About Us
Philosophy of Excellence
Administrative Rules
Catalog of Services
TC Handbook
Information
Online Order Entry
FOrms
Web Billing
Cellular Authority
Telephone Listings
OTM Home

 

 data dial tone service

Data Dial Tone is OTM's term for local area network services provided to customer agencies. It is currently available in selected buildings in the Capitol Park Complex in metro Baton Rouge. OTM has adopted an architectural model for campus-based, high-availability enterprise networks. OTM provides all local area network services from the cable that plugs into the network interface card of the pc or network printer, through the building, from that building to the shared Data Centers, and to the Internet. The speed of access is fast Ethernet (100Mbps) unless 10Mbps access is specified by the user agency. All connectivity in the core of the network is via fiber and is running at gigabit Ethernet speeds (1000Mbps).

Service Offerings

  • Desktop Access
    Connectivity for individual computers, network printers, or file or application servers located in a building served by Data Dial Tone. There is a monthly charge for each active port.
  • Server Access
    Connectivity for individual servers or mainframes, public or private, located in one of the shared Data Centers. Devices will be connected directly to OTM switches.  There is a monthly charge for each active port based on the type of switch ports used: 10/100 or Gigabit Ethernet.
  • Network Access
    "Switch to switch" connectivity between agency-owned switches and OTM Aggregation switches. This connection may be at one of the State's shared data centers, or may be in a building served by Data Dial Tone if an agency special purpose network area exists.   The monthly charge is based on the type of switch ports used: 10/100 or Gigabit Ethernet. Network access includes 2 physical port connections to two Data Center Aggregation switches for redundancy. Note: This type of access is only available in certain special cases.  Most connectivity will now be provided via Desktop and Server Access.
  • DMZ
    Internet bandwidth subscription for publicly accessible servers, mainframes, or other devices located in one of the shared Data Centers.    Agency will purchase a Server Access port for each device in the DMZ (see Server Access above).  In addition, the agency will pay a fee for internet access bandwidth for the agency' s collective group of DMZ servers. Access is rate-limited based on the IP address range of the agency's DMZ servers.
  • LaNet via Data Dial Tone
    Internet bandwidth subscription for an agency's collective group of users within LSI. Access is rate-limited based on the IP address range of the agency's user community.
  • Wireless LAN
    OTM will provide free Internet Only wireless access in one common area of each Data Dial Tone building, generally the first floor where multiple shared conference rooms and/or training rooms are located. Agencies will also have the option of subscribing to a paid service in other areas of their home building. A monthly fee will be associated with each access point used to serve the requested areas.  
  • Virtual Private Networking (VPN)
    Agencies may subscribe to a Group service or to a site-to-site service. With Group service the agency pays a monthly fee for a collective amount of bandwidth to be shared among all of its individual remote users. With site-to-site service the agency is charged a monthly fee for the bandwidth associated with each site-to-site connection.

Network Description

  • Cabling
    Station wiring is provided in State buildings according to the tenant agency service requirements. As a standard, two data ports and one voice port with a minimum of Category 5 Enhanced type cable shall be installed at each drop or work location within a building. OTM provides all copper and fiber patch cables in the closets, as well as lobe cables from work station data ports to each network interface card.  All data ports in each work area are labeled and correspond to labels in the wiring closets. Additional drops installed after initial building occupation shall be coordinated through OTM, but shall be done at the expense of the requesting agency.

Fiber is used within each building for vertical connectivity between Main Distribution Frame closets and Intermediate Distribution Frame closets on each floor. The buildings served by Data Dial Tone in the Capitol Park Complex are also interconnected with multiple strands of  fiber optic cable. 

Communications between the ISB, DPS, and LSU data centers is achieved using Gigabit Ethernet links over leased fiber and State-owned Dense Wave Division Multiplexing equipment.

