LGS 4G LTE Playbook

S t r at e g i c w h i t e pa p e r 4 g Lt e p L aY B O O K

4th generatiOn wireLeSS fOr the UniteD StateS gOVernMent

4 g Lte pL aYB O O K

LGS 4G Mobile Solutions will enable mobile access to a wide variety of

end-user devices and enhance the use of cloud services for the Federal

Government. By leveraging LTE commercial wireless infrastructure

with carrier grade redundancy, 4G Mobile Solutions will deliver

mission-critical services and applications through value-added services

management such as Mobile Device Management and Mobile Apps.

This white paper addresses how the 4G mobile government worker will

benefit from fourth generation wireless technology and focuses on the

challenges that the Federal Government faces and the potential benefits

realized through LGS 4G Mobile Solutions.


1

Mobility is a primary enabler of workforce efficiency. Mobile broadband access reduces the time to perform regular business

functions through a more rapid response to situations that require collaboration regardless of team members’ locations. This

gives transparent access to critical data and applications anywhere, anytime, on any device.

Until 2010, most second and third generation cellular networks were based on air interface standards such as Global Systems

for Mobile (GSM), Universal Mobile Telecommunications System (UMTS), and Code Division Multiple Access (CDMA).

While these standards support both voice and data, none use end-to-end Internet Protocol (IP) that most Federal Government

enterprises utilize on a daily basis. Therefore, federally approved protection systems to secure data in flight and at rest

on a Federal Government enterprise do not secure the federal data over a commercial cellular network. In 2010, the 3GPP1

specified Long Term Evolution (LTE) as the global standard for 4G networks. As a result, commercial service providers are

investing in LTE networks to handle the rapidly increasing demand for mobile broadband voice, data and video.

The mobile government worker needs to use their mobile device across multiple environments with different security levels

from the home to a government enterprise to a secure government enclave. Therefore, the Federal Government has drivers

that exceed those of commercial mobile subscribers.

table 1–1 | USg Mobile Service Drivers

US g D r iVe rS S O LUti O n r eq U ir eM entS

M O B i L e S e rVi ce S » Extend Enterprise Unified Communications to mobile devices » Enhance Situational Awareness through advanced wireless » Leverage commercial wireless infrastructure, transport & devices

SerVice S Manag eM ent

» Segregate authenticated USG users’ data from the public network » Authorize mobile access to apps in a USG private cloud » Secure centralized management & monitoring of wireless devices

D UaL- h O Min g » Enforce UGS mobile device restrictions within USG enclave » Allow USG mobile devices on commercial networks

cOVer ag e » Scale to smaller base-level enclaves to larger-scale enterprise agencies

B e n e fitS O f 4 g M O B i L e S O LU ti O nS

4G mobile services have the potential to dramatically change the way Federal Government accesses and provides unified

communications, resulting in improvements in Network Performance, Cost Savings, and Services Management.

Network Performance: 4G LTE technology extends unified communications to the mobile workforce, improves user

experience, and enhances situational awareness for mission-critical services. This technology offers major performance gains

over its predecessor technologies, including delivering broadband to the mobile user at a much lower cost per bit. Gains are

attributed to:

» Orthogonal Frequency Division Multiplexing (OFDM) – modulation techniques for increased spectral efficiency.

» Multiple Input Multiple Output (MIMO) – antenna technology for increased link capacity for better user experience.

» Flat IP architecture – end-to-end IP which reduces latency and enables real time interactions.

4g fOr the U.S. gOVernMent —trenDS & chaLLengeS

1 The 3rd Generation Partnership Project (3GPP). http://www.3gpp.org


2

Improvements in 4G over 3G technologies result in a 10-fold increase in throughput, 4-fold increase in spectral efficiency,

and a 6-fold gain in reduced latency.

Cost Savings: LTE delivers a single global standard, achieving higher economies of scale than 3G technologies. The

commercial wireless market is experiencing global investment in the LTE technology and user devices. For example, Global

Mobile Suppliers Association (GSA)2 reports that 327 operators in 99 countries have committed to commercial LTE network

deployments. Even now, it is estimated that there are 347 LTE devices from 63 manufacturers and 72 commercial LTE

networks in 37 countries. Fueling this dramatic subscriber growth is the explosion of mobile broadband data. It is projected

that global mobile data traffic is expected to grow at a compound annual rate of 91% over the next five years3. 4G Mobility

solutions provide the superior quality of service and cost efficiencies required to handle these trends in data growth,

subscriber increases, and mobile devices. The U.S. Government’s adoption of LTE should leverage commercial wireless

infrastructure and user devices, and potentially reduce service costs.

