Network Segregation: "Why Dividing the Network Just Makes Sense"
Jan 15, 2019
By Roopashree Honnachari, Industry Director for Business Communication Services & Cloud Computing at Frost & Sullivan
In our ongoing research here are Frost & Sullivan, we tend to think about Ethernet and Internet Protocol (IP) in terms of watershed moments: The two standards came together to replace the disparate networks businesses once relied on to enable communications and data transfer. Before Ethernet and IP, the communications network (phones connected to a central call control unit or PBX), the security network (cameras and access control connected to a dedicated system) and the data network were delivered over their own dedicated infrastructure and cabling. Ethernet and IP offered the promise of a single network on which all systems can interoperate, while also delivering the economies of scale that come with a shared infrastructure.
Unfortunately, several unintended consequences have taken some of the shine off the ideal of an integrated network. Rather than serving as a beacon of interoperability, today’s business networks can quickly add to the workload and stress of network administrators. Each of the once-discrete networks comes with its own unique set of requirements, which are often at odds with one another. In dealing with conflicts, many admins find themselves tweaking and readjusting network settings or creating a complex set of virtual LAN (vLAN) policies. As the name suggests, the vLAN approach divides the physical network into a series of logical ones; it’s an administrator-intensive effort, devices often land in the wrong place, slowing performance, as well as increasing costs and network complexity.
In addition, ongoing cyberthreats to the entire network remain, meaning that rogue apps, malware or denial of service attacks have the potential to take down not only PCs and business applications, but also critical security and communications devices. Likewise, with more and more IoT endpoints connected to the network, new attack vectors are available to hackers to disrupt all of a business’ connected devices.
As Frost & Sullivan analysts across several research practices came together to develop a new set of best practices for local area networks, we factored both ongoing security threats as well as network simplification into what we call the “Modern LAN principles.” To address both the opportunity and challenges of network convergence, we included this recommendation:
When possible, construct physically separate but functionally integrated IP network paths for different and dedicated applications, ensuring mission-critical platforms are not impacted by disruptions or intrusions of the primary business network. By doing so, organizations have the option to create separate networks, or connect them on site or in the cloud with a single cable.
So, what does a “physically separate but functionally integrated” network look like? In the diagram below, you will notice that the IP camera and IPTV in the upper right corner are physically separated from the PC network in the center and the IoT sensors on the left. This has two advantages. First, management of the throughput, power and configuration needs of the camera can be managed separately from the PC network, largely eliminating the need for vLAN configurations. Second, in the event of a cyberattack on the IoT or PC network, the security network is protected by its own firewall. And if a rapid response is needed, it can be unplugged from the rest of the network and operated independently. The PC and IoT networks can also operate in an independent but integrated fashion as needed.
“Physically separate but functionally integrated” is just one of several design best practices incorporated in the Modern LAN. To learn more, read the whitepaper “The Modern LAN: Rethinking Network Design for the Modern Age”, available at https://go.frost.com/Lan
Please add your bio info through your member profile page, or through your dashboard.