing multimode fiber cabling.

  • You already know that multimode fiber (MMF) cabling has historically been used by enterprise LANs inside buildings and across campus.
  • Where you find MMF, you are going to need an alternative choice for Passive Optical LAN over this MMF.
  • This is why you should ask your OLAN solution provider if they have singlemode fiber to multimode fiber optical splitters available.

Your LAN should offer choices for dealing with your existing copper cabling and closet-based Ethernet switch replacement.

  • You want to move forward with Optical LAN, but two things are concerning. First, what do you do with all the existing copper cabling? Second, you still have some Ethernet switches, and that Ethernet switch vendor keeps manufacturer discontinuing their equipment every 3-5 years, while their annual operational costs keep going up!
  • You are going to want to research 48-port rack mounted ONTs before you start your next Optical LAN project. There are OLAN options for a direct one-for-one closet-based Ethernet switch replacement that allows you to leverage your existing copper cabling, just a little bit longer, while purging your expensive annual switch maintenance fees.

Must Have Security Items

IT professionals and executives have known for years that either your data has been compromised, or you just are not aware that your data has been compromised. Recent history has shown far too many high-profile worst-case scenario examples of network data breaches, which are driving CIOs and IT professionals to invest in transforming IT infrastructure and ensuring that corporate info is secure, protected and highly available. This is why your network must have these security features to mitigate risk:

 

Your LAN must support Port Isolation.

  • You need the ability to provide separate service types and security postures on each port in your modern Internet of Things (IoT) network.
  • A 4-port ONT may be supporting HVAC management from one port and LED lighting, Wi-Fi WAPs and security cameras from the other ports.
  • Each of these services or devices needs to be isolated from the others via multiple VLANs and strict security.

Your LAN needs Port Security.

  • Dynamic Port Security postures and service assignments based on credentials (e.g. Network Access Control) must be supported by your PON system.
  • This is critical for the back-house network at a hotel or resort and any system supporting Point of Sale (PoS) equipment in a retail environment.

Your LAN requires Network Access Control (NAC), IEEE 802.1x and 2-Factor Authentication.

  • Cybersecurity is top-of-mind for all IT professionals today and unfortunately humans are the leading cause of security breaches.
  • You need to trust that your Passive Optical LAN system supports sophisticated Network Access Control, including security protocols like IEEE 802.1x, that all together unifies endpoint security technology, authentication, authorization and network security enforcement.
  • Furthermore, your enterprise LAN must support integration with best-of-breed security policy providers such as:
    • ForeScout CounterACT
    • Juniper Unified Access Control (UAC)
    • Cisco Identity Services Engine (ISE)
    • HP/Aruba ClearPass Policy Management
    • Microsoft Network Policy Server (NPS)
  • You will also want to make sure you are armed with the option to implement 2-Factor Authentication to ensure only authorized network administrators access your enterprise LAN.
  • Ask your Passive Optical LAN equipment vendor to provide you with their advanced security design guidelines and their LAN hardening procedures.
  • Not supporting these Network Access Control security functions adds unnecessary risks that can cost your company millions of dollars if a breach occurs.

Your LAN must fully support E911 Solutions.

  • Your enterprise LAN voice services are not merely handsets connected to simple/legacy style voice switches – they utilize VoIP handsets that are handled by sophisticated Call Manager systems.
  • It is imperative, for the safety of your employees and guests, that your LAN hardware and software effectively support emergency 911 solutions across your VoIP network.

Your LAN must be backed by Public Accessible System and Security Test Results.

  • You want your enterprise LAN system hardware and software to be certified by the U.S. Department of Defense (DoD) rigorous testing standard known as Joint Interoperability Test Command (JITC).
  • It should have received Information Assurance (IA) accreditation in accordance with the DoD and met strict Risk Management Framework (RMF) for DoD Information Technology (IT).
  • All of these test results are readily available for the Tellabs Optical LAN systems through the JITC Approved Products List (APL): https://aplits.disa.mil/processAPList.action
  • When your LAN system may be HIPAA compliant (e.g. healthcare electronic medical records) and/or PCI compliant (e.g. retail point of sale activities), this 3rd party test confirmation becomes imperative.
  • With all the different risks your LAN is exposed to with BYOD and guest systems, why would you settle for a less secure non-accredited LAN system and put you, your employees, and your company at greater risk?

Must Have Ease of Use / Operational Efficiencies

Improving efficiency, improving IT application performance and infrastructure simplification are top priorities for IT professionals and executives. Improving operational efficiencies is directly connected to how element management, network management and Machine-To-Machine (M2M) connectivity is administered. All three can take place in the cloud, Wide Area Networks (WANs) or LAN in a centralized building and across a campus. They are critical parts of the Internet of Things (IoT), the cloud, Software-Defined Networks (SDN) and big data initiatives. You want your LAN to have these key ease-of-use, operational efficiencies and smooth interoperability with many services from many vendors:

 

Your LAN requires true Global Profile Based Plug-n-Play Provisioning.

