PUBLIC SAFETY - a NIMS smart practice.

ALLEGANY COUNTY, MD –
Allegany County, Md., has found a way to provide its response agencies with advanced telecommunications services such as enhanced interoperability, mobile high-speed data terminals and more by using innovative fixed wireless technology. The county’s challenging terrain and the economics of a rural population base has made wireless systems or establishing newly wired infrastructure throughout the county difficult to achieve.

The Allegany County Network, AllCoNet2, is a carrier class communication network that provides high quality communication services to public safety, government, educational, commercial and residential users. AllCoNet was originally developed by the Allegany School System to bridge the “Digital Divide” in a cost effective manner to improve educational opportunities.

As AllCoNet2 evolved over time, additional government agencies such as the libraries, city and county government and public safety agencies adopted it as a cost-effective, reliable solution to the need for interoperable communications including voice, data and video. This means that construction and operational costs can be shared among a number of groups rather than being borne entirely by Allegany County’s public safety agencies.

Technical Details:

• Coverage: AllCoNet provides nearly ubiquitous coverage over the mountainous terrain of Allegany County.
• Two-way Radio Interoperability: AllCoNet can selectively bridge the audio of disparate public safety two-way radio systems when intersystem communications is required without the expense of updating each individual radio, adding more radios to vehicles, or constructing an entirely new two-way radio system to enhance interoperability.
• Mobile Broadband: AllCoNet operates a 900 MHz mobile broadband system that allows each cruiser, fire engine and other public safety vehicles to have a secure high-speed connection (1.5Mbps) that supports IP Voice, video and data access to their respective headquarters.
• Flexible Operations: New connections into AllCoNet can be added in as little as one hour, requiring only a quick setup of the remote radio and authorization in the Network Management System (which can be skipped if the radio is pre-authorized). This allows broadband connectivity to be added at the scene of an event and that bandwidth can be further “projected” within the event through the use of localized Wi-Fi or other wireless technologies.
• Multi-Service: AllCoNet supports both IP and TDM (T1 and DS3) services to accommodate both legacy-trunked radio systems and newer IP-based communication systems on the same platform. AllCoNet supports voice, video and data applications and has the capability to appropriately prioritize and manage “Quality of Service” to accommodate the characteristics and requirements of each.
• Self-contained: For day-to-day functionality within its service area, AllCoNet does not depend on any “out of area” services, unlike many wireline networks that depend on monitoring, administration and repair (one minor exception is that AllCoNet currently uses timing references synched to the Global Positioning System [GPS] satellite constellation). All monitoring, administration and repair for AllCoNet is performed locally.
• Rapid Reconfiguration: If normal backhaul links are severed, additional backhaul links can be connected at any point in the network and that capacity made available to all network nodes.
• Environmental, Monitoring and Control Capabilities: AllCoNet’s coverage makes it possible to integrate the functions previously performed by dedicated (and expensive-to-maintain) Supervisory Control and Data Acquisition (SCADA) systems. This makes possible a costeffective dispersed placement of monitoring and control systems for environmental monitoring (including Nuclear, Biological, Chemical sensors), weather, monitoring, including video, of critical but remote infrastructure such as pipelines and reservoirs. With solar power systems, such remote nodes need not rely on any infrastructure.
• Layer 2 Separation: AllCoNet separates traffic at OSI Model layer 2 to provide absolute, secure and separate management and transmission of public safety data and voice. This enables the backbone to have multiple virtual networks, with each layer 2 connection having its own prioritization, bandwidth limits and other characteristics that control its ability to utilize network resources. Public Safety networks can be configured to have priority over all other traffic on the network in times of emergency or disaster.
• Security: AllCoNet is fully encrypted at a minimum AES128 (capable of AES256). Antispoofing technology denies all unauthorized devices access to the network. The management system monitors the network for unauthorized intrusion with a sophisticated intrusion detection system and alerts the appropriate personnel in the event an attempt is detected.
• Prioritization: The network prioritizes critical traffic over other traffic on the network by user, by application, or a combination of both. AllCoNet supports multiple levels of prioritization to ensure that the most important applications or users have the network access and bandwidth that are required for successful communication.
• SONET Ring Architecture: AllCoNet uses a SONET technology as a backbone to provide carrier grade availability and reliability. The network provides all the features and benefits of a telecommunications carrier with the cost-effectiveness of wireless infrastructure as opposed to wired infrastructure.
• Reliability: The network is designed so that there are no single points of failure. Architecture includes geographically diverse backbone paths and capability to re-home premise radios to a secondary tower access point.
