Whether network users are on a university campus or a business campus, they all want the same thing: ubiquitous access and a fast on-ramp to applications using their device of choice. IT departments are no different; they all want the same thing, too: simple, secure access for all users, regardless of device or location.
The bottom line: They both want everyone to be Simply Connected.
Simply Connected is fundamentally an approach to enterprise networking that is based on two key principles. The first is that it is simple for end users to securely access the corporate network using their device of choice. The second is that it is simple for the IT manager to provision the user and manage the network. The growing class of smart mobile devices has only one interface for network access: wireless.
IT departments, on the other hand, are accustomed to managing fixed, wired ports with RJ-45 connections. This is creating a huge headache for these organizations. Now IT not only has to make sure that their clients have anytime access to applications, they also need to manage the complexity of the networks created by this anytime, anywhere, must-be-secure access.
Does this mean that IT departments have to radically change the way they manage these devices and how they access applications? No. What has to evolve is the way things are currently managed.
Let’s start with the wireless network itself. Outside of a few verticals like health care, most businesses deployed wireless as a casual, secondary network access mechanism. This was good enough in most cases if everyone only had one device and didn’t demand too much. Wireless access was often characterized by spotty coverage, low throughput, dropped sessions, and low availability.
Today, with an increasing number of users running around with multiple smart mobile devices, expectations have risen. Users expect to keep all of their devices connected, with each device running multiple apps and each app running multiple sessions, placing a tremendous strain on the wireless network. And since all of these devices connect to the wired network, this also places a huge strain on the overall network infrastructure.
In order to adjust to this shift in demand, IT departments must adopt a network design philosophy that we call “Wired-Less.” This means that you need to plan and grow your network under the assumption that, going forward, most of your employees will be mobile, they will be using multiple wireless devices, and they will demand a consistent, high quality experience. This requires a highly scalable, non-stop wireless infrastructure and ultimately a new approach to the network.
As for the wired network, there will always be a need for wired ports for things like access points, IP phones and security cameras, and for workstations, printers and other machinery. So internally, we will see the LAN transition from being a mix of PoE and data-only ports to an infrastructure that supports PoE on every port, ensuring the ability to keep adding access points and other powered devices to the network.
When you put the two together, what becomes clear is that businesses need to migrate towards an architecture with high-performance 802.11n access points as the primary means of network access with ubiquitous PoE on all of the network access ports. In order to manage the anticipated influx of wireless mobile devices, approximately 15% of PoE ports should be reserved for wireless access points; this will give you the headroom to expand wireless coverage and capacity as your user population evolves and uses up to three devices each. It is likely that your IT department will directly control of only one of those devices, leading to yet another challenge: security.
BYOD - Security Issues Abound
The proliferation of smart mobile devices in the enterprise, many of them personally owned, raises profound new security challenges for IT. Does the smart mobile device get access to corporate applications and information assets? If so, how is this accomplished in a manner that balances ease of use with essential security needs? In the traditional network model, security provisioning is done by wired port or by individual device.
Since the devices have typically been owned by the corporation, highly efficient and effective processes have been developed for the mass management and provisioning of a single type of user device—normally some kind of PC. In the new world of “Bring Your Own Device,” these processes no longer work since the device types are so diverse and they may change frequently. Additionally, since users will no longer access the network from a consistent port, IT also has to consider how to enforce security policies by individual, rather than by their device or location.
Most IT departments already have classifications for groups of users: engineers, executives, sales, etc. The evolutionary step will be to take these existing class-based security policies and apply them one layer lower—by logon ID—to solve the problem of mass management. After all, if the user population will have more than one device, and they will access the network from anywhere, it makes sense to shift the security policy to the very edge—to the users themselves. This approach has the added benefit of dealing with the device churn problem.
As anyone who’s ever owned a cell phone knows, there is a high degree of turnover in the types and models of smart mobile devices that people use. Sales people are frequently the first to move to better smart mobile devices as soon as they become available. Since they are constantly in motion, having the most competent smart device for telephony, internet access and applications provides a business advantage. By creating security policies that are attached to a class of user called “sales” that includes the specific IDs of the sales people, one can allow both freedom and control over network access.
So what do we see as the key evolutionary trends which will support the smart mobile world? First, we see the nature of the access network in the campus moving from wired to wireless – expect this trend to grow.
Second, we see the LAN moving from partial to all PoE ports, with a specific percentage dedicated to wireless access points – make sure to plan for these allocations as demand from users for more wireless AP coverage and capacity will grow.
And third, we see a shift in the way security is managed, from device- or port-based to user-based, some simple classification and a focus on user group security policies will make it easier to meet user needs while keeping the enterprise secure.
None of these changes should create huge disruption. This should be an orderly transition, managed by the IT department as a part of regular refresh cycles. We are excited about the possibilities smart mobile devices bring to the business, and we are interested in helping others take advantage of these opportunities.