CASE STUDIES
Strategic Upgrade for Booming Tourist Gateway Airport
A case study on how Arche upgraded the airport network design at a booming tourist gateway airport by deploying unified network management system
Dated infrastructure and manual network configuration held back Chennai International Airport. And when you are the fifth busiest airport in India and the third busiest for international traffic, you cannot afford to have frequent network outages and downtime. It is also the third busiest airport when it comes to handling cargo.
The airport is the home to the regional headquarters of the Airport Authority of India for the South Indian region - Tamil Nadu, Andhra Pradesh, Telangana, Kerala, Karnataka, Puducherry, and Lakshadweep. With a consistent rise in air traffic, Chennai Airport aimed to increase its passenger handling capacity to 40 million annual passengers.
What Held This Airport Back?
The OEM declared all the active hardware at the airport as end-of-life. It served the airport for a considerable amount of time without any hiccups. But recently, it started showing its age. And that caused many pains for the airport operations.
Manual VLAN Configuration, Lack of Proper Segmentation, and Slow Troubleshooting
The existing network relied on manual VLAN configuration for tenant isolation. Managing over 100 VLANs across multiple switches was error-prone and time-consuming.
The network could be segmented to some extent, but the manual management approach limited the flexibility to provide efficient segmentation and customized policies to tenants. This limitation hindered the ability to enforce security policies, quality of service (QoS), and traffic isolation effectively.
Because of manual configuration, it took longer to troubleshoot and resolve network issues. It resulted in prolonged network downtime. This delay affected the airport's ability to address network problems quickly, impacting services and potentially leading to customer dissatisfaction.
Broadcast Storms
The frequent misconfigurations in VLANs led to "broadcast storms." A broadcast storm occurs when there's excessive broadcast traffic in the network, causing congestion and severely impacting network performance. It affected the tenant traffic and overall network performance, leading to disruptions in airport operations.
End-of-Life Devices
EOL devices were an issue. They no longer received security updates or support, making the network vulnerable to security threats. It hindered their ability to adapt to evolving technology requirements, being a bottleneck in the operations at the airport.
Single Point of Failure
Because of the old network infrastructure and architecture, there were single-point-of-failure in many distribution and access locations. A critical network component would fail, resulting in downtime and disruptions of the services and operations.
These shortcomings affected many critical services - Flight Information Display Systems, check-in and boarding delays, customs and immigration for international travelers, baggage handling, and airline operations.
Next, let us explore how Arche addressed these pains.
Designing a Unified Network Management System
It all started with a meticulous assessment to study the scope of the work. The team had to know the end goals, the performance demands, and the expected traffic through the system to design a suitable blueprint for the solution. The solution architect team spent significant time understanding the problems before presenting the final plan of action.
We narrowed down the aspects and attributes we wanted to make robust and resilient.
Centralized Configuration and Policy Management: Implementing a 40G Backbone for Future-Proof Network Agility
Recognizing the throughput limitations of the previous network setup, Arche ushered in a state-of-the-art 40G backbone network. It provided not just the capacity for current applications but also room for future scaling, effectively resolving throughput issues.
VRF-Based Segmentation
Embracing VRF (Virtual Routing and Forwarding) allowed for MPLS-like network virtualization, enabling tailored policies and segmentation for tenants, all managed from a single pane of glass.
Role-Based Access Control (RBAC)
Role-Based Access Control was also integrated into the centralized management system. Coupled with VRF-based segmentation, it enhanced traffic isolation between tenants and reinforced security policies.
Zero-Touch Provisioning (ZTP) and Loop-Free Topology
Arche deployed Zero-Touch Provisioning (ZTP) paired with a loop-free topology design. It simplified the integration of new devices and served as a comprehensive strategy to eradicate broadcast storms that had earlier plagued the network.
In-Service Software Patching: Aiming for Zero Downtime
One of the highlights was the implementation of In-Service Software Patching at the core layer. This feature ensured that essential software upgrades could be rolled out without causing any network downtime, fulfilling the airport's requirement for continuous operation.
Eliminating Broadcast Storms Through Strategic Routing at Distribution Locations
Routing strategies were put in place at distribution locations, providing an additional layer of defense against broadcast storms. These measures worked in tandem with the loop-free topology and advanced storm control algorithms to create a network resilient to traffic-related disruptions.
Modernizing with End-of-Life Device Replacement: Securing and Scaling the Infrastructure
Future-Proof Hardware and Ongoing Support
With the 40G backbone network in place, the end-of-life devices were phased out and replaced with next-generation hardware that supported VRF-based segmentation and SDN. These new devices were backed by ongoing support and security updates, ensuring a fortified, scalable, and future-ready network.
