Highlights
- Secure and Segmented Network: Implemented network segmentation to isolate and secure traffic for different airport zones, ensuring the protection of sensitive data and critical systems.
- Overcoming Airport Challenges: Addressed unique challenges posed by the airport environment, such as high passenger density, large open spaces, and the need for seamless roaming, to ensure reliable and secure Wi-Fi connectivity.
- Operational Efficiency: Facilitated the efficient operation of airport systems and applications, including flight information displays, VOIP, CCTV, IPTV, and cargo management.
- Robust Business Continuity: Ensured uninterrupted airport operations with a resilient network design, featuring redundant components, automated failover mechanisms, and comprehensive disaster recovery procedures to minimize downtime risks.
Overview
Our client, a leading airport management company in India, is recognized for pioneering innovation in airport development by merging technology and sustainability to elevate passenger experiences. They sought to design and build comprehensive wired and wireless network infrastructures for a new greenfield international airport.
They wanted robust and secure network that could support the diverse requirements of different airport zones, including administrative offices, critical airport systems, passenger areas, immigration, and baggage handling. Additionally, the project involved establishing a data center to host various airport applications.
Requirements
To ensure that the IT infrastructure would meet the diverse needs of the airport and its stakeholders, the company conducted extensive consultations and assessments to identify key requirements across various aspects of airport operations.
Based on these assessments, the airport management company identified the following key requirements for the new airport's IT infrastructure:
- Zone-Specific Connectivity: Provide wired and wireless connectivity tailored to the needs of each airport zone, such as secure access for administrative offices, reliable connectivity for critical systems, and high-speed Wi-Fi for passengers:
- Corp Zone: The Corp Zone required wired and wireless connectivity for administrative and operational offices. Secure access controls and authentication mechanisms were implemented to protect sensitive information and ensure authorized access to network resources.
- Airport System Zone: Reliable wired connectivity was crucial for the Airport System Zone to support critical systems such as flight information displays, VOIP communication, CCTV surveillance, IPTV, and cargo management, ensuring smooth operations and passenger services.
- OT System Zone: The OT System Zone demanded robust wired networks to support Building Management Systems (BMS) and security systems. These networks were designed to handle the specific requirements of operational technology, ensuring reliable and secure communication.
- Business Zone: High-speed wired and wireless access was provided in the Business Zone for passengers, retail outlets, lounges, and restaurants. This connectivity needs to enable a seamless digital experience for passengers while shopping, dining, or relaxing in the airport.
- Immigration Zone: Secure and reliable wired connectivity was essential for the Immigration Zone to support critical immigration systems, passport control, and visa processing.
- Airport System Zone: Reliable wired connectivity was crucial for the Airport System Zone to support critical systems such as flight information displays, VOIP communication, CCTV surveillance, IPTV, and cargo management, ensuring smooth operations and passenger services.
- OT System Zone: The OT System Zone demanded robust wired networks to support Building Management Systems (BMS) and security systems. These networks were designed to handle the specific requirements of operational technology, ensuring reliable and secure communication.
- Business Zone: High-speed wired and wireless access was provided in the Business Zone for passengers, retail outlets, lounges, and restaurants. This connectivity needs to enable a seamless digital experience for passengers while shopping, dining, or relaxing in the airport.
- Immigration Zone: Secure and reliable wired connectivity was essential for the Immigration Zone to support critical immigration systems, passport control, and visa processing.
- BHS Zone: The BHS Zone required a high-performance wired network to support baggage handling systems, enabling efficient sorting, routing, tracking, and tracing of passenger luggage. The network was designed to handle the high volume of data generated by these systems.
- Seamless Wireless Coverage: Deliver consistent and reliable wireless connectivity throughout the airport, including large open spaces and high-density areas, to support passenger needs and airport operations.
- Network Segmentation and Security: Implement network segmentation to isolate and secure traffic for each zone, protecting sensitive data and resources.
- Scalability and Performance: Ensure the network can handle high traffic volumes during peak times and accommodate future growth and technology integrations.
- Resilient and Redundant Design: Build a resilient network infrastructure with redundant components and failover mechanisms to ensure uninterrupted operations and minimize the risk of downtime.
- Centralized Management and Monitoring: Provide a centralized platform for managing, monitoring, and troubleshooting the airport's IT infrastructure, simplifying administration and ensuring optimal performance.
