In part six of the e-Book, The Ultimate Guide to Gaining Control of the WAN, learn that during a branch office server consolidation, wide area network security architecture needs to change and take into
Table of contents
Part 1: Save WAN costs with branch office server consolidation
Part 2: How to accelerate encrypted traffic using WAN optimization
Part 3: Virtual desktop infrastructure problems solved by WAN optimization
Part 4: Using the WAN for telepresence, video conferencing
Part 5: Using WAN optimization for bandwidth management and monitoring
Part 6: Update network security architecture during server consolidation
Part 7: Wide area network optimization: Do it in-house, or use a WAN service provider?
Securing the wide area network (WAN) is more challenging as the WAN becomes more flexible and applications and their associated threats increase. Firewalls and intrusion prevention systems (IPSs) are still crucial, but their focus must move up to the application layer. New application firewalls are needed to ensure that unauthorized applications are not overwhelming WAN resources. Application firewalls look beyond the port number and understand the particular application, just as monitors and WAN optimization controllers (WOCs) do. This allows them to block applications such as BitTorrent and Limewire music-sharing programs from using valuable WAN resources. The wide area network security architecture needs to take into account that not all traffic is destined for the data center. Traditionally, users primarily accessed applications at the data center, but with Software as a Service (SaaS) and the Internet, users are beginning to bypass the security infrastructure in the data center and go directly to the Internet from the branch office. This means that the Internet gateway’s architecture must mirror the data center’s security.
For example, to prevent sensitive documents from ending up in the hands of outsiders, many companies have installed data loss prevention (DLP) appliances in their data centers. A worker requesting a sensitive document from a server has to pass through a DLP device. The problem is that an authorized user can get a document and then send it to someone on the outside, bypassing the control in the data center. This means that any time the branch office directly connects to the Internet, the entire data center security arrangement needs to be duplicated. It doesn’t necessarily mean just at the corporate Internet gateway; any branch office that has a direct connection to the Internet should have full security protection built in as part of a wide area network security architecture.
The coming year promises to create many challenges for the WAN. Cost-saving projects, along with projects to increase productivity, will affect the WAN. This makes the WAN even more important, but that also means that it must evolve to meet the new challenges. WAN optimization, new monitoring and management and security schemes are all part of the solution.
Continue reading part seven of this e-Book to learn more about wide area network optimization: WAN service providers vs. in-house deployments.
About the author:
Robin Layland is President of Layland Consulting. As an industry analyst and consultant, Robin has covered all aspects of networking from both the business and technical side, and has published over 100 articles in leading trade journals including NetworkWorld, Business Communication Review, Network Magazine and Data Communications. Prior to his current role, Robin spent a combined fifteen years at American Express and Travelers Insurance in a wide range of jobs including network architect, technical support, management, programming, performance analysis and capacity planning.
This was first published in November 2010