eGuide IN THIS eGUIDE Sponsored by NETWORKING REDEFINED We’re living in an era of server consolidation, virtualization, green initiatives and cloud computing—initiatives throwing the data center network into a state of flux. Is legacy infrastructure, typically comprising multiple switching tiers running proprietary protocols, capable of handling next-generation, dynamic application demands? Or is time for a network overhaul built on the concepts of open, virtual switching, unified fabrics and bandwidths of 10 Gigabit Ethernet and beyond? In these articles, Network World examines how the data center network is evolving into a more simplified, open infrastructure. 2 Data Center Derby Heats Up Handicapping the crowd- ed field, from the odds-on favorites to the long shots 5 10G Ethernet Shakes Net Design to the Core Shift from three- to two- tier architectures driven by need for speed, server virtualization, unified switching fabrics 8 Remaking the Data Center Low-latency switches are the foundation for build- ing a unified-fabric data center 13 Standards for Soothing Headaches in the Data Center Emerging IEEE specifica- tions aim to address serious management issues raised by the explosion of virtual machines 16 A Bridge to Terabit Ethernet With 40/100G Ethernet products on the way, Ethernet experts look ahead to Terabit Ethernet standards and products by 2015 20 Data Center as Ethernet Switch Driver How next-generation data center initiatives shape the LAN switching market 22 Networking Resources Data Center Derby Heats Up Data Center as Ethernet Switch Driver Resources 10G Ethernet Shakes Net Design Remaking the Data Center Soothing Data Center Headaches A Bridge to Terabit Ethernet
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
eGuideIN THIS eGUIDE
Sponsored by
NETWORKING REDEFINEDWe’re living in an era of server consolidation, virtualization, green initiatives and cloud computing—initiatives throwing the data center network into a state of flux. Is legacy infrastructure, typically comprising multiple switching tiers running proprietary protocols, capable of handling next-generation, dynamic application demands? Or is time for a network overhaul built on the concepts of open, virtual switching, unified fabrics and bandwidths of 10 Gigabit Ethernet and beyond? In these articles, Network World examines how the data center network is evolving into a more simplified, open infrastructure.
2 Data Center Derby Heats Up Handicapping the crowd-ed field, from the odds-on favorites to the long shots
5 10G Ethernet Shakes Net Design to the Core Shift from three- to two-tier architectures driven by need for speed, server virtualization, unified switching fabrics
8 Remaking the Data CenterLow-latency switches are the foundation for build-ing a unified-fabric data center
13 Standards for Soothing Headaches in the Data CenterEmerging IEEE specifica-tions aim to address serious management issues raised by the explosion of virtual machines
16 A Bridge to Terabit EthernetWith 40/100G Ethernet products on the way, Ethernet experts look ahead to Terabit Ethernet standards and products by 2015
20 Data Center as Ethernet Switch Driver How next-generation data center initiatives shape the LAN switching market
Network thoroughbred Cisco jumps into the blade server market. Server stallion HP adds security blades to its Pro-Curve switches. IBM teams up with Brocade. Oracle buys Sun. And everybody courts that prize filly VMware.
In this era of server consolidation and virtualization, green initiatives and cloud computing, the data center is in flux and all the major vendors are jockeying for position, galloping in with new products, strategies and alliances.
“What you see right now is everybody shoring up and getting as many offerings as they can to provide all the hardware in the data center. Cisco, for example, wants to make it so you can be a complete Cisco shop, including all your servers,” says Mitchell Ashley, principal consultant with Converging Networks and a Network World blogger.
Cisco’s blade servers are part of its data center plat-form, called the Unified Computing System (UCS), which includes storage, network and virtualization resources. Cisco’s platform includes VMware’s vSphere technology and partnerships with BMC Software, EMC, Intel, Micro-soft and Oracle.
