An expanded wireless LAN caused network traffic at Fitchburg State University to blow up. To improve network visibility and maintain network security with all of the additional traffic, the network management team installed a NetFlow analyzer.
The networking team on the Massachusetts university selected Lancope StealthWatch as a NetFlow analyzer, and set its Enterasys Networks routers to publish NetFlow records to the application. The faculty also installed multiple StealthWatch FlowSensors around campus to realize visibility into infrastructure that doesn't natively support NetFlow. FlowSensor is an appliance that collects data from hosts and other devices at the network and converts it into NetFlow data. A virtual edition installed on a virtual host can produce NetFlow records for individual vitual machines.
“We have sensors installed on all our virtual boxes and a sensor appliance that's mirroring out traffic from our SAN,
our server VLAN and our DMZ,†said Tony Chila, the university's network manager. “We're ready to dig deeper into that traffic and analyzer as much as Layer 4 within the stack, so we're seeing basically a breakdown of all traffic at the network -- the precise services, ports used, locations and that kind of information.â€
Expanded wireless LAN coverage was inevitable
Getting the next handle on network traffic became critical when Fitchburg went from having Wi-Fi in common areas and educational buildings to providing 100% wireless in all residence hall areas using a campus-wide 802.11n Enterasys network.
“Our incoming students had never even seen an Ethernet cord,†said Jamie Roger, the university's director of auxiliary services. “It became painfully apparent that this incoming generation expects wireless to be everywhere.
With the upgrade, students started connecting greater than just their laptop to the network. Suddenly smartphones, tablets and gaming systems were also adding to the traffic onslaught, Roger said. For that reason, a network that after had 3,000 to three,500 devices connected at someone time was now exceeding 7,000. Suddenly network capacity management was critical.
NetFlow analyzer helps with capacity management
The traffic visibility afforded by StealthWatch has streamlined the university's method of network capacity management and has helped the varsity avoid a costly and unnecessary infrastructure upgrade.
“The NetFlow analyzer's daily dashboard reports unfolded visibility into our network right up to the CIO level,†Roger said. “In the past, if we were reaching our bandwidth maximum, I would have to go begging and pleading to get additional money to increase bandwidth. Now with all this reporting going as much as our CIO, he could see our bandwidth growth during the last several months and he came to me and said, ‘Hey, get a value on increasing bandwidth.' It made my fight for funding a good deal easier.â€
And when users at a remote building greater than a mile off campus started complaining in regards to the poor performance of the 54 Mbps, site-to-site Wi-Fi connection that connected them to the primary campus, the IT organization was capable of use the NetFlow analyzer to prevent a costly upgrade.
The university were considering a brand new $500,000 fiber connection to correct the problem, but Roger and his staff used StealthWatch to determine that the purpose-to-point Wi-Fi link wasn't saturated, in order that they had to perform a little detective work. Ultimately they determined that trees were interrupting the signal of the wireless connection.
“When you checked out the wireless connection it looked fine,†Roger added. “But dependent on how the wind blew, it affected the info.â€
The improved visibility has also helped the IT organization respond to service problems.
“We can see total internal traffic broken down by protocol and alertness,†Chila said. “If we see spikes with a considerable amount of traffic, we will be able to drill into those areas and discover who's basically utilizing this extra bandwidth.â€
That means not more placing blanket blame at the network.
“This product allows us to peer server response time, network response time, round-trip time and identify where the latency is really happening. i've got a server group of 2 individuals, so chasing around problems that do not exist -- we just do not have time for that,†Roger said.
NetFlow analyzer strengthens PCI compliance, roots out P2P traffic
The StealthWatch NetFlow analyzer has beefed up the university's compliance efforts, particularly its policies against illicit, peer-to-peer (P2P) file sharing and its audits for the mastercard industry's PCI DSS requirements.
The school blocks all P2P traffic coming in or out of the campus on the Internet circuit via an HP TippingPoint intrusion protection system (IPS), Roger said. The NetFlow analyzer gives network managers a view into internal P2P traffic.
“We have detected [internal P2P traffic] but we are not currently performing on it,†Roger said. “We haven't used the StealthWatch product to proactively do anything with P2P, apart from try and get a handle on how much it's happening. We've only had the product for 5 months.â€
The NetFlow analyzer also gives Fitchburg State an added layer of PCI compliance assurance, in line with Chila.
“We arrange a trap [with StealthWatch] where if we see traffic that traverses to that [PCI] network from a subnet or device it really is unauthorized, then we get alerted,†Chila said. “We have access lists which clearly define who can get in and who can't. This can be a solution to monitor it, if for any reason someone is ready to traverse those lines. It shouldn't happen and it hasn't happened.â€
Let us know what you concentrate on the tale; email: Shamus McGillicuddy, News Director.
Nessun commento:
Posta un commento
Comments links could be nofollow free