Services Management: A significant advantage of migrating to 4G mobile services is the potential to offer a secure end-user

experience. The USG’s adoption of LTE should leverage commercial wireless infrastructure and user devices, and therefore

potentially reduce service costs, increase the diversity of devices, and extend the availability of mobile broadband.

Mobile services management can be achieved through an LGS integrated

platform that manages dual-homing user devices across multiple networks

from the home to the government enterprise to secure enclaves. By providing

centralized control for device management, real-time policy-based identity

access, and real-time visibility across the network elements and application

layers, the Federal Government 4G workers have ubiquitous, secure mobile

services.

A significant challenge in realizing the benefits of 4G is to ensure the

security and integrity of highly sensitive and/or classified data. Examples

include authentication of user and network, centralized identity and device management, policy enforcement, and the

protection of data inside and outside the U.S. Government. Additionally, the Department of Defense (DoD) has unique

challenges such as the secure access of information at multiple classification levels under multiple authorities (DoD, DHS)

and the Certification & Accreditation process.

4G Mobile Solutions adhere to inherent, commercial LTE security mechanisms but also incorporate these security criteria:

» Ensure security & privacy

» Data integrity, separation, protection & management

» Policy-based service management

» Real-time traffic and threat analysis.

Same device - multiple networks & security requirementsSame device - multiple networks & security requirementsSame device - multiple networks & security requirementsSame device - multiple networks & security requirements

2 “Evolution to LTE,” June 4. 2012 - www.gsacom.com3 “Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update 2010-2015,” February, 2011.


3

SU M M a rY

4G Mobile Solutions will be a primary enabler to enhance the Federal Government’s workforce efficiency. Transparent

and secure access to high speed, broadband information reduces the time required to perform regular business regardless

of team members’ locations - anywhere, at any time, on any device. A key component of the recently announced Federal

Government’s Digital Strategy is the ability to deliver and receive digital content in any format in a safe and secure manner.

LGS 4G Mobility Solutions provide the foundation to transform the Federal Government’s IT infrastructure and achieve the

Digital Strategy goals.


4g MOBiLitY SOLUtiOnS frOM LgS innOVatiOnS


LGS 4G Mobility solutions offer secure mobile access to a wide

variety of end-user devices through value-added services, leveraging

commercial LTE infrastructure with carrier grade redundancy to

deliver mission critical services and applications. By enhancing the

government’s ability to securely send and receive high speed, broadband

information – anywhere, at any time, on any device – 4G Mobility

Solutions will significantly contribute to mission success, from the

warrior on the battlefield to protection of the homeland to improved

digital services for the citizen.


5

4G Mobility Solutions are built on Long Term Evolution (LTE) wireless broadband technologies, which are designed to

support high speed applications via mobile devices. With its architecture centered on Internet Protocol (IP), LTE, based on

3GPP Standards, has been designed to have excellent support for web browsing, VoIP, and other IP-based services. Through

the use of IP protocol stacks, LTE provides the first end-to-end mobile network capable of utilizing IP security mechanisms

that are accepted by many federal agencies to secure both data at rest and data in flight of the mobile user.

The “all IP” LTE architecture is shown in the figure below. In earlier wireless standards, voice switching and packet

switching were carried out in parallel. The circuit switching for voice communications is done in the Mobile Switching

Center (MSC), and data is handled in the Serving GPRS Support Node (SGSN) or the Packet Data Serving Node (PDSN) for

CDMA.

The lower portion of the figure shows the end-to-end LGS LTE architecture. Mobile terminals are served over IP channels

by eNodeB network elements in the Radio Access Network (RAN). The converged Evolved Packet Core (EPC) controls all

multimedia services. The control plane and data (or bearer) planes are separate, which facilitates scaling, data throughput,

QoS (Quality of Service) and a number of other advantageous features. LTE network elements integrate an all-IP backhaul

and transport network, Mobile Evolution Transport Architecture (META), to enable low latency (less than 20 ms end-to-end)

and the delivery of high throughput in a cost-effective way. META supports a diverse set of transport alternatives to enable

the evolution to all-IP across any media (copper, fiber, wireless, satellite). This flexibility is important for potential military

uses, which can be in widely varying environments that often have limited bandwidth in backhaul facilities. An additional

LTE architectural element is the IP Multimedia Subsystems (IMS) Service Delivery Environment (SDE), which efficiently

manages standardized VoIP and Video services and blends telecom with web 2.0, enabling rich multimedia applications

regardless of access technology.