Security: The Imperative of Modern Airport Network Design
In the current era, where threats are multifaceted, the integration of a Next-Generation Firewall (NGFW) was pivotal.
Why?
An airport is a hotspot of sensitive data exchanges. From passenger details to critical flight path data, the sanctity and security of this information are paramount. Thus, a modern, anticipatory security solution was non-negotiable.
How?
Arche integrated a Next-Generation Firewall (NGFW) into the airport network. This firewall is far from your standard packet-filtering wall—it is a fully integrated, threat-focused unit with unified management.
Advanced Threat Protection: A Tri-Phasic Approach
The NGFW goes beyond mere defense and adopts a comprehensive, three-phase approach to security—protection before, during, and after an attack. This dynamic model adapts to new and emerging threats, effectively fortifying the network's security posture.
Application Firewall and NGIPS: The Two Pillars of Security
At the core of this advanced security setup are tightly integrated security functions, namely an application-level firewall and a Next-Generation Intrusion Prevention System (NGIPS). The application firewall scrutinizes traffic at the application layer, adding an extra dimension to security protocols. In parallel, NGIPS monitors the network for malicious activities or security policy violations and can effectively prevent or report them in real time.
Unified Management and Automated Threat Correlation
The power of the NGFW is amplified through unified management, allowing for seamless control over the entire security landscape from a single interface. What sets this apart is the automated threat correlation feature, which pools data from various security functions to provide actionable insights. It simplifies the task of pinpointing vulnerabilities and streamlines incident response strategy.
Secure, Yet Seamless Operations
The integration of these advanced features into a single NGFW ensures that high security does not come at the expense of operational fluidity. The firewall is engineered to handle large volumes of traffic without compromising speed or efficiency, making it an ideal fit for an infrastructure as demanding as that of an international airport.
Summing It Up
Arche's transformative solution has ushered this international airport into a new epoch of operational resilience and technological agility. Through methodical planning, future-proof architecture, and the seamless integration of next-generation technologies, the airport now boasts an infrastructure equipped to meet its expanding service needs and escalating security imperatives. With a robust 40G backbone network, we've paved the way for the airport to handle an array of current and future applications, ensuring scalability and robustness in a dynamically evolving aviation landscape.
Our deployment of Virtual Routing and Forwarding (VRF) revolutionized network management and tenant policy customization, achieving a hitherto unrealized harmony between efficiency and security. The hardware and the network design make it an SDN-ready architecture. Moreover, the incorporation of a Next-Generation Firewall (NGFW) with unified management and advanced threat protection mechanisms signifies a quantum leap in the airport's cybersecurity posture.
This newly minted infrastructure stands as a foundational platform, enabling the Airport Authority of India to metamorphose the airport into a digitally-enabled hub, optimized for an exceptional customer experience.
Dated infrastructure and manual network configuration held back Chennai International Airport. And when you are the fifth busiest airport in India and the third busiest for international traffic, you cannot afford to have frequent network outages and downtime. It is also the third busiest airport when it comes to handling cargo.
The airport is the home to the regional headquarters of the Airport Authority of India for the South Indian region - Tamil Nadu, Andhra Pradesh, Telangana, Kerala, Karnataka, Puducherry, and Lakshadweep. With a consistent rise in air traffic, Chennai Airport aimed to increase its passenger handling capacity to 40 million annual passengers.
What Held This Airport Back?
The OEM declared all the active hardware at the airport as end-of-life. It served the airport for a considerable amount of time without any hiccups. But recently, it started showing its age. And that caused many pains for the airport operations.
Manual VLAN Configuration, Lack of Proper Segmentation, and Slow Troubleshooting
The existing network relied on manual VLAN configuration for tenant isolation. Managing over 100 VLANs across multiple switches was error-prone and time-consuming.
The network could be segmented to some extent, but the manual management approach limited the flexibility to provide efficient segmentation and customized policies to tenants. This limitation hindered the ability to enforce security policies, quality of service (QoS), and traffic isolation effectively.
Because of manual configuration, it took longer to troubleshoot and resolve network issues. It resulted in prolonged network downtime. This delay affected the airport's ability to address network problems quickly, impacting services and potentially leading to customer dissatisfaction.
Broadcast Storms
The frequent misconfigurations in VLANs led to "broadcast storms." A broadcast storm occurs when there's excessive broadcast traffic in the network, causing congestion and severely impacting network performance. It affected the tenant traffic and overall network performance, leading to disruptions in airport operations.
