Networking / February 5, 2019

Network Upgrades Got You Down? How to Manage Future Network Changes

Whether driven by organizational growth, new business application demands, mergers and acquisitions activity or all of the above, network changes and upgrades are a necessary fact of IT life. Most NetOps teams are highly skilled at the mechanics of upgrading network-related gear. But the successful, on-time completion of a cross-functional network project often has more to do with managing users, organizational interdependencies and compliance risk than it does with racking gear and running cables.

Left unmanaged, competing NetOps and SecOps priorities can undermine strategic IT projects.

There’s no better example of this than the relationship between NetOps and SecOps teams. While each team has its own charter and priorities, actions of one group affect the other in significant ways.

For example, security tools are often highly dependent on network traffic visibility to perform their functions. A decision by NetOps to upgrade network capacity can cause both speed incompatibility and performance issues with security tools, driving a need for unplanned security spending.

This challenge is magnified as more security tools are placed inline on corporate networks, requiring close collaboration between NetOps and SecOps to avoid network downtime, security breaches and other service interruptions during network upgrades. The resulting friction can cause project complexity and delays.

It’s a bad look for everyone, as the nuances of these challenges are often lost on business stakeholders, who simply see an IT organization standing in the way of progress.

Simplifying Change with Pervasive Traffic Visibility

One of the most effective steps that NetOps teams can take to simplify and de-risk network changes is to implement a network traffic visibility architecture using a next-generation network packet broker. This approach makes it possible to centrally aggregate traffic from throughout an enterprise’s physical, virtual and cloud infrastructure and manage network data access by security tools in a way that is both more effective and less dependent on direct connectivity to the network infrastructure.

Next-generation network packet brokers abstract network changes and speed variations from tools that require traffic data.

For example, Gigamon, as a next-generation network packet broker, can provide a single view into a continuously evolving network infrastructure. With physical network connection options at 10MB, 100MB, 1G, 10G, 25G, 40G and 100G, Gigamon appliances can adapt to changes to the underlying network. Plus, with support for modular blades that accommodate all of these speeds, a security tool designed for 40G networks could, for example, be used to monitor a new, higher-speed network.

Mitigating Performance Impact on Security Tools

In addition to accommodating network speed changes effectively, Gigamon can also manage network changes through advanced traffic selection controls that deliver the right traffic to the right tool (and nothing more), using a variety of techniques such as deduplication, slicing, load sharing, NetFlow and metadata generation. This extends the life of security tools (and also improves their effectiveness) even as traffic volumes grow as the result of network upgrades and digital transformation.

Delivering traffic more selectively and offloading SSL decryption extends the life of security tools.

Gigamon’s ability to offload SSL decryption from security tools by decrypting traffic once centrally and delivering it to multiple tools for inspection also plays a complementary role in reducing the impact of network upgrades. By eliminating the need for security tools to perform resource-intensive SSL decryption on an individual basis, Gigamon can unlock additional capacity to support growing network traffic demands for SSL/TLS traffic.    

Optimizing Change Management with Inline Bypass

When new network changes are introduced with existing security tools, change management could be a major point of friction between NetOps and SecOps. Gigamon’s inline bypass capabilities make it possible to move inline security tools to support common security use cases like running tools in tuning mode and then transitioning to inline as needed.

These scenarios, along with tool patches and upgrades, can be supported without network downtime or a complex maintenance window dance between NetOps and SecOps. Logical bypass also ensures that individual security tool failures are prevented from interrupting network connectivity by sharing the load between the remaining security tools.

Moving at the Speed of Business

Building a NetOps and SecOps collaboration that can embrace change has a direct positive impact on business performance. NetOps can meet its uptime and performance objectives. SecOps can be more effective at detecting and mitigating threats, thus ensuring a better security posture.

Personnel throughout the business can work more efficiently instead of focusing on tool maintenance and upgrades. CapEx or investment in new security tools can be deferred by unlocking new value from existing technology investments. And most importantly, the business is able to innovate, grow and evolve rapidly without IT-related delays or complications.

Ready to build a resilient network that will accommodate your evolving business needs? Read about how Gigamon helped Clemson University strike a balance between network performance and security, or get in touch with a Gigamon expert to discuss how we can help.

Read about:  Analyst Report: Securosis Scaling Network Security

Featured Webinars
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.


People are talking about this in the Gigamon Community’s Networking group.

Share your thoughts today

Back to top