Case study

Nigeria Control Disease Center (NCDC) 

June 4, 2024

Industry – Public Sector 

Challenge – The Nigeria Centre for Disease Control is the country’s national public health institute, with the mandate to lead the preparedness, detection and response to infectious disease outbreaks and public health emergencies in Nigeria. 

NCDC sought to resolve the challenges of their existing LAN infrastructure, wireless LAN, IP-PBX unified communication and security in other to increase efficiency in view of their nationwide expansion. With constant network issues arising from a growing demand placed on their network infrastructure, the security of their data posed a major challenge to the network team. 

Selection Criteria – Nigeria Centre for Disease Control (NCDC) desired a Network partner that could assure a network segmentation that supported tailored security and policies by the administrator, a comprehensive threat protection and a flexible interface that met the needs of their network. The NCDC team recognized the following in their criteria list for their WLAN internet connection, LAN infrastructure service, wireless LAN and IP-PBX unified communication: 

  • Scalable Performance enables additional services without degradation. 
  • Comprehensive Threat Protection includes multi-gigabit firewall, intrusion detection and prevention, denial of service, network address translation and QoS. 
  • Network Segmentation allows administrators to tailor security and policies. 
  • System and Network Resiliency ensures carrier-class reliability from redundant hardware and components, and Junos software. 
  • Interface Flexibility meets the needs of any network. 
  • UX Customization Customize PBX with Pre-made Vertical Dashboards or custom dashboards for Inbound & Outbound Calling at Affordable Cost. 
  • Routing and security 
  • Juniper devices. 

The Result –  

Layer3 provided NCDC with high performance network solution deployed to offer a secure and converged network combining Data and Voice on a single network topology. This solution comprised of four parts – broadband internet, LAN infrastructure service, wireless LAN and IP-PBX unified communication solution shared amongst annex office buildings. 

Broadband Internet/LAN Infrastructure Solution: This was implemented using Juniper network products such as, the SRX 550 to handle core routing and firewall functions. Juniper EX switches and cisco handled all switching functionalities within the network. 

  • A SRX550 connection to the fiber from Layer3 Point of Presence serving as the breakout to internet. The same SRX550 also served as the security gateway. 
  • The core segment comprises of 2EX4600-24P clustered (Virtual chassis) provided a single management interface.  
  • The core segment comprises of cisco2960-24P clustered provides a single management interface 
  • The core segment possessed 2 physical interface connections to the SRX550 and some of the access switches where necessary were bundled to form aggregated ethernet interface for resiliency and higher throughput. 
  • NCDC-FW firewall was configured to have its WAN facing interface configured with an IP address in the same subnet as the network facing IP address of the ISP’s routers. The IP address on ISP router was configured as the Firewall’s default gateway. 
  • The LAN/Network facing aggregated interface of the NCDC-FW had a trunk (VLAN Tag) connection to the core ‘NCDC-SW’ switch carry various VLANs and corresponding networks.  

Wireless LAN: This was done using ubiquity unified access points, the access points were distributed to cover all the premises to serve mobile users of internet. 

IP-PBX Unified Communication Solution: An IP-PBX software (Layer3 SIP Connect™) was installed on HP Proliant DL20 G9 Server. This was connected to the Core switch on the rack. The configuration details of all the telephones and server are also included: 

Zone- Zones and network relationship is configured for all required network  

Untrust Zone- which is the public interface or allocated to the service provider(s) 

NAT- All users are natted to the internet via the Firewall WAN public address. Destination nat was configure for all public facing servers. 

Policies- Policies and permissions were configured based on production needs. Conventional polices such as internal users to Internet (WAN) were configured. This also applied to the port and service restrictions to servers. 

Core switch Configuration- All the corresponding VLANs on the LAN interface of the NCDC-JABI-FW firewall, will be configured on the receiving interface of the ‘NCDC-CORE-SW’ core switch. The VLANs was then configured on access or trunk interfaces facing the NCDC-ACSW-xx access switches. 

Access Switch Configuration- Access was configured with the required VLANs and extended to the core switch.

Recent articles

Uncategorized

Building Trust in Nigeria’s Digital Ecosystem with Layer3 

January 20, 2025

Uncategorized

Building Nigeria’s Digital Future Through IT Excellence

December 5, 2024

Uncategorized

Demystifying Hosted Cloud for Nigerian SMEs

December 4, 2024