End-of-Life Devices
EOL devices were an issue. They no longer received security updates or support, making the network vulnerable to security threats. It hindered their ability to adapt to evolving technology requirements, being a bottleneck in the operations at the airport.
Single Point of Failure
Because of the old network infrastructure and architecture, there were single-point-of-failure in many distribution and access locations. A critical network component would fail, resulting in downtime and disruptions of the services and operations.
These shortcomings affected many critical services - Flight Information Display Systems, check-in and boarding delays, customs and immigration for international travelers, baggage handling, and airline operations.
Next, let us explore how Arche addressed these pains.
Designing a Unified Network Management System
It all started with a meticulous assessment to study the scope of the work. The team had to know the end goals, the performance demands, and the expected traffic through the system to design a suitable blueprint for the solution. The solution architect team spent significant time understanding the problems before presenting the final plan of action.
We narrowed down the aspects and attributes we wanted to make robust and resilient.
Centralized Configuration and Policy Management: Implementing a 40G Backbone for Future-Proof Network Agility
Recognizing the throughput limitations of the previous network setup, Arche ushered in a state-of-the-art 40G backbone network. It provided not just the capacity for current applications but also room for future scaling, effectively resolving throughput issues.
VRF-Based Segmentation
Embracing VRF (Virtual Routing and Forwarding) allowed for MPLS-like network virtualization, enabling tailored policies and segmentation for tenants, all managed from a single pane of glass.
Role-Based Access Control (RBAC)
Role-Based Access Control was also integrated into the centralized management system. Coupled with VRF-based segmentation, it enhanced traffic isolation between tenants and reinforced security policies.
Zero-Touch Provisioning (ZTP) and Loop-Free Topology
Arche deployed Zero-Touch Provisioning (ZTP) paired with a loop-free topology design. It simplified the integration of new devices and served as a comprehensive strategy to eradicate broadcast storms that had earlier plagued the network.
In-Service Software Patching: Aiming for Zero Downtime
One of the highlights was the implementation of In-Service Software Patching at the core layer. This feature ensured that essential software upgrades could be rolled out without causing any network downtime, fulfilling the airport's requirement for continuous operation.
Eliminating Broadcast Storms Through Strategic Routing at Distribution Locations
Routing strategies were put in place at distribution locations, providing an additional layer of defense against broadcast storms. These measures worked in tandem with the loop-free topology and advanced storm control algorithms to create a network resilient to traffic-related disruptions.
Modernizing with End-of-Life Device Replacement: Securing and Scaling the Infrastructure
Future-Proof Hardware and Ongoing Support
With the 40G backbone network in place, the end-of-life devices were phased out and replaced with next-generation hardware that supported VRF-based segmentation and SDN. These new devices were backed by ongoing support and security updates, ensuring a fortified, scalable, and future-ready network.
Security: The Imperative of Modern Airport Network Design
In the current era, where threats are multifaceted, the integration of a Next-Generation Firewall (NGFW) was pivotal.
Why?
An airport is a hotspot of sensitive data exchanges. From passenger details to critical flight path data, the sanctity and security of this information are paramount. Thus, a modern, anticipatory security solution was non-negotiable.
How?
Arche integrated a Next-Generation Firewall (NGFW) into the airport network. This firewall is far from your standard packet-filtering wall—it is a fully integrated, threat-focused unit with unified management.
Advanced Threat Protection: A Tri-Phasic Approach
The NGFW goes beyond mere defense and adopts a comprehensive, three-phase approach to security—protection before, during, and after an attack. This dynamic model adapts to new and emerging threats, effectively fortifying the network's security posture.
Application Firewall and NGIPS: The Two Pillars of Security
At the core of this advanced security setup are tightly integrated security functions, namely an application-level firewall and a Next-Generation Intrusion Prevention System (NGIPS). The application firewall scrutinizes traffic at the application layer, adding an extra dimension to security protocols. In parallel, NGIPS monitors the network for malicious activities or security policy violations and can effectively prevent or report them in real time.
Unified Management and Automated Threat Correlation
The power of the NGFW is amplified through unified management, allowing for seamless control over the entire security landscape from a single interface. What sets this apart is the automated threat correlation feature, which pools data from various security functions to provide actionable insights. It simplifies the task of pinpointing vulnerabilities and streamlines incident response strategy.
Secure, Yet Seamless Operations
The integration of these advanced features into a single NGFW ensures that high security does not come at the expense of operational fluidity. The firewall is engineered to handle large volumes of traffic without compromising speed or efficiency, making it an ideal fit for an infrastructure as demanding as that of an international airport.
