Real Life Case of Updating Purchasing Policies

Let's evaluate a real-life case of updating purchasing policies. At the beginning of 2005, a service provider was running an IP network based on Cisco 12000 series routers equipped with Engine 0, 2, 3, and 4 based line cards. Under pressure from a couple of its customers who requested IPv6 connectivity, the service provider did a network assessment, which clearly identified the need to upgrade all line cards to Engine 5 in order to offer IPv6 services at production level and on a large scale. Eighty line cards were identified for the update. An immediate upgrade (considering an average price of $200,000 per line card) would have cost: 80 x $200,000 = $16 million.

When tying into the refresh cycle of 3 to 5 years, the service provider evaluated that the upgrade could be done over the next 24 months, making the integration of IPv6 transparent and removing the cost of an immediate upgrade. To meet immediate needs, Engine 3 line cards that support IPv6 in hardware as well were redeployed where required. In conjunction with features such as IPv6 over MPLS—also known as 6PE (RFC 4798) and 6VPE (RFC 4659)— the service provider can deliver the services where and when needed with minimal costs. By mid-2007, the network was fully upgraded and ready to offer IPv6 services to any customer.

• Update development policies: IPv6 must become an integral part of all internal development efforts. Even if the IPv6 deployment is not imminent, it is important to institute as early as possible rules requiring internally developed applications to be IP version agnostic. The IPv6 requirements across products must be clearly defined and adherence to them must be enforced.

The development policies should also encourage the exploration of new implementation approaches that leverage capabilities that are specific to the IPv6 protocol (self configuration) or the IPv6 environment (sufficient addresses to support peer-to-peer computing).

NOTE From a product development perspective, Cisco defined and maintains an internal IPv6 Architecture Baseline document to which all products must adhere.

• Update security policies: Current IT security policies will have to be modified to account for IPv6-related vulnerabilities and the coexistence of the two protocols. The review and update of the security policies must start well in advance of the actual IPv6 deployment. Devices might establish, without the express knowledge of the user, dynamic tunnels for IPv6 traffic and open security holes.

NOTE The new Microsoft Windows Vista operating system establishes dynamic IPv6 over IPv4 tunnels for certain applications if it does not detect native IPv6 connectivity. At a minimum, organizations must enhance their monitoring capabilities to keep control of this traffic.

• Redefine entrance and acceptance policies: Entrance and acceptance criteria for IT environment elements must be updated to include IPv6 requirements as defined by the integration projects. Observing and evaluating product compliancy with IPv6 standards are significant parts of the entrance and acceptance policies. This is especially important in the early phases of product acquisition, because manufacturers might take a more liberal perspective on protocol implementation or might have to deal with non-IPv6-ready designs of their products. A more interesting perspective on this topic is that of reevaluating the existing entrance and acceptance policies and adapting them (IP version agnostic) based on past experience.

NOTE As part of its IPv6 integration plans, Comcast Corporation restructured and tightened its requirements related to IP product acceptance.

• Define content availability policies: Content should be made available over IPv6 and not only over IPv4. All absolute URLs on a corporate website should be banned; only relative URLs that support IP version-agnostic access should be used. Content accessibility can be updated for IPv6 support during periodic content review and maintenance.

The identified policies must be paired with appropriate owners within functional groups and with gatekeepers for the interface between the functional groups. Compliance should be constantly monitored and reported.

Project Execution Policies

Bechtel used governance oversight to change relevant IT policies to make IPv6 "part of doing business." These are some of the policies changed or introduced in the context of the IPv6 adoption project:

• Stop the bleeding: Bechtel determined that it was important to stop perpetuating IPv4 dependencies. It installed cost-avoidance changes in purchasing policies and development activities to avoid buying, developing, and deploying technologies that would have to change.

• Ensure nothing breaks in production: IPv6 is new territory for most IT people. Bechtel has modified testing procedures, release notices, change management work orders, and related processes to ensure IPv6 compliance and minimize risk of adverse impact with production deployment. Enabling the "gatekeepers" with IPv6 tools and conformance authority is critical to success.

Figure 6-4 presents schematically Bechtel's developed approach to building scalable components that can be broadly deployed to multiple sites. Potential risks are contained in an isolated multisite lab environment until that environment is determined to be stable, secure, and manageable. From there Bechtel uses standard procedures for moving new or modified technology into production. This includes formal turnover from development to QA followed by controlled change management when moving into production. At each state transition point, controls have been inserted to ensure IPv6 compliance. The basic process applies to all hardware, software, and network changes.

Isolated Network (4-7 sites)

Isolated Network (4-7 sites)

Production Network (200+ Sites)

Figure 6-4 Technology Insertion Process at Bechtel

Production Network (200+ Sites)

Figure 6-4 Technology Insertion Process at Bechtel

• Use natural change mechanisms when possible: Bechtel is capitalizing on proven technology change processes for its IPv6 transformation to the extent possible. For example, when upgrading an OS on a computing or network platform, Bechtel will ensure that all IPv6 features are included and enabled as part of the change. The same approach is being used for all software and hardware. The incremental approach has helped Bechtel develop a broad competence and deploy IPv6 in several IP areas in parallel.

• Actively engage key technology partners: Bechtel maintains regular active dialogs with key technology product and service providers, partners, customers, and industry consortia. The information and experience sharing has been mutually beneficial.

As the newness wears off, IPv6 becomes an understood and respected technology that is often just another check box on a configuration or test plan.

Initiate and Support Technology Education

The proper planning of the IPv6 integration project, the development and implementation of complete related policies, and the seamless deployment of the technology depend on the staff's familiarity with IPv6. All planning steps presented so far in this chapter cannot be successfully implemented without a good understanding of the various aspects of the technology. The scope of the project cannot be clearly defined without the strategy team understanding the protocol characteristics and its potential. Assessment cannot be effectively performed without understanding the IPv6 features that must be supported by various elements of the environment. Entrance/acceptance and security policies cannot be updated without an understanding of the standardization state of the protocol and its features. The successful deployment of the protocol requires an operations team that is familiar with managing and troubleshooting IPv6. For these reasons, initiating IPv6 training very early and scaling it to match the project evolution is essential to its success.

NOTE Many businesses that are planning IPv6 integration report that training is one of the most expensive aspects of the project. Initiating the process early allows time for internal dissemination of information. "Train the trainer" strategies can help reduce costs.

0 0

Post a comment