First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
Network management, security make for happy bedfellows
- — 09 March, 2007 13:27
With the walls between IT domains crumbling, companies increasingly are putting in place policies, processes and technologies that serve the twofold purpose of managing and securing networks.
That was one theme among speakers at Network World's IT Roadmap: Boston conference this week, which drew close to 700 attendees and 75 exhibitors. While network management has long been perceived as the "Rodney Dangerfield of IT," said Jim Metzler, analyst and vice president at Ashton, Metzler & Associates, the technology plays such a large role in other IT domains that it demands attention.
"There is a sort of negative buzz around network management," Metzler told attendees. "But I see innovation."
Technologies, processes and products that help companies respond in a "real-time-enough fashion to threats, opportunities and situations that impact the health and well-being of the organization" represent the wave of innovation in management, Metzler said.
IT automation software, Web services management technologies and best practices frameworks such as the IT Infrastructure Library are among the areas of innovation in management.
For David Hauser, automating the process of provisioning and patching some 500 servers with an IT operations staff of less than five people is what he considers management innovation. To start, the CTO and co-founder of GotVMail wanted to be able to quickly roll out desktops to new staff. Founded in 2003, the Weston, Mass., company currently has 35 employees, but Hauser said he expects that number to double in the next 12 months.
"Automation was never intended to replace IT staff, just shift their attention to more compelling tasks," he said.
Hauser shared with show attendees how he selected, deployed and currently maintains a pair of appliances from Kace to reduce manual labour, and more importantly secure his growing network of distributed data centres.
"Patch management and policy enforcement were two of the big factors we had in selecting a network management system," Hauser said.
The Kace system enables Hauser's staff to set policies and control application deployments on user machines. "We had a big security problem with people downloading and setting up applications to their machines themselves," he said.
To minimize user backlash, Hauser set up a self-provisioning feature within Kace that lets users select popular applications they would like to download to their desktop and later that day or overnight the pre-tested and screened application would be provisioned to the machine. "We make sure it works and aligns with our policies before they download it, but you don't want to completely restrict what they put on their machines," he said.
Similarly, Curtis Simonson, senior technologist at the University of New Hampshire Interoperability Lab in Durham, told attendees how his organization explored network access control (NAC) technologies to ensure PCs didn't spread viruses across the network.
"We wanted to prevent systems with viruses from getting on our network. And if they were on our network already, we wanted to prevent the spread of viruses," he said. "We also wanted to prevent access to those we don't want on our network."
Simonson tested and deployed Vernier Networks' stand-alone NAC appliances to monitor machines gaining access to the network and assessing their patch and security status. The product works using single sign-on technologies in conjunction with his Windows domain authentication systems and checks if machines attempting to gain access to the network meet pre-defined security settings.