LAN and WLAN can be implemented in companies often separated and managed. This has serious operational and safety-related disadvantages. Both areas should therefore be monitored and managed uniformly.
Let me sketch a fictitious scenario: When prototypical middle-engineering plant Schräuble & Co. with 2,000 employees, the users are dissatisfied with the services of IT. The networks do not function as they should. An important reason: It lacks a unified network management for LAN and WLAN.
Employees are mobile only limited features available, for example, they cannot partly access important business data, no faxing and printing. You also can not smoothly roam in the company, because the Wi-Fi radio shows again and again gaps. When switching between wired and wireless they need to re-authenticate each.
The company's management refers to security risks. A unified security and authorization architecture because there are not, which is why it is also prohibited to discontent of the workforce to use private mobile devices for business purposes. Guests get manually WLAN voucher issued on the IT cumbersome leads lists.
When the company buys a competitor who uses different network technology in wireless and specialized WLAN manufacturers to which the company has set the Wi-Fi in the material storage, is insolvent, the situation escalates: The support for the camp implemented products is no longer guaranteed, The IT administration, only a handful of employees, stated that their resources are exploited to the limit. A fundamentally different solution must ago, otherwise one could not guarantee anything.
These and similar situations are not uncommon. Most LAN and WLAN are administered completely separately, or wired and wireless management are indeed latched into a superior management system, but still remain functionally largely unconnected. This is due to the historical development of many infrastructures: While an extensive LAN has long been a matter of course in most companies, and were WLANs are departmentally constructed over time as projects and are functionally oriented mainly on the relevant department interest.
Design network management top-down
So what to do? The answer is a centralized and unified network administration that tackles the needs of employees and management to the network. On this basis, we define role-based and for the entire infrastructure who needs access to what data and applications in which bandwidth. A single login process should automatically provide the users with all the resources that they need legitimate access - with any device, location and medium. Thus, the management solution must be selected such that it supports the corresponding features.
Basically, an integrated management system should bring functions for all FCAPS areas (error analysis, configuration, network accounting, performance management and safety, ISO management standard), namely uniformly under a common user interface for LAN and WLAN. Central to this is a cross-media and independent role based user management. Is how often an Active Directory available, the management software should cooperate with it. Because here, it is not only the core of management simplification, but also creating a secure network. Only with a role-based user management, the Access data no longer need to be maintained or application-based media, and authorization rules are not dependent on people, but from the roles they occupy. If an employee leaves his company and another takes over its function is assigned to the same role, this person is automatically given the same rights as soon as she gets the role. Function changes in the company are reflected automatically on new roles in new permissions again.
Substantial relief it means for IT managers when the central management application brings functions for the establishment of guest access in self-service. Because this task as before, more or less to solve by hand is hardly expected of an already overburdened IT department and breaks the rest, the unified security architecture that will enable the management system precisely.
Network Access Control (NAC)
Technically, security for network access control (NAC according 802.1x) and Intrusion Prevention on the wireless side. For Wi-Fi, this means: The management system shall recognize that indicate the presence of undeclared APs or other interference sources, the signals from the access points. Because the access points that take on this task in WLANs often alone, the network scan usually only during half the time, because they otherwise transmit data. VLANs (Virtual LANs), logical outward insular, encrypted connection channels, a central means of confidential communication also remain unified network management, but should extend over LAN and WLAN.
Is almost self-evident, that a management solution staff should not shut out because they use the "wrong" operating system on your mobile device. Whether Android, iOS, Blackberry or whatever will gain shares in the future - a future-proof management system has at least the major platforms supported and expanded in this regard on a regular basis. On the subject of sustainability also means that the management system supports open standards, including SDN (Software Defined Networking) in the form of OpenFlow and is regularly updated accordingly. Proprietary developments may be advantageous at first glance - in the long term they often lead to dead ends.
Finally, a critical look at the manufacturer's own necessary: Although newcomers often present interesting developments. That they and their products to their customers in ten years still afford good services, but they have yet to prove. Very promising is a manufacturer with successful history in this field, which also upgrading their products regularly and demonstrably possess a documented developmental pipeline. Also, it does not matter if the partner of choice also offers wired and wireless equipment. Because of the simplified design of a unified infrastructure of course. An example of a product that meets the requirements listed, HP IMC is.
