ÐÓ°ÉPro

True Enterprise Optical LAN Must-Haves

by | Jul 25, 2022 | Featured, White Paper

Optical LAN (OLAN) delivers the key features needed in a true enterprise LAN – features that a residential-based Passive Optical Network (PON) offering just cannot meet. Your LAN is not just triple-play traffic flows (e.g. telephone, TV and Internet) between service providers and homes, and ONTs and their Gigabit Ethernet connections do not belong to just one user as they do in a residential service.

The must-have features can be grouped in four categories:

  1. Enterprise centric ONTs (variety connectivity options, many mounting choices, custom orderable colored faceplate ONT, 48-port Ethernet ONT for 1-to-1 closet switch replace)
  2. Highest degree of Security (port isolation, port security, IEEE 802.1x and network access control integration, E911 solutions and publicly available system and security test results)
  3. Ease of use / operational efficiencies (true plug-n-play provisioning, link layer discovery protocol, support of MAC OUI based profiles and interoperating with many different services from many different vendors, like Dante audio over IP)
  4. Mission-critical / reliability (PON protection at the port, card, fiber route diversity, geo-redundant OLT and end-to-end connection health).

Together, these must-have features far surpass what most residential-based PON systems offer, providing a safe, secure and scalable system that exceeds all the needs a modern business’s true enterprise LAN demands – including commercial, federal government, hospitality, education, healthcare, manufacturing or transportation industries specific requirements.

Must Have Purpose Built Enterprise ONTs

Enterprise ONTs enables Ethernet connectivity for all digital corporate services, smart building, and IoT end-points. These business ONTs need to support Power over Ethernet (PoE) and connect a multitude of subtend powered devices (e.g. phones, cameras, video monitors, wireless access points). They require many different mounting options above the desks, below the desks, flush-mounted in the walls, in zone boxes, in plenum spaces and under raised floors. Finally, there should be options for rack-mounted 48-port Ethernet ONTs that provide an economical one-to-one replacement of traditional closet-based Ethernet switches that can continue to utilize the last 300’ copper cabling drops inside a building. When choosing a PON equipment manufacturer for enterprise LAN applications, be sure to ask for the following must-have features:

Your ONTs need to offer Custom orderable colored faceplate.

  • You’ll want an Optical LAN ONT with custom orderable colored faceplates
  • There should be an option for an in-wall ONT with faceplate that can be ordered in ANY color to better match building aesthetics
  • And when matched with colored fiber cablings, the colored faceplates can distinguish different networks – this maybe a hard requirement in highly secure environments.

Your ONTs should have an option for 48-port Ethernet ONT for 1-to-1 closet switch replace.

  • Next make sure you can get a 48-port Ethernet ONT choice
  • A rack mounted 48-port Ethernet ONT offers economical one-for-one replacement of closet-based workgroup switches
  • This lowers annual software, support and training costs and it removes known network points of vulnerabilities
  • You also gain extended temperature range inside IT equipment rooms – which lowered energy consumption of HVAC systems.

Must Have Security Items

IT professionals and executives have known for years that either your data has been compromised, or you just are not aware that your data has been compromised. Recent history has shown far too many high-profile worst-case scenario examples of network data breaches, which are driving CIOs and IT professionals to invest in transforming IT infrastructure and ensuring that corporate info is secure, protected and highly available. This is why your network must have these security features to mitigate risk:

Your LAN must support Port Isolation.

  • You need the ability to provide separate service types and security postures on each port in your modern Internet of Things (IoT) network.
  • A 4-port ONT may be supporting HVAC management from one port and LED lighting, Wi-Fi WAPs and security cameras from the other ports.
  • Each of these services or devices needs to be isolated from the others via multiple VLANs and strict security.

Your LAN needs Port Security.

  • Dynamic Port Security postures and service assignments based on credentials (e.g. Network Access Control) must be supported by your PON system.
  • This is critical for the back-house network at a hotel or resort and any system supporting Point of Sale (PoS) equipment in a retail environment.

