Sporveien AS is a municipal company that has operated public transport in Oslo for almost 150 years. Today, the distinctive light blue trams are an integral part of both the rich history and the sustainable and cost-effective future of the city. Now, Netsecurity is modernizing Sporveien's extensive network infrastructure usingdistinctive purple equipment and solutions from Extreme Networks, making the infrastructure more secure, easier to manage and less prone to failure.
With approximately 3,300 employees, 217 million single journeys and a turnover of NOK 5 billion in 2022, Sporveien AS is definitely Norway's largest and most prominent provider of public transport. The Group is wholly owned by the City of Oslo and operates all metro and tram services in Oslo and Viken, as well as a large proportion of the tender-based bus services in Oslo, Viken, Innlandet, Vestfold and Telemark. Sporveien also owns, develops and manages all infrastructure related to the metro and tram - i.e. rails, stations, tunnels, signaling systems and other properties - and is responsible for the maintenance of trams and metro cars.
In line with the vision of providing sustainable mobility for all by transporting as many satisfied passengers as possible - quickly, safely and at the lowest possible cost to society and the environment - the company has continuously evolved and adapted to the growing needs of local communities. Over the past decade, Sporveien AS has operated services more efficiently through two strategy periods: "Best 2015" and "Best 2020". The result is an ever-higher quality of service as well as operational savings of over 100 million euros annually, compared to 2011.
In 2021, Sporveien AS initiated an advanced and comprehensive modernization of the network infrastructure. The aim was to achieve further cost reductions and revenue increases and to improve the public transport system as such. The project encompassed everything from the network core with firewall to access switches and wireless networks for all of the Group's 43 locations. The key objective was to build a flexible, cost-effective, robust and secure foundation to meet the group's current and future needs.
The choice fell on Fabric-to-the-Edge
Previously, Sporveien's IT department had to use a traditional network built around VLANs. As time went on and the group's IT environment became increasingly complex, the limitations of the old solution - due to its rigid and sophisticated architecture - became increasingly apparent. For example, every time employees deployed new services, they had to configure up to a hundred network switches. This, of course, put a strain on the IT budget and resources, as well as posing a significant risk of human error and consequent network downtime.The use of IP addressing also represented a certain threat from a security perspective.
At the same time, strengthening security and robustness could negatively affect the simplicity and agility of the network, which in turn tends to increase operating costs. Tramway's IT department realized that they needed a completely new approach to break out of this vicious circle. It became clear that a new network based on the Shortest Path Bridging (SPB) protocol IEEE 802.1aq would be the best choice, especially in terms of redundancy in a demanding physical cabling infrastructure with independent services (I-SIDs) on top.
During the tender process, some of the participants suggested Extreme Fabric Connect - the industry's leading SPB technology from Extreme Networks - as the foundation for the new solution. Initially, the company considered a fairly traditional approach with fabric switches at the core and EXOS switches at the network edge. In the end, Netsecurity, one of Norway's leading providers of IT security and infrastructure services and solutions, developed a far more elegant and advanced solution.
- After a thorough investigation of Sporveien's needs and challenges, we asked ourselves the question: "Why not extend the simple fabric network technology to all locations with production and maintenance, such as workshops and traffic centers?" To achieve the desired cost-effectiveness, redundancy and security, we chose to base the new solution on Extreme Fabric Connect from the network core all the way out to the access switches and wireless network. This decision was made in consultation with the customer," says Netsecurity's Senior Network Security Engineer Frode Slangsvold, who has over ten years of experience with Extreme's fabric solution.
- We wanted to avoid making it too complicated. When it's complicated, things stop working after a while and you just end up with a cluttered network. It's quite easy to make a network more complex. For us, however, it was crucial to simplify practically everything, including administration, operation, troubleshooting and deployment of services," explains Gunnar Gullberg, network manager at Sporveien AS.
The ability to do more, faster
Sporveien plays a crucial role in the everyday lives of municipalities and residents, and the Group has many geographically dispersed locations that are all connected to the production network. Last but not least, Sporveien has a lot of work to do with the transportation infrastructure every single day, so given the nature of the business, the need for efficient operations and cost savings becomes very clear. This is where we see the first major benefit of the new SPB network.
Now that the Extreme Fabric Connect solution is in place, Sporveien's IT department can onboard new equipment, software, services and users much faster and easier. The foundation for this automation lies in the auto-sense ports.
- Fabric edge switches from Extreme support touchless deployment. This means that when new switches are deployed, auto-sense is automatically enabled by default for all ports, so they are simply up and running. Next, the switches create an onboarding I-SID that ensures everything that connects to the infrastructure - including other SPB nodes and client devices - is automatically onboarded onto the network management infrastructure. "This service is created by default," says Senior Systems Engineer Adam Minowski at Extreme Networks.
What does this mean in practice? First of all, there is no need to send a highly skilled network engineer to the site every time there is a need for a change in the network.
- This is a big advantage in our production network, especially when employees work night shifts. The network technicians do not need to be present. They can simply ask an electrician to plug in a switch and when they show up for work the next morning, it's in place and working properly. Our network team is just two people, but if something happens and we're away or unavailable, virtually anyone in the office can pick up the switch, drive to the location and change the switch. The new switch is up and running in a couple of minutes," says Gullberg.
Flexible and scalable
The new network solution simplifies moves, additions and changes. At the same time, it makes it easier to connect existing,
traditional networks to the fabric or extend the fabric network to third-party locations via any type of connection and network topology. Both are crucial in Sporveien's case.
