Recently during a discussion with a potential client, I was asked a question which gave me pause: “What is your experience designing PONs?” I had heard of Passive Optical Networks (PONs) through general articles about how fiber-to-the-home works, but I had to be honest, I had none.
I consider myself somewhat network savvy – I have a number of Cisco certifications and I have designed a number of robust networks for large-scale security designs – but had yet to encounter PONs in a security design application.
I wondered if it was simply a curveball question; however, over the following weeks – possibly because my ears were now tuned to the acronym – I heard more and more references to PON. Finally, at a weekly company meeting one morning, my colleagues and I looked at each other one morning and asked, do we need to become smart on this topic?
Drew Deatherage, Principal and Co-Founder of Crux Solutions, says the answer is yes. “We have talked about convergence for years in the security industry and it has finally become a reality,” he explains. “Since security technology is now riding (hopefully on a VLAN) on our central data networks, then as goes the data network then so goes security. We are seeing fiber-rich networks take hold in the U.S. in key markets such as hospitality, education and healthcare.
“We expect passive, fiber-rich networks to grow exponentially, so it will be imperative for security designers to become familiar with the technology as security systems will be served on the converged optical network,” Deatherage adds.
PONs Defined
Broadly speaking, PONs replace active network components with passive optical splitters. “Passive” refers to the notion that powered equipment is only required at the source and receiving ends of the signal. In between the two, signals are split using unpowered and unintelligent optical splitters, which allow one source fiber to serve a large number of end-devices. For larger-scale networks, the result is a drastic reduction in the number of active network components (switches, routers, etc.). With the reduction in network components comes less power, cooling, closet space and network management resources.
There are three main components to a simple PON. At the source end, a traditional Ethernet router is connected to an Optical Line Terminal (OLT). The OLT is an intelligent device which handles the conversion from electrical to optical signaling, as well as other complex functions like multiplexing and data traffic management. OLTs can be designed with redundancy features for high availability.
From the OLT, fiber extends outward and is split using passive optical splitters. These branched fibers are then brought to field device wiring termination locations – think security panel locations, or wherever you aggregate field wiring. At these locations, Optical Network Terminals (ONTs) convert the fiber optic signal back to standard RJ-45 electrical Ethernet ports. ONTs commonly serve as many as 24 end-devices, can inject Power over Ethernet (PoE), and will preserve all network configuration protocols, such as VLANs and QoS. ONTs come in a variety of form factors, including rack-mount, desk-mount, indoor/outdoor, etc. Due to their upbringing in the telecom industry, many are built to withstand some pretty harsh conditions.
PONs vs. LANs
Deatherage notes there are several key advantages of using PON-based schemes for security projects over copper-based LANs.
First, passive networks utilize single-mode fiber, which is less expensive than copper and will not require replacement in our lifetimes. Second, since PONs eliminate much of the active network components required in copper networks, clients can save up to 90 percent in floor space and consume up to 80 percent less power.
Since PONs are built on telco-grade equipment, they are durable and should last 25 years. Important for many projects, single mode fiber overcomes the 300-foot link limit and can reach 12 to 20 miles without extenders or repeaters.
Finally, PON can provide tremendous CapEx savings on large projects, but can provide substantial OpEx savings in virtually any size network due to the reduced management and maintenance requirements.
PONs and Cybersecurity
As the electronic security industry continues to wrestle with successful implementation of cybersecurity protocols on traditional copper-based networks, PONs may be part of the solution.
With a PON, an Element Management System (EMS) is used to establish role-based access to network endpoints. The EMS sets strict rules for endpoint access through credential-based authentication and authorization. It also sets global profiles that include access policies that are then filtered down to ONTs and other network components.
ONTs, often located in field closets, are simple devices that do not store user or provisioning data. Since PON management is centralized at the OLT, the ONTs are designed with no local management access, which means there is no need for humans to update or manage them regularly.
Simply put, they represent a far lesser vulnerability than a typical network switch that has not been properly programmed, provisioned, and updated.
Educational Resources
If you are feeling overwhelmed by a whole new set of design techniques and associated industry jargon, there are a number of great resources on the web to help you develop a solid understanding of PONs. APOLAN (www.apolanglobal.org) is a non-profit organization working for wider education and adoption of the technology, and has a number of free resources for download.
Manufacturer websites can also be a great resource. The main players in the PON market are Tellabs (www.tellabs.com), DasanZhone (www.dasanzhone.com), Nokia (www.networks.nokia.com/solutions/passive-optical-lan), and Corning (www.corning.com/opcomm).
Brian Coulombe is Principal and Director of Operations at DVS, a division of Ross & Baruzzini. He can be reached at [email protected], through Linked in at www.linkedin.com/in/brian-coulombe, or on Twitter @DVS_RB.