By establishing these comprehensive requirements, the airport management company set a clear foundation for designing and implementing an advanced, secure, and efficient IT infrastructure that would support the airport's operations, enhance passenger experiences, and drive innovation in the aviation industry.
Solution
To address the airport's requirements and ensure a state-of-the-art IT infrastructure, we proposed a comprehensive solution leveraging Cisco Catalyst devices for wired and wireless connectivity. The solution incorporates advanced features such as segmentation, wired and wireless assurance, and client 360 for network time travel and path trace. The key components of our solution include:
- Advanced Cisco Networking Infrastructure (Routers and Switches)
- Cisco Catalyst 9K Switches: These switches support BGP-EVPN and offer stacking capability for flexibility and scalability. With mGig port capacity, they enable Wi-Fi 6 deployments for seamless mobility across the airport. Modular switches supporting 1/10/25 and 40Gig ports are used for scalability.
- Catalyst 8K Series Routers: Deployed at the network edge, these routers support high throughputs and are available with a combination of 1/10 Gig copper/fiber ports. SDWAN functionality is built-in, allowing for future expansion with DNA subscription and cloud-hosted controllers. The routers are capable of application hosting, which can be utilized for hosting TE agents for WAN performance monitoring and other use cases.
- Wireless Infrastructure
- RF Design and Planning: A physical survey and heat map analysis were conducted for optimal RF design and planning. Cisco Catalyst 9120 and 9124 Series Access Points, known for their resilience, security, and intelligence, were selected for the wireless network. Rugged access points are used for outdoor deployments.
- Centralized Management: Wireless LAN Controllers (C9800) are employed for centralized control plane and management of the Wi-Fi network. The proposed access points are capable of mGig connectivity to the switching infrastructure.
- Security and Segmentation as per Zones
- Network Segmentation: The entire network is segmented into zones, with logical segmentation segregating traffic from different types of users. Multiple subsystems hosted for various operational functions are physically connected to the same infrastructure but logically isolated from each other.
- OT Infrastructure
- IT and OT Isolation: IT and OT networks are isolated from each other, with all integration traffic passing through a firewall for enhanced security. Cisco ruggedized switches (industrial grade) with redundant power supplies and uplinks are implemented to achieve high availability and resiliency.
- Separate OT Zone: A separate zone is planned for OT and surveillance systems. The Purdue model is proposed for the OT infrastructure, ensuring a structured and secure approach.
- Centralized Management
- Cisco DNA Center: The DNA Center simplifies operations and management of the entire network infrastructure. It provides easy IOS image management, allowing for bulk upgrades and centralized control.
- Monitoring and Alerting: All alerts and notifications are available on a single dashboard and can be integrated with third-party ticketing tools for efficient incident management. Wired and wireless assurance features enable proactive monitoring and troubleshooting.
By leveraging Cisco's advanced networking technologies and implementing a carefully designed architecture, the proposed solution ensures a reliable, secure, and scalable IT infrastructure that meets the diverse needs of the airport. The solution enables seamless connectivity, robust security, and centralized management, empowering the airport to deliver exceptional passenger experiences and streamline operations.
Business Outcomes
The implementation of the advanced airport IT infrastructure yielded significant benefits for the airport management company and its stakeholders:
- Enhanced Passenger Experience: High-speed Wi-Fi, IPTV, and real-time flight information contributed to a more convenient, entertaining, and stress-free travel experience for passengers.
- Improved Operational Efficiency: The robust wired and wireless network infrastructure enabled the efficient operation of critical airport systems and applications, streamlining processes and reducing wait times.
- Increased Revenue Opportunities: Reliable networks for airport concessionaires facilitated efficient operations and potentially increased sales, leading to higher rent revenues for the airport.
- Enhanced Security: Network segmentation and advanced security measures ensured the protection of sensitive data and critical systems, minimizing cybersecurity risks.
- Scalability and Future-Readiness: The scalable network design allows for seamless integration of new technologies and accommodates future airport expansion, ensuring cost-effective growth.
By leveraging our expertise in designing and deploying comprehensive IT infrastructures, the airport management company successfully created a state-of-the-art, passenger-centric airport that sets a new standard for innovation, efficiency, and sustainability in the aviation industry.