- One of our partners - a bus company with many locations spread across Oslo - was not connected to our network, so the connection had to be made via the internet. We couldn't have done that before, at least not without a lot of work. Now we can deliver the same service that we do here in the office and anywhere else in the network, almost instantly - instead of within three weeks," says Gullberg.
- "What we essentially did was extend the fabric services to the partner's locations over a private IP VPN connection using VXLAN tunnels. The connection goes from the far edge to the firewall. This provides the same benefits in terms of automation and security as at Sporveien locations. Thanks to instant onboarding, their devices automatically connected to our fabric and delivered new services. Best of all, we were able to do it with just a few mouse clicks, since it's Fabric-to-the-Edge, even over Layer 3 connections. With the old solution, all this would have been very laborious in terms of routing, IPsec and so on," Slangsvold explains.
More redundancy and less complexity
Reliability is what determines the quality of a system. This applies to both public transport and IT networks. For Sporveien, it was crucial that the modernization project gave them higher robustness and redundancy in critical network infrastructure to reduce downtime.
Previously, the group had to use spanning tree and switch-cluster routing protocols to achieve a degree of redundancy, but this was limited to only the central parts of the city. Today, the risk of downtime associated with the integration of equipment is significantly reduced throughout the infrastructure.
- With the new solution, automating Sporveien's network is no longer dangerous, since you only touch the edge. The automated process for onboarding switches also ensures that no loops occur, and that's thanks to the Fabric Connect solution in the backbone. Therefore, the group doesn't have to worry about loops and human error," says Slangsvold.
The downside of improving network redundancy is that it often comes at a price - be it in the form of actual costs or increased complexity (which in turn also incurs costs). In the past, businesses and organizations had to ask themselves the age-old question: "How far are we really willing to go to achieve true redundancy?" However, the introduction of the new fabric solution gave Sporveien the opportunity to leverage its existing fiber connections for redundancy more effectively, increasing the return on this investment. Thanks to the plug-and-play functionality, almost everything is redundant, even at the network edge.
The time saved can be spent on more strategic tasks and on introducing further innovations in the IT area. Perhaps even more importantly, the new infrastructure provides tangible efficiency gains that save Sporveien money and resources and strengthen the group's reputation.
.png?width=378&height=213&name=header%20%20sprveien%20(1).png)
- Previously, the downtimes were longer. If any of our critical locations - for example, those managing our metro or tram systems - couldn't do their job in the morning, there were many traffic delays. That actually results in fines that the group usually has to pay, so the new infrastructure gives us savings all around," Gullberg adds.
Network security
Network security is crucial for public transport companies and naturally a top priority for Gullberg and his colleagues in the IT department. The implemented solution meets this need in an interesting way. Most important is the logical segmentation into separate networks for network management, administration and technical tasks for transport managers, such as traffic monitoring and control of all trains.
- It is not possible to access the service layers of the network from the administration layer in such a fabric. You can connect to any port you want, but because of the way Sporveien's fabric is built, you'll never get to the administration. That's a significant security achievement in itself," says Slangsvold.
What makes the project extra interesting is that Netsecurity initially built this fabric network at layer 2 only, which means there are no VLANs or IP addresses that any attackers could exploit to gain access to the network.
Network access control was another element the customer wanted to introduce, and this feature now covers around 98 percent of all ports in their network. The implemented ExtremeControl solution gives Sporveien centralized and advanced control over all endpoints throughout the network. The ability to locate, authenticate, and apply targeted policies to users and devices has been important in further strengthening Sporveien's network security.
A wireless network with high performance and easy management
One of Sporveien's main priorities for modernizing its network was to rethink the wireless part of the infrastructure. The aim was to facilitate a mobile and flexible working environment. Gullberg and his colleagues envisioned the wireless network functioning as much more than just a primary access method for employees.
- "First and foremost, we wanted all employees to be seamlessly connected in every nook and cranny of every office. We also wanted to extend the wireless network to cover the cart maintenance areas, which are very large. In addition, we take the opportunity to collect data from trams that stop at the stations. This data is passed on to the transport managers. In other words, we needed good coverage and capacity in some pretty challenging environments both indoors and outdoors," says Gullberg.
Netsecurity's solution was to deploy over 600 WiFi 6 access points from Extreme Networks. The new wireless infrastructure was designed in a way that maximizes the capabilities of the devices. The industry's first software-defined 802.11ax access points not only support dual 5GHz capacity, but also two software-programmable modes that allow Tramway's IT department to optimally manage radios to deliver the highest possible client performance. All this can be done very easily - either locally or in the cloud with the implementation of the ExtremeCloud IQ management platform package.
A next-generation management and analytics platform to handle it all
In an IT environment as large and complex as Sporveien's, it's important that network management is centralized and unified. This allows the IT department to work more efficiently and meet the ever-growing needs of the business.
That's why Sporveien decided to implement ExtremeCloud IQ - Site Engine, which is a comprehensive network management platform. It enables task automation, real-time analytics, service monitoring and orchestration - all from a single, flexible and easy-to-use dashboard that makes it possible to view the entire network and all network devices, without having to assemble additional software.
The implementation of the ExtremeAnalytics solution also provided Sporveien with a centralized, advanced overview of all user software running on their network, as well as the performance of this software in relation to overall network performance. This helps network operators detect any need for intervention and pinpoint exactly which software may need troubleshooting.