But Cisco’s entry into the data center fray has kicked up some dust among its longtime server partners HP and IBM, and forced all of the major players to respond in some way. “Cisco has been so successful in the network space, all the other vendors have to take it seriously at the data center level,’’ says Anne Skamarock, a research director at Focus Consulting.
The resultant flurry of activity has included:
•HP releasing the BladeSystem Matrix, a converged software, server, storage and network platform.
•IBM deepening its relationship with Brocade, deciding to sell Brocade’s Foundry switches and routers under the IBM banner.
•Juniper unveiling Stratus Project, a multiyear under-taking through which it will partner with server, stor-age and software companies to develop a converged data center fabric.
•Oracle buying Sun for its hardware and software, then grabbing Virtual Iron for its Xen-based hypervisor.
“Everything is pointing to a unified fabric,” says John Turner, director of network and systems at Brandeis Univer-sity in Waltham, Mass.
“We’re in a transition, and it’s very important not to just
buy who you bought from before. This is a great time to evalu-
ate your vendors, ask about long-term road maps and part-
By Beth Schultz • Network World
Handicapping the crowded field, from the odds-on favorites to the long shots
nerships, see how integrated they are,” says Yankee Group
analyst Zeus Kerravala. “I wouldn’t make any decisions hastily
if I were in IT.”
This industry shakeup also could provide an opportunity for
some long-shot vendors to make a move on the leaders. Kerrav-
ala puts Brocade in this category because of its storage and net-
work strengths, Citrix Systems for virtualization, F5 Networks for
networking, and Liquid Computing for fabric computing. “These
could be the dark horses,” he says.
Turner agrees that opportunities are available for the right
vendors. “I’m happy with my Cisco network. I’m thrilled with
it. No, I’m wowed by it. But that doesn’t mean there isn’t an
opportunity for another vendor to come in, pique my inter-
est, gain my respect and get in here,” Turner says. “This is an
opportunity to take a big leap. Companies are going to be
doing big refreshes.”
These changing times for IT infrastructure require an open
mind, says Philip Buckley-Mellor, a designer with BT Vision,
a provider of digital TV service in London. Yet Buckley-Mellor
admits he can’t imagine BT Vision’s future data center with-
out HP at the core.
Buckley-Mellor expects most of Vision’s data center opera-
tions to run on HP’s latest blades, the Intel Nehalem multicore
processor-based G6 servers. The infrastructure will be virtualized
using VMware as needed. HP’s Virtual Connect, a BladeSystem
management tool, is an imperative.
“The ability to use Virtual Connect to re-patch our re-
sources with networks and storage live, without impacting
any other service, without having to send guys out to site,
without having the risk of broken fibers, has shaved at least
50%, and potentially 60% to 70%, off the time it takes to
deploy a new server or change the configuration of existing
servers,” Buckley-Mellor says.
Within another year or so, he expects Vision to move to a Ma-
trix-like orchestrated provisioning system. The HP BladeSystem
Matrix packages and integrates servers, networking, storage,
software infrastructure and orchestration in a single platform.
“We already have most of the Matrix pieces ... so orches-
trating new servers into place is the next logical step,” Buck-
ley-Mellor says.
Place your wagersGartner analyst George Weiss says Cisco and HP unified
compute platforms run pretty much neck and neck. How-
ever, IBM, HP’s traditional blade nemesis in the data center,
has more work to do in creating the fabric over which the
resources are assembled, he adds.
“IBM can do storage, and the server component in
blades, and the networking part through Cisco or Bro-
cade, so from a user perspective, it seems a fairly inte-
grated type of architecture. But it’s not as componentized
“This is a great time to evaluate your vendors, ask about long-term road maps and partnerships, see how integrated they are. I wouldn’t make any decisions hastily if I were in IT.”
FORK IN THE ROADVirtualization, inexpensive 10G links and unified Ethernet switching fabrics are catalyzing a migration from three-tier Layer 3 data center switching architectures to flatter two-tier Layer 2 designs that subsume the aggregation layer into the access layer. Proponents say this will decrease cost, optimize operational efficiency, and simplify management.
