- Get a grip or you don't get the job
- Desktops of the future here today
- Researcher hides IE attack on Web
- Cisco third quarter 2008 channel stuffing
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Crackin' the Kraken bot. Listen now!
Wireless dangers at airports. Listen now!
Migrating to a new messaging system is a tedious, complex and risky process. And since this isn’t something you do everyday, you need to know "best practices" to ensure a successful migration.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
HP's Network Lifestyle Management can help you automate network processes and improve NOC efficiency. This webinar is part three of a four part series on Business Services Management (BSM) evolution to help you better align IT with business objectives. Register for this event scheduled for Wednesday, January 30, 2008 at 11:00 a.m. PDT/2:00 p.m. EDT to learn more. Register for this live webcast now.
Where did it go?
Was it fed to fishes- Anonymous
If the LAN is supposed to get smarter and help us improve security-and other control features - with enforcement, what does that mean for policy and identity? Right now, it seems like all these aspects are separate - do you see them coming together?
You're absolutely right that all these pieces - the network, the identity store, and policy - need to work in concert to do control right in the LAN. Currently, these three elements are fairly separate, but ultimately, they need to be much more tightly integrated to really simplify the administration of controls in the LAN.
Let's look at each piece in turn.
The network: Today, most network devices offer fairly limited enforcement. Standards like 802.1X that allow or deny a user access to the LAN are typical of the capabilities in today's infrastructure. But these mechanisms are fairly blunt, and the infrastructure typically relies on an outside "brain" to tell it how to act on the traffic.
The identity store: This area is probably the most evolved, with well-defined standards and implementations for accessing both a user's identity and role. Active Directory, RADIUS, and LDAP all provide strong options, and other devices can successfully tap into these stores and use the data residing there.
Policy: Despite years of work on policy-based management, with architecture standards for policy enforcement points and policy administration points, too few organizations have networks that can take advantage of these architectures. So for the most part, policy is done by different vendors. Think of all the various policy stores common in networks today - those for wireless, VPN, NAC, identity and access management, and security are just a few examples of how rampantly these policy stores have grown.
So where are we headed?
The network is definitely getting smarter. We're seeing more intelligent devices-at the access layer, LAN core, and LAN/WAN boundary-that understand users and applications and offer greater flexibility for enforcement. The strongest of these devices can maintain their own policy stores, currently derived from vendor-specific policy engines, and act on traffic independently of those engines.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