Selection and implementation of strategy and product focus, moreover, according to the infrastructural conditions, with three main variants are possible:
• LAN and WLAN - coverage or partially - in place, but are managed differently.
• There is an extensive LAN together with management software, but no WLAN. The WLAN is needed, however.
• It is a complete re-implementation, such as in a completely renovated building.
Management functions are more important than hardware
The easiest approach is naturally in complete new implementations. Here you can plan freely and this should be starting to do with the management needs, top-down as described above until a suitable management solution is found. It was only after the selection of the management product it comes to the hardware selection. This single feature specialized manufacturer are less important than the interaction of all components with each other, with users and management system. Causes the least amount of effort it if all components come from one source. Training, maintenance and operation are the easiest in this case, since there is only one contact person.
Nevertheless, in order to obtain the freedom of choice, you should make sure that the components support possible only open standards instead of proprietary technologies. So-called factory defaults are no substitute for openness, since although they guarantee proper functioning of a unified infrastructure, but the freedom of choice to limit - for example, if the manufacturer should have problems Products discontinues or surprising technological twists accomplished.
When implementing WLANs is particularly important to ensure professional planning of illumination, otherwise later annoying cover gaps must be filled. The technology selection should evaluate sustainability high and therefore choose for example a standard with sufficient bandwidth, i.e. no longer in 802.11 b / g set, but on newer versions that have more to offer here. In addition, all wireless components should support the current management standards and capabilities. New buildings need cable runs, even if the internal infrastructure is largely planned wirelessly. After all cable connections to the wired backbone usually required by the Access Points.
New Wi-Fi
Is already a LAN with a management system available, while the WLAN is re-implemented, it first checks whether the LAN infrastructure in the light of new requirements should not be replaced in any case. This is the case when the components have reached the end of its life, coming from a defunct manufacturer or below the current bandwidth and capacity needs. In this case the procedure as to "greenfield" applies.
Otherwise, you should consider to what extent the existing LAN management system can be expanded through the purchase of new modules to provide additional wireless management functions. If not, you can look for a management system that the newly constructed WLAN and LAN managed as a unit, but possibly comes from an independent manufacturer or the manufacturer of the WLAN. However, this solution often requires compromises in terms of comfort and the completeness of joint management. So you should find all solution alternatives are compare in terms of their life-cycle costs (flanging of modules to existing LAN management system, procurement of an independent unified management system), while also difficult to quantify factors such as user satisfaction, consider administration expenses for guest access and security. To implement two separate management systems consistently, is not recommended for the reasons mentioned at the beginning.
A bit of both
A managed LAN and managed wireless Islands present but no unified management, it is first necessary to consider whether the existing network hardware still meets the current requirements. Also, the LAN may have reached the limit of its service life or performance, because a broader band WLAN loads connections to the corporate backbone stronger. The WLAN to test for compliance with the bandwidth, coverage and functional gaps and fixes them, which often anyway amounts to a partial exchange. For older wireless access points are often too slow and or they lack current security and other features. Finally, one should take into account all considerations that desired within the lifetime of the infrastructure services and applications, such as unified communications, M2M (Machine-to-Machine Communications) or BYOD (Bring Your Own Device), as well as future standards such as SDN.
However, most companies want to maintain the existing cost reasons at least partially and only gradually upgrade. Then stand compromises on the management level, because the goal should be a high degree of standardization in this case. Therefore, one must first decide whether one of the existing management platforms and relieved the other can be supplemented by additional modules so that a uniform possible management arises.
A further possibility is to introduce a higher-level software layer, all management functions and products are under the. Often, however, such solutions offer only cosmetic improvements: Under a unified interface, most functions remain separate, still two or more systems to maintain and operate. Finally, users can also introduce an overarching third solution that neither originates from the LAN by wireless manufacturers, nor replace the proprietary vendor products. Then they will, however, usually can perform only less profound management functions than with the proprietary specialized tool of those sites.
With the goal of a unified security and authorization infrastructure should be abandoned, however, in no way, because it promises great value. This cannot be realized with the existing hardware, a hardware replacement may also be useful if the existing equipment to meet the critical speed and performance needs yet. After all, the money saved by retaining the existing hardware costs is often later medium by higher expenses for maintenance and management, and in the long term more than compensated.
No comments:
Post a Comment