Good practices can mitigate some of the risks associated with satellite communications. Firms that have all their offices or plants linked via satellite/ VSATs should carefully consider the exposures. For example, one paging company suffered customer ill-will and economic loss because the satellite it was using to relay pages stopped functioning. The following description of a satellite breakdown and its consequences is courtesy of 911 magazine (August 1998, www.9-1-1magazine.com):
The Day the Pagers Went Silent
When the PanAmSat Galaxy IV Communications Satellite got knocked out of its orbit for a couple of days in May, it also knocked out the majority of pager communications in the United States.
Launched in 1993, the $250 million HS-601 spacecraft stopped relaying pager messages, television news feeds, and all sorts of broadcast data communications around 6PM PST on May 19th when the satellite's onboard control system as well as a backup switch failed and it rotated out of its proper position. PanAmSat, which owns the satellite, scrambled to establish communications with the Galaxy 4, finally re-establishing its position on the evening of the 20th. That affected thousands of emergency communications centers nationwide, which depend on pagers to notify responders and senior staff of emergencies…
"I would hope that in the future, this type of failure will be automatically corrected by electronic or computer means without having to manually redirect antennas or reprogram computers," said Miami's Charles Manetta. "This is how many telephone failures are corrected and are transparent to the end user. Time will tell."
The failure was not without irony. The Phoenix Disaster Recovery Newsletter reported:
For several hours after the spacecraft failure, the president of PanAmSat tried desperately to get in touch with Hughes' technical team in charge of engineering for Galaxy 4. After more than 3 hours, he finally contacted GM senior management (owner of Hughes, of course) by telephone. He said he'd been trying to contact Hughes' techno geeks for hours. "Why," he demanded, "didn't your people respond to my pages?"
Had a contingency plan been in place (including alternate satellite), resumption of service would have been quicker. Following are some of the most common control and security measures employed for VSAT satellite systems:
-
Change control. Both the remote VSAT dishes and the central hub are attached to a myriad of software and hardware support systems. For example, central hub operators, including providers such as Hughes Global Services and Gilat Satellite Networks Ltd., must be extremely careful with the software that controls repositioning of the hub dish. Otherwise, an error could cause the signal to become so attenuated that communication would stop. Of course, the usual communications infrastructure, including hubs, routers, and network management software, should also be included in change control. Occasionally, perhaps once per year or every six months, hubs need to be brought down for maintenance (physical and software upgrades). This schedule should be published well in advance.
-
Equipment redundancy. Spares for critical equipment such as the IP gateway (links the organization's LAN/WAN to the satellite system), specialized modems, encryption boxes, and other satellite-specific devices should be available and periodically tested.
-
Backhaul redundancy. The backhaul circuit is usually a terrestrial communications link, such as a T1 or Frame Relay circuit, that connects one or more central locations to the satellite hub. If this link is cut by a backhoe or loses function for some other reason, communication is lost. Hence, a duplicate circuit, perhaps from a different long-distance provider, but at least in a different conduit, is required.
-
Power. For redundant equipment that is on hot standby, a separate power source provides protection from power supply failure. For example, a dual 250W hot-swap redundant power supply may be required for some devices.
-
Backup arrangements. Satellites are expensive. The launch alone is typically $50 to $400 million, with costs further exacerbated by occasional launch failures. As a result, satellite transponder space is at a premium. Organizations relying on satellite communications for critical business functions cannot assume that they can "throw money" at the satellite vendors and get backup service quickly. Much of the capacity is booked months, even years in advance. Spare capacity should be obtained in advance of need.
-
Disaster recovery planning and testing. In addition to negotiating with their satellite provider for backup capacity, organizations need to carefully design their response to a satellite failure. VSAT dishes will most likely need to be repositioned in every office or plant using the service. The whole reason for having a satellite remain geo-stationary is that the field dishes can be set and locked to look at a specific point in the sky. Practically, it may take weeks for a large network of VSATs to get repositioned and correctly adjusted, because a trained technician must do the work.
-
Service level agreements (SLAs). Service level agreements should be established for the hub operator, satellite service, and dish maintenance vendor. Frequently, the hub operator and dish maintenance vendor (for field locations) is the same provider. SLAs are particularly important for satellite failure because that is the most difficult step in recovery. If, for example, backup transponder space has been purchased on the same satellite, then the SLA should state how long it will take to transition operations. From the perspective of the field office or plant, what is the response time for dish or RF (radio frequency) equipment problems? Chart below summarizes key issues to be addressed in satellite service level agreements.
-
Capacity planning. While the downlink bandwidth (satellite to VSAT dish) can be quite large, the uplink is often no more than could be expected from a terrestrial modem and sometimes less. As more VSATs are added, the uplink capacity of the system will degrade unless more "in-routes" or uplink bandwidth is added. If an organization has specific bandwidth needs that are highly likely to occur, it should consider purchasing extra transponder space so that there is no delay when the need arises.
-
Network Management System. Components of the satellite communications system should be SNMP (Simple Network Management Protocol) addressable so they can be monitored along with the rest of the organization's communications infrastructure.
-
Physical/electrical protection. For VSAT dishes, a lightning arrestor and surge arrestor are de rigueur. Trees, bushes, and other obstructions can interfere with the line-of-sight. Often when the dish is installed, adjacent trees are small but with growth they steadily decrease the signal strength. Access to the facility should be restricted as well.
-
Expertise. For those firms with enough VSATs to justify owning their own hub — an investment in excess of $1 million — highly skilled technicians are required. Backup personnel (perhaps including contractors) should be available.
-
Spare parts. Particularly for hub operators, spare parts will prevent delays in operations.
-
Documentation. As in other complex systems, documentation of frequencies, sites, IDs, network schematics, etc. is important. Firms operating their own hubs need to pay particular attention to documentation because of the inevitable drift toward technical uniqueness.
No comments:
Post a Comment