bluebay2014 - Fotolia
Integrate endpoint management systems for better security
This week, networking bloggers discuss combining endpoint management systems with security, thorny wireless devices and the logic of an IXP atop a VXLAN infrastructure.
Jon Oltsik, an analyst with Enterprise Strategy Group in Milford, Mass., said he sees VMware supporting a new trend toward unifying endpoint management systems, with its announced intent to acquire E8 Security and integrate it with the Workspace One platform.
Currently, every large enterprise has different systems to manage mobile or endpoint devices, data protection and security that all require special administrative training. Oltsik said this legacy model for endpoint management systems and security is rooted in the 1990s. Yet, that approach no longer works. Instead, to ensure user productivity and business enablement, an end-to-end system should be managed to ensure high performance, resiliency, user access control, data and device security, and troubleshooting.
Many veteran network professionals remember earlier, unsuccessful attempts to unify endpoint management and security, such as OpenView or Unicenter. According to Oltsik, these older efforts were limited by technology. With the emergence of big data, AI, open source and public clouds, those older challenges will be overcome.
VMware joins other vendors, such as IBM, Microsoft and Symantec, in moving toward unified endpoint management systems -- and unified management of products, services and partnerships more broadly.
Explore more of Oltsik's ideas about endpoint management systems.
Poor design from wireless device-makers
Lee Badman, writing in WiredNot, described a common situation for many networking engineers: how to manage a consumer device -- one without adequate security protection -- on an enterprise network. The culprit, in this case, was a wireless attendance clock, equipped with what Badman termed "living-room-grade security." To that end, it didn't support 802.11x authentication, WPA2 Enterprise or Cisco Centralized Key Management encryption.
Although the clock supported 802.11ac and possessed dual-band capabilities, it needed a MAC address exception to bypass the guest gateway on a guest network. The USB adapter, meantime, lacked an external antenna, and it was lodged behind a metal plate and circuit board. The bottom line: The product wouldn't connect at more than 2.4 GHz, even when positioned directly adjacent to a dual-band access point.
Even though the networking industry is now in the fifth generation of Wi-Fi technology, with standards like 802.11ac and 802.11ax, "client device makers seemingly operate on another planet where getting in sync with business WLAN requirements doesn't seem all that important," Badman wrote.
Read more of Badman's criticism of wireless device design.
Building IXP atop VXLAN infrastructure
Ivan Pepelnjak, blogging in ipSpace, was asked if anything prevents engineers from building a virtual internet exchange point, or IXP, with Virtual Extensible LAN (VXLAN). According to Pepelnjak, at least one such large Layer 2 network was built in early 2015. Since then, several IXPs have deployed with VXLAN, including INEX, LONAP and Equinix with several metro-area fabrics.
Point-to-point Layer 2 networks have been a reality for some time, and Pepelnjak said at least one service provider offers Layer 2 over VXLAN across the United States, possibly using Ethernet VPN as a control plane.
Large Layer 2 networks are unwieldy and potentially vulnerable. A single endpoint could topple the whole network in the event of a broken network interface controller. Pepelnjak said he suspects people will keep trying to build Layer 2 networks spanning entire countries or continents, even though these projects have always failed.
"Friends don't let friends build large Layer-2 domains, more so if the said domain spans more than a single site," Pepelnjak wrote. "Or as Ethan Banks said once, nuked earth is not a nice sight."
Dig deeper into Pepelnjak's thoughts on Layer 2 IXPs.