  • Infrastructure Equipment
    OTM has deployed workgroup switches supporting Layer 2 access to provide 10/100 Ethernet services to desktop devices and network printers.  OTM does not plan to maintain a one-to-one correlation between all data ports in a particular building and available switch ports.  Therefore, it is likely that patch cables will have to be added or moved in the event that a networked device is moved within a building (see Adds, Moves, and Changes). Each workgroup switch is dual-homed to a pair of switches at the building aggregation level. Each building aggregation switch is dual-homed via Gigabit Ethernet links to a pair of core switches located in the Information Services Building (ISB) at 1800 N. 3rd. St.  All aggregation and core devices support Layer 3 switching (IP routing).   The core LAN switches in the ISB are connected to redundant LSI Gateway switches via Gigabit Ethernet for access to the Internet (see Data Dial Tone Service Diagram).
  • Location of Agency Resources
    An effort has begun to centralize and consolidate the State's data processing resources at two shared Data Centers within the State.  The first is located at the Information Services Building at 1800 N. 3rd St. in downtown Baton Rouge, and the second is Department of Public Safety data center on Independence Blvd in mid-town Baton Rouge.  Agencies that subscribe to Data Dial Tone services will locate all shared resources, servers, printers, mainframe computers and other resources at these shared data center facilities.  Agency servers may be located in a building served by Data Dial Tone only when they are used exclusively by tenants of that same building; all shared or public servers must be located at the agency data center in the shared facilities.See OIT policy IT-POL-002.
  • Network Availability
    OTM supports Data Dial Tone services 24 hours a day, 7 days per week.  The network should be available at all times, with the exception of network maintenance intervals.  Network maintenance, including configuration changes, software and hardware upgrades, etc., may be performed during OTM's standard maintenance window on Saturday mornings from 3:00 am to 7:00 am.  Notification will be sent to agency technical contacts at least 48 hours in advance of standard maintenance and will include anticipated outage duration as well as areas of the network that will be affected.  It may be necessary on occasion to perform emergency maintenance to correct a problem.  OTM will always try to perform emergency maintenance after 5:00 pm in order to minimize impact to its customers.  Agency technical contacts will be given as much notice as possible of emergency maintenance activities.  It will be the responsibility of the technical contacts to notify the rest of the agency users of all maintenance activities and resulting anticipated outages.
  • Supported Protocols
    Ethernet (10/100/1000 Mbps) is the only Layer 2 LAN protocol supported by Data Dial Tone service; no token-ring or other LAN protocols are used.  TCP/IP is the only Layer 3/4 protocol supported by Data Dial Tone services.  Other protocols (SNA, IPX) must be encapsulated in IP for transport across the Intranet network.
  • Ethernet Port Configuration
    Due to incompatibilities with various implementations of Ethernet auto-negotiation, OTM will configure all desktop access switch ports to operate at 100Mb full duplex. In order to insure compatibility, agencies must also configure the network interface cards of all their devices to operate at 100Mb full duplex rather than allowing auto-negotiation. If the agency has legacy devices that will not support 100Mb, they should request that those specific ports be configured differently.
  • Virtual LANs
    Virtual LANs are used in all Data Dial Tone buildings and shared Data Centers. VLANs are not shared by multiple agencies, so each workgroup access switch in a building closet or shared data center may support multiple VLANs.  VLAN Tagging as defined by the IEEE 802.1Q standard is used to trunk vlans between access and aggregation switches as necessary.  In the Data Dial Tone buildings a given VLAN does not appear in multiple workgroup switches (i.e., vlans are not spanned).  This creates smaller broadcast domains and reduces the potential for spanning tree issues. In the shared Data Centers where it is beneficial to provide connection redundancy for critical servers and separation of network connections for clustered servers, vlans are spanned across multiple access switches.
  • IP Addressing
    OTM shall implement a private addressing scheme for all Data Dial Tone subscribers. Each agency shall be assigned private and public address ranges appropriate to the size of their agency. Agencies must re-address their devices prior to moving subscribing to Data Dial Tone services. Private to Public network address translation (NAT) and Port Address Translation (PAT) will take place within the OTM-managed firewalls that divide the State's secure Intranet (LSI) from the Internet. For more details see      IP Addressing Technical Standards.
  • Routing
    OSPF is the routing protocol used between layer 3 switches.  The access switches in each building and in the data centers function solely at layer 2, providing Ethernet connectivity from agency devices to the aggregation switches.  The aggregation switches utilize OSPF to route between access switches as well as out of the building or data center to the core switches.  The network core is purely layer 3/OSPF.
  •   Internet Access
    Each agency that wishes to have Internet connectivity must subscribe to the LaNet via Data Dial Tone service. Internet traffic for each agency is rate-limited based on that agency's IP subnet(s) according to the level of bandwidth to which the agency subscribes. The rate limit is applied to both outgoing and incoming Internet traffic. 
  • Internet 2 Access
    Certain higher education entities that subscribe to Data Dial Tone require access to Internet 2 (I2).  To accommodate this need a connection has been established from a router within LSI to OTM's LearnNet network.  This connection is outside the normal LSI routing path, so a policy route in the core switches forces all traffic from only the specified agencies to the I2 router where the decision is made whether to send the traffic to I2 or back to the core toward I1.  LSI is protected from I2 by a firewall.
  • DMZ
    OTM has created a "de-militarized zone" or DMZ between the Internet and the State's internal network or Intranet.  This DMZ is defined as an area off the OTM firewalls that is more secure than the "outside" (Internet) and less secure than the "inside" (Intranet).  DMZ access is available both at the ISB and at DPS. All publicly accessible servers must reside in this DMZ.  Agencies connect their server(s) directly to OTM's DMZ switch at ISB or DPS.  Each agency is configured as a separate logical DMZ in order to provide maximum security between servers of different agencies. Incoming traffic is routed only to the appropriate agency's physical ports off the DMZ switch(es).  Traffic is not allowed to pass from one agency to another agency within the DMZ without first going through the OTM firewalls. Public IP addressing is used in the DMZ (see     IP Addressing Policy  ). Each agency pays a per port charge for each device connected to the DMZ.  In addition, the agency pays for the aggregate Internet bandwidth required for all devices located in the DMZ.
  • Shared Areas in Buildings
    At an agency's request OTM will provide Internet Only access from areas like conference rooms, training rooms, and other similar locations that will be shared by multiple agencies within a building. Those VLANs designated as Internet Only are outside of any agency's IP range and do not have access to any agency's private resources. Access to agency internal resources requires use of a Virtual Private Network. Alternatively, an agency may request that a port in a shared area be activated in their private VLAN. However, anyone who uses that area will then have access to the agency's network. OTM does not recommend this solution.
  • Wireless LAN
    OTM will provide secure Wireless LAN access within Data Dial Tone buildings for use by agency personnel and authorized guests.OTM owns and maintains all of the wireless LAN infrastructure, including wireless access points and antennae. A Radio Frequency study will be conducted prior to each installation and OTM will place and configure access points to ensure maximum coverage in desired areas.