Three tier Two tier
Aggregation
Access/Aggregation
Core Core
Access
of marketing for Voltaire, a maker of Infiniband and Ether-
net switches for the data center. “It’s problematic to have so
many layers.”
Another requirement of new data center switches is to
eliminate the Ethernet spanning tree algorithm, Layland says.
Currently all Layer 2 switches determine the best path from
one endpoint to another using the spanning tree algorithm.
Only one path is active, the other paths through the fabric
to the destination are only used if the best path fails. The
lossless, low-latency requirements of unified fabrics in virtu-
alized data centers requires switches using multiple paths
to get traffic to its destination, Layland says. These switches
continually monitor potential congestion points and pick the
fastest and best path at the time the packet is being sent.
“Spanning tree has worked well since the beginning of
Layer 2 networking but the ‘only one path’ [approach] is not
good enough in a non-queuing and non-discarding world,”
Layland says.
Finally, cost is a key factor in driving two-tier architec-
tures. Ten Gigabit Ethernet ports are inexpensive–about
$500, or twice that of Gigabit Ethernet ports yet with 10
times the bandwidth. Virtualization allows fewer servers to
process more applications, thereby eliminating the need
to acquire more servers.
And a unified fabric means a server does not need sepa-
rate adapters and interfaces for LAN and storage traffic.
Combining both on the same network can reduce the num-
ber and cost of interface adapters by half, Layland notes.
And by eliminating the need for an aggregation layer of
switching, there are fewer switches to operate, support,
maintain and manage.
“If you have switches with adequate capacity and
you’ve got the right ratio of input ports to trunks, you don’t
need the aggregation layer,” says Joe Skorupa, a Gartner
analyst. “What you’re doing is adding a lot of complexity
and a lot of cost, extra heat and harder troubleshooting
of work, there is an increase in the number of concurrent
tasks, lowering the server overall throughput.
The new generation of switches overcomes the large
latency of the past by eliminating or significantly reducing
queues and speeding up their own processing. The words
used to describe it are: lossless transport; non-blocking; low
latency; guaranteed delivery; multipath and congestion man-
agement. Lossless transport and guaranteed delivery mean
they don’t discard packets. Non-blocking means they either
don’t queue the packet or have a queue length of one or two.
The first big change in the switches is the design of the
way the switch forwards packets. Instead of a store-and-
forward design, a cut-through design is generally used,
which significantly reduces or eliminates queuing inside
the switch. A cut-through design can reduce switch time
from 15 to 50 microseconds to two to four microseconds.
Cut-through is not new, but it has always been more com-
plex and expensive to implement. It is only now with the
very low-latency requirement that switch manufacturers
can justify spending the money to implement it.
The second big change is abandoning spanning tree
within the data center switching fabric. The new genera-
tion of switches uses multiple paths through the switching
fabric to the destination. They are constantly monitoring
potential congestion points, or queuing points, and pick
the fastest and best path at the time the packet is being
sent. Currently all layer 2 switches determine the “best”
path from one endpoint to another one using the span-
ning tree algorithm. Only one path is active, the other
paths through the fabric to the destination are only used
if the “best” path fails. Spanning tree has worked well
since the beginning of layer 2 networking but the “only
one path” is not good enough in a non-queuing and non-
discarding world.
A current problem with the multi-path approach is that
there is no standard on how they do it. Work is underway
within standard groups to correct this problem but for the
early versions each vendor has their own solution. A signif-
icant amount of the work falls under a standard referred
to as Data Center Bridging (DCB). The reality is that for
the immediate future mixing and matching different ven-
dor’s switches within the data center is not possible. Even
when DCB and other standards are finished there will be
many interoperability problems to work out, thus a single
vendor solution may be the best strategy.