  • The LAN should bring ONTs online via auto-detect and profile-based centralized provisioning. This allows you to auto-flow port characteristic provisions based on established templates.
  • The appropriate security and traffic postures (e.g. Port Isolation, LLDP, 802.1x NAC, Committed Information Rates) are applied error-free to the ONT ports with no other user interaction – just connect the ONT to the PON fiber.
  • You must be able to create a profile for certain ONTs on certain PON ports in your network. When the ONT is connected, it is enabled and auto-configured with port 1 for a VoIP line, port 2 for a set top box, and ports 3 and 4 for WAPs.
  • True plug-n-play – the installer/provisioner can create multiple desired profiles. Attributes of profiles can even be created in a csv-based spreadsheet and then imported into the system.
  • All of the above reduce human touch, which directly improves network operational efficiency, security and reliability.

Your LAN requires Link Layer Discovery Protocol (LLDP).

  • LLDP allows for efficient management of all the thousands of Internet of Things (IoT) powered devices connected by gigabit Ethernet. LLDP automates the provisioning, monitoring, management and configuration of all the devices connected by Power over Ethernet (PoE). This is one of the ways Passive Optical LAN tames IoT’s complexity for your IT staff.

Your LAN should support MAC Organizationally Unique Identifier (OUI) based profiles.

  • MAC-based profiles dynamically configure ONT ports based on the device type detected tended off any given port –this means IoT devices can be connected in a M2M plug-n-play fashion.
  • The ONT detects a new device on one of its ports and then applies the appropriate device profiles – for example, when a VoIP phone or Wireless Access Point (WAP) is connected to a port.
  • Tellabs OLAN automatically applies VoIP phone or WAP profile-enabling QoS, security profiles, and VLAN to provide the correct parameters to support voice or Wi-Fi traffic based solely on the MAC OUI.
  • Typically, LLDP is used to detect the subtended devices. This secure, centralized, and process-based provisioning significantly reduces security risks and potential network downtime.

Your LAN will need to Converge Many Different Services From Many Different Makers.

  • You’re going to need to connect voice, video, data, wireless access, access control, security, surveillance, building environmental and building automation inside buildings and across extended campus. That means interoperating with multiple manufacturers versions of IP voice and analog POTS voice, as well as IP video (all types of enterprise video) and RF overlay video option – this is no easy task for POL equipment providers and one needs years of experience to do this properly!
  • For example, if you use audio over IP/Ethernet network, then you will need Dante (Digital Audio Network Through Ethernet) and/or CobraNet support. Dante and CobraNet are uncompressed, multi-channel, low-latency digital audio over Ethernet via Layer-3 IP packets. Dante and CobraNet represent the leading audio networking solutions that have been accepted pro-audio AV users for their digital audio technology for live sound, broadcast, recording and public address.

Must Have Mission Critical / Reliability (Ultra High Availability Network)

Enterprises rely on LANs to be the lifeline of their operations, delivering dependable connections for cloud networking, big data, IoT, virtual desktops, remote employees, regional offices and international locations. Real-time and critical services demand high availability, stability, uptime and security from the networks. Unplanned LAN outages result in lost employee productivity and lost connectivity to corporate resources and data centers, raising security concerns.

 

You want your LAN to offer Geo-Redundant OLT protection and PON Path Protection for ultimate High Availability.

  • Your enterprise LAN must be a High Availability system. Hundreds of thousands of dollars are lost every year due to hours of extended network downtime.
  • For your critical network needs, you need a system that provides a standards-based (e.g. ITU Type-B PON redundancy), geographically-redundant OLT protection offering 99.9999% network uptime and less that a 2-second failover across a 6,000+ port network.
  • This means supporting FSAN ITU-T Type-B PON Redundancy port-to-port, card-to-card and OLT-to-OLT. Tellabs has learned from 10 years of industry leadership that true geo-redundant protection between two OLTs is difficult to engineer.
  • With PON Path Protection, the system software proactively monitors the path’s health across the network, and if it detects the OLT has lost connectivity to the network, it will automatically switch to protection. This enables the ability to route traffic around a network failure by shifting traffic to the standby PON. PON Path Protection feature adds the capability to detect the failure of major card-level components, and intelligently switch to the optimal path. This ensures uninterrupted traffic flow of real-time and critical business services. It also allows for the failed card to be replaced in a maintenance window without affecting any network uptime availability.
  • You need to confirm that your LAN supports this level of reliability, because anything less for your critical LAN needs just will not suffice.

Tellabs Optical LAN True Enterprise Leadership

As can be seen from the preceding information, these must-have security features, ease of use/operational efficiencies features and mission-critical/reliability features must be considered when IT professionals and executives are evaluating, designing, implementing and managing the LAN infrastructure and network components.

 

Backed by decade of enterprise experience, Tellabs Optical LAN delivers a simple, secure, scalable and stable modern network architecture by incorporating all of these must-have features. OLAN is the best choice relative to contemporary network demands being driven by IoT, the cloud, SDN and big data initiatives. OLAN increases the speed of LAN configurations and troubleshooting and moves-adds-changes while reducing human error and security risks across the LAN. This is all made possible through centralized intelligence and management that makes automated action possible, all of which can positively impact IT professionals’ and executives’ priorities and key performance indicators.