By Leon Adato, Head Geek, SolarWinds
Software defined networking (SDN) and the Internet of Things (IoT) are key technology trends sure to affect the future of networking. As such, they currently enjoy the lion’s share of broad industry attention. Now, there’s no harm in devoting time to thinking about and planning for cutting edge, on or slightly beyond the horizon trends such as these, and in fact, it’s smart to start doing so.
However, taking a step back, there are much more concrete issues affecting enterprise networks in the here and now that still need addressed in order to keep business running smoothly. Specifically, the cloud, bring-your-own-device (BYOD), IPv6, virtual desktop infrastructure (VDI) and wireless are important trends impacting networks today that most organizations haven’t fully solved.
What follows is an outline of the core challenges each of these trends presents and suggestions on how network engineers can overcome them.
There are three primary cloud-related challenges network engineers face today.
The first is security. It can be easy for network engineers to fall into the trap of thinking that because they’re not directly responsible for a cloud service provider’s security, they’re no longer culpable in the event of a breach related to the security of their organizations’ data traffic while it is in transit to or from a cloud provider. That would be a mistake.
That also relates to the second key networking-related challenge of the cloud — lack of visibility into data traffic’s movement and behavior once it leaves the firewall. While this has security implications, not knowing how traffic is being routed and optimized by a cloud provider also has significant network performance implications.
The third key network challenge brought on by the cloud relates to bandwidth. Planning for the bandwidth needs of known cloud services is difficult enough. For example, in the context of moving to cloud-based email services, Microsoft Office365 throttles the amount of email data that can be migrated at any one time. So, if you have three (or 300) terabytes of email data, the migration will not happen over a weekend. Even more difficult is planning for the unknown—end users leveraging online storage, file sharing and other cloud-based services without IT’s knowledge. This, of course, has security repercussions, too — free or “freemium” cloud services are becoming just as much an aspect of the shadow IT phenomenon as anything else.
Unfortunately, there aren’t any magic bullets when it comes overcoming these challenges. For security, the best thing IT professionals can do is understand and be very clear about the security risks they are most concerned about, the corporate security regulations that need to be followed and the compliance certifications that must be achieved when it comes to data security. Then they must work with their cloud service provider to jointly build a plan to meet these requirements. This might also include changing the definition of the “edge of the network,” and adding tools that increase insight into the new areas; for example, adding security logging collectors to the Internet-facing WAN connections. For performance, simulating the user experience is a good start. NetFlow and deep packet inspection can also help in certain circumstances. To stem the bandwidth (and security) issues of unauthorized cloud services, specific services can, of course, be blocked company-wide, but administrators should make sure they have management buy-in and also offer alternatives serves — after all, there is a reason end users sought out the “shadow” cloud service in the first place.
No longer considered an optional perk, employees in organizations of every size now expect that they will be able to connect their personal devices of choice to their organizations’ networks in some capacity. Thus, BYOD has posed a whole host of challenges to the IT department since gaining popularity in recent years.
Network administrators now must think of every employee as at least two devices connecting to company networks and systems, and likely even more, at least doubling concerns around security, overall network complexity and connection volume and density. In effect, already-complex network environments are placed under even more pressure as users access services both inside and outside the network firewall, straining resources which may not have been correctly provisioned in the first place.
To overcome these challenges, network engineers need packet inspection tools as well as bandwidth or SNMP monitoring solutions. Tracking and managing device IP addresses as well as monitoring the resources these devices are accessing to ensure applications are still performing quickly and efficiently while being on the look-out for anomalies that could be signs of a breach are important, too. Ideally, a holistic view of all these resources, also known as the application stack, is what should be sought.
The impending transition from IPv4 to IPv6 has been an ongoing discussion for years: the Internet is running out of IPv4 addresses, IPv4 isn’t “future-proof,” IPv6 will make managing networking services much easier, and so on. However, despite the buzz, IPv6 addresses still make up just a small percentage of today’s Internet. And adoption will likely continue to be slow — mostly due to costs associated with making the switch.
However, network administrators should not be fooled by this, as it’s highly likely IPv6 is already enabled and operational in many organizations whether they know it or not, creating “shadow networks” of unmanaged IPv6-enabled devices that can pose significant security risks — IPv6 packages remain relatively unknown and unmonitored and devices using IPv6 addresses can contain security flaws that go unnoticed by network administrators. In addition, even known IPv6 addresses can put more strain on networks by sometimes taking more — and unexpected — routes.
To overcome these IPv6 challenges, first, network administrators should try to simplify the whole process of IP address management — for both IPv4 and IPv6 — in order to eliminate network conflicts and outages, track critical assets, ensure network security and provide reports based on a wide range of parameters, including IP address status. It’s also important identify and document devices that currently support IPv6, map existing IPv4 space and proposed IPv6 space and document devices that need to be added/replaced for IPv6 support. Lastly, true application firewalls can untangle even the most sneaky device conversations, get IP address management under control and also get network equipment ready for IPv6. They can also classify and segment device traffic; implement effective quality of service to ensure that critical business traffic has headroom; and of course, monitor flow.
The primary challenge network engineers face when it comes to VDI is the change in business data flow: physical machines are running virtual desktops, each of which is clamoring for server, email or application access, and as is the case with most companies using VDI, a softphone client is then introduced. With the addition of voice data to desktop applications, it can be difficult for network administrators to maintain correct data flow and manage traffic for employees’ virtual desktops.
When managing a VDI environment, network monitoring intersects with both virtualization and application monitoring. It’s beneficial for network engineers to know if users’ virtual sessions are running smoothly and under control. Many of the tools and techniques to tackle BYOD can help here as well; in particular, end-to-end application stack visibility.
Wireless is as a mature technology as they come. In fact, nobody wants to pay good money to wire up a cubicle farm anymore. The low cost to buy and manage wireless equipment makes it a no-brainer for almost any environment, but it creates challenges around adequate signal strength, managing IP addresses and channels for physical mobility. Wireless-enablement can also quickly get out of hand and that large wireless environments create their own new kind of issue.
What’s needed to tackle the challenges associated with wireless once and for all are tools like IP address management, wireless heat maps, user device tracking and over-subscribed access points. The problem is that many of these tools have traditionally been cost-prohibitive, but newer options open doors to implementing these technologies you might not be aware of.
Network engineers should give thought to how and when their organizations can transition to SDN. They should also plan for how they will address IoT and the tidal wave of connected everything it brings with it. But they shouldn’t forget about the issues affecting their networks today. Most have only scratched the surface in terms of addressing the network-related challenges of the cloud, BYOD, IPv6, VDI and wireless. With the suggestions outlined here to more fully do so, their networks will be ready to take on what comes next.
Leon Adato is a Head Geek and technical evangelist at SolarWinds, and is a Cisco® Certified Network Associate (CCNA), MCSE and SolarWinds Certified Professional (he was once a customer, after all). His 25 years of network management experience spans financial, healthcare, food and beverage, and other industries.