Speed is still part of the solution. The new switches are
built for very dense deployment of 10 Gigabit and prepared
for 40/100 Gigabit. The result of all these changes reduces
the trip time mentioned from 80 microseconds to less than
10 microseconds, providing the needed latency and through-
put to make fiber channel and cloud computing practical.
The first big change in [new generation] switches is the way the switch forwards packets. Instead of a store-and-forward design, a cut-through design is used, which significantly reduces or eliminates queuing inside the switch. A cut-through design can reduce switch time [of] 15 to 50 microseconds to two to four microseconds.
ery protocol for autoconfiguration, Pelissier says. Some
in the 802.1 group are leaning toward using the existing
Logical Link Discovery Protocol (LLDP), while others, includ-
ing Cisco and HP, are inclined to define a new protocol for
the task.
“LLDP is limited in the amount of data it can carry and how
quickly it can carry that data,” Pelissier says. “We need some-
thing that carries data in the range of 10s to 100s of kilobytes
and is able to send the data faster rather than one 1,500 byte
frame a second. LLDP doesn’t have fragmentation capability
either. We want to have the capability to split the data among
multiple frames.”
Cisco, HP say they’re in synchCisco and HP are leading proponents of the IEEE effort de-
spite the fact that Cisco is charging hard into HP’s tradition-
al server territory while HP is ramping up its networking ef-
forts in an attempt to gain control of data centers that have
been turned on their heads by virtualization technology.
Cisco and HP say their VEPA and VN-Tag/multichannel and
port extension proposals are complementary despite reports that
they are competing techniques to accomplish the same thing:
reducing the number of managed data center elements and de-
fining a clear line of demarcation between NIC, server and switch
administrators when monitoring VM communications.
“This isn’t the battle it’s been made out to be,” Pelissier says.
Though Congdon acknowledges he initially proposed
VEPA as an alternative to Cisco’s VN-Tag technique, the two
together present “a nice layered architecture that builds
upon one another where virtual switches and VEPA form
the lowest layer of implementation, and you can move all
the way to more complex solutions such as Cisco’s VN-Tag.”
And the proposals seem to have broad industry support.
“We do believe this is the right way to go,” says Dhritiman
Dasgupta, senior manager of data center marketing at Juniper.
“This is putting networking where it belongs, which is on net-
working devices. The network needs to know what’s going on.”•
Cisco and HP are leading proponents of the IEEE effort despite the fact that Cisco is charging hard into HP’s traditional server territory while HP is ramping up its networking efforts. ...
Verizon Business offers 10G Ethernet LAN and Ethernet
Virtual Private Line services to customers in 100 U.S. met-
ro markets. Verizon Business also offers “10G-capable”
Ethernet Private Line services.
The carrier has 40G Ethernet services on its five-year
road map but no specific deployment dates, says Jeff
Schwartz, Group Manager, Global Ethernet Product Mar-
keting. Instead, Verizon Business has more 10G Ethernet
access services on tap.
“We want to get to 100G,” Schwartz says. “40G may be
an intermediary step.”
Once Verizon Business moves its backbone architec-
ture toward 40/100G, products and services will be fol-
lowing, he says.
Spirent Communications, a maker of Ethernet testing
gear, offers 40G Ethernet testing modules, with 100 Giga-
bit Ethernet modules planned for release in early 2010,
says Tim Jefferson, general manager of the converged
core solutions group at Spirent. Jefferson says one of the
caveats that users should be aware of as they migrate
from 10G to 40/100G Ethernet is the need to ensure pre-
cise clocking synchronization between systems--especially
between equipment from different vendors.
Imprecise clocking between systems at 40/100G--even at
10G--can increase latency and packet loss, Jefferson says.
“This latency issue is a bigger issue than most people
anticipate,” he says. “At 10G, especially at high densities,
the specs allow for a little variance for clocks. As you ag-
gregate traffic into 10G ports, just the smallest difference
in the clocks between ports can cause high latency and
packet loss. At 40G, it’s an order of magnitude more im-
portant than it is for 10G and Gig.
