The Pipe to the Future

As befits its role as a growing global economic powerhouse, the kingdom is building an ultra-modern small city on a manmade island in the heart of its financial district. That showpiece city, Bahrain Bay, will boast the very latest in information technology (IT), a network capable of handling not only voice, data, and video, but also security systems, building management systems, and even traffic control systems.

SAIC is designing and overseeing the installation of the IT network that will make it all possible. The vastly reduced power consumption of the system also makes it a "very green and environmentally friendly" network, according to Jeffrey McGaughey, an SAIC vice president and program manager for the effort.

The IT infrastructure chosen for Bahrain Bay is a passive fiber-optic network, or PON, which means that, unlike active, legacy copper-wire networks, there are no Ethernet workgroup switches or repeaters required to boost the signal as it travels from its origin, or the head-end, out to the user. With PON, that distance can range from 40 feet to 40 miles with no powered devices in between.

Lean and Green

SAIC calls its fiber-optic network Secure Converged Solution, or SCS. McGaughey said that SCS "is a truly green technology that is streamlined yet exponentially more powerful in its performance than conventional copper-based systems. It almost sounds too good to be true when you first hear about it," he said. "That is until you understand all the parts of a traditional copper network that SCS eliminates."

What SCS eliminates are the workgroup switches that populate the telecom or riser closets that take up choice bits of real estate on nearly every floor of the modern office building. In addition to taking up space, those telecom closets also burn a lot of electricity to run the switches and to cool all of those electronics enough to operate safely. "That's all powered equipment," McGaughey said. "With SCS, we eliminate all of that."

The increase in bandwidth SCS offers over conventional networks comes in a single "pipe" or strand of fiber-optic cable. This single-mode, individual strand of fiber enables customers to do more than they could before at the desktop because of the extra bandwidth and the gigabit data speeds achieved with SCS. And, McGaughey said, "It comes at a price that, on average, is 40 percent less than comparable copper-based systems."

Although the fiber-optic cable is referred to as pipe, the cable itself isn't much larger in diameter than a spaghetti noodle, and the fiber itself is about the diameter of a human hair. "To visualize it, a single SCS pipe replaces about a four-and-a-half-inch diameter bundle of Ethernet cables weighing about 40 times as much," McGaughey said.

Technology for the Long Run

Blaine Overstreet, lead engineer for SCS, describes SCS as "future-proof," because the physics of passive optical networking make bandwidths up to 25 terahertz possible, although no equipment exists today that can operate at those levels. "The single-mode strand of fiber SAIC uses in its SCS installations can now keep pace as the technology inevitably improves over the next two or three decades," Overstreet said.

"The beauty of the SCS infrastructure is that as IT systems continue to improve, customers need only to replace their out-dated end points in order to completely upgrade their systems." That means, said Overstreet, that the days are gone when "the existing cable plant has to be replaced as part of any IT system overhaul. With SCS, you can install it and forget it. One fiber-optic cable can carry it all."

While SCS is very fast, it's not just a question of speed, it's also a question of capacity. Current copper-wire technology — the category 5e cable standard present in most office buildings and homes — operates at 350 MHz, a tiny fraction of 25 terahertz.

"As the frequency increases to, say, 500 MHz, you can now broadcast color video and audio. As the frequency increases to satellite frequencies, you can now add high definition TV and 7.1 surround sound," Overstreet said.

SCS is a pure Ethernet distribution system and its architecture is compatible with IPv6 — the next-generation Internet protocol — and is currently capable of delivering 1 gigabit speeds to an individual end point. Those downstream data delivery speeds will jump to 10 gigabits by the end of 2010 with the introduction of a new PON card at the head-end of the fiber.

To get an idea of the capacity of SCS, Overstreet said, 25 terahertz "is like having a 25-lane superhighway, of which the current gigabit technology can only use four lanes. Yet this huge future capability is 40 percent cheaper to install than current networks."

Significant Savings

One of SAIC's newest facilities, the Franklin Center, a newly built seven-story office building located in Columbia, Md., is anticipated to save approximately $250,000 per year in IT costs through its use of SCS. A ground floor data center brings together all network services — data, telephone, and so forth — and delivers them to end users throughout the building over a carefully engineered fiber plant employing strategically placed optical splitters to maximize bandwidth usage across the entire SCS network.

"Once you get to the desktop," McGaughey said, "you have something very much like a 6-by-6 cable modem that's mounted under your desk. Out of that comes video, data, and telephone. There is also a spare port if a customer needs a separate development network or they want to monitor their security cameras over the same network."