OTM will provide free Internet Only wireless access in one common area of each Data Dial Tone building, generally the first floor where multiple shared conference rooms and/or training rooms are located. Agencies will also have the option of subscribing to a paid service in other areas of their home building. A one-time installation fee and a monthly fee will be associated with each access point used to serve the requested areas. The paid service will also be Internet Only, meaning that wireless clients will use IP address space separate from any agency and will not have access to any agency's internal resources. Access to agency internal resources will require use of a Virtual Private Network. Both the free service and the paid service will be secured with authentication and encryption, and only authorized agency personnel and authorized guests will have access to the wireless LAN. Agencies will maintain their own database of authorized users on a radius server, and OTM will proxy to the appropriate agency database upon each authentication attempt. There will be a one-time setup fee for each agency to establish this server-to-server relationship.

Agencies should not implement their own wireless LAN solutions within Data Dial Tone buildings as this may cause conflicts with future OTM solutions and may present significant security risks to the entire network. OTM also strongly suggests that agencies not purchase or use 2.4Ghz phones as they may interfere with wireless LAN devices.

  • Virtual Private Networking (VPN)
    OTM offers an IPSEC VPN line of service in order to provide individual clients and branch offices with remote access to agency networks. Split tunneling will not be allowed due to the security risk it poses to the internal network. OTM requires that anti-virus protection be installed and maintained on each remote machine accessing the VPN services. The VPN concentrators' public interfaces are placed in a central DMZ at each data center, and the private interfaces connect to the Data Center Aggregation switches.

Agencies may subscribe to a Group service and/or to a Site-to-Site service. The Group service is intended for use by individuals who need access to the Intranet from remote locations (home, customer networks, etc). Each client workstation must have the Cisco VPN client software installed and must be configured with the appropriate group name and password. The agency pays a monthly fee for a collective amount of bandwidth to be shared among all of its individual remote users. There is no limit imposed on the number of remote users allowed to use the service.

The Site-to-Site service should be used for connecting small remote offices to the Intranet via an ISP. In this scenario, there is a single VPN termination device (concentrator, router, or firewall) at the remote office which must have a public IP address on the Internet. This device is also connected to the remote office's LAN. The workstations on the LAN access the Intranet through this VPN termination device and are not required to have VPN client software installed. The agency is charged a monthly fee for the bandwidth associated with each Site-to-Site connection.