“This is a critical requirement in data centers today be-
cause a lot of the innovations going on with Ethernet and
a lot of the demand for all these changes in data centers
are meant to address lower latencies,” Jefferson adds.
Cabling challengesAnother challenge is readying the cabling infrastructure
for 40/100G, experts say. Ensuring the appropriate grade
and length of fiber is essential to smooth, seamless op-
eration, they say.
“The big consideration is, what’s a customer’s cabling
installation going to look like and what they’re looking for
to be able to handle that,” Booth says. “They are probably
going to need to have a parallel fiber capability.”
“The recommendations we’re making to customers on
their physical plant today are designed to take them from
1G to 10G; 10G to a unified fabric; and then address
future 40G,” Cisco’s Gourlay says.
Latency is a bigger issue than most people anticipate. ... As you aggregate traffic into 10G ports, just the smallest difference in the clocks between ports can cause high latency and packet loss. At 40G, it’s an order of magnitude more important than it is for 10G and Gig.
Force10 is merging with Turin Networks, a provider of
wireless backhaul, Carrier Ethernet and converged access
systems for service providers. Force10 seems to be gravi-
tating more and more to the carrier cloud, but is still a
high-performance data center play–though one that was
left behind by the data center systems mainstays.
That leaves Extreme Networks virtually alone in LAN
switching. The company has been extending its product
line for data center-specific applications, such as virtual-
ization and 10G Ethernet. But analysts say they will have
little relevance beyond Extreme’s installed base.
“What problem is Extreme solving that nobody else is?”
Kerravala asks. “There just isn’t a differentiator compel-
ling enough.”
Extreme begs to differ. “Extreme Networks delivers a
network that requires fewer resources to operate and ac-
quire while offering unique capabilities to scale for future
requirements and changing demands,” says Chief Mar-
keting Officer Paul Hooper. “We achieve this through the
delivery of a consistent Ethernet portfolio, stretching from
the edge of the network to the core, all powered by a
single OS, ExtremeXOS. Extreme’s network platform also
enables organizations to migrate their data centers from
physical to virtual to cloud networks. The benefit is that
enterprises can smoothly transition from separate to con-
verged networks and carriers can adopt pure Ethernet-
based services.”
Switching may not be a differentiator for Avaya either,
after the Nortel deal. Due to the price sensitive and hotly
competitive nature of the LAN switching business, Ker-
ravala believes Avaya will look to part with its acquired
Nortel data networking products.
Avaya says it will issue a Nortel/Avaya product road
map 30 days after the deal’s close.
“The best place for Nortel data is in HP/3Com or Bro-
cade, a company looking to expand its customer base,”
he says.
The best place for everyone else is with a major OEM
partner, according to CurrentAnalysis’ Schuchart. And if
they haven’t had much success selling on price/perfor-
mance, perhaps they should play the architectural road
map card.
“For companies that don’t have a deal or are not whol-
ly owned by a compute vendor, next year’s going to be
tough sailing for them,” Schuchart says. “There’s also a
fair amount of room out there for companies who have
best-of-breed products, although in a data center moving
towards virtualized automation, the standalone providers
are going to have a harder time.”•
The Dell’Oro Group expects the global Ethernet switching market to grow modestly in 2010, to $16.3 billion from $15.6 billion in 2009. This is down considerably though from the $19.3 billion market in 2008.
White PaperRedefining the Economics of NetworkingThis paper provides an overview of the challenges businesses face today and how IT addresses the explicit need to manage network costs, provide choice and flexibil-ity and reduce complexity. In addition, this paper highlights the differ-ence between proprietary and standards-based networking and how innovative networking solutions that embrace a standards-based approach allow organizations to break free from restrictive proprietary networking solutions and enable better busi-ness outcomes.
