LANs head for utility and security
Experts say next-generation enterprise LANs could mirror today's branch LANs.
By Jim Duffy, Network World | Network World US | Published: 01:00, 03 November 2007
The next-generation LAN will be mobile, secure, intelligent and oriented more towards service than speed, according to experts at the recent Interop New York conference.
At the same time, branch office architectures are also evolving, inheriting more applications, services, features and functions usually contained at corporate headquarters sites.
LAN architectures are undergoing a "fundamental change" in order to support future applications able to be securely accessed anytime, anywhere from any place, says Chris Silva, an analyst at Forrester Research.
"Ubiquitous computing is the next big thing," Silva says, driven by globalisation, virtualisation and collaboration. "Thirty percent of enterprises are making use of public Wi-Fi or public cellular data."
Architectures optimised for distributed applications in 2005 evolved into those focused on security and IT consolidation in 2006, he says. This year's wave will be LAN infrastructures designed to accommodate disaster recovery and further consolidation.
Enterprises want their networks to function as a utility, and wireless coverage will drive infrastructure deployments, Silva says. With that, he believes IEEE 802.11n wireless LANs and WiMAX will become pervasive in the 2011 to 2013 time-frame.
Along with ubiquity, users will demand security and integration with wired and voice infrastructures. That's fine with wireless companies like Trapeze Networks and secure switching vendors like ConSentry.
Components of the "new" LAN include mobility, security and identity-based networking -- the ability to configure users access and services, vs. switch and router ports, says David Cohen, Trapeze director of marketing.
The LAN architecture will encompass a hybrid of distributed forwarding and centralised forwarding based on the application: distributed for latency-sensitive traffic like voice over WLAN and ".11n ready" applications; and centralised for security-sensitive traffic like guest access, Cohen says.
Switches will support "virtual stacking," Cohen says, in which capacity is pooled and automatically assigned, remapped and balanced across access point when they are added to or subtracted from the network.
The ability to support transparent roaming for voice will go a long way in determining how users construct their WLAN networks, Cohen argues. So will security, says Jeff Prince, chairman and CTO of ConSentry Networks.
That's why users will migrate to secure switching with network access -- or admission -- control (NAC) capabilities becoming integrated table stakes for LAN switches.
"The LAN is a much more open place," Prince says. "All of the family jewels sit in the network."
LANs have failed to keep up with the proliferation of malware, regulatory requirements like Sarbanes-Oxley and the need for greater visibility into user behaviour, Prince argues. As examples, he noted recent breaches at companies like TJ Maxx, DuPont and Boeing.
"The LAN was built for connectivity, not for control," Prince says. "The shift going forward is going to be on control."
The challenge, he says, will be for users to sift through all of the LAN security options they have and figure out where in their network to start to implement it.
This is not unlike the challenges facing enterprises in branch office networking. More than 90 percent of employees work in a branch or remote office. Yet the branch is made up of a disparate set of technologies, capabilities and functionalities that increase the cost of doing business and the inconsistency of the customer experience, says Steve Hardy, Avaya director of converged communications product marketing.
"The branch is a much more strategic part of the business plan, Hardy says, adding that it's morphed from a cost centre to a profit centre. "The branch is the place where business interacts with its customers. The customer experience will be the key driver of the technology refresh."
Some of the considerations enterprises must deal with are whether business applications need to be centralised or distributed to branch locations, he says. Integrated security is "critical," he claims, as is an "open, standard converged infrastructure" to maximise total cost of ownership.
But therein lie some opposing goals, Hardy says: maximising application reach while minimising TCO. That's why enterprises will increasingly adopt hybrid models where some applications are hosted at the headquarters site; others in the branch; and others with the company's telecom carriers.
Cisco concurs with the hybrid model of application hosting in the next-generation branch office. Cisco says the numbers of branches are growing 10 percent per year, consuming 70 percent of a company's IT resources.
Branch employees are also computing different than they did three to five years ago, says Michael Wood, director of product management in Cisco's Access Routing technology group. They are mobile, executing Web 2.0 applications and performing mashups, he says.
"Their expectations and experiences are much different," he says. "They're more interactive."
Remote employees also expect the same types of services as their colleagues at the headquarters campus, Wood says.
"Today's branch is behind the times," with ageing, disparate equipment producing poor response times, inconsistent security compliance, and limited mobility and disaster recovery, he says.
These are some of the factors enterprises must consider when defining a consistent branch architecture, Wood argues. Others include fiscal responsibility; regulatory, legal and industry compliance; productivity; a plan that enables a company to be competitive, responsive and innovative; and one that has a "low carbon footprint," or energy efficient.
"The branch office is more important to the business than ever," Wood concludes.