• Redundancy: All critical components are designed to be fully redundant, including power, data hardware and towers.
• Availability or uptime (99.999%): Because of the redundant design and geographically diverse backbone paths, the network boasts high availability comparable to the best carrier-grade networks.
• Quality of Service (QOS): The AllCoNet treatment of packets through prioritization and bandwidth management provide for guaranteed QOS. In the event of a disaster, where security and pubic safety applications must have priority, the AllCoNet network facilitates this need elegantly and easily.
• Grade of Service (GOS): AllCoNet uses traffic shaping and traffic policing to make sure the cell packets and IP content meet their performance contracts. Cells are tagged for their various prioritizations. Cell Loss Priority (CLP), Partial Packet Discard (PPD) and Early Packet Discard (EDP) allow cells to meet the contracted performance.
• Self-adjusting network: AllCoNet allows the network to look forward and adjust bandwidth as required through variable bit rate (VBR) specification. When a virtual path is created, an average cell rate is specified, which can peak at a certain level for a maximum interval before becoming problematic. VBR has real-time and non-real-time variations, and is used for "bursty" virtual data circuits. This allows the network to adjust the flow of packet cells to more important packets and maintain those flows as necessary.
• Self-balancing network: The AllCoNet network is intelligent enough to adjust available bandwidth to guarantee bandwidth allocation for certain types of virtual private circuits that require a specific amount of bandwidth, or just the right to use available bandwidth through the following parameters: CBR - Constant bit rate: a Peak Cell Rate is specified, which is constant, often with a higher priority; or UBR - Unspecified bit rate, where the circuit is allocated up to all remaining unused transmission capacity. Priority for UBR-specified virtual circuits is low. CBR circuits are used for applications such as video surveillance or monitoring that require a constant data stream. UBR circuits are typically used where large bandwidth is desired but is not critical.
• Latency (packet delay): Network latency on the AllCoNet network backbone is less than five milliseconds from any point to any other point on the network. Applications such as IP voice and video require low latency in order to work acceptably.
• Jitter: Jitter on the AllCoNet network is so low that it cannot be measured. Jitter describes the order in which packets arrive at their destination, and can severely affect voice and video transmission.
• Efficiency: The AllCoNet backbone is robust, and even at 100% utilization, experiences virtually no packet loss or decrease in efficiency or performance.
• Scalability: AllCoNet allows for seamless scalability; if additional capacity is needed in a particular area, a new tower can be added and quickly integrated into the network with very little impact, increasing the capacity of the network as much as needed.
• Ready for IPv6: Because the technology underlying AllCoNet operates at “Layer 2”, AllCoNet is inherently ready for advanced “Layer 3” transport technologies such as Internet Protocol Version 6 (IPv6). IPv6 offers a number of advanced technology and security features that are of particular interest to, among others, the US Department of Defense.
• IP Voice: AllCoNet’s inherently low packet loss, jitter, QOS and prioritization capability combine to make AllCoNet an excellent network for the use of IP Voice. AllCoNet’s ability to provide legacy telecommunication services such as T-1/T-3 make it easy to connect conventional telephony systems such as Private Branch Exchange (PBX) systems to use IP Voice.
• Effective Backhaul: The network backbone design eliminates the need for expensive backhaul circuits to connect edge devices such as Wi-Fi or Mesh radios. Instead of using intermediate aggregation points or expensive private line services, these devices are a single hop from the network core. The QOS and prioritization capabilities of the backbone are extended directly to the Wi-Fi/Mesh radios which enhances the Wi-Fi cloud beyond typical Wi-Fi deployments. AllCoNet network’s ‘edge access’ is large enough to be considered as ‘backhaul’ in other municipal deployment architectures.
• Upgrade-ready: AllCoNet’s internal systems are “layered and coupled” so that new technologies are easily integrated, such as systems for the new 4.9 GHz broadband public safety band, 700 MHz, WiMAX and others.
• Fiber Interoperability: AllCoNet can be thought of as a “wireless fiber distribution system.” Where interoperability with fiber makes sense, such as a very high bandwidth user or a highly concentrated cluster of users or a problematic wireless environment, AllCoNet hubs have fiber ports built in. Fiber can then be used with no reconfiguration of equipment.
• Cost-effective To Operate: One of the primary strengths of AllCoNet is that it uses cost-effective commercial off-the-shelf (COTS) broadband radio systems, but is able to achieve considerably more robust Quality Of Service (QOS) and Security than is normally possible with such systems.
• Sustainable Economic Model: Once an AllCoNet network is constructed, ongoing operations are economically sustainable because the network can provide services to commercial customers who pay fees to make use of the network. Commercial use of the network does not, in any way, compromise the public-safety usage of the network, and the full resources of the network are available during an emergency.
• Easily Replicated: AllCoNet-type networks can be built nearly anywhere an independent, costeffective, broadband network is needed, and constructed at relatively modest cost ($5 million for AllCoNet).

