Technologies come and go, but managing networks is still about problem solving in a changing world, as these IT executives can attest.
The main problem that faced Colin Miles, IT manager at entertainment and communications company Virgin Media last year, was that business mergers had burdened the organisation with "multiple sets of firewalls" and "some were managed well, and some not managed at all," he notes. Among the 100 pairs of firewalls that found a home at Virgin Media, just less than 70% were Check Point, with the remainder mostly Cisco PIX, which were being migrated over to Cisco Adaptive Security Appliance (ASA) since PIX was headed to its official end of life .
"This was all massive amounts of pain to the organisation," Miles says. Virgin Media desperately needed to find a way to centralise the analysis of firewall-policy rules to support 20,000 employees and 800 locations, plus outsourcing partners in India, South Africa and the Philippines.
"We had thousands and thousands of rules going through the firewalls through the country," Miles says. "We needed to analyse all the rules" and understand their impact on the firewall's CPU and memory. The situation was leading to some instability, especially as new applications were introduced by a business group. In addition, there was a need to assure that firewall rules adhered to Payment Card Industry (PCI) standard or other regulatory regimens.
One of the main tools Miles found to damp down this firewall conflagration was Tufin's SecureTrack, which when pointed at the multi-vendor firewalls, looks at the firewall traffic and the rules, and examines utilisation. It can check for compliance related to PCI and Sarbanes Oxley Act, and can automate configuration change management to ensure corporate policy is met. "Every time we upgrade firewalls, we point it eight to 10 weeks in advance to have a period of analysis," Miles says.
In a different part of the world, a community college in Vancouver faced a different type of challenge — what type of switching infrastructure would work best in its environment?
Vancouver Community College had built a new health and sciences building as an addition to the campus, and last year decided to replace its ageing switches as part of the makeover. "They were 10-year-old Cisco and Nortel switches," says the director of IT there, Ben Guanzon. "They were outdated, so we went out to the different manufacturers to see what fit in the environment."
One factor impacting the choice Vancouver Community College would make is that its employees are unionised, "and from a resource perspective, it makes the labour pool smaller," Guanzon says. It makes it harder to hire IT specialists at certain skill levels, and different collective bargaining agreements set limits on schedules. So, finding the best switch equipment began looking like not so much a cost decision as an ease-of-use consideration in terms of switch management.
The college chose the Enterasys B and C Series switches mainly because out of the vendor options they looked at, the Enterasys gear was the easiest to establish access and security policies for ports without the need for ACL programming, says Guanzon. "From a management perspective, it’s easier to implement changes in the environment." The Enterasys switches now support an IT infrastructure that includes the campus wireless access points, as well as VoIP telephony and streaming video.
The age of virtualisation now upon IT is also prompting IT managers to look at new ways to do things, particularly in terms of security.
Automated Document Solutions (ADS) is in the business of taking large volumes of records from hospitals and healthcare providers to convert them into electronic form for automated records management, typically maintaining the data on the customer's behalf. Mike Crews, director of IT, said ADS has virtualised its servers in-house using VMware, adding it's made configuration for data centre disaster recovery easier.
ADS also teams with hosting provider Host.net to upload data from healthcare organisations for retention in storage and backup. Host.net a few months ago added a new set of managed security services for hosted VMware-based servers under a partnership with security firm StillSecure.
The round the clock managed services — actually provided by StillSecure through its own security operations center for VMware servers housed at Host.net — make use of the VMware VMsafe APIs to access the virtual machine hypervisor for round-the-clock security monitoring, management, firewall, intrusion detection and prevention within the Host.net cloud computing platform.
Called StillSecure ProtectPoint VSS, it costs $250 per month to secure 10 virtual machines, with intrusion detection and other services adding a couple of hundred more. Crews says he's started using the service on the handful of virtual-machine servers that ADS houses at Host.net because it's contributing to the security of his customer's data. Having the option for round-the-clock managed security services is an incentive to consider much broader use of hosting, Crews says.