Your LAN requires Network Access Control (NAC) and IEEE 802.1x.

  • Cybersecurity is top-of-mind for all IT professionals today and unfortunately humans are the leading cause of security breaches.
  • You need to trust that your Passive Optical LAN system supports sophisticated Network Access Control, including security protocols like IEEE 802.1x, that all together unifies endpoint security technology, authentication, authorization and network security enforcement.
  • Furthermore, your enterprise LAN must support integration with best-of-breed security policy providers such as:
    • ForeScout CounterACT
    • Juniper Unified Access Control (UAC)
    • Cisco Identity Services Engine (ISE)
    • HP/Aruba ClearPass Policy Management
    • Microsoft Network Policy Server (NPS)
  • Ask your Passive Optical LAN equipment vendor to provide you with their advanced security design guidelines and their LAN hardening procedures.
  • Not supporting these Network Access Control security functions adds unnecessary risks that can cost your company millions of dollars if a breach occurs.

Your LAN must fully support E911 Solutions.

  • Your enterprise LAN voice services are not merely handsets connected to simple/legacy style voice switches – they utilize VoIP handsets that are handled by sophisticated Call Manager systems.
  • It is imperative, for the safety of your employees and guests, that your LAN hardware and software effectively support emergency 911 solutions across your VoIP network.

Your LAN must be backed by Public Accessible Test Results for Interoperability, System, Reliability and Security.

  • You want your enterprise LAN system hardware and software to be certified by the U.S. Department of Defense (DoD) rigorous testing standard known as Joint Interoperability Test Command (JITC).
  • It should have received Information Assurance (IA) accreditation in accordance with the DoD and met strict Risk Management Framework (RMF) for DoD Information Technology (IT).
  • All of these test results are readily available for the ÐÓ°ÉPro Optical LAN systems through the JITC Approved Products List (APL):
  • When your LAN system may be HIPAA compliant (e.g. healthcare electronic medical records) and/or PCI compliant (e.g. retail point of sale activities), this 3rd party test confirmation becomes imperative.
  • With all the different risks your LAN is exposed to with BYOD and guest systems, why would you settle for a less secure non-accredited LAN system and put you, your employees, and your company at greater risk?

Must Have Ease of Use / Operational Efficiencies

Improving efficiency, improving IT application performance and infrastructure simplification are top priorities for IT professionals and executives. Improving operational efficiencies is directly connected to how element management, network management and Machine-To-Machine (M2M) connectivity is administered. All three can take place in the cloud, Wide Area Networks (WANs) or LAN in a centralized building and across a campus. They are critical parts of the Internet of Things (IoT), the cloud, Software-Defined Networks (SDN) and big data initiatives. You want your LAN to have these key ease-of-use, operational efficiencies and smooth interoperability with many services from many vendors:

Your LAN requires true Global Profile Based Plug-n-Play Provisioning.

  • The LAN should bring ONTs online via auto-detect and profile-based centralized provisioning. This allows you to auto-flow port characteristic provisions based on established templates.
  • The appropriate security and traffic postures (e.g. Port Isolation, LLDP, 802.1x NAC, Committed Information Rates) are applied error-free to the ONT ports with no other user interaction – just connect the ONT to the PON fiber.
  • You must be able to create a profile for certain ONTs on certain PON ports in your network. When the ONT is connected, it is enabled and auto-configured with port 1 for a VoIP line, port 2 for a set top box, and ports 3 and 4 for WAPs.
  • True plug-n-play – the installer/provisioner can create multiple desired profiles. Attributes of profiles can even be created in a csv-based spreadsheet and then imported into the system.
  • All of the above reduce human touch, which directly improves network operational efficiency, security and reliability.

Your LAN requires Link Layer Discovery Protocol (LLDP).

  • LLDP allows for efficient management of all the thousands of Internet of Things (IoT) powered devices connected by gigabit Ethernet. LLDP automates the provisioning, monitoring, management and configuration of all the devices connected by Power over Ethernet (PoE). This is one of the ways Passive Optical LAN tames IoT’s complexity for your IT staff.

