June 20, 2024


Science It Works

4 Tips to Ensure Secure Automated Network Management in Higher Ed

2.) Speed Up Network Automation with Personae and Objects

Even the smallest network serves a diverse set of requirements; administrators, faculty, students, servers and researchers all come with their own needs when it comes to performance, accessibility and network design. While you want to meet the needs of every one of your customers, a key technique for keeping a network consistent and secure is to reduce your architecture to a small set of very well-documented use cases. These personae turn into configuration elements — firewall rules, switch port and Wi-Fi settings, load balancer and IPS settings, and even log retention policies.

Whether there are 20 or 200 different use cases, they can serve as a base for all automation efforts once you’ve taken the time to enumerate and document them. Any changes in configuration should be kept consistent across a particular use case. This is especially important as education IT managers incorporate Infrastructure as a Service and Software as a Service cloud solutions and as orchestration tools are increasingly used to automate configuration of everything from switches to firewalls.

FIND OUT: How network upgrades enable universities to accelerate research.

3.) Automate Network Monitoring, but Don’t Over-Monitor

Just using the words “network monitoring” can cause confusion, because monitoring has many different meanings: Reachability monitoring, alerting, application performance monitoring, capacity analysis, and responding to events all require different approaches and often different tools, yet all still fall under the generic term “network monitoring.”

None of this confusion should reduce IT managers’ commitment to good monitoring. The important first step is to define the scope of each monitoring domain to see what tool fits best. It’s unlikely that a single monitoring tool will handle all these cases well. Education IT managers need to make good decisions about when they can reuse an existing tool, log server or management system and when they need something new.

A good strategy is to focus on the consumer of the monitoring rather than the device types being monitored, then work your way backward from there. This is especially true in education environments, where a distributed network management style is typical and features such as overlapping scopes of responsibility are common.

Over-monitoring is a common problem with automated tools because the default configuration of many tools treats all elements equally. Education IT managers with large-scale network scopes must constantly tune their monitoring strategies to avoid performance problems (both in the network and in monitoring tools) that can come with looking at things too frequently or in too much depth. A good strategy — one that comes naturally from building personae and use cases — will weigh criticality, type of use and users, expected failure modes, and high availability capabilities to drive what parameters are being monitored, how often they’re monitored and how long metrics are kept. For example, counting network switch port errors is something that can happen once every day in a modern network, while measuring application response time might require minute-by-minute graphing.

LEARN MORE: Machine learning and automation help universities secure their network.

4.) Treat Wi-Fi Differently Than Wired Networks

Managing Wi-Fi for availability and security is not the same as managing wired networks. Though Wi-Fi floats on top of the wired network, it’s an application in itself and requires a very different set of management tools to combat its unique challenges. Commonalities, such as making sure that access points are up and running, can be deceptive. Education Wi-Fi networks are highly dependent on network services such as authentication and Dynamic Host Configuration Protocol, and may also link to mobile device management (enterprise mobility management or unified endpoint management) tools. Keeping everything up and measuring response time and failure rates is new to network managers used to handling wired networks.

Wi-Fi networks also have their own performance problems, often caused by factors out of the control of the IT manager, such as interference from other nearby Wi-Fi access points and even the movement of people and objects within a building. Automating detection of radio-frequency problems and tuning is so important that every enterprise-ready wireless controller system includes these options. However, it’s up to the IT manager to establish the parameters for automated tuning, such as signal and noise level goals and capacity levels, so that the Wi-Fi management system can work effectively.

RELATED: How the University of Michigan executed a network connectivity upgrade.