Summing It Up
Arche's transformative solution has ushered this international airport into a new epoch of operational resilience and technological agility. Through methodical planning, future-proof architecture, and the seamless integration of next-generation technologies, the airport now boasts an infrastructure equipped to meet its expanding service needs and escalating security imperatives. With a robust 40G backbone network, we've paved the way for the airport to handle an array of current and future applications, ensuring scalability and robustness in a dynamically evolving aviation landscape.
Our deployment of Virtual Routing and Forwarding (VRF) revolutionized network management and tenant policy customization, achieving a hitherto unrealized harmony between efficiency and security. The hardware and the network design make it an SDN-ready architecture. Moreover, the incorporation of a Next-Generation Firewall (NGFW) with unified management and advanced threat protection mechanisms signifies a quantum leap in the airport's cybersecurity posture.
This newly minted infrastructure stands as a foundational platform, enabling the Airport Authority of India to metamorphose the airport into a digitally-enabled hub, optimized for an exceptional customer experience.
Partner with us
Unlock your business potential with our committed team driving your success.
Share article:
Read these next
Ready to take your company to the next level?
Transformation starts here, talk to our experts
© Copyright 2024 Arche AI Pvt. Ltd.
Ready to take your company to the next level?
Transformation starts here, talk to our experts
© Copyright 2024 Arche AI Pvt. Ltd.
Ready to take your company to the next level?
Transformation starts here, talk to our experts
© Copyright 2024 Arche AI Pvt. Ltd.
Ready to take your company to the next level?
Transformation starts here, talk to our experts
© Copyright 2024 Arche AI Pvt. Ltd.
CASE STUDIES
Strategic Upgrade for Booming Tourist Gateway Airport
Strategic Upgrade for Booming Tourist Gateway Airport
Dated infrastructure and manual network configuration held back Chennai International Airport. And when you are the fifth busiest airport in India and the third busiest for international traffic, you cannot afford to have frequent network outages and downtime. It is also the third busiest airport when it comes to handling cargo.
The airport is the home to the regional headquarters of the Airport Authority of India for the South Indian region - Tamil Nadu, Andhra Pradesh, Telangana, Kerala, Karnataka, Puducherry, and Lakshadweep. With a consistent rise in air traffic, Chennai Airport aimed to increase its passenger handling capacity to 40 million annual passengers.
What Held This Airport Back?
The OEM declared all the active hardware at the airport as end-of-life. It served the airport for a considerable amount of time without any hiccups. But recently, it started showing its age. And that caused many pains for the airport operations.
Manual VLAN Configuration, Lack of Proper Segmentation, and Slow Troubleshooting
The existing network relied on manual VLAN configuration for tenant isolation. Managing over 100 VLANs across multiple switches was error-prone and time-consuming.
The network could be segmented to some extent, but the manual management approach limited the flexibility to provide efficient segmentation and customized policies to tenants. This limitation hindered the ability to enforce security policies, quality of service (QoS), and traffic isolation effectively.
Because of manual configuration, it took longer to troubleshoot and resolve network issues. It resulted in prolonged network downtime. This delay affected the airport's ability to address network problems quickly, impacting services and potentially leading to customer dissatisfaction.
Broadcast Storms
The frequent misconfigurations in VLANs led to "broadcast storms." A broadcast storm occurs when there's excessive broadcast traffic in the network, causing congestion and severely impacting network performance. It affected the tenant traffic and overall network performance, leading to disruptions in airport operations.
End-of-Life Devices
EOL devices were an issue. They no longer received security updates or support, making the network vulnerable to security threats. It hindered their ability to adapt to evolving technology requirements, being a bottleneck in the operations at the airport.
Single Point of Failure
Because of the old network infrastructure and architecture, there were single-point-of-failure in many distribution and access locations. A critical network component would fail, resulting in downtime and disruptions of the services and operations.
These shortcomings affected many critical services - Flight Information Display Systems, check-in and boarding delays, customs and immigration for international travelers, baggage handling, and airline operations.
Next, let us explore how Arche addressed these pains.
Designing a Unified Network Management System
It all started with a meticulous assessment to study the scope of the work. The team had to know the end goals, the performance demands, and the expected traffic through the system to design a suitable blueprint for the solution. The solution architect team spent significant time understanding the problems before presenting the final plan of action.
We narrowed down the aspects and attributes we wanted to make robust and resilient.
Centralized Configuration and Policy Management: Implementing a 40G Backbone for Future-Proof Network Agility
Recognizing the throughput limitations of the previous network setup, Arche ushered in a state-of-the-art 40G backbone network. It provided not just the capacity for current applications but also room for future scaling, effectively resolving throughput issues.
