New lines of communication

27 Nov 2002

E-government is very often described as ‘joined up government’. This comes from the notion that whereas in the past a citizen might have had to interact with several government entities for a single life event (for example, buying a house involves dealing with the Revenue Commissioners, the Land Registry, local authority, etc.) in the brave new world of e-government a single contact is all that should suffice.

However, there is another aspect to joined up government, and that is government that has been joined up. Earlier this year, the government chose Eircom and Vodafone to provide a voice and data network that will form the backbone of the e-government initiative.

“The government data VPN (virtual private network) is overlaid onto our business IP (internet protocol) network,” explains Peter O’Shaughnessy of Eircom. “We have deployed an IP infrastructure based on Cisco Gigabit switch routers connecting Dublin, Cork, Limerick and Galway and a network of 30 edge points of presence nationwide.”

According to O’Shaughnessy, there are two concerns when it comes to using the public internet: security and quality of service. Eircom uses a technology known as multi-protocol label switching (MPLS) to ensure both. In a normal office environment, the office network would use its own IP addresses. This is not a problem as long as the office network remains isolated. However, if this office wishes to communicate with another office and wants to use the public internet, there is possibility that those IP addresses are already allocated and so the data packets generated by the office would clash with others on the internet. According to O’Shaughnessy, the data packets generated by the office are wrapped in an MPLS ‘envelope’ so that customers can continue to use their own IP address schemes.

But that’s not all. The MPLS protocols ensure that the customer’s data packets are kept separate from everyone else’s thus ensuring total security. “But you also get the benefits of IP any-to-any connectivity,” says O’Shaughnessy. “Any site that connects to the government VPN can communicate with any other connected site. If you look at traditional networks that use Frame Relay or ATM, you only have point-to-point connectivity.” O’Shaughnessy likens it to a motorway network with a mesh of reserved lanes that only carry government traffic. No matter how busy the network, the VPN traffic always gets through and there is no risk of an accident.

“We also deploy quality of service metrics so that the government can prioritise applications as it sees fit,” he says. “Our network can intelligently interrogate packets and based on that interrogation assign a class of service based on the level of quality it requires. For instance, there are many different applications that an agency can send across a network. Typically applications such as email, file transfer and so on would be considered best effort. Imagine you have a 2Mbps connection and it is carrying email, file transfer and web data at maximum capacity. If a business application comes along, we can throttle back the best effort applications and let the data from the priority application through.” O’Shaughnessy likens it to a busy road when an ambulance comes through. Regular traffic pulls over and when the ambulance has gone normal traffic resumes.

“The other thing that is important to remember is that the government VPN is a managed network,” says O’Shaughnessy. “At every site that is a member of the VPN, we manage the router on the premises relying on the expertise of Cisco and LanCommunications, which is a Cisco Gold Partner and has the largest number of Cisco-certified engineers in Ireland. We manage multiple VPNs and create multiple closed user groups at each agency site.” A closed user group, or CUG, is a VPN within a VPN in much the same way that a normal office network might be broken into zones. Packets exchanged between a defined group of users are kept separate from others even though they might also be part of the same agency.

As part of the management services, Eircom provides web-based reports that drill down to an application level. “One of the key considerations is that users will want to audit traffic and see what applications are taking up what level of bandwidth,” says O’Shaughnessy. “This leads to better planning and if there is a fault, the status reports show it quite quickly. We are able to do that because the traffic is based on IP.”

“The final element is managing access,” he says. “Partners such as doctors, vets and pharmacies are to have access to the VPN over PSNT/ISDN/GSM networks. The Government has not availed of this option to date but we have tested it and they are satisfied with it, so now it’s a question of finding a client base. Further on down the line we will be integrating DSL (digital subscriber line) and GPRS access.”