Read more >>
White PaperROI of Ethernet Networking Solutions:To determine the return on invest-ment (ROI) associated with imple-mentation of an HP ProCurve network solution, IDC conducted a study of medium-sized to large organi-zations with an HP ProCurve implementa-tion up and running in their production en-vironment. IDC estimates that these businesses were able to achieve a 473% ROI; a three-year (discounted) benefit of $38,466 per 100 users; and payback on their initial invest-ment within 5.7 months.
Read more >>
NETWORKING RESOURCESWhite PaperWhy your Firewall, VPN and IEEE 802.11i aren’t enough to protect your networkWith a comprehensive approach to WLAN security, an intrusion detection and prevention system (IDS/IPS) for WLANs adds to IEEE stan-dards-based technology and wired network security mechanisms. An IDS/IPS specifically designed for WLANs addresses the risks associated with this networking technology.
Learn more >>
White Paper802.11n Drives an Architectural EvolutionToday’s enterprises deploy wireless LANs (WLANs) as a standard busi-ness tool to drive productivity and enhance collaboration. Enter the state-of-the-art WLAN: 802.11n. Organiza-tions can expand their wireless capabilities with this expanding technology to dramatically boost network capac-ity and speeds up to 600 Mbps).
Learn more >>
White Paper
Green Networking inthe Data CenterThis paper provides an overview of the challenges faced in today’s data centers; addressing the issues surrounding data center power, cooling and efficiency, with an emphasis on how specific networking tools and strategies can help address these issues. It also highlights the HP ProCurve data center solutions that focus on efficiency in the data center and the benefits they provide.
Read more >>
Executive summary ............................................... 2The challenge of a complex data center .................. 2The network effect ................................................ 2Green data center best practices ........................... 3Power and cooling utilization ................................. 3Building efficient infrastructures .............................. 4Environmental Sustainability ................................... 5Why ProCurve ..................................................... 5For more information ............................................ 6
Green networking in the data center White paper
W H I T E P AP E R
R O I o f S w i t c h e d E t h e r n e t N e t w o r k i n g S o l u t i o n s f o r t h e M i d m a r k e t Sponsored by: HP ProCurve
Randy Perry Abner Germanow August 2009
E x e c u t i v e S u m m a r y
New generations of network equipment continue to be more reliable than previous generations. Meanwhile, the applications running across the network have become more ubiquitous and more demanding. Underlying this cycle, the network has become much more important to businesses of all sizes — including midmarket firms — and in all industries.
Driven by the financial crisis, midmarket firms are taking a close look at all budget line items. They demand solutions that provide more than sufficient functionality for their current networking needs and also leave plenty of headroom to scale their network in the years to come, in terms of both bandwidth and functionality. At the same time, they want these network systems to be cost effective to deploy and run.
One company striving to address these needs is HP. HP ProCurve networking products include a broad line of LAN core switches, LAN edge switches, and wireless LAN and network security solutions that are all brought together under a unified management suite. To determine the return on investment (ROI) associated with implementation of an HP ProCurve network solution, IDC conducted a study of medium-sized to large organizations with an HP ProCurve implementation up and running in their production environment. IDC estimates that these businesses were able to achieve a 473% ROI; a three-year (discounted) benefit of $38,466 per 100 users; and payback on their initial investment within 5.7 months.
N e t w o r k I n f r a s t r u c t u r e G r o w t h D r i v e r s i n T o d a y ' s M i d m a r k e t E n v i r o n m e n t s
The IT industry in general and the networking market in particular are finally showing signs of stabilizing after the financial crisis of late 2008/early 2009. Looking forward, IDC anticipates that networking will rebound more strongly than other areas of IT spending, driven by the fact that the recession has not changed the fundamental reasons for businesses to continue investing in their networks. Major drivers for midmarket firms to continue investing in networking equipment include:
Migration of voice and video to IP. As businesses look to reduce expenses by adopting technologies such as videoconferencing and voice over IP, the increasing amount of voice and video traffic is creating new challenges for the network. Response times for Web sites or applications of up to a second used to be acceptable, but the human eye and ear can detect delays measured in milliseconds. Simply throwing bandwidth at the problem is insufficient as the mix of application demands on the network rises. Midmarket firms must incorporate new levels of bandwidth and intelligence into their network to handle these more complex quality-of-service requirements.
