The increased use of corporate networks by guests and contractors, combined with server virtualization has resulted in a new problem known as LAN sprawl, according to a recent report from The Yankee Group.
Current local-area networks cannot support the rapid configuration changes needed by new applications (including Skype and instant messaging) or administrators wanting to grant groups access to certain applications for a limited time, according to the report, titled “The Era of the Virtualized Organization Demands Context-Aware LANs.”
The report, written by Yankee Group senior analyst Phil Hochmuth and sponsored by ConSentry Networks of Inc. of Milpitas, Calif., states LANs must provide “a richer view” into applications than IT managers can get with Layer 2 and 3 traffic routing.
The major switch and router manufacturers have advertised the Layer 7 capabilities in their products for some time, but this does not mean the equipment works well with the back-end systems that handle policies and directories, Hochmuth said in an interview.
Jeff Prince, president and CEO of ConSentry, said a desire to provide access to guests and contractors was a major reason customers bought his company’s LANshield hardware.
ConSentry said in a survey it sponsored by London-based Loudhouse Research, 92 per cent of respondents said users are “more likely” than before to require access to different parts of the network at different times. Two-thirds of respondents said the proliferation of devices and applications make it harder to audit the networks.
“Most customers have a need to not only see and control assets, but they need an audit trail,” he said, adding many users also want access to Web 2.0 applications. “You really need more information than an IP address or a MAC address to forward a packet in a switch. It’s time to start adding more context to the packet forwarding decision.”
LAN sprawl refers to the “multi-dimensional” growth of networks, with more devices and more applications, said Michelle McLean,’ ConSentry’s senior director for product marketing.
“Devices and applications are all coming and going, and you need different access rights on the network,” McLean said.
She added Layer 4 capability, for example, will tell the network a packet is port 80, whereas Layer 7 would identify it as HTTP.
“The key is not so much the ability to do deep packet inspection or have application awareness in the network layer,” Hochmuth said. “The key thing is to tie that capability back to a policy management system or an architecture that lets you enforce business rules based on the information that you’re getting from the network layer.”
Some rules, McLean said, could include preventing users from downloading records if they are using a smart phone, and limiting access to the Twitter Web site to certain users at certain times.
Social networking is not the only factor cited by the Yankee Group leading to LAN sprawl. Hochmuth also blamed virtualization because it lets servers roam between subnets and data centres.
“Moving servers around the network virtually could cause issues with access controls or network-based rules around how those servers are seen on the network,” he said.