Putting your policy in place

Managing the network is becoming more and more of a challenge, given the ever-increasing amount of applications and hardware offerings on the market. And with employees coming and going, keeping track of who still has access to what resources on the network and how that access works is even more of a challenge.

The answer, according to one analyst, is a proactive approach to the network through policies.

Policy-based network management benefits both the network manager and the end user. From the users’ side, it means that they will receive priority treatment to the resources they use and need the most. So, for example, a sales team might be allocated priority in accessing a customer database, while members of an accounting group would have priority in accessing financial resources on the network.

For the network administrator, policies enable simpler management and security. But when it comes to implementing policies, simplicity may not be the first word that comes to mind.

“It’s not an easy thing to implement. It’s fairly complex, and not something that I would say most companies have the wherewithal to do,” says Dan McLean, research manager with IDC Canada Ltd. in Toronto.

Policy-based network management is a series of management tools and database applications, he explains. It also involves configuration that needs to be done on all of the devices. “What you’re doing is trying to spread a fabric of management throughout your infrastructure and then tie some intelligence to that so you have a sense of what’s out there and what’s connected,” he says. “And then what you’re doing is creating a database or some type of repository that has a set of rules that say, ‘So-and-so has access to these resources.’ You basically build a profile of everyone that you have out there that’s connected to your network, and it grants them permissions or access to certain types of resources.”

Because it is not a single tool that needs to be implemented, the issue of cost becomes a factor for many companies. As well, time and planning are issues, due to the complexities involved in the implementation.

From what McLean has seen, there are not too many Canadian companies with this type of management in place. Most of the market in Canada still looks at management in a reactive way rather than proactive, he explains, adding that a lot of companies don’t even do primary things such as monitoring.

“(Monitoring) is a pretty advanced stage of management for most companies in Canada,” he points out.

McLean says he considers policies to be an important consideration for Canadian enterprises, but reiterates the importance of things like monitoring.

“(Policy-based networking) is important, but the other side of it is first things first. People, I think, need to get up to some of the real fundamentals of management. I think what a company ought to be doing, before it thinks about policy-based management, is thinking in terms of doing some of the basic things like monitoring.”

Which entails, McLean says, setting up a system where they’re monitoring their network infrastructure devices, such as routers, switches and hubs or remote access devices.

“They should really be thinking about imposing that kind of infrastructure first, and it is probably a prerequisite to policy-based management,” he adds.

There needs to be some fabric that allows managers to discover what is out there on the networks before they start setting rules for access. The focus should be on the fundamental things first, and at the same time to change the mindset about management to a more proactive approach, he says.