Security

  • Port Security
    OTM configures port security on the workgroup switches in each building to restrict access on each user port to a single but undefined MAC address.  End users should not plug hubs, switches, or routers into Desktop or Server ports. 
  • Access Control
    By default Access Control Lists (ACL) in the building aggregation switches permit connectivity between agency users and agency resources as well as to the Internet but restrict access between the various agencies that subscribe to Data Dial Tone services. These rules can be modified to allow communication between agencies for specific applications if both agree.
  • Firewall
    OTM uses a pair of redundant firewalls to restrict access to the LSI DMZ and Inside networks. By default no sessions generated from the outside (public) network are allowed through the OTM firewall to the inside (private) network.  Agencies must make specific requests regarding the source, destination and type of traffic that should be allowed from outside through the firewall to the private network using the OTM-30 LSI Firewall Change Request Form found on OTM's website.  Most agencies will not require this access.  An example of an exception might be for video conferencing sessions that will be initiated from the Internet. 

OTM works with each agency to establish appropriate firewall rules which allow public access as needed to each server or device in the DMZ. It is OTM's intention to make the DMZ as secure as possible while allowing specific access to services within the DMZ.  By default no sessions generated from the outside (public) network will be allowed through the OTM firewall to the DMZ.  Agencies must make specific requests regarding the destination and type of traffic that should be allowed from outside through the firewall to the DMZ using the OTM-30 LSI Firewall Change Request Form  found on OTM's website. 

Agencies should not connect their DMZ servers directly to their internal network via a second NIC. The only secure way for DMZ servers to talk to servers on the Inside of the network is through the OTM firewalls. Those requests must be made using the Firewall Change Request form also. OTM will also provide a pair of redundant firewalls to restrict access from the users inside LSI to each data center. Agencies must make specific requests regarding the source, destination and type of traffic that should be allowed from the LSI user community through the firewall to the agencies' data center resources using the OTM-30 LSI Firewall Change Request Form found on OTM's website. 

  • Intrusion Detection Systems (IDS)
    IDS blades and boxes are placed at key locations within the LSI network infrastructure.   The primary goal of IDS is to protect the State's critical IT assets by identifying internal and external threats to the network and responding to each threat appropriately. OTM has implemented network-based intrusion detection systems at the perimeter of the LSI network as well as in the Core, at each building, and at each data center. Agencies are strongly encouraged to implement host-based IDS protection as well.
  • Remote Access to Agency Resources
    For security reasons neither remote access from the Internet nor direct access by modem to a personal computer of an agency that subscribes to Data Dial Tone is allowed. The only acceptable remote access is via OTM's VPN services.
  • Access to Telecommunications Closets
    Agency access to building telecommunications closets is not permitted. OTM and its authorized contractors will perform all work in the closets. See the Telecommunications Room Access Policy for more details.

Adds, Moves, and Changes

The OTM Network Services LAN Support group performs all adds, moves, and changes within the network.  There are fees associated with adding, moving, or changing features after Data Dial Tone service is initially established in a tenant building. Refer to the OTM Catalog of Services for rate information. Simple changes, such as activating a new port for a user, involve standard charges and will usually be completed by the next business day. For complex changes, OTM will provide a quotation of the charges to the requesting agency for approval prior to beginning the work.Agencies should submit requests to the OTM Advanced Services Unit using the forms listed below.  See the Adds, moves and changes workflow  for more details.

OTM-25 Data Dial Tone Service Order Form
OTM-30 LSI Firewall Change Request Form    No fees associated with firewall change requests
OTM-31 Data Dial Tone VPN / Wireless LAN Service Order Form

Trouble Reporting

The OTM Network Services LAN Support group provides day to day support for Data Dial Tone services, including problem determination and repair.  OTM also contracts with the Office of Computing Services' Centralized Monitoring Service within DOA to monitor all network elements within LSI and to provide a call center for Data Dial Tone trouble reporting. When LAN problems are reported to an agency's IT department, those personnel should review the problem and try to determine if it is a network issue.Network problems should then be reported to the CMS group. See the   Trouble Reporting Workflow  for more details.
Feedback: OTM Webmaster    Updated on: 05/17/2007
   Help Desk GASB