Client Experience: Shanghai Metro Operation Co., Ltd.

To cooperate with the parallel coverage of cross rail network and under the combination of the existing station network and operator communication network, ICEFLOW Network provides a brand-new SSL VPN secure mobile access network and NP-QoS online behavior management system for the data communication security of Shanghai Metro. It also provides high efficiency of internal network security management and flow control management for the office network to realize the isolation of production and office zone networks.

1) To cooperate with the parallel coverage of cross rail network, realize a thorough coverage of the existing station network ticket system and to build up an interconnection communication encryption network to ensure transmission security.

2) To realize the isolation of production and office networks and to conduct internal/external network user’s visit authorization and classification management to ensure the security of internal network operation.

3) To carry out flow control mechanism to guarantee a reasonable network resource usage among each department and to get rid of ineffective bandwidth occupation and so on.

According to the implementation plans from each place, ICEFLOW has customized mobile access and internal network solutions for Shanghai Metro IT operational department. It is mainly on the basis of ICEFLOW SSL VPN and NP-QoS online behavior management. Starting from the accessibility of communication security and application management, it gives further play to the advantages of ICEFLOW remote mirror technology, virtual workbench technology, smart resource release, etc. and carries them out into every single practical application.

As shown in the figure and following the planning and construction program:

Firstly, ICEFLOW TSSL VPN tunnel mobile interconnection shall be set up for the production network and the whole network is not allowed to have any direct contact with the public network.

Secondly, because all users, irrespective of on office network or on external mobile network, are all needed to be connected to the public network to acquire corresponding information resources, a further dual nets isolation setting for ICEFLOW SSL VPN is necessary to ensure the application level and visit authorization of various departments.

Finally, according to the management demand by an enterprise to internal network users the online behavior management system of ICEFLOW NP-QoS shall be employed to conduct internal network and flow management and control for office network users so as to guarantee the normal operation of key businesses.

The above-mentioned measures cover two implementation stages of SSL VPN and NP-QoS online behavior management to fully guarantee the business continuity of Shanghai Metro ticket center.

1) ICEFLOW SSL VPN accords with the password security certification of State Administration of the Commercial Passwords and employs SSL encryption tunnel for transmission so as to fully improve the security guarantee of the production network of Shanghai Metro and to reduce the risk of businesses;

2) It carries out dual nets isolation to further provide security guarantee for the production network. The fault healing function of ICEFLOW VPN has further ensured the business continuity and stability of the whole network of Shanghai Metro;

3) From an enterprise management perspective, not only humanized intelligent flow control is provided to maintain an unblocking state for essential applications; meanwhile effective auxiliary information is provided for personnel performance assessment through an individual online behavior report to reduce negative factors of personnel management.

Based on the general network behavior, individual network behavior and the active degree of essential application work of each department and in combination with relevant factors of work time and work proportion etc., it allocates online flow smartly so as to ensure the quickness and smoothness of the network applications. The flow control strategy of NP-QoS consists of abandoning ineffective blocking, taking smoothness maintaining as a core strategy, which means to ensure the promptness and smoothness of core and essential applications first and then intelligently adjust the remaining bandwidth to other network applications, meeting the prompt need of essential applications from each department and also improving IT application value through smooth network access under sufficient bandwidth circumstances.

By the year of 2012, the construction of 13 lines will be accomplished as planned for Shanghai urban rail transportation. The 500-plus operational mileage of Shanghai rail transportation will basically meet the major trip needs of down-town population, forming the largest urban rail transportation network in all the big cities around the world. With basic cross rail network construction as the platform, core competitive capacity and scale operation advantages are ceaselessly formed to push forward the sustainable development of Shanghai rail transportation, which is the foundation for Shanghai Metro to be based on long-term goals.