Future-proof your network, Part 2
Keep the big picture in mind and buy for the future.
By Laurianne Mclaughlin, Network World | Network World US | Published: 01:00, 25 August 2005
Following on from last week's future-proofing ideas, here are five more tips for to keep your infrastructure current.
6. Don't hang up on VoIP.
If you haven't deployed VoIP yet, leave the door open to the possibility, says Abner Germanow, enterprise networking research manager at IDC. Start with insisting on modular switches, he says. Depending on your network topology, you also might need to consider routers that can serve as backup for the voice traffic if the wide-area link goes down, he says. Consider a more expensive router with this kind of capacity, or realise you're going to need some other type of redundancy plan. "Be sure you'll be ready to solve this problem," Germanow says.
You've probably heard some buzz about VoWi-Fi, but should you worry about it yet? "If you're only using WLAN in conference rooms today, probably not," Germanow says. "But if your company has a mind-set toward mobility, voice will be part of that." Hospitals, for example, have led the charge with VoWi-Fi.
In this case, keep roaming and future dual-mode Wi-Fi/cellular handsets in mind. Because those standards are not set, ensure that vendors will commit to future IEEE standards.
7. Buy flexibility with Power over Ethernet.
For added and future deployments of VoIP handsets, wireless access points and security cameras, Power over Ethernet (PoE) technology gives generous flexibility with regard to where the devices can live. In a few years, you'll see even more devices taking advantage of PoE, such as laptop computers. Luckily, it's not hard to keep this option open because PoE doesn't mandate any change to Ethernet cabling. At a basic level, all you need is Category 5e wiring.
If you want to enable PoE later, you won't necessarily have to buy a new switch, because you can add a midspan product that connects PoE to legacy network switches. (Midspans also prove useful if you have just a small number of ports that will need PoE.) However, to be more forward-looking, make sure edge switches have built-in PoE capability. The only standard you need to worry about is the current IEEE standard, 802.3af .
The IEEE is working on a higher-power successor to 802.3af, which will offer more than today's 12W of power to individual devices. Expected to be ratified in about two years, this future standard will offer backward compatibility with today's access points and client phones, says PowerDsine CEO Igal Rotem, whose company is helping shape the standard.
8. SSL-based VPNs score for mobility, security.
Your company's need for mobility will only increase. In planning VPNs for remote workers, choose an SSL-based VPN instead of one using IPSec . An SSL-based VPN gives more scalability and flexibility to add users and applications, says Forrester Research analyst Robert Whiteley.
Johnson Matthey, a London specialty metals company, deployed its Netilla SSL VPN appliance about three years ago for e-mail and Microsoft Office, then easily moved up to about 60 applications, says Randy Colone, technical services manager at the US headquarters in Wayne, New Jersey.
The VPN provides tight security for work with contract programmers. "They get access to the VPN for certain time frames," Colone says. "I have total control." The contractors no longer have to be on-site and the VPN even provides access to production-related data living in an old AS/400.
More companies also are using SSL-based VPNs to secure applications on the LAN, making office workers log on via the VPN's strong authentication technology, just like remote employees. With dedicated appliances from vendors such as Juniper or Netilla (now part of AEP Networks), consider the entire potential remote workforce, not just the current one. (Appliance prices reflect the number of estimated concurrent VPN users.)
"Make sure you buy a box with headroom, so it is just an issue of buying licenses," Whiteley says. Another important option: Vendors such as Cisco have begun offering cost-effective SSL VPN modules that snap into switches such as the Catalyst 6500.
9. Stay nimble on security.
Security proves a particularly tough planning challenge because the threats constantly change. "Recognise that security is different," says cryptography expert and Counterpane Internet Security founder and CTO Bruce Schneier. "It's not about features or performance, so you can't really future-proof your network against future attacks. Make sure you can install new security quickly and efficiently."
In the wireless world, one key option you can take now is 802.1x authentication. "You're taking an inherently insecure technology like WLAN and adding very strong authentication technology," Network Test's Newman says. "Plus 802.1x also carries into the wired world." By extending 802.1x authentication to your LAN switches, you add a good layer of protection, he says.
At minimum you'll need an authentication server such as a RADIUS server. Overall, look for strong encryption on every link of the network. Also remember that single-sourcing from a software vendor increases your risk. "It doesn't make sense to be an all-Linux shop, an all-Windows shop," he says.
10. Consider the big picture more often.
To truly future-proof your network, it's not enough to stay on top of port counts and protocols. Future-minded network planning also means understanding where your company's business is heading and what that in turn means to the network.
Multi-casting protocols, for example, aren't a concern for many businesses outside of financial services yet, Newman says. But you need to consider whether your company's goals might take you there later. In a similar vein, it's worth the time to keep closely tuned to your network vendors' future product and business strategies. You certainly want vendors that are committed to upgrading hardware/firmware/software and whose product lines won't need full replacements.