The IT department can select the optimal mobile business device for roll-out to employees but, by the time the budget has been raised, the paperwork done, and the equipment deployed, most people will already be bringing their latest smart phone to the office. As a consumer product, it has been superbly designed, it is already familiar to the user, and it has the convenience of being one device spanning both home and office.
Many employees use multiple devices, all connecting into the enterprise network. The IT manager begins to lose control over all the diverse applications and devices on the corporate network, and the enterprise is driven towards a more open BYOD (Bring Your Own Device) strategy.
Enterprise networks were not originally designed to handle so many diverse devices, nor the sort and scale of traffic generated by the social media and YouTube generation. So a BYOD strategy must begin by addressing two major changes: the surge in wireless traffic and the shift from providing ports to greater focus on the user. It is less important now to know what device is being used than to know who is using it, and what access they should be allowed.
The first problem with many existing wireless networks is that they were added to the corporate network as an afterthought or add-on rather than being thoroughly integrated into the wired infrastructure. Typically, the wireless traffic from an access point was sent via some sort of VPN tunnel to the controller for processing and forwarding.
A better solution is provided by today's more intelligent access points that can forward traffic directly to the wired network. Instead of a separate wireless overlay you then have a unified data plane from both wired and wireless traffic - allowing seamless roaming and a wireless experience much closer to that enjoyed by a wired user.
Who is on the network?
The second major issue concerns access and privileges. There are three main classes of user:
- Network managers and engineers who need privileged access into the deep structure of the network
- Employees who can log on for full access only to those network resources relevant to their department or work function
- Guest users who are allowed limited use of the network for Internet access.
It is important to know who is accessing the network in order to make sure that the correct privileges, and only those privileges, are allowed. Access policy must take into account the user identity, their role in the organisation, resources they will need, and those areas they may not be allowed to access.
Device identity takes second place, but is still important. Different devices make different demands on the network, some are wired and some are wireless, and some may be dedicated to more critical applications.
Sign up for Computerworld eNewsletters.