The Times spent the last two years evaluating Nortel's voice/data product offerings against an Avaya/Cisco converged network package, according to Bob Kraft, vice president of enterprise services for the New York Times Co.

"Conceptually, we felt we could be successful with either an integration of Cisco and Avaya products" or an end-to-end Nortel package, Kraft says. "It came down to other things" when the decision was made to go with an all-Nortel network.

A week was spent in the product-demo laboratories at Avaya, Cisco and Nortel, Kraft says, resulting in an internal document "bigger than 100 pages" evaluating the technologies against one another. During the evaluation, cost was considered a "tie-breaker§ but not an ultimate deciding factor.

The list price of just the Nortel hardware going into the new Times building is about $10 million, not including the cost of Nortel Global Services, which is providing product installation, and 24-by-seven postinstallation support services. The Times would not say the exact cost of the products and services from Nortel.

Kraft says the single-vendor approach with Nortel will let the company more easily manage and troubleshoot the converged network. A tight integration of security technologies — such as policy-based networking, NAC and IPS/IDS — into the Nortel voice and data infrastructure was also a factor.

All the news fit to podcast, stream and post

The booming expansion of multimedia at The New York Times was a big driver behind the network infrastructure going into the new facility. The Times, over the last several years, has been trying to shake the "gray lady§ image with aggressive use of online and multimedia features, such as multimedia packages and video segments from reporters, chat rooms and blogs. That means Times staff does more than just write and edit text articles for the paper-and-ink product.

"We wanted to create a multimedia environment for each worker" Kraft says. "If they need to do anything with voice or video or multimedia, it can all be done§ from the desktop. Since each PC will have a USB camera and microphone, Kraft anticipates more video conferencing will take place, was well as recording of short podcast and video podcast segments by reporters for the NYTimes.com site.

Among the background clatter in the Times' current newsroom are several televisions, constantly tuned to breaking-news channels, such as CNN or FOX. The new Times newsroom will have fewer televisions but more options available for the staff, as 10 channels of IP television will be available to every desktop in the company. The IPTV streams will be delivered via Time Warner Cable.

"We will be one of first customers in New York for§ IPTV from Time Warner, Kraft says. "We're helping them develop that service.§

The IPTV streams will let editors and reporters view content more relevant to their sections or beats, Kraft says; business writers can view CNBC or MSNBC; sports scribes can peek at scores from ESPN News while writing and editing. (The Times had no comment about what effect TV-to-the-desktop will have on reporters meeting deadlines for filing stories.)

Staff convergence

"The firewall separating the Web site operations of The New York Times from the newsroom on 43rd Street is about to come tumbling down" said Editor & Publisher, a newspaper trade publication in 2005, when the Times merged its Web and print operations. Around the same time, a similar consolidation, with less fanfare, happened in the company's IT staff, as employees from the Times' telecom group, mostly PBX phone-system experts, were merged with the data/IP-centric network and computing staffs.

A year before the staffs were merged, the IT and telecom began cross-training on voice and data networking, even before the decision was made on what vendor they would use for convergence.

"We not only converged traditionally separate voice and data technical folks, but we have reorganized the entire support and operations teams surrounding this" Kraft says. "We believe that the operations will be less expensive going forward than how we've things in the past."

The department of redundancy department

The main building block of the Times' new LAN will be the Nortel Enterprise Routing Switch (ERS) 8600 chassis and Enterprise Switch (ES) 5520 stackable switch. Fourteen 8600s will be deployed in redundant pairs throughout the new facility, using Nortel's Terabit Cluster technology. The Times is putting a twist on the standard modle of a three-tier LAN, with LAN edge, distribution and core/data-center switches. The times is connecting the distribution layers for wiring closets directly with the server distribution switch layer, with four 10G Ethernet links.

RSMLT and Terabit Clustering makes the four server and edge switch distribution layers appear as one virtual switch, with all 10G Ethernet paths among the four boxes fully active. This provides high bandwidth, since the backup routers and paths are fully used, and quick failover in case an Ethernet cable or the 8600 hardware fails.

The RSMLT-based user distribution layer fans out to stacks of ERS 5520 switches in the wiring closets, which are attached via Layer 2 SMLT; this provides multipath connections and connection failover for desktop users. In the data center, six 8600s attach hundreds of servers 〞 used for all of the Times' internal business and production applications. RSMLT provides redundancy for these connections, as well as the dual-10G links between each pair of 8600s at every layer of the network. Pairs of 8600 switches at the WAN edge are also used to aggregate external-facing VPN devices, firewalls, PSTN gateways, and other remote access links.

The VoIP architecture is based on Nortel's Communication Server (CS) 1000 platform, a server-based IP PBX; it's based on Nortel's Meridian PBX feature set, hosted on an IP server running the VxWorks real-time operating system from WindRiver Systems. A redundant pair of CS1000s will serve around 3,600 IP phones in the news, advertising, circulation and other departments, as well as 300 IP softphones deployed in the Times' classified/display advertising call center.

The CS 1000s provide centralized management of over 34 media gateways and 18 signaling servers—distributed appliances deployed throughout the network to provide VoIP call setup and signaling for various groups around the LAN.

Security built in

The Times is also rolling out a wide range of Nortel gear to protect its LAN infrastructure, and to keep out insecure or unauthorized users. Nortel's NAC technology, based on the Secure Network Access (SNA) appliance, will be used to enforce user authentication via the Enterprise Switch (ES) 5520 switches at the edge with power over Ethernet. Two SNA boxes will sit behind ES 5520s at LAN edge. The SNA product allows IT staff to set policies on what types of users and devices can attach to the network, and what they can do once authenticated. Newsroom and advertising departments, for instance, can be prevented from accessing servers on each other's segments.

Fronting The CS1000 IP PBXs are Secure Multimedia Controllers (SMCs), an internal firewall appliance that protects Nortel IP phones and IP PBXs from denial of service attacks. The SMCs also provide authentication for IP phones, and encrypt VoIP signaling and data streams between the CS1000 infrastructure and IP phones.

The Times is also building security into its LAN core, with blades inside two of the 8600 switches running the Snort IPS system from Sourcefire. (The blades are Nortel hardware running the Snort code.) These two blades communicate with 10 Threat Protection Sensors (TPS) appliances deployed at the WAN and Internet edge connections, as well as internal LAN segments. The TPS appliances monitor for suspicious traffic and send data back to the blades in the 8600 switches, which correlate the data and direct the TPS appliances to stop suspicious network flows.

This end-to-end security capability was a very significant "other thing§ that put Nortel over the top of the Avaya/Cisco products the company looked at. "We were most impressed with the way the security capabilities surrounded the entire Nortel [infrastructure]" Kraft says.