How to Optimize Your Toolset to Tackle Today’s Network Issues
Software-defined networking (SDN) and the Internet of Things (IoT) are sure to affect the future of networking. As such, they currently enjoy the lion’s share of broad industry attention. Now, there’s no harm in devoting time to thinking about and planning for trends on or slightly beyond the horizon; in fact, it’s smart to start doing so.
However, taking a step back, there are much more concrete issues affecting enterprise networks in the here and now that still need addressing to keep business running smoothly. Specifically, the cloud, IPv6, virtual desktop infrastructure (VDI) and wireless are important trends impacting networks today that most organizations haven’t fully solved.
What follows is an outline of the core challenges each of these trends presents and suggestions on how network engineers can overcome them.
There are three primary cloud-related challenges network engineers face today.
The first is security. It can be easy for network engineers to fall into the trap of thinking that because they’re not directly responsible for a cloud service provider’s security, they’re no longer culpable in the event of a breach related to the security of their organizations’ data traffic while it is in transit to or from a cloud provider. That's a mistake.
This also relates to the second key networking-related challenge of the cloud — lack of visibility into data traffic’s movement and behavior once it leaves the firewall. While this has security implications, not knowing how a cloud provider is routing and optimizing traffic also has significant network performance implications.
Thirdly, there's bandwidth. Planning for the bandwidth needs of known cloud services is difficult enough. For example, in the context of moving to cloud-based email services, Microsoft Office365 throttles the amount of email data you can migrate at any one time. So, if you have three (or 300) terabytes of email data, the migration will not happen over a weekend. Even more difficult is planning for the unknown; end users leveraging online storage, file sharing and other cloud-based services without IT’s knowledge. This, of course, has security repercussions, too—free or freemium cloud services are becoming just as much an aspect of the shadow IT phenomenon as anything else.
Unfortunately, there aren’t any magic bullets when it comes overcoming these challenges. The best thing IT professionals can do is understand and be very clear about the security risks they are most concerned about, the corporate security regulations that must be followed, and mandatory compliance certifications. Then they must work with their cloud service provider to jointly build a plan to meet these requirements. This might also include changing the definition of the "edge of the network," and adding tools that increase insight into the new areas; for example, adding security logging collectors to the Internet-facing WAN connections. For performance, simulating the user experience is a good start. NetFlow and deep packet inspection can also help in certain circumstances. To stem the bandwidth (and security) issues of unauthorized cloud services, IT can block specific services company-wide, but administrators should make sure they have management buy-in and offer alternatives services; after all, there is a reason end users sought out that particular shadow cloud service in the first place.
The impending transition from IPv4 to IPv6 has been an ongoing discussion for years: the Internet is running out of IPv4 addresses, IPv4 isn’t future-proof, IPv6 will make managing networking services much easier, and so on. Despite the buzz, IPv6 addresses still make up just a small percentage of today’s Internet. And adoption will likely continue to be slow — mostly due to costs associated with making the switch.
Network administrators should not be fooled, as it’s highly likely IPv6 is already enabled and operational in many organizations whether they know it or not, creating shadow networks of unmanaged IPv6-enabled devices that can pose significant security risks. IPv6 packages remain relatively unknown and unmonitored, and devices using IPv6 addresses can contain security flaws that go unnoticed by network administrators. In addition, even known IPv6 addresses can put more strain on networks by sometimes taking more — and unexpected — routes.
Network administrators should try to simplify the whole process of IP address management — for IPv4 and IPv6 — to eliminate network conflicts and outages, track critical assets, ensure network security and provide reports based on a wide range of parameters, including IP address status. It’s also important to identify and document devices that currently support IPv6, map existing IPv4 space and proposed IPv6 space, and document devices that need to be added or replaced for IPv6 support. Lastly, true application firewalls can untangle even the most sneaky device conversations, get IP address management under control, and also get network equipment ready for IPv6. They can classify and segment device traffic; implement effective quality of service to ensure that critical business traffic has headroom; and of course, monitor flow.
VDI changes business data flow: physical machines run virtual desktops, each of which clamors for server, email or application access, and as is the case with most companies using VDI, a softphone client is then introduced. With the addition of voice data to desktop applications, it can be difficult for network administrators to maintain correct data flow and manage traffic for employees’ virtual desktops.
When managing a VDI environment, network monitoring intersects with both virtualization and application monitoring. It’s beneficial for network engineers to know if users’ virtual sessions are running smoothly and under control. Many of the tools and techniques already in use to tackle other networking issues, such as BYOD, can help here as well; in particular, end-to-end application stack visibility.
Wireless is as a mature technology as they come. Nobody wants to pay good money to wire up a cubicle farm anymore. The low cost to buy and manage wireless equipment makes it a no-brainer for almost any environment, but it creates challenges around adequate signal strength, managing IP addresses and channels for physical mobility. Wireless-enablement can also quickly get out of hand and large wireless environments create their own new kind of issue.
"Suddenly you’re tracking 187,000 devices. Unlike an office where most users roam between their desks and a conference room or two in a fairly reliable pattern, I have herds of thousands of students sweeping majestically across campus like technology-laden wildebeest crossing the Serengeti," one executive who runs IT for a large university told SolarWinds.
What’s needed to tackle the challenges associated with wireless once and for all are tools like IP address management, wireless heat maps, user device tracking, and over-subscribed access points. The problem is that many of these tools have traditionally been cost-prohibitive, but newer options open doors to implementing these technologies you might not be aware of.
Network engineers should consider how and when their organizations transition to SDN. They should plan for how they will address IoT and the tidal wave of connected everything it includes. But they shouldn’t forget the issues affecting their networks today. Most have only scratched the surface in terms of addressing the network-related challenges of the cloud, IPv6, VDI and wireless. With the suggestions outlined here to more fully do so, their networks will be ready to take on what comes next.
About the Author:
Leon Adato is a Head Geek and technical evangelist at SolarWinds, and is a Cisco® Certified Network Associate (CCNA), MCSE and SolarWinds Certified Professional (he was once a customer, after all). His 25 years of network management experience spans financial, healthcare, food and beverage, and other industries. Follow him on Twitter @LeonAdato and @SolarWinds.
Before he was a SolarWinds Head Geek, Adato was a SolarWinds® user for over a decade. His expertise in IT began in 1989 and has led him through roles as a classroom instructor, courseware designer, desktop support tech, server support engineer, and software distribution expert. In the early 2000s, Adato got involved with systems monitoring and has since worked with a wide range of tools including Tivoli®, Nagios®, Patrol, ZenOss®, OpenView, SiteScope, and of course SolarWinds. He has designed solutions for companies that were extremely modest (approx. 10 systems) to those that were mind-bogglingly large (250,000 systems in 5,000 locations), through which he gained experience monitoring all types of systems – routers, switches, load-balancers, and SAN fabric – as well as Windows®, Linux®, and UNIX® servers running on physical and virtual platforms. His career includes key roles at Rockwell Automation®, Nestle, PNC, and CardinalHealth providing server standardization, support, and network management and monitoring.