Your LAN should support MAC Organizationally Unique Identifier (OUI) based profiles.

  • MAC-based profiles dynamically configure ONT ports based on the device type detected tended off any given port –this means IoT devices can be connected in a M2M plug-n-play fashion.
  • The ONT detects a new device on one of its ports and then applies the appropriate device profiles – for example, when a VoIP phone or Wireless Access Point (WAP) is connected to a port.
  • ÐÓ°ÉPro OLAN automatically applies VoIP phone or WAP profile-enabling QoS, security profiles, and VLAN to provide the correct parameters to support voice or Wi-Fi traffic based solely on the MAC OUI.
  • Typically, LLDP is used to detect the subtended devices. This secure, centralized, and process-based provisioning significantly reduces security risks and potential network downtime.

Your LAN will need to Converge Many Different Services From Many Different Makers.

  • You’re going to need to connect voice, video, data, wireless access, access control, security, surveillance, building environmental and building automation inside buildings and across extended campus. That means interoperating with multiple manufacturers versions of IP voice and analog POTS voice, as well as IP video (all types of enterprise video) and RF overlay video option – this is no easy task for POL equipment providers and one needs years of experience to do this properly!
  • For example, if you use audio over IP/Ethernet network, then you will need Dante (Digital Audio Network Through Ethernet) and/or CobraNet support. Dante and CobraNet are uncompressed, multi-channel, low-latency digital audio over Ethernet via Layer-3 IP packets. Dante and CobraNet represent the leading audio networking solutions that have been accepted pro-audio AV users for their digital audio technology for live sound, broadcast, recording and public address.

Must Have Mission Critical / Reliability (Ultra High Availability Network)

Enterprises rely on LANs to be the lifeline of their operations, delivering dependable connections for cloud networking, big data, IoT, virtual desktops, remote employees, regional offices and international locations. Real-time and critical services demand high availability, stability, uptime and security from the networks. Unplanned LAN outages result in lost employee productivity and lost connectivity to corporate resources and data centers, raising security concerns.

You want your LAN to offer Geo-Redundant OLT protection for ultimate High Availability.

  • Your enterprise LAN must be a High Availability system. Hundreds of thousands of dollars are lost every year due to hours of extended network downtime.
  • For your critical network needs, you need a system that provides a standards-based (e.g. ITU Type-B PON redundancy), geographically-redundant OLT protection offering 99.9999% network uptime and less that a 2-second failover across a 6,000+ port network.
  • This means supporting FSAN ITU-T Type-B PON Redundancy port-to-port, card-to-card and OLT-to-OLT. ÐÓ°ÉPro has learned from 10 years of industry leadership that true geo-redundant protection between two OLTs is difficult to engineer, but absolutely necessary.
  • Plus, PON Path Protection feature is important to detect the failure of major card-level components, and intelligently switch to the optimal path. This ensures uninterrupted traffic flow of real-time and critical business services.
  • You need to confirm that your LAN supports this level of reliability. Anything less for your critical LAN needs just will not suffice.

ÐÓ°ÉPro Optical LAN True Enterprise Leadership

As can be seen from the preceding information, these must-have security, ease of use/operational efficiencies, mission-critical/reliability and purpose-built enterprise ONT features must be considered when IT professionals and executives are evaluating, designing, implementing and managing the LAN infrastructure and network components.

Backed by decade of enterprise experience, ÐÓ°ÉPro Optical LAN delivers a simple, secure, scalable and stable modern network architecture by incorporating all of these must-have features. OLAN is the best choice relative to contemporary network demands being driven by IoT, the cloud, SDN and big data initiatives. OLAN increases the speed of LAN configurations and troubleshooting and moves-adds-changes while reducing human error and security risks across the LAN. This is all made possible through centralized intelligence and management that makes automated action possible, all of which can positively impact IT professionals’ and executives’ priorities and key performance indicators.

Tom Dobozy