Work smart; setup network policies and let the network do the work
What is a policy-based network management?
Policy-based network management (PBNM) uses a centralized management system to define a set of rules that automate enforcement of things such as security definitions, access controls, authorization, user/device containment (or quarantine), QoS, bandwidth control, and more. These policies are then distributed out into the network for control.
Why use PBNM?
Networks and the users/devices accessing them are very dynamic; they are constantly evolving and represent thousands of moving parts. A single user with BYOD, and company assigned devices will have several devices that they use to access the network from any location, via wired or Wi-Fi. Multiply this by hundreds’ or thousands’ of users and it would seem impossible to manually control all of this.
A good PBNM system simplifies user/device management for IT thus freeing IT up to focus on other activities that may be more important to the business, while at the same time they are transparent to the users eliminating the frustration of complex login and registration processes.
Since policies are configured centrally and distributed remotely the network can scale indefinitely without increasing the complexity of controlling user/device access. Additionally the flexibility of policies allows IT to quickly onboard new users, remove departing users, or quickly change existing user/device policy.
How does it work?
Policies are defined centrally and distributed throughout the network where they are applied against both wired and Wi-Fi users as they access the network. A good PBNB system is also very dynamic, allowing the policies to change as the user roams throughout the network and may also change based on the device that the user is connecting with, where the user is connecting from, the time-of-day that the user is connecting, and even the application being used or accessed.
Multiple policies can be applied and can be defined at a network wide level, a group or domain level, or down to the individual user and device. In most cases the most granular policy is the one that will be applied.
The following represents some of the key areas to consider when implementing PBNM
A centralized management system to centrally define policies for user access to both the wired and Wi-Fi networks. This provides consistency for the user regardless of how they may access the network and eliminates duplication of efforts for IT by being able to apply a single set of policies for both the wired and Wi-Fi networks
Policies should be dynamic in nature so that they can automatically change or adapt based on things like time-of-day, location, device type, user, and application
A good PBNM system should configure and store the policy on a centralized management system but distributed it throughout the network for control
Make sure you can manually override and/or change a policy that has been applied
Test your policy before applying it to the entire network!
The art of network management has been around as long as networks have been around. Network management systems, tools and methodologies will continue to evolve as the size and complexity of networks continue to grow. PBNM reduces the complexities of managing user/device network access by automating user/device rules for accessing the network and network resources. This frees up IT resources and eliminates complexity for the user. This is the fourth post on the topic of network management please stay tuned for additional posts on this subject.
To share thoughts and collaborate please follow me @sferguso and I will follow you back.