Lte OVerView

n e w, a L L- i p M O B i L e cO r e n e t wO r K i ntr O D U ce D with Lte » End-to-end IP, every service delivered over IP » Clear delineation of control panel and data plane » Simplified architecture; flat-IP architecture with a single core

2G/3G

LTE+EPC


6

i n h e r e nt n e t wO r K S ecU r it Y

The 4G LTE standard builds in security features such as mutual authentication of the user and network, centralized identity

management, and policy enforcement.

End user authentication, tracking area list management, and idle mode mobile device access are functions managed in the

Mobility Management Entity (MME) of the EPC. The system-wide user identity is housed in the Home Subscriber Server

(HSS) database. The Policy and Charging Resource Function (PCRF) queries the policy database and enforces QoS policy.

Data plane traffic is carried over bearers in virtual containers with unique QoS characteristics. The PCRF supports dynamic

QoS management and the Packet Data Network Gateway (PDN GW) acts as the Policy & Charging Enforcement Function

(PCEF) point to maintain QoS /SLA for each of the service data flows.

e x te n D i n g th e r a D i O acce S S f O Otpr i nt

Small cells are small form factor base stations that may be deployed in USG campus environments or on military bases to

extend commercial wireless service in-building or outdoors. The LGS portfolio of small cell products has various form-

factors, commercial RF spectrum options, and output power levels.

Alcatel-Lucent’s award-winning1 lightRadio™ is a radically different small cell product family that is first of its kind.

The lightRadio™ technology is a single, scalable small cell, the “Cube,” which is multi-technology and multi-band with

wideband active antenna arrays, deployable on a pole, in a stadium or on a building façade, putting data capacity where it is

needed and extending RF coverage. Bell Labs’ analysis estimates that lightRadio™ achieves significant operational savings

over legacy RAN systems: 66% site rental, 60% civil works, and 51% power consumption.

th e h O M e SU B S cr i B e r S e rVe r (hS S) » Master user database » Supports the IP Multimedia Subsystem (IMS) network entities » Supports authentication and authorization of user » Provides information about the subscriber’s location

» Authentication » Tracking area list management » Idle mode UE reachability

» Query policy database » Enforce QoS policy » Request specific QoS

PCRF — Policy and Charging Resource Function

1Alcatel-Lucent’s lightRadio™ receives first place award in 2011 CTIA E-Tech Competition honoring emerging mobile technologies


7

The lightRadio™ incorporates Bell Labs innovations in RF, is

an end-to-end IP design with a software defined, ultra-compact

baseband System-on-a-Chip (SoC).

The lightRadio has integrated with Wi-Fi access. This innovative,

3GPP standards-based approach provides a ubiquitous and

economical alternative that may extend the U.S. Government’s

wireless on-campus footprint with trusted Wi-Fi and LTE in the

same cube-based cell. Furthermore, this solution offers seamless

and secure roaming between the 4G commercial and Wi-Fi

networks using the same mobile device.

SU M M a rY

The LGS 4G Mobility Solutions, based on LTE wireless technologies and value added services such as Mobile Device

Management and Mobile Apps can deliver secure high speed, broadband data - anywhere, anytime, to any device - and will

enhance overall mission effectiveness. A key component of the recently-announced Federal Government’s Digital Strategy

is the ability to deliver and receive digital content in any format in a safe and secure manner. 4G Mobility Solutions provide

the foundation to transform the Federal Government’s IT infrastructure and achieve the Digital Strategy goals.


wireLeSS SerViceS ManageMent fOr the U.S. gOVernMent


A significant advantage of 4G mobile services is the potential

for advanced end-user experiences with voice, data, and video

communications. LGS 4G solutions offer the U.S. Government value-

added services which secure wireless access, while leveraging

commercial infrastructure and components with carrier grade

redundancy to deliver mission critical services and mobile access to

agile, cloud-based applications.

The U.S. Government has mobility requirements beyond those of

commercial mobile subscribers. For example, the government should

control “who” has access to the network, “what” devices access the

network and “how” government data is handled by the network. LGS

value-added solutions incorporate an integrated approach to mobile

services management, which addresses these needs.


9

Mobile service management can be achieved through an integrated LGS services offer that supports dual-homing user

devices across multiple networks, from the home to the government enterprise to secure enclaves. By providing centralized

control for device management, real-time policy-based identity access, and real-time visibility across the network elements

and application layers, the U.S. Government fourth generation mobile worker can achieve ubiquitous, secure mobile

services.

Services that Secure the Network

LGS provides end-to-end managed services that secure the 4G network to the user devices.

End-to-End Services Management

LGS services management offers value-added services that:

» Centralize device configuration and management with policy-based rules

» Authorize access to public and private cloud-based applications

» Authenticate dual-homed devices that operate securely within a government enclave & roam to the commercial

network

» Provide end-to-end, real-time visibility of government application and network traffic.

