By: Larry Thompson
As technology consultants for municipalities, we try not to spend too much time talking about technology. Throw around jargon like “network as-a-service” (NaaS) or “edge,” and you can watch your clients’ eyes glaze over. Buzzwords don’t interest them. They care about benefits, costs, impact on operations. Sometimes though, the jargon signifies something genuinely new and worth exploring. Take the NaaS solution we recently implemented for one of our most important municipal clients in rural South Carolina.
This client serves a relatively small population (just over 100,000 citizens) but covers a vast area spanning nearly 700 square miles, much of which has limited or no network infrastructure. As a result, they were constantly bumping up against the challenges of complying with two technology mandates governing law enforcement.
See the problem? Officers might collect gigabytes of video during a deployment, but with spotty or nonexistent coverage across much of the region, they have to return to central city locations to upload it to the municipal core network. In practical terms, officers must build extra time into every shift for secure data upload. Whether they cut short deployments or wait until the end of a shift (delaying officers starting the next deployment), the result is the same: Technology intended to make officers more effective ends up reducing the time they spend out on patrol.
Anyone living or working in rural areas is familiar with network coverage gaps and the issues they create for digital applications, most of which seem designed to assume that high-speed access is always available. We implemented a novel solution for when it’s not. Using new NaaS technology deployed strategically across the region, our client can not only comply with stringent security mandates, but can do it in a way that strengthens relationships with local communities.
We had explored several alternatives to enable secure data upload in the field, including virtual private networks (VPNs) tethered to cellular connections. But given the lack of reliable connectivity, none were viable. Even when officers could establish a connection, the poor quality meant that VPN clients constantly dropped. We needed something that just didn’t exist in much of rural South Carolina: wide-area network (WAN)-style security and performance, without having to build our own WAN.
Our firm had previously established a secure private network in the city center — basically just access points at various sites, where we owned the equipment and used the internet to VPN back to the city core. We realized that by extending this model to more dispersed locations, we could give officers more options for uploading data while deployed. The problem was, we didn’t own sites in most of the areas where law enforcement routinely patrolled. But other organizations did. It was the seed of an intriguing idea: What if we asked them to partner with us?
The vision quickly fell into place. We would approach local businesses, churches, and other community organizations, and ask if they’d like to participate in our secure municipal network. Participation would be simple. Partners needed only have a secure edge device and access point deployed at their location and be willing to let us piggyback on their wireline broadband connection (typically at night, when it wasn’t being used). Officers could then stop at these locations while out on patrol to securely, seamlessly upload their data. And participating sites would benefit from an increased police presence by default.
The solution is based on Graphiant Network-as-a-Service technology, which aims to provide the security and guaranteed performance of MPLS WAN, without the cost or overhead of conventional site-to-site tunneling. First, we deploy a Graphiant Edge platform at the partner site, along with a dedicated wireless access point to provide a private interface. The edge device maintains a secure tunnel to the Graphiant Stateless Core Network (Figure 1, next page) — a high-throughput, stateless, multi-tenant private network that Graphiant controls. Officers can upload video and other data through the edge device, using a dedicated high-speed wireless connection. The data is then routed through Graphiant’s private network back to the municipal core network and applications while remaining fully encrypted end to end.
The solution enables more flexible end-to-end privacy thanks to its unique architecture and stateless software-defined routing. Instead of establishing static tunnels between sites, edges need only maintain a secure connection to the Graphiant core. Using metadata programmed into packet headers (based on policy we define), Graphiant’s network can route each packet using the optimal path at any moment without ever decrypting the client’s data. In other words, we gain a secure, private network from any edge site to our client’s core network (or any other edge site or cloud), without having to configure and maintain site-to-site tunnels.