VRF-Based Segmentation
Embracing VRF (Virtual Routing and Forwarding) allowed for MPLS-like network virtualization, enabling tailored policies and segmentation for tenants, all managed from a single pane of glass.
Role-Based Access Control (RBAC)
Role-Based Access Control was also integrated into the centralized management system. Coupled with VRF-based segmentation, it enhanced traffic isolation between tenants and reinforced security policies.
Zero-Touch Provisioning (ZTP) and Loop-Free Topology
Arche deployed Zero-Touch Provisioning (ZTP) paired with a loop-free topology design. It simplified the integration of new devices and served as a comprehensive strategy to eradicate broadcast storms that had earlier plagued the network.
In-Service Software Patching: Aiming for Zero Downtime
One of the highlights was the implementation of In-Service Software Patching at the core layer. This feature ensured that essential software upgrades could be rolled out without causing any network downtime, fulfilling the airport's requirement for continuous operation.
Eliminating Broadcast Storms Through Strategic Routing at Distribution Locations
Routing strategies were put in place at distribution locations, providing an additional layer of defense against broadcast storms. These measures worked in tandem with the loop-free topology and advanced storm control algorithms to create a network resilient to traffic-related disruptions.
Modernizing with End-of-Life Device Replacement: Securing and Scaling the Infrastructure
Future-Proof Hardware and Ongoing Support
With the 40G backbone network in place, the end-of-life devices were phased out and replaced with next-generation hardware that supported VRF-based segmentation and SDN. These new devices were backed by ongoing support and security updates, ensuring a fortified, scalable, and future-ready network.
Security: The Imperative of Modern Airport Network Design
In the current era, where threats are multifaceted, the integration of a Next-Generation Firewall (NGFW) was pivotal.
Why?
An airport is a hotspot of sensitive data exchanges. From passenger details to critical flight path data, the sanctity and security of this information are paramount. Thus, a modern, anticipatory security solution was non-negotiable.
How?
Arche integrated a Next-Generation Firewall (NGFW) into the airport network. This firewall is far from your standard packet-filtering wall—it is a fully integrated, threat-focused unit with unified management.
Advanced Threat Protection: A Tri-Phasic Approach
The NGFW goes beyond mere defense and adopts a comprehensive, three-phase approach to security—protection before, during, and after an attack. This dynamic model adapts to new and emerging threats, effectively fortifying the network's security posture.
Application Firewall and NGIPS: The Two Pillars of Security
At the core of this advanced security setup are tightly integrated security functions, namely an application-level firewall and a Next-Generation Intrusion Prevention System (NGIPS). The application firewall scrutinizes traffic at the application layer, adding an extra dimension to security protocols. In parallel, NGIPS monitors the network for malicious activities or security policy violations and can effectively prevent or report them in real time.
Unified Management and Automated Threat Correlation
The power of the NGFW is amplified through unified management, allowing for seamless control over the entire security landscape from a single interface. What sets this apart is the automated threat correlation feature, which pools data from various security functions to provide actionable insights. It simplifies the task of pinpointing vulnerabilities and streamlines incident response strategy.
Secure, Yet Seamless Operations
The integration of these advanced features into a single NGFW ensures that high security does not come at the expense of operational fluidity. The firewall is engineered to handle large volumes of traffic without compromising speed or efficiency, making it an ideal fit for an infrastructure as demanding as that of an international airport.
Summing It Up
Arche's transformative solution has ushered this international airport into a new epoch of operational resilience and technological agility. Through methodical planning, future-proof architecture, and the seamless integration of next-generation technologies, the airport now boasts an infrastructure equipped to meet its expanding service needs and escalating security imperatives. With a robust 40G backbone network, we've paved the way for the airport to handle an array of current and future applications, ensuring scalability and robustness in a dynamically evolving aviation landscape.
Our deployment of Virtual Routing and Forwarding (VRF) revolutionized network management and tenant policy customization, achieving a hitherto unrealized harmony between efficiency and security. The hardware and the network design make it an SDN-ready architecture. Moreover, the incorporation of a Next-Generation Firewall (NGFW) with unified management and advanced threat protection mechanisms signifies a quantum leap in the airport's cybersecurity posture.
This newly minted infrastructure stands as a foundational platform, enabling the Airport Authority of India to metamorphose the airport into a digitally-enabled hub, optimized for an exceptional customer experience.
Partner with us
Unlock your business potential with our committed team driving your success.
© Copyright 2024 Netcon Technologies. All rights reserved. All logos and trademarks used belong to their respective owners.
© Copyright 2024 Netcon Technologies. All rights reserved. All logos and trademarks used belong to their respective owners.