The policy prescription

You could call it the IS quest for the Holy Grail.

That would be a network management system that can essentially administer itself. A self-healing, intuitive scheme that, without operator intervention, is smart enough to advert problems before they happen and powerful enough to fix the ones that do occur.

Alas, the day of such automated management has not yet arrived, but it is definitely coming and policy-based network management may be the first step.

While something of a nebulous term, policy management means invoking a set of rules defined by a business about the types of traffic flowing across a network, setting up alarms and/or restrictions that would alert administrators to unauthorized or forbidden traffic attempting to traverse the enterprise. The goal is to bring order to an inherently disorderly environment using a centrally administered server. The idea is to provide more efficient bandwidth utilization by controlling and prioritizing the communications streams that flow through a network.

To illustrate what is meant here, take the example of a business that sets a policy which says that only IP traffic will flow across a network. The goal is to actually implement an IT method of enforcing that policy.

“In the past, quite frankly, there was no real way to do that,” said Kelly Kanellakis, technology director for Cabletron Systems Canada in Mississauga, Ont. “If someone wanted to, on their desktop, turn on every (network) protocol under the sun within Windows, there wasn’t a lot you could do to stop that unless you caught them. And the only way to catch that person was to spend a lot of hours trying to find those protocols on your network and tracing them back to where they came from.

“That was the problem. You could set the policies on a business level, but in a lot of cases you could never implement the policies in real life.”

Things have changed. Two important developments have occurred — applications that are intelligent enough to recognize policies being set at the business level, and systems that offer users the ability to define traffic types on the network.

“What that means is your network manager will then go out to the various devices that would administer that kind of policy and actually set them up so that if anything appears on the network other than IP, it is basically shut down, sent back or an alert is sent to the administrator,” Kanellakis explained. “In some way, shape or form, you’re notified of it happening and it’s taken off the network.”