Twitter Facebook Linkedin

Architecting for the Unknown – By Susan Bond

To share...Tweet about this on TwitterShare on FacebookEmail this to someoneShare on LinkedInShare on StumbleUpon

Author Susan Bond, Infrastructure Lead at NREL

You know it’s coming. They’ve let you know it’s coming. The first project that is going to push your network infrastructure just a bit farther than it’s gone before. However, the one part that is missing … requirements.  What do they really need?

Here’s the fun part – the primary investigator is going to travel to the other side of the planet to meet with the partners who will be providing the experiment components. When he gets back to the lab, he will have the component details and how they need to communicate but there will be only 12 days until the components arrive and need to be installed including a working communications solution. So can this be done – can you architect for the unknown?

Fortunately, you have invested in the technology infrastructure knowing that change and growth are sure bets. You have capacity on your facility’s firewall to support cyber controls and build an isolated research network to support the experiment. You have capacity on your facility’s switches to separate the research communications from the enterprise business communications.  You have VPN (virtual private network) appliances to support the remote access from the other side of the world since the partners won’t be able to be onsite. Now all you need is the network designed and deployed in 12 days plus your supporting cyber and network teams to work with you on approvals, build and testing.

You meet with your ISSO (Information Systems Security Officer) to discuss the possibility of deploying an isolated research network behind the facility firewall and the discussion shows promise. Your commitment:

  • Document the risks associated with the experiment and potential compromise of other applications using the firewall
  • Agree to limit and identify specific individuals needing remote access and use existing procedures for them to obtain a token for two-factor authentication
  • Obtain input from the network team on configuration of network switches that will support isolated VLANs (virtual local area networks)

Assuming existing controls mitigate any risks, you agree to document the new network design and firewall configuration and Cyber Security agrees to support this priority request.

The network design iterates over a dozen times as you refine where the experiment components will be physically located across 3 separate lab spaces and discussion topics arise like the potential risk of using unmanaged vs. managed switches. New communication paths are identified as new experiment components get added to the design. The design iterations occur before the experiment component installation as well as during commissioning of the experiment when the reality of how the experiment is going to run becomes real. Each time you document the change and get concurrence that the changes still align with the initial intent and approval of the design.

The “Plug and Play Solar Power”1 experiment starts on schedule and runs through its scheduled 8-week test cycle thanks to your ability to architect for the unknown and some adaptable future-proofing.2

Now on to lessons learned and process documentation so the next unknown will be a little less unknown.

References:

1 CSIRO Plug and Play Solar Power: smarter integration of solar energy in hybrid applications. (2014, April 28) Retrieved from http://www.csiro.au/Organisation-Structure/Flagships/Energy-Flagship/Plug-and-Play-Solar-Power

2 Future proof – From Wikipedia, the free encyclopedia. Retrieved from http://en.wikipedia.org/wiki/Future_proof

 

To share...Tweet about this on TwitterShare on FacebookEmail this to someoneShare on LinkedInShare on StumbleUpon
Susan Bond

About Susan Bond

With over 20 years of experience in high tech, energy and industrial real estate sectors, Susan has delivered programs of up to $300M affecting ~$9B in revenue. Her focus is developing innovative solutions to complex problems and recently, socializing the cyber security challenges facing critical infrastructures. In 2016, she was elected to serve on the InfraGard Denver Board of Directors and welcomes any opportunity to collaborate on the challenges facing those concerned with today and tomorrow’s cyber security landscape.