4g SerVice ManageMent SOLUtiOnS

SERVICE MANAGEMENT PLATFORMKNOWLEDGE MANAGEMENT

Wireless NetworksDevices Mobile IP Network IP Network, B/OSS

USGServiceConsole Device Capabilities

Device ContentSubscripton

Access Management

Network Security

MDM Data Source Integration &Service Orchestration

Signaling & IP TrafficVisibility

Identity


1 0

Mobile Devices & Services Management

LGS leverages Alcatel-Lucent Customer Experience Solutions (CXS) to secure “What” is on the network. CXS performs

standards-based Mobile Device Management (MDM) that simplifies key user device touch points for activation, support, and

maintenance. It handles device operations and help desk capabilities to support and maintain a wide range of 2G, 3G, and

4G mobile devices:

» Android, iPhone, Blackberry Support

» Automatic Device Detection

» Configuration management

» Lock & Wipe, passwords, remote control, problem remediation

» Applications installation

» Multi-device-capable: handset, USB modems & CPEs.

CX Analytics (CXA) Services extend traditional MDM functions with end-to-end visibility and control of mobile broadband

services across the entire service delivery chain. These capabilities pinpoint and resolve customer issues by gathering and

analyzing critical QoE information from devices, back office, and network management systems.

Mobile Services Optimization

Alcatel-Lucent CX Optimization (CXO) Services help manage “How” a complex wireless user and network environment

operates through a powerful tool to optimize decision making and implement corrective actions. The ALU Wireless

Network Guardian (WNG) capability provides mechanisms to the U.S. Government to analyze and manage their data and

user traffic on the network.

Often wireless service providers stitch together separate performance and analysis tools to manage their networks, namely

RF analysis tools (cell performance without linkage to users, apps, devices, or Quality of Experience (QoE)), IP management

tools (aggregate IP apps, traffic, trends without connection to RAN/RF load, and performance or QoE), and customer care

tools (profile, trouble tickets, service plans, billing history without connection to QoE, usage, performance).

The Alcatel-Lucent CXO Wireless Network Guardian (WNG) overcomes these shortcomings. It automates and correlates

data and performs analysis from the user device through the network elements, thereby giving end-to-end visibility to

application, traffic performance, and anomalies. Several typical use case scenarios include:

» Alarms on heavy users and congested cells in real time; congestion-based policy management

» Understanding the relationship between network settings/policies and device/application behavior

» Identifying the impact of permitted/prohibited device features on network load and performance

» Identifying popular new “over-the-top” applications and their impact.

© 2 0 1 2 – L g S i n n OVat i O n S L L c - a L L r i g h t S r e S e r V e D

L g S , L g S i n n OVat i O n S , a n D t h e L g S i n n OVat i O n S L O g O a r e t r a D e M a r K S O f L g S i n n OVat i O n S L L c .

1 1

Identity Access Assurance

Securing “Who” has access to the network is done through a partnership with Daon’s IdentityXTM Identity Management

platform. Daon uses a smartphone’s ability to securely establish one’s identity through a combination of encryption, PIN

entry, location-based technology, and biometrics such as voice, face, and palm image matching. This allows the U.S.

Government to set the level of security for each type of transaction, such as financial, database, electronic health records, or

secure call conferencing.

The IdentityXTM Identify Management platform operates transparently and securely across a commercial wireless network.

When the customer initiates a transaction in the cloud (e.g., accessing an on-line health record), a request is made for access

assurance. Depending on the type or level of transaction and the configured verification methods associated with that

transaction level, the application prompts the customer to enter verification data on their phone through some combination

of biometrics and/or passwords. This may be used in conjunction with PKI-verified possession of the device itself and even

the user’s GPS location.

SU M M a rY

LGS offers managed services that incorporate device management, identity management, and network forensics to assist the

U.S. Government to better provision, control, and monitor their wireless traffic and device usage within the government’s

enclave, within the enterprise, and across the commercial networks. Our value-added 4G services management solution

addresses how to manage a complex wireless network through mechanisms that provide visibility to the cloud-based

applications and network traffic in an end-to-end manner.

Government threat and use profiles

Remote Access

Managed Security Center » Cellular asset surveillance

» Notification of issues

» Forensic analysis interface

» Load threat updates to system

» Integration with agency-unified threat management center

Extract government user flow and provide custom analysis

Notification and Analysis

Customized Control of Government Cellular Network Resources

9900 WirelessNetwork Guardian

5780 DynamicServices Controller

Backhaul

Monitorand analyze

Processand trigger

Anomaly notification

Packet coreRadio access

network

Documents

LGS 4G LTE Playbook