In the smartphone era, why is your LAN still dumb?

Most companies' LANs are based on 20-year-old assumptions that don't hold water in an era of iPads and iPhones

It's been a long time since I got excited about LAN technology. After all, the only real changes in the last decade has been the addition of zeroes to the throughput capacities (10Mbps to 100Mbps to 1000Mbps/1Gbps and now to 10Gbps). But a recent conversation with Keerti Melkote, CTO of Aruba Networks, got me excited. It should do the same for you.

My colleagues and I at have been preaching the post-PC gospel since way before former Microsoft CTO Ray Ozzie coined the term last fall. We've argued that the era of bring-your-own smartphones, bring-your-own PCs, bring-your-own apps, and a general shift to technology as personal tool set is both inevitable and positive for businesses, despite IT's reluctance.

[ Keep up on key mobile developments and insights via Galen's Twitter feed and the Mobile Edge blog and Mobilize newsletter. | Learn how to manage iPhones, Androids, BlackBerrys, and other smartphones in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. ]

I've heard plenty this last year from CIOs and other IT leaders about concerns over the endpoint management of mobile devices and of mobile apps -- both areas for which enterprise-class tools have emerged to assuage those fears without straitjacketing users. In other words, they're tools to enable the post-PC era to take root.

What I hadn't considered is that the network itself is not architected to handle the post-PC environment rapidly developing at many businesses. LANs are generally designed under the assumption that each user works in a designated space, so an Ethernet port is a proxy for a specific user. LANs were designed at a time that people used desktop PCs, not laptops, so the assumption was that the PC attached to that port was the same on each occasion.

Why the old network doesn't fit the post-PC workplace
Even as many users switched to laptops, the LAN architecture assumed the fixed relationship. And as businesses deployed wireless LANs, in most cases they relied on simple access-point password management: If you knew the password, you were on the network. After all, confidential information was behind the VPN (or should have been), so there was an extra layer of protection for critical data and apps.

But this essentially anonymous connection to the network via wireless LANs meant that IT had no idea who was doing what where. IT could see the traffic on each subnet and access point, but not really understand the reasons for the traffic or the nature of who was on the network. Now, as employees bring in iPads, iPhones, and other mobile devices, they can connect via wireless LANs only, as there are no Ethernet ports on these devices. All the new devices connect as essentially unknown quantities.

Paranoid organizations have locked their PCs (desktop and laptop) with credentials and restrictive administration policies, so only the computers and applications they issued could access the wired or wireless LANs. Such paranoiacs could also track where the credentials were being used, to monitor employee network behavior, whether for security purposes or for reprovisioning of network resources on the fly (or both).

But this reliance on locked-down, credentialed PCs also meant that the new breed of devices are locked out completely, as their PC management tools are clueless about mobile devices and have no way to issue credentials to them. That has the danger of turning these paranoid companies into dinosaurs where no one under the age of 35 would want to work.

1 2 Page 1
Page 1 of 2