7 Important Considerations for Provisioning a New Network7 Important Considerations for Provisioning a New Network

As networking technology changes dramatically, it has the potential to radically change how we think about network architecture.

Although I often write about UC, much of my consulting work involves other aspects of IT infrastructure such as helping architects design new buildings that are technology friendly and strategizing on data center and networking technologies. I've been doing a substantial amount of network consulting as of late, and I thought it would be useful to share my thought processes as well as those of some of my clients. After all, the network is a common element supporting virtually all enterprise applications; so it's important to discuss critical aspects of designing and provisioning a new network.

As with most consulting projects, the approach I take is to understand how the organization intends to utilize the network. Some of the basic questions I ask are:

The size of the organization and the supporting network architecture matters for performance as well as ongoing operational support. Large campus-based organizations such as hospitals, universities, utilities, studios, etc., have traditionally deployed three-tier networks consisting of discrete layers: core, distribution, and access. This allows logical separation of function and control. Smaller organizations have often effectively combined distribution and core functions into a single switch as a cost savings and simplification measure. With the advent of SDN, organizations are encouraged to ask whether the traditional architectural approach is still required. Or, are the standards-based SDN tools combined with vendor specific proprietary enhancements a sufficient replacement?

Of course, everyone wants a reliable network. The question becomes can the organization afford to design a network with no single point of failure? Taking this to the extreme, at each network switch layer, providing the maximum availability could involve provisioning redundant UPS for dual corded Ethernet switches, redundant switch power supplies, redundant uplinks to and from the adjoining network layer (usually via Link Aggregation), and redundant processors. Eliminating single points of failure extends to redundant WAN links/routers, as well as geo-redundancy of core components.

Maintenance, support, testbeds and sparing programs also contribute to the reliability that an organization can deliver (i.e. availability SLAs).

I just had some interesting conversations with a client about the impact of wireless on the new wired network. Wireless, along with BYOD, has moved most of my client's new applications to the wireless network. However, high bandwidth video, IP phones, and physical security devices such as CCTV cameras still favor wired connections. In addition, 802.11ac wave 2 access points require greater bandwidth and power than their predecessors. Choices need to be made on how to support them (multiple Gigabit ports supporting 802.11af or 10Gig ports with support for 802.11at (PoE+). Overall, it would be expected that fewer wired ports will be required for the new network due to wireless usage.

Is 802.1x sufficient for authentication? What about devices that don't support it? Simply shunting them off into a 'public' network might not provide the desired functionality (i.e. think of a K-12 environment where students on BYOD tablets can't use devices on the secure network as classroom display projectors). Is a third-party NAC solution appropriate?

Other aspects of security provisioning involves software that prevents IP address hijacking to thwart man-in-the-middle attacks. Firewall zoning, AV and other security measures are also important topics to discuss at this stage.

It may also be worth considering including independent third-party security audits in your plan (and budget). A recent project that I just completed confirmed the need for this after seeing numerous security deficiencies caused by the original implementation engineer.

Every vendor provides network management software that covers at least some parts of the FCAPS model for its equipment. This often includes fault notification (SNMP traps), performance (bandwidth utilization), and configuration (software/release push). In a traditional homogeneous environment, that may prove sufficient for many needs. Most organizations should also consider third-party software that can provide:

It's been my experience that budgets are most often apportioned separately for capital and operating expenditures. The separate elements discussed above will make up a large percentage of the capital budget. Additional budgetary considerations include maintenance, software support, spares, and even managed services.

I encourage my clients to think about their technology procurements using these screens of what is absolutely necessary for the new network to be considered successful vs. features/items that are not mission critical. What are the elements that they absolutely must have? What can they live without? Often, these are prioritized features that are informed by budget that help guide the procurement.

We are living in interesting times as networking technology is changing dramatically. The ability to support most applications on wireless is a game changer. As SDN for campus networks continues to mature, it also has the potential to radically change how we think about network architecture.

"SCTC Perspectives" is written by members of the Society of Communications Technology Consultants, an international organization of independent information and communication technology professionals serving clients in all business sectors and government worldwide.