Network Management is dull. No excuses. Monitoring and interacting with the devices that move data from one location to another is a thankless undertaking that most of us building networks leave to an afterthought. Part of that is the complexity associated with managing networks. There are at least a dozen common methods for interacting with devices in the network including SNMP, CLI, AAA, Syslog, Netflow, and fancy XML/HTTP interfaces. So much variety breeds complexity so we tend to set our goals pretty low for interactivity with the network.
As part of my work at Cisco, I get to talk to customers very often. Through these conversations, I learn what works for them and what concerns them. Lately, I’ve been hearing a common theme from a lot of customers: in many organizations IT staff is small and not growing while they are being asked to do more to meet the bring-your-own-device (BYOD) challenge.
BYOD has drastically changed the technology landscape as users bring many different types of personal devices to the networks of schools and colleges, hospitals, financial agencies, enterprises and other organizations. One university IT team, including their chief technology officer and their IT administrators, recently told me that they had 200% network user growth and 300% endpoint device growth over the last several years. As for their network, they used to have less than 100 wireless access points (APs). Guess how many they have today? Over a thousand. And they are planning to deploy several hundred more APs in the coming months. How about their IT headcount growth? As you might have guessed, it’s not grown at all.
Now that you’ve survived the annual gift-giving extravaganza (at least in the US) of the holidays, you have probably noticed some colleagues and employees showing up touting new smart phones, tablets, or random internet-connecting devices. Happy as you may be for them, you probably also know (because, hey, you’re reading this blog) that all these fun little devices can put a strain on a company.
In the last few weeks, your IT team (that probably includes you or someone you know) has probably been spending an inordinate amount of time helping users get their devices connected. They’ve probably been dealing more with maintenance headaches than working on more interesting services. In fact, headache medicine sales spike in mid-January in regions with higher densities of people in IT*.
Several years ago, I had a conversation with an IT manager about his company’s network security that I still remember today. He said: “We’re losing our battle over internal network security. We cannot keep up with our vendors and contractors who bring in all kinds of devices to our network. We may turn our internal network into a DMZ.” Turning an internal network into a DMZ was probably an extreme case at that time but it showed the underlying problem: if you don’t have control over what’s happening on your network, you’ll have an uphill battle in your hands.
Today, the challenge has intensified due to the bring-your-own-device (BYOD) trend. There are speculations that corporate networks may eventually turn out to be the equivalent of college networks where users routinely bring their own personal devices. Because personal devices generally do not have the same level of security as IT-owned assets, they tend to have more vulnerabilities and it’s harder to protect sensitive information and intellectual property on these devices. The adage, “security risks walk in the door with employees” is quickly becoming a reality that organizations must address.
In this blog, let us take a look at how Catalyst access switches profile the various connected devices and make the information available to various network services.
Many devices like laptops, IP phones, cameras etc. are connected to the network and need to be managed by IT for asset management, device onboarding, switch configuration, policy management & device energy management. Traditionally, IT administrators manually added each device for each service. This consumes unnecessary overhead and is an inefficient use of IT’s time. Read More »