In addition, McGaughey said, the operations and maintenance costs for the SCS system have been shown to be about 80 percent lower, "because so much can be managed out of the data center. You don't have to go out to the telecom closets anymore" to troubleshoot problems or to switch on new services because there is "nothing in between the user and the data center other than fiber." That also eliminates a significant number of potential security weaknesses in the system (see: How SCS Does Security).

Think Thin

For customers with significant networking and security needs, SCS can breathe new life into their operations. Because of the increased bandwidth that SCS provides, such customers can monitor a vast number of data streams simultaneously, such as real-time high-definition video and high quality audio. "The bigger and faster the communications pipe, the more efficiently you can do what really needs doing. Users don't have to compromise on quality any longer," McGaughey said.

In addition, the increased bandwidth can significantly boost thin client computing capabilities. Thin client computing depends on a central server for processing functions. A thin client can be thought of as an access terminal, with very limited desktop storage capacity, and little need for onboard applications. Thin client computing can be done on legacy networks, but the faster the data transfer speeds of the network, the more efficiently thin client works.

"There are some huge advantages in the thin client architecture," said Matt Miller, a lead systems engineer. "You have a lower total cost for computing devices," he went on, because there is no need to invest in conventional desktop or laptop hardware. A noteworthy benefit to that kind of architecture is the ability to sequester data in a secure location, and then limit its access to particular thin clients. For a client with high security needs, SCS would be an ideal setup. A particular location might have no data stored on site, but the speed of access would be the same as if the end user were working on a conventional machine. "That," said Miller, "increases data security by minimizing 'data spills', or inadvertent leaks of sensitive material."

A Smart Solution for Smart Customers

According to McGaughey, a significant portion of the millions of dollars in SCS business generated since its inception has been with customers knowledgeable about PON overseas and with customers that he and his business development team have been educating about the benefits of the technology here in the United States.

"With IT professionals in the government and elsewhere, we are in the process of educating them and just getting them to think about and understand the SCS technology. We have to take them through it step by step, but once they get it they're sold."

McGaughey and his team have joined with other organizations within SAIC to make a strong push into "smart cities" projects all over the world. In such projects, SAIC would design the IT and security for an entire city or large campus. "We'll do everything from pulling the fiber in manholes to operating data centers to perimeter and access security to building automation systems," McGaughey said.

How SCS Does Security

Security in SCS, according to Blaine Overstreet, lead engineer for SCS, is a "multifaceted concept. In legacy Ethernet systems, you have active components that are distributed throughout your enterprise in closets. They do need administration, and you can misadminister them, either intentionally or not."

Each "administration touch point" is also a potential vulnerability. "Not to mention that you have to physically protect that closet because having access gives you access to all the data streams of the users on that workgroup switch," Overstreet added.

And, in the same way that flash drives and picture frames can come straight from the manufacturer carrying malware, there is the potential that Ethernet equipment could be compromised straight from the factory. "There's already counterfeit Cisco equipment hitting the market," Overstreet said. "At the very least, you could be installing something in which the security architectures don't work as robustly as they should."

"In contrast, in a passive optical network," he said, "there's nothing in between the head-end and the end user that would give you an intelligible interface. It's a dead fiber. There's nothing there but the light beaming through it, and even at the optical splitter, there's just nothing you can do to inject yourself into that optical stream to collect data. That's not to say it couldn't be done," Overstreet added, but "it would be a very sophisticated endeavor that would take government-grade resources to accomplish."

That essential security of the network because of its passive optical nature "is one of the most advantageous security facets that we see with it."

There is also what is known as "TEMPEST," or compromising emanations from computer and communications equipment. SCS Program Manager Jeff McGaughey said, "In a secure environment when you have copper, whether it's shielded or not, you can still, if you have the right equipment, pick off that signal going by, and you don't even have to touch that cable." And such radio frequency, magnetic, or other emanations can be picked up from significant distances. "That just doesn't happen with fiber."

Other security features of SCS include voice and data traffic that travel on the same wavelengths (colors of light) using time division multiplexing within the wavelengths to separate the traffic. Video travels on a separate wavelength. In addition, integrated 128-bit Advanced Encryption Standard (AES) encryption is available on most SCS systems and is further layered with security provided with other service networks (like VOIP).

Virtual local area network (VLAN) encapsulation and tagging further protect voice, video, and data traffic. Optical line terminals and optical network terminals have intrusion, loss of power, and optional low battery alarms visible in real-time in a network operations center. And enhanced IT asset tracking helps prevent theft of valuable IT equipment, and also prevents unauthorized equipment from being connected to the system.