Glo
bal H
eadq
uarte
rs: 5
Spe
en S
treet
Fra
min
gham
, MA
0170
1 U
SA
P.5
08.8
72.8
200
F.
508.
935.
4015
w
ww.
idc.
com
Executive summary .............................................. 2Challenge among change ..................................... 2Proprietary vs. open standards............................... 2Value-driven solutions ........................................... 2Breaking the barriers of networking ........................ 3Conclusion .......................................................... 4For more information ............................................ 4
HP ProCurve business white paper: Redefining the economics of networking Advanced networking that break IT barriers and redefine the value of networking
White paper
802.11n Drives an Architectural Evolution
Introduction Today’s enterprises deploy wireless LANs (WLANs) as a standard business tool to drive productivity and enhance collaboration.
Enter the state-of-the-art WLAN—802.11n. Organizations can expand their wireless capabilities with this expanding technology to dramatically boost network capacity and speed—up to 600 Mbps (see Figure 1). There are major implications as to how organizations will use and implement wireless networks moving forward. Contrast this with the 54 Mbps of 802.11a/g networks or the 100 Mbps Fast Ethernet. This extra capacity and speed will allow organizations upgrading to 802.11n to expand the range of applications mobilized over wireless networks, including both existing and ground-breaking high-bandwidth applications, which may help to streamline business processes and foster corporate competitive advantage.
Figure 1: 802.11n brings a dramatic increase in traffic
Contents at a glance
Introduction 1
Legacy WLAN architecture: centralized WLAN switch
2
The 802.11n-ready network: optimized WLAN architecture
4
Conclusion: WLAN architectural changes are a natural evolution
6
HP ProCurve mobility 6
White paper
Why Your Firewall, VPN, and IEEE 802.11i Aren’t Enough to Protect Your Network
Overview Like any network technology, wireless local area networks (WLANs) need to be protected from security threats. Though recent developments in IEEE standards have been designed to help ensure privacy for authenticated WLAN users, WLAN clients and enterprise infrastructure can still be vulnerable to a variety of threats that are unique to WLANs. Mischievous hackers may try to attack the network, or a negligent employee may create a security breach that leaves the corporate WLAN or a client device vulnerable to attack. These threats cannot be mitigated by traditional firewall technologies and virtual private networks (VPNs), nor eliminated through encryption and authentication mechanisms used in conventional enterprise network security systems. With a comprehensive approach to WLAN security, an intrusion detection and prevention system (IDS/IPS) for WLANs adds to IEEE standards-based technology and wired network security mechanisms. An IDS/IPS specifically designed for WLANs addresses the risks associated with this networking technology.
Contents at a glance
Overview 1
A new class of security threats to enterprise networks
1
Protecting enterprise networks from WLAN threats
3
About HP ProCurve Mobility
4 A new class of security threats to enterprise networks The prevailing model of enterprise network security is rooted in the axiom that being “physically inside is safe and outside is unsafe.” Connecting to a network point within the enterprise is generally considered safe and is subject to weaker security controls. On the other hand, tight security controls are enforced at the network traffic entry and exit points using firewalls and VPNs.
A WLAN breaks the barrier provided by the building perimeter as the physical security envelope for a wired network because invisible radio signals used by the WLAN cannot be confined within the physical perimeter of a building, and usually cut through walls and windows. This creates a backdoorfor unauthorized devices to connect to the enterprise network. Some specific security threats from WLANs are described below.