---

Network Management System
AllCoNet comprehensively manages and controls the environment and the network. Many of the deficiencies in interoperability and cooperation between key emergency responder organizations are a result of concerns about control, network complexity and cost. AllCoNet addresses these concerns through a complete management platform accessed through a single web-based interface that can be accessed securely from any browser. It is a companion to the network architecture described above, and allows each government entity or provider with a Layer 2 virtual network to perform multiple functions associated with their own end-user base including the following features:

• Security Monitoring and Authentication: AllCoNet has multiple levels of authentication, including radius, MAC address, PVC, VPN and session management and control. In addition, the network can detect any connection that is not encrypted, and can detect any node (even if spoofed) that is not authorized on the network, and disallow that node from access to the network. It will also alarm the Network Operations Center of any attempted breaches of network security.
• Bandwidth Monitoring and Management: The network management provides both real-time and historical data to assist in identifying trends, issues and bandwidth needs for each virtual Layer 2 network, and overall network capacity. The system also monitors network latency and jitter.
• Quality of Service: The management system provides the tools to set prioritization rules for applications and users on each Layer 2 segment, as well as prioritization rules among each of the Layer 2 segments themselves. This provides the ability for critical applications under emergency response and public safety to take priority over all other network traffic as necessary.
• Environmental Monitoring: The system manages the environment, not only at the NOC, but also at each of the core towers. It monitors power utilization, temperature, humidity and status of generator and fuel.
• Backbone Equipment Monitoring and Management: The management system monitors all hardware employed in the backbone, including status of all interface cards, radios, routers and switches, as well as tower downlinks. It also monitors the SONET network and all of the redundant components to identify any failover conditions that may occur. Alerts are set to notify the appropriate personnel of problems including problem severity.
• Radio Signal Strength and Trend Monitoring: All radios on the network are monitored full time for signal strength, uptime and status of other critical radio functions, including security, encryption and code revisions. The system allows the network operator to proactively address problems before network failures occur.
• Provisioning and user management: Provisioning of new users or radios onto the network is simplified through the use of templates, which allow radios to be automatically configured correctly and provisioned with a minimal amount of user input. The system ensures that the correct configuration and code revisions for the hardware are used with every install. Software/firmware upgrades to all network infrastructure devices can be done remotely instead of having to manually update individual units.
• Customized Management: In addition to having the ability to manage the network, the management platform can also be customized to monitor critical customer premise equipment such as phone systems, servers and other key network devices.

For more information about AllCoNet2, contact Jeff Blank, 301-759-2006, jblank@allconet.org.

NIMS Smart Practice: 02-06
NIMS Integration Center, May 2006
NIMS-Integration-Center@dhs.gov
www.fema.gov/emergency/nims
202-646-3850

« Back