Technologies come and go, but managing networks is still about problem-solving in a changing world, as these IT executives can attest.
The main problem that faced Colin Miles, IT manager at entertainment and communications company Virgin Media last year in the United Kingdom, was that business mergers had burdened the organization with "multiple sets of firewalls" and "some were managed well, and some not managed at all," he notes. Among the 100 pairs of firewalls that found a home at Virgin Media, just less than 70% were Check Point, with the remainder mostly Cisco PIX, which were being migrated over to Cisco Adaptive Security Appliance (ASA) since PIX was headed to its official end of life .
"This was all massive amounts of pain to the organization," Miles says. Virgin Media desperately needed to find a way to centralize the analysis of firewall-policy rules to support 20,000 employees and 800 locations, plus outsourcing partners in India, South Africa and the Philippines.
"We had thousands and thousands of rules going through the firewalls through the country," Miles says. "We needed to analyze all the rules" and understand their impact on the firewall's CPU and memory. The situation was leading to some instability, especially as new applications were introduced by a business group. In addition, there was a need to assure that firewall rules adhered to Payment Card Industry (PCI) standard or other regulatory regimens.
One of the main tools Miles found to damp down this firewall conflagration was Tufin's SecureTrack, which when pointed at the multi-vendor firewalls, looks at the firewall traffic and the rules, and examines utilization. It can check for compliance related to PCI and Sarbanes Oxley Act, and can automate configuration change management to ensure corporate policy is met. "Every time we upgrade firewalls, we point it eight to 10 weeks in advance to have a period of analysis," Miles says.
In a different part of the world, a community college in Vancouver, British Columbia faced a different type of challenge — what type of switching infrastructure would work best in its environment?
Vancouver Community College had built a new health and sciences building as an addition to the campus, and last year decided to replace its aging switches as part of the makeover. "They were 10-year-old Cisco and Nortel switches," says the director of IT there, Ben Guanzon. "They were outdated, so we went out to the different manufacturers to see what fit in the environment."
One factor impacting the choice Vancouver Community College would make is that its employees are unionized, "and from a resource perspective, it makes the labor pool smaller," Guanzon says. It makes it harder to hire IT specialists at certain skill levels, and different collective bargaining agreements set limits on schedules. So, finding the best switch equipment began looking like not so much a cost decision as an ease-of-use consideration in terms of switch management.
The college chose the Enterasys B and C Series switches mainly because out of the vendor options they looked at, the Enterasys gear was the easiest to establish access and security policies for ports without the need for ACL programming, says Guanzon. "From a management perspective, it’s easier to implement changes in the environment." The Enterasys switches now support an IT infrastructure that includes the campus wireless access points